1/*
2 * Unix SMB/CIFS implementation.
3 * secrets.tdb file format info
4 * Copyright (C) Andrew Tridgell              2000
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
14 * more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * this program; if not, write to the Free Software Foundation, Inc., 675
18 * Mass Ave, Cambridge, MA 02139, USA.
19 */
20
21#ifndef _SECRETS_H
22#define _SECRETS_H
23
24/* the first one is for the hashed password (NT4 style) the latter
25   for plaintext (ADS)
26*/
27#define SECRETS_MACHINE_ACCT_PASS "SECRETS/$MACHINE.ACC"
28#define SECRETS_MACHINE_PASSWORD "SECRETS/MACHINE_PASSWORD"
29#define SECRETS_MACHINE_LAST_CHANGE_TIME "SECRETS/MACHINE_LAST_CHANGE_TIME"
30#define SECRETS_MACHINE_SEC_CHANNEL_TYPE "SECRETS/MACHINE_SEC_CHANNEL_TYPE"
31#define SECRETS_MACHINE_TRUST_ACCOUNT_NAME "SECRETS/SECRETS_MACHINE_TRUST_ACCOUNT_NAME"
32/* this one is for storing trusted domain account password */
33#define SECRETS_DOMTRUST_ACCT_PASS "SECRETS/$DOMTRUST.ACC"
34
35/* Store the principal name used for Kerberos DES key salt under this key name. */
36#define SECRETS_SALTING_PRINCIPAL "SECRETS/SALTING_PRINCIPAL"
37
38/* The domain sid and our sid are stored here even though they aren't
39   really secret. */
40#define SECRETS_DOMAIN_SID    "SECRETS/SID"
41#define SECRETS_SAM_SID       "SAM/SID"
42
43/* The domain GUID and server GUID (NOT the same) are also not secret */
44#define SECRETS_DOMAIN_GUID   "SECRETS/DOMGUID"
45#define SECRETS_SERVER_GUID   "SECRETS/GUID"
46
47#define SECRETS_LDAP_BIND_PW "SECRETS/LDAP_BIND_PW"
48
49/* Authenticated user info is stored in secrets.tdb under these keys */
50
51#define SECRETS_AUTH_USER      "SECRETS/AUTH_USER"
52#define SECRETS_AUTH_DOMAIN      "SECRETS/AUTH_DOMAIN"
53#define SECRETS_AUTH_PASSWORD  "SECRETS/AUTH_PASSWORD"
54
55/* structure for storing machine account password
56   (ie. when samba server is member of a domain */
57struct machine_acct_pass {
58	uint8 hash[16];
59	time_t mod_time;
60};
61
62/*
63 * storage structure for trusted domain
64 */
65typedef struct trusted_dom_pass {
66	size_t uni_name_len;
67	smb_ucs2_t uni_name[32]; /* unicode domain name */
68	size_t pass_len;
69	fstring pass;		/* trust relationship's password */
70	time_t mod_time;
71	DOM_SID domain_sid;	/* remote domain's sid */
72} TRUSTED_DOM_PASS;
73
74/*
75 * trusted domain entry/entries returned by secrets_get_trusted_domains
76 * (used in _lsa_enum_trust_dom call)
77 */
78typedef struct trustdom {
79	smb_ucs2_t *name;
80	DOM_SID sid;
81} TRUSTDOM;
82
83/*
84 * Format of an OpenAFS keyfile
85 */
86
87#define SECRETS_AFS_MAXKEYS 8
88
89struct afs_key {
90	uint32 kvno;
91	char key[8];
92};
93
94struct afs_keyfile {
95	uint32 nkeys;
96	struct afs_key entry[SECRETS_AFS_MAXKEYS];
97};
98
99#define SECRETS_AFS_KEYFILE "SECRETS/AFS_KEYFILE"
100
101#endif /* _SECRETS_H */
102