2 Unix SMB/CIFS implementation.
4 Generic Authentication Interface
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #ifndef __GENSEC_INTERNAL_H__
24 #define __GENSEC_INTERNAL_H__
26 struct gensec_security
;
28 struct gensec_security_ops
{
30 const char *sasl_name
;
32 uint8_t auth_type
; /* 0 if not offered on DCE-RPC */
33 const char **oid
; /* NULL if not offered by SPNEGO */
34 NTSTATUS (*client_start
)(struct gensec_security
*gensec_security
);
35 NTSTATUS (*server_start
)(struct gensec_security
*gensec_security
);
37 Determine if a packet has the right 'magic' for this mechanism
39 NTSTATUS (*magic
)(struct gensec_security
*gensec_security
,
40 const DATA_BLOB
*first_packet
);
41 struct tevent_req
*(*update_send
)(TALLOC_CTX
*mem_ctx
,
42 struct tevent_context
*ev
,
43 struct gensec_security
*gensec_security
,
45 NTSTATUS (*update_recv
)(struct tevent_req
*req
,
46 TALLOC_CTX
*out_mem_ctx
,
48 NTSTATUS (*may_reset_crypto
)(struct gensec_security
*gensec_security
,
50 NTSTATUS (*seal_packet
)(struct gensec_security
*gensec_security
, TALLOC_CTX
*sig_mem_ctx
,
51 uint8_t *data
, size_t length
,
52 const uint8_t *whole_pdu
, size_t pdu_length
,
54 NTSTATUS (*sign_packet
)(struct gensec_security
*gensec_security
, TALLOC_CTX
*sig_mem_ctx
,
55 const uint8_t *data
, size_t length
,
56 const uint8_t *whole_pdu
, size_t pdu_length
,
58 size_t (*sig_size
)(struct gensec_security
*gensec_security
, size_t data_size
);
59 size_t (*max_input_size
)(struct gensec_security
*gensec_security
);
60 size_t (*max_wrapped_size
)(struct gensec_security
*gensec_security
);
61 NTSTATUS (*check_packet
)(struct gensec_security
*gensec_security
,
62 const uint8_t *data
, size_t length
,
63 const uint8_t *whole_pdu
, size_t pdu_length
,
64 const DATA_BLOB
*sig
);
65 NTSTATUS (*unseal_packet
)(struct gensec_security
*gensec_security
,
66 uint8_t *data
, size_t length
,
67 const uint8_t *whole_pdu
, size_t pdu_length
,
68 const DATA_BLOB
*sig
);
69 NTSTATUS (*wrap
)(struct gensec_security
*gensec_security
,
73 NTSTATUS (*unwrap
)(struct gensec_security
*gensec_security
,
77 NTSTATUS (*session_key
)(struct gensec_security
*gensec_security
, TALLOC_CTX
*mem_ctx
,
78 DATA_BLOB
*session_key
);
79 NTSTATUS (*session_info
)(struct gensec_security
*gensec_security
, TALLOC_CTX
*mem_ctx
,
80 struct auth_session_info
**session_info
);
81 void (*want_feature
)(struct gensec_security
*gensec_security
,
83 bool (*have_feature
)(struct gensec_security
*gensec_security
,
85 NTTIME (*expire_time
)(struct gensec_security
*gensec_security
);
86 const char *(*final_auth_type
)(struct gensec_security
*gensec_security
);
89 enum gensec_priority priority
;
93 struct gensec_security_ops_wrapper
{
94 const struct gensec_security_ops
*op
;
99 * typedef struct gss_channel_bindings_struct {
100 * OM_uint32 initiator_addrtype;
101 * gss_buffer_desc initiator_address;
102 * OM_uint32 acceptor_addrtype;
103 * gss_buffer_desc acceptor_address;
104 * gss_buffer_desc application_data;
105 * } *gss_channel_bindings_t;
107 struct gensec_channel_bindings
{
108 uint32_t initiator_addrtype
;
109 DATA_BLOB initiator_address
;
110 uint32_t acceptor_addrtype
;
111 DATA_BLOB acceptor_address
;
112 DATA_BLOB application_data
;
115 struct gensec_security
{
116 const struct gensec_security_ops
*ops
;
118 struct cli_credentials
*credentials
;
119 struct gensec_target target
;
120 enum gensec_role gensec_role
;
122 uint32_t want_features
;
123 uint32_t max_update_size
;
124 uint8_t dcerpc_auth_level
;
125 struct tsocket_address
*local_addr
, *remote_addr
;
126 struct gensec_channel_bindings
*channel_bindings
;
127 struct gensec_settings
*settings
;
129 /* When we are a server, this may be filled in to provide an
130 * NTLM authentication backend, and user lookup (such as if no
132 struct auth4_context
*auth_context
;
134 struct gensec_security
*parent_security
;
135 struct gensec_security
*child_security
;
138 * This is used to mark the context as being
139 * busy in an async gensec_update_send().
