source/include/ads.h

   1 /*
   2   header for ads (active directory) library routines
   3
   4   basically this is a wrapper around ldap
   5 */
   6
   7 typedef struct {
   8         void *ld; /* the active ldap structure */
   9         struct in_addr ldap_ip; /* the ip of the active connection, if any */
  10         time_t last_attempt; /* last attempt to reconnect */
  11         int ldap_port;
  12
  13         /* info needed to find the server */
  14         struct {
  15                 char *realm;
  16                 char *workgroup;
  17                 char *ldap_server;
  18                 char *ldap_uri;
  19                 int foreign; /* set to 1 if connecting to a foreign realm */
  20         } server;
  21
  22         /* info needed to authenticate */
  23         struct {
  24                 char *realm;
  25                 char *password;
  26                 char *user_name;
  27                 char *kdc_server;
  28                 unsigned flags;
  29                 int time_offset;
  30         } auth;
  31
  32         /* info derived from the servers config */
  33         struct {
  34                 char *realm;
  35                 char *bind_path;
  36                 char *ldap_server_name;
  37                 time_t current_time;
  38         } config;
  39 } ADS_STRUCT;
  40
  41 typedef struct {
  42         char *printerName;
  43         char *serverName;
  44         char *shortServerName;
  45         char *versionNumber;
  46         char *uNCName;
  47         char **description;
  48         char *assetNumber;
  49         char *bytesPerMinute;
  50         char *defaultPriority;
  51         char *driverName;
  52         char *driverVersion;
  53         char *location;
  54         char *operatingSystem;
  55         char *operatingSystemHotfix;
  56         char *operatingSystemServicePack;
  57         char *operatingSystemVersion;
  58         char *physicalLocationObject;
  59         char **portName;
  60         char *printAttributes;
  61         char **printBinNames;
  62         char *printCollate;
  63         char *printColor;
  64         char *printDuplexSupported;
  65         char *printEndTime;
  66         char *printFOrmName;
  67         char *printKeepPrintedJobs;
  68         char **printLanguage;
  69         char *printMACAddress;
  70         char *printMaxCopies;
  71         char *printMaxResolutionSupported;
  72         char *printMaxXExtent;
  73         char *printMaxYExtent;
  74         char **printMediaReady;
  75         char **printMediaSupported;
  76         char *printMemory;
  77         char *printMinXExtent;
  78         char *printMinYExtent;
  79         char *printNetworkAddress;
  80         char *printNotify;
  81         char *printNumberUp;
  82         char **printOrientationsSupported;
  83         char *printOwner;
  84         char *printPagesPerMinute;
  85         char *printRate;
  86         char *printRateUnit;
  87         char *printSeparatorFile;
  88         char **printShareName;
  89         char *printSpooling;
  90         char *printStaplingSupported;
  91         char *printStartTime;
  92         char *printStatus;
  93         char *priority;
  94 } ADS_PRINTER_ENTRY;
  95
  96 /* there are 4 possible types of errors the ads subsystem can produce */
  97 enum ads_error_type {ADS_ERROR_KRB5, ADS_ERROR_GSS,
  98                      ADS_ERROR_LDAP, ADS_ERROR_SYSTEM, ADS_ERROR_NT};
  99
 100 typedef struct {
 101         enum ads_error_type error_type;
 102         union err_state{
 103                 int rc;
 104                 NTSTATUS nt_status;
 105         } err;
 106         /* For error_type = ADS_ERROR_GSS minor_status describe GSS API error */
 107         /* Where rc represents major_status of GSS API error */
 108         int minor_status;
