← Back to branch summary

~vcs-imports/samba/main

« back to all changes in this revision

Viewing changes to source/include/ads.h

  • Committer: jerry
  • Date: 2006-07-14 21:48:39 UTC
  • Revision ID: vcs-imports@canonical.com-20060714214839-586d8c489a8fcead
gutting trunk to move to svn:externals

Show diffs side-by-side

added added

removed removed

Lines of Context:
source/include/ads.h
1
 
/*
2
 
  header for ads (active directory) library routines
3
 
 
4
 
  basically this is a wrapper around ldap
5
 
*/
6
 
 
7
 
enum wb_posix_mapping {
8
 
        WB_POSIX_MAP_UNKNOWN    = -1,
9
 
        WB_POSIX_MAP_TEMPLATE   = 0, 
10
 
        WB_POSIX_MAP_SFU        = 1, 
11
 
        WB_POSIX_MAP_RFC2307    = 2,
12
 
        WB_POSIX_MAP_UNIXINFO   = 3
13
 
};
14
 
 
15
 
typedef struct {
16
 
        void *ld; /* the active ldap structure */
17
 
        struct in_addr ldap_ip; /* the ip of the active connection, if any */
18
 
        time_t last_attempt; /* last attempt to reconnect */
19
 
        int ldap_port;
20
 
        
21
 
        int is_mine;    /* do I own this structure's memory? */
22
 
        
23
 
        /* info needed to find the server */
24
 
        struct {
25
 
                char *realm;
26
 
                char *workgroup;
27
 
                char *ldap_server;
28
 
                int foreign; /* set to 1 if connecting to a foreign realm */
29
 
        } server;
30
 
 
31
 
        /* info needed to authenticate */
32
 
        struct {
33
 
                char *realm;
34
 
                char *password;
35
 
                char *user_name;
36
 
                char *kdc_server;
37
 
                unsigned flags;
38
 
                int time_offset;
39
 
                time_t expire;
40
 
                time_t renewable;
41
 
        } auth;
42
 
 
43
 
        /* info derived from the servers config */
44
 
        struct {
45
 
                char *realm;
46
 
                char *bind_path;
47
 
                char *ldap_server_name;
48
 
                time_t current_time;
49
 
        } config;
50
 
 
51
 
        /* info derived from the servers schema */
52
 
        struct {
53
 
                enum wb_posix_mapping map_type;
54
 
                char *posix_homedir_attr;
55
 
                char *posix_shell_attr;
56
 
                char *posix_uidnumber_attr;
57
 
                char *posix_gidnumber_attr;
58
 
                char *posix_gecos_attr;
59
 
        } schema;
60
 
 
61
 
} ADS_STRUCT;
62
 
 
63
 
/* there are 5 possible types of errors the ads subsystem can produce */
64
 
enum ads_error_type {ENUM_ADS_ERROR_KRB5, ENUM_ADS_ERROR_GSS, 
65
 
                     ENUM_ADS_ERROR_LDAP, ENUM_ADS_ERROR_SYSTEM, ENUM_ADS_ERROR_NT};
66
 
 
67
 
typedef struct {
68
 
        enum ads_error_type error_type;
69
 
        union err_state{                
70
 
                int rc;
71
 
                NTSTATUS nt_status;
72
 
        } err;
73
 
        /* For error_type = ENUM_ADS_ERROR_GSS minor_status describe GSS API error */
74
 
        /* Where rc represents major_status of GSS API error */
75
 
        int minor_status;
76
 
} ADS_STATUS;
77
 
 
78
 
#ifdef HAVE_ADS
79
 
typedef LDAPMod **ADS_MODLIST;
80
 
#else
81
 
typedef void **ADS_MODLIST;
82
 
#endif
83
 
 
84
 
/* macros to simplify error returning */
85
 
#define ADS_ERROR(rc) ADS_ERROR_LDAP(rc)
86
 
#define ADS_ERROR_LDAP(rc) ads_build_error(ENUM_ADS_ERROR_LDAP, rc, 0)
87
 
#define ADS_ERROR_SYSTEM(rc) ads_build_error(ENUM_ADS_ERROR_SYSTEM, rc?rc:EINVAL, 0)
88
 
#define ADS_ERROR_KRB5(rc) ads_build_error(ENUM_ADS_ERROR_KRB5, rc, 0)
89
 
#define ADS_ERROR_GSS(rc, minor) ads_build_error(ENUM_ADS_ERROR_GSS, rc, minor)
90
 
