2001-10-02 03:43:26 +00:00
/*
2002-01-30 06:08:46 +00:00
* Unix SMB / CIFS implementation .
2001-10-02 03:43:26 +00:00
* secrets . tdb file format info
* Copyright ( C ) Andrew Tridgell 2000
*
* This program is free software ; you can redistribute it and / or modify it
* under the terms of the GNU General Public License as published by the
2007-07-09 19:25:36 +00:00
* Free Software Foundation ; either version 3 of the License , or ( at your
2001-10-02 03:43:26 +00:00
* option ) any later version .
*
* This program is distributed in the hope that it will be useful , but WITHOUT
* ANY WARRANTY ; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE . See the GNU General Public License for
* more details .
*
* You should have received a copy of the GNU General Public License along with
2007-07-10 05:23:25 +00:00
* this program ; if not , see < http : //www.gnu.org/licenses/>.
2001-10-02 03:43:26 +00:00
*/
2000-05-08 10:42:21 +00:00
2001-10-02 03:43:26 +00:00
# ifndef _SECRETS_H
# define _SECRETS_H
2000-05-08 10:42:21 +00:00
2021-11-17 12:25:05 +01:00
# include "replace.h"
# include "librpc/gen_ndr/security.h"
2001-11-24 14:16:41 +00:00
/* the first one is for the hashed password (NT4 style) the latter
2002-03-01 02:56:35 +00:00
for plaintext ( ADS )
2001-11-24 14:16:41 +00:00
*/
2000-05-08 10:42:21 +00:00
# define SECRETS_MACHINE_ACCT_PASS "SECRETS / $MACHINE.ACC"
2001-11-24 14:16:41 +00:00
# define SECRETS_MACHINE_PASSWORD "SECRETS / MACHINE_PASSWORD"
2010-05-21 11:57:29 +04:00
# define SECRETS_MACHINE_PASSWORD_PREV "SECRETS / MACHINE_PASSWORD.PREV"
2003-04-21 14:09:03 +00:00
# define SECRETS_MACHINE_LAST_CHANGE_TIME "SECRETS / MACHINE_LAST_CHANGE_TIME"
# define SECRETS_MACHINE_SEC_CHANNEL_TYPE "SECRETS / MACHINE_SEC_CHANNEL_TYPE"
# define SECRETS_MACHINE_TRUST_ACCOUNT_NAME "SECRETS / SECRETS_MACHINE_TRUST_ACCOUNT_NAME"
2017-05-19 16:28:17 +02:00
# define SECRETS_MACHINE_DOMAIN_INFO "SECRETS / MACHINE_DOMAIN_INFO"
2002-03-01 02:56:35 +00:00
/* this one is for storing trusted domain account password */
# define SECRETS_DOMTRUST_ACCT_PASS "SECRETS / $DOMTRUST.ACC"
2004-10-29 22:38:10 +00:00
/* Store the principal name used for Kerberos DES key salt under this key name. */
# define SECRETS_SALTING_PRINCIPAL "SECRETS / SALTING_PRINCIPAL"
2002-04-10 00:35:00 +00:00
/* The domain sid and our sid are stored here even though they aren't
really secret . */
2000-05-29 01:23:48 +00:00
# define SECRETS_DOMAIN_SID "SECRETS / SID"
# define SECRETS_SAM_SID "SAM / SID"
2012-01-26 15:27:54 -05:00
# define SECRETS_PROTECT_IDS "SECRETS / PROTECT / IDS"
2000-05-08 10:42:21 +00:00
2002-08-17 17:00:51 +00:00
/* The domain GUID and server GUID (NOT the same) are also not secret */
# define SECRETS_DOMAIN_GUID "SECRETS / DOMGUID"
# define SECRETS_SERVER_GUID "SECRETS / GUID"
2002-07-15 10:35:28 +00:00
# define SECRETS_LDAP_BIND_PW "SECRETS / LDAP_BIND_PW"
2008-09-22 19:23:21 +02:00
# define SECRETS_LOCAL_SCHANNEL_KEY "SECRETS / LOCAL_SCHANNEL_KEY"
2002-04-10 00:35:00 +00:00
/* Authenticated user info is stored in secrets.tdb under these keys */
# define SECRETS_AUTH_USER "SECRETS / AUTH_USER"
# define SECRETS_AUTH_DOMAIN "SECRETS / AUTH_DOMAIN"
# define SECRETS_AUTH_PASSWORD "SECRETS / AUTH_PASSWORD"
2021-03-24 10:06:18 +01:00
