2 Unix SMB/CIFS implementation.
4 Samba KDB plugin for MIT Kerberos
6 Copyright (c) 2009 Simo Sorce <idra@samba.org>.
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
27 #include <krb5/krb5.h>
28 #include <krb5/plugin.h>
30 #define PAC_LOGON_INFO 1
32 #ifndef discard_const_p
33 #if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T)
34 # define discard_const_p(type, ptr) ((type *)((intptr_t)(ptr)))
36 # define discard_const_p(type, ptr) ((type *)(ptr))
40 /* from kdb_samba_common.c */
42 struct mit_samba_context
*ks_get_context(krb5_context kcontext
);
44 krb5_error_code
ks_get_principal(krb5_context context
,
45 krb5_const_principal principal
,
47 krb5_db_entry
**kentry
);
49 void ks_free_principal(krb5_context context
, krb5_db_entry
*entry
);
51 bool ks_data_eq_string(krb5_data d
, const char *s
);
53 krb5_data
ks_make_data(void *data
, unsigned int len
);
55 krb5_boolean
ks_is_kadmin(krb5_context context
,
56 krb5_const_principal princ
);
58 krb5_boolean
ks_is_kadmin_history(krb5_context context
,
59 krb5_const_principal princ
);
61 krb5_boolean
ks_is_kadmin_changepw(krb5_context context
,
62 krb5_const_principal princ
);
64 krb5_boolean
ks_is_kadmin_admin(krb5_context context
,
65 krb5_const_principal princ
);
67 /* from kdb_samba_principals.c */
69 krb5_error_code
kdb_samba_db_get_principal(krb5_context context
,
70 krb5_const_principal princ
,
72 krb5_db_entry
**kentry
);
74 krb5_error_code
kdb_samba_db_put_principal(krb5_context context
,
78 krb5_error_code
kdb_samba_db_delete_principal(krb5_context context
,
79 krb5_const_principal princ
);
81 krb5_error_code
kdb_samba_db_iterate(krb5_context context
,
83 int (*func
)(krb5_pointer
, krb5_db_entry
*),
84 krb5_pointer func_arg
,
85 krb5_flags iterflags
);
87 /* from kdb_samba_masterkey.c */
89 krb5_error_code
kdb_samba_fetch_master_key(krb5_context context
,
95 krb5_error_code
kdb_samba_fetch_master_key_list(krb5_context context
,
97 const krb5_keyblock
*key
,
98 krb5_keylist_node
**mkeys_list
);
100 /* from kdb_samba_pac.c */
102 krb5_error_code
kdb_samba_dbekd_decrypt_key_data(krb5_context context
,
103 const krb5_keyblock
*mkey
,
104 const krb5_key_data
*key_data
,
106 krb5_keysalt
*keysalt
);
108 krb5_error_code
kdb_samba_dbekd_encrypt_key_data(krb5_context context
,
109 const krb5_keyblock
*mkey
,
110 const krb5_keyblock
*kkey
,
111 const krb5_keysalt
*keysalt
,
113 krb5_key_data
*key_data
);
115 /* from kdb_samba_policies.c */
116 krb5_error_code
kdb_samba_db_issue_pac(krb5_context context
,
118 krb5_db_entry
*client
,
119 krb5_keyblock
*replaced_reply_key
,
120 krb5_db_entry
*server
,
121 krb5_db_entry
*signing_krbtgt
,
122 krb5_timestamp authtime
,
125 krb5_data
***auth_indicators
);
127 krb5_error_code
kdb_samba_db_sign_auth_data(krb5_context context
,
129 krb5_const_principal client_princ
,
130 krb5_const_principal server_princ
,
131 krb5_db_entry
*client
,
132 krb5_db_entry
*server
,
133 krb5_db_entry
*krbtgt
,
134 krb5_db_entry
*local_krbtgt
,
135 krb5_keyblock
*client_key
,
136 krb5_keyblock
*server_key
,
137 krb5_keyblock
*krbtgt_key
,
138 krb5_keyblock
*local_krbtgt_key
,
139 krb5_keyblock
*session_key
,
140 krb5_timestamp authtime
,
141 krb5_authdata
**tgt_auth_data
,
143 krb5_data
***auth_indicators
,
144 krb5_authdata
***signed_auth_data
);
146 krb5_error_code
kdb_samba_db_check_policy_as(krb5_context context
,
147 krb5_kdc_req
*kdcreq
,
148 krb5_db_entry
*client
,
149 krb5_db_entry
*server
,
150 krb5_timestamp kdc_time
,
152 krb5_pa_data
***e_data_out
);
154 krb5_error_code
kdb_samba_db_check_allowed_to_delegate(krb5_context context
,
155 krb5_const_principal client
,
156 const krb5_db_entry
*server
,
157 krb5_const_principal proxy
);
159 void kdb_samba_db_audit_as_req(krb5_context kcontext
,
160 krb5_kdc_req
*request
,
161 const krb5_address
*local_addr
,
162 const krb5_address
*remote_addr
,
163 krb5_db_entry
*client
,
164 krb5_db_entry
*server
,
165 krb5_timestamp authtime
,
166 krb5_error_code error_code
);
168 /* from kdb_samba_change_pwd.c */
170 krb5_error_code
kdb_samba_change_pwd(krb5_context context
,
171 krb5_keyblock
*master_key
,
172 krb5_key_salt_tuple
*ks_tuple
,
173 int ks_tuple_count
, char *passwd
,
174 int new_kvno
, krb5_boolean keepold
,
175 krb5_db_entry
*db_entry
);
177 #endif /* _KDB_SAMBA_H_ */