1 /* 2 Unix SMB/CIFS implementation. 3 4 Database Glue between Samba and the KDC 5 6 Copyright (C) Guenther Deschner <gd@samba.org> 2014 7 Copyright (C) Andreas Schneider <asn@samba.org> 2014 8 9 This program is free software; you can redistribute it and/or modify 10 it under the terms of the GNU General Public License as published by 11 the Free Software Foundation; either version 3 of the License, or 12 (at your option) any later version. 13 14 This program is distributed in the hope that it will be useful, 15 but WITHOUT ANY WARRANTY; without even the implied warranty of 16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 GNU General Public License for more details. 18 19 20 You should have received a copy of the GNU General Public License 21 along with this program. If not, see <http://www.gnu.org/licenses/>. 22 */ 23 24 #ifndef _KDC_SDB_H_ 25 #define _KDC_SDB_H_ 26 27 struct sdb_salt { 28 unsigned int type; 29 krb5_data salt; 30 }; 31 32 struct sdb_key { 33 unsigned int *mkvno; 34 krb5_keyblock key; 35 struct sdb_salt *salt; 36 }; 37 38 struct sdb_keys { 39 unsigned int len; 40 struct sdb_key *val; 41 }; 42 43 struct sdb_event { 44 krb5_principal principal; 45 time_t time; 46 }; 47 48 struct SDBFlags { 49 unsigned int initial:1; 50 unsigned int forwardable:1; 51 unsigned int proxiable:1; 52 unsigned int renewable:1; 53 unsigned int postdate:1; 54 unsigned int server:1; 55 unsigned int client:1; 56 unsigned int invalid:1; 57 unsigned int require_preauth:1; 58 unsigned int change_pw:1; 59 unsigned int require_hwauth:1; 60 unsigned int ok_as_delegate:1; 61 unsigned int user_to_user:1; 62 unsigned int immutable:1; 63 unsigned int trusted_for_delegation:1; 64 unsigned int allow_kerberos4:1; 65 unsigned int allow_digest:1; 66 unsigned int locked_out:1; 67 unsigned int _unused18:1; 68 unsigned int _unused19:1; 69 unsigned int _unused20:1; 70 unsigned int _unused21:1; 71 unsigned int _unused22:1; 72 unsigned int _unused23:1; 73 unsigned int _unused24:1; 74 unsigned int _unused25:1; 75 unsigned int _unused26:1; 76 unsigned int _unused27:1; 77 unsigned int _unused28:1; 78 unsigned int _unused29:1; 79 unsigned int _unused30:1; 80 unsigned int do_not_store:1; 81 }; 82 83 struct sdb_entry { 84 krb5_principal principal; 85 unsigned int kvno; 86 struct sdb_keys keys; 87 struct sdb_event created_by; 88 struct sdb_event *modified_by; 89 time_t *valid_start; 90 time_t *valid_end; 91 time_t *pw_end; 92 unsigned int *max_life; 93 unsigned int *max_renew; 94 struct SDBFlags flags; 95 }; 96 97 struct sdb_entry_ex { 98 void *ctx; 99 struct sdb_entry entry; 100 void (*free_entry)(struct sdb_entry_ex *); 101 }; 102 103 #define SDB_ERR_NOENTRY 36150275 104 #define SDB_ERR_NOT_FOUND_HERE 36150287 105 #define SDB_ERR_WRONG_REALM 36150289 106 107 #define SDB_F_DECRYPT 1 /* decrypt keys */ 108 #define SDB_F_GET_CLIENT 4 /* fetch client */ 109 #define SDB_F_GET_SERVER 8 /* fetch server */ 110 #define SDB_F_GET_KRBTGT 16 /* fetch krbtgt */ 111 #define SDB_F_GET_ANY 28 /* fetch any of client,server,krbtgt */ 112 #define SDB_F_CANON 32 /* want canonicalition */ 113 #define SDB_F_ADMIN_DATA 64 /* want data that kdc don't use */ 114 #define SDB_F_KVNO_SPECIFIED 128 /* we want a particular KVNO */ 115 #define SDB_F_FOR_AS_REQ 4096 /* fetch is for a AS REQ */ 116 #define SDB_F_FOR_TGS_REQ 8192 /* fetch is for a TGS REQ */ 117 118 void sdb_free_entry(struct sdb_entry_ex *e); 119 void free_sdb_entry(struct sdb_entry *s); 120 struct SDBFlags int2SDBFlags(unsigned n); 121 122 #endif /* _KDC_SDB_H_ */ 123