-
Notifications
You must be signed in to change notification settings - Fork 1
/
samba_helper.h
157 lines (126 loc) · 6.16 KB
/
samba_helper.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
// Copyright 2016 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef AUTHPOLICY_SAMBA_HELPER_H_
#define AUTHPOLICY_SAMBA_HELPER_H_
#include <string>
#include <vector>
#include <base/time/time.h>
namespace authpolicy {
class Anonymizer;
// Number of code points in randomly generated machine passwords.
constexpr size_t kMachinePasswordCodePoints = 32;
// By default, change the machine password every 30 days.
constexpr base::TimeDelta kDefaultMachinePasswordChangeRate =
base::TimeDelta::FromDays(30);
// Group policy flags.
const int kGpFlagAllEnabled = 0x00;
const int kGpFlagUserDisabled = 0x01;
const int kGpFlagMachineDisabled = 0x02;
const int kGpFlagAllDisabled = 0x03;
const int kGpFlagCount = 0x04;
const int kGpFlagInvalid = 0x04;
extern const char* const kGpFlagsStr[];
// Params for net and smbclient.
extern const char kKerberosParam[];
extern const char kConfigParam[];
extern const char kDebugParam[];
extern const char kCommandParam[];
extern const char kUserParam[];
extern const char kMachinepassStdinParam[];
extern const char kCreatecomputerParam[];
extern const char kOsNameParam[];
extern const char kOsVersionParam[];
extern const char kOsServicePackParam[];
// Params for kinit.
extern const char kUseKeytabParam[];
extern const char kValidityLifetimeParam[];
extern const char kRenewalLifetimeParam[];
extern const char kRenewParam[];
// Params for klist.
extern const char kSetExitStatusParam[];
extern const char kCredentialCacheParam[];
// Kerberos encryption types strings for the Kerberos configuration.
extern const char kEncTypesAll[];
extern const char kEncTypesStrong[];
extern const char kEncTypesLegacy[];
// Marker for user affiliation (whether the device domain trusts the user
// domain). This marker is added to PolicyData.device_affiliation_ids for device
// policy. For user policy, it is added if and only if
// SambaInterface::IsUserAffiliated indicates that the user is affiliated.
extern const char kAffiliationMarker[];
// Parses [email protected] into its components and normalizes (uppercases)
// the part behind the @. |user_name| is 'user_name', |realm| is |SOME.REALM|
// and |normalized_user_principal_name| is [email protected].
bool ParseUserPrincipalName(const std::string& user_principal_name,
std::string* user_name,
std::string* realm,
std::string* normalized_user_principal_name);
// Parses the given |in_str| consisting of individual lines for
// ... \n
// |token| <token_separator> |result| \n
// ... \n
// and returns the first non-empty |result|. Whitespace is trimmed.
bool FindToken(const std::string& in_str,
char token_separator,
const std::string& token,
std::string* result);
// Returns true if the given one-line string |in_line| has the form
// |token| <token_separator> |result|
// and returns |result|. Whitespace is trimmed.
bool FindTokenInLine(const std::string& in_line,
char token_separator,
const std::string& token,
std::string* result);
// Parses a GPO version string, which consists of a number and the same number
// as base-16 hex number, e.g. '31 (0x0000001f)'.
bool ParseGpoVersion(const std::string& str, uint32_t* version);
// Parses a group policy flags string, which consists of a number 0-3 and a
// descriptive name. See |kGpFlag*| for possible values.
bool ParseGpFlags(const std::string& str, int* gp_flags);
// Returns true if the string contains the given substring.
bool Contains(const std::string& str, const std::string& substr);
// Converts a valid GUID (see base::IsValidGUID()) to an octet string, see e.g.
// http://stackoverflow.com/questions/1545630/searching-for-a-objectguid-in-ad.
// Returns an empty string on error.
std::string GuidToOctetString(const std::string& guid);
// Converts an octet string to a GUID. Inverse of GuidToOctetString(). Only for
// testing! Just performs basic size checks, no strict format checks. Returns an
// empty string on error.
std::string OctetStringToGuidForTesting(const std::string& octet_str);
// Converts an |account_id| (aka objectGUID) to an account_id_key by adding a
// prefix |kActiveDirectoryPrefix|.
std::string GetAccountIdKey(const std::string& account_id);
// Logs |str| to INFO, prepending |header|. Splits |str| into lines and logs the
// lines. This works around a restriction of syslog of 8kb per log and fixes
// unreadable logs where \n is replaced by #012. Anonymizes logs with
// |anonymizer| to remove sensitive data. |color| is a color from log_colors.h.
void LogLongString(const char* color,
const std::string& header,
const std::string& str,
Anonymizer* anonymizer);
// Builds a distinguished name from a vector of |organizational_units|, ordered
// leaf-to-root, and a DNS |domain| name. Returns a combined string
// 'ou=ouLeaf,...,ou=ouRoot,dc="example",dc="com"'. Makes sure the result is
// properly escaped..
std::string BuildDistinguishedName(
const std::vector<std::string>& organizational_units,
const std::string& domain);
// Generates a random password that can be used for Active Directory machine
// accounts. It is UTF-8 encoded with |kMachinePasswordCodePoints| code points.
// Since Kerberos code cannot handle higher code points, all code points are
// below or equal to 0xFFFF. Excludes
// - invalid code points,
// - '\0', so that the string can be safely converted to and from char*, and
// - '\n', so that the password can be read from stdin.
// The runtime is not deterministic, but the average runtime is
// O(kMachinePasswordCodePoints).
std::string GenerateRandomMachinePassword();
using RandomBytesGenerator = void(void* bytes, size_t length);
void SetRandomNumberGeneratorForTesting(RandomBytesGenerator* rand_bytes);
// Returns the OS name from the lsb-release file or an empty string on error.
std::string GetOsName();
// Returns the OS version from the lsb-release file or an empty string on error.
std::string GetOsVersion();
} // namespace authpolicy
#endif // AUTHPOLICY_SAMBA_HELPER_H_