source/include/ads.h

   1 /*
   2   header for ads (active directory) library routines
   3
   4   basically this is a wrapper around ldap
   5 */
   6
   7 typedef struct {
   8         void *ld; /* the active ldap structure */
   9         struct in_addr ldap_ip; /* the ip of the active connection, if any */
  10         time_t last_attempt; /* last attempt to reconnect */
  11         int ldap_port;
  12
  13         /* info needed to find the server */
  14         struct {
  15                 char *realm;
  16                 char *workgroup;
  17                 char *ldap_server;
  18                 int foreign; /* set to 1 if connecting to a foreign realm */
  19         } server;
  20
  21         /* info needed to authenticate */
  22         struct {
  23                 char *realm;
  24                 char *password;
  25                 char *user_name;
  26                 char *kdc_server;
  27                 unsigned flags;
  28                 int time_offset;
  29         } auth;
  30
  31         /* info derived from the servers config */
  32         struct {
  33                 char *realm;
  34                 char *bind_path;
  35                 char *ldap_server_name;
  36                 time_t current_time;
  37         } config;
  38 } ADS_STRUCT;
  39
  40 typedef struct {
  41         char *printerName;
  42         char *serverName;
  43         char *shortServerName;
  44         char *versionNumber;
  45         char *uNCName;
  46         char **description;
  47         char *assetNumber;
  48         char *bytesPerMinute;
  49         char *defaultPriority;
  50         char *driverName;
  51         char *driverVersion;
  52         char *location;
  53         char *operatingSystem;
  54         char *operatingSystemHotfix;
  55         char *operatingSystemServicePack;
  56         char *operatingSystemVersion;
  57         char *physicalLocationObject;
  58         char **portName;
  59         char *printAttributes;
  60         char **printBinNames;
  61         char *printCollate;
  62         char *printColor;
  63         char *printDuplexSupported;
  64         char *printEndTime;
  65         char *printFOrmName;
  66         char *printKeepPrintedJobs;
  67         char **printLanguage;
  68         char *printMACAddress;
  69         char *printMaxCopies;
  70         char *printMaxResolutionSupported;
  71         char *printMaxXExtent;
  72         char *printMaxYExtent;
  73         char **printMediaReady;
  74         char **printMediaSupported;
  75         char *printMemory;
  76         char *printMinXExtent;
  77         char *printMinYExtent;
  78         char *printNetworkAddress;
  79         char *printNotify;
  80         char *printNumberUp;
  81         char **printOrientationsSupported;
  82         char *printOwner;
  83         char *printPagesPerMinute;
  84         char *printRate;
  85         char *printRateUnit;
  86         char *printSeparatorFile;
  87         char **printShareName;
  88         char *printSpooling;
  89         char *printStaplingSupported;
  90         char *printStartTime;
  91         char *printStatus;
  92         char *priority;
  93 } ADS_PRINTER_ENTRY;
  94
  95 /* there are 4 possible types of errors the ads subsystem can produce */
  96 enum ads_error_type {ADS_ERROR_KRB5, ADS_ERROR_GSS,
  97                      ADS_ERROR_LDAP, ADS_ERROR_SYSTEM, ADS_ERROR_NT};
  98
  99 typedef struct {
 100         enum ads_error_type error_type;
 101         union err_state{
 102                 int rc;
 103                 NTSTATUS nt_status;
 104         } err;
 105         /* For error_type = ADS_ERROR_GSS minor_status describe GSS API error */
 106         /* Where rc represents major_status of GSS API error */
 107         int minor_status;
