2 header for ads (active directory) library routines
4 basically this is a wrapper around ldap
8 void *ld; /* the active ldap structure */
9 struct in_addr ldap_ip; /* the ip of the active connection, if any */
10 time_t last_attempt; /* last attempt to reconnect */
13 /* info needed to find the server */
19 int foreign; /* set to 1 if connecting to a foreign realm */
22 /* info needed to authenticate */
32 /* info derived from the servers config */
36 char *ldap_server_name;
44 char *shortServerName;
50 char *defaultPriority;
54 char *operatingSystem;
55 char *operatingSystemHotfix;
56 char *operatingSystemServicePack;
57 char *operatingSystemVersion;
58 char *physicalLocationObject;
60 char *printAttributes;
64 char *printDuplexSupported;
67 char *printKeepPrintedJobs;
69 char *printMACAddress;
71 char *printMaxResolutionSupported;
72 char *printMaxXExtent;
73 char *printMaxYExtent;
74 char **printMediaReady;
75 char **printMediaSupported;
77 char *printMinXExtent;
78 char *printMinYExtent;
79 char *printNetworkAddress;
82 char **printOrientationsSupported;
84 char *printPagesPerMinute;
87 char *printSeparatorFile;
88 char **printShareName;
90 char *printStaplingSupported;
96 /* there are 4 possible types of errors the ads subsystem can produce */
97 enum ads_error_type {ADS_ERROR_KRB5, ADS_ERROR_GSS,
98 ADS_ERROR_LDAP, ADS_ERROR_SYSTEM, ADS_ERROR_NT};
101 enum ads_error_type error_type;
106 /* For error_type = ADS_ERROR_GSS minor_status describe GSS API error */
107 /* Where rc represents major_status of GSS API error */
112 typedef LDAPMod **ADS_MODLIST;
114 typedef void **ADS_MODLIST;
117 /* macros to simplify error returning */
118 #define ADS_ERROR(rc) ADS_ERROR_LDAP(rc)
119 #define ADS_ERROR_LDAP(rc) ads_build_error(ADS_ERROR_LDAP, rc, 0)
120 #define ADS_ERROR_SYSTEM(rc) ads_build_error(ADS_ERROR_SYSTEM, rc?rc:EINVAL, 0)
121 #define ADS_ERROR_KRB5(rc) ads_build_error(ADS_ERROR_KRB5, rc, 0)
122 #define ADS_ERROR_GSS(rc, minor) ads_build_error(ADS_ERROR_GSS, rc, minor)
123 #define ADS_ERROR_NT(rc) ads_build_nt_error(ADS_ERROR_NT,rc)
125 #define ADS_ERR_OK(status) ((status.error_type == ADS_ERROR_NT) ? NT_STATUS_IS_OK(status.err.nt_status):(status.err.rc == 0))
126 #define ADS_SUCCESS ADS_ERROR(0)
128 /* time between reconnect attempts */
129 #define ADS_RECONNECT_TIME 5
131 /* timeout on searches */
132 #define ADS_SEARCH_TIMEOUT 10
134 /* ldap control oids */
135 #define ADS_PAGE_CTL_OID "1.2.840.113556.1.4.319"
136 #define ADS_NO_REFERRALS_OID "1.2.840.113556.1.4.1339"
137 #define ADS_SERVER_SORT_OID "1.2.840.113556.1.4.473"
138 #define ADS_PERMIT_MODIFY_OID "1.2.840.113556.1.4.1413"
140 /* UserFlags for userAccountControl */
141 #define UF_SCRIPT 0x00000001
142 #define UF_ACCOUNTDISABLE 0x00000002
143 #define UF_UNUSED_1 0x00000004
144 #define UF_HOMEDIR_REQUIRED 0x00000008
146 #define UF_LOCKOUT 0x00000010
147 #define UF_PASSWD_NOTREQD 0x00000020
148 #define UF_PASSWD_CANT_CHANGE 0x00000040
149 #define UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED 0x00000080
151 #define UF_TEMP_DUPLICATE_ACCOUNT 0x00000100
152 #define UF_NORMAL_ACCOUNT 0x00000200
153 #define UF_UNUSED_2 0x00000400
154 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x00000800
156 #define UF_WORKSTATION_TRUST_ACCOUNT 0x00001000
157 #define UF_SERVER_TRUST_ACCOUNT 0x00002000
158 #define UF_UNUSED_3 0x00004000
159 #define UF_UNUSED_4 0x00008000
161 #define UF_DONT_EXPIRE_PASSWD 0x00010000
162 #define UF_MNS_LOGON_ACCOUNT 0x00020000
163 #define UF_SMARTCARD_REQUIRED 0x00040000
164 #define UF_TRUSTED_FOR_DELEGATION 0x00080000
