/*
Unix SMB/Netbios implementation.
- Version 1.9.
- SMB parameters and setup
+ SMB parameters and setup, plus a whole lot more.
+
Copyright (C) Andrew Tridgell 1992-2000
Copyright (C) John H Terpstra 1996-2000
Copyright (C) Luke Kenneth Casson Leighton 1996-2000
Copyright (C) Paul Ashton 1998-2000
+ Copyright (C) Martin Pool 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#include "doserr.h"
+
+
#ifndef _PSTRING
#define PSTRING_LEN 1024
#define FSTRING_LEN 256
+#ifdef PSTRING_SANCTIFY
+
+/* If you define this, pstring and fstring become distinguished types,
+ * so that it's harder to accidentally overflow them by for example
+ * passing an fstring on the lhs of pstrcpy.
+ *
+ * The types are defined as one-element union arrays so that with
+ * "fstring f" the name "f" will be a pointer and with a big hammer
+ * you can cast it to (char *). So code that tries to just use it
+ * directly will get a loud warning, but hopefully nothing worse.
+ *
+ * To pass them to non-pstring-aware functions, use PSTR and check
+ * that the function takes a const. They should almost never be
+ * modified except by special calls. In those unusual cases, use
+ * PSTR_MUTABLE.
+ *
+ * This is off by default so as not to produce too many warnings. As
+ * the code is vetted it can become the default. */
+
+typedef union { char pstring_contents[PSTRING_LEN]; } pstring[1];
+typedef union { char fstring_contents[FSTRING_LEN]; } fstring[1];
+
+# define PSTR(p) ((const char *) ((p)->pstring_contents))
+# define FSTR(f) ((const char *) ((f)->fstring_contents))
+
+/* You should not normally use these. Instead, use pstrcpy, etc. */
+# define PSTR_MUTABLE(p) ((p)->pstring_contents)
+# define FSTR_MUTABLE(f) ((f)->fstring_contents)
+
+/* See also safe_string.h */
+
+#else /* ndef PSTRING_SANCTIFY */
+
+/* Old interface. */
+
typedef char pstring[PSTRING_LEN];
typedef char fstring[FSTRING_LEN];
+#define PSTR(p) (p)
+#define FSTR(f) (f)
+#define PSTR_MUTABLE(p) (p)
+#define FSTR_MUTABLE(f) (f)
+
+#endif /* ndef PSTRING_SANCTIFY */
+
#define _PSTRING
-#endif
+#endif /* ndef _PSTRING */
+
+
/*
* SMB UCS2 (16-bit unicode) internal type.
#endif
#ifndef _DOM_SID
-/* DOM_SID - security id */
+/**
+ * @brief Security Identifier
+ *
+ * @sa http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/accctrl_38yn.asp
+ **/
typedef struct sid_info
{
- uint8 sid_rev_num; /* SID revision number */
- uint8 num_auths; /* number of sub-authorities */
- uint8 id_auth[6]; /* Identifier Authority */
+ uint8 sid_rev_num; /**< SID revision number */
+ uint8 num_auths; /**< Number of sub-authorities */
+ uint8 id_auth[6]; /**< Identifier Authority */
/*
- * Note that the values in these uint32's are in *native* byteorder,
- * not neccessarily little-endian...... JRA.
+ * Pointer to sub-authorities.
+ *
+ * @note The values in these uint32's are in *native* byteorder, not
+ * neccessarily little-endian...... JRA.
*/
- uint32 sub_auths[MAXSUBAUTHS]; /* pointer to sub-authorities. */
+ uint32 sub_auths[MAXSUBAUTHS];
} DOM_SID;
#define _DOM_SID
*
* token->user_sids[0] = primary user SID.
* token->user_sids[1] = primary group SID.
- * token->user_sids[2-num_sids] = supplementary group SIDS.
+ * token->user_sids[2..num_sids] = supplementary group SIDS.
*/
#define PRIMARY_USER_SID_INDEX 0
char *fsp_name;
} files_struct;
+/* used to hold an arbitrary blob of data */
+typedef struct data_blob {
+ uint8 *data;
+ size_t length;
+ void (*free)(struct data_blob *data_blob);
+} DATA_BLOB;
+
/*
* Structure used to keep directory state information around.
* Used in NT change-notify code.
