s3:passdb: add optional get_trusteddom_creds() hooks

[obnox/samba/samba-obnox.git] / source3 / include / passdb.h

diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index 37d35cfee3d5adb9e369773ed0bc8624280d14a5..893d0d09bf6b0d54077aa16e0883c0785b90d3a2 100644 (file)
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -33,6 +33,8 @@
 
 #include "../librpc/gen_ndr/lsa.h"
 #include <tevent.h>
+struct unixid;
+struct cli_credentials;
 
 /* group mapping headers */
 
@@ -48,6 +50,12 @@ typedef struct _GROUP_MAP {
        char *comment;
 } GROUP_MAP;
 
+struct acct_info {
+       char *acct_name; /* account name */
+       char *acct_desc; /* account name */
+       uint32_t rid; /* domain-relative RID */
+};
+
 /* The following definitions come from groupdb/mapping.c  */
 
 NTSTATUS add_initial_entry(gid_t gid, const char *sid, enum lsa_SidType sid_name_use, const char *nt_name, const char *comment);
@@ -79,7 +87,6 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
                                  const char *name, uint32_t *rid);
 NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods,
                                  const struct dom_sid *sid);
-struct acct_info;
 NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods,
                                   const struct dom_sid *sid,
                                   struct acct_info *info);
@@ -117,7 +124,7 @@ NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods,
                                           enum lsa_SidType sid_name_use,
                                           GROUP_MAP **rmap, size_t *num_entries,
                                           bool unix_only);
-NTSTATUS pdb_create_builtin_alias(uint32_t rid);
+NTSTATUS pdb_create_builtin_alias(uint32_t rid, gid_t gid);
 
 
 /* passdb headers */
@@ -178,7 +185,6 @@ enum pdb_elements {
        PDB_KICKOFFTIME,
        PDB_BAD_PASSWORD_TIME,
        PDB_CANCHANGETIME,
-       PDB_MUSTCHANGETIME,
        PDB_PLAINTEXT_PW,
        PDB_USERNAME,
        PDB_FULLNAME,
@@ -262,7 +268,6 @@ struct samu {
        time_t bad_password_time;     /* last bad password entered */
        time_t pass_last_set_time;    /* password last set time */
        time_t pass_can_change_time;  /* password can change time */
-       time_t pass_must_change_time; /* password must change time */
 
        const char *username;     /* UNIX username string */
        const char *domain;       /* Windows Domain name */
@@ -312,12 +317,6 @@ struct samu {
        struct passwd *unix_pw;
 };
 
-struct acct_info {
-       char *acct_name; /* account name */
-       char *acct_desc; /* account name */
-       uint32_t rid; /* domain-relative RID */
-};
-
 struct samr_displayentry {
        uint32_t idx;
        uint32_t rid;
@@ -414,9 +413,14 @@ enum pdb_policy_type {
  * Changed to 18, pdb_rid_algorithm -> pdb_capabilities
  * Changed to 19, removed uid_to_rid
  * Changed to 20, pdb_secret calls
+ * Changed to 21, set/enum_upn_suffixes. AB.
+ * Changed to 22, idmap control functions
+ * Changed to 23, new idmap control functions
+ * Changed to 24, removed uid_to_sid and gid_to_sid, replaced with id_to_sid
+ * Leave at 24, add optional get_trusteddom_creds()
  */
 
-#define PASSDB_INTERFACE_VERSION 20
+#define PASSDB_INTERFACE_VERSION 24
 
 struct pdb_methods 
 {
@@ -559,12 +563,18 @@ struct pdb_methods
                               struct pdb_search *search,
                               const struct dom_sid *sid);
 