166 #define UF_NOT_DELEGATED 0x00100000
167 #define UF_USE_DES_KEY_ONLY 0x00200000
168 #define UF_DONT_REQUIRE_PREAUTH 0x00400000
169 #define UF_UNUSED_5 0x00800000
171 #define UF_UNUSED_6 0x01000000
172 #define UF_UNUSED_7 0x02000000
173 #define UF_UNUSED_8 0x04000000
174 #define UF_UNUSED_9 0x08000000
176 #define UF_UNUSED_10 0x10000000
177 #define UF_UNUSED_11 0x20000000
178 #define UF_UNUSED_12 0x40000000
179 #define UF_UNUSED_13 0x80000000
181 #define UF_MACHINE_ACCOUNT_MASK (\
182 UF_INTERDOMAIN_TRUST_ACCOUNT |\
183 UF_WORKSTATION_TRUST_ACCOUNT |\
184 UF_SERVER_TRUST_ACCOUNT \
187 #define UF_ACCOUNT_TYPE_MASK (\
188 UF_TEMP_DUPLICATE_ACCOUNT |\
190 UF_INTERDOMAIN_TRUST_ACCOUNT |\
191 UF_WORKSTATION_TRUST_ACCOUNT |\
192 UF_SERVER_TRUST_ACCOUNT \
195 #define UF_SETTABLE_BITS (\
198 UF_HOMEDIR_REQUIRED |\
201 UF_PASSWD_CANT_CHANGE |\
202 UF_ACCOUNT_TYPE_MASK | \
203 UF_DONT_EXPIRE_PASSWD | \
204 UF_MNS_LOGON_ACCOUNT |\
205 UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED |\
206 UF_SMARTCARD_REQUIRED |\
207 UF_TRUSTED_FOR_DELEGATION |\
209 UF_USE_DES_KEY_ONLY |\
210 UF_DONT_REQUIRE_PREAUTH \
214 #define ATYPE_NORMAL_ACCOUNT 0x30000000 /* 805306368 */
215 #define ATYPE_WORKSTATION_TRUST 0x30000001 /* 805306369 */
216 #define ATYPE_INTERDOMAIN_TRUST 0x30000002 /* 805306370 */
217 #define ATYPE_SECURITY_GLOBAL_GROUP 0x10000000 /* 268435456 */
218 #define ATYPE_DISTRIBUTION_GLOBAL_GROUP 0x10000001 /* 268435457 */
219 #define ATYPE_DISTRIBUTION_UNIVERSAL_GROUP ATYPE_DISTRIBUTION_GLOBAL_GROUP
220 #define ATYPE_SECURITY_LOCAL_GROUP 0x20000000 /* 536870912 */
221 #define ATYPE_DISTRIBUTION_LOCAL_GROUP 0x20000001 /* 536870913 */
223 #define ATYPE_ACCOUNT ATYPE_NORMAL_ACCOUNT /* 0x30000000 805306368 */
224 #define ATYPE_GLOBAL_GROUP ATYPE_SECURITY_GLOBAL_GROUP /* 0x10000000 268435456 */
225 #define ATYPE_LOCAL_GROUP ATYPE_SECURITY_LOCAL_GROUP /* 0x20000000 536870912 */
228 #define GTYPE_SECURITY_BUILTIN_LOCAL_GROUP 0x80000005 /* -2147483643 */
229 #define GTYPE_SECURITY_DOMAIN_LOCAL_GROUP 0x80000004 /* -2147483644 */
230 #define GTYPE_SECURITY_GLOBAL_GROUP 0x80000002 /* -2147483646 */
231 #define GTYPE_DISTRIBUTION_GLOBAL_GROUP 0x00000002 /* 2 */
232 #define GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP 0x00000004 /* 4 */
233 #define GTYPE_DISTRIBUTION_UNIVERSAL_GROUP 0x00000008 /* 8 */
235 /* Mailslot or cldap getdcname response flags */
236 #define ADS_PDC 0x00000001 /* DC is PDC */
237 #define ADS_GC 0x00000004 /* DC is a GC of forest */
238 #define ADS_LDAP 0x00000008 /* DC is an LDAP server */
239 #define ADS_DS 0x00000010 /* DC supports DS */
240 #define ADS_KDC 0x00000020 /* DC is running KDC */
241 #define ADS_TIMESERV 0x00000040 /* DC is running time services */
242 #define ADS_CLOSEST 0x00000080 /* DC is closest to client */
243 #define ADS_WRITABLE 0x00000100 /* DC has writable DS */
244 #define ADS_GOOD_TIMESERV 0x00000200 /* DC has hardware clock
245 (and running time) */
246 #define ADS_NDNC 0x00000400 /* DomainName is non-domain NC serviced
248 #define ADS_PINGS 0x0000FFFF /* Ping response */
249 #define ADS_DNS_CONTROLLER 0x20000000 /* DomainControllerName is a DNS name*/
250 #define ADS_DNS_DOMAIN 0x40000000 /* DomainName is a DNS name */
251 #define ADS_DNS_FOREST 0x80000000 /* DnsForestName is a DNS name */
253 /* DomainCntrollerAddressType */
254 #define ADS_INET_ADDRESS 0x00000001
255 #define ADS_NETBIOS_ADDRESS 0x00000002
258 /* ads auth control flags */
259 #define ADS_AUTH_DISABLE_KERBEROS 0x01
260 #define ADS_AUTH_NO_BIND 0x02
261 #define ADS_AUTH_ANON_BIND 0x04
262 #define ADS_AUTH_SIMPLE_BIND 0x08