source4/kdc/mit-kdb/kdb_samba.h

   1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
   2 /*
   3  * plugins/kdb/samba/kdb_samba.h
   4  *
   5  * Copyright (c) 2009, Simo Sorce <idra@samba.org>
   6  * All Rights Reserved.
   7  *
   8  *   Export of this software from the United States of America may
   9  *   require a specific license from the United States Government.
  10  *   It is the responsibility of any person or organization contemplating
  11  *   export to obtain such a license before exporting.
  12  *
  13  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  14  * distribute this software and its documentation for any purpose and
  15  * without fee is hereby granted, provided that the above copyright
  16  * notice appear in all copies and that both that copyright notice and
  17  * this permission notice appear in supporting documentation, and that
  18  * the name of M.I.T. not be used in advertising or publicity pertaining
  19  * to distribution of the software without specific, written prior
  20  * permission.  Furthermore if you modify this software you must label
  21  * your software as modified software and not distribute it in such a
  22  * fashion that it might be confused with the original M.I.T. software.
  23  * M.I.T. makes no representations about the suitability of
  24  * this software for any purpose.  It is provided "as is" without express
  25  * or implied warranty.
  26  *
  27  */
  28
  29 #ifndef _KDB_SAMBA_H_
  30 #define _KDB_SAMBA_H_
  31
  32 #include <stdbool.h>
  33
  34 #include <krb5/krb5.h>
  35 #include <krb5/plugin.h>
  36
  37 #define PAC_LOGON_INFO 1
  38
  39 #ifndef discard_const_p
  40 #if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T)
  41 # define discard_const_p(type, ptr) ((type *)((intptr_t)(ptr)))
  42 #else
  43 # define discard_const_p(type, ptr) ((type *)(ptr))
  44 #endif
  45 #endif
  46
  47 /* from kdb_samba_common.c */
  48
  49 struct mit_samba_context *ks_get_context(krb5_context kcontext);
  50
  51 bool ks_data_eq_string(krb5_data d, const char *s);
  52
  53 krb5_data ks_make_data(void *data, unsigned int len);
  54
  55 krb5_boolean ks_is_kadmin(krb5_context context,
  56                           krb5_const_principal princ);
  57
  58 krb5_boolean ks_is_kadmin_history(krb5_context context,
  59                                   krb5_const_principal princ);
  60
  61 krb5_boolean ks_is_kadmin_changepw(krb5_context context,
  62                                    krb5_const_principal princ);
  63
  64 krb5_boolean ks_is_kadmin_admin(krb5_context context,
  65                                 krb5_const_principal princ);
  66
  67 /* from kdb_samba_principals.c */
  68
  69 krb5_error_code kdb_samba_db_get_principal(krb5_context context,
  70                                            krb5_const_principal princ,
  71                                            unsigned int kflags,
  72                                            krb5_db_entry **kentry);
  73
  74 krb5_error_code kdb_samba_db_put_principal(krb5_context context,
  75                                            krb5_db_entry *entry,
  76                                            char **db_args);
  77
  78 krb5_error_code kdb_samba_db_delete_principal(krb5_context context,
  79                                               krb5_const_principal princ);
  80
  81 #if KRB5_KDB_API_VERSION >= 8
  82 krb5_error_code kdb_samba_db_iterate(krb5_context context,
  83                                      char *match_entry,
  84                                      int (*func)(krb5_pointer, krb5_db_entry *),
  85                                      krb5_pointer func_arg,
  86                                      krb5_flags iterflags);
  87 #else
  88 krb5_error_code kdb_samba_db_iterate(krb5_context context,
  89                                      char *match_entry,
  90                                      int (*func)(krb5_pointer, krb5_db_entry *),
  91                                      krb5_pointer func_arg);
  92 #endif
  93
  94 /* from kdb_samba_masterkey.c */
  95
  96 krb5_error_code kdb_samba_fetch_master_key(krb5_context context,
  97                                            krb5_principal name,
  98                                            krb5_keyblock *key,
  99                                            krb5_kvno *kvno,
 100                                            char *db_args);
 101
 102 krb5_error_code kdb_samba_fetch_master_key_list(krb5_context context,
 103                                                 krb5_principal mname,
 104                                                 const krb5_keyblock *key,
 105                                                 krb5_keylist_node **mkeys_list);
 106
 107 /* from kdb_samba_pac.c */
 108
 109 krb5_error_code kdb_samba_dbekd_decrypt_key_data(krb5_context context,
 110                                                  const krb5_keyblock *mkey,
 111                                                  const krb5_key_data *key_data,
 112                                                  krb5_keyblock *kkey,
 113                                                  krb5_keysalt *keysalt);
 114
 115 krb5_error_code kdb_samba_dbekd_encrypt_key_data(krb5_context context,
 116                                                  const krb5_keyblock *mkey,
 117                                                  const krb5_keyblock *kkey,
 118                                                  const krb5_keysalt *keysalt,
 119                                                  int keyver,
 120                                                  krb5_key_data *key_data);
 121
 122 /* from kdb_samba_policies.c */
 123
 124 krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
 125                                             unsigned int flags,
 126                                             krb5_const_principal client_princ,
 127                                             krb5_db_entry *client,
 128                                             krb5_db_entry *server,
 129                                             krb5_db_entry *krbtgt,
 130                                             krb5_keyblock *client_key,
 131                                             krb5_keyblock *server_key,
 132                                             krb5_keyblock *krbtgt_key,
 133                                             krb5_keyblock *session_key,
 134                                             krb5_timestamp authtime,
 135                                             krb5_authdata **tgt_auth_data,
 136                                             krb5_authdata ***signed_auth_data);
 137
 138 krb5_error_code kdb_samba_db_check_policy_as(krb5_context context,
 139                                              krb5_kdc_req *kdcreq,
 140                                              krb5_db_entry *client,
 141                                              krb5_db_entry *server,
 142                                              krb5_timestamp kdc_time,
 143                                              const char **status,
 144                                              krb5_pa_data ***e_data_out);
 145
 146 krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
 147                                                        krb5_const_principal client,
 148                                                        const krb5_db_entry *server,
 149                                                        krb5_const_principal proxy);
 150
 151 #if KRB5_KDB_API_VERSION >= 9
 152 void kdb_samba_db_audit_as_req(krb5_context kcontext,
 153                                krb5_kdc_req *request,
 154                                const krb5_address *local_addr,
 155                                const krb5_address *remote_addr,
 156                                krb5_db_entry *client,
 157                                krb5_db_entry *server,
 158                                krb5_timestamp authtime,
 159                                krb5_error_code error_code);
 160 #else
 161 void kdb_samba_db_audit_as_req(krb5_context kcontext,
 162                                krb5_kdc_req *request,
 163                                krb5_db_entry *client,
 164                                krb5_db_entry *server,
 165                                krb5_timestamp authtime,
 166                                krb5_error_code error_code);
 167 #endif
 168
 169 /* from kdb_samba_change_pwd.c */
 170
 171 krb5_error_code kdb_samba_change_pwd(krb5_context context,
 172                                      krb5_keyblock *master_key,
 173                                      krb5_key_salt_tuple *ks_tuple,
 174                                      int ks_tuple_count, char *passwd,
 175                                      int new_kvno, krb5_boolean keepold,
 176                                      krb5_db_entry *db_entry);
 177
 178 #endif /* _KDB_SAMBA_H_ */