Line data    Source code

       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             :    Samba Active Directory authentication policy private implementation details
       4             : 
       5             :    Copyright (C) Catalyst.Net Ltd 2023
       6             : 
       7             :    This program is free software; you can redistribute it and/or modify
       8             :    it under the terms of the GNU General Public License as published by
       9             :    the Free Software Foundation; either version 3 of the License, or
      10             :    (at your option) any later version.
      11             : 
      12             :    This program is distributed in the hope that it will be useful,
      13             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      14             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      15             :    GNU General Public License for more details.
      16             : 
      17             :    You should have received a copy of the GNU General Public License
      18             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      19             : */
      20             : 
      21             : #ifndef KDC_AUTHN_POLICY_IMPL_H
      22             : #define KDC_AUTHN_POLICY_IMPL_H
      23             : 
      24             : #include "lib/replace/replace.h"
      25             : 
      26             : #include "auth/authn_policy.h"
      27             : #include "lib/util/data_blob.h"
      28             : #include "libcli/util/ntstatus.h"
      29             : 
      30             : struct authn_policy {
      31             :         const char *silo_name;
      32             :         const char *policy_name;
      33             :         bool enforced;
      34             : };
      35             : 
      36             : bool authn_policy_is_enforced(const struct authn_policy *policy);
      37             : 
      38             : struct authn_kerberos_client_policy {
      39             :         struct authn_policy policy;
      40             :         DATA_BLOB allowed_to_authenticate_from;
      41             :         int64_t tgt_lifetime_raw;
      42             : };
      43             : 
      44             : struct authn_ntlm_client_policy {
      45             :         struct authn_policy policy;
      46             :         DATA_BLOB allowed_to_authenticate_from;
      47             :         bool allowed_ntlm_network_auth;
      48             : };
      49             : 
      50             : struct authn_server_policy {
      51             :         struct authn_policy policy;
      52             :         DATA_BLOB allowed_to_authenticate_to;
      53             : };
      54             : 
      55             : /* Auditing information. */
      56             : 
      57             : struct authn_audit_info {
      58             :         struct authn_policy *policy;
      59             :         const struct auth_user_info_dc *client_info;
      60             :         enum authn_audit_event event;
      61             :         enum authn_audit_reason reason;
      62             :         NTSTATUS policy_status;
      63             :         const char *location;
      64             :         struct authn_int64_optional tgt_lifetime_raw;
      65             : };
      66             : 
      67         791 : static inline struct authn_int64_optional authn_int64_some(const int64_t val)
      68             : {
      69         791 :         return (struct authn_int64_optional) {
      70             :                 .is_present = true,
      71             :                 .val = val,
      72             :         };
      73             : }
      74             : 
      75         751 : static inline struct authn_int64_optional authn_int64_none(void)
      76             : {
      77         751 :         return (struct authn_int64_optional) {
      78             :                 .is_present = false,
      79             :         };
      80             : }
      81             : 
      82             : #endif