141 struct gensec_security
**update_busy_ptr
;
144 /* this structure is used by backends to determine the size of some critical types */
145 struct gensec_critical_sizes
{
146 int interface_version
;
147 int sizeof_gensec_security_ops
;
148 int sizeof_gensec_security
;
151 NTSTATUS
gensec_may_reset_crypto(struct gensec_security
*gensec_security
,
154 const char *gensec_final_auth_type(struct gensec_security
*gensec_security
);
156 NTSTATUS
gensec_child_ready(struct gensec_security
*parent
,
157 struct gensec_security
*child
);
158 void gensec_child_want_feature(struct gensec_security
*gensec_security
,
160 bool gensec_child_have_feature(struct gensec_security
*gensec_security
,
162 NTSTATUS
gensec_child_unseal_packet(struct gensec_security
*gensec_security
,
163 uint8_t *data
, size_t length
,
164 const uint8_t *whole_pdu
, size_t pdu_length
,
165 const DATA_BLOB
*sig
);
166 NTSTATUS
gensec_child_check_packet(struct gensec_security
*gensec_security
,
167 const uint8_t *data
, size_t length
,
168 const uint8_t *whole_pdu
, size_t pdu_length
,
169 const DATA_BLOB
*sig
);
170 NTSTATUS
gensec_child_seal_packet(struct gensec_security
*gensec_security
,
172 uint8_t *data
, size_t length
,
173 const uint8_t *whole_pdu
, size_t pdu_length
,
175 NTSTATUS
gensec_child_sign_packet(struct gensec_security
*gensec_security
,
177 const uint8_t *data
, size_t length
,
178 const uint8_t *whole_pdu
, size_t pdu_length
,
180 NTSTATUS
gensec_child_wrap(struct gensec_security
*gensec_security
,
184 NTSTATUS
gensec_child_unwrap(struct gensec_security
*gensec_security
,
188 size_t gensec_child_sig_size(struct gensec_security
*gensec_security
,
190 size_t gensec_child_max_input_size(struct gensec_security
*gensec_security
);
191 size_t gensec_child_max_wrapped_size(struct gensec_security
*gensec_security
);
192 NTSTATUS
gensec_child_session_key(struct gensec_security
*gensec_security
,
194 DATA_BLOB
*session_key
);
195 NTSTATUS
gensec_child_session_info(struct gensec_security
*gensec_security
,
197 struct auth_session_info
**session_info
);
198 NTTIME
gensec_child_expire_time(struct gensec_security
*gensec_security
);
199 const char *gensec_child_final_auth_type(struct gensec_security
*gensec_security
);
201 char *gensec_get_unparsed_target_principal(struct gensec_security
*gensec_security
,
202 TALLOC_CTX
*mem_ctx
);
203 NTSTATUS
gensec_kerberos_possible(struct gensec_security
*gensec_security
);
205 #endif /* __GENSEC_H__ */