1/* 2 Unix SMB/CIFS implementation. 3 passdb structures and parameters 4 Copyright (C) Gerald Carter 2001 5 Copyright (C) Luke Kenneth Casson Leighton 1998 - 2000 6 Copyright (C) Andrew Bartlett 2002 7 Copyright (C) Simo Sorce 2003 8 9 This program is free software; you can redistribute it and/or modify 10 it under the terms of the GNU General Public License as published by 11 the Free Software Foundation; either version 2 of the License, or 12 (at your option) any later version. 13 14 This program is distributed in the hope that it will be useful, 15 but WITHOUT ANY WARRANTY; without even the implied warranty of 16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 GNU General Public License for more details. 18 19 You should have received a copy of the GNU General Public License 20 along with this program; if not, write to the Free Software 21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 22*/ 23 24#ifndef _PASSDB_H 25#define _PASSDB_H 26 27 28/* 29 * fields_present flags meanings 30 * same names as found in samba4 idl files 31 */ 32 33#define ACCT_USERNAME 0x00000001 34#define ACCT_FULL_NAME 0x00000002 35#define ACCT_RID 0x00000004 36#define ACCT_PRIMARY_GID 0x00000008 37#define ACCT_ADMIN_DESC 0x00000010 38#define ACCT_DESCRIPTION 0x00000020 39#define ACCT_HOME_DIR 0x00000040 40#define ACCT_HOME_DRIVE 0x00000080 41#define ACCT_LOGON_SCRIPT 0x00000100 42#define ACCT_PROFILE 0x00000200 43#define ACCT_WORKSTATIONS 0x00000400 44#define ACCT_LAST_LOGON 0x00000800 45#define ACCT_LAST_LOGOFF 0x00001000 46#define ACCT_LOGON_HOURS 0x00002000 47#define ACCT_BAD_PWD_COUNT 0x00004000 48#define ACCT_NUM_LOGONS 0x00008000 49#define ACCT_ALLOW_PWD_CHANGE 0x00010000 50#define ACCT_FORCE_PWD_CHANGE 0x00020000 51#define ACCT_LAST_PWD_CHANGE 0x00040000 52#define ACCT_EXPIRY 0x00080000 53#define ACCT_FLAGS 0x00100000 54#define ACCT_CALLBACK 0x00200000 55#define ACCT_COUNTRY_CODE 0x00400000 56#define ACCT_CODE_PAGE 0x00800000 57#define ACCT_NT_PWD_SET 0x01000000 58#define ACCT_LM_PWD_SET 0x02000000 59#define ACCT_PRIVATEDATA 0x04000000 60#define ACCT_EXPIRED_FLAG 0x08000000 61#define ACCT_SEC_DESC 0x10000000 62#define ACCT_OWF_PWD 0x20000000 63 64/* 65 * bit flags representing initialized fields in SAM_ACCOUNT 66 */ 67enum pdb_elements { 68 PDB_UNINIT, 69 PDB_SMBHOME, 70 PDB_PROFILE, 71 PDB_DRIVE, 72 PDB_LOGONSCRIPT, 73 PDB_LOGONTIME, 74 PDB_LOGOFFTIME, 75 PDB_KICKOFFTIME, 76 PDB_BAD_PASSWORD_TIME, 77 PDB_CANCHANGETIME, 78 PDB_MUSTCHANGETIME, 79 PDB_PLAINTEXT_PW, 80 PDB_USERNAME, 81 PDB_FULLNAME, 82 PDB_DOMAIN, 83 PDB_NTUSERNAME, 84 PDB_HOURSLEN, 85 PDB_LOGONDIVS, 86 PDB_USERSID, 87 PDB_GROUPSID, 88 PDB_ACCTCTRL, 89 PDB_PASSLASTSET, 90 PDB_UNIXHOMEDIR, 91 PDB_ACCTDESC, 92 PDB_WORKSTATIONS, 93 PDB_UNKNOWNSTR, 94 PDB_MUNGEDDIAL, 95 PDB_HOURS, 96 PDB_FIELDS_PRESENT, 97 PDB_BAD_PASSWORD_COUNT, 98 PDB_LOGON_COUNT, 99 PDB_UNKNOWN6, 100 PDB_LMPASSWD, 101 PDB_NTPASSWD, 102 PDB_PWHISTORY, 103 PDB_BACKEND_PRIVATE_DATA, 104 105 /* this must be the last element */ 106 PDB_COUNT 107}; 108 109enum pdb_group_elements { 110 PDB_GROUP_NAME, 111 PDB_GROUP_SID, 112 PDB_GROUP_SID_NAME_USE, 113 PDB_GROUP_MEMBERS, 114 115 /* this must be the last element */ 116 PDB_GROUP_COUNT 117}; 118 119 120enum pdb_value_state { 121 PDB_DEFAULT=0, 122 PDB_SET, 123 PDB_CHANGED 124}; 125 126#define IS_SAM_SET(x, flag) (pdb_get_init_flags(x, flag) == PDB_SET) 127#define IS_SAM_CHANGED(x, flag) (pdb_get_init_flags(x, flag) == PDB_CHANGED) 128#define IS_SAM_DEFAULT(x, flag) (pdb_get_init_flags(x, flag) == PDB_DEFAULT) 129 130/* cache for bad password lockout data, to be used on replicated SAMs */ 131typedef struct logon_cache_struct 132{ 133 time_t entry_timestamp; 134 uint16 acct_ctrl; 135 