search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:libnet: Use GnuTLS RC4 in libnet_SetPassword_samr_handle_24()
[Samba.git] / auth / gensec / gensec_internal.h
blob911b48b52d625f79165081fba5c2018e736948f3
1 /*
2 Unix SMB/CIFS implementation.
3
4 Generic Authentication Interface
5
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #ifndef __GENSEC_INTERNAL_H__
24 #define __GENSEC_INTERNAL_H__
25
26 struct gensec_security;
27
28 struct gensec_security_ops {
29 const char *name;
30 const char *sasl_name;
31 uint8_t auth_type; /* 0 if not offered on DCE-RPC */
32 const char **oid; /* NULL if not offered by SPNEGO */
33 NTSTATUS (*client_start)(struct gensec_security *gensec_security);
34 NTSTATUS (*server_start)(struct gensec_security *gensec_security);
35 /**
36 Determine if a packet has the right 'magic' for this mechanism
37 */
38 NTSTATUS (*magic)(struct gensec_security *gensec_security,
39 const DATA_BLOB *first_packet);
40 struct tevent_req *(*update_send)(TALLOC_CTX *mem_ctx,
41 struct tevent_context *ev,
42 struct gensec_security *gensec_security,
43 const DATA_BLOB in);
44 NTSTATUS (*update_recv)(struct tevent_req *req,
45 TALLOC_CTX *out_mem_ctx,
46 DATA_BLOB *out);
47 NTSTATUS (*may_reset_crypto)(struct gensec_security *gensec_security,
48 bool full_reset);
49 NTSTATUS (*seal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
50 uint8_t *data, size_t length,
51 const uint8_t *whole_pdu, size_t pdu_length,
52 DATA_BLOB *sig);
53 NTSTATUS (*sign_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
54 const uint8_t *data, size_t length,
55 const uint8_t *whole_pdu, size_t pdu_length,
56 DATA_BLOB *sig);
57 size_t (*sig_size)(struct gensec_security *gensec_security, size_t data_size);
58 size_t (*max_input_size)(struct gensec_security *gensec_security);
59 size_t (*max_wrapped_size)(struct gensec_security *gensec_security);
60 NTSTATUS (*check_packet)(struct gensec_security *gensec_security,
61 const uint8_t *data, size_t length,
62 const uint8_t *whole_pdu, size_t pdu_length,
63 const DATA_BLOB *sig);
64 NTSTATUS (*unseal_packet)(struct gensec_security *gensec_security,
65 uint8_t *data, size_t length,
66 const uint8_t *whole_pdu, size_t pdu_length,
67 const DATA_BLOB *sig);
68 NTSTATUS (*wrap)(struct gensec_security *gensec_security,
69 TALLOC_CTX *mem_ctx,
70 const DATA_BLOB *in,
71 DATA_BLOB *out);
72 NTSTATUS (*unwrap)(struct gensec_security *gensec_security,
73 TALLOC_CTX *mem_ctx,
74 const DATA_BLOB *in,
75 DATA_BLOB *out);
76 NTSTATUS (*session_key)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx,
77 DATA_BLOB *session_key);
78 NTSTATUS (*session_info)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx,
79 struct auth_session_info **session_info);
80 void (*want_feature)(struct gensec_security *gensec_security,
81 uint32_t feature);
82 bool (*have_feature)(struct gensec_security *gensec_security,
83 uint32_t feature);
84 NTTIME (*expire_time)(struct gensec_security *gensec_security);
85 const char *(*final_auth_type)(struct gensec_security *gensec_security);
86 bool enabled;
87 bool kerberos;
88 enum gensec_priority priority;
89 bool glue;
90 };
91
92 struct gensec_security_ops_wrapper {
93 const struct gensec_security_ops *op;
94 const char *oid;
95 };
96
97 struct gensec_security {
98 const struct gensec_security_ops *ops;
99 void *private_data;
100 struct cli_credentials *credentials;
101 struct gensec_target target;
102 enum gensec_role gensec_role;
103 bool subcontext;
104 uint32_t want_features;
105 uint32_t max_update_size;
106 uint8_t dcerpc_auth_level;
107 struct tsocket_address *local_addr, *remote_addr;
108 struct gensec_settings *settings;
109
110 /* When we are a server, this may be filled in to provide an
111 * NTLM authentication backend, and user lookup (such as if no
112 * PAC is found) */
113 struct auth4_context *auth_context;
114
115 struct gensec_security *parent_security;
116 struct gensec_security *child_security;
117
118 /*
119 * This is used to mark the context as being
120 * busy in an async gensec_update_send().
