summaryrefslogtreecommitdiffstats
path: root/source4/kdc/db-glue.h
blob: 3a59d6a421ade5be0b1ff5c4540aa43435205aa4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
/*
   Unix SMB/CIFS implementation.

   Database Glue between Samba and the KDC

   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2009
   Copyright (C) Simo Sorce <idra@samba.org> 2010

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.


   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

struct sdb_keys;
struct sdb_entry;

struct samba_kdc_base_context;
struct samba_kdc_db_context;
struct samba_kdc_entry;

enum samba_kdc_ent_type {
	SAMBA_KDC_ENT_TYPE_CLIENT,
	SAMBA_KDC_ENT_TYPE_SERVER,
	SAMBA_KDC_ENT_TYPE_KRBTGT,
	SAMBA_KDC_ENT_TYPE_TRUST,
	SAMBA_KDC_ENT_TYPE_ANY
};

/*
 * This allows DSDB to parse Kerberos keys without duplicating this
 * difficulty
 */
krb5_error_code samba_kdc_message2entry_keys(krb5_context context,
					     TALLOC_CTX *mem_ctx,
					     const struct ldb_message *msg,
					     bool is_krbtgt,
					     bool is_rodc,
					     uint32_t userAccountControl,
					     enum samba_kdc_ent_type ent_type,
					     unsigned flags,
					     krb5_kvno requested_kvno,
					     struct sdb_entry *entry,
					     const uint32_t supported_enctypes_in,
					     uint32_t *supported_enctypes_out);

int samba_kdc_set_fixed_keys(krb5_context context,
			     const struct ldb_val *secretbuffer,
			     uint32_t supported_enctypes,
			     struct sdb_keys *keys);

krb5_error_code samba_kdc_fetch(krb5_context context,
				struct samba_kdc_db_context *kdc_db_ctx,
				krb5_const_principal principal,
				unsigned flags,
				krb5_kvno kvno,
				struct sdb_entry *entry);

krb5_error_code samba_kdc_firstkey(krb5_context context,
				   struct samba_kdc_db_context *kdc_db_ctx,
				   struct sdb_entry *entry);

krb5_error_code samba_kdc_nextkey(krb5_context context,
				  struct samba_kdc_db_context *kdc_db_ctx,
				  struct sdb_entry *entry);

krb5_error_code
samba_kdc_check_client_matches_target_service(krb5_context context,
			 struct samba_kdc_entry *skdc_entry_client,
			 struct samba_kdc_entry *skdc_entry_server_target);

krb5_error_code
samba_kdc_check_pkinit_ms_upn_match(krb5_context context,
				    struct samba_kdc_db_context *kdc_db_ctx,
				    struct samba_kdc_entry *skdc_entry,
				    krb5_const_principal certificate_principal);

krb5_error_code
samba_kdc_check_s4u2proxy(krb5_context context,
			  struct samba_kdc_db_context *kdc_db_ctx,
			  struct samba_kdc_entry *skdc_entry,
			  krb5_const_principal target_principal);

krb5_error_code samba_kdc_check_s4u2proxy_rbcd(
		krb5_context context,
		struct samba_kdc_db_context *kdc_db_ctx,
		krb5_const_principal client_principal,
		krb5_const_principal server_principal,
		krb5_pac header_pac,
		struct samba_kdc_entry *proxy_skdc_entry);

NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_context *base_ctx,
				struct samba_kdc_db_context **kdc_db_ctx_out);

krb5_error_code dsdb_extract_aes_256_key(krb5_context context,
					 TALLOC_CTX *mem_ctx,
					 const struct ldb_message *msg,
					 uint32_t user_account_control,
					 const uint32_t *kvno,
					 uint32_t *kvno_out,
					 DATA_BLOB *aes_256_key,
					 DATA_BLOB *salt);