diff options
Diffstat (limited to 'source4/include')
-rw-r--r-- | source4/include/ads.h | 84 | ||||
-rw-r--r-- | source4/include/includes.h | 31 |
2 files changed, 71 insertions, 44 deletions
diff --git a/source4/include/ads.h b/source4/include/ads.h index f90983e405..410395a71b 100644 --- a/source4/include/ads.h +++ b/source4/include/ads.h @@ -1,9 +1,28 @@ -/* - header for ads (active directory) library routines - - basically this is a wrapper around ldap +/* + Unix SMB/CIFS implementation. + header for ads (active directory) library routines + basically this is a wrapper around ldap + + Copyright (C) Andrew Tridgell 2001-2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +#ifndef _ADS_H +#define _ADS_H + typedef struct { void *ld; /* the active ldap structure */ struct in_addr ldap_ip; /* the ip of the active connection, if any */ @@ -38,9 +57,9 @@ typedef struct { } config; } ADS_STRUCT; -/* there are 4 possible types of errors the ads subsystem can produce */ -enum ads_error_type {ADS_ERROR_KRB5, ADS_ERROR_GSS, - ADS_ERROR_LDAP, ADS_ERROR_SYSTEM, ADS_ERROR_NT}; +/* there are 5 possible types of errors the ads subsystem can produce */ +enum ads_error_type {ENUM_ADS_ERROR_KRB5, ENUM_ADS_ERROR_GSS, + ENUM_ADS_ERROR_LDAP, ENUM_ADS_ERROR_SYSTEM, ENUM_ADS_ERROR_NT}; typedef struct { enum ads_error_type error_type; @@ -48,7 +67,7 @@ typedef struct { int rc; NTSTATUS nt_status; } err; - /* For error_type = ADS_ERROR_GSS minor_status describe GSS API error */ + /* For error_type = ENUM_ADS_ERROR_GSS minor_status describe GSS API error */ /* Where rc represents major_status of GSS API error */ int minor_status; } ADS_STATUS; @@ -61,13 +80,13 @@ typedef void **ADS_MODLIST; /* macros to simplify error returning */ #define ADS_ERROR(rc) ADS_ERROR_LDAP(rc) -#define ADS_ERROR_LDAP(rc) ads_build_error(ADS_ERROR_LDAP, rc, 0) -#define ADS_ERROR_SYSTEM(rc) ads_build_error(ADS_ERROR_SYSTEM, rc?rc:EINVAL, 0) -#define ADS_ERROR_KRB5(rc) ads_build_error(ADS_ERROR_KRB5, rc, 0) -#define ADS_ERROR_GSS(rc, minor) ads_build_error(ADS_ERROR_GSS, rc, minor) -#define ADS_ERROR_NT(rc) ads_build_nt_error(ADS_ERROR_NT,rc) +#define ADS_ERROR_LDAP(rc) ads_build_error(ENUM_ADS_ERROR_LDAP, rc, 0) +#define ADS_ERROR_SYSTEM(rc) ads_build_error(ENUM_ADS_ERROR_SYSTEM, rc?rc:EINVAL, 0) +#define ADS_ERROR_KRB5(rc) ads_build_error(ENUM_ADS_ERROR_KRB5, rc, 0) +#define ADS_ERROR_GSS(rc, minor) ads_build_error(ENUM_ADS_ERROR_GSS, rc, minor) +#define ADS_ERROR_NT(rc) ads_build_nt_error(ENUM_ADS_ERROR_NT,rc) -#define ADS_ERR_OK(status) ((status.error_type == ADS_ERROR_NT) ? NT_STATUS_IS_OK(status.err.nt_status):(status.err.rc == 0)) +#define ADS_ERR_OK(status) ((status.error_type == ENUM_ADS_ERROR_NT) ? NT_STATUS_IS_OK(status.err.nt_status):(status.err.rc == 0)) #define ADS_SUCCESS ADS_ERROR(0) /* time between reconnect attempts */ @@ -205,7 +224,11 @@ typedef void **ADS_MODLIST; #define ADS_AUTH_NO_BIND 0x02 #define ADS_AUTH_ANON_BIND 0x04 #define ADS_AUTH_SIMPLE_BIND 0x08 +#define ADS_AUTH_ALLOW_NTLMSSP 0x10 +/*************************************** + Some krb5 compat stuff +***************************************/ /* Kerberos environment variable names */ #define KRB5_ENV_CCNAME "KRB5CCNAME" @@ -213,3 +236,36 @@ typedef void **ADS_MODLIST; #if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5) #define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5 #endif + +/* The older versions of heimdal that don't have this + define don't seem to use it anyway. I'm told they + always use a subkey */ +#ifndef HAVE_AP_OPTS_USE_SUBKEY +#define AP_OPTS_USE_SUBKEY 0 +#endif +#if defined(HAVE_KRB5) + +#ifndef HAVE_KRB5_SET_REAL_TIME +krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds); +#endif + +#ifndef HAVE_KRB5_SET_DEFAULT_TGS_KTYPES +krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc); +#endif + +#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) +krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock); +#endif + +/* Samba wrapper function for krb5 functionality. */ +void setup_kaddr( krb5_address *pkaddr, struct sockaddr *paddr); +int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype); +void get_auth_data_from_tkt(DATA_BLOB *auth_data, krb5_ticket *tkt); +krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt); +krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); +krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes); +void free_kerberos_etypes(krb5_context context, krb5_enctype *enctypes); +BOOL get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, BOOL remote); +#endif /* HAVE_KRB5 */ + +#endif /* _ADS_H */ diff --git a/source4/include/includes.h b/source4/include/includes.h index 2b83d14622..2391a59b67 100644 --- a/source4/include/includes.h +++ b/source4/include/includes.h @@ -339,10 +339,6 @@ #include <stropts.h> #endif -#ifdef HAVE_POLL_H -#include <poll.h> -#endif - #ifdef HAVE_SYS_CAPABILITY_H #if defined(BROKEN_REDHAT_7_SYSTEM_HEADERS) && !defined(_I386_STATFS_H) @@ -721,7 +717,6 @@ extern int errno; #include "../tdb/tdbutil.h" #include "talloc.h" #include "nt_status.h" -#include "ads.h" #include "interfaces.h" #include "trans2.h" #include "ioctl.h" @@ -734,6 +729,7 @@ extern int errno; #include "version.h" #include "smb.h" +#include "ads.h" #include "nameserv.h" #include "secrets.h" @@ -1147,30 +1143,5 @@ time_t timegm(struct tm *tm); #define VXFS_QUOTA #endif -#if defined(HAVE_KRB5) - -#ifndef KRB5_SET_REAL_TIME -krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds); -#endif - -#ifndef HAVE_KRB5_SET_DEFAULT_TGS_KTYPES -krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc); -#endif - -#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) -krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock); -#endif - -/* Samba wrapper function for krb5 functionality. */ -void setup_kaddr( krb5_address *pkaddr, struct sockaddr *paddr); -int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype); -void get_auth_data_from_tkt(DATA_BLOB *auth_data, krb5_ticket *tkt); -krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt); -krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); -krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes); -void free_kerberos_etypes(krb5_context context, krb5_enctype *enctypes); -BOOL krb5_get_smb_session_key(krb5_context context, krb5_auth_context auth_context, uint8 session_key[16]); -#endif /* HAVE_KRB5 */ - #endif /* _INCLUDES_H */ |