source4/kdc/db-glue.h

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    Database Glue between Samba and the KDC
   5
   6    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2009
   7    Copyright (C) Simo Sorce <idra@samba.org> 2010
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19
  20    You should have received a copy of the GNU General Public License
  21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22 */
  23
  24 struct sdb_keys;
  25 struct sdb_entry;
  26
  27 struct samba_kdc_base_context;
  28 struct samba_kdc_db_context;
  29 struct samba_kdc_entry;
  30
  31 enum samba_kdc_ent_type {
  32         SAMBA_KDC_ENT_TYPE_CLIENT,
  33         SAMBA_KDC_ENT_TYPE_SERVER,
  34         SAMBA_KDC_ENT_TYPE_KRBTGT,
  35         SAMBA_KDC_ENT_TYPE_TRUST,
  36         SAMBA_KDC_ENT_TYPE_ANY
  37 };
  38
  39 /*
  40  * This allows DSDB to parse Kerberos keys without duplicating this
  41  * difficulty
  42  */
  43 krb5_error_code samba_kdc_message2entry_keys(krb5_context context,
  44                                              TALLOC_CTX *mem_ctx,
  45                                              struct ldb_context *ldb,
  46                                              const struct ldb_message *msg,
  47                                              bool is_krbtgt,
  48                                              bool is_rodc,
  49                                              uint32_t userAccountControl,
  50                                              enum samba_kdc_ent_type ent_type,
  51                                              unsigned flags,
  52                                              krb5_kvno requested_kvno,
  53                                              struct sdb_entry *entry,
  54                                              const uint32_t supported_enctypes_in,
  55                                              uint32_t *supported_enctypes_out);
  56
  57 int samba_kdc_set_fixed_keys(krb5_context context,
  58                              const struct ldb_val *secretbuffer,
  59                              uint32_t supported_enctypes,
  60                              struct sdb_keys *keys);
  61
  62 krb5_error_code samba_kdc_fetch(krb5_context context,
  63                                 struct samba_kdc_db_context *kdc_db_ctx,
  64                                 krb5_const_principal principal,
  65                                 unsigned flags,
  66                                 krb5_kvno kvno,
  67                                 struct sdb_entry *entry);
  68
  69 krb5_error_code samba_kdc_firstkey(krb5_context context,
  70                                    struct samba_kdc_db_context *kdc_db_ctx,
  71                                    const unsigned sdb_flags,
  72                                    struct sdb_entry *entry);
  73
  74 krb5_error_code samba_kdc_nextkey(krb5_context context,
  75                                   struct samba_kdc_db_context *kdc_db_ctx,
  76                                   const unsigned sdb_flags,
  77                                   struct sdb_entry *entry);
  78
  79 krb5_error_code
  80 samba_kdc_check_client_matches_target_service(krb5_context context,
  81                          struct samba_kdc_entry *skdc_entry_client,
  82                          struct samba_kdc_entry *skdc_entry_server_target);
  83
  84 krb5_error_code
  85 samba_kdc_check_pkinit_ms_upn_match(krb5_context context,
  86                                     struct samba_kdc_db_context *kdc_db_ctx,
  87                                     struct samba_kdc_entry *skdc_entry,
  88                                     krb5_const_principal certificate_principal);
  89
  90 krb5_error_code
  91 samba_kdc_check_s4u2proxy(krb5_context context,
  92                           struct samba_kdc_db_context *kdc_db_ctx,
  93                           struct samba_kdc_entry *skdc_entry,
  94                           krb5_const_principal target_principal);
  95
  96 krb5_error_code samba_kdc_check_s4u2proxy_rbcd(
  97                 krb5_context context,
  98                 struct samba_kdc_db_context *kdc_db_ctx,
  99                 krb5_const_principal client_principal,
 100                 krb5_const_principal server_principal,
 101                 const struct auth_user_info_dc *user_info_dc,
 102                 const struct auth_user_info_dc *device_info_dc,
 103                 const struct auth_claims auth_claims,
 104                 struct samba_kdc_entry *proxy_skdc_entry);
 105
 106 NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_context *base_ctx,
 107                                 struct samba_kdc_db_context **kdc_db_ctx_out);
 108
 109 krb5_error_code dsdb_extract_aes_256_key(krb5_context context,
 110                                          TALLOC_CTX *mem_ctx,
 111                                          struct ldb_context *ldb,
 112                                          const struct ldb_message *msg,
 113                                          uint32_t user_account_control,
 114                                          const uint32_t *kvno,
 115                                          uint32_t *kvno_out,
 116                                          DATA_BLOB *aes_256_key,
 117                                          DATA_BLOB *salt);