1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
3 * plugins/kdb/samba/kdb_samba.h
5 * Copyright (c) 2009, Simo Sorce <idra@samba.org>
8 * Export of this software from the United States of America may
9 * require a specific license from the United States Government.
10 * It is the responsibility of any person or organization contemplating
11 * export to obtain such a license before exporting.
13 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
14 * distribute this software and its documentation for any purpose and
15 * without fee is hereby granted, provided that the above copyright
16 * notice appear in all copies and that both that copyright notice and
17 * this permission notice appear in supporting documentation, and that
18 * the name of M.I.T. not be used in advertising or publicity pertaining
19 * to distribution of the software without specific, written prior
20 * permission. Furthermore if you modify this software you must label
21 * your software as modified software and not distribute it in such a
22 * fashion that it might be confused with the original M.I.T. software.
23 * M.I.T. makes no representations about the suitability of
24 * this software for any purpose. It is provided "as is" without express
25 * or implied warranty.
32 #include "k5-plugin.h"
35 /* flags for various functions */
36 #define HDB_F_DECRYPT 1 /* decrypt keys */
37 #define HDB_F_REPLACE 2 /* replace entry */
38 #define HDB_F_GET_CLIENT 4 /* fetch client */
39 #define HDB_F_GET_SERVER 8 /* fetch server */
40 #define HDB_F_GET_KRBTGT 16 /* fetch krbtgt */
41 #define HDB_F_GET_ANY 28 /* fetch any of client,server,krbtgt */
42 #define HDB_F_CANON 32 /* want canonicalition */
44 #define HDB_ERR_UK_SERROR 36150273
45 #define HDB_ERR_UK_RERROR 36150274
46 #define HDB_ERR_NOENTRY 36150275
47 #define HDB_ERR_DB_INUSE 36150276
48 #define HDB_ERR_DB_CHANGED 36150277
49 #define HDB_ERR_RECURSIVELOCK 36150278
50 #define HDB_ERR_NOTLOCKED 36150279
51 #define HDB_ERR_BADLOCKMODE 36150280
52 #define HDB_ERR_CANT_LOCK_DB 36150281
53 #define HDB_ERR_EXISTS 36150282
54 #define HDB_ERR_BADVERSION 36150283
55 #define HDB_ERR_NO_MKEY 36150284
56 #define HDB_ERR_MANDATORY_OPTION 36150285
58 #define PAC_LOGON_INFO 1
60 typedef struct hdb_entry_ex {
63 void (*free_entry)(void *, struct hdb_entry_ex *);
66 /* NOTE: Relies on the fact that samba doesn't use the context
67 * for free_entry(), that's why we declare it (void *) */
68 #define KS_FREE_DB_ENTRY(ks_ctx, hentry) (hentry)->free_entry(NULL, (hentry));
71 #include "mit_samba_interface.h"
77 /* mit_samba library APIs */
78 struct plugin_file_handle *pfh;
79 struct mit_samba_context *ctx;
80 struct mit_samba_function_table *fns;
83 #define GET_KS_CONTEXT(krb5_ctx) \
84 ((struct ks_context *)((krb5_ctx)->dal_handle->db_context))
86 #define KS_GET_PRINCIPAL(ks, str, flags, ptr) \
87 (ks)->fns->get_principal((ks)->ctx, str, flags, ptr)
89 #define KS_GET_FIRSTKEY(ks, pptr) \
90 (ks)->fns->get_firstkey((ks)->ctx, pptr)
91 #define KS_GET_NEXTKEY(ks, pptr) \
92 (ks)->fns->get_nextkey((ks)->ctx, pptr)
94 #define KS_GET_PAC(ks, cli, ptr) \
95 (ks)->fns->get_pac((ks)->ctx, cli, ptr)
96 #define KS_UPDATE_PAC(ks, cli, ptr1, ptr2) \
97 (ks)->fns->update_pac((ks)->ctx, cli, ptr1, ptr2)
99 #define KS_CLIENT_ACCESS(ks, cli, clin, srv, srvn, nbn, pwc, ptr) \
100 (ks)->fns->client_access((ks)->ctx, cli, clin, srv, srvn, nbn, pwc, ptr)
101 #define KS_CHECK_S4U2PROXY(ks, ds, tn, ise) \
102 (ks)->fns->check_s4u2proxy((ks)->ctx, ds, tn, ise)
104 /* from kdb_samba_util.c */
107 ks_map_error(int error);
110 ks_free_krb5_db_entry(krb5_context context,
111 krb5_db_entry *entry);
114 ks_unmarshal_Principal(krb5_context context,
115 const Principal *hprinc,
116 krb5_principal *out_kprinc);
119 ks_unmarshal_hdb_entry(krb5_context context,
120 struct hdb_entry_ex *hentry,
121 krb5_db_entry *kentry);
123 /* from kdb_samba_policies.c */
126 ks_db_check_allowed_to_delegate(krb5_context context,
128 const krb5_data *req_data,
129 krb5_data *rep_data);
132 ks_db_check_policy_as(krb5_context context,
134 const krb5_data *req_data,
135 krb5_data *rep_data);
138 ks_db_sign_auth_data(krb5_context context,
140 const krb5_data *req_data,
141 krb5_data *rep_data);
143 #endif /* _KDB_SAMBA_H_ */