2 Unix SMB/CIFS implementation.
3 Standardised Authentication types
4 Copyright (C) Andrew Bartlett 2001
5 Copyright (C) Stefan Metzmacher 2005
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "librpc/gen_ndr/ndr_krb5pac.h"
25 #include "librpc/gen_ndr/auth.h"
26 #include "../auth/common_auth.h"
28 extern const char *krbtgt_attrs
[];
29 extern const char *server_attrs
[];
30 extern const char *user_attrs
[];
32 union netr_Validation
;
33 struct netr_SamBaseInfo
;
35 struct loadparm_context
;
37 /* modules can use the following to determine if the interface has changed
38 * please increment the version number after each interface change
39 * with a comment and maybe update struct auth_critical_sizes.
41 /* version 1 - version from samba 3.0 - metze */
42 /* version 2 - initial samba4 version - metze */
43 /* version 3 - subsequent samba4 version - abartlet */
44 /* version 4 - subsequent samba4 version - metze */
45 /* version 0 - till samba4 is stable - metze */
46 #define AUTH4_INTERFACE_VERSION 0
48 struct auth_method_context
;
50 struct auth_session_info
;
52 struct smb_krb5_context
;
54 struct auth_operations
{
57 /* Given the user supplied info, check if this backend want to handle the password checking */
59 NTSTATUS (*want_check
)(struct auth_method_context
*ctx
, TALLOC_CTX
*mem_ctx
,
60 const struct auth_usersupplied_info
*user_info
);
62 /* Given the user supplied info, check a password */
64 struct tevent_req
*(*check_password_send
)(TALLOC_CTX
*mem_ctx
,
65 struct tevent_context
*ev
,
66 struct auth_method_context
*ctx
,
67 const struct auth_usersupplied_info
*user_info
);
68 NTSTATUS (*check_password_recv
)(struct tevent_req
*subreq
,
70 struct auth_user_info_dc
**interim_info
,
71 const struct authn_audit_info
**client_audit_info
,
72 const struct authn_audit_info
**server_audit_info
,
76 struct auth_method_context
{
77 struct auth_method_context
*prev
, *next
;
78 struct auth4_context
*auth_ctx
;
79 const struct auth_operations
*ops
;
84 /* this structure is used by backends to determine the size of some critical types */
85 struct auth_critical_sizes
{
86 int interface_version
;
87 int sizeof_auth_operations
;
88 int sizeof_auth_methods
;
89 int sizeof_auth_context
;
90 int sizeof_auth_usersupplied_info
;
91 int sizeof_auth_user_info_dc
;
94 NTSTATUS
encrypt_user_info(TALLOC_CTX
*mem_ctx
, struct auth4_context
*auth_context
,
95 enum auth_password_state to_state
,
96 const struct auth_usersupplied_info
*user_info_in
,
97 const struct auth_usersupplied_info
**user_info_encrypted
);
99 #include "auth/session.h"
100 #include "auth/unix_token_proto.h"
101 #include "auth/system_session_proto.h"
102 #include "libcli/security/security.h"
106 struct gensec_security
;
107 struct cli_credentials
;
109 NTSTATUS
auth_get_challenge(struct auth4_context
*auth_ctx
, uint8_t chal
[8]);
110 NTSTATUS
authsam_account_ok(TALLOC_CTX
*mem_ctx
,
111 struct ldb_context
*sam_ctx
,
112 uint32_t logon_parameters
,
113 struct ldb_dn
*domain_dn
,
114 struct ldb_message
*msg
,
115 const char *logon_workstation
,
116 const char *name_for_logs
,
117 bool allow_domain_trust
,
118 bool password_change
);
120 struct auth_session_info
*system_session(struct loadparm_context
*lp_ctx
);
121 NTSTATUS
authsam_make_user_info_dc(TALLOC_CTX
*mem_ctx
, struct ldb_context
*sam_ctx
,
122 const char *netbios_name
,
123 const char *domain_name
,
124 const char *dns_domain_name
,
125 struct ldb_dn
*domain_dn
,
126 const struct ldb_message
*msg
,
127 DATA_BLOB user_sess_key
, DATA_BLOB lm_sess_key
