2010-01-28 01:27:11 -05:00
/*
Unix SMB / CIFS implementation .
Database Glue between Samba and the KDC
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2005 - 2009
Copyright ( C ) Simo Sorce < idra @ samba . org > 2010
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
2022-03-22 18:09:33 +01:00
struct sdb_keys ;
2022-03-23 03:43:25 +01:00
struct sdb_entry ;
2014-05-08 17:13:04 +02:00
2022-03-08 22:49:31 +13:00
struct samba_kdc_base_context ;
struct samba_kdc_db_context ;
struct samba_kdc_entry ;
enum samba_kdc_ent_type {
SAMBA_KDC_ENT_TYPE_CLIENT ,
SAMBA_KDC_ENT_TYPE_SERVER ,
SAMBA_KDC_ENT_TYPE_KRBTGT ,
SAMBA_KDC_ENT_TYPE_TRUST ,
SAMBA_KDC_ENT_TYPE_ANY
} ;
/*
* This allows DSDB to parse Kerberos keys without duplicating this
* difficulty
*/
krb5_error_code samba_kdc_message2entry_keys ( krb5_context context ,
TALLOC_CTX * mem_ctx ,
const struct ldb_message * msg ,
bool is_krbtgt ,
bool is_rodc ,
uint32_t userAccountControl ,
enum samba_kdc_ent_type ent_type ,
unsigned flags ,
krb5_kvno requested_kvno ,
struct sdb_entry * entry ,
const uint32_t supported_enctypes_in ,
uint32_t * supported_enctypes_out ) ;
2018-09-19 19:24:11 -07:00
int samba_kdc_set_fixed_keys ( krb5_context context ,
const struct ldb_val * secretbuffer ,
2022-03-23 09:47:53 +13:00
uint32_t supported_enctypes ,
2022-03-22 18:09:33 +01:00
struct sdb_keys * keys ) ;
2018-09-19 19:24:11 -07:00
2010-01-28 01:27:11 -05:00
krb5_error_code samba_kdc_fetch ( krb5_context context ,
struct samba_kdc_db_context * kdc_db_ctx ,
krb5_const_principal principal ,
unsigned flags ,
2010-12-03 23:06:53 +01:00
krb5_kvno kvno ,
2022-03-23 03:43:25 +01:00
struct sdb_entry * entry ) ;
2010-01-28 01:27:11 -05:00
krb5_error_code samba_kdc_firstkey ( krb5_context context ,
struct samba_kdc_db_context * kdc_db_ctx ,
2022-03-23 03:43:25 +01:00
struct sdb_entry * entry ) ;
2010-01-28 01:27:11 -05:00
krb5_error_code samba_kdc_nextkey ( krb5_context context ,
struct samba_kdc_db_context * kdc_db_ctx ,
2022-03-23 03:43:25 +01:00
struct sdb_entry * entry ) ;
2010-01-28 01:27:11 -05:00
krb5_error_code
2016-01-08 14:08:18 +13:00
samba_kdc_check_client_matches_target_service ( krb5_context context ,
2021-10-08 08:29:51 +13:00
struct samba_kdc_entry * skdc_entry_client ,
struct samba_kdc_entry * skdc_entry_server_target ) ;
2010-01-28 01:27:11 -05:00
krb5_error_code
samba_kdc_check_pkinit_ms_upn_match ( krb5_context context ,
struct samba_kdc_db_context * kdc_db_ctx ,
2014-05-09 14:56:22 +02:00
struct samba_kdc_entry * skdc_entry ,
2010-01-28 01:27:11 -05:00
krb5_const_principal certificate_principal ) ;
2010-09-28 13:05:37 +10:00
2011-04-07 11:16:55 +02:00
krb5_error_code
samba_kdc_check_s4u2proxy ( krb5_context context ,
struct samba_kdc_db_context * kdc_db_ctx ,
2014-05-09 14:58:08 +02:00
struct samba_kdc_entry * skdc_entry ,
2011-04-07 11:16:55 +02:00
krb5_const_principal target_principal ) ;
2021-12-14 11:16:12 +01:00
krb5_error_code samba_kdc_check_s4u2proxy_rbcd (
krb5_context context ,
struct samba_kdc_db_context * kdc_db_ctx ,
krb5_const_principal client_principal ,
krb5_const_principal server_principal ,
2023-10-10 15:12:30 +13:00
const struct auth_user_info_dc * user_info_dc ,
2023-10-10 15:38:29 +13:00
const struct auth_user_info_dc * device_info_dc ,
const struct auth_claims auth_claims ,
2021-12-14 11:16:12 +01:00
struct samba_kdc_entry * proxy_skdc_entry ) ;
2010-09-28 13:05:37 +10:00
NTSTATUS samba_kdc_setup_db_ctx ( TALLOC_CTX * mem_ctx , struct samba_kdc_base_context * base_ctx ,
struct samba_kdc_db_context * * kdc_db_ctx_out ) ;
2022-05-18 20:12:36 +12:00
krb5_error_code dsdb_extract_aes_256_key ( krb5_context context ,
TALLOC_CTX * mem_ctx ,
const struct ldb_message * msg ,
uint32_t user_account_control ,
const uint32_t * kvno ,
uint32_t * kvno_out ,
DATA_BLOB * aes_256_key ,
DATA_BLOB * salt ) ;