#define IS_BITS_SET_ALL(var,bit) (((var)&(bit))==(bit))
#define IS_BITS_SET_SOME(var,bit) (((var)&(bit))!=0)
-#define IS_BITS_CLR_ALL(var,bit) (((var)&(~(bit)))==0)
+#define IS_BITS_CLR_ALL(var,bit) (((var)&(bit))==0)
-#define PTR_DIFF(p1,p2) ((ptrdiff_t)(((char *)(p1)) - (char *)(p2)))
+#define PTR_DIFF(p1,p2) ((ptrdiff_t)(((const char *)(p1)) - (const char *)(p2)))
typedef int BOOL;
#define DEF_CREATE_MASK (0755)
#endif
-#ifndef PRINTCAP_NAME
-#define PRINTCAP_NAME "/etc/printcap"
-#endif
-
/* how long to wait for secondary SMB packets (milli-seconds) */
#define SMB_SECONDARY_WAIT (60*1000)
*/
/* I know the __attribute__ stuff is ugly, but it does ensure we get the
arguemnts to DEBUG() right. We have got them wrong too often in the
- past */
+ past.
+ */
#ifdef HAVE_STDARG_H
int Debug1( char *, ... )
#ifdef __GNUC__
( (DEBUGLEVEL >= (level)) \
&& dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) ) )
-#if 0
-
-#define DEBUG( level, body ) \
- ( ( DEBUGLEVEL >= (level) \
- && dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) ) ) \
- ? (void)(dbgtext body) : (void)0 )
-
-#define DEBUGADD( level, body ) \
- ( (DEBUGLEVEL >= (level)) ? (void)(dbgtext body) : (void)0 )
-
-#else
-
#define DEBUG( level, body ) \
(void)( (DEBUGLEVEL >= (level)) \
&& (dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) )) \
#define DEBUGADD( level, body ) \
(void)( (DEBUGLEVEL >= (level)) && (dbgtext body) )
-#endif
+/* -------------------------------------------------------------------------- **
+ * These are the tokens returned by dbg_char2token().
+ */
+
+typedef enum
+ {
+ dbg_null = 0,
+ dbg_ignore,
+ dbg_header,
+ dbg_timestamp,
+ dbg_level,
+ dbg_sourcefile,
+ dbg_function,
+ dbg_lineno,
+ dbg_message,
+ dbg_eof
+ } dbg_Token;
/* End Debugging code section.
* -------------------------------------------------------------------------- **
typedef char pstring[1024];
typedef char fstring[128];
-/* pipe strings */
+/* pipe string names */
#define PIPE_LANMAN "\\PIPE\\LANMAN"
#define PIPE_SRVSVC "\\PIPE\\srvsvc"
#define PIPE_SAMR "\\PIPE\\samr"
+#define PIPE_WINREG "\\PIPE\\winreg"
#define PIPE_WKSSVC "\\PIPE\\wkssvc"
#define PIPE_NETLOGON "\\PIPE\\NETLOGON"
+#define PIPE_SVCCTL "\\PIPE\\SVCCTL"
#define PIPE_NTLSA "\\PIPE\\ntlsa"
#define PIPE_NTSVCS "\\PIPE\\ntsvcs"
#define PIPE_LSASS "\\PIPE\\lsass"
#define ACB_SVRTRUST 0x0100 /* 1 = Server trust account */
#define ACB_PWNOEXP 0x0200 /* 1 = User password does not expire */
#define ACB_AUTOLOCK 0x0400 /* 1 = Account auto locked */
+#define ACB_PWLOCK 0x0800 /* 1 = Password is locked and connot be changed remotely */
#define MAX_HOURS_LEN 32
struct sam_passwd
{
- time_t logon_time; /* logon time */
- time_t logoff_time; /* logoff time */
- time_t kickoff_time; /* kickoff time */
- time_t pass_last_set_time; /* password last set time */
- time_t pass_can_change_time; /* password can change time */
- time_t pass_must_change_time; /* password must change time */
-
- char *smb_name; /* username string */
+ NTTIME logon_time; /* logon time */
+ NTTIME logoff_time; /* logoff time */
+ NTTIME kickoff_time; /* kickoff time */
+ NTTIME pass_last_set_time; /* password last set time */
