1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/source4/auth/kerberos/kerberos.h
Andrew Bartlett 2c33862b9e s4-auth/kerberos: Add define ENC_STRONG_SALTED_TYPES
This allows us to mask out RC4 and insist on the modern AES types
where that makes sense.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14 22:06:39 +00:00

92 lines
3.0 KiB
C

/*
Unix SMB/CIFS implementation.
simple kerberos5 routines for active directory
Copyright (C) Andrew Tridgell 2001
Copyright (C) Luke Howard 2002-2003
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _AUTH_KERBEROS_H_
#define _AUTH_KERBEROS_H_
#if defined(HAVE_KRB5)
#include "system/kerberos.h"
#include "auth/auth.h"
#include "auth/kerberos/krb5_init_context.h"
#include "librpc/gen_ndr/krb5pac.h"
#include "lib/krb5_wrap/krb5_samba.h"
struct auth_user_info_dc;
struct cli_credentials;
struct ccache_container {
struct smb_krb5_context *smb_krb5_context;
krb5_ccache ccache;
};
struct keytab_container {
struct smb_krb5_context *smb_krb5_context;
krb5_keytab keytab;
bool password_based;
};
/* not really ASN.1, but RFC 1964 */
#define TOK_ID_KRB_AP_REQ ((const uint8_t *)"\x01\x00")
#define TOK_ID_KRB_AP_REP ((const uint8_t *)"\x02\x00")
#define TOK_ID_KRB_ERROR ((const uint8_t *)"\x03\x00")
#define TOK_ID_GSS_GETMIC ((const uint8_t *)"\x01\x01")
#define TOK_ID_GSS_WRAP ((const uint8_t *)"\x02\x01")
#define ENC_ALL_TYPES (ENC_RC4_HMAC_MD5 | \
ENC_HMAC_SHA1_96_AES128 | ENC_HMAC_SHA1_96_AES256)
#define ENC_STRONG_SALTED_TYPES (ENC_HMAC_SHA1_96_AES128 | ENC_HMAC_SHA1_96_AES256)
#ifndef HAVE_KRB5_SET_DEFAULT_TGS_KTYPES
krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc);
#endif
#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock);
#endif
krb5_error_code smb_krb5_princ_component(krb5_context context,
krb5_const_principal principal,
int i,
krb5_data *data);
/* Samba wrapper function for krb5 functionality. */
krb5_error_code kerberos_encode_pac(TALLOC_CTX *mem_ctx,
struct PAC_DATA *pac_data,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,
const krb5_keyblock *service_keyblock,
DATA_BLOB *pac);
krb5_error_code kerberos_create_pac(TALLOC_CTX *mem_ctx,
struct auth_user_info_dc *user_info_dc,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,
const krb5_keyblock *service_keyblock,
krb5_principal client_principal,
time_t tgs_authtime,
DATA_BLOB *pac);
#include "auth/kerberos/proto.h"
#endif /* HAVE_KRB5 */
#endif /* _AUTH_KERBEROS_H_ */