#define ADS_ERROR_NT(rc) ads_build_nt_error(ENUM_ADS_ERROR_NT,rc)
91
 
 
92
 
#define ADS_ERR_OK(status) ((status.error_type == ENUM_ADS_ERROR_NT) ? NT_STATUS_IS_OK(status.err.nt_status):(status.err.rc == 0))
93
 
#define ADS_SUCCESS ADS_ERROR(0)
94
 
 
95
 
#define ADS_ERROR_HAVE_NO_MEMORY(x) do { \
96
 
        if (!(x)) {\
97
 
                return ADS_ERROR(LDAP_NO_MEMORY);\
98
 
        }\
99
 
} while (0)
100
 
 
101
 
 
102
 
/* time between reconnect attempts */
103
 
#define ADS_RECONNECT_TIME 5
104
 
 
105
 
/* ldap control oids */
106
 
#define ADS_PAGE_CTL_OID        "1.2.840.113556.1.4.319"
107
 
#define ADS_NO_REFERRALS_OID    "1.2.840.113556.1.4.1339"
108
 
#define ADS_SERVER_SORT_OID     "1.2.840.113556.1.4.473"
109
 
#define ADS_PERMIT_MODIFY_OID   "1.2.840.113556.1.4.1413"
110
 
#define ADS_ASQ_OID             "1.2.840.113556.1.4.1504"
111
 
#define ADS_EXTENDED_DN_OID     "1.2.840.113556.1.4.529"
112
 
 
113
 
/* ldap attribute oids (Services for Unix) */
114
 
#define ADS_ATTR_SFU_UIDNUMBER_OID      "1.2.840.113556.1.6.18.1.310"
115
 
#define ADS_ATTR_SFU_GIDNUMBER_OID      "1.2.840.113556.1.6.18.1.311"
116
 
#define ADS_ATTR_SFU_HOMEDIR_OID        "1.2.840.113556.1.6.18.1.344"
117
 
#define ADS_ATTR_SFU_SHELL_OID          "1.2.840.113556.1.6.18.1.312"
118
 
#define ADS_ATTR_SFU_GECOS_OID          "1.2.840.113556.1.6.18.1.337"
119
 
 
120
 
/* ldap attribute oids (RFC2307) */
121
 
#define ADS_ATTR_RFC2307_UIDNUMBER_OID  "1.3.6.1.1.1.1.0"
122
 
#define ADS_ATTR_RFC2307_GIDNUMBER_OID  "1.3.6.1.1.1.1.1"
123
 
#define ADS_ATTR_RFC2307_HOMEDIR_OID    "1.3.6.1.1.1.1.3"
124
 
#define ADS_ATTR_RFC2307_SHELL_OID      "1.3.6.1.1.1.1.4"
125
 
#define ADS_ATTR_RFC2307_GECOS_OID      "1.3.6.1.1.1.1.2"
126
 
 
127
 
/* ldap bitwise searches */
128
 
#define ADS_LDAP_MATCHING_RULE_BIT_AND  "1.2.840.113556.1.4.803"
129
 
#define ADS_LDAP_MATCHING_RULE_BIT_OR   "1.2.840.113556.1.4.804"
130
 
 
131
 
/* UserFlags for userAccountControl */
132
 
#define UF_SCRIPT                               0x00000001
133
 
#define UF_ACCOUNTDISABLE                       0x00000002
134
 
#define UF_UNUSED_1                             0x00000004
135
 
#define UF_HOMEDIR_REQUIRED                     0x00000008
136
 
 
137
 
#define UF_LOCKOUT                              0x00000010
138
 
#define UF_PASSWD_NOTREQD                       0x00000020
139
 
#define UF_PASSWD_CANT_CHANGE                   0x00000040
140
 
#define UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED      0x00000080
141
 