#define SHAREMODE_FN(fn) \
void (*fn)(share_mode_entry *, char*)
+#define NT_HASH_LEN 16
+#define LM_HASH_LEN 16
+
+/*
+ * bit flags representing initialized fields in SAM_ACCOUNT
+ */
+#define FLAG_SAM_UNINIT 0x00000000
+#define FLAG_SAM_UID 0x00000001
+#define FLAG_SAM_GID 0x00000002
+#define FLAG_SAM_SMBHOME 0x00000004
+#define FLAG_SAM_PROFILE 0x00000008
+#define FLAG_SAM_LOGONSCRIPT 0x00000010
+#define FLAG_SAM_DRIVE 0x00000020
+
+#define IS_SAM_UNIX_USER(x) \
+ ((pdb_get_init_flag(x) & FLAG_SAM_UID) \
+ && (pdb_get_init_flag(x) & FLAG_SAM_GID))
+
+#define IS_SAM_SET(x, flag) ((x)->private.init_flag & (flag))
+
typedef struct sam_passwd
{
- time_t logon_time; /* logon time */
- time_t logoff_time; /* logoff time */
- time_t kickoff_time; /* kickoff time */
- time_t pass_last_set_time; /* password last set time */
- time_t pass_can_change_time; /* password can change time */
- time_t pass_must_change_time; /* password must change time */
-
- pstring username; /* UNIX username string */
- pstring domain; /* Windows Domain name */
- pstring nt_username; /* Windows username string */
- pstring full_name; /* user's full name string */
- pstring home_dir; /* home directory string */
- pstring dir_drive; /* home directory drive string */
- pstring logon_script; /* logon script string */
- pstring profile_path; /* profile path string */
- pstring acct_desc ; /* user description string */
- pstring workstations; /* login from workstations string */
- pstring unknown_str ; /* don't know what this is, yet. */
- pstring munged_dial ; /* munged path name and dial-back tel number */
-
- uid_t *uid; /* this is a pointer to the unix uid_t */
- gid_t *gid; /* this is a pointer to the unix gid_t */
- uint32 user_rid; /* Primary User ID */
- uint32 group_rid; /* Primary Group ID */
-
- unsigned char *lm_pw; /* Null if no password */
- unsigned char *nt_pw; /* Null if no password */
-
- uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
- uint32 unknown_3; /* 0x00ff ffff */
-
- uint16 logon_divs; /* 168 - number of hours in a week */
- uint32 hours_len; /* normally 21 bytes */
- uint8 hours[MAX_HOURS_LEN];
-
- uint32 unknown_5; /* 0x0002 0000 */
- uint32 unknown_6; /* 0x0000 04ec */
+ TALLOC_CTX *mem_ctx;
+
+ void (*free_fn)(struct sam_passwd **);
+
+ struct user_data {
+ /* initiailization flags */
+ uint32 init_flag;
+
+ time_t logon_time; /* logon time */
+ time_t logoff_time; /* logoff time */
+ time_t kickoff_time; /* kickoff time */
+ time_t pass_last_set_time; /* password last set time */
+ time_t pass_can_change_time; /* password can change time */
+ time_t pass_must_change_time; /* password must change time */
+
+ char * username; /* UNIX username string */
+ char * domain; /* Windows Domain name */
+ char * nt_username; /* Windows username string */
+ char * full_name; /* user's full name string */
+ char * home_dir; /* home directory string */
+ char * dir_drive; /* home directory drive string */
+ char * logon_script; /* logon script string */
+ char * profile_path; /* profile path string */
+ char * acct_desc ; /* user description string */
+ char * workstations; /* login from workstations string */
+ char * unknown_str ; /* don't know what this is, yet. */
+ char * munged_dial ; /* munged path name and dial-back tel number */
+
+ uid_t uid; /* this is a unix uid_t */
+ gid_t gid; /* this is a unix gid_t */
+ uint32 user_rid; /* Primary User ID */
+ uint32 group_rid; /* Primary Group ID */
+
+ DATA_BLOB lm_pw; /* .data is Null if no password */
+ DATA_BLOB nt_pw; /* .data is Null if no password */
+
+ uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
+ uint32 unknown_3; /* 0x00ff ffff */
+
+ uint16 logon_divs; /* 168 - number of hours in a week */
+ uint32 hours_len; /* normally 21 bytes */
+ uint8 hours[MAX_HOURS_LEN];
+
+ uint32 unknown_5; /* 0x0002 0000 */
+ uint32 unknown_6; /* 0x0000 04ec */
+ } private;
+ /* Lets see if the remaining code can get the hint that you
+ are meant to use the pdb_...() functions. */
} SAM_ACCOUNT;
+/*
+ * Flags for account policy.
+ */
+#define AP_MIN_PASSWORD_LEN 1
+#define AP_PASSWORD_HISTORY 2
+#define AP_USER_MUST_LOGON_TO_CHG_PASS 3
+#define AP_MAX_PASSWORD_AGE 4
+#define AP_MIN_PASSWORD_AGE 5
+#define AP_LOCK_ACCOUNT_DURATION 6
+#define AP_RESET_COUNT_TIME 7
+#define AP_BAD_ATTEMPT_LOCKOUT 8
+#define AP_TIME_TO_LOGOUT 9
+
+
/*
* Flags for local user manipulation.
