2 Unix SMB/CIFS implementation.
3 Standardised Authentication types
4 Copyright (C) Andrew Bartlett 2001
5 Copyright (C) Stefan Metzmacher 2005
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "librpc/gen_ndr/ndr_krb5pac.h"
25 #include "librpc/gen_ndr/auth.h"
26 #include "../auth/common_auth.h"
28 extern const char *krbtgt_attrs
[];
29 extern const char *server_attrs
[];
30 extern const char *user_attrs
[];
32 union netr_Validation
;
33 struct netr_SamBaseInfo
;
35 struct loadparm_context
;
37 /* modules can use the following to determine if the interface has changed
38 * please increment the version number after each interface change
39 * with a comment and maybe update struct auth_critical_sizes.
41 /* version 1 - version from samba 3.0 - metze */
42 /* version 2 - initial samba4 version - metze */
43 /* version 3 - subsequent samba4 version - abartlet */
44 /* version 4 - subsequent samba4 version - metze */
45 /* version 0 - till samba4 is stable - metze */
46 #define AUTH4_INTERFACE_VERSION 0
48 struct auth_method_context
;
50 struct auth_session_info
;
52 struct smb_krb5_context
;
54 struct auth_operations
{
57 /* Given the user supplied info, check if this backend want to handle the password checking */
59 NTSTATUS (*want_check
)(struct auth_method_context
*ctx
, TALLOC_CTX
*mem_ctx
,
60 const struct auth_usersupplied_info
*user_info
);
62 /* Given the user supplied info, check a password */
64 struct tevent_req
*(*check_password_send
)(TALLOC_CTX
*mem_ctx
,
65 struct tevent_context
*ev
,
66 struct auth_method_context
*ctx
,
67 const struct auth_usersupplied_info
*user_info
);
68 NTSTATUS (*check_password_recv
)(struct tevent_req
*subreq
,
70 struct auth_user_info_dc
**interim_info
,
73 /* Lookup a 'session info interim' return based only on the principal or DN */
74 NTSTATUS (*get_user_info_dc_principal
)(TALLOC_CTX
*mem_ctx
,
75 struct auth4_context
*auth_context
,
76 const char *principal
,
77 struct ldb_dn
*user_dn
,
78 struct auth_user_info_dc
**interim_info
);
82 struct auth_method_context
{
83 struct auth_method_context
*prev
, *next
;
84 struct auth4_context
*auth_ctx
;
85 const struct auth_operations
*ops
;
90 /* this structure is used by backends to determine the size of some critical types */
91 struct auth_critical_sizes
{
92 int interface_version
;
93 int sizeof_auth_operations
;
94 int sizeof_auth_methods
;
95 int sizeof_auth_context
;
96 int sizeof_auth_usersupplied_info
;
97 int sizeof_auth_user_info_dc
;
100 NTSTATUS
encrypt_user_info(TALLOC_CTX
*mem_ctx
, struct auth4_context
*auth_context
,
101 enum auth_password_state to_state
,
102 const struct auth_usersupplied_info
*user_info_in
,
103 const struct auth_usersupplied_info
**user_info_encrypted
);
105 #include "auth/session.h"
106 #include "auth/unix_token_proto.h"
107 #include "auth/system_session_proto.h"
108 #include "libcli/security/security.h"
112 struct gensec_security
;
113 struct cli_credentials
;
115 NTSTATUS
auth_get_challenge(struct auth4_context
*auth_ctx
, uint8_t chal
[8]);
116 NTSTATUS
authsam_account_ok(TALLOC_CTX
*mem_ctx
,
117 struct ldb_context
*sam_ctx
,
118 uint32_t logon_parameters
,
119 struct ldb_dn
*domain_dn
,
120 struct ldb_message
*msg
,
121 const char *logon_workstation
,
122 const char *name_for_logs
,
123 bool allow_domain_trust
,
124 bool password_change
);
126 struct auth_session_info
*system_session(struct loadparm_context
*lp_ctx
);
127 NTSTATUS
authsam_make_user_info_dc(TALLOC_CTX
*mem_ctx
, struct ldb_context
*sam_ctx
,
128 const char *netbios_name
,
