s4:kdc: Add structure containing authentication policy auditing information

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/authn_policy.h

@@ -41,4 +41,27 @@ NTSTATUS authn_policy_ntlm_apply_device_restriction(const char *client_account_n
 						    const char *device_account_name,
 						    const struct authn_ntlm_client_policy *client_policy);
 
+enum authn_audit_event {
+	AUTHN_AUDIT_EVENT_OK = 0,
+	AUTHN_AUDIT_EVENT_KERBEROS_DEVICE_RESTRICTION,
+	AUTHN_AUDIT_EVENT_KERBEROS_SERVER_RESTRICTION,
+	AUTHN_AUDIT_EVENT_NTLM_DEVICE_RESTRICTION,
+	AUTHN_AUDIT_EVENT_NTLM_SERVER_RESTRICTION,
+	AUTHN_AUDIT_EVENT_OTHER_ERROR,
+};
+
+enum authn_audit_reason {
+	AUTHN_AUDIT_REASON_NONE = 0,
+	AUTHN_AUDIT_REASON_DESCRIPTOR_INVALID,
+	AUTHN_AUDIT_REASON_DESCRIPTOR_NO_OWNER,
+	AUTHN_AUDIT_REASON_SECURITY_TOKEN_FAILURE,
+	AUTHN_AUDIT_REASON_ACCESS_DENIED,
+	AUTHN_AUDIT_REASON_FAST_REQUIRED,
+};
+
+struct authn_int64_optional {
+	bool is_present;
+	int64_t val;
+};
+
 #endif

auth/authn_policy_impl.h

@@ -52,4 +52,16 @@ struct authn_server_policy {
 	DATA_BLOB allowed_to_authenticate_to;
 };
 
+/* Auditing information. */
+
+struct authn_audit_info {
+	struct authn_policy *policy;
+	const struct auth_user_info_dc *client_info;
+	enum authn_audit_event event;
+	enum authn_audit_reason reason;
+	NTSTATUS policy_status;
+	const char *location;
+	struct authn_int64_optional tgt_lifetime_raw;
+};
+
 #endif