uint16 bad_password_count; 136 time_t bad_password_time; 137} LOGIN_CACHE; 138 139typedef struct sam_passwd 140{ 141 TALLOC_CTX *mem_ctx; 142 143 void (*free_fn)(struct sam_passwd **); 144 145 struct pdb_methods *methods; 146 147 struct user_data { 148 /* initialization flags */ 149 struct bitmap *change_flags; 150 struct bitmap *set_flags; 151 152 time_t logon_time; /* logon time */ 153 time_t logoff_time; /* logoff time */ 154 time_t kickoff_time; /* kickoff time */ 155 time_t bad_password_time; /* last bad password entered */ 156 time_t pass_last_set_time; /* password last set time */ 157 time_t pass_can_change_time; /* password can change time */ 158 time_t pass_must_change_time; /* password must change time */ 159 160 const char * username; /* UNIX username string */ 161 const char * domain; /* Windows Domain name */ 162 const char * nt_username; /* Windows username string */ 163 const char * full_name; /* user's full name string */ 164 const char * unix_home_dir; /* UNIX home directory string */ 165 const char * home_dir; /* home directory string */ 166 const char * dir_drive; /* home directory drive string */ 167 const char * logon_script; /* logon script string */ 168 const char * profile_path; /* profile path string */ 169 const char * acct_desc; /* user description string */ 170 const char * workstations; /* login from workstations string */ 171 const char * unknown_str; /* don't know what this is, yet. */ 172 const char * munged_dial; /* munged path name and dial-back tel number */ 173 174 DOM_SID user_sid; /* Primary User SID */ 175 DOM_SID group_sid; /* Primary Group SID */ 176 177 DATA_BLOB lm_pw; /* .data is Null if no password */ 178 DATA_BLOB nt_pw; /* .data is Null if no password */ 179 DATA_BLOB nt_pw_his; /* nt hashed password history .data is Null if not available */ 180 char* plaintext_pw; /* is Null if not available */ 181 182 uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */ 183 uint32 fields_present; /* 0x00ff ffff */ 184 185 uint16 logon_divs; /* 168 - number of hours in a week */ 186 uint32 hours_len; /* normally 21 bytes */ 187 uint8 hours[MAX_HOURS_LEN]; 188 189 /* Was unknown_5. */ 190 uint16 bad_password_count; 191 uint16 logon_count; 192 193 uint32 unknown_6; /* 0x0000 04ec */ 194 /* a tag for who added the private methods */ 195 const struct pdb_methods *backend_private_methods; 196 void *backend_private_data; 197 void (*backend_private_data_free_fn)(void **); 198 } private; 199 200 /* Lets see if the remaining code can get the hint that you 201 are meant to use the pdb_...() functions. */ 202 203} SAM_ACCOUNT; 204 205typedef struct sam_group { 206 TALLOC_CTX *mem_ctx; 207 208 void (*free_fn)(struct sam_group **); 209 210 struct pdb_methods *methods; 211 212 struct group_data { 213 /* initialization flags */ 214 struct bitmap *change_flags; 215 struct bitmap *set_flags; 216 217 const char *name; /* Windows group name string */ 218 219 DOM_SID sid; /* Group SID */ 220 enum SID_NAME_USE sid_name_use; /* Group type */ 221 222 uint32 mem_num; /* Number of member SIDs */ 223 DOM_SID *members; /* SID array */ 224 } private; 225 226} SAM_GROUP; 227 228struct acct_info 229{ 230 fstring acct_name; /* account name */ 231 fstring acct_desc; /* account name */ 232 uint32 rid; /* domain-relative RID */ 233}; 234 235/***************************************************************** 236 Functions to be implemented by the new (v2) passdb API 237****************************************************************/ 238 239/* 240 * This next constant specifies the version number of the PASSDB interface 241 * this SAMBA will load. Increment this if *ANY* changes are made to the interface. 