2 Unix SMB/CIFS implementation.
3 Samba Active Directory authentication policy functions
5 Copyright (C) Catalyst.Net Ltd 2023
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #ifndef KDC_AUTHN_POLICY_H
22 #define KDC_AUTHN_POLICY_H
24 #include "lib/replace/replace.h"
25 #include "libcli/util/ntstatus.h"
26 #include "librpc/gen_ndr/windows_event_ids.h"
28 /* Authentication policies for Kerberos clients. */
30 struct authn_kerberos_client_policy
;
32 /* Is an authentication policy enforced? */
33 bool authn_kerberos_client_policy_is_enforced(const struct authn_kerberos_client_policy
*policy
);
35 /* Get the raw TGT lifetime enforced by an authentication policy. */
36 int64_t authn_policy_enforced_tgt_lifetime_raw(const struct authn_kerberos_client_policy
*policy
);
38 /* Auditing information. */
40 struct authn_audit_info
;
42 /* This enum should be kept in sync with authn_audit_info_event(). */
43 enum authn_audit_event
{
44 AUTHN_AUDIT_EVENT_OK
= 0,
45 AUTHN_AUDIT_EVENT_KERBEROS_DEVICE_RESTRICTION
,
46 AUTHN_AUDIT_EVENT_KERBEROS_SERVER_RESTRICTION
,
47 AUTHN_AUDIT_EVENT_NTLM_DEVICE_RESTRICTION
,
48 AUTHN_AUDIT_EVENT_NTLM_SERVER_RESTRICTION
,
49 AUTHN_AUDIT_EVENT_OTHER_ERROR
,
52 /* This enum should be kept in sync with authn_audit_info_reason(). */
53 enum authn_audit_reason
{
54 AUTHN_AUDIT_REASON_NONE
= 0,
55 AUTHN_AUDIT_REASON_DESCRIPTOR_INVALID
,
56 AUTHN_AUDIT_REASON_DESCRIPTOR_NO_OWNER
,
57 AUTHN_AUDIT_REASON_SECURITY_TOKEN_FAILURE
,
58 AUTHN_AUDIT_REASON_ACCESS_DENIED
,
59 AUTHN_AUDIT_REASON_FAST_REQUIRED
,
62 enum auth_event_id_type
authn_audit_info_event_id(const struct authn_audit_info
*audit_info
);
64 const char *authn_audit_info_silo_name(const struct authn_audit_info
*audit_info
);
66 const char *authn_audit_info_policy_name(const struct authn_audit_info
*audit_info
);
68 const bool *authn_audit_info_policy_enforced(const struct authn_audit_info
*audit_info
);
70 const struct auth_user_info_dc
*authn_audit_info_client_info(const struct authn_audit_info
*audit_info
);
72 const char *authn_audit_info_event(const struct authn_audit_info
*audit_info
);
74 const char *authn_audit_info_reason(const struct authn_audit_info
*audit_info
);
76 NTSTATUS
authn_audit_info_policy_status(const struct authn_audit_info
*audit_info
);
78 const char *authn_audit_info_location(const struct authn_audit_info
*audit_info
);
80 struct authn_int64_optional
{
85 struct authn_int64_optional
authn_audit_info_policy_tgt_lifetime_mins(const struct authn_audit_info
*audit_info
);