 109 } ADS_STATUS;
 110
 111 #ifdef HAVE_ADS
 112 typedef LDAPMod **ADS_MODLIST;
 113 #else
 114 typedef void **ADS_MODLIST;
 115 #endif
 116
 117 /* macros to simplify error returning */
 118 #define ADS_ERROR(rc) ADS_ERROR_LDAP(rc)
 119 #define ADS_ERROR_LDAP(rc) ads_build_error(ADS_ERROR_LDAP, rc, 0)
 120 #define ADS_ERROR_SYSTEM(rc) ads_build_error(ADS_ERROR_SYSTEM, rc?rc:EINVAL, 0)
 121 #define ADS_ERROR_KRB5(rc) ads_build_error(ADS_ERROR_KRB5, rc, 0)
 122 #define ADS_ERROR_GSS(rc, minor) ads_build_error(ADS_ERROR_GSS, rc, minor)
 123 #define ADS_ERROR_NT(rc) ads_build_nt_error(ADS_ERROR_NT,rc)
 124
 125 #define ADS_ERR_OK(status) ((status.error_type == ADS_ERROR_NT) ? NT_STATUS_IS_OK(status.err.nt_status):(status.err.rc == 0))
 126 #define ADS_SUCCESS ADS_ERROR(0)
 127
 128 /* time between reconnect attempts */
 129 #define ADS_RECONNECT_TIME 5
 130
 131 /* timeout on searches */
 132 #define ADS_SEARCH_TIMEOUT 10
 133
 134 /* ldap control oids */
 135 #define ADS_PAGE_CTL_OID "1.2.840.113556.1.4.319"
 136 #define ADS_NO_REFERRALS_OID "1.2.840.113556.1.4.1339"
 137 #define ADS_SERVER_SORT_OID "1.2.840.113556.1.4.473"
 138 #define ADS_PERMIT_MODIFY_OID "1.2.840.113556.1.4.1413"
 139
 140 /* UserFlags for userAccountControl */
 141 #define UF_SCRIPT                               0x00000001
 142 #define UF_ACCOUNTDISABLE                       0x00000002
 143 #define UF_UNUSED_1                             0x00000004
 144 #define UF_HOMEDIR_REQUIRED                     0x00000008
 145
 146 #define UF_LOCKOUT                              0x00000010
 147 #define UF_PASSWD_NOTREQD                       0x00000020
 148 #define UF_PASSWD_CANT_CHANGE                   0x00000040
 149 #define UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED      0x00000080
 150
 151 #define UF_TEMP_DUPLICATE_ACCOUNT               0x00000100
 152 #define UF_NORMAL_ACCOUNT                       0x00000200
 153 #define UF_UNUSED_2                             0x00000400
 154 #define UF_INTERDOMAIN_TRUST_ACCOUNT            0x00000800
 155
 156 #define UF_WORKSTATION_TRUST_ACCOUNT            0x00001000
 157 #define UF_SERVER_TRUST_ACCOUNT                 0x00002000
 158 #define UF_UNUSED_3                             0x00004000
 159 #define UF_UNUSED_4                             0x00008000
 160
 161 #define UF_DONT_EXPIRE_PASSWD                   0x00010000
 162 #define UF_MNS_LOGON_ACCOUNT                    0x00020000
 163 #define UF_SMARTCARD_REQUIRED                   0x00040000
 164 #define UF_TRUSTED_FOR_DELEGATION               0x00080000
 165
 166 #define UF_NOT_DELEGATED                        0x00100000
 167 #define UF_USE_DES_KEY_ONLY                     0x00200000
 168 #define UF_DONT_REQUIRE_PREAUTH                 0x00400000
 169 #define UF_UNUSED_5                             0x00800000
 170
 171 #define UF_UNUSED_6                             0x01000000
 172 #define UF_UNUSED_7                             0x02000000
 173 #define UF_UNUSED_8                             0x04000000
 174 #define UF_UNUSED_9                             0x08000000
 175
 176 #define UF_UNUSED_10                            0x10000000
 177 #define UF_UNUSED_11                            0x20000000
 178 #define UF_UNUSED_12                            0x40000000
 179 #define UF_UNUSED_13                            0x80000000
 180
 181 #define UF_MACHINE_ACCOUNT_MASK (\
 182                 UF_INTERDOMAIN_TRUST_ACCOUNT |\
 183                 UF_WORKSTATION_TRUST_ACCOUNT |\
 184                 UF_SERVER_TRUST_ACCOUNT \
 185                 )
 186
 187 #define UF_ACCOUNT_TYPE_MASK (\
 188                 UF_TEMP_DUPLICATE_ACCOUNT |\
 189                 UF_NORMAL_ACCOUNT |\
 190                 UF_INTERDOMAIN_TRUST_ACCOUNT |\
 191                 UF_WORKSTATION_TRUST_ACCOUNT |\
 192                 UF_SERVER_TRUST_ACCOUNT \
