source4/kdc/mit_samba.h

   1 /*
   2    MIT-Samba4 library
   3
   4    Copyright (c) 2010, Simo Sorce <idra@samba.org>
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18  */
  19
  20 #ifndef _MIT_SAMBA_H
  21 #define _MIT_SAMBA_H
  22
  23 struct mit_samba_context {
  24         struct auth_session_info *session_info;
  25
  26         /* for compat with hdb plugin common code */
  27         krb5_context context;
  28         struct samba_kdc_db_context *db_ctx;
  29 };
  30
  31 int mit_samba_context_init(struct mit_samba_context **_ctx);
  32
  33 void mit_samba_context_free(struct mit_samba_context *ctx);
  34
  35 int mit_samba_generate_salt(krb5_data *salt);
  36
  37 int mit_samba_generate_random_password(krb5_data *pwd);
  38
  39 int mit_samba_get_principal(struct mit_samba_context *ctx,
  40                                    krb5_const_principal principal,
  41                                    unsigned int kflags,
  42                                    krb5_db_entry **_kentry);
  43
  44 int mit_samba_get_firstkey(struct mit_samba_context *ctx,
  45                            krb5_db_entry **_kentry);
  46
  47 int mit_samba_get_nextkey(struct mit_samba_context *ctx,
  48                           krb5_db_entry **_kentry);
  49
  50 int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
  51                       krb5_context context,
  52                       uint32_t flags,
  53                       krb5_db_entry *client,
  54                       krb5_db_entry *server,
  55                       krb5_keyblock *replaced_reply_key,
  56                       krb5_pac *pac);
  57
  58 krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
  59                                     krb5_context context,
  60                                     int flags,
  61                                     krb5_const_principal client_principal,
  62                                     krb5_db_entry *client,
  63                                     krb5_db_entry *server,
  64                                     krb5_db_entry *krbtgt,
  65                                     krb5_keyblock *krbtgt_keyblock,
  66                                     krb5_pac *pac);
  67
  68 krb5_error_code mit_samba_update_pac(struct mit_samba_context *ctx,
  69                                     krb5_context context,
  70                                     int flags,
  71                                     krb5_db_entry *client,
  72                                     krb5_db_entry *server,
  73                                     krb5_db_entry *signing_krbtgt,
  74                                     krb5_pac old_pac,
  75                                     krb5_pac new_pac);
  76
  77 int mit_samba_check_client_access(struct mit_samba_context *ctx,
  78                                   krb5_db_entry *client,
  79                                   const char *client_name,
  80                                   krb5_db_entry *server,
  81                                   const char *server_name,
  82                                   const char *netbios_name,
  83                                   bool password_change,
  84                                   DATA_BLOB *e_data);
  85
  86 int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx,
  87                               const krb5_db_entry *server,
  88                               krb5_const_principal target_principal);
  89 krb5_error_code mit_samba_check_allowed_to_delegate_from(
  90                 struct mit_samba_context *ctx,
  91                 krb5_const_principal client,
  92                 krb5_const_principal server,
  93                 krb5_pac header_pac,
  94                 const krb5_db_entry *proxy);
  95
  96 int mit_samba_kpasswd_change_password(struct mit_samba_context *ctx,
  97                                       char *pwd,
  98                                       krb5_db_entry *db_entry);
  99
 100 void mit_samba_zero_bad_password_count(krb5_db_entry *db_entry);
 101
 102 void mit_samba_update_bad_password_count(krb5_db_entry *db_entry);
 103
 104 bool mit_samba_princ_needs_pac(krb5_db_entry *db_entry);
 105
 106 #endif /* _MIT_SAMBA_H */