sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Code
ee34c25c8a
samba-mirror/source3/include/secrets.h

129 lines
5.2 KiB
C
Raw Normal View History

Added copyright and include guards. (This used to be commit 9efa93556e3ed444b075a06d2706111b89a0e099)
2001-10-02 07:43:26 +04:00
/*
Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-30 09:08:46 +03:00
* Unix SMB/CIFS implementation.
Added copyright and include guards. (This used to be commit 9efa93556e3ed444b075a06d2706111b89a0e099)
2001-10-02 07:43:26 +04:00
* secrets.tdb file format info
* Copyright (C) Andrew Tridgell 2000
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-07-09 23:25:36 +04:00
* Free Software Foundation; either version 3 of the License, or (at your
Added copyright and include guards. (This used to be commit 9efa93556e3ed444b075a06d2706111b89a0e099)
2001-10-02 07:43:26 +04:00
* option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License along with
r23801: The FSF has moved around a lot. This fixes their Mass Ave address. (This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
2007-07-10 09:23:25 +04:00
* this program; if not, see <http://www.gnu.org/licenses/>.
Added copyright and include guards. (This used to be commit 9efa93556e3ed444b075a06d2706111b89a0e099)
2001-10-02 07:43:26 +04:00
*/
added secrets.tdb and changed storage of trust account password to use it (This used to be commit 88ad00b82acc4636ab57dfe710af08ea85b82ff1)
2000-05-08 14:42:21 +04:00
Added copyright and include guards. (This used to be commit 9efa93556e3ed444b075a06d2706111b89a0e099)
2001-10-02 07:43:26 +04:00
#ifndef _SECRETS_H
#define _SECRETS_H
added secrets.tdb and changed storage of trust account password to use it (This used to be commit 88ad00b82acc4636ab57dfe710af08ea85b82ff1)
2000-05-08 14:42:21 +04:00
added "net join" command this completes the first stage of the smbd ADS support (This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
2001-11-24 17:16:41 +03:00
/* the first one is for the hashed password (NT4 style) the latter
The beginning of trusted and trusting domain support from Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl> This adds the 'net' tools to manipulate the trusted domains. Andrew Bartlett (This used to be commit 770c8a31d9804d3339ffa0de8b5072a5c7eb02df)
2002-03-01 05:56:35 +03:00
for plaintext (ADS)
added "net join" command this completes the first stage of the smbd ADS support (This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
2001-11-24 17:16:41 +03:00
*/
added secrets.tdb and changed storage of trust account password to use it (This used to be commit 88ad00b82acc4636ab57dfe710af08ea85b82ff1)
2000-05-08 14:42:21 +04:00
#define SECRETS_MACHINE_ACCT_PASS "SECRETS/$MACHINE.ACC"
added "net join" command this completes the first stage of the smbd ADS support (This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
2001-11-24 17:16:41 +03:00
#define SECRETS_MACHINE_PASSWORD "SECRETS/MACHINE_PASSWORD"
s3: Allow previous password to be stored and use it to check tickets This patch is to fix bug 7099. It stores the current password in the previous password key when the password is changed. It also check the user ticket against previous password. Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 11:57:29 +04:00
#define SECRETS_MACHINE_PASSWORD_PREV "SECRETS/MACHINE_PASSWORD.PREV"
Merge from HEAD - save the type of channel used to contact the DC. This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2003-04-21 18:09:03 +04:00
#define SECRETS_MACHINE_LAST_CHANGE_TIME "SECRETS/MACHINE_LAST_CHANGE_TIME"
#define SECRETS_MACHINE_SEC_CHANNEL_TYPE "SECRETS/MACHINE_SEC_CHANNEL_TYPE"
#define SECRETS_MACHINE_TRUST_ACCOUNT_NAME "SECRETS/SECRETS_MACHINE_TRUST_ACCOUNT_NAME"
The beginning of trusted and trusting domain support from Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl> This adds the 'net' tools to manipulate the trusted domains. Andrew Bartlett (This used to be commit 770c8a31d9804d3339ffa0de8b5072a5c7eb02df)
2002-03-01 05:56:35 +03:00
/* this one is for storing trusted domain account password */
#define SECRETS_DOMTRUST_ACCT_PASS "SECRETS/$DOMTRUST.ACC"
r3377: Merge in first part of modified patch from Nalin Dahyabhai <nalin@redhat.com> for bug #1717.The rest of the code needed to call this patch has not yet been checked in (that's my next task). This has not yet been tested - I'll do this once the rest of the patch is integrated. Jeremy. (This used to be commit 7565019286cf44f43c8066c005b1cd5c1556435f)
2004-10-30 02:38:10 +04:00
/* Store the principal name used for Kerberos DES key salt under this key name. */
#define SECRETS_SALTING_PRINCIPAL "SECRETS/SALTING_PRINCIPAL"
Moved definition of winbind username/password secrets into secrets.h (This used to be commit b618b5943d53f33e6f03d8d47cf87efc5e1ad3e5)
2002-04-10 04:35:00 +04:00
/* The domain sid and our sid are stored here even though they aren't
really secret. */
Fixed LsaQueryInformationPolicy level 3 to return primary domain info. Domain SID is saved in secrets.tdb upon joining domain. Added "Authenticated Users" and "SYSTEM" well-known SIDs (under NT Authority). (This used to be commit 7710b4f48d3e8532df5e37f99a779758f750efdb)
2000-05-29 05:23:48 +04:00
#define SECRETS_DOMAIN_SID "SECRETS/SID"
#define SECRETS_SAM_SID "SAM/SID"