242 */ 243 244#define PASSDB_INTERFACE_VERSION 8 245 246typedef struct pdb_context 247{ 248 struct pdb_methods *pdb_methods; 249 struct pdb_methods *pwent_methods; 250 251 /* These functions are wrappers for the functions listed above. 252 They may do extra things like re-reading a SAM_ACCOUNT on update */ 253 254 NTSTATUS (*pdb_setsampwent)(struct pdb_context *, BOOL update, uint16 acb_mask); 255 256 void (*pdb_endsampwent)(struct pdb_context *); 257 258 NTSTATUS (*pdb_getsampwent)(struct pdb_context *, SAM_ACCOUNT *user); 259 260 NTSTATUS (*pdb_getsampwnam)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const char *username); 261 262 NTSTATUS (*pdb_getsampwsid)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const DOM_SID *sid); 263 264 NTSTATUS (*pdb_add_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass); 265 266 NTSTATUS (*pdb_update_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass); 267 268 NTSTATUS (*pdb_delete_sam_account)(struct pdb_context *, SAM_ACCOUNT *username); 269 270 NTSTATUS (*pdb_update_login_attempts)(struct pdb_context *context, SAM_ACCOUNT *sam_acct, BOOL success); 271 272 NTSTATUS (*pdb_getgrsid)(struct pdb_context *context, GROUP_MAP *map, DOM_SID sid); 273 274 NTSTATUS (*pdb_getgrgid)(struct pdb_context *context, GROUP_MAP *map, gid_t gid); 275 276 NTSTATUS (*pdb_getgrnam)(struct pdb_context *context, GROUP_MAP *map, const char *name); 277 278 NTSTATUS (*pdb_add_group_mapping_entry)(struct pdb_context *context, 279 GROUP_MAP *map); 280 281 NTSTATUS (*pdb_update_group_mapping_entry)(struct pdb_context *context, 282 GROUP_MAP *map); 283 284 NTSTATUS (*pdb_delete_group_mapping_entry)(struct pdb_context *context, 285 DOM_SID sid); 286 287 NTSTATUS (*pdb_enum_group_mapping)(struct pdb_context *context, 288 enum SID_NAME_USE sid_name_use, 289 GROUP_MAP **rmap, int *num_entries, 290 BOOL unix_only); 291 292 NTSTATUS (*pdb_enum_group_members)(struct pdb_context *context, 293 TALLOC_CTX *mem_ctx, 294 const DOM_SID *group, 295 uint32 **member_rids, 296 int *num_members); 297 298 NTSTATUS (*pdb_enum_group_memberships)(struct pdb_context *context, 299 const char *username, 300 gid_t primary_gid, 301 DOM_SID **sids, gid_t **gids, 302 int *num_groups); 303 304 NTSTATUS (*pdb_find_alias)(struct pdb_context *context, 305 const char *name, DOM_SID *sid); 306 307 NTSTATUS (*pdb_create_alias)(struct pdb_context *context, 308 const char *name, uint32 *rid); 309 310 NTSTATUS (*pdb_delete_alias)(struct pdb_context *context, 311 const DOM_SID *sid); 312 313 NTSTATUS (*pdb_enum_aliases)(struct pdb_context *context, 314 const DOM_SID *domain_sid, 315 uint32 start_idx, uint32 num_entries, 316 uint32 *num_aliases, 317 struct acct_info **aliases); 318 319 NTSTATUS (*pdb_get_aliasinfo)(struct pdb_context *context, 320 const DOM_SID *sid, 321 struct acct_info *info); 322 323 NTSTATUS (*pdb_set_aliasinfo)(struct pdb_context *context, 324 const DOM_SID *sid, 325 struct acct_info *info); 326 327 NTSTATUS (*pdb_add_aliasmem)(struct pdb_context *context, 328 const DOM_SID *alias, 329 const DOM_SID *member); 330 331 NTSTATUS (*pdb_del_aliasmem)(struct pdb_context *context, 332 const DOM_SID *alias, 333 const DOM_SID *member); 334 335 NTSTATUS (*pdb_enum_aliasmem)(struct pdb_context *context, 336 const DOM_SID *alias, 337 DOM_SID **members, int *num_members); 338 339 NTSTATUS (*pdb_enum_alias_memberships)(struct pdb_context *context, 340 const DOM_SID *members, 341 int num_members, 342 DOM_SID **aliases, 343 int *num_aliases); 344 345 void (*free_fn)(struct pdb_context **); 346 347 TALLOC_CTX *mem_ctx; 348 349} PDB_CONTEXT; 350 351typedef struct pdb_methods 352{ 353 const char *name; /* What name got this module */ 354 struct pdb_context *parent; 355 356 /* Use macros from