+ NTTIME pass_can_change_time; /* password can change time */
+ NTTIME pass_must_change_time; /* password must change time */
+
+ char *unix_name; /* unix username string */
+ char *nt_name; /* nt username string */
char *full_name; /* user's full name string */
char *home_dir; /* home directory string */
char *dir_drive; /* home directory drive string */
char *unknown_str ; /* don't know what this is, yet. */
char *munged_dial ; /* munged path name and dial-back tel number */
- uid_t smb_userid; /* this is actually the unix uid_t */
- gid_t smb_grpid; /* this is actually the unix gid_t */
+ uid_t unix_uid; /* this is actually the unix uid_t */
+ gid_t unix_gid; /* this is actually the unix gid_t */
uint32 user_rid; /* Primary User ID */
uint32 group_rid; /* Primary Group ID */
struct smb_passwd
{
- uid_t smb_userid; /* this is actually the unix uid_t */
- char *smb_name; /* username string */
+ uid_t unix_uid; /* unix userid */
+ char *unix_name; /* unix username string */
+
+ uint32 user_rid; /* Primary User ID */
+ char *nt_name; /* unix username string */
unsigned char *smb_passwd; /* Null if no password */
unsigned char *smb_nt_passwd; /* Null if no password */
struct sam_disp_info
{
uint32 user_rid; /* Primary User ID */
- char *smb_name; /* username string */
- char *full_name; /* user's full name string */
+ char *nt_name; /* username string */
+ char *full_name; /* user's full name string */
};
+#define MAXSUBAUTHS 15 /* max sub authorities in a SID */
+
+/* DOM_SID - security id */
+typedef struct sid_info
+{
+ uint8 sid_rev_num; /* SID revision number */
+ uint8 num_auths; /* number of sub-authorities */
+ uint8 id_auth[6]; /* Identifier Authority */
+ /*
+ * Note that the values in these uint32's are in *native* byteorder,
+ * not neccessarily little-endian...... JRA.
+ */
+ uint32 sub_auths[MAXSUBAUTHS]; /* pointer to sub-authorities. */
+
+} DOM_SID;
+
+
+typedef struct group_name_info
+{
+ char *nt_name;
+ char *nt_domain;
+ char *unix_name;
+
+ DOM_SID sid;
+ uint8 type;
+ uint32 unix_id;
+
+} DOM_NAME_MAP;
+
+/* map either local aliases, domain groups or builtin aliases */
+typedef enum
+{
+ DOM_MAP_LOCAL,
+ DOM_MAP_DOMAIN,
+ DOM_MAP_USER
+
+} DOM_MAP_TYPE;
+
+
+/*** query a local group, get a list of these: shows who is in that group ***/
+
+/* local group member info */
+typedef struct local_grp_member_info
+{
+ DOM_SID sid ; /* matches with name */
+ uint8 sid_use; /* usr=1 grp=2 dom=3 alias=4 wkng=5 del=6 inv=7 unk=8 */
+ fstring name ; /* matches with sid: must be of the form "DOMAIN\account" */
+
+} LOCAL_GRP_MEMBER;
+
+/* enumerate these to get list of local groups */
+
+/* local group info */
+typedef struct local_grp_info
+{
+ fstring name;
+ fstring comment;
+ uint32 rid; /* alias rid */
+
+} LOCAL_GRP;
+
+/*** query a domain group, get a list of these: shows who is in that group ***/
+
+/* domain group info */
+typedef struct domain_grp_member_info
+{
+ fstring name;
+ uint8 attr; /* attributes forced to be set to 0x7: SE_GROUP_xxx */
+ uint32 rid; /* rid of domain group member */
+ uint8 sid_use; /* usr=1 grp=2 dom=3 alias=4 wkng=5 del=6 inv=7 unk=8 */