 108 } ADS_STATUS;
 109
 110 #ifdef HAVE_ADS
 111 typedef LDAPMod **ADS_MODLIST;
 112 #else
 113 typedef void **ADS_MODLIST;
 114 #endif
 115
 116 /* macros to simplify error returning */
 117 #define ADS_ERROR(rc) ADS_ERROR_LDAP(rc)
 118 #define ADS_ERROR_LDAP(rc) ads_build_error(ADS_ERROR_LDAP, rc, 0)
 119 #define ADS_ERROR_SYSTEM(rc) ads_build_error(ADS_ERROR_SYSTEM, rc?rc:EINVAL, 0)
 120 #define ADS_ERROR_KRB5(rc) ads_build_error(ADS_ERROR_KRB5, rc, 0)
 121 #define ADS_ERROR_GSS(rc, minor) ads_build_error(ADS_ERROR_GSS, rc, minor)
 122 #define ADS_ERROR_NT(rc) ads_build_nt_error(ADS_ERROR_NT,rc)
 123
 124 #define ADS_ERR_OK(status) ((status.error_type == ADS_ERROR_NT) ? NT_STATUS_IS_OK(status.err.nt_status):(status.err.rc == 0))
 125 #define ADS_SUCCESS ADS_ERROR(0)
 126
 127 /* time between reconnect attempts */
 128 #define ADS_RECONNECT_TIME 5
 129
 130 /* timeout on searches */
 131 #define ADS_SEARCH_TIMEOUT 10
 132
 133 /* ldap control oids */
 134 #define ADS_PAGE_CTL_OID "1.2.840.113556.1.4.319"
 135 #define ADS_NO_REFERRALS_OID "1.2.840.113556.1.4.1339"
 136 #define ADS_SERVER_SORT_OID "1.2.840.113556.1.4.473"
 137 #define ADS_PERMIT_MODIFY_OID "1.2.840.113556.1.4.1413"
 138
 139 /* UserFlags for userAccountControl */
 140 #define UF_SCRIPT                               0x00000001
 141 #define UF_ACCOUNTDISABLE                       0x00000002
 142 #define UF_UNUSED_1                             0x00000004
 143 #define UF_HOMEDIR_REQUIRED                     0x00000008
 144
 145 #define UF_LOCKOUT                              0x00000010
 146 #define UF_PASSWD_NOTREQD                       0x00000020
 147 #define UF_PASSWD_CANT_CHANGE                   0x00000040
 148 #define UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED      0x00000080
 149
 150 #define UF_TEMP_DUPLICATE_ACCOUNT               0x00000100
 151 #define UF_NORMAL_ACCOUNT                       0x00000200
 152 #define UF_UNUSED_2                             0x00000400
 153 #define UF_INTERDOMAIN_TRUST_ACCOUNT            0x00000800
 154
 155 #define UF_WORKSTATION_TRUST_ACCOUNT            0x00001000
 156 #define UF_SERVER_TRUST_ACCOUNT                 0x00002000
 157 #define UF_UNUSED_3                             0x00004000
 158 #define UF_UNUSED_4                             0x00008000
 159
 160 #define UF_DONT_EXPIRE_PASSWD                   0x00010000
 161 #define UF_MNS_LOGON_ACCOUNT                    0x00020000
 162 #define UF_SMARTCARD_REQUIRED                   0x00040000
 163 #define UF_TRUSTED_FOR_DELEGATION               0x00080000
 164
 165 #define UF_NOT_DELEGATED                        0x00100000
 166 #define UF_USE_DES_KEY_ONLY                     0x00200000
 167 #define UF_DONT_REQUIRE_PREAUTH                 0x00400000
 168 #define UF_UNUSED_5                             0x00800000
 169
 170 #define UF_UNUSED_6                             0x01000000
 171 #define UF_UNUSED_7                             0x02000000
 172 #define UF_UNUSED_8                             0x04000000
 173 #define UF_UNUSED_9                             0x08000000
 174
 175 #define UF_UNUSED_10                            0x10000000
 176 #define UF_UNUSED_11                            0x20000000
 177 #define UF_UNUSED_12                            0x40000000
 178 #define UF_UNUSED_13                            0x80000000
 179
 180 #define UF_MACHINE_ACCOUNT_MASK (\
 181                 UF_INTERDOMAIN_TRUST_ACCOUNT |\
 182                 UF_WORKSTATION_TRUST_ACCOUNT |\
 183                 UF_SERVER_TRUST_ACCOUNT \
 184                 )
 185
 186 #define UF_ACCOUNT_TYPE_MASK (\
 187                 UF_TEMP_DUPLICATE_ACCOUNT |\
 188                 UF_NORMAL_ACCOUNT |\
 189                 UF_INTERDOMAIN_TRUST_ACCOUNT |\
 190                 UF_WORKSTATION_TRUST_ACCOUNT |\
