root/source4/auth/kerberos/kerberos.h

/* [<][>][^][v][top][bottom][index][help] */

INCLUDED FROM


   1 /* 
   2    Unix SMB/CIFS implementation.
   3    simple kerberos5 routines for active directory
   4    Copyright (C) Andrew Tridgell 2001
   5    Copyright (C) Luke Howard 2002-2003
   6    
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11    
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16    
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20 
  21 #if defined(HAVE_KRB5)
  22 
  23 #include "auth/kerberos/krb5_init_context.h"
  24 #include "librpc/gen_ndr/krb5pac.h"
  25 
  26 struct auth_serversupplied_info;
  27 struct cli_credentials;
  28 
  29 struct ccache_container {
  30         struct smb_krb5_context *smb_krb5_context;
  31         krb5_ccache ccache;
  32 };
  33 
  34 struct keytab_container {
  35         struct smb_krb5_context *smb_krb5_context;
  36         krb5_keytab keytab;
  37 };
  38 
  39 /* not really ASN.1, but RFC 1964 */
  40 #define TOK_ID_KRB_AP_REQ       ((const uint8_t *)"\x01\x00")
  41 #define TOK_ID_KRB_AP_REP       ((const uint8_t *)"\x02\x00")
  42 #define TOK_ID_KRB_ERROR        ((const uint8_t *)"\x03\x00")
  43 #define TOK_ID_GSS_GETMIC       ((const uint8_t *)"\x01\x01")
  44 #define TOK_ID_GSS_WRAP         ((const uint8_t *)"\x02\x01")
  45 
  46 #ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE
  47 #define KRB5_KEY_TYPE(k)        ((k)->keytype)
  48 #define KRB5_KEY_LENGTH(k)      ((k)->keyvalue.length)
  49 #define KRB5_KEY_DATA(k)        ((k)->keyvalue.data)
  50 #else
  51 #define KRB5_KEY_TYPE(k)        ((k)->enctype)
  52 #define KRB5_KEY_LENGTH(k)      ((k)->length)
  53 #define KRB5_KEY_DATA(k)        ((k)->contents)
  54 #endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */
  55 
  56 #ifndef HAVE_KRB5_SET_REAL_TIME
  57 krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds);
  58 #endif
  59 
  60 #ifndef HAVE_KRB5_SET_DEFAULT_TGS_KTYPES
  61 krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc);
  62 #endif
  63 
  64 #if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
  65 krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock);
  66 #endif
  67 
  68 #ifndef HAVE_KRB5_FREE_UNPARSED_NAME
  69 void krb5_free_unparsed_name(krb5_context ctx, char *val);
  70 #endif
  71 
  72 #if defined(HAVE_KRB5_PRINCIPAL_GET_COMP_STRING) && !defined(HAVE_KRB5_PRINC_COMPONENT)
  73 const krb5_data *krb5_princ_component(krb5_context context, krb5_principal principal, int i );
  74 #endif
  75 
  76 /* Samba wrapper function for krb5 functionality. */
  77 void setup_kaddr( krb5_address *pkaddr, struct sockaddr *paddr);
  78 int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype);
  79 int create_kerberos_key_from_string_direct(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype);
  80 krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt);
  81 krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes);
  82 void free_kerberos_etypes(krb5_context context, krb5_enctype *enctypes);
  83 bool get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, bool remote);
  84 krb5_error_code ads_krb5_mk_req(krb5_context context, 
  85                                 krb5_auth_context *auth_context, 
  86                                 const krb5_flags ap_req_options,
  87                                 const char *principal,
  88                                 krb5_ccache ccache, 
  89                                 krb5_data *outbuf);
  90 bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt);
  91 int kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc, 
  92                                krb5_principal principal, const char *password, 
  93                                time_t *expire_time, time_t *kdc_time);
  94 int kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc, 
  95                                krb5_principal principal, krb5_keyblock *keyblock,
  96                                time_t *expire_time, time_t *kdc_time);
  97 krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context,
  98                                                         krb5_principal host_princ,
  99                                                         int enctype);
 100 void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype);
 101 bool kerberos_compatible_enctypes(krb5_context context, krb5_enctype enctype1, krb5_enctype enctype2);
 102 void kerberos_free_data_contents(krb5_context context, krb5_data *pdata);
 103 krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry);
 104 char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx);
 105  krb5_error_code kinit_to_ccache(TALLOC_CTX *parent_ctx,
 106                           struct cli_credentials *credentials,
 107                           struct smb_krb5_context *smb_krb5_context,
 108                                  krb5_ccache ccache);
 109 krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx, 
 110                                            struct cli_credentials *credentials, 
 111                                            struct smb_krb5_context *smb_krb5_context,
 112                                            krb5_principal *princ);
 113 NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
 114                              struct smb_iconv_convenience *iconv_convenience,
 115                              struct PAC_DATA **pac_data_out,
 116                              DATA_BLOB blob,
 117                              krb5_context context,
 118                              const krb5_keyblock *krbtgt_keyblock,
 119                              const krb5_keyblock *service_keyblock,
 120                              krb5_const_principal client_principal,
 121                              time_t tgs_authtime,
 122                              krb5_error_code *k5ret);
 123  NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
 124                                   struct smb_iconv_convenience *iconv_convenience,
 125                                   struct PAC_LOGON_INFO **logon_info,
 126                                   DATA_BLOB blob,
 127                                   krb5_context context,
 128                                   const krb5_keyblock *krbtgt_keyblock,
 129                                   const krb5_keyblock *service_keyblock,
 130                                   krb5_const_principal client_principal,
 131                                   time_t tgs_authtime, 
 132                                   krb5_error_code *k5ret);
 133  krb5_error_code kerberos_encode_pac(TALLOC_CTX *mem_ctx,
 134                                      struct smb_iconv_convenience *iconv_convenience,
 135                                     struct PAC_DATA *pac_data,
 136                                     krb5_context context,
 137                                     const krb5_keyblock *krbtgt_keyblock,
 138                                     const krb5_keyblock *service_keyblock,
 139                                     DATA_BLOB *pac);
 140  krb5_error_code kerberos_create_pac(TALLOC_CTX *mem_ctx,
 141                                      struct smb_iconv_convenience *iconv_convenience,
 142                                      struct auth_serversupplied_info *server_info,
 143                                      krb5_context context,
 144                                      const krb5_keyblock *krbtgt_keyblock,
 145                                      const krb5_keyblock *service_keyblock,
 146                                      krb5_principal client_principal,
 147                                      time_t tgs_authtime,
 148                                      DATA_BLOB *pac);
 149 struct loadparm_context;
 150 
 151 #include "auth/kerberos/proto.h"
 152 
 153 #endif /* HAVE_KRB5 */

/* [<][>][^][v][top][bottom][index][help] */