summaryrefslogtreecommitdiffstats
path: root/source4/kdc/db-glue.h
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:47:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:47:29 +0000
commit4f5791ebd03eaec1c7da0865a383175b05102712 (patch)
tree8ce7b00f7a76baa386372422adebbe64510812d4 /source4/kdc/db-glue.h
parentInitial commit. (diff)
downloadsamba-upstream.tar.xz
samba-upstream.zip
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'source4/kdc/db-glue.h')
-rw-r--r--source4/kdc/db-glue.h111
1 files changed, 111 insertions, 0 deletions
diff --git a/source4/kdc/db-glue.h b/source4/kdc/db-glue.h
new file mode 100644
index 0000000..3a59d6a
--- /dev/null
+++ b/source4/kdc/db-glue.h
@@ -0,0 +1,111 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Database Glue between Samba and the KDC
+
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2009
+ Copyright (C) Simo Sorce <idra@samba.org> 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+struct sdb_keys;
+struct sdb_entry;
+
+struct samba_kdc_base_context;
+struct samba_kdc_db_context;
+struct samba_kdc_entry;
+
+enum samba_kdc_ent_type {
+ SAMBA_KDC_ENT_TYPE_CLIENT,
+ SAMBA_KDC_ENT_TYPE_SERVER,
+ SAMBA_KDC_ENT_TYPE_KRBTGT,
+ SAMBA_KDC_ENT_TYPE_TRUST,
+ SAMBA_KDC_ENT_TYPE_ANY
+};
+
+/*
+ * This allows DSDB to parse Kerberos keys without duplicating this
+ * difficulty
+ */
+krb5_error_code samba_kdc_message2entry_keys(krb5_context context,
+ TALLOC_CTX *mem_ctx,
+ const struct ldb_message *msg,
+ bool is_krbtgt,
+ bool is_rodc,
+ uint32_t userAccountControl,
+ enum samba_kdc_ent_type ent_type,
+ unsigned flags,
+ krb5_kvno requested_kvno,
+ struct sdb_entry *entry,
+ const uint32_t supported_enctypes_in,
+ uint32_t *supported_enctypes_out);
+
+int samba_kdc_set_fixed_keys(krb5_context context,
+ const struct ldb_val *secretbuffer,
+ uint32_t supported_enctypes,
+ struct sdb_keys *keys);
+
+krb5_error_code samba_kdc_fetch(krb5_context context,
+ struct samba_kdc_db_context *kdc_db_ctx,
+ krb5_const_principal principal,
+ unsigned flags,
+ krb5_kvno kvno,
+ struct sdb_entry *entry);
+
+krb5_error_code samba_kdc_firstkey(krb5_context context,
+ struct samba_kdc_db_context *kdc_db_ctx,
+ struct sdb_entry *entry);
+
+krb5_error_code samba_kdc_nextkey(krb5_context context,
+ struct samba_kdc_db_context *kdc_db_ctx,
+ struct sdb_entry *entry);
+
+krb5_error_code
+samba_kdc_check_client_matches_target_service(krb5_context context,
+ struct samba_kdc_entry *skdc_entry_client,
+ struct samba_kdc_entry *skdc_entry_server_target);
+
+krb5_error_code
+samba_kdc_check_pkinit_ms_upn_match(krb5_context context,
+ struct samba_kdc_db_context *kdc_db_ctx,
+ struct samba_kdc_entry *skdc_entry,
+ krb5_const_principal certificate_principal);
+
+krb5_error_code
+samba_kdc_check_s4u2proxy(krb5_context context,
+ struct samba_kdc_db_context *kdc_db_ctx,
+ struct samba_kdc_entry *skdc_entry,
+ krb5_const_principal target_principal);
+
+krb5_error_code samba_kdc_check_s4u2proxy_rbcd(
+ krb5_context context,
+ struct samba_kdc_db_context *kdc_db_ctx,
+ krb5_const_principal client_principal,
+ krb5_const_principal server_principal,
+ krb5_pac header_pac,
+ struct samba_kdc_entry *proxy_skdc_entry);
+
+NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_context *base_ctx,
+ struct samba_kdc_db_context **kdc_db_ctx_out);
+
+krb5_error_code dsdb_extract_aes_256_key(krb5_context context,
+ TALLOC_CTX *mem_ctx,
+ const struct ldb_message *msg,
+ uint32_t user_account_control,
+ const uint32_t *kvno,
+ uint32_t *kvno_out,
+ DATA_BLOB *aes_256_key,
+ DATA_BLOB *salt);