*/
#define LOCAL_TRUST_ACCOUNT 0x10
#define LOCAL_SET_NO_PASSWORD 0x20
#define LOCAL_SET_PASSWORD 0x40
+#define LOCAL_SET_LDAP_ADMIN_PW 0x80
+#define LOCAL_INTERDOM_ACCOUNT 0x100
/* key and data in the connections database - used in smbstatus and smbd */
struct connections_key {
/* Generic access masks & rights. */
#define SPECIFIC_RIGHTS_MASK 0x00FFFFL
#define STANDARD_RIGHTS_MASK 0xFF0000L
-#define DELETE_ACCESS (1L<<16)
-#define READ_CONTROL_ACCESS (1L<<17)
-#define WRITE_DAC_ACCESS (1L<<18)
-#define WRITE_OWNER_ACCESS (1L<<19)
-#define SYNCHRONIZE_ACCESS (1L<<20)
+#define DELETE_ACCESS (1L<<16) /* 0x00010000 */
+#define READ_CONTROL_ACCESS (1L<<17) /* 0x00020000 */
+#define WRITE_DAC_ACCESS (1L<<18) /* 0x00040000 */
+#define WRITE_OWNER_ACCESS (1L<<19) /* 0x00080000 */
+#define SYNCHRONIZE_ACCESS (1L<<20) /* 0x00100000 */
/* Combinations of standard masks. */
#define STANDARD_RIGHTS_ALL_ACCESS (DELETE_ACCESS|READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|SYNCHRONIZE_ACCESS)
#define STANDARD_RIGHTS_REQUIRED_ACCESS (DELETE_ACCESS|READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS)
#define STANDARD_RIGHTS_WRITE_ACCESS (READ_CONTROL_ACCESS)
-#define SYSTEM_SECURITY_ACCESS (1L<<24)
-#define MAXIMUM_ALLOWED_ACCESS (1L<<25)
-#define GENERIC_ALL_ACCESS (1<<28)
-#define GENERIC_EXECUTE_ACCESS (1<<29)
-#define GENERIC_WRITE_ACCESS (1<<30)
-#define GENERIC_READ_ACCESS (((unsigned)1)<<31)
+#define SYSTEM_SECURITY_ACCESS (1L<<24) /* 0x01000000 */
+#define MAXIMUM_ALLOWED_ACCESS (1L<<25) /* 0x02000000 */
+#define GENERIC_ALL_ACCESS (1<<28) /* 0x10000000 */
+#define GENERIC_EXECUTE_ACCESS (1<<29) /* 0x20000000 */
+#define GENERIC_WRITE_ACCESS (1<<30) /* 0x40000000 */
+#define GENERIC_READ_ACCESS (((unsigned)1)<<31) /* 0x80000000 */
/* Mapping of generic access rights for files to specific rights. */
#define CAP_W2K_SMBS 0x2000
#define CAP_LARGE_READX 0x4000
#define CAP_LARGE_WRITEX 0x8000
+#define CAP_UNIX 0x800000 /* Capabilities for UNIX extensions. Created by HP. */
#define CAP_EXTENDED_SECURITY 0x80000000
/* protocol types. It assumes that higher protocols include lower protocols
enum protocol_types {PROTOCOL_NONE,PROTOCOL_CORE,PROTOCOL_COREPLUS,PROTOCOL_LANMAN1,PROTOCOL_LANMAN2,PROTOCOL_NT1};
/* security levels */
-enum security_types {SEC_SHARE,SEC_USER,SEC_SERVER,SEC_DOMAIN};
+enum security_types {SEC_SHARE,SEC_USER,SEC_SERVER,SEC_DOMAIN,SEC_ADS};
/* server roles */
enum server_types
#endif /* DEVELOPER */
};
+/* LDAP schema types */
+enum schema_types {SCHEMA_COMPAT, SCHEMA_AD, SCHEMA_SAMBA};
+
+/* LDAP SSL options */
+enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF, LDAP_SSL_START_TLS};
+
/* Remote architectures we know about. */
enum remote_arch_types {RA_UNKNOWN, RA_WFWG, RA_OS2, RA_WIN95, RA_WINNT, RA_WIN2K, RA_SAMBA};
int session_id; /* used by utmp and pam session code */
} user_struct;
-/* used to hold an arbitrary blob of data */
-typedef struct {
- uint8 *data;
- size_t length;
-} DATA_BLOB;
-
#include "ntdomain.h"
size_t (*push)(void *cd, char **inbuf, size_t *inbytesleft,
char **outbuf, size_t *outbytesleft);
void *cd_direct, *cd_pull, *cd_push;
+ char *from_name, *to_name;
} *smb_iconv_t;
+/* The maximum length of a trust account password.
+ Used when we randomly create it, 15 char passwords
+ exceed NT4's max password length */
+
+#define DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH 14
+
#endif /* _SMB_H */
git.samba.org / ira / wip.git / blobdiff