121 */
122 struct gensec_security **update_busy_ptr;
123 };
124
125 /* this structure is used by backends to determine the size of some critical types */
126 struct gensec_critical_sizes {
127 int interface_version;
128 int sizeof_gensec_security_ops;
129 int sizeof_gensec_security;
130 };
131
132 NTSTATUS gensec_may_reset_crypto(struct gensec_security *gensec_security,
133 bool full_reset);
134
135 const char *gensec_final_auth_type(struct gensec_security *gensec_security);
136
137 NTSTATUS gensec_child_ready(struct gensec_security *parent,
138 struct gensec_security *child);
139 void gensec_child_want_feature(struct gensec_security *gensec_security,
140 uint32_t feature);
141 bool gensec_child_have_feature(struct gensec_security *gensec_security,
142 uint32_t feature);
143 NTSTATUS gensec_child_unseal_packet(struct gensec_security *gensec_security,
144 uint8_t *data, size_t length,
145 const uint8_t *whole_pdu, size_t pdu_length,
146 const DATA_BLOB *sig);
147 NTSTATUS gensec_child_check_packet(struct gensec_security *gensec_security,
148 const uint8_t *data, size_t length,
149 const uint8_t *whole_pdu, size_t pdu_length,
150 const DATA_BLOB *sig);
151 NTSTATUS gensec_child_seal_packet(struct gensec_security *gensec_security,
152 TALLOC_CTX *mem_ctx,
153 uint8_t *data, size_t length,
154 const uint8_t *whole_pdu, size_t pdu_length,
155 DATA_BLOB *sig);
156 NTSTATUS gensec_child_sign_packet(struct gensec_security *gensec_security,
157 TALLOC_CTX *mem_ctx,
158 const uint8_t *data, size_t length,
159 const uint8_t *whole_pdu, size_t pdu_length,
160 DATA_BLOB *sig);
161 NTSTATUS gensec_child_wrap(struct gensec_security *gensec_security,
162 TALLOC_CTX *mem_ctx,
163 const DATA_BLOB *in,
164 DATA_BLOB *out);
165 NTSTATUS gensec_child_unwrap(struct gensec_security *gensec_security,
166 TALLOC_CTX *mem_ctx,
167 const DATA_BLOB *in,
168 DATA_BLOB *out);
169 size_t gensec_child_sig_size(struct gensec_security *gensec_security,
170 size_t data_size);
171 size_t gensec_child_max_input_size(struct gensec_security *gensec_security);
172 size_t gensec_child_max_wrapped_size(struct gensec_security *gensec_security);
173 NTSTATUS gensec_child_session_key(struct gensec_security *gensec_security,
174 TALLOC_CTX *mem_ctx,
175 DATA_BLOB *session_key);
176 NTSTATUS gensec_child_session_info(struct gensec_security *gensec_security,
177 TALLOC_CTX *mem_ctx,
178 struct auth_session_info **session_info);
179 NTTIME gensec_child_expire_time(struct gensec_security *gensec_security);
180 const char *gensec_child_final_auth_type(struct gensec_security *gensec_security);
181
182 #endif /* __GENSEC_H__ */
Samba GIT mirror