search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
wb_sids2xids: split out wb_sids2xids_next_sids2unix()
[Samba.git] / auth / ntlmssp / ntlmssp_private.h
blob4d84e3347b6c8608912f3dc3f1ae1bc466fd7177
1 /*
2 * Unix SMB/CIFS implementation.
3 * Version 3.0
4 * NTLMSSP Signing routines
5 * Copyright (C) Andrew Bartlett 2003-2005
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 /* For structures internal to the NTLMSSP implementation that should not be exposed */
22
23 #include <gnutls/gnutls.h>
24 #include <gnutls/crypto.h>
25
26 struct auth_session_info;
27
28 struct ntlmssp_crypt_direction {
29 uint32_t seq_num;
30 uint8_t sign_key[16];
31 gnutls_cipher_hd_t seal_state;
32 };
33
34 union ntlmssp_crypt_state {
35 /* NTLM */
36 struct ntlmssp_crypt_direction ntlm;
37
38 /* NTLM2 */
39 struct {
40 struct ntlmssp_crypt_direction sending;
41 struct ntlmssp_crypt_direction receiving;
42 } ntlm2;
43 };
44
45 struct gensec_ntlmssp_context {
46 /* For GENSEC users */
47 void *server_returned_info;
48
49 /* used by both client and server implementation */
50 struct ntlmssp_state *ntlmssp_state;
51 };
52
53 /* The following definitions come from auth/ntlmssp_util.c */
54
55 void debug_ntlmssp_flags(uint32_t neg_flags);
56 NTSTATUS ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
57 uint32_t neg_flags, const char *name);
58 const DATA_BLOB ntlmssp_version_blob(void);
59
60 /* The following definitions come from auth/ntlmssp_server.c */
61
62 const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state,
63 uint32_t neg_flags, uint32_t *chal_flags);
64 NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
65 TALLOC_CTX *out_mem_ctx,
66 const DATA_BLOB in, DATA_BLOB *out);
67 NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
68 TALLOC_CTX *out_mem_ctx,
69 const DATA_BLOB request, DATA_BLOB *reply);
70 /* The following definitions come from auth/ntlmssp/ntlmssp_client.c */
71
72
73 /**
74 * Next state function for the Initial packet
75 *
76 * @param ntlmssp_state NTLMSSP State
77 * @param out_mem_ctx The DATA_BLOB *out will be allocated on this context
78 * @param in A NULL data blob (input ignored)
79 * @param out The initial negotiate request to the server, as an talloc()ed DATA_BLOB, on out_mem_ctx
80 * @return Errors or NT_STATUS_OK.
81 */
82 NTSTATUS ntlmssp_client_initial(struct gensec_security *gensec_security,
83 TALLOC_CTX *out_mem_ctx,
84 DATA_BLOB in, DATA_BLOB *out) ;
85
86 NTSTATUS gensec_ntlmssp_resume_ccache(struct gensec_security *gensec_security,
87 TALLOC_CTX *out_mem_ctx,
88 DATA_BLOB in, DATA_BLOB *out);
89
90 /**
91 * Next state function for the Challenge Packet. Generate an auth packet.
92 *
93 * @param gensec_security GENSEC state
94 * @param out_mem_ctx Memory context for *out
95 * @param in The server challnege, as a DATA_BLOB. reply.data must be NULL
96 * @param out The next request (auth packet) to the server, as an allocated DATA_BLOB, on the out_mem_ctx context
97 * @return Errors or NT_STATUS_OK.
98 */
99 NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
100 TALLOC_CTX *out_mem_ctx,
101 const DATA_BLOB in, DATA_BLOB *out) ;
102 NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security);
103 NTSTATUS gensec_ntlmssp_resume_ccache_start(struct gensec_security *gensec_security);
104
105 /* The following definitions come from auth/ntlmssp/gensec_ntlmssp_server.c */
106
107
108 /**
109 * Next state function for the Negotiate packet (GENSEC wrapper)
110 *
111 * @param gensec_security GENSEC state
112 * @param out_mem_ctx Memory context for *out
113 * @param in The request, as a DATA_BLOB. reply.data must be NULL
114 * @param out The reply, as an allocated DATA_BLOB, caller to free.
115 * @return Errors or MORE_PROCESSING_REQUIRED if (normal) a reply is required.
116 */
117 NTSTATUS gensec_ntlmssp_server_negotiate(struct gensec_security *gensec_security,
118 TALLOC_CTX *out_mem_ctx,
119 const DATA_BLOB request, DATA_BLOB *reply);
120
121 struct tevent_req *ntlmssp_server_auth_send(TALLOC_CTX *mem_ctx,
122 struct tevent_context *ev,
123 struct gensec_security *gensec_security,
124 const DATA_BLOB in);
125 NTSTATUS ntlmssp_server_auth_recv(struct tevent_req *req,
126 TALLOC_CTX *out_mem_ctx,
127 DATA_BLOB *out);
128
129
130 /**
131 * Start NTLMSSP on the server side
132 *
133 */
134 NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security);
135
136 /**
137 * Return the credentials of a logged on user, including session keys
138 * etc.
139 *
140 * Only valid after a successful authentication
141 *
142 * May only be called once per authentication.
143 *
144 */
145 NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
146 TALLOC_CTX *mem_ctx,
147 struct auth_session_info **session_info) ;
148
149 /* The following definitions come from auth/ntlmssp/gensec_ntlmssp.c */
150
151 NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security,
152 TALLOC_CTX *sig_mem_ctx,
153 const uint8_t *data, size_t length,
154 const uint8_t *whole_pdu, size_t pdu_length,
155 DATA_BLOB *sig);
156 NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
157 const uint8_t *data, size_t length,
158 const uint8_t *whole_pdu, size_t pdu_length,
159 const DATA_BLOB *sig);
160 NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security,
161 TALLOC_CTX *sig_mem_ctx,
162 uint8_t *data, size_t length,
163 const uint8_t *whole_pdu, size_t pdu_length,
164 DATA_BLOB *sig);
165 NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security,
166 uint8_t *data, size_t length,
167 const uint8_t *whole_pdu, size_t pdu_length,
168 const DATA_BLOB *sig);
169 size_t gensec_ntlmssp_sig_size(struct gensec_security *gensec_security, size_t data_size) ;
170 NTSTATUS gensec_ntlmssp_wrap(struct gensec_security *gensec_security,
171 TALLOC_CTX *out_mem_ctx,
172 const DATA_BLOB *in,
173 DATA_BLOB *out);
174 NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security,
175 TALLOC_CTX *out_mem_ctx,
176 const DATA_BLOB *in,
177 DATA_BLOB *out);
178
179 /**
180 * Return the NTLMSSP master session key
181 *
182 * @param ntlmssp_state NTLMSSP State
183 */
184 NTSTATUS gensec_ntlmssp_magic(struct gensec_security *gensec_security,
185 const DATA_BLOB *first_packet);
186 bool gensec_ntlmssp_have_feature(struct gensec_security *gensec_security,
187 uint32_t feature);
188 NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security,
189 TALLOC_CTX *mem_ctx,
190 DATA_BLOB *session_key);
191 NTSTATUS gensec_ntlmssp_start(struct gensec_security *gensec_security);
192
Samba GIT mirror