 193                 )
 194
 195 #define UF_SETTABLE_BITS (\
 196                 UF_SCRIPT |\
 197                 UF_ACCOUNTDISABLE |\
 198                 UF_HOMEDIR_REQUIRED  |\
 199                 UF_LOCKOUT |\
 200                 UF_PASSWD_NOTREQD |\
 201                 UF_PASSWD_CANT_CHANGE |\
 202                 UF_ACCOUNT_TYPE_MASK | \
 203                 UF_DONT_EXPIRE_PASSWD | \
 204                 UF_MNS_LOGON_ACCOUNT |\
 205                 UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED |\
 206                 UF_SMARTCARD_REQUIRED |\
 207                 UF_TRUSTED_FOR_DELEGATION |\
 208                 UF_NOT_DELEGATED |\
 209                 UF_USE_DES_KEY_ONLY  |\
 210                 UF_DONT_REQUIRE_PREAUTH \
 211                 )
 212
 213 /* sAMAccountType */
 214 #define ATYPE_NORMAL_ACCOUNT                    0x30000000 /* 805306368 */
 215 #define ATYPE_WORKSTATION_TRUST                 0x30000001 /* 805306369 */
 216 #define ATYPE_INTERDOMAIN_TRUST                 0x30000002 /* 805306370 */
 217 #define ATYPE_SECURITY_GLOBAL_GROUP             0x10000000 /* 268435456 */
 218 #define ATYPE_DISTRIBUTION_GLOBAL_GROUP         0x10000001 /* 268435457 */
 219 #define ATYPE_DISTRIBUTION_UNIVERSAL_GROUP      ATYPE_DISTRIBUTION_GLOBAL_GROUP
 220 #define ATYPE_SECURITY_LOCAL_GROUP              0x20000000 /* 536870912 */
 221 #define ATYPE_DISTRIBUTION_LOCAL_GROUP          0x20000001 /* 536870913 */
 222
 223 #define ATYPE_ACCOUNT           ATYPE_NORMAL_ACCOUNT            /* 0x30000000 805306368 */
 224 #define ATYPE_GLOBAL_GROUP      ATYPE_SECURITY_GLOBAL_GROUP     /* 0x10000000 268435456 */
 225 #define ATYPE_LOCAL_GROUP       ATYPE_SECURITY_LOCAL_GROUP      /* 0x20000000 536870912 */
 226
 227 /* groupType */
 228 #define GTYPE_SECURITY_BUILTIN_LOCAL_GROUP      0x80000005      /* -2147483643 */
 229 #define GTYPE_SECURITY_DOMAIN_LOCAL_GROUP       0x80000004      /* -2147483644 */
 230 #define GTYPE_SECURITY_GLOBAL_GROUP             0x80000002      /* -2147483646 */
 231 #define GTYPE_DISTRIBUTION_GLOBAL_GROUP         0x00000002      /* 2 */
 232 #define GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP   0x00000004      /* 4 */
 233 #define GTYPE_DISTRIBUTION_UNIVERSAL_GROUP      0x00000008      /* 8 */
 234
 235 /* Mailslot or cldap getdcname response flags */
 236 #define ADS_PDC            0x00000001  /* DC is PDC */
 237 #define ADS_GC             0x00000004  /* DC is a GC of forest */
 238 #define ADS_LDAP           0x00000008  /* DC is an LDAP server */
 239 #define ADS_DS             0x00000010  /* DC supports DS */
 240 #define ADS_KDC            0x00000020  /* DC is running KDC */
 241 #define ADS_TIMESERV       0x00000040  /* DC is running time services */
 242 #define ADS_CLOSEST        0x00000080  /* DC is closest to client */
 243 #define ADS_WRITABLE       0x00000100  /* DC has writable DS */
 244 #define ADS_GOOD_TIMESERV  0x00000200  /* DC has hardware clock
 245                                          (and running time) */
 246 #define ADS_NDNC           0x00000400  /* DomainName is non-domain NC serviced
 247                                          by LDAP server */
 248 #define ADS_PINGS          0x0000FFFF  /* Ping response */
 249 #define ADS_DNS_CONTROLLER 0x20000000  /* DomainControllerName is a DNS name*/
 250 #define ADS_DNS_DOMAIN     0x40000000  /* DomainName is a DNS name */
 251 #define ADS_DNS_FOREST     0x80000000  /* DnsForestName is a DNS name */
 252
 253 /* DomainCntrollerAddressType */
 254 #define ADS_INET_ADDRESS      0x00000001
 255 #define ADS_NETBIOS_ADDRESS   0x00000002
 256
 257
 258 /* ads auth control flags */
 259 #define ADS_AUTH_DISABLE_KERBEROS 0x01
 260 #define ADS_AUTH_NO_BIND          0x02
 261 #define ADS_AUTH_ANON_BIND        0x04
 262 #define ADS_AUTH_SIMPLE_BIND      0x08