s3:ads: Remove 'kerberos method' warning for 'net ads keytab' functions
[samba4-gss.git] / auth / authn_policy.h
blobf2142feac92689e8bc2ebbee2cc39a5998c1f40e
1 /*
2 Unix SMB/CIFS implementation.
3 Samba Active Directory authentication policy functions
5 Copyright (C) Catalyst.Net Ltd 2023
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #ifndef KDC_AUTHN_POLICY_H
22 #define KDC_AUTHN_POLICY_H
24 #include "lib/replace/replace.h"
25 #include "libcli/util/ntstatus.h"
26 #include "librpc/gen_ndr/windows_event_ids.h"
28 /* Authentication policies for Kerberos clients. */
30 struct authn_kerberos_client_policy;
32 /* Is an authentication policy enforced? */
33 bool authn_kerberos_client_policy_is_enforced(const struct authn_kerberos_client_policy *policy);
35 /* Get the raw TGT lifetime enforced by an authentication policy. */
36 int64_t authn_policy_enforced_tgt_lifetime_raw(const struct authn_kerberos_client_policy *policy);
38 /* Auditing information. */
40 struct authn_audit_info;
42 /* This enum should be kept in sync with authn_audit_info_event(). */
43 enum authn_audit_event {
44 AUTHN_AUDIT_EVENT_OK = 0,
45 AUTHN_AUDIT_EVENT_KERBEROS_DEVICE_RESTRICTION,
46 AUTHN_AUDIT_EVENT_KERBEROS_SERVER_RESTRICTION,
47 AUTHN_AUDIT_EVENT_NTLM_DEVICE_RESTRICTION,
48 AUTHN_AUDIT_EVENT_NTLM_SERVER_RESTRICTION,
49 AUTHN_AUDIT_EVENT_OTHER_ERROR,
52 /* This enum should be kept in sync with authn_audit_info_reason(). */
53 enum authn_audit_reason {
54 AUTHN_AUDIT_REASON_NONE = 0,
55 AUTHN_AUDIT_REASON_DESCRIPTOR_INVALID,
56 AUTHN_AUDIT_REASON_DESCRIPTOR_NO_OWNER,
57 AUTHN_AUDIT_REASON_SECURITY_TOKEN_FAILURE,
58 AUTHN_AUDIT_REASON_ACCESS_DENIED,
59 AUTHN_AUDIT_REASON_FAST_REQUIRED,
62 enum auth_event_id_type authn_audit_info_event_id(const struct authn_audit_info *audit_info);
64 const char *authn_audit_info_silo_name(const struct authn_audit_info *audit_info);
66 const char *authn_audit_info_policy_name(const struct authn_audit_info *audit_info);
68 const bool *authn_audit_info_policy_enforced(const struct authn_audit_info *audit_info);
70 const struct auth_user_info_dc *authn_audit_info_client_info(const struct authn_audit_info *audit_info);
72 const char *authn_audit_info_event(const struct authn_audit_info *audit_info);
74 const char *authn_audit_info_reason(const struct authn_audit_info *audit_info);
76 NTSTATUS authn_audit_info_policy_status(const struct authn_audit_info *audit_info);
78 const char *authn_audit_info_location(const struct authn_audit_info *audit_info);
80 struct authn_int64_optional {
81 bool is_present;
82 int64_t val;
85 struct authn_int64_optional authn_audit_info_policy_tgt_lifetime_mins(const struct authn_audit_info *audit_info);
87 #endif