libcli/auth/krb5_wrap.h

   1 /*
   2    Unix SMB/CIFS implementation.
   3    simple kerberos5 routines for active directory
   4    Copyright (C) Andrew Tridgell 2001
   5    Copyright (C) Luke Howard 2002-2003
   6    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
   7    Copyright (C) Guenther Deschner 2005-2009
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22
  23 #include "system/kerberos.h"
  24 struct PAC_SIGNATURE_DATA;
  25 struct PAC_DATA;
  26
  27 #ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */
  28 #define KRB5_KEY_TYPE(k)        ((k)->keytype)
  29 #define KRB5_KEY_LENGTH(k)      ((k)->keyvalue.length)
  30 #define KRB5_KEY_DATA(k)        ((k)->keyvalue.data)
  31 #define KRB5_KEY_DATA_CAST      void
  32 #else /* MIT */
  33 #define KRB5_KEY_TYPE(k)        ((k)->enctype)
  34 #define KRB5_KEY_LENGTH(k)      ((k)->length)
  35 #define KRB5_KEY_DATA(k)        ((k)->contents)
  36 #define KRB5_KEY_DATA_CAST      krb5_octet
  37 #endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */
  38
  39 int create_kerberos_key_from_string_direct(krb5_context context,
  40                                                   krb5_principal host_princ,
  41                                                   krb5_data *password,
  42                                                   krb5_keyblock *key,
  43                                            krb5_enctype enctype);
  44 void kerberos_free_data_contents(krb5_context context, krb5_data *pdata);
  45 krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry);
  46
  47  krb5_error_code smb_krb5_parse_name(krb5_context context,
  48                                 const char *name, /* in unix charset */
  49                                      krb5_principal *principal);
  50 krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
  51                                       krb5_context context,
  52                                       krb5_const_principal principal,
  53                                       char **unix_name);
  54  krb5_error_code smb_krb5_parse_name_norealm(krb5_context context,
  55                                             const char *name,
  56                                              krb5_principal *principal);
  57  bool smb_krb5_principal_compare_any_realm(krb5_context context,
  58                                           krb5_const_principal princ1,
  59                                            krb5_const_principal princ2);
  60  void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum,
  61                                      struct PAC_SIGNATURE_DATA *sig);
  62  krb5_error_code smb_krb5_verify_checksum(krb5_context context,
  63                                           const krb5_keyblock *keyblock,
  64                                          krb5_keyusage usage,
  65                                          krb5_checksum *cksum,
  66                                          uint8_t *data,
  67                                           size_t length);
  68 char *gssapi_error_string(TALLOC_CTX *mem_ctx,
  69                           OM_uint32 maj_stat, OM_uint32 min_stat,
  70                           const gss_OID mech);
  71 char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx);
  72
  73 krb5_error_code check_pac_checksum(DATA_BLOB pac_data,
  74                                    struct PAC_SIGNATURE_DATA *sig,
  75                                    krb5_context context,
  76                                    const krb5_keyblock *keyblock);
  77
  78 NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
  79                              DATA_BLOB pac_data_blob,
  80                              krb5_context context,
  81                              const krb5_keyblock *krbtgt_keyblock,
  82                              const krb5_keyblock *service_keyblock,
  83                              krb5_const_principal client_principal,
  84                              time_t tgs_authtime,
  85                              struct PAC_DATA **pac_data_out);
  86
  87 NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx,
  88                                 gss_ctx_id_t gssapi_context,
  89                                 gss_name_t gss_client_name,
  90                                 DATA_BLOB *pac_data);
  91 NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
  92                                 gss_ctx_id_t gssapi_context,
  93                                 DATA_BLOB *session_key,
  94                                 uint32_t *keytype);
  95
  96 DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *ticket, const uint8_t tok_id[2]);
  97
  98 bool gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, DATA_BLOB *ticket, uint8_t tok_id[2]);
  99 bool gensec_gssapi_check_oid(const DATA_BLOB *blob, const char *oid);