search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: smbd: SMB1 add range checks to reply_search().
[Samba.git] / auth / ntlmssp / ntlmssp_private.h
blob95ec6374f51222bbb67dcc3cd48f655ee58e8af7
1 /*
2 * Unix SMB/CIFS implementation.
3 * Version 3.0
4 * NTLMSSP Signing routines
5 * Copyright (C) Andrew Bartlett 2003-2005
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 /* For structures internal to the NTLMSSP implementation that should not be exposed */
22
23 #include "../lib/crypto/arcfour.h"
24
25 struct auth_session_info;
26
27 struct ntlmssp_crypt_direction {
28 uint32_t seq_num;
29 uint8_t sign_key[16];
30 struct arcfour_state seal_state;
31 };
32
33 union ntlmssp_crypt_state {
34 /* NTLM */
35 struct ntlmssp_crypt_direction ntlm;
36
37 /* NTLM2 */
38 struct {
39 struct ntlmssp_crypt_direction sending;
40 struct ntlmssp_crypt_direction receiving;
41 } ntlm2;
42 };
43
44 struct gensec_ntlmssp_context {
45 /* For GENSEC users */
46 void *server_returned_info;
47
48 /* used by both client and server implementation */
49 struct ntlmssp_state *ntlmssp_state;
50 };
51
52 /* The following definitions come from auth/ntlmssp_util.c */
53
54 void debug_ntlmssp_flags(uint32_t neg_flags);
55 NTSTATUS ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
56 uint32_t neg_flags, const char *name);
57 const DATA_BLOB ntlmssp_version_blob(void);
58
59 /* The following definitions come from auth/ntlmssp_server.c */
60
61 const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state,
62 uint32_t neg_flags, uint32_t *chal_flags);
63 NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
64 TALLOC_CTX *out_mem_ctx,
65 const DATA_BLOB in, DATA_BLOB *out);
66 NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
67 TALLOC_CTX *out_mem_ctx,
68 const DATA_BLOB request, DATA_BLOB *reply);
69 /* The following definitions come from auth/ntlmssp/ntlmssp_client.c */
70
71
72 /**
73 * Next state function for the Initial packet
74 *
75 * @param ntlmssp_state NTLMSSP State
76 * @param out_mem_ctx The DATA_BLOB *out will be allocated on this context
77 * @param in A NULL data blob (input ignored)
78 * @param out The initial negotiate request to the server, as an talloc()ed DATA_BLOB, on out_mem_ctx
79 * @return Errors or NT_STATUS_OK.
80 */
81 NTSTATUS ntlmssp_client_initial(struct gensec_security *gensec_security,
82 TALLOC_CTX *out_mem_ctx,
83 DATA_BLOB in, DATA_BLOB *out) ;
84
85 NTSTATUS gensec_ntlmssp_resume_ccache(struct gensec_security *gensec_security,
86 TALLOC_CTX *out_mem_ctx,
87 DATA_BLOB in, DATA_BLOB *out);
88
89 /**
90 * Next state function for the Challenge Packet. Generate an auth packet.
91 *
92 * @param gensec_security GENSEC state
93 * @param out_mem_ctx Memory context for *out
94 * @param in The server challnege, as a DATA_BLOB. reply.data must be NULL
95 * @param out The next request (auth packet) to the server, as an allocated DATA_BLOB, on the out_mem_ctx context
96 * @return Errors or NT_STATUS_OK.
97 */
98 NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
99 TALLOC_CTX *out_mem_ctx,
100 const DATA_BLOB in, DATA_BLOB *out) ;
101 NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security);
102 NTSTATUS gensec_ntlmssp_resume_ccache_start(struct gensec_security *gensec_security);
103
104 /* The following definitions come from auth/ntlmssp/gensec_ntlmssp_server.c */
105
106
107 /**
108 * Next state function for the Negotiate packet (GENSEC wrapper)
109 *
110 * @param gensec_security GENSEC state
111 * @param out_mem_ctx Memory context for *out
112 * @param in The request, as a DATA_BLOB. reply.data must be NULL
113 * @param out The reply, as an allocated DATA_BLOB, caller to free.
114 * @return Errors or MORE_PROCESSING_REQUIRED if (normal) a reply is required.
115 */
116 NTSTATUS gensec_ntlmssp_server_negotiate(struct gensec_security *gensec_security,
117 TALLOC_CTX *out_mem_ctx,
118 const DATA_BLOB request, DATA_BLOB *reply);
119
120 struct tevent_req *ntlmssp_server_auth_send(TALLOC_CTX *mem_ctx,
121 struct tevent_context *ev,
122 struct gensec_security *gensec_security,
123 const DATA_BLOB in);
124 NTSTATUS ntlmssp_server_auth_recv(struct tevent_req *req,
125 TALLOC_CTX *out_mem_ctx,
126 DATA_BLOB *out);
127
128
129 /**
130 * Start NTLMSSP on the server side
131 *
132 */
133 NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security);
134
135 /**
136 * Return the credentials of a logged on user, including session keys
137 * etc.
138 *
139 * Only valid after a successful authentication
140 *
141 * May only be called once per authentication.
142 *
143 */
144 NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
145 TALLOC_CTX *mem_ctx,
146 struct auth_session_info **session_info) ;
147
148 /* The following definitions come from auth/ntlmssp/gensec_ntlmssp.c */
149
150 NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security,
151 TALLOC_CTX *sig_mem_ctx,
152 const uint8_t *data, size_t length,
153 const uint8_t *whole_pdu, size_t pdu_length,
154 DATA_BLOB *sig);
155 NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
156 const uint8_t *data, size_t length,
157 const uint8_t *whole_pdu, size_t pdu_length,
158 const DATA_BLOB *sig);
159 NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security,
160 TALLOC_CTX *sig_mem_ctx,
161 uint8_t *data, size_t length,
162 const uint8_t *whole_pdu, size_t pdu_length,
163 DATA_BLOB *sig);
164 NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security,
165 uint8_t *data, size_t length,
166 const uint8_t *whole_pdu, size_t pdu_length,
167 const DATA_BLOB *sig);
168 size_t gensec_ntlmssp_sig_size(struct gensec_security *gensec_security, size_t data_size) ;
169 NTSTATUS gensec_ntlmssp_wrap(struct gensec_security *gensec_security,
170 TALLOC_CTX *out_mem_ctx,
171 const DATA_BLOB *in,
172 DATA_BLOB *out);
173 NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security,
174 TALLOC_CTX *out_mem_ctx,
175 const DATA_BLOB *in,
176 DATA_BLOB *out);
177
178 /**
179 * Return the NTLMSSP master session key
180 *
181 * @param ntlmssp_state NTLMSSP State
182 */
183 NTSTATUS gensec_ntlmssp_magic(struct gensec_security *gensec_security,
184 const DATA_BLOB *first_packet);
185 bool gensec_ntlmssp_have_feature(struct gensec_security *gensec_security,
186 uint32_t feature);
187 NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security,
188 TALLOC_CTX *mem_ctx,
189 DATA_BLOB *session_key);
190 NTSTATUS gensec_ntlmssp_start(struct gensec_security *gensec_security);
191
Samba GIT mirror