search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
VERSION: Disable GIT_SNAPSHOT for the 4.18.0rc4 release.
[Samba.git] / auth / gensec / gensec_internal.h
blob8efb1bdff0fb39f0779a5a112d6e192c1d492694
1 /*
2 Unix SMB/CIFS implementation.
3
4 Generic Authentication Interface
5
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #ifndef __GENSEC_INTERNAL_H__
24 #define __GENSEC_INTERNAL_H__
25
26 struct gensec_security;
27
28 struct gensec_security_ops {
29 const char *name;
30 const char *sasl_name;
31 bool weak_crypto;
32 uint8_t auth_type; /* 0 if not offered on DCE-RPC */
33 const char **oid; /* NULL if not offered by SPNEGO */
34 NTSTATUS (*client_start)(struct gensec_security *gensec_security);
35 NTSTATUS (*server_start)(struct gensec_security *gensec_security);
36 /**
37 Determine if a packet has the right 'magic' for this mechanism
38 */
39 NTSTATUS (*magic)(struct gensec_security *gensec_security,
40 const DATA_BLOB *first_packet);
41 struct tevent_req *(*update_send)(TALLOC_CTX *mem_ctx,
42 struct tevent_context *ev,
43 struct gensec_security *gensec_security,
44 const DATA_BLOB in);
45 NTSTATUS (*update_recv)(struct tevent_req *req,
46 TALLOC_CTX *out_mem_ctx,
47 DATA_BLOB *out);
48 NTSTATUS (*may_reset_crypto)(struct gensec_security *gensec_security,
49 bool full_reset);
50 NTSTATUS (*seal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
51 uint8_t *data, size_t length,
52 const uint8_t *whole_pdu, size_t pdu_length,
53 DATA_BLOB *sig);
54 NTSTATUS (*sign_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
55 const uint8_t *data, size_t length,
56 const uint8_t *whole_pdu, size_t pdu_length,
57 DATA_BLOB *sig);
58 size_t (*sig_size)(struct gensec_security *gensec_security, size_t data_size);
59 size_t (*max_input_size)(struct gensec_security *gensec_security);
60 size_t (*max_wrapped_size)(struct gensec_security *gensec_security);
61 NTSTATUS (*check_packet)(struct gensec_security *gensec_security,
62 const uint8_t *data, size_t length,
63 const uint8_t *whole_pdu, size_t pdu_length,
64 const DATA_BLOB *sig);
65 NTSTATUS (*unseal_packet)(struct gensec_security *gensec_security,
66 uint8_t *data, size_t length,
67 const uint8_t *whole_pdu, size_t pdu_length,
68 const DATA_BLOB *sig);
69 NTSTATUS (*wrap)(struct gensec_security *gensec_security,
70 TALLOC_CTX *mem_ctx,
71 const DATA_BLOB *in,
72 DATA_BLOB *out);
73 NTSTATUS (*unwrap)(struct gensec_security *gensec_security,
74 TALLOC_CTX *mem_ctx,
75 const DATA_BLOB *in,
76 DATA_BLOB *out);
77 NTSTATUS (*session_key)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx,
78 DATA_BLOB *session_key);
79 NTSTATUS (*session_info)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx,
80 struct auth_session_info **session_info);
81 void (*want_feature)(struct gensec_security *gensec_security,
82 uint32_t feature);
83 bool (*have_feature)(struct gensec_security *gensec_security,
84 uint32_t feature);
85 NTTIME (*expire_time)(struct gensec_security *gensec_security);
86 const char *(*final_auth_type)(struct gensec_security *gensec_security);
87 bool enabled;
88 bool kerberos;
89 enum gensec_priority priority;
90 bool glue;
91 };
92
93 struct gensec_security_ops_wrapper {
94 const struct gensec_security_ops *op;
95 const char *oid;
96 };
97
98 struct gensec_security {
99 const struct gensec_security_ops *ops;
100 void *private_data;
101 struct cli_credentials *credentials;
102 struct gensec_target target;
103 enum gensec_role gensec_role;
104 bool subcontext;
105 uint32_t want_features;
106 uint32_t max_update_size;
107 uint8_t dcerpc_auth_level;
108 struct tsocket_address *local_addr, *remote_addr;
109 struct gensec_settings *settings;
110
111 /* When we are a server, this may be filled in to provide an
112 * NTLM authentication backend, and user lookup (such as if no
113 * PAC is found) */
114 struct auth4_context *auth_context;
115
116 struct gensec_security *parent_security;
117 struct gensec_security *child_security;
118
119 /*
120 * This is used to mark the context as being
121 * busy in an async gensec_update_send().