added secrets.tdb and changed storage of trust account password to use it (This used to be commit 88ad00b82acc4636ab57dfe710af08ea85b82ff1)
2000-05-08 14:42:21 +04:00
sync 3.0 branch with head (This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-08-17 21:00:51 +04:00
/* The domain GUID and server GUID (NOT the same) are also not secret */
#define SECRETS_DOMAIN_GUID "SECRETS/DOMGUID"
#define SECRETS_SERVER_GUID "SECRETS/GUID"
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
#define SECRETS_LDAP_BIND_PW "SECRETS/LDAP_BIND_PW"
Store a local schannel key in secrets.tdb
2008-09-22 21:23:21 +04:00
#define SECRETS_LOCAL_SCHANNEL_KEY "SECRETS/LOCAL_SCHANNEL_KEY"
Moved definition of winbind username/password secrets into secrets.h (This used to be commit b618b5943d53f33e6f03d8d47cf87efc5e1ad3e5)
2002-04-10 04:35:00 +04:00
/* Authenticated user info is stored in secrets.tdb under these keys */
#define SECRETS_AUTH_USER "SECRETS/AUTH_USER"
#define SECRETS_AUTH_DOMAIN "SECRETS/AUTH_DOMAIN"
#define SECRETS_AUTH_PASSWORD "SECRETS/AUTH_PASSWORD"
The beginning of trusted and trusting domain support from Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl> This adds the 'net' tools to manipulate the trusted domains. Andrew Bartlett (This used to be commit 770c8a31d9804d3339ffa0de8b5072a5c7eb02df)
2002-03-01 05:56:35 +03:00
/* structure for storing machine account password
(ie. when samba server is member of a domain */
added secrets.tdb and changed storage of trust account password to use it (This used to be commit 88ad00b82acc4636ab57dfe710af08ea85b82ff1)
2000-05-08 14:42:21 +04:00
struct machine_acct_pass {
uint8 hash[16];
time_t mod_time;
};
Nobody complained on the team-list, so commit it ... This implements some kind of improved AFS support for Samba on Linux with OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile into secrets.tdb with 'net afskey'. If this is done, on each tree connect smbd creates a Kerberos V4 ticket suitable for use by the AFS client and gives it to the kernel via the AFS syscall. This is meant to be very light-weight, so I did not link in a whole lot of libraries to be more platform-independent using the ka_SetToken function call. Volker (This used to be commit 5775690ee8e17d3e98355b5147e4aed47e8dc213)
2003-09-07 20:36:13 +04:00
/*
* Format of an OpenAFS keyfile
*/
#define SECRETS_AFS_MAXKEYS 8
struct afs_key {
uint32 kvno;
char key[8];
};
struct afs_keyfile {
uint32 nkeys;
struct afs_key entry[SECRETS_AFS_MAXKEYS];
};
#define SECRETS_AFS_KEYFILE "SECRETS/AFS_KEYFILE"
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
s3-secrets: only include secrets.h when needed. Guenther
2010-08-05 04:25:37 +04:00
/* The following definitions come from passdb/secrets.c */
bool secrets_init(void);
struct db_context *secrets_db_ctx(void);
void secrets_shutdown(void);
void *secrets_fetch(const char *key, size_t *size);
bool secrets_store(const char *key, const void *data, size_t size);
bool secrets_delete(const char *key);
bool secrets_store_domain_sid(const char *domain, const struct dom_sid *sid);
bool secrets_fetch_domain_sid(const char *domain, struct dom_sid *sid);
bool secrets_store_domain_guid(const char *domain, struct GUID *guid);
bool secrets_fetch_domain_guid(const char *domain, struct GUID *guid);
void *secrets_get_trust_account_lock(TALLOC_CTX *mem_ctx, const char *domain);
enum netr_SchannelType get_default_sec_channel(void);
bool secrets_fetch_trust_account_password_legacy(const char *domain,
uint8 ret_pwd[16],
time_t *pass_last_set_time,
enum netr_SchannelType *channel);
bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
time_t *pass_last_set_time,
enum netr_SchannelType *channel);
bool secrets_fetch_trusted_domain_password(const char *domain, char** pwd,
struct dom_sid *sid, time_t *pass_last_set_time);
bool secrets_store_trusted_domain_password(const char* domain, const char* pwd,
const struct dom_sid *sid);
bool secrets_delete_machine_password(const char *domain);
bool secrets_delete_machine_password_ex(const char *domain);
bool secrets_delete_domain_sid(const char *domain);
bool secrets_store_machine_password(const char *pass, const char *domain, enum netr_SchannelType sec_channel);
char *secrets_fetch_prev_machine_password(const char *domain);
char *secrets_fetch_machine_password(const char *domain,
time_t *pass_last_set_time,
enum netr_SchannelType *channel);
bool trusted_domain_password_delete(const char *domain);
bool secrets_store_ldap_pw(const char* dn, char* pw);
bool fetch_ldap_pw(char **dn, char** pw);
s3-passdb: use passdb headers where needed. Guenther
2011-03-22 18:50:02 +03:00
struct trustdom_info;
s3-secrets: only include secrets.h when needed. Guenther
2010-08-05 04:25:37 +04:00
NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
struct trustdom_info ***domains);
bool secrets_store_afs_keyfile(const char *cell, const struct afs_keyfile *keyfile);
bool secrets_fetch_afs_key(const char *cell, struct afs_key *result);
void secrets_fetch_ipc_userpass(char **username, char **domain, char **password);
bool secrets_store_generic(const char *owner, const char *key, const char *secret);
char *secrets_fetch_generic(const char *owner, const char *key);
bool secrets_delete_generic(const char *owner, const char *key);
Added copyright and include guards. (This used to be commit 9efa93556e3ed444b075a06d2706111b89a0e099)
2001-10-02 07:43:26 +04:00
#endif /* _SECRETS_H */
Copy Permalink