-/*
+/*
Unix SMB/CIFS implementation.
header for ads (active directory) library routines
basically this is a wrapper around ldap
Copyright (C) Andrew Tridgell 2001-2003
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-
-#ifndef _ADS_H
-#define _ADS_H
-
+
typedef struct {
void *ld; /* the active ldap structure */
- struct in_addr ldap_ip; /* the ip of the active connection, if any */
+ struct ipv4_addr ldap_ip; /* the ip of the active connection, if any */
time_t last_attempt; /* last attempt to reconnect */
int ldap_port;
+ int is_mine; /* do I own this structure's memory? */
+
/* info needed to find the server */
struct {
char *realm;
char *password;
char *user_name;
char *kdc_server;
- unsigned flags;
+ uint_t flags;
int time_offset;
+ time_t expire;
} auth;
/* info derived from the servers config */
int minor_status;
} ADS_STATUS;
-#ifdef HAVE_ADS
-typedef LDAPMod **ADS_MODLIST;
-#else
typedef void **ADS_MODLIST;
-#endif
/* macros to simplify error returning */
#define ADS_ERROR(rc) ADS_ERROR_LDAP(rc)
#define ADS_NO_REFERRALS_OID "1.2.840.113556.1.4.1339"
#define ADS_SERVER_SORT_OID "1.2.840.113556.1.4.473"
#define ADS_PERMIT_MODIFY_OID "1.2.840.113556.1.4.1413"
-
+/*
+1.2.840.113556.1.4.319;
+1.2.840.113556.1.4.801;
+1.2.840.113556.1.4.473;
+1.2.840.113556.1.4.528;
+1.2.840.113556.1.4.417;
+1.2.840.113556.1.4.619;
+1.2.840.113556.1.4.841;
+1.2.840.113556.1.4.529;
+1.2.840.113556.1.4.805;
+1.2.840.113556.1.4.521;
+1.2.840.113556.1.4.970;
+1.2.840.113556.1.4.1338;
+1.2.840.113556.1.4.474;
+1.2.840.113556.1.4.1339;
+1.2.840.113556.1.4.1340;
+1.2.840.113556.1.4.1413;
+2.16.840.1.113730.3.4.9;
+2.16.840.1.113730.3.4.10;
+1.2.840.113556.1.4.1504;
+1.2.840.113556.1.4.1852;
+1.2.840.113556.1.4.802;
+*/
/* UserFlags for userAccountControl */
#define UF_SCRIPT 0x00000001
#define UF_ACCOUNTDISABLE 0x00000002
-#define UF_UNUSED_1 0x00000004
+#define UF_00000004 0x00000004
#define UF_HOMEDIR_REQUIRED 0x00000008
#define UF_LOCKOUT 0x00000010
#define UF_TEMP_DUPLICATE_ACCOUNT 0x00000100
#define UF_NORMAL_ACCOUNT 0x00000200
-#define UF_UNUSED_2 0x00000400
+#define UF_00000400 0x00000400
#define UF_INTERDOMAIN_TRUST_ACCOUNT 0x00000800
#define UF_WORKSTATION_TRUST_ACCOUNT 0x00001000
#define UF_SERVER_TRUST_ACCOUNT 0x00002000
-#define UF_UNUSED_3 0x00004000
-#define UF_UNUSED_4 0x00008000
+#define UF_00004000 0x00004000
+#define UF_00008000 0x00008000
#define UF_DONT_EXPIRE_PASSWD 0x00010000
#define UF_MNS_LOGON_ACCOUNT 0x00020000
#define ATYPE_LOCAL_GROUP ATYPE_SECURITY_LOCAL_GROUP /* 0x20000000 536870912 */
/* groupType */
-#define GTYPE_SECURITY_BUILTIN_LOCAL_GROUP 0x80000005 /* -2147483643 */
-#define GTYPE_SECURITY_DOMAIN_LOCAL_GROUP 0x80000004 /* -2147483644 */
-#define GTYPE_SECURITY_GLOBAL_GROUP 0x80000002 /* -2147483646 */
+#define GROUP_TYPE_BUILTIN_LOCAL_GROUP 0x00000001
+#define GROUP_TYPE_ACCOUNT_GROUP 0x00000002
+#define GROUP_TYPE_RESOURCE_GROUP 0x00000004
+#define GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
+#define GROUP_TYPE_APP_BASIC_GROUP 0x00000010