 
142
 
#define UF_TEMP_DUPLICATE_ACCOUNT               0x00000100
143
 
#define UF_NORMAL_ACCOUNT                       0x00000200
144
 
#define UF_UNUSED_2                             0x00000400
145
 
#define UF_INTERDOMAIN_TRUST_ACCOUNT            0x00000800
146
 
 
147
 
#define UF_WORKSTATION_TRUST_ACCOUNT            0x00001000
148
 
#define UF_SERVER_TRUST_ACCOUNT                 0x00002000
149
 
#define UF_UNUSED_3                             0x00004000
150
 
#define UF_UNUSED_4                             0x00008000
151
 
 
152
 
#define UF_DONT_EXPIRE_PASSWD                   0x00010000
153
 
#define UF_MNS_LOGON_ACCOUNT                    0x00020000
154
 
#define UF_SMARTCARD_REQUIRED                   0x00040000
155
 
#define UF_TRUSTED_FOR_DELEGATION               0x00080000
156
 
 
157
 
#define UF_NOT_DELEGATED                        0x00100000
158
 
#define UF_USE_DES_KEY_ONLY                     0x00200000
159
 
#define UF_DONT_REQUIRE_PREAUTH                 0x00400000
160
 
#define UF_PASSWORD_EXPIRED                     0x00800000
161
 
 
162
 
#define UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0x01000000
163
 
#define UF_NO_AUTH_DATA_REQUIRED                0x02000000
164
 
#define UF_UNUSED_8                             0x04000000
165
 
#define UF_UNUSED_9                             0x08000000
166
 
 
167
 
#define UF_UNUSED_10                            0x10000000
168
 
#define UF_UNUSED_11                            0x20000000
169
 
#define UF_UNUSED_12                            0x40000000
170
 
#define UF_UNUSED_13                            0x80000000
171
 
 
172
 
#define UF_MACHINE_ACCOUNT_MASK (\
173
 
                UF_INTERDOMAIN_TRUST_ACCOUNT |\
174
 
                UF_WORKSTATION_TRUST_ACCOUNT |\
175
 
                UF_SERVER_TRUST_ACCOUNT \
176
 
                )
177
 
 
178
 
#define UF_ACCOUNT_TYPE_MASK (\
179
 
                UF_TEMP_DUPLICATE_ACCOUNT |\
180
 
                UF_NORMAL_ACCOUNT |\
181
 
                UF_INTERDOMAIN_TRUST_ACCOUNT |\
182
 
                UF_WORKSTATION_TRUST_ACCOUNT |\
183
 
                UF_SERVER_TRUST_ACCOUNT \
184
 
                )
185
 
 
186
 
#define UF_SETTABLE_BITS (\
187
 
                UF_SCRIPT |\
188
 
                UF_ACCOUNTDISABLE |\
189
 
                UF_HOMEDIR_REQUIRED  |\
190
 
                UF_LOCKOUT |\
191
 
                UF_PASSWD_NOTREQD |\
192
 
                UF_PASSWD_CANT_CHANGE |\
193
 
                UF_ACCOUNT_TYPE_MASK | \
194
 
                UF_DONT_EXPIRE_PASSWD | \
195
 
                UF_MNS_LOGON_ACCOUNT |\
196
 
                UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED |\
197
 
                UF_SMARTCARD_REQUIRED |\
198
 
                UF_TRUSTED_FOR_DELEGATION |\
199
 
                UF_NOT_DELEGATED |\
200
 
                UF_USE_DES_KEY_ONLY  |\
201
 
                UF_DONT_REQUIRE_PREAUTH \
202
 
                )
203
 
 
204
 
/* sAMAccountType */
205
 
#define ATYPE_NORMAL_ACCOUNT                    0x30000000 /* 805306368 */
206
 
#define ATYPE_WORKSTATION_TRUST                 0x30000001 /* 805306369 */
207
 
#define ATYPE_INTERDOMAIN_TRUST                 0x30000002 /* 805306370 */ 
208
 
#define ATYPE_SECURITY_GLOBAL_GROUP             0x10000000 /* 268435456 */
209
 
#define ATYPE_DISTRIBUTION_GLOBAL_GROUP         0x10000001 /* 268435457 */
210
 
#define ATYPE_DISTRIBUTION_UNIVERSAL_GROUP      ATYPE_DISTRIBUTION_GLOBAL_GROUP
211
 
#define ATYPE_SECURITY_LOCAL_GROUP              0x20000000 /* 536870912 */
212
 
#define ATYPE_DISTRIBUTION_LOCAL_GROUP          0x20000001 /* 536870913 */
213
 
 
214
 
#define ATYPE_ACCOUNT           ATYPE_NORMAL_ACCOUNT            /* 0x30000000 805306368 */
215
 
#define ATYPE_GLOBAL_GROUP      ATYPE_SECURITY_GLOBAL_GROUP     /* 0x10000000 268435456 */
216
 
#define ATYPE_LOCAL_GROUP       ATYPE_SECURITY_LOCAL_GROUP      /* 0x20000000 536870912 */
217
 
 
218
 
