search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:mitkdc: Add support for MIT Kerberos 1.20
[Samba.git] / source4 / kdc / mit-kdb / kdb_samba.h
blobdd97061130c3dbe5a82c9aa6623235e9e28ded17
1 /*
2 Unix SMB/CIFS implementation.
3
4 Samba KDB plugin for MIT Kerberos
5
6 Copyright (c) 2009 Simo Sorce <idra@samba.org>.
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #ifndef _KDB_SAMBA_H_
23 #define _KDB_SAMBA_H_
24
25 #include <stdbool.h>
26
27 #include <krb5/krb5.h>
28 #include <krb5/plugin.h>
29
30 #define PAC_LOGON_INFO 1
31
32 #ifndef discard_const_p
33 #if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T)
34 # define discard_const_p(type, ptr) ((type *)((intptr_t)(ptr)))
35 #else
36 # define discard_const_p(type, ptr) ((type *)(ptr))
37 #endif
38 #endif
39
40 /* from kdb_samba_common.c */
41
42 struct mit_samba_context *ks_get_context(krb5_context kcontext);
43
44 krb5_error_code ks_get_principal(krb5_context context,
45 krb5_const_principal principal,
46 unsigned int kflags,
47 krb5_db_entry **kentry);
48
49 void ks_free_principal(krb5_context context, krb5_db_entry *entry);
50
51 bool ks_data_eq_string(krb5_data d, const char *s);
52
53 krb5_data ks_make_data(void *data, unsigned int len);
54
55 krb5_boolean ks_is_kadmin(krb5_context context,
56 krb5_const_principal princ);
57
58 krb5_boolean ks_is_kadmin_history(krb5_context context,
59 krb5_const_principal princ);
60
61 krb5_boolean ks_is_kadmin_changepw(krb5_context context,
62 krb5_const_principal princ);
63
64 krb5_boolean ks_is_kadmin_admin(krb5_context context,
65 krb5_const_principal princ);
66
67 /* from kdb_samba_principals.c */
68
69 krb5_error_code kdb_samba_db_get_principal(krb5_context context,
70 krb5_const_principal princ,
71 unsigned int kflags,
72 krb5_db_entry **kentry);
73
74 krb5_error_code kdb_samba_db_put_principal(krb5_context context,
75 krb5_db_entry *entry,
76 char **db_args);
77
78 krb5_error_code kdb_samba_db_delete_principal(krb5_context context,
79 krb5_const_principal princ);
80
81 krb5_error_code kdb_samba_db_iterate(krb5_context context,
82 char *match_entry,
83 int (*func)(krb5_pointer, krb5_db_entry *),
84 krb5_pointer func_arg,
85 krb5_flags iterflags);
86
87 /* from kdb_samba_masterkey.c */
88
89 krb5_error_code kdb_samba_fetch_master_key(krb5_context context,
90 krb5_principal name,
91 krb5_keyblock *key,
92 krb5_kvno *kvno,
93 char *db_args);
94
95 krb5_error_code kdb_samba_fetch_master_key_list(krb5_context context,
96 krb5_principal mname,
97 const krb5_keyblock *key,
98 krb5_keylist_node **mkeys_list);
99
100 /* from kdb_samba_pac.c */
101
102 krb5_error_code kdb_samba_dbekd_decrypt_key_data(krb5_context context,
103 const krb5_keyblock *mkey,
104 const krb5_key_data *key_data,
105 krb5_keyblock *kkey,
106 krb5_keysalt *keysalt);
107
108 krb5_error_code kdb_samba_dbekd_encrypt_key_data(krb5_context context,
109 const krb5_keyblock *mkey,
110 const krb5_keyblock *kkey,
111 const krb5_keysalt *keysalt,
112 int keyver,
113 krb5_key_data *key_data);
114
115 /* from kdb_samba_policies.c */
116 krb5_error_code kdb_samba_db_issue_pac(krb5_context context,
117 unsigned int flags,
118 krb5_db_entry *client,
119 krb5_keyblock *replaced_reply_key,
120 krb5_db_entry *server,
121 krb5_db_entry *signing_krbtgt,
122 krb5_timestamp authtime,
123 krb5_pac old_pac,
124 krb5_pac new_pac,
125 krb5_data ***auth_indicators);
126
127 krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
128 unsigned int flags,
129 krb5_const_principal client_princ,
130 krb5_const_principal server_princ,
131 krb5_db_entry *client,
132 krb5_db_entry *server,
133 krb5_db_entry *krbtgt,
134 krb5_db_entry *local_krbtgt,
135 krb5_keyblock *client_key,
136 krb5_keyblock *server_key,
137 krb5_keyblock *krbtgt_key,
138 krb5_keyblock *local_krbtgt_key,
139 krb5_keyblock *session_key,
140 krb5_timestamp authtime,
141 krb5_authdata **tgt_auth_data,
142 void *authdata_info,
143 krb5_data ***auth_indicators,
144 krb5_authdata ***signed_auth_data);
145
146 krb5_error_code kdb_samba_db_check_policy_as(krb5_context context,
147 krb5_kdc_req *kdcreq,
148 krb5_db_entry *client,
149 krb5_db_entry *server,
150 krb5_timestamp kdc_time,
151 const char **status,
152 krb5_pa_data ***e_data_out);
153
154 krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
155 krb5_const_principal client,
156 const krb5_db_entry *server,
157 krb5_const_principal proxy);
158
159 void kdb_samba_db_audit_as_req(krb5_context kcontext,
160 krb5_kdc_req *request,
161 const krb5_address *local_addr,
162 const krb5_address *remote_addr,
163 krb5_db_entry *client,
164 krb5_db_entry *server,
165 krb5_timestamp authtime,
166 krb5_error_code error_code);
167
168 /* from kdb_samba_change_pwd.c */
169
170 krb5_error_code kdb_samba_change_pwd(krb5_context context,
171 krb5_keyblock *master_key,
172 krb5_key_salt_tuple *ks_tuple,
173 int ks_tuple_count, char *passwd,
174 int new_kvno, krb5_boolean keepold,
175 krb5_db_entry *db_entry);
176
177 #endif /* _KDB_SAMBA_H_ */
Samba GIT mirror