+
+} DOMAIN_GRP_MEMBER;
+
+/*** enumerate these to get list of domain groups ***/
+
+/* domain group member info */
+typedef struct domain_grp_info
+{
+ fstring name;
+ fstring comment;
+ uint32 rid; /* group rid */
+ uint8 attr; /* attributes forced to be set to 0x7: SE_GROUP_xxx */
+
+} DOMAIN_GRP;
+
/* DOM_CHAL - challenge info */
typedef struct chal_info
{
char *connectpath;
char *origpath;
char *user; /* name of user who *opened* this connection */
+
uid_t uid; /* uid of user who *opened* this connection */
gid_t gid; /* gid of user who *opened* this connection */
} connection_struct;
+struct unix_sec_ctxt
+{
+ uid_t uid;
+ gid_t gid;
+ int ngroups;
+ gid_t *groups;
+
+ char *name;
+};
+
+struct nt_sec_ctxt
+{
+ /* this should (will?) probably become a SEC_DESC */
+ DOM_SID user_sid;
+ DOM_SID group_sid;
+
+ char *name;
+ char *domain;
+};
+
+#if 0
+struct sec_ctxt
+{
+ struct unix_sec_ctxt unix;
+ struct nt_sec_ctxt nt;
+};
+#endif
+
struct current_user
{
connection_struct *conn;
write_bmpx_struct *wbmpx_ptr;
struct timeval open_time;
int share_mode;
+ time_t pending_modtime;
BOOL open;
BOOL can_lock;
BOOL can_read;
uchar sess_key[8]; /* Session key */
uchar md4pw[16]; /* md4(machine password) */
+ uchar user_sess_key[16]; /* user session key (md4 nt#) */
};
typedef struct
* to support the following operations.
*/
-struct passdb_ops {
- /*
- * Password database ops.
- */
- void *(*startsmbpwent)(BOOL);
- void (*endsmbpwent)(void *);
- SMB_BIG_UINT (*getsmbpwpos)(void *);
- BOOL (*setsmbpwpos)(void *, SMB_BIG_UINT);
+struct smb_passdb_ops
+{
+ /*
+ * Password database operations.
+ */
+ void *(*startsmbpwent)(BOOL);
+ void (*endsmbpwent)(void *);
+ SMB_BIG_UINT (*getsmbpwpos)(void *);
+ BOOL (*setsmbpwpos)(void *, SMB_BIG_UINT);
+
+ /*
+ * smb password database query functions.
+ */
+ struct smb_passwd *(*getsmbpwnam)(const char *);
+ struct smb_passwd *(*getsmbpwuid)(uid_t);
+ struct smb_passwd *(*getsmbpwent)(void *);
+
+ /*
+ * smb password database modification functions.
+ */
+ BOOL (*add_smbpwd_entry)(struct smb_passwd *);
+ BOOL (*mod_smbpwd_entry)(struct smb_passwd *, BOOL);
+#if 0
/*
- * smb password database query functions.
+ * password checking functions
*/
- struct smb_passwd *(*getsmbpwnam)(char *);
- struct smb_passwd *(*getsmbpwuid)(uid_t);
- struct smb_passwd *(*getsmbpwrid)(uint32);
- struct smb_passwd *(*getsmbpwent)(void *);
+ struct smb_passwd *(*smb_password_chal )(const char *username, const char lm_pass[24], const char nt_pass[24], char chal[8]);
+ struct smb_passwd *(*smb_password_check )(const char *username, const char lm_hash[16], const char nt_hash[16]);
+ struct passwd *(*unix_password_check)(const char *username, const char *pass, int pass_len);
+#endif
+};
- /*
- * smb password database modification functions.
- */
- BOOL (*add_smbpwd_entry)(struct smb_passwd *);
- BOOL (*mod_smbpwd_entry)(struct smb_passwd *, BOOL);
+/*
+ * Each implementation of the password database code needs
+ * to support the following operations.
+ */
+struct sam_passdb_ops {
/*
- * Functions that manupulate a struct sam_passwd.
+ * Password database operations.