struct cli_credentials ;
2002-03-01 02:56:35 +00:00
/* structure for storing machine account password
( ie . when samba server is member of a domain */
2000-05-08 10:42:21 +00:00
struct machine_acct_pass {
2012-07-14 22:18:29 +10:00
uint8_t hash [ 16 ] ;
2000-05-08 10:42:21 +00:00
time_t mod_time ;
} ;
2003-09-07 16:36:13 +00:00
/*
* Format of an OpenAFS keyfile
*/
# define SECRETS_AFS_MAXKEYS 8
struct afs_key {
2012-07-14 22:18:29 +10:00
uint32_t kvno ;
2003-09-07 16:36:13 +00:00
char key [ 8 ] ;
} ;
struct afs_keyfile {
2012-07-14 22:18:29 +10:00
uint32_t nkeys ;
2003-09-07 16:36:13 +00:00
struct afs_key entry [ SECRETS_AFS_MAXKEYS ] ;
} ;
# define SECRETS_AFS_KEYFILE "SECRETS / AFS_KEYFILE"
2002-07-15 10:35:28 +00:00
2010-08-05 02:25:37 +02:00
/* The following definitions come from passdb/secrets.c */
2015-03-12 12:45:12 +00:00
bool secrets_init_path ( const char * private_dir ) ;
2010-08-05 02:25:37 +02:00
bool secrets_init ( void ) ;
struct db_context * secrets_db_ctx ( void ) ;
void secrets_shutdown ( void ) ;
void * secrets_fetch ( const char * key , size_t * size ) ;
bool secrets_store ( const char * key , const void * data , size_t size ) ;
2021-03-24 10:06:18 +01:00
bool secrets_store_creds ( struct cli_credentials * creds ) ;
2017-06-20 13:07:15 +02:00
bool secrets_delete_entry ( const char * key ) ;
2017-05-22 12:21:37 +02:00
bool secrets_delete ( const char * key ) ;
2012-01-26 15:27:54 -05:00
/* The following definitions come from passdb/machine_account_secrets.c */
bool secrets_mark_domain_protected ( const char * domain ) ;
bool secrets_clear_domain_protection ( const char * domain ) ;
2010-08-05 02:25:37 +02:00
bool secrets_store_domain_sid ( const char * domain , const struct dom_sid * sid ) ;
bool secrets_fetch_domain_sid ( const char * domain , struct dom_sid * sid ) ;
2017-06-21 19:38:15 +02:00
bool secrets_store_domain_guid ( const char * domain , const struct GUID * guid ) ;
2010-08-05 02:25:37 +02:00
bool secrets_fetch_domain_guid ( const char * domain , struct GUID * guid ) ;
enum netr_SchannelType get_default_sec_channel ( void ) ;
bool secrets_fetch_trust_account_password_legacy ( const char * domain ,
2012-07-14 22:18:29 +10:00
uint8_t ret_pwd [ 16 ] ,
2010-08-05 02:25:37 +02:00
time_t * pass_last_set_time ,
enum netr_SchannelType * channel ) ;
2012-07-14 22:18:29 +10:00
bool secrets_fetch_trust_account_password ( const char * domain , uint8_t ret_pwd [ 16 ] ,
2010-08-05 02:25:37 +02:00
time_t * pass_last_set_time ,
enum netr_SchannelType * channel ) ;
bool secrets_fetch_trusted_domain_password ( const char * domain , char * * pwd ,
struct dom_sid * sid , time_t * pass_last_set_time ) ;
bool secrets_store_trusted_domain_password ( const char * domain , const char * pwd ,
const struct dom_sid * sid ) ;
2017-05-19 16:28:17 +02:00
struct libnet_JoinCtx ;
NTSTATUS secrets_store_JoinCtx ( const struct libnet_JoinCtx * r ) ;
struct secrets_domain_info1 ;
struct secrets_domain_info1_change ;
void secrets_debug_domain_info ( int lvl , const struct secrets_domain_info1 * info ,
const char * name ) ;
