source4/kdc/samba_kdc.h

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    KDC structures
   5
   6    Copyright (C) Andrew Tridgell        2005
   7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
   8    Copyright (C) Simo Sorce <idra@samba.org> 2010
   9
  10    This program is free software; you can redistribute it and/or modify
  11    it under the terms of the GNU General Public License as published by
  12    the Free Software Foundation; either version 3 of the License, or
  13    (at your option) any later version.
  14
  15    This program is distributed in the hope that it will be useful,
  16    but WITHOUT ANY WARRANTY; without even the implied warranty of
  17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18    GNU General Public License for more details.
  19
  20    You should have received a copy of the GNU General Public License
  21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22 */
  23
  24 #ifndef _SAMBA_KDC_H_
  25 #define _SAMBA_KDC_H_
  26
  27 #include "lib/replace/replace.h"
  28 #include "system/time.h"
  29 #include "libcli/util/ntstatus.h"
  30
  31 struct samba_kdc_policy {
  32         time_t svc_tkt_lifetime;
  33         time_t usr_tkt_lifetime;
  34         time_t renewal_lifetime;
  35 };
  36
  37 struct samba_kdc_base_context {
  38         struct tevent_context *ev_ctx;
  39         struct loadparm_context *lp_ctx;
  40         struct imessaging_context *msg_ctx;
  41         struct ldb_context *samdb;
  42
  43         /*
  44          * If we are under Heimdal, this will be updated at each
  45          * packet to be the same time as the KDC process uses and will
  46          * be set into dsdb_gmsa_set_current_time() (otherwise NULL)
  47          */
  48         unsigned long long *current_nttime_ull;
  49 };
  50
  51 struct samba_kdc_seq;
  52
  53 struct samba_kdc_db_context {
  54         struct tevent_context *ev_ctx;
  55         struct loadparm_context *lp_ctx;
  56         struct imessaging_context *msg_ctx;
  57         struct ldb_context *samdb;
  58         struct samba_kdc_seq *seq_ctx;
  59         bool rodc;
  60         unsigned int my_krbtgt_number;
  61         struct ldb_dn *krbtgt_dn;
  62         struct samba_kdc_policy policy;
  63         /*
  64          * Copied from the base_context when this is created
  65          */
  66         unsigned long long *current_nttime_ull;
  67 };
  68
  69 struct samba_kdc_entry {
  70         struct samba_kdc_db_context *kdc_db_ctx;
  71         const struct sdb_entry *db_entry; /* this is only temporarily valid */
  72         const void *kdc_entry; /* this is a reference to hdb_entry/krb5_db_entry */
  73         struct ldb_message *msg;
  74         struct ldb_dn *realm_dn;
  75         struct claims_data *claims_from_pac;
  76         struct claims_data *claims_from_db;
  77         const struct auth_user_info_dc *info_from_pac;
  78         const struct PAC_DOMAIN_GROUP_MEMBERSHIP *resource_groups_from_pac;
  79         const struct auth_user_info_dc *info_from_db;
  80         const struct authn_kerberos_client_policy *client_policy;
  81         const struct authn_server_policy *server_policy;
  82         uint32_t supported_enctypes;
  83         NTSTATUS reject_status;
  84         bool is_krbtgt : 1;
  85         bool is_rodc : 1;
  86         bool is_trust : 1;
  87         bool claims_from_pac_are_initialized : 1;
  88         bool claims_from_db_are_initialized : 1;
  89         bool group_managed_service_account : 1;
  90         NTTIME current_nttime;
  91         int64_t enforced_tgt_lifetime_nt_ticks;
  92 };
  93
  94 extern struct hdb_method hdb_samba4_interface;
  95
  96 #define CHANGEPW_LIFETIME (60*2) /* 2 minutes */
  97
  98 #endif /* _SAMBA_KDC_H_ */