summaryrefslogtreecommitdiffstats
path: root/source4/kdc/mit-kdb/kdb_samba.h
blob: 138105ef2111f7c4243c75ba5f95634b04397790 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
/*
   Unix SMB/CIFS implementation.

   Samba KDB plugin for MIT Kerberos

   Copyright (c) 2009      Simo Sorce <idra@samba.org>.

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#ifndef _KDB_SAMBA_H_
#define _KDB_SAMBA_H_

#include <stdbool.h>

#include <krb5/krb5.h>
#include <krb5/plugin.h>

#define PAC_LOGON_INFO 1

#ifndef discard_const_p
#if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T)
# define discard_const_p(type, ptr) ((type *)((intptr_t)(ptr)))
#else
# define discard_const_p(type, ptr) ((type *)(ptr))
#endif
#endif

/* from kdb_samba_common.c */

struct mit_samba_context *ks_get_context(krb5_context kcontext);

krb5_error_code ks_get_principal(krb5_context context,
				 krb5_const_principal principal,
				 unsigned int kflags,
				 krb5_db_entry **kentry);

void ks_free_principal(krb5_context context, krb5_db_entry *entry);

bool ks_data_eq_string(krb5_data d, const char *s);

krb5_data ks_make_data(void *data, unsigned int len);

krb5_boolean ks_is_kadmin(krb5_context context,
			  krb5_const_principal princ);

krb5_boolean ks_is_kadmin_history(krb5_context context,
				  krb5_const_principal princ);

krb5_boolean ks_is_kadmin_changepw(krb5_context context,
				   krb5_const_principal princ);

krb5_boolean ks_is_kadmin_admin(krb5_context context,
				krb5_const_principal princ);

/* from kdb_samba_principals.c */

krb5_error_code kdb_samba_db_get_principal(krb5_context context,
					   krb5_const_principal princ,
					   unsigned int kflags,
					   krb5_db_entry **kentry);

krb5_error_code kdb_samba_db_put_principal(krb5_context context,
					   krb5_db_entry *entry,
					   char **db_args);

krb5_error_code kdb_samba_db_delete_principal(krb5_context context,
					      krb5_const_principal princ);

krb5_error_code kdb_samba_db_iterate(krb5_context context,
				     char *match_entry,
				     int (*func)(krb5_pointer, krb5_db_entry *),
				     krb5_pointer func_arg,
				     krb5_flags iterflags);

/* from kdb_samba_masterkey.c */

krb5_error_code kdb_samba_fetch_master_key(krb5_context context,
					   krb5_principal name,
					   krb5_keyblock *key,
					   krb5_kvno *kvno,
					   char *db_args);

krb5_error_code kdb_samba_fetch_master_key_list(krb5_context context,
						krb5_principal mname,
						const krb5_keyblock *key,
						krb5_keylist_node **mkeys_list);

/* from kdb_samba_pac.c */

krb5_error_code kdb_samba_dbekd_decrypt_key_data(krb5_context context,
						 const krb5_keyblock *mkey,
						 const krb5_key_data *key_data,
						 krb5_keyblock *kkey,
						 krb5_keysalt *keysalt);

krb5_error_code kdb_samba_dbekd_encrypt_key_data(krb5_context context,
						 const krb5_keyblock *mkey,
						 const krb5_keyblock *kkey,
						 const krb5_keysalt *keysalt,
						 int keyver,
						 krb5_key_data *key_data);

/* from kdb_samba_policies.c */
krb5_error_code kdb_samba_db_issue_pac(krb5_context context,
				       unsigned int flags,
				       krb5_db_entry *client,
				       krb5_keyblock *replaced_reply_key,
				       krb5_db_entry *server,
				       krb5_db_entry *signing_krbtgt,
				       krb5_timestamp authtime,
				       krb5_pac old_pac,
				       krb5_pac new_pac,
				       krb5_data ***auth_indicators);

krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
					    unsigned int flags,
					    krb5_const_principal client_princ,
					    krb5_const_principal server_princ,
					    krb5_db_entry *client,
					    krb5_db_entry *server,
					    krb5_db_entry *krbtgt,
					    krb5_db_entry *local_krbtgt,
					    krb5_keyblock *client_key,
					    krb5_keyblock *server_key,
					    krb5_keyblock *krbtgt_key,
					    krb5_keyblock *local_krbtgt_key,
					    krb5_keyblock *session_key,
					    krb5_timestamp authtime,
					    krb5_authdata **tgt_auth_data,
					    void *authdata_info,
					    krb5_data ***auth_indicators,
					    krb5_authdata ***signed_auth_data);

krb5_error_code kdb_samba_db_check_policy_as(krb5_context context,
					     krb5_kdc_req *kdcreq,
					     krb5_db_entry *client,
					     krb5_db_entry *server,
					     krb5_timestamp kdc_time,
					     const char **status,
					     krb5_pa_data ***e_data_out);

krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
						       krb5_const_principal client,
						       const krb5_db_entry *server,
						       krb5_const_principal proxy);

krb5_error_code kdb_samba_db_allowed_to_delegate_from(
		krb5_context context,
		krb5_const_principal client,
		krb5_const_principal server,
		krb5_pac header_pac,
		const krb5_db_entry *proxy);

void kdb_samba_db_audit_as_req(krb5_context kcontext,
			       krb5_kdc_req *request,
			       const krb5_address *local_addr,
			       const krb5_address *remote_addr,
			       krb5_db_entry *client,
			       krb5_db_entry *server,
			       krb5_timestamp authtime,
			       krb5_error_code error_code);

/* from kdb_samba_change_pwd.c */

krb5_error_code kdb_samba_change_pwd(krb5_context context,
				     krb5_keyblock *master_key,
				     krb5_key_salt_tuple *ks_tuple,
				     int ks_tuple_count, char *passwd,
				     int new_kvno, krb5_boolean keepold,
				     krb5_db_entry *db_entry);

#endif /* _KDB_SAMBA_H_ */