dlinklist.h on these two */ 357 struct pdb_methods *next; 358 struct pdb_methods *prev; 359 360 NTSTATUS (*setsampwent)(struct pdb_methods *, BOOL update, uint16 acb_mask); 361 362 void (*endsampwent)(struct pdb_methods *); 363 364 NTSTATUS (*getsampwent)(struct pdb_methods *, SAM_ACCOUNT *user); 365 366 NTSTATUS (*getsampwnam)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, const char *username); 367 368 NTSTATUS (*getsampwsid)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, const DOM_SID *sid); 369 370 NTSTATUS (*add_sam_account)(struct pdb_methods *, SAM_ACCOUNT *sampass); 371 372 NTSTATUS (*update_sam_account)(struct pdb_methods *, SAM_ACCOUNT *sampass); 373 374 NTSTATUS (*delete_sam_account)(struct pdb_methods *, SAM_ACCOUNT *username); 375 376 NTSTATUS (*update_login_attempts)(struct pdb_methods *methods, SAM_ACCOUNT *sam_acct, BOOL success); 377 378 NTSTATUS (*getgrsid)(struct pdb_methods *methods, GROUP_MAP *map, DOM_SID sid); 379 380 NTSTATUS (*getgrgid)(struct pdb_methods *methods, GROUP_MAP *map, gid_t gid); 381 382 NTSTATUS (*getgrnam)(struct pdb_methods *methods, GROUP_MAP *map, const char *name); 383 384 NTSTATUS (*add_group_mapping_entry)(struct pdb_methods *methods, 385 GROUP_MAP *map); 386 387 NTSTATUS (*update_group_mapping_entry)(struct pdb_methods *methods, 388 GROUP_MAP *map); 389 390 NTSTATUS (*delete_group_mapping_entry)(struct pdb_methods *methods, 391 DOM_SID sid); 392 393 NTSTATUS (*enum_group_mapping)(struct pdb_methods *methods, 394 enum SID_NAME_USE sid_name_use, 395 GROUP_MAP **rmap, int *num_entries, 396 BOOL unix_only); 397 398 NTSTATUS (*enum_group_members)(struct pdb_methods *methods, 399 TALLOC_CTX *mem_ctx, 400 const DOM_SID *group, 401 uint32 **member_rids, 402 int *num_members); 403 404 NTSTATUS (*enum_group_memberships)(struct pdb_methods *methods, 405 const char *username, 406 gid_t primary_gid, 407 DOM_SID **sids, gid_t **gids, 408 int *num_groups); 409 410 NTSTATUS (*find_alias)(struct pdb_methods *methods, 411 const char *name, DOM_SID *sid); 412 413 NTSTATUS (*create_alias)(struct pdb_methods *methods, 414 const char *name, uint32 *rid); 415 416 NTSTATUS (*delete_alias)(struct pdb_methods *methods, 417 const DOM_SID *sid); 418 419 NTSTATUS (*enum_aliases)(struct pdb_methods *methods, 420 const DOM_SID *domain_sid, 421 uint32 start_idx, uint32 max_entries, 422 uint32 *num_aliases, struct acct_info **info); 423 424 NTSTATUS (*get_aliasinfo)(struct pdb_methods *methods, 425 const DOM_SID *sid, 426 struct acct_info *info); 427 428 NTSTATUS (*set_aliasinfo)(struct pdb_methods *methods, 429 const DOM_SID *sid, 430 struct acct_info *info); 431 432 NTSTATUS (*add_aliasmem)(struct pdb_methods *methods, 433 const DOM_SID *alias, const DOM_SID *member); 434 NTSTATUS (*del_aliasmem)(struct pdb_methods *methods, 435 const DOM_SID *alias, const DOM_SID *member); 436 NTSTATUS (*enum_aliasmem)(struct pdb_methods *methods, 437 const DOM_SID *alias, DOM_SID **members, 438 int *num_members); 439 NTSTATUS (*enum_alias_memberships)(struct pdb_methods *methods, 440 const DOM_SID *members, 441 int num_members, 442 DOM_SID **aliases, int *num); 443 444 void *private_data; /* Private data of some kind */ 445 446 void (*free_private_data)(void **); 447 448} PDB_METHODS; 449 450typedef NTSTATUS (*pdb_init_function)(struct pdb_context *, 451 struct pdb_methods **, 452 const char *); 453 454struct pdb_init_function_entry { 455 const char *name; 456 /* Function to create a member of the pdb_methods list */ 457 pdb_init_function init; 458 struct pdb_init_function_entry *prev, *next; 459}; 460 461enum sql_search_field { SQL_SEARCH_NONE = 0, SQL_SEARCH_USER_SID = 1, SQL_SEARCH_USER_NAME = 2}; 462 463#endif /* _PASSDB_H */ 464