*/
- struct sam_passwd *(*getsam21pwent)(void *);
+ void *(*startsam21pwent)(BOOL);
+ void (*endsam21pwent)(void *);
+ SMB_BIG_UINT (*getsam21pwpos)(void *);
+ BOOL (*setsam21pwpos)(void *, SMB_BIG_UINT);
/*
* sam password database query functions.
*/
- struct sam_passwd *(*getsam21pwnam)(char *);
+ struct sam_passwd *(*getsam21pwntnam)(const char *);
struct sam_passwd *(*getsam21pwuid)(uid_t);
struct sam_passwd *(*getsam21pwrid)(uint32);
+ struct sam_passwd *(*getsam21pwent)(void *);
/*
* sam password database modification functions.
/*
* sam query display info functions.
*/
- struct sam_disp_info *(*getsamdispnam)(char *);
+ struct sam_disp_info *(*getsamdispntnam)(const char *);
struct sam_disp_info *(*getsamdisprid)(uint32);
struct sam_disp_info *(*getsamdispent)(void *);
-#if 0
- /*
- * password checking functions
- */
- struct smb_passwd *(*smb_password_chal )(char *username, char lm_pass[24], char nt_pass[24], char chal[8]);
- struct smb_passwd *(*smb_password_check )(char *username, char lm_hash[16], char nt_hash[16]);
- struct passwd *(*unix_password_check)(char *username, char *pass, int pass_len);
-#endif
+};
+
+/*
+ * Each implementation of the passgrp database code needs
+ * to support the following operations.
+ */
+
+struct passgrp_ops
+{
+ /*
+ * Password group database ops.
+ */
+ void *(*startsmbgrpent)(BOOL);
+ void (*endsmbgrpent)(void *);
+ SMB_BIG_UINT (*getsmbgrppos)(void *);
+ BOOL (*setsmbgrppos)(void *, SMB_BIG_UINT);
+
+ /*
+ * smb passgrp database query functions, by user attributes.
+ */
+ struct smb_passwd *(*getsmbgrpntnam)(const char *, uint32**, int*, uint32**, int*);
+ struct smb_passwd *(*getsmbgrpuid)(uid_t , uint32**, int*, uint32**, int*);
+ struct smb_passwd *(*getsmbgrprid)(uint32, uint32**, int*, uint32**, int*);
+ struct smb_passwd *(*getsmbgrpent)(void *, uint32**, int*, uint32**, int*);
+};
+
+/*
+ * Each implementation of the group database code needs
+ * to support the following operations.
+ *
+ * This allows enumeration, modification and addition of groups. there
+ * is _no_ deletion of groups: you can only modify them to a status of
+ * "deleted" (this by the way is a requirement of c2 rating)
+ */
+
+struct groupdb_ops
+{
+ /*
+ * Group database ops.
+ */
+ void *(*startgroupent)(BOOL);
+ void (*endgroupent)(void *);
+ SMB_BIG_UINT (*getgrouppos)(void *);
+ BOOL (*setgrouppos)(void *, SMB_BIG_UINT);
+
+ /*
+ * group database query functions.
+ */
+ DOMAIN_GRP *(*getgroupntnam)(const char *, DOMAIN_GRP_MEMBER **, int *);
+ DOMAIN_GRP *(*getgroupgid)(gid_t , DOMAIN_GRP_MEMBER **, int *);
+ DOMAIN_GRP *(*getgrouprid)(uint32, DOMAIN_GRP_MEMBER **, int *);
+ DOMAIN_GRP *(*getgroupent)(void *, DOMAIN_GRP_MEMBER **, int *);
+
+ /*
+ * group database modification functions.
+ */
+ BOOL (*add_group_entry)(DOMAIN_GRP *);
+ BOOL (*mod_group_entry)(DOMAIN_GRP *);
+ BOOL (*del_group_entry)(uint32);
+
+ BOOL (*add_group_member)(uint32, uint32);
+ BOOL (*del_group_member)(uint32, uint32);
+
+ /*
+ * user group functions
+ */
+ BOOL (*getusergroupsntnam)(const char *, DOMAIN_GRP **, int *);
+};
+
+/*
+ * Each implementation of the alias database code needs
+ * to support the following operations.