 191                 UF_SERVER_TRUST_ACCOUNT \
 192                 )
 193
 194 #define UF_SETTABLE_BITS (\
 195                 UF_SCRIPT |\
 196                 UF_ACCOUNTDISABLE |\
 197                 UF_HOMEDIR_REQUIRED  |\
 198                 UF_LOCKOUT |\
 199                 UF_PASSWD_NOTREQD |\
 200                 UF_PASSWD_CANT_CHANGE |\
 201                 UF_ACCOUNT_TYPE_MASK | \
 202                 UF_DONT_EXPIRE_PASSWD | \
 203                 UF_MNS_LOGON_ACCOUNT |\
 204                 UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED |\
 205                 UF_SMARTCARD_REQUIRED |\
 206                 UF_TRUSTED_FOR_DELEGATION |\
 207                 UF_NOT_DELEGATED |\
 208                 UF_USE_DES_KEY_ONLY  |\
 209                 UF_DONT_REQUIRE_PREAUTH \
 210                 )
 211
 212 /* sAMAccountType */
 213 #define ATYPE_NORMAL_ACCOUNT                    0x30000000 /* 805306368 */
 214 #define ATYPE_WORKSTATION_TRUST                 0x30000001 /* 805306369 */
 215 #define ATYPE_INTERDOMAIN_TRUST                 0x30000002 /* 805306370 */
 216 #define ATYPE_SECURITY_GLOBAL_GROUP             0x10000000 /* 268435456 */
 217 #define ATYPE_DISTRIBUTION_GLOBAL_GROUP         0x10000001 /* 268435457 */
 218 #define ATYPE_DISTRIBUTION_UNIVERSAL_GROUP      ATYPE_DISTRIBUTION_GLOBAL_GROUP
 219 #define ATYPE_SECURITY_LOCAL_GROUP              0x20000000 /* 536870912 */
 220 #define ATYPE_DISTRIBUTION_LOCAL_GROUP          0x20000001 /* 536870913 */
 221
 222 #define ATYPE_ACCOUNT           ATYPE_NORMAL_ACCOUNT            /* 0x30000000 805306368 */
 223 #define ATYPE_GLOBAL_GROUP      ATYPE_SECURITY_GLOBAL_GROUP     /* 0x10000000 268435456 */
 224 #define ATYPE_LOCAL_GROUP       ATYPE_SECURITY_LOCAL_GROUP      /* 0x20000000 536870912 */
 225
 226 /* groupType */
 227 #define GTYPE_SECURITY_BUILTIN_LOCAL_GROUP      0x80000005      /* -2147483643 */
 228 #define GTYPE_SECURITY_DOMAIN_LOCAL_GROUP       0x80000004      /* -2147483644 */
 229 #define GTYPE_SECURITY_GLOBAL_GROUP             0x80000002      /* -2147483646 */
 230 #define GTYPE_DISTRIBUTION_GLOBAL_GROUP         0x00000002      /* 2 */
 231 #define GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP   0x00000004      /* 4 */
 232 #define GTYPE_DISTRIBUTION_UNIVERSAL_GROUP      0x00000008      /* 8 */
 233
 234 /* Mailslot or cldap getdcname response flags */
 235 #define ADS_PDC            0x00000001  /* DC is PDC */
 236 #define ADS_GC             0x00000004  /* DC is a GC of forest */
 237 #define ADS_LDAP           0x00000008  /* DC is an LDAP server */
 238 #define ADS_DS             0x00000010  /* DC supports DS */
 239 #define ADS_KDC            0x00000020  /* DC is running KDC */
 240 #define ADS_TIMESERV       0x00000040  /* DC is running time services */
 241 #define ADS_CLOSEST        0x00000080  /* DC is closest to client */
 242 #define ADS_WRITABLE       0x00000100  /* DC has writable DS */
 243 #define ADS_GOOD_TIMESERV  0x00000200  /* DC has hardware clock
 244                                          (and running time) */
 245 #define ADS_NDNC           0x00000400  /* DomainName is non-domain NC serviced
 246                                          by LDAP server */
 247 #define ADS_PINGS          0x0000FFFF  /* Ping response */
 248 #define ADS_DNS_CONTROLLER 0x20000000  /* DomainControllerName is a DNS name*/
 249 #define ADS_DNS_DOMAIN     0x40000000  /* DomainName is a DNS name */
 250 #define ADS_DNS_FOREST     0x80000000  /* DnsForestName is a DNS name */
 251
 252 /* DomainCntrollerAddressType */
 253 #define ADS_INET_ADDRESS      0x00000001
 254 #define ADS_NETBIOS_ADDRESS   0x00000002
 255
 256
 257 /* ads auth control flags */
 258 #define ADS_AUTH_DISABLE_KERBEROS 1
 259 #define ADS_AUTH_NO_BIND 2