diff --git a/source4/kdc/mit-kdb/kdb_samba.h b/source4/kdc/mit-kdb/kdb_samba.h index 89c628fff63..32c8d843548 100644 --- a/source4/kdc/mit-kdb/kdb_samba.h +++ b/source4/kdc/mit-kdb/kdb_samba.h @@ -55,6 +55,18 @@ bool ks_data_eq_string(krb5_data d, const char *s); krb5_data ks_make_data(void *data, unsigned int len); +krb5_boolean ks_is_kadmin(krb5_context context, + krb5_const_principal princ); + +krb5_boolean ks_is_kadmin_history(krb5_context context, + krb5_const_principal princ); + +krb5_boolean ks_is_kadmin_changepw(krb5_context context, + krb5_const_principal princ); + +krb5_boolean ks_is_kadmin_admin(krb5_context context, + krb5_const_principal princ); + /* from kdb_samba_principals.c */ krb5_error_code kdb_samba_db_get_principal(krb5_context context, diff --git a/source4/kdc/mit-kdb/kdb_samba_common.c b/source4/kdc/mit-kdb/kdb_samba_common.c index de94f03719b..1cd546977b7 100644 --- a/source4/kdc/mit-kdb/kdb_samba_common.c +++ b/source4/kdc/mit-kdb/kdb_samba_common.c @@ -117,3 +117,34 @@ krb5_data ks_make_data(void *data, unsigned int len) return d; } + +krb5_boolean ks_is_kadmin(krb5_context context, + krb5_const_principal princ) +{ + return krb5_princ_size(context, princ) >= 1 && + ks_data_eq_string(princ->data[0], "kadmin"); +} + +krb5_boolean ks_is_kadmin_history(krb5_context context, + krb5_const_principal princ) +{ + return krb5_princ_size(context, princ) == 2 && + ks_data_eq_string(princ->data[0], "kadmin") && + ks_data_eq_string(princ->data[1], "history"); +} + +krb5_boolean ks_is_kadmin_changepw(krb5_context context, + krb5_const_principal princ) +{ + return krb5_princ_size(context, princ) == 2 && + ks_data_eq_string(princ->data[0], "kadmin") && + ks_data_eq_string(princ->data[1], "changepw"); +} + +krb5_boolean ks_is_kadmin_admin(krb5_context context, + krb5_const_principal princ) +{ + return krb5_princ_size(context, princ) == 2 && + ks_data_eq_string(princ->data[0], "kadmin") && + ks_data_eq_string(princ->data[1], "admin"); +}