*/
#define SECRETS_MACHINE_ACCT_PASS "SECRETS/$MACHINE.ACC"
#define SECRETS_MACHINE_PASSWORD "SECRETS/MACHINE_PASSWORD"
+#define SECRETS_MACHINE_PASSWORD_PREV "SECRETS/MACHINE_PASSWORD.PREV"
#define SECRETS_MACHINE_LAST_CHANGE_TIME "SECRETS/MACHINE_LAST_CHANGE_TIME"
#define SECRETS_MACHINE_SEC_CHANNEL_TYPE "SECRETS/MACHINE_SEC_CHANNEL_TYPE"
#define SECRETS_MACHINE_TRUST_ACCOUNT_NAME "SECRETS/SECRETS_MACHINE_TRUST_ACCOUNT_NAME"
#define SECRETS_LDAP_BIND_PW "SECRETS/LDAP_BIND_PW"
+#define SECRETS_LOCAL_SCHANNEL_KEY "SECRETS/LOCAL_SCHANNEL_KEY"
+
/* Authenticated user info is stored in secrets.tdb under these keys */
#define SECRETS_AUTH_USER "SECRETS/AUTH_USER"
#define SECRETS_AUTH_DOMAIN "SECRETS/AUTH_DOMAIN"
#define SECRETS_AUTH_PASSWORD "SECRETS/AUTH_PASSWORD"
+#define SECRETS_GROUPFILTER_KEY "SECRETS/GROUPFILTER"
+
/* structure for storing machine account password
(ie. when samba server is member of a domain */
struct machine_acct_pass {
time_t mod_time;
};
-/*
- * storage structure for trusted domain
- */
-typedef struct trusted_dom_pass {
- size_t uni_name_len;
- smb_ucs2_t uni_name[32]; /* unicode domain name */
- size_t pass_len;
- fstring pass; /* trust relationship's password */
- time_t mod_time;
- DOM_SID domain_sid; /* remote domain's sid */
-} TRUSTED_DOM_PASS;
-
-/*
- * trusted domain entry/entries returned by secrets_get_trusted_domains
- * (used in _lsa_enum_trust_dom call)
- */
-struct trustdom_info {
- char *name;
- DOM_SID sid;
-};
-
/*
* Format of an OpenAFS keyfile
*/
#define SECRETS_AFS_KEYFILE "SECRETS/AFS_KEYFILE"
-#define SECRETS_SCHANNEL_STATE "SECRETS/SCHANNEL"
+/* The following definitions come from passdb/secrets.c */
+
+bool secrets_init(void);
+struct db_context *secrets_db_ctx(void);
+void secrets_shutdown(void);
+void *secrets_fetch(const char *key, size_t *size);
+bool secrets_store(const char *key, const void *data, size_t size);
+bool secrets_delete(const char *key);
+bool secrets_store_domain_sid(const char *domain, const struct dom_sid *sid);
+bool secrets_fetch_domain_sid(const char *domain, struct dom_sid *sid);
+bool secrets_store_domain_guid(const char *domain, struct GUID *guid);
+bool secrets_fetch_domain_guid(const char *domain, struct GUID *guid);
+void *secrets_get_trust_account_lock(TALLOC_CTX *mem_ctx, const char *domain);
+enum netr_SchannelType get_default_sec_channel(void);
+bool secrets_fetch_trust_account_password_legacy(const char *domain,
+ uint8 ret_pwd[16],
+ time_t *pass_last_set_time,
+ enum netr_SchannelType *channel);
+bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
+ time_t *pass_last_set_time,
+ enum netr_SchannelType *channel);
+bool secrets_fetch_trusted_domain_password(const char *domain, char** pwd,
+ struct dom_sid *sid, time_t *pass_last_set_time);
+bool secrets_store_trusted_domain_password(const char* domain, const char* pwd,
+ const struct dom_sid *sid);
+bool secrets_delete_machine_password(const char *domain);
+bool secrets_delete_machine_password_ex(const char *domain);
+bool secrets_delete_domain_sid(const char *domain);
+bool secrets_store_machine_password(const char *pass, const char *domain, enum netr_SchannelType sec_channel);
+char *secrets_fetch_prev_machine_password(const char *domain);
+char *secrets_fetch_machine_password(const char *domain,
+ time_t *pass_last_set_time,
+ enum netr_SchannelType *channel);
+bool trusted_domain_password_delete(const char *domain);
+bool secrets_store_ldap_pw(const char* dn, char* pw);
+bool fetch_ldap_pw(char **dn, char** pw);
+struct trustdom_info;
+NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
+ struct trustdom_info ***domains);
+bool secrets_store_afs_keyfile(const char *cell, const struct afs_keyfile *keyfile);
+bool secrets_fetch_afs_key(const char *cell, struct afs_key *result);
+void secrets_fetch_ipc_userpass(char **username, char **domain, char **password);
+bool secrets_store_generic(const char *owner, const char *key, const char *secret);
+char *secrets_fetch_generic(const char *owner, const char *key);
+bool secrets_delete_generic(const char *owner, const char *key);
+bool secrets_groupfilter_fetch(TALLOC_CTX *mem_ctx, struct dom_sid **psids,
+ uint32_t *pnum_sids);
#endif /* _SECRETS_H */