search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
mit-kdb: support MIT Kerberos 1.16 KDB API changes
[Samba.git] / source4 / kdc / mit-kdb / kdb_samba.h
blobb9c571f26cbaafb3b010df8efda1b3aa850cf164
1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /*
3 * plugins/kdb/samba/kdb_samba.h
4 *
5 * Copyright (c) 2009, Simo Sorce <idra@samba.org>
6 * All Rights Reserved.
7 *
8 * Export of this software from the United States of America may
9 * require a specific license from the United States Government.
10 * It is the responsibility of any person or organization contemplating
11 * export to obtain such a license before exporting.
12 *
13 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
14 * distribute this software and its documentation for any purpose and
15 * without fee is hereby granted, provided that the above copyright
16 * notice appear in all copies and that both that copyright notice and
17 * this permission notice appear in supporting documentation, and that
18 * the name of M.I.T. not be used in advertising or publicity pertaining
19 * to distribution of the software without specific, written prior
20 * permission. Furthermore if you modify this software you must label
21 * your software as modified software and not distribute it in such a
22 * fashion that it might be confused with the original M.I.T. software.
23 * M.I.T. makes no representations about the suitability of
24 * this software for any purpose. It is provided "as is" without express
25 * or implied warranty.
26 *
27 */
28
29 #ifndef _KDB_SAMBA_H_
30 #define _KDB_SAMBA_H_
31
32 #include <stdbool.h>
33
34 #include <krb5/krb5.h>
35 #include <krb5/plugin.h>
36
37 #define PAC_LOGON_INFO 1
38
39 #ifndef discard_const_p
40 #if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T)
41 # define discard_const_p(type, ptr) ((type *)((intptr_t)(ptr)))
42 #else
43 # define discard_const_p(type, ptr) ((type *)(ptr))
44 #endif
45 #endif
46
47 /* from kdb_samba_common.c */
48
49 struct mit_samba_context *ks_get_context(krb5_context kcontext);
50
51 bool ks_data_eq_string(krb5_data d, const char *s);
52
53 krb5_data ks_make_data(void *data, unsigned int len);
54
55 krb5_boolean ks_is_kadmin(krb5_context context,
56 krb5_const_principal princ);
57
58 krb5_boolean ks_is_kadmin_history(krb5_context context,
59 krb5_const_principal princ);
60
61 krb5_boolean ks_is_kadmin_changepw(krb5_context context,
62 krb5_const_principal princ);
63
64 krb5_boolean ks_is_kadmin_admin(krb5_context context,
65 krb5_const_principal princ);
66
67 /* from kdb_samba_principals.c */
68
69 krb5_error_code kdb_samba_db_get_principal(krb5_context context,
70 krb5_const_principal princ,
71 unsigned int kflags,
72 krb5_db_entry **kentry);
73
74 krb5_error_code kdb_samba_db_put_principal(krb5_context context,
75 krb5_db_entry *entry,
76 char **db_args);
77
78 krb5_error_code kdb_samba_db_delete_principal(krb5_context context,
79 krb5_const_principal princ);
80
81 #if KRB5_KDB_API_VERSION >= 8
82 krb5_error_code kdb_samba_db_iterate(krb5_context context,
83 char *match_entry,
84 int (*func)(krb5_pointer, krb5_db_entry *),
85 krb5_pointer func_arg,
86 krb5_flags iterflags);
87 #else
88 krb5_error_code kdb_samba_db_iterate(krb5_context context,
89 char *match_entry,
90 int (*func)(krb5_pointer, krb5_db_entry *),
91 krb5_pointer func_arg);
92 #endif
93
94 /* from kdb_samba_masterkey.c */
95
96 krb5_error_code kdb_samba_fetch_master_key(krb5_context context,
97 krb5_principal name,
98 krb5_keyblock *key,
99 krb5_kvno *kvno,
100 char *db_args);
101
102 krb5_error_code kdb_samba_fetch_master_key_list(krb5_context context,
103 krb5_principal mname,
104 const krb5_keyblock *key,
105 krb5_keylist_node **mkeys_list);
106
107 /* from kdb_samba_pac.c */
108
109 krb5_error_code kdb_samba_dbekd_decrypt_key_data(krb5_context context,
110 const krb5_keyblock *mkey,
111 const krb5_key_data *key_data,
112 krb5_keyblock *kkey,
113 krb5_keysalt *keysalt);
114
115 krb5_error_code kdb_samba_dbekd_encrypt_key_data(krb5_context context,
116 const krb5_keyblock *mkey,
117 const krb5_keyblock *kkey,
118 const krb5_keysalt *keysalt,
119 int keyver,
120 krb5_key_data *key_data);
121
122 /* from kdb_samba_policies.c */
123
124 krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
125 unsigned int flags,
126 krb5_const_principal client_princ,
127 krb5_db_entry *client,
128 krb5_db_entry *server,
129 krb5_db_entry *krbtgt,
130 krb5_keyblock *client_key,
131 krb5_keyblock *server_key,
132 krb5_keyblock *krbtgt_key,
133 krb5_keyblock *session_key,
134 krb5_timestamp authtime,
135 krb5_authdata **tgt_auth_data,
136 krb5_authdata ***signed_auth_data);
137
138 krb5_error_code kdb_samba_db_check_policy_as(krb5_context context,
139 krb5_kdc_req *kdcreq,
140 krb5_db_entry *client,
141 krb5_db_entry *server,
142 krb5_timestamp kdc_time,
143 const char **status,
144 krb5_pa_data ***e_data_out);
145
146 krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
147 krb5_const_principal client,
148 const krb5_db_entry *server,
149 krb5_const_principal proxy);
150
151 #if KRB5_KDB_API_VERSION >= 9
152 void kdb_samba_db_audit_as_req(krb5_context kcontext,
153 krb5_kdc_req *request,
154 const krb5_address *local_addr,
155 const krb5_address *remote_addr,
156 krb5_db_entry *client,
157 krb5_db_entry *server,
158 krb5_timestamp authtime,
159 krb5_error_code error_code);
160 #else
161 void kdb_samba_db_audit_as_req(krb5_context kcontext,
162 krb5_kdc_req *request,
163 krb5_db_entry *client,
164 krb5_db_entry *server,
165 krb5_timestamp authtime,
166 krb5_error_code error_code);
167 #endif
168
169 /* from kdb_samba_change_pwd.c */
170
171 krb5_error_code kdb_samba_change_pwd(krb5_context context,
172 krb5_keyblock *master_key,
173 krb5_key_salt_tuple *ks_tuple,
174 int ks_tuple_count, char *passwd,
175 int new_kvno, krb5_boolean keepold,
176 krb5_db_entry *db_entry);
177
178 #endif /* _KDB_SAMBA_H_ */
Samba GIT mirror