search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
WHATSNEW: add shadow:snapprefix and shadow:delimiter
[Samba.git] / auth / ntlmssp / ntlmssp_private.h
blobe938e5cad8fac20041b43d0d9d2222181f370615
1 /*
2 * Unix SMB/CIFS implementation.
3 * Version 3.0
4 * NTLMSSP Signing routines
5 * Copyright (C) Andrew Bartlett 2003-2005
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 /* For structures internal to the NTLMSSP implementation that should not be exposed */
22
23 #include "../lib/crypto/arcfour.h"
24
25 struct auth_session_info;
26
27 struct ntlmssp_crypt_direction {
28 uint32_t seq_num;
29 uint8_t sign_key[16];
30 struct arcfour_state seal_state;
31 };
32
33 union ntlmssp_crypt_state {
34 /* NTLM */
35 struct ntlmssp_crypt_direction ntlm;
36
37 /* NTLM2 */
38 struct {
39 struct ntlmssp_crypt_direction sending;
40 struct ntlmssp_crypt_direction receiving;
41 } ntlm2;
42 };
43
44 struct gensec_ntlmssp_context {
45 /* For GENSEC users */
46 void *server_returned_info;
47
48 /* used by both client and server implementation */
49 struct ntlmssp_state *ntlmssp_state;
50 };
51
52 /* The following definitions come from auth/ntlmssp.c */
53
54 NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security,
55 TALLOC_CTX *out_mem_ctx,
56 struct tevent_context *ev,
57 const DATA_BLOB input, DATA_BLOB *out);
58
59 /* The following definitions come from auth/ntlmssp_util.c */
60
61 void debug_ntlmssp_flags(uint32_t neg_flags);
62 NTSTATUS ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
63 uint32_t neg_flags, const char *name);
64 const DATA_BLOB ntlmssp_version_blob(void);
65
66 /* The following definitions come from auth/ntlmssp_server.c */
67
68 const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state,
69 uint32_t neg_flags, uint32_t *chal_flags);
70 NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
71 TALLOC_CTX *out_mem_ctx,
72 const DATA_BLOB in, DATA_BLOB *out);
73 NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
74 TALLOC_CTX *out_mem_ctx,
75 const DATA_BLOB request, DATA_BLOB *reply);
76 /* The following definitions come from auth/ntlmssp/ntlmssp_client.c */
77
78
79 /**
80 * Next state function for the Initial packet
81 *
82 * @param ntlmssp_state NTLMSSP State
83 * @param out_mem_ctx The DATA_BLOB *out will be allocated on this context
84 * @param in A NULL data blob (input ignored)
85 * @param out The initial negotiate request to the server, as an talloc()ed DATA_BLOB, on out_mem_ctx
86 * @return Errors or NT_STATUS_OK.
87 */
88 NTSTATUS ntlmssp_client_initial(struct gensec_security *gensec_security,
89 TALLOC_CTX *out_mem_ctx,
90 DATA_BLOB in, DATA_BLOB *out) ;
91
92 NTSTATUS gensec_ntlmssp_resume_ccache(struct gensec_security *gensec_security,
93 TALLOC_CTX *out_mem_ctx,
94 DATA_BLOB in, DATA_BLOB *out);
95
96 /**
97 * Next state function for the Challenge Packet. Generate an auth packet.
98 *
99 * @param gensec_security GENSEC state
100 * @param out_mem_ctx Memory context for *out
101 * @param in The server challnege, as a DATA_BLOB. reply.data must be NULL
102 * @param out The next request (auth packet) to the server, as an allocated DATA_BLOB, on the out_mem_ctx context
103 * @return Errors or NT_STATUS_OK.
104 */
105 NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
106 TALLOC_CTX *out_mem_ctx,
107 const DATA_BLOB in, DATA_BLOB *out) ;
108 NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security);
109 NTSTATUS gensec_ntlmssp_resume_ccache_start(struct gensec_security *gensec_security);
110
111 /* The following definitions come from auth/ntlmssp/gensec_ntlmssp_server.c */
112
113
114 /**
115 * Next state function for the Negotiate packet (GENSEC wrapper)
116 *
117 * @param gensec_security GENSEC state
118 * @param out_mem_ctx Memory context for *out
119 * @param in The request, as a DATA_BLOB. reply.data must be NULL
120 * @param out The reply, as an allocated DATA_BLOB, caller to free.
121 * @return Errors or MORE_PROCESSING_REQUIRED if (normal) a reply is required.
122 */
123 NTSTATUS gensec_ntlmssp_server_negotiate(struct gensec_security *gensec_security,
124 TALLOC_CTX *out_mem_ctx,
125 const DATA_BLOB request, DATA_BLOB *reply);
126
127 /**
128 * Next state function for the Authenticate packet (GENSEC wrapper)
129 *
130 * @param gensec_security GENSEC state
131 * @param out_mem_ctx Memory context for *out
132 * @param in The request, as a DATA_BLOB. reply.data must be NULL
133 * @param out The reply, as an allocated DATA_BLOB, caller to free.
134 * @return Errors or NT_STATUS_OK if authentication sucessful
135 */
136 NTSTATUS gensec_ntlmssp_server_auth(struct gensec_security *gensec_security,
137 TALLOC_CTX *out_mem_ctx,
138 const DATA_BLOB in, DATA_BLOB *out);
139
140 /**
141 * Start NTLMSSP on the server side
142 *
143 */
144 NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security);
145
146 /**
147 * Return the credentials of a logged on user, including session keys
148 * etc.
149 *
150 * Only valid after a successful authentication
151 *
152 * May only be called once per authentication.
153 *
154 */
155 NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
156 TALLOC_CTX *mem_ctx,
157 struct auth_session_info **session_info) ;
158
159 /* The following definitions come from auth/ntlmssp/gensec_ntlmssp.c */
160
161 NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security,
162 TALLOC_CTX *sig_mem_ctx,
163 const uint8_t *data, size_t length,
164 const uint8_t *whole_pdu, size_t pdu_length,
165 DATA_BLOB *sig);
166 NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
167 const uint8_t *data, size_t length,
168 const uint8_t *whole_pdu, size_t pdu_length,
169 const DATA_BLOB *sig);
170 NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security,
171 TALLOC_CTX *sig_mem_ctx,
172 uint8_t *data, size_t length,
173 const uint8_t *whole_pdu, size_t pdu_length,
174 DATA_BLOB *sig);
175 NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security,
176 uint8_t *data, size_t length,
177 const uint8_t *whole_pdu, size_t pdu_length,
178 const DATA_BLOB *sig);
179 size_t gensec_ntlmssp_sig_size(struct gensec_security *gensec_security, size_t data_size) ;
180 NTSTATUS gensec_ntlmssp_wrap(struct gensec_security *gensec_security,
181 TALLOC_CTX *out_mem_ctx,
182 const DATA_BLOB *in,
183 DATA_BLOB *out);
184 NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security,
185 TALLOC_CTX *out_mem_ctx,
186 const DATA_BLOB *in,
187 DATA_BLOB *out);
188
189 /**
190 * Return the NTLMSSP master session key
191 *
192 * @param ntlmssp_state NTLMSSP State
193 */
194 NTSTATUS gensec_ntlmssp_magic(struct gensec_security *gensec_security,
195 const DATA_BLOB *first_packet);
196 bool gensec_ntlmssp_have_feature(struct gensec_security *gensec_security,
197 uint32_t feature);
198 NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security,
199 TALLOC_CTX *mem_ctx,
200 DATA_BLOB *session_key);
201 NTSTATUS gensec_ntlmssp_start(struct gensec_security *gensec_security);
202
Samba GIT mirror