From 8daa83a594a2e98f39d764422bfbdbc62c9efd44 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 19:20:00 +0200 Subject: Adding upstream version 2:4.20.0+dfsg. Signed-off-by: Daniel Baumann --- auth/authn_policy_impl.h | 82 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 auth/authn_policy_impl.h (limited to 'auth/authn_policy_impl.h') diff --git a/auth/authn_policy_impl.h b/auth/authn_policy_impl.h new file mode 100644 index 0000000..121c6cb --- /dev/null +++ b/auth/authn_policy_impl.h @@ -0,0 +1,82 @@ +/* + Unix SMB/CIFS implementation. + Samba Active Directory authentication policy private implementation details + + Copyright (C) Catalyst.Net Ltd 2023 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef KDC_AUTHN_POLICY_IMPL_H +#define KDC_AUTHN_POLICY_IMPL_H + +#include "lib/replace/replace.h" + +#include "auth/authn_policy.h" +#include "lib/util/data_blob.h" +#include "libcli/util/ntstatus.h" + +struct authn_policy { + const char *silo_name; + const char *policy_name; + bool enforced; +}; + +bool authn_policy_is_enforced(const struct authn_policy *policy); + +struct authn_kerberos_client_policy { + struct authn_policy policy; + DATA_BLOB allowed_to_authenticate_from; + int64_t tgt_lifetime_raw; +}; + +struct authn_ntlm_client_policy { + struct authn_policy policy; + DATA_BLOB allowed_to_authenticate_from; + bool allowed_ntlm_network_auth; +}; + +struct authn_server_policy { + struct authn_policy policy; + DATA_BLOB allowed_to_authenticate_to; +}; + +/* Auditing information. */ + +struct authn_audit_info { + struct authn_policy *policy; + const struct auth_user_info_dc *client_info; + enum authn_audit_event event; + enum authn_audit_reason reason; + NTSTATUS policy_status; + const char *location; + struct authn_int64_optional tgt_lifetime_raw; +}; + +static inline struct authn_int64_optional authn_int64_some(const int64_t val) +{ + return (struct authn_int64_optional) { + .is_present = true, + .val = val, + }; +} + +static inline struct authn_int64_optional authn_int64_none(void) +{ + return (struct authn_int64_optional) { + .is_present = false, + }; +} + +#endif -- cgit v1.2.3