auth/kerberos: Create common helper to get the verified PAC from GSSAPI
[samba.git] / libcli / auth / krb5_wrap.h
1 /*
2    Unix SMB/CIFS implementation.
3    simple kerberos5 routines for active directory
4    Copyright (C) Andrew Tridgell 2001
5    Copyright (C) Luke Howard 2002-2003
6    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
7    Copyright (C) Guenther Deschner 2005-2009
8
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 3 of the License, or
12    (at your option) any later version.
13
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18
19    You should have received a copy of the GNU General Public License
20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "system/kerberos.h"
24 struct PAC_SIGNATURE_DATA;
25 struct PAC_DATA;
26
27 int create_kerberos_key_from_string_direct(krb5_context context,
28                                                   krb5_principal host_princ,
29                                                   krb5_data *password,
30                                                   krb5_keyblock *key,
31                                            krb5_enctype enctype);
32 void kerberos_free_data_contents(krb5_context context, krb5_data *pdata);
33 krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry);
34
35  krb5_error_code smb_krb5_parse_name(krb5_context context,
36                                 const char *name, /* in unix charset */
37                                      krb5_principal *principal);
38 krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
39                                       krb5_context context,
40                                       krb5_const_principal principal,
41                                       char **unix_name);
42  krb5_error_code smb_krb5_parse_name_norealm(krb5_context context, 
43                                             const char *name, 
44                                              krb5_principal *principal);
45  bool smb_krb5_principal_compare_any_realm(krb5_context context, 
46                                           krb5_const_principal princ1, 
47                                            krb5_const_principal princ2);
48  void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum,
49                                      struct PAC_SIGNATURE_DATA *sig);
50  krb5_error_code smb_krb5_verify_checksum(krb5_context context,
51                                           const krb5_keyblock *keyblock,
52                                          krb5_keyusage usage,
53                                          krb5_checksum *cksum,
54                                          uint8_t *data,
55                                           size_t length);
56 char *gssapi_error_string(TALLOC_CTX *mem_ctx, 
57                           OM_uint32 maj_stat, OM_uint32 min_stat, 
58                           const gss_OID mech);
59 char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx);
60
61 krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
62                                    DATA_BLOB pac_data,
63                                    struct PAC_SIGNATURE_DATA *sig,
64                                    krb5_context context,
65                                    const krb5_keyblock *keyblock);
66
67 NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
68                              DATA_BLOB pac_data_blob,
69                              krb5_context context,
70                              const krb5_keyblock *krbtgt_keyblock,
71                              const krb5_keyblock *service_keyblock,
72                              krb5_const_principal client_principal,
73                              time_t tgs_authtime,
74                              struct PAC_DATA **pac_data_out);
75
76 NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx,
77                                 gss_ctx_id_t gssapi_context,
78                                 gss_name_t gss_client_name,
79                                 DATA_BLOB *pac_data);