-       bool (*uid_to_sid)(struct pdb_methods *methods, uid_t uid,
-                          struct dom_sid *sid);
-       bool (*gid_to_sid)(struct pdb_methods *methods, gid_t gid,
-                          struct dom_sid *sid);
+       /* 
+        * Instead of passing down a gid or uid, this function sends down a pointer
+        * to a unixid. 
+        *
+        * This acts as an in-out variable so that the idmap functions can correctly
+        * receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing
+        * the cache to store ID_TYPE_UID or ID_TYPE_GID. 
+        */
+       bool (*id_to_sid)(struct pdb_methods *methods, struct unixid *id,
+                         struct dom_sid *sid);
        bool (*sid_to_id)(struct pdb_methods *methods, const struct dom_sid *sid,
-                         uid_t *uid, gid_t *gid, enum lsa_SidType *type);
+                         struct unixid *id);
 
        uint32_t (*capabilities)(struct pdb_methods *methods);
        bool (*new_rid)(struct pdb_methods *methods, uint32_t *rid);
@@ -573,6 +583,10 @@ struct pdb_methods
        bool (*get_trusteddom_pw)(struct pdb_methods *methods,
                                  const char *domain, char** pwd, 
                                  struct dom_sid *sid, time_t *pass_last_set_time);
+       NTSTATUS (*get_trusteddom_creds)(struct pdb_methods *methods,
+                                        const char *domain,
+                                        TALLOC_CTX *mem_ctx,
+                                        struct cli_credentials **creds);
        bool (*set_trusteddom_pw)(struct pdb_methods *methods, 
                                  const char* domain, const char* pwd,
                                  const struct dom_sid *sid);
@@ -616,6 +630,22 @@ struct pdb_methods
        NTSTATUS (*delete_secret)(struct pdb_methods *methods,
                                  const char *secret_name);
 
+       NTSTATUS (*enum_upn_suffixes)(struct pdb_methods *methods,
+                                     TALLOC_CTX *mem_ctx,
+                                     uint32_t *num_suffixes,
+                                     char ***suffixes);
+
+       NTSTATUS (*set_upn_suffixes)(struct pdb_methods *methods,
+                                    uint32_t num_suffixes,
+                                    const char **suffixes);
+
+       bool (*is_responsible_for_our_sam)(struct pdb_methods *methods);
+       bool (*is_responsible_for_builtin)(struct pdb_methods *methods);
+       bool (*is_responsible_for_wellknown)(struct pdb_methods *methods);
+       bool (*is_responsible_for_unix_users)(struct pdb_methods *methods);
+       bool (*is_responsible_for_unix_groups)(struct pdb_methods *methods);
+       bool (*is_responsible_for_everything_else)(struct pdb_methods *methods);
+
        void *private_data;  /* Private data of some kind */
 
        void (*free_private_data)(void **);
@@ -698,6 +728,11 @@ bool get_trust_pw_clear(const char *domain, char **ret_pwd,
 bool get_trust_pw_hash(const char *domain, uint8_t ret_pwd[16],
                       const char **account_name,
                       enum netr_SchannelType *channel);
+struct cli_credentials;
+NTSTATUS pdb_get_trust_credentials(const char *netbios_domain,
+                                  const char *dns_domain, /* optional */
+                                  TALLOC_CTX *mem_ctx,
+                                  struct cli_credentials **_creds);
 
 /* The following definitions come from passdb/pdb_compat.c  */
 
@@ -708,6 +743,7 @@ bool pdb_set_group_sid_from_rid (struct samu *sampass, uint32_t grid, enum pdb_v
 