129 const char *domain_name
,
130 const char *dns_domain_name
,
131 struct ldb_dn
*domain_dn
,
132 struct ldb_message
*msg
,
133 DATA_BLOB user_sess_key
, DATA_BLOB lm_sess_key
,
134 struct auth_user_info_dc
**_user_info_dc
);
135 NTSTATUS
authsam_update_user_info_dc(TALLOC_CTX
*mem_ctx
,
136 struct ldb_context
*sam_ctx
,
137 struct auth_user_info_dc
*user_info_dc
);
138 NTSTATUS
auth_system_session_info(TALLOC_CTX
*parent_ctx
,
139 struct loadparm_context
*lp_ctx
,
140 struct auth_session_info
**_session_info
) ;
142 NTSTATUS
auth_context_create_methods(TALLOC_CTX
*mem_ctx
, const char * const *methods
,
143 struct tevent_context
*ev
,
144 struct imessaging_context
*msg
,
145 struct loadparm_context
*lp_ctx
,
146 struct ldb_context
*sam_ctx
,
147 struct auth4_context
**auth_ctx
);
148 const char **auth_methods_from_lp(TALLOC_CTX
*mem_ctx
, struct loadparm_context
*lp_ctx
);
150 NTSTATUS
auth_context_create(TALLOC_CTX
*mem_ctx
,
151 struct tevent_context
*ev
,
152 struct imessaging_context
*msg
,
153 struct loadparm_context
*lp_ctx
,
154 struct auth4_context
**auth_ctx
);
155 NTSTATUS
auth_context_create_for_netlogon(TALLOC_CTX
*mem_ctx
,
156 struct tevent_context
*ev
,
157 struct imessaging_context
*msg
,
158 struct loadparm_context
*lp_ctx
,
159 struct auth4_context
**auth_ctx
);
161 NTSTATUS
auth_check_password(struct auth4_context
*auth_ctx
,
163 const struct auth_usersupplied_info
*user_info
,
164 struct auth_user_info_dc
**user_info_dc
,
165 uint8_t *pauthoritative
);
166 NTSTATUS
auth4_init(void);
167 NTSTATUS
auth_register(TALLOC_CTX
*mem_ctx
, const struct auth_operations
*ops
);
168 NTSTATUS
server_service_auth_init(TALLOC_CTX
*ctx
);
169 struct tevent_req
*authenticate_ldap_simple_bind_send(TALLOC_CTX
*mem_ctx
,
170 struct tevent_context
*ev
,
171 struct imessaging_context
*msg
,
172 struct loadparm_context
*lp_ctx
,
173 struct tsocket_address
*remote_address
,
174 struct tsocket_address
*local_address
,
177 const char *password
);
178 NTSTATUS
authenticate_ldap_simple_bind_recv(struct tevent_req
*req
,
180 struct auth_session_info
**session_info
);
181 NTSTATUS
authenticate_ldap_simple_bind(TALLOC_CTX
*mem_ctx
,
182 struct tevent_context
*ev
,
183 struct imessaging_context
*msg
,
184 struct loadparm_context
*lp_ctx
,
185 struct tsocket_address
*remote_address
,
186 struct tsocket_address
*local_address
,
189 const char *password
,
190 struct auth_session_info
**session_info
);
192 struct tevent_req
*auth_check_password_send(TALLOC_CTX
*mem_ctx
,
193 struct tevent_context
*ev
,
194 struct auth4_context
*auth_ctx
,
195 const struct auth_usersupplied_info
*user_info
);
196 NTSTATUS
auth_check_password_recv(struct tevent_req
*req
,
198 struct auth_user_info_dc
**user_info_dc
,
199 uint8_t *pauthoritative
);
201 NTSTATUS
auth_context_set_challenge(struct auth4_context
*auth_ctx
, const uint8_t chal
[8], const char *set_by
);
203 NTSTATUS
samba_server_gensec_start(TALLOC_CTX
*mem_ctx
,
204 struct tevent_context
*event_ctx
,
205 struct imessaging_context
*msg_ctx
,
206 struct loadparm_context
*lp_ctx
,
207 struct cli_credentials
*server_credentials
,
208 const char *target_service
,
209 struct gensec_security
**gensec_context
);
210 NTSTATUS
samba_server_gensec_krb5_start(TALLOC_CTX
*mem_ctx
,
211 struct tevent_context
*event_ctx
,
212 struct imessaging_context
*msg_ctx
,
213 struct loadparm_context
*lp_ctx
,
214 struct cli_credentials
*server_credentials
,
215 const char *target_service
,
216 struct gensec_security
**gensec_context
);
218 #endif /* _SMBAUTH_H_ */
