#include "../librpc/gen_ndr/lsa.h"
#include <tevent.h>
+struct unixid;
+struct cli_credentials;
/* group mapping headers */
char *comment;
} GROUP_MAP;
+struct acct_info {
+ char *acct_name; /* account name */
+ char *acct_desc; /* account name */
+ uint32_t rid; /* domain-relative RID */
+};
+
/* The following definitions come from groupdb/mapping.c */
NTSTATUS add_initial_entry(gid_t gid, const char *sid, enum lsa_SidType sid_name_use, const char *nt_name, const char *comment);
const char *name, uint32_t *rid);
NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods,
const struct dom_sid *sid);
-struct acct_info;
NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods,
const struct dom_sid *sid,
struct acct_info *info);
enum lsa_SidType sid_name_use,
GROUP_MAP **rmap, size_t *num_entries,
bool unix_only);
-NTSTATUS pdb_create_builtin_alias(uint32_t rid);
+NTSTATUS pdb_create_builtin_alias(uint32_t rid, gid_t gid);
/* passdb headers */
PDB_KICKOFFTIME,
PDB_BAD_PASSWORD_TIME,
PDB_CANCHANGETIME,
- PDB_MUSTCHANGETIME,
PDB_PLAINTEXT_PW,
PDB_USERNAME,
PDB_FULLNAME,
time_t bad_password_time; /* last bad password entered */
time_t pass_last_set_time; /* password last set time */
time_t pass_can_change_time; /* password can change time */
- time_t pass_must_change_time; /* password must change time */
const char *username; /* UNIX username string */
const char *domain; /* Windows Domain name */
struct passwd *unix_pw;
};
-struct acct_info {
- char *acct_name; /* account name */
- char *acct_desc; /* account name */
- uint32_t rid; /* domain-relative RID */
-};
-
struct samr_displayentry {
uint32_t idx;
uint32_t rid;
* Changed to 18, pdb_rid_algorithm -> pdb_capabilities
* Changed to 19, removed uid_to_rid
* Changed to 20, pdb_secret calls
+ * Changed to 21, set/enum_upn_suffixes. AB.
+ * Changed to 22, idmap control functions
+ * Changed to 23, new idmap control functions
+ * Changed to 24, removed uid_to_sid and gid_to_sid, replaced with id_to_sid
+ * Leave at 24, add optional get_trusteddom_creds()
*/
-#define PASSDB_INTERFACE_VERSION 20
+#define PASSDB_INTERFACE_VERSION 24
struct pdb_methods
{
struct pdb_search *search,
const struct dom_sid *sid);
- bool (*uid_to_sid)(struct pdb_methods *methods, uid_t uid,
- struct dom_sid *sid);
- bool (*gid_to_sid)(struct pdb_methods *methods, gid_t gid,
- struct dom_sid *sid);
+ /*
+ * Instead of passing down a gid or uid, this function sends down a pointer
+ * to a unixid.
+ *
+ * This acts as an in-out variable so that the idmap functions can correctly
+ * receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing
+ * the cache to store ID_TYPE_UID or ID_TYPE_GID.
+ */
+ bool (*id_to_sid)(struct pdb_methods *methods, struct unixid *id,
+ struct dom_sid *sid);
bool (*sid_to_id)(struct pdb_methods *methods, const struct dom_sid *sid,
- uid_t *uid, gid_t *gid, enum lsa_SidType *type);
+ struct unixid *id);
uint32_t (*capabilities)(struct pdb_methods *methods);
bool (*new_rid)(struct pdb_methods *methods, uint32_t *rid);
bool (*get_trusteddom_pw)(struct pdb_methods *methods,
const char *domain, char** pwd,
struct dom_sid *sid, time_t *pass_last_set_time);
+ NTSTATUS (*get_trusteddom_creds)(struct pdb_methods *methods,
+ const char *domain,
+ TALLOC_CTX *mem_ctx,
+ struct cli_credentials **creds);
bool (*set_trusteddom_pw)(struct pdb_methods *methods,
const char* domain, const char* pwd,
const struct dom_sid *sid);
NTSTATUS (*delete_secret)(struct pdb_methods *methods,
const char *secret_name);
+ NTSTATUS (*enum_upn_suffixes)(struct pdb_methods *methods,
+ TALLOC_CTX *mem_ctx,
+ uint32_t *num_suffixes,
+ char ***suffixes);
+
+ NTSTATUS (*set_upn_suffixes)(struct pdb_methods *methods,
+ uint32_t num_suffixes,
+ const char **suffixes);
+
+ bool (*is_responsible_for_our_sam)(struct pdb_methods *methods);
+ bool (*is_responsible_for_builtin)(struct pdb_methods *methods);
+ bool (*is_responsible_for_wellknown)(struct pdb_methods *methods);
+ bool (*is_responsible_for_unix_users)(struct pdb_methods *methods);
+ bool (*is_responsible_for_unix_groups)(struct pdb_methods *methods);
+ bool (*is_responsible_for_everything_else)(struct pdb_methods *methods);
+
void *private_data; /* Private data of some kind */
void (*free_private_data)(void **);
bool get_trust_pw_hash(const char *domain, uint8_t ret_pwd[16],
const char **account_name,
