2023-05-04 10:59:49 +12:00
/*
Unix SMB / CIFS implementation .
Samba Active Directory authentication policy functions
Copyright ( C ) Catalyst . Net Ltd 2023
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# ifndef KDC_AUTHN_POLICY_H
# define KDC_AUTHN_POLICY_H
# include "lib/replace/replace.h"
# include "libcli/util/ntstatus.h"
# include "librpc/gen_ndr/windows_event_ids.h"
/* Authentication policies for Kerberos clients. */
struct authn_kerberos_client_policy ;
2023-06-15 10:37:03 +12:00
/* Is an authentication policy enforced? */
bool authn_kerberos_client_policy_is_enforced ( const struct authn_kerberos_client_policy * policy ) ;
2023-06-15 10:00:53 +12:00
/* Get the raw TGT lifetime enforced by an authentication policy. */
int64_t authn_policy_enforced_tgt_lifetime_raw ( const struct authn_kerberos_client_policy * policy ) ;
2023-05-04 10:59:49 +12:00
2023-06-15 10:37:03 +12:00
/* Auditing information. */
2023-06-15 10:30:34 +12:00
struct authn_audit_info ;
2023-06-15 10:37:03 +12:00
/* This enum should be kept in sync with authn_audit_info_event(). */
2023-06-15 10:18:00 +12:00
enum authn_audit_event {
AUTHN_AUDIT_EVENT_OK = 0 ,
AUTHN_AUDIT_EVENT_KERBEROS_DEVICE_RESTRICTION ,
AUTHN_AUDIT_EVENT_KERBEROS_SERVER_RESTRICTION ,
AUTHN_AUDIT_EVENT_NTLM_DEVICE_RESTRICTION ,
AUTHN_AUDIT_EVENT_NTLM_SERVER_RESTRICTION ,
AUTHN_AUDIT_EVENT_OTHER_ERROR ,
} ;
2023-06-15 10:37:03 +12:00
/* This enum should be kept in sync with authn_audit_info_reason(). */
2023-06-15 10:18:00 +12:00
enum authn_audit_reason {
AUTHN_AUDIT_REASON_NONE = 0 ,
AUTHN_AUDIT_REASON_DESCRIPTOR_INVALID ,
AUTHN_AUDIT_REASON_DESCRIPTOR_NO_OWNER ,
AUTHN_AUDIT_REASON_SECURITY_TOKEN_FAILURE ,
AUTHN_AUDIT_REASON_ACCESS_DENIED ,
AUTHN_AUDIT_REASON_FAST_REQUIRED ,
} ;
2023-06-15 10:37:03 +12:00
enum auth_event_id_type authn_audit_info_event_id ( const struct authn_audit_info * audit_info ) ;
const char * authn_audit_info_silo_name ( const struct authn_audit_info * audit_info ) ;
const char * authn_audit_info_policy_name ( const struct authn_audit_info * audit_info ) ;
const bool * authn_audit_info_policy_enforced ( const struct authn_audit_info * audit_info ) ;
const struct auth_user_info_dc * authn_audit_info_client_info ( const struct authn_audit_info * audit_info ) ;
const char * authn_audit_info_event ( const struct authn_audit_info * audit_info ) ;
const char * authn_audit_info_reason ( const struct authn_audit_info * audit_info ) ;
NTSTATUS authn_audit_info_policy_status ( const struct authn_audit_info * audit_info ) ;
const char * authn_audit_info_location ( const struct authn_audit_info * audit_info ) ;
2023-06-15 10:18:00 +12:00
struct authn_int64_optional {
bool is_present ;
int64_t val ;
} ;
2023-06-15 10:37:03 +12:00
struct authn_int64_optional authn_audit_info_policy_tgt_lifetime_mins ( const struct authn_audit_info * audit_info ) ;
2023-05-04 10:59:49 +12:00
# endif