char * secrets_domain_info_string ( TALLOC_CTX * mem_ctx , const struct secrets_domain_info1 * info1 ,
const char * name , bool include_secrets ) ;
NTSTATUS secrets_fetch_or_upgrade_domain_info ( const char * domain ,
TALLOC_CTX * mem_ctx ,
struct secrets_domain_info1 * * pinfo ) ;
NTSTATUS secrets_prepare_password_change ( const char * domain , const char * dcname ,
const char * cleartext_unix ,
TALLOC_CTX * mem_ctx ,
struct secrets_domain_info1 * * pinfo ,
struct secrets_domain_info1_change * * pprev ) ;
NTSTATUS secrets_failed_password_change ( const char * change_server ,
NTSTATUS local_status ,
NTSTATUS remote_status ,
const struct secrets_domain_info1 * info ) ;
NTSTATUS secrets_defer_password_change ( const char * change_server ,
NTSTATUS local_status ,
NTSTATUS remote_status ,
const struct secrets_domain_info1 * info ) ;
NTSTATUS secrets_finish_password_change ( const char * change_server ,
NTTIME change_time ,
const struct secrets_domain_info1 * info ) ;
2017-05-22 12:44:31 +02:00
bool secrets_delete_machine_password_ex ( const char * domain , const char * realm ) ;
2010-08-05 02:25:37 +02:00
bool secrets_delete_domain_sid ( const char * domain ) ;
char * secrets_fetch_prev_machine_password ( const char * domain ) ;
2015-07-30 15:47:54 -07:00
time_t secrets_fetch_pass_last_set_time ( const char * domain ) ;
2010-08-05 02:25:37 +02:00
char * secrets_fetch_machine_password ( const char * domain ,
time_t * pass_last_set_time ,
enum netr_SchannelType * channel ) ;
bool trusted_domain_password_delete ( const char * domain ) ;
bool secrets_store_ldap_pw ( const char * dn , char * pw ) ;
bool fetch_ldap_pw ( char * * dn , char * * pw ) ;
bool secrets_store_afs_keyfile ( const char * cell , const struct afs_keyfile * keyfile ) ;
bool secrets_fetch_afs_key ( const char * cell , struct afs_key * result ) ;
void secrets_fetch_ipc_userpass ( char * * username , char * * domain , char * * password ) ;
bool secrets_store_generic ( const char * owner , const char * key , const char * secret ) ;
char * secrets_fetch_generic ( const char * owner , const char * key ) ;
2012-08-27 19:28:22 +10:00
bool secrets_store_machine_pw_sync ( const char * pass , const char * oldpass , const char * domain ,
const char * realm ,
const char * salting_principal , uint32_t supported_enc_types ,
const struct dom_sid * domain_sid , uint32_t last_change_time ,
2014-05-26 11:58:38 +12:00
uint32_t secure_channel ,
2012-08-27 19:28:22 +10:00
bool delete_join ) ;
2017-05-19 17:17:00 +02:00
char * kerberos_standard_des_salt ( void ) ;
bool kerberos_secrets_store_des_salt ( const char * salt ) ;
char * kerberos_secrets_fetch_salt_princ ( void ) ;
2011-02-17 16:10:28 +01:00
/* The following definitions come from passdb/secrets_lsa.c */
NTSTATUS lsa_secret_get ( TALLOC_CTX * mem_ctx ,
const char * secret_name ,
DATA_BLOB * secret_current ,
NTTIME * secret_current_lastchange ,
DATA_BLOB * secret_old ,
NTTIME * secret_old_lastchange ,
struct security_descriptor * * sd ) ;
NTSTATUS lsa_secret_set ( const char * secret_name ,
DATA_BLOB * secret_current ,
DATA_BLOB * secret_old ,
struct security_descriptor * sd ) ;
NTSTATUS lsa_secret_delete ( const char * secret_name ) ;
2001-10-02 03:43:26 +00:00
# endif /* _SECRETS_H */