X-Git-Url: http://git.samba.org/?a=blobdiff_plain;f=source3%2Finclude%2Fads.h;h=89f54a23f25a7480ce233d1a9cb4760253b117f1;hb=fc3f3c655b62bd002c7ba34550bb0d138cc309dd;hp=48b9bbffa02d44f41d23ab46c6c9ba6ec0c3be98;hpb=2c029a8b96ae476f1d5c2abe14ee25f98a1513d8;p=amitay%2Fsamba.git

diff --git a/source3/include/ads.h b/source3/include/ads.h
index 48b9bbffa02..89f54a23f25 100644
--- a/source3/include/ads.h
+++ b/source3/include/ads.h
@@ -1,15 +1,21 @@
+#ifndef _INCLUDE_ADS_H_
+#define _INCLUDE_ADS_H_
 /*
   header for ads (active directory) library routines
 
   basically this is a wrapper around ldap
 */
 
-typedef struct {
-	void *ld; /* the active ldap structure */
-	struct in_addr ldap_ip; /* the ip of the active connection, if any */
-	time_t last_attempt; /* last attempt to reconnect */
-	int ldap_port;
-	
+enum wb_posix_mapping {
+	WB_POSIX_MAP_UNKNOWN    = -1,
+	WB_POSIX_MAP_TEMPLATE 	= 0, 
+	WB_POSIX_MAP_SFU 	= 1, 
+	WB_POSIX_MAP_SFU20 	= 2, 
+	WB_POSIX_MAP_RFC2307 	= 3,
+	WB_POSIX_MAP_UNIXINFO	= 4
+};
+
+typedef struct {	
 	int is_mine;	/* do I own this structure's memory? */
 	
 	/* info needed to find the server */
@@ -28,29 +34,52 @@ typedef struct {
 		char *kdc_server;
 		unsigned flags;
 		int time_offset;
-		time_t expire;
+		time_t tgt_expire;
+		time_t tgs_expire;
 		time_t renewable;
 	} auth;
 
 	/* info derived from the servers config */
 	struct {
+		uint32 flags; /* cldap flags identifying the services. */
 		char *realm;
 		char *bind_path;
 		char *ldap_server_name;
+		char *server_site_name;
+		char *client_site_name;
 		time_t current_time;
+		int tried_closest_dc;
+		char *schema_path;
+		char *config_path;
 	} config;
 
-	/* info derived from the servers schema */
+	/* info about the current LDAP connection */
+#ifdef HAVE_LDAP
 	struct {
-		char *sfu_homedir_attr;
-		char *sfu_shell_attr;
-		char *sfu_uidnumber_attr;
-		char *sfu_gidnumber_attr;
-		char *sfu_gecos_attr;
-	} schema;
-
+		LDAP *ld;
+		struct in_addr ip; /* the ip of the active connection, if any */
+		time_t last_attempt; /* last attempt to reconnect */
+		int port;
+
+#ifdef HAVE_ADS_SASL_WRAPPING
+		Sockbuf_IO_Desc *sbiod; /* lowlevel state for LDAP wrapping */
+#endif /* HAVE_ADS_SASL_WRAPPING */
+	} ldap;
+#endif /* HAVE_ADS */
 } ADS_STRUCT;
 
+/* used to remember the names of the posix attributes in AD */
+/* see the rfc2307 & sfu nss backends */
+
+struct posix_schema {
+	char *posix_homedir_attr;
+	char *posix_shell_attr;
+	char *posix_uidnumber_attr;
+	char *posix_gidnumber_attr;
+	char *posix_gecos_attr;
+};
+
+
 /* there are 5 possible types of errors the ads subsystem can produce */
 enum ads_error_type {ENUM_ADS_ERROR_KRB5, ENUM_ADS_ERROR_GSS, 
 		     ENUM_ADS_ERROR_LDAP, ENUM_ADS_ERROR_SYSTEM, ENUM_ADS_ERROR_NT};
@@ -83,6 +112,13 @@ typedef void **ADS_MODLIST;
 #define ADS_ERR_OK(status) ((status.error_type == ENUM_ADS_ERROR_NT) ? NT_STATUS_IS_OK(status.err.nt_status):(status.err.rc == 0))
 #define ADS_SUCCESS ADS_ERROR(0)
 
+#define ADS_ERROR_HAVE_NO_MEMORY(x) do { \
+        if (!(x)) {\
+                return ADS_ERROR(LDAP_NO_MEMORY);\
+        }\
+} while (0)
+
+
 /* time between reconnect attempts */
 #define ADS_RECONNECT_TIME 5
 
@@ -92,14 +128,30 @@ typedef void **ADS_MODLIST;
 #define ADS_SERVER_SORT_OID 	"1.2.840.113556.1.4.473"
 #define ADS_PERMIT_MODIFY_OID 	"1.2.840.113556.1.4.1413"
 #define ADS_ASQ_OID		"1.2.840.113556.1.4.1504"
+#define ADS_EXTENDED_DN_OID	"1.2.840.113556.1.4.529"
+#define ADS_SD_FLAGS_OID	"1.2.840.113556.1.4.801"
 