,
128 struct auth_user_info_dc
**_user_info_dc
);
129 NTSTATUS
authsam_update_user_info_dc(TALLOC_CTX
*mem_ctx
,
130 struct ldb_context
*sam_ctx
,
131 struct auth_user_info_dc
*user_info_dc
);
132 NTSTATUS
authsam_shallow_copy_user_info_dc(TALLOC_CTX
*mem_ctx
,
133 const struct auth_user_info_dc
*user_info_dc_in
,
134 struct auth_user_info_dc
**user_info_dc_out
);
135 NTSTATUS
auth_system_session_info(TALLOC_CTX
*parent_ctx
,
136 struct loadparm_context
*lp_ctx
,
137 struct auth_session_info
**_session_info
) ;
139 NTSTATUS
auth_context_create_methods(TALLOC_CTX
*mem_ctx
, const char * const *methods
,
140 struct tevent_context
*ev
,
141 struct imessaging_context
*msg
,
142 struct loadparm_context
*lp_ctx
,
143 struct ldb_context
*sam_ctx
,
144 struct auth4_context
**auth_ctx
);
145 const char **auth_methods_from_lp(TALLOC_CTX
*mem_ctx
, struct loadparm_context
*lp_ctx
);
147 NTSTATUS
auth_context_create(TALLOC_CTX
*mem_ctx
,
148 struct tevent_context
*ev
,
149 struct imessaging_context
*msg
,
150 struct loadparm_context
*lp_ctx
,
151 struct auth4_context
**auth_ctx
);
152 NTSTATUS
auth_context_create_for_netlogon(TALLOC_CTX
*mem_ctx
,
153 struct tevent_context
*ev
,
154 struct imessaging_context
*msg
,
155 struct loadparm_context
*lp_ctx
,
156 struct auth4_context
**auth_ctx
);
158 NTSTATUS
auth_check_password(struct auth4_context
*auth_ctx
,
160 const struct auth_usersupplied_info
*user_info
,
161 struct auth_user_info_dc
**user_info_dc
,
162 uint8_t *pauthoritative
);
163 NTSTATUS
auth4_init(void);
164 NTSTATUS
auth_register(TALLOC_CTX
*mem_ctx
, const struct auth_operations
*ops
);
165 NTSTATUS
server_service_auth_init(TALLOC_CTX
*ctx
);
166 struct tevent_req
*authenticate_ldap_simple_bind_send(TALLOC_CTX
*mem_ctx
,
167 struct tevent_context
*ev
,
168 struct imessaging_context
*msg
,
169 struct loadparm_context
*lp_ctx
,
170 struct tsocket_address
*remote_address
,
171 struct tsocket_address
*local_address
,
174 const char *password
);
175 NTSTATUS
authenticate_ldap_simple_bind_recv(struct tevent_req
*req
,
177 struct auth_session_info
**session_info
);
178 NTSTATUS
authenticate_ldap_simple_bind(TALLOC_CTX
*mem_ctx
,
179 struct tevent_context
*ev
,
180 struct imessaging_context
*msg
,
181 struct loadparm_context
*lp_ctx
,
182 struct tsocket_address
*remote_address
,
183 struct tsocket_address
*local_address
,
186 const char *password
,
187 struct auth_session_info
**session_info
);
189 struct tevent_req
*auth_check_password_send(TALLOC_CTX
*mem_ctx
,
190 struct tevent_context
*ev
,
191 struct auth4_context
*auth_ctx
,
192 const struct auth_usersupplied_info
*user_info
);
193 NTSTATUS
auth_check_password_recv(struct tevent_req
*req
,
195 struct auth_user_info_dc
**user_info_dc
,
196 uint8_t *pauthoritative
);
198 NTSTATUS
auth_context_set_challenge(struct auth4_context
*auth_ctx
, const uint8_t chal
[8], const char *set_by
);
200 NTSTATUS
samba_server_gensec_start(TALLOC_CTX
*mem_ctx
,
201 struct tevent_context
*event_ctx
,
202 struct imessaging_context
*msg_ctx
,
203 struct loadparm_context
*lp_ctx
,
204 struct cli_credentials
*server_credentials
,
205 const char *target_service
,
206 struct gensec_security
**gensec_context
);
207 NTSTATUS
samba_server_gensec_krb5_start(TALLOC_CTX
*mem_ctx
,
208 struct tevent_context
*event_ctx
,
209 struct imessaging_context
*msg_ctx
,
210 struct loadparm_context
*lp_ctx
,
211 struct cli_credentials
*server_credentials
,
212 const char *target_service
,
213 struct gensec_security
**gensec_context
);
215 #endif /* _SMBAUTH_H_ */