+#define GROUP_TYPE_APP_QUERY_GROUP 0x00000020
+#define GROUP_TYPE_SECURITY_ENABLED 0x80000000
+
+#define GTYPE_SECURITY_BUILTIN_LOCAL_GROUP ( \
+ /* 0x80000005 -2147483643 */ \
+ GROUP_TYPE_BUILTIN_LOCAL_GROUP| \
+ GROUP_TYPE_RESOURCE_GROUP| \
+ GROUP_TYPE_SECURITY_ENABLED \
+ )
+#define GTYPE_SECURITY_DOMAIN_LOCAL_GROUP ( \
+ /* 0x80000004 -2147483644 */ \
+ GROUP_TYPE_RESOURCE_GROUP| \
+ GROUP_TYPE_SECURITY_ENABLED \
+ )
+#define GTYPE_SECURITY_GLOBAL_GROUP ( \
+ /* 0x80000002 -2147483646 */ \
+ GROUP_TYPE_ACCOUNT_GROUP| \
+ GROUP_TYPE_SECURITY_ENABLED \
+ )
#define GTYPE_DISTRIBUTION_GLOBAL_GROUP 0x00000002 /* 2 */
#define GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP 0x00000004 /* 4 */
#define GTYPE_DISTRIBUTION_UNIVERSAL_GROUP 0x00000008 /* 8 */
#define ADS_AUTH_SIMPLE_BIND 0x08
#define ADS_AUTH_ALLOW_NTLMSSP 0x10
-/***************************************
- Some krb5 compat stuff
-***************************************/
/* Kerberos environment variable names */
#define KRB5_ENV_CCNAME "KRB5CCNAME"
#ifndef HAVE_AP_OPTS_USE_SUBKEY
#define AP_OPTS_USE_SUBKEY 0
#endif
-#if defined(HAVE_KRB5)
-
-#ifndef HAVE_KRB5_SET_REAL_TIME
-krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds);
-#endif
-
-#ifndef HAVE_KRB5_SET_DEFAULT_TGS_KTYPES
-krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc);
-#endif
-#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
-krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock);
-#endif
-/* Samba wrapper function for krb5 functionality. */
-void setup_kaddr( krb5_address *pkaddr, struct sockaddr *paddr);
-int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype);
-void get_auth_data_from_tkt(DATA_BLOB *auth_data, krb5_ticket *tkt);
-krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt);
-krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
-krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes);
-void free_kerberos_etypes(krb5_context context, krb5_enctype *enctypes);
-BOOL get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, BOOL remote);
-#endif /* HAVE_KRB5 */
-
-#endif /* _ADS_H */
+#define INSTANCE_TYPE_IS_NC_HEAD 0x00000001
+#define INSTANCE_TYPE_UNINSTANT 0x00000002
+#define INSTANCE_TYPE_WRITE 0x00000004
+#define INSTANCE_TYPE_NC_ABOVE 0x00000008
+#define INSTANCE_TYPE_NC_COMING 0x00000010
+#define INSTANCE_TYPE_NC_GOING 0x00000020
+
+#define SYSTEM_FLAG_CR_NTDS_NC 0x00000001
+#define SYSTEM_FLAG_CR_NTDS_DOMAIN 0x00000002
+#define SYSTEM_FLAG_CR_NTDS_NOT_GC_REPLICATED 0x00000004
+#define SYSTEM_FLAG_SCHEMA_BASE_OBJECT 0x00000010
+#define SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE 0x02000000
+#define SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE 0x04000000
+#define SYSTEM_FLAG_DOMAIN_DISALLOW_RENAME 0x08000000
+#define SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE 0x10000000
+#define SYSTEM_FLAG_CONFIG_ALLOW_MOVE 0x20000000
+#define SYSTEM_FLAG_CONFIG_ALLOW_ERNAME 0x20000000
+#define SYSTEM_FLAG_DISALLOW_DELTE 0x80000000
+
+#define DS_BEHAVIOR_WIN2000 0
+#define DS_BEHAVIOR_WIN2003 2