+ *
+ * This allows enumeration, modification and addition of aliases. there
+ * is _no_ deletion of aliases: you can only modify them to a status of
+ * "deleted" (this by the way is a requirement of c2 rating)
+ */
+
+struct aliasdb_ops
+{
+ /*
+ * Alias database ops.
+ */
+ void *(*startaliasent)(BOOL);
+ void (*endaliasent)(void *);
+ SMB_BIG_UINT (*getaliaspos)(void *);
+ BOOL (*setaliaspos)(void *, SMB_BIG_UINT);
+
+ /*
+ * alias database query functions.
+ */
+ LOCAL_GRP *(*getaliasntnam)(const char *, LOCAL_GRP_MEMBER **, int *);
+ LOCAL_GRP *(*getaliasgid)(gid_t , LOCAL_GRP_MEMBER **, int *);
+ LOCAL_GRP *(*getaliasrid)(uint32, LOCAL_GRP_MEMBER **, int *);
+ LOCAL_GRP *(*getaliasent)(void *, LOCAL_GRP_MEMBER **, int *);
+
+ /*
+ * alias database modification functions.
+ */
+ BOOL (*add_alias_entry)(LOCAL_GRP *);
+ BOOL (*mod_alias_entry)(LOCAL_GRP *);
+ BOOL (*del_alias_entry)(uint32);
+
+ BOOL (*add_alias_member)(uint32, DOM_SID*);
+ BOOL (*del_alias_member)(uint32, DOM_SID*);
+
+ /*
+ * user alias functions
+ */
+ BOOL (*getuseraliasntnam)(const char *, LOCAL_GRP **, int *);
};
/* this is used for smbstatus */
/* security levels */
enum security_types {SEC_SHARE,SEC_USER,SEC_SERVER,SEC_DOMAIN};
+/* server roles */
+enum server_types
+{
+ ROLE_DOMAIN_NONE,
+ ROLE_DOMAIN_MEMBER,
+ ROLE_DOMAIN_BDC,
+ ROLE_DOMAIN_PDC
+};
+
/* printing types */
enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX,
PRINT_QNX,PRINT_PLP,PRINT_LPRNG,PRINT_SOFTQ};
/* this is how errors are generated */
#define UNIXERROR(defclass,deferror) unix_error_packet(inbuf,outbuf,defclass,deferror,__LINE__)
-#define ROUNDUP(x,g) (((x)+((g)-1))&~((g)-1))
+#define SMB_ROUNDUP(x,g) (((x)+((g)-1))&~((g)-1))
/*
* Global value meaing that the smb_uid field should be
#define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x))
/* zero a structure given a pointer to the structure */
-#define ZERO_STRUCTP(x) memset((char *)(x), 0, sizeof(*(x)))
+#define ZERO_STRUCTP(x) { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); }
/* zero an array - note that sizeof(array) must work - ie. it must not be a
pointer */
#define NEW_PW_FORMAT_SPACE_PADDED_LEN 14
+/*
+ Do you want session setups at user level security with a invalid
+ password to be rejected or allowed in as guest? WinNT rejects them
+ but it can be a pain as it means "net view" needs to use a password
+
+ You have 3 choices in the setting of map_to_guest:
+
+ "NEVER_MAP_TO_GUEST" means session setups with an invalid password
+ are rejected. This is the default.
+
+ "MAP_TO_GUEST_ON_BAD_USER" means session setups with an invalid password
+ are rejected, unless the username does not exist, in which case it
+ is treated as a guest login
+
+ "MAP_TO_GUEST_ON_BAD_PASSWORD" means session setups with an invalid password
+ are treated as a guest login
+
+ Note that map_to_guest only has an effect in user or server
+ level security.
+*/
+
+#define NEVER_MAP_TO_GUEST 0
+#define MAP_TO_GUEST_ON_BAD_USER 1
+#define MAP_TO_GUEST_ON_BAD_PASSWORD 2
+
+/* associate bit field or enumeration field with a string */
+struct field_info
+{
+ uint32 bits;
+ char *str;
+};
+
#endif /* _SMB_H */
/* _SMB_H */