 /* The following definitions come from passdb/pdb_get_set.c  */
 
+bool pdb_is_password_change_time_max(time_t test_time);
 uint32_t pdb_get_acct_ctrl(const struct samu *sampass);
 time_t pdb_get_logon_time(const struct samu *sampass);
 time_t pdb_get_logoff_time(const struct samu *sampass);
@@ -752,7 +788,6 @@ bool pdb_set_logoff_time(struct samu *sampass, time_t mytime, enum pdb_value_sta
 bool pdb_set_kickoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag);
 bool pdb_set_bad_password_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag);
 bool pdb_set_pass_can_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag);
-bool pdb_set_pass_must_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag);
 bool pdb_set_pass_last_set_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag);
 bool pdb_set_hours_len(struct samu *sampass, uint32_t len, enum pdb_value_state flag);
 bool pdb_set_logon_divs(struct samu *sampass, uint16_t hours, enum pdb_value_state flag);
@@ -867,10 +902,16 @@ NTSTATUS pdb_lookup_names(const struct dom_sid *domain_sid,
 bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value);
 bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value);
 bool pdb_get_seq_num(time_t *seq_num);
-bool pdb_uid_to_sid(uid_t uid, struct dom_sid *sid);
-bool pdb_gid_to_sid(gid_t gid, struct dom_sid *sid);
-bool pdb_sid_to_id(const struct dom_sid *sid, uid_t *uid, gid_t *gid,
-                  enum lsa_SidType *type);
+/* 
+ * Instead of passing down a gid or uid, this function sends down a pointer
+ * to a unixid. 
+ *
+ * This acts as an in-out variable so that the idmap functions can correctly
+ * receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing
+ * the cache to store ID_TYPE_UID or ID_TYPE_GID. 
+ */
+bool pdb_id_to_sid(struct unixid *id, struct dom_sid *sid);
+bool pdb_sid_to_id(const struct dom_sid *sid, struct unixid *id);
 uint32_t pdb_capabilities(void);
 bool pdb_new_rid(uint32_t *rid);
 bool initialize_password_db(bool reload, struct tevent_context *tevent_ctx);
@@ -884,6 +925,8 @@ uint32_t pdb_search_entries(struct pdb_search *search,
                          struct samr_displayentry **result);
 bool pdb_get_trusteddom_pw(const char *domain, char** pwd, struct dom_sid *sid,
                           time_t *pass_last_set_time);
+NTSTATUS pdb_get_trusteddom_creds(const char *domain, TALLOC_CTX *mem_ctx,
+                                 struct cli_credentials **creds);
 bool pdb_set_trusteddom_pw(const char* domain, const char* pwd,
                           const struct dom_sid *sid);
 bool pdb_del_trusteddom_pw(const char *domain);
@@ -911,13 +954,45 @@ NTSTATUS pdb_set_secret(const char *secret_name,
                        DATA_BLOB *secret_old,
                        struct security_descriptor *sd);
 NTSTATUS pdb_delete_secret(const char *secret_name);
+bool pdb_sid_to_id_unix_users_and_groups(const struct dom_sid *sid,
+                                        struct unixid *id);
+
+NTSTATUS pdb_enum_upn_suffixes(TALLOC_CTX *mem_ctx,
+                              uint32_t *num_suffixes,
+                              char ***suffixes);
+
+NTSTATUS pdb_set_upn_suffixes(uint32_t num_suffixes,
+                             const char **suffixes);
+bool pdb_is_responsible_for_our_sam(void);
+bool pdb_is_responsible_for_builtin(void);
+bool pdb_is_responsible_for_wellknown(void);
+bool pdb_is_responsible_for_unix_users(void);
+bool pdb_is_responsible_for_unix_groups(void);
+bool pdb_is_responsible_for_everything_else(void);
 
 /* The following definitions come from passdb/pdb_util.c  */
 
+NTSTATUS pdb_create_builtin(uint32_t rid);
 NTSTATUS create_builtin_users(const struct dom_sid *sid);
 NTSTATUS create_builtin_administrators(const struct dom_sid *sid);
 
 #include "passdb/machine_sid.h"
 #include "passdb/lookup_sid.h"
 
+/* The following definitions come from passdb/pdb_unixid.c */
+void unixid_from_uid(struct unixid *id, uint32_t some_uid);
+void unixid_from_gid(struct unixid *id, uint32_t some_gid);
+void unixid_from_both(struct unixid *id, uint32_t some_id);
+
+/* The following definitions come from passdb/pdb_secrets.c
+ * and should be used by PDB modules if they need to store
+ * sid/guid information for the domain in secrets database
+ */
+bool PDB_secrets_mark_domain_protected(const char *domain);
+bool PDB_secrets_clear_domain_protection(const char *domain);
+bool PDB_secrets_store_domain_sid(const char *domain, const struct dom_sid  *sid);
+bool PDB_secrets_fetch_domain_sid(const char *domain, struct dom_sid  *sid);
+bool PDB_secrets_store_domain_guid(const char *domain, struct GUID *guid);
+bool PDB_secrets_fetch_domain_guid(const char *domain, struct GUID *guid);
+
 #endif /* _PASSDB_H */