/* groupType */
219
 
#define GROUP_TYPE_BUILTIN_LOCAL_GROUP          0x00000001
220
 
#define GROUP_TYPE_ACCOUNT_GROUP                0x00000002
221
 
#define GROUP_TYPE_RESOURCE_GROUP               0x00000004
222
 
#define GROUP_TYPE_UNIVERSAL_GROUP              0x00000008
223
 
#define GROUP_TYPE_APP_BASIC_GROUP              0x00000010
224
 
#define GROUP_TYPE_APP_QUERY_GROUP              0x00000020
225
 
#define GROUP_TYPE_SECURITY_ENABLED             0x80000000
226
 
 
227
 
#define GTYPE_SECURITY_BUILTIN_LOCAL_GROUP (    /* 0x80000005 -2147483643 */ \
228
 
                GROUP_TYPE_BUILTIN_LOCAL_GROUP| \
229
 
                GROUP_TYPE_RESOURCE_GROUP| \
230
 
                GROUP_TYPE_SECURITY_ENABLED \
231
 
                )
232
 
#define GTYPE_SECURITY_DOMAIN_LOCAL_GROUP (     /* 0x80000004 -2147483644 */ \
233
 
                GROUP_TYPE_RESOURCE_GROUP| \
234
 
                GROUP_TYPE_SECURITY_ENABLED \
235
 
                )
236
 
#define GTYPE_SECURITY_GLOBAL_GROUP (           /* 0x80000002 -2147483646 */ \
237
 
                GROUP_TYPE_ACCOUNT_GROUP| \
238
 
                GROUP_TYPE_SECURITY_ENABLED \
239
 
                )
240
 
#define GTYPE_DISTRIBUTION_GLOBAL_GROUP         0x00000002      /* 2 */
241
 
#define GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP   0x00000004      /* 4 */
242
 
#define GTYPE_DISTRIBUTION_UNIVERSAL_GROUP      0x00000008      /* 8 */
243
 
 
244
 
#define ADS_PINGS          0x0000FFFF  /* Ping response */
245
 
#define ADS_DNS_CONTROLLER 0x20000000  /* DomainControllerName is a DNS name*/
246
 
#define ADS_DNS_DOMAIN     0x40000000  /* DomainName is a DNS name */
247
 
#define ADS_DNS_FOREST     0x80000000  /* DnsForestName is a DNS name */
248
 
 
249
 
/* DomainCntrollerAddressType */
250
 
#define ADS_INET_ADDRESS      0x00000001
251
 
#define ADS_NETBIOS_ADDRESS   0x00000002
252
 
 
253
 
 
254
 
/* ads auth control flags */
255
 
#define ADS_AUTH_DISABLE_KERBEROS 0x01
256
 
#define ADS_AUTH_NO_BIND          0x02
257
 
#define ADS_AUTH_ANON_BIND        0x04
258
 
#define ADS_AUTH_SIMPLE_BIND      0x08
259
 
#define ADS_AUTH_ALLOW_NTLMSSP    0x10
260
 
 
261
 
/* Kerberos environment variable names */
262
 
#define KRB5_ENV_CCNAME "KRB5CCNAME"
263
 
 
264
 
/* Heimdal uses a slightly different name */
265
 
#if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5)
266
 
#define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5
267
 
#endif
268
 
 
269
 
/* The older versions of heimdal that don't have this
270
 
   define don't seem to use it anyway.  I'm told they
271
 
   always use a subkey */
272
 
#ifndef HAVE_AP_OPTS_USE_SUBKEY
273
 
#define AP_OPTS_USE_SUBKEY 0
274
 
#endif
275
 
 
276
 
#define WELL_KNOWN_GUID_COMPUTERS       "AA312825768811D1ADED00C04FD8D5CD" 
277
 
#define WELL_KNOWN_GUID_USERS           "A9D1CA15768811D1ADED00C04FD8D5CD"
278
 
 
279
 
#ifndef KRB5_ADDR_NETBIOS
280
 
#define KRB5_ADDR_NETBIOS 0x14
281
 
#endif
282
 
 
283
 
#ifndef KRB5KRB_ERR_RESPONSE_TOO_BIG
284
 
#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L)
285
 
#endif
286
 
 
287
 
#ifdef HAVE_KRB5
288
 
typedef struct {
289
 
#if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */
290
 
        krb5_address **addrs;
291
 
#elif defined(HAVE_KRB5_ADDRESSES) /* Heimdal */
292
 
        krb5_addresses *addrs;
293
 
#else
294
 
#error UNKNOWN_KRB5_ADDRESS_TYPE
295
 
#endif
296
 
} smb_krb5_addresses;
297
 
#endif
298
 
 
299
 
enum ads_extended_dn_flags {
300
 
        ADS_EXTENDED_DN_HEX_STRING      = 0,
301
 
        ADS_EXTENDED_DN_STRING          = 1 /* not supported on win2k */
302
 
};
303
 
 
304
 
/* this is probably not very well suited to pass other controls generically but
305
 
 * is good enough for the extended dn control where it is only used for atm */
306
 
 
307
 
typedef struct {
308
 
        const char *control;
309
 
        int val;
310
 
        int critical;
311
 
} ads_control;