enum netr_SchannelType *channel);
+struct cli_credentials;
+NTSTATUS pdb_get_trust_credentials(const char *netbios_domain,
+ const char *dns_domain, /* optional */
+ TALLOC_CTX *mem_ctx,
+ struct cli_credentials **_creds);
/* The following definitions come from passdb/pdb_compat.c */
/* The following definitions come from passdb/pdb_get_set.c */
+bool pdb_is_password_change_time_max(time_t test_time);
uint32_t pdb_get_acct_ctrl(const struct samu *sampass);
time_t pdb_get_logon_time(const struct samu *sampass);
time_t pdb_get_logoff_time(const struct samu *sampass);
bool pdb_set_kickoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag);
bool pdb_set_bad_password_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag);
bool pdb_set_pass_can_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag);
-bool pdb_set_pass_must_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag);
bool pdb_set_pass_last_set_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag);
bool pdb_set_hours_len(struct samu *sampass, uint32_t len, enum pdb_value_state flag);
bool pdb_set_logon_divs(struct samu *sampass, uint16_t hours, enum pdb_value_state flag);
bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value);
bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value);
bool pdb_get_seq_num(time_t *seq_num);
-bool pdb_uid_to_sid(uid_t uid, struct dom_sid *sid);
-bool pdb_gid_to_sid(gid_t gid, struct dom_sid *sid);
-bool pdb_sid_to_id(const struct dom_sid *sid, uid_t *uid, gid_t *gid,
- enum lsa_SidType *type);
+/*
+ * Instead of passing down a gid or uid, this function sends down a pointer
+ * to a unixid.
+ *
+ * This acts as an in-out variable so that the idmap functions can correctly
+ * receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing
+ * the cache to store ID_TYPE_UID or ID_TYPE_GID.
+ */
+bool pdb_id_to_sid(struct unixid *id, struct dom_sid *sid);
+bool pdb_sid_to_id(const struct dom_sid *sid, struct unixid *id);
uint32_t pdb_capabilities(void);
bool pdb_new_rid(uint32_t *rid);
bool initialize_password_db(bool reload, struct tevent_context *tevent_ctx);
struct samr_displayentry **result);
bool pdb_get_trusteddom_pw(const char *domain, char** pwd, struct dom_sid *sid,
time_t *pass_last_set_time);
+NTSTATUS pdb_get_trusteddom_creds(const char *domain, TALLOC_CTX *mem_ctx,
+ struct cli_credentials **creds);
bool pdb_set_trusteddom_pw(const char* domain, const char* pwd,
const struct dom_sid *sid);
bool pdb_del_trusteddom_pw(const char *domain);
DATA_BLOB *secret_old,
struct security_descriptor *sd);
NTSTATUS pdb_delete_secret(const char *secret_name);
+bool pdb_sid_to_id_unix_users_and_groups(const struct dom_sid *sid,
+ struct unixid *id);
+
+NTSTATUS pdb_enum_upn_suffixes(TALLOC_CTX *mem_ctx,
+ uint32_t *num_suffixes,
+ char ***suffixes);
+
+NTSTATUS pdb_set_upn_suffixes(uint32_t num_suffixes,
+ const char **suffixes);
+bool pdb_is_responsible_for_our_sam(void);
+bool pdb_is_responsible_for_builtin(void);
+bool pdb_is_responsible_for_wellknown(void);
+bool pdb_is_responsible_for_unix_users(void);
+bool pdb_is_responsible_for_unix_groups(void);
+bool pdb_is_responsible_for_everything_else(void);
/* The following definitions come from passdb/pdb_util.c */
+NTSTATUS pdb_create_builtin(uint32_t rid);
NTSTATUS create_builtin_users(const struct dom_sid *sid);
NTSTATUS create_builtin_administrators(const struct dom_sid *sid);
#include "passdb/machine_sid.h"
#include "passdb/lookup_sid.h"
+/* The following definitions come from passdb/pdb_unixid.c */
+void unixid_from_uid(struct unixid *id, uint32_t some_uid);
+void unixid_from_gid(struct unixid *id, uint32_t some_gid);
+void unixid_from_both(struct unixid *id, uint32_t some_id);
+
+/* The following definitions come from passdb/pdb_secrets.c
+ * and should be used by PDB modules if they need to store
+ * sid/guid information for the domain in secrets database
+ */
+bool PDB_secrets_mark_domain_protected(const char *domain);
+bool PDB_secrets_clear_domain_protection(const char *domain);
+bool PDB_secrets_store_domain_sid(const char *domain, const struct dom_sid *sid);
+bool PDB_secrets_fetch_domain_sid(const char *domain, struct dom_sid *sid);
+bool PDB_secrets_store_domain_guid(const char *domain, struct GUID *guid);
+bool PDB_secrets_fetch_domain_guid(const char *domain, struct GUID *guid);
+
#endif /* _PASSDB_H */