122 */
123 struct gensec_security **update_busy_ptr;
124 };
125
126 /* this structure is used by backends to determine the size of some critical types */
127 struct gensec_critical_sizes {
128 int interface_version;
129 int sizeof_gensec_security_ops;
130 int sizeof_gensec_security;
131 };
132
133 NTSTATUS gensec_may_reset_crypto(struct gensec_security *gensec_security,
134 bool full_reset);
135
136 const char *gensec_final_auth_type(struct gensec_security *gensec_security);
137
138 NTSTATUS gensec_child_ready(struct gensec_security *parent,
139 struct gensec_security *child);
140 void gensec_child_want_feature(struct gensec_security *gensec_security,
141 uint32_t feature);
142 bool gensec_child_have_feature(struct gensec_security *gensec_security,
143 uint32_t feature);
144 NTSTATUS gensec_child_unseal_packet(struct gensec_security *gensec_security,
145 uint8_t *data, size_t length,
146 const uint8_t *whole_pdu, size_t pdu_length,
147 const DATA_BLOB *sig);
148 NTSTATUS gensec_child_check_packet(struct gensec_security *gensec_security,
149 const uint8_t *data, size_t length,
150 const uint8_t *whole_pdu, size_t pdu_length,
151 const DATA_BLOB *sig);
152 NTSTATUS gensec_child_seal_packet(struct gensec_security *gensec_security,
153 TALLOC_CTX *mem_ctx,
154 uint8_t *data, size_t length,
155 const uint8_t *whole_pdu, size_t pdu_length,
156 DATA_BLOB *sig);
157 NTSTATUS gensec_child_sign_packet(struct gensec_security *gensec_security,
158 TALLOC_CTX *mem_ctx,
159 const uint8_t *data, size_t length,
160 const uint8_t *whole_pdu, size_t pdu_length,
161 DATA_BLOB *sig);
162 NTSTATUS gensec_child_wrap(struct gensec_security *gensec_security,
163 TALLOC_CTX *mem_ctx,
164 const DATA_BLOB *in,
165 DATA_BLOB *out);
166 NTSTATUS gensec_child_unwrap(struct gensec_security *gensec_security,
167 TALLOC_CTX *mem_ctx,
168 const DATA_BLOB *in,
169 DATA_BLOB *out);
170 size_t gensec_child_sig_size(struct gensec_security *gensec_security,
171 size_t data_size);
172 size_t gensec_child_max_input_size(struct gensec_security *gensec_security);
173 size_t gensec_child_max_wrapped_size(struct gensec_security *gensec_security);
174 NTSTATUS gensec_child_session_key(struct gensec_security *gensec_security,
175 TALLOC_CTX *mem_ctx,
176 DATA_BLOB *session_key);
177 NTSTATUS gensec_child_session_info(struct gensec_security *gensec_security,
178 TALLOC_CTX *mem_ctx,
179 struct auth_session_info **session_info);
180 NTTIME gensec_child_expire_time(struct gensec_security *gensec_security);
181 const char *gensec_child_final_auth_type(struct gensec_security *gensec_security);
182
183 #endif /* __GENSEC_H__ */
Samba GIT mirror