1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
3 * plugins/kdb/samba/kdb_samba.h
5 * Copyright (c) 2009, Simo Sorce <idra@samba.org>
8 * Export of this software from the United States of America may
9 * require a specific license from the United States Government.
10 * It is the responsibility of any person or organization contemplating
11 * export to obtain such a license before exporting.
13 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
14 * distribute this software and its documentation for any purpose and
15 * without fee is hereby granted, provided that the above copyright
16 * notice appear in all copies and that both that copyright notice and
17 * this permission notice appear in supporting documentation, and that
18 * the name of M.I.T. not be used in advertising or publicity pertaining
19 * to distribution of the software without specific, written prior
20 * permission. Furthermore if you modify this software you must label
21 * your software as modified software and not distribute it in such a
22 * fashion that it might be confused with the original M.I.T. software.
23 * M.I.T. makes no representations about the suitability of
24 * this software for any purpose. It is provided "as is" without express
25 * or implied warranty.
34 #include <krb5/krb5.h>
35 #include <krb5/plugin.h>
37 #define PAC_LOGON_INFO 1
39 #ifndef discard_const_p
40 #if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T)
41 # define discard_const_p(type, ptr) ((type *)((intptr_t)(ptr)))
43 # define discard_const_p(type, ptr) ((type *)(ptr))
47 /* from kdb_samba_common.c */
49 struct mit_samba_context
*ks_get_context(krb5_context kcontext
);
51 bool ks_data_eq_string(krb5_data d
, const char *s
);
53 krb5_data
ks_make_data(void *data
, unsigned int len
);
55 krb5_boolean
ks_is_kadmin(krb5_context context
,
56 krb5_const_principal princ
);
58 krb5_boolean
ks_is_kadmin_history(krb5_context context
,
59 krb5_const_principal princ
);
61 krb5_boolean
ks_is_kadmin_changepw(krb5_context context
,
62 krb5_const_principal princ
);
64 krb5_boolean
ks_is_kadmin_admin(krb5_context context
,
65 krb5_const_principal princ
);
67 /* from kdb_samba_principals.c */
69 krb5_error_code
kdb_samba_db_get_principal(krb5_context context
,
70 krb5_const_principal princ
,
72 krb5_db_entry
**kentry
);
74 krb5_error_code
kdb_samba_db_put_principal(krb5_context context
,
78 krb5_error_code
kdb_samba_db_delete_principal(krb5_context context
,
79 krb5_const_principal princ
);
81 #if KRB5_KDB_API_VERSION >= 8
82 krb5_error_code
kdb_samba_db_iterate(krb5_context context
,
84 int (*func
)(krb5_pointer
, krb5_db_entry
*),
85 krb5_pointer func_arg
,
86 krb5_flags iterflags
);
88 krb5_error_code
kdb_samba_db_iterate(krb5_context context
,
90 int (*func
)(krb5_pointer
, krb5_db_entry
*),
91 krb5_pointer func_arg
);
94 /* from kdb_samba_masterkey.c */
96 krb5_error_code
kdb_samba_fetch_master_key(krb5_context context
,
102 krb5_error_code
kdb_samba_fetch_master_key_list(krb5_context context
,
103 krb5_principal mname
,
104 const krb5_keyblock
*key
,
105 krb5_keylist_node
**mkeys_list
);
107 /* from kdb_samba_pac.c */
109 krb5_error_code
kdb_samba_dbekd_decrypt_key_data(krb5_context context
,
110 const krb5_keyblock
*mkey
,
111 const krb5_key_data
*key_data
,
113 krb5_keysalt
*keysalt
);
115 krb5_error_code
kdb_samba_dbekd_encrypt_key_data(krb5_context context
,
116 const krb5_keyblock
*mkey
,
117 const krb5_keyblock
*kkey
,
118 const krb5_keysalt
*keysalt
,
120 krb5_key_data
*key_data
);
122 /* from kdb_samba_policies.c */
124 krb5_error_code
kdb_samba_db_sign_auth_data(krb5_context context
,
126 krb5_const_principal client_princ
,
127 krb5_db_entry
*client
,
128 krb5_db_entry
*server
,
129 krb5_db_entry
*krbtgt
,
130 krb5_keyblock
*client_key
,
131 krb5_keyblock
*server_key
,
132 krb5_keyblock
*krbtgt_key
,
133 krb5_keyblock
*session_key
,
134 krb5_timestamp authtime
,
135 krb5_authdata
**tgt_auth_data
,
136 krb5_authdata
***signed_auth_data
);
138 krb5_error_code
kdb_samba_db_check_policy_as(krb5_context context
,
139 krb5_kdc_req
*kdcreq
,
140 krb5_db_entry
*client
,
141 krb5_db_entry
*server
,
142 krb5_timestamp kdc_time
,
144 krb5_pa_data
***e_data_out
);
146 krb5_error_code
kdb_samba_db_check_allowed_to_delegate(krb5_context context
,
147 krb5_const_principal client
,
148 const krb5_db_entry
*server
,
149 krb5_const_principal proxy
);
151 #if KRB5_KDB_API_VERSION >= 9
152 void kdb_samba_db_audit_as_req(krb5_context kcontext
,
153 krb5_kdc_req
*request
,
154 const krb5_address
*local_addr
,
155 const krb5_address
*remote_addr
,
156 krb5_db_entry
*client
,
157 krb5_db_entry
*server
,
158 krb5_timestamp authtime
,
159 krb5_error_code error_code
);
161 void kdb_samba_db_audit_as_req(krb5_context kcontext
,
162 krb5_kdc_req
*request
,
163 krb5_db_entry
*client
,
164 krb5_db_entry
*server
,
165 krb5_timestamp authtime
,
166 krb5_error_code error_code
);
169 /* from kdb_samba_change_pwd.c */
171 krb5_error_code
kdb_samba_change_pwd(krb5_context context
,
172 krb5_keyblock
*master_key
,
173 krb5_key_salt_tuple
*ks_tuple
,
174 int ks_tuple_count
, char *passwd
,
175 int new_kvno
, krb5_boolean keepold
,
176 krb5_db_entry
*db_entry
);
178 #endif /* _KDB_SAMBA_H_ */