-/* ldap attribute oids (Services for Unix) */
+/* ldap attribute oids (Services for Unix 3.0, 3.5) */
 #define ADS_ATTR_SFU_UIDNUMBER_OID 	"1.2.840.113556.1.6.18.1.310"
 #define ADS_ATTR_SFU_GIDNUMBER_OID 	"1.2.840.113556.1.6.18.1.311"
 #define ADS_ATTR_SFU_HOMEDIR_OID 	"1.2.840.113556.1.6.18.1.344"
 #define ADS_ATTR_SFU_SHELL_OID 		"1.2.840.113556.1.6.18.1.312"
 #define ADS_ATTR_SFU_GECOS_OID 		"1.2.840.113556.1.6.18.1.337"
 
+/* ldap attribute oids (Services for Unix 2.0) */
+#define ADS_ATTR_SFU20_UIDNUMBER_OID	"1.2.840.113556.1.4.7000.187.70"
+#define ADS_ATTR_SFU20_GIDNUMBER_OID	"1.2.840.113556.1.4.7000.187.71"
+#define ADS_ATTR_SFU20_HOMEDIR_OID	"1.2.840.113556.1.4.7000.187.106"
+#define ADS_ATTR_SFU20_SHELL_OID	"1.2.840.113556.1.4.7000.187.72"
+#define ADS_ATTR_SFU20_GECOS_OID 	"1.2.840.113556.1.4.7000.187.97"
+
+/* ldap attribute oids (RFC2307) */
+#define ADS_ATTR_RFC2307_UIDNUMBER_OID	"1.3.6.1.1.1.1.0"
+#define ADS_ATTR_RFC2307_GIDNUMBER_OID	"1.3.6.1.1.1.1.1"
+#define ADS_ATTR_RFC2307_HOMEDIR_OID	"1.3.6.1.1.1.1.3"
+#define ADS_ATTR_RFC2307_SHELL_OID	"1.3.6.1.1.1.1.4"
+#define ADS_ATTR_RFC2307_GECOS_OID	"1.3.6.1.1.1.1.2"
+
 /* ldap bitwise searches */
 #define ADS_LDAP_MATCHING_RULE_BIT_AND	"1.2.840.113556.1.4.803"
 #define ADS_LDAP_MATCHING_RULE_BIT_OR	"1.2.840.113556.1.4.804"
@@ -213,6 +265,11 @@ typedef void **ADS_MODLIST;
 		GROUP_TYPE_ACCOUNT_GROUP| \
 		GROUP_TYPE_SECURITY_ENABLED \
 		)
+#define GTYPE_SECURITY_UNIVERSAL_GROUP (	/* 0x80000008 -2147483656 */ \
+		GROUP_TYPE_UNIVERSAL_GROUP| \
+		GROUP_TYPE_SECURITY_ENABLED \
+		)
+
 #define GTYPE_DISTRIBUTION_GLOBAL_GROUP		0x00000002	/* 2 */
 #define GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP	0x00000004	/* 4 */
 #define GTYPE_DISTRIBUTION_UNIVERSAL_GROUP	0x00000008	/* 8 */
@@ -222,7 +279,7 @@ typedef void **ADS_MODLIST;
 #define ADS_DNS_DOMAIN     0x40000000  /* DomainName is a DNS name */
 #define ADS_DNS_FOREST     0x80000000  /* DnsForestName is a DNS name */
 
-/* DomainCntrollerAddressType */
+/* DomainControllerAddressType */
 #define ADS_INET_ADDRESS      0x00000001
 #define ADS_NETBIOS_ADDRESS   0x00000002
 
@@ -256,7 +313,17 @@ typedef void **ADS_MODLIST;
 #define KRB5_ADDR_NETBIOS 0x14
 #endif
 
+#ifndef KRB5KRB_ERR_RESPONSE_TOO_BIG
+#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L)
+#endif
+
 #ifdef HAVE_KRB5
+typedef struct {
+	NTSTATUS ntstatus;
+	uint32 unknown1;
+	uint32 unknown2; /* 0x00000001 */
+} KRB5_EDATA_NTSTATUS;
+
 typedef struct {
 #if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */
 	krb5_address **addrs;
@@ -267,3 +334,21 @@ typedef struct {
 #endif
 } smb_krb5_addresses;
 #endif
+
+enum ads_extended_dn_flags {
+	ADS_EXTENDED_DN_HEX_STRING	= 0,
+	ADS_EXTENDED_DN_STRING		= 1 /* not supported on win2k */
+};
+
+/* this is probably not very well suited to pass other controls generically but
+ * is good enough for the extended dn control where it is only used for atm */
+
+typedef struct {
+	const char *control;
+	int val;
+	int critical;
+} ads_control;
+
+#define ADS_EXTENDED_RIGHT_APPLY_GROUP_POLICY "edacfd8f-ffb3-11d1-b41d-00a0c968f939"
+
+#endif	/* _INCLUDE_ADS_H_ */