2 Unix SMB/CIFS implementation.
3 Standardised Authentication types
4 Copyright (C) Andrew Bartlett 2001
5 Copyright (C) Stefan Metzmacher 2005
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "librpc/gen_ndr/ndr_krb5pac.h"
25 #include "librpc/gen_ndr/auth.h"
26 #include "../auth/common_auth.h"
28 extern const char *krbtgt_attrs
[];
29 extern const char *server_attrs
[];
30 extern const char *user_attrs
[];
32 union netr_Validation
;
33 struct netr_SamBaseInfo
;
35 struct loadparm_context
;
37 /* modules can use the following to determine if the interface has changed
38 * please increment the version number after each interface change
39 * with a comment and maybe update struct auth_critical_sizes.
41 /* version 1 - version from samba 3.0 - metze */
42 /* version 2 - initial samba4 version - metze */
43 /* version 3 - subsequent samba4 version - abartlet */
44 /* version 4 - subsequent samba4 version - metze */
45 /* version 0 - till samba4 is stable - metze */
46 #define AUTH4_INTERFACE_VERSION 0
48 struct auth_method_context
;
50 struct auth_session_info
;
52 struct smb_krb5_context
;
54 struct auth_operations
{
57 /* Given the user supplied info, check if this backend want to handle the password checking */
59 NTSTATUS (*want_check
)(struct auth_method_context
*ctx
, TALLOC_CTX
*mem_ctx
,
60 const struct auth_usersupplied_info
*user_info
);
62 /* Given the user supplied info, check a password */
64 NTSTATUS (*check_password
)(struct auth_method_context
*ctx
, TALLOC_CTX
*mem_ctx
,
65 const struct auth_usersupplied_info
*user_info
,
66 struct auth_user_info_dc
**interim_info
,
68 struct tevent_req
*(*check_password_send
)(TALLOC_CTX
*mem_ctx
,
69 struct tevent_context
*ev
,
70 struct auth_method_context
*ctx
,
71 const struct auth_usersupplied_info
*user_info
);
72 NTSTATUS (*check_password_recv
)(struct tevent_req
*subreq
,
74 struct auth_user_info_dc
**interim_info
,
77 /* Lookup a 'session info interim' return based only on the principal or DN */
78 NTSTATUS (*get_user_info_dc_principal
)(TALLOC_CTX
*mem_ctx
,
79 struct auth4_context
*auth_context
,
80 const char *principal
,
81 struct ldb_dn
*user_dn
,
82 struct auth_user_info_dc
**interim_info
);
86 struct auth_method_context
{
87 struct auth_method_context
*prev
, *next
;
88 struct auth4_context
*auth_ctx
;
89 const struct auth_operations
*ops
;
94 /* this structure is used by backends to determine the size of some critical types */
95 struct auth_critical_sizes
{
96 int interface_version
;
97 int sizeof_auth_operations
;
98 int sizeof_auth_methods
;
99 int sizeof_auth_context
;
100 int sizeof_auth_usersupplied_info
;
101 int sizeof_auth_user_info_dc
;
104 NTSTATUS
encrypt_user_info(TALLOC_CTX
*mem_ctx
, struct auth4_context
*auth_context
,
105 enum auth_password_state to_state
,
106 const struct auth_usersupplied_info
*user_info_in
,
107 const struct auth_usersupplied_info
**user_info_encrypted
);
109 #include "auth/session.h"
110 #include "auth/unix_token_proto.h"
111 #include "auth/system_session_proto.h"
112 #include "libcli/security/security.h"
116 struct gensec_security
;
117 struct cli_credentials
;
119 NTSTATUS
auth_get_challenge(struct auth4_context
*auth_ctx
, uint8_t chal
[8]);
120 NTSTATUS
authsam_account_ok(TALLOC_CTX
*mem_ctx
,
121 struct ldb_context
*sam_ctx
,
122 uint32_t logon_parameters
,
123 struct ldb_dn
*domain_dn
,
124 struct ldb_message
*msg
,
125 const char *logon_workstation
,
126 const char *name_for_logs
,
127 bool allow_domain_trust
,
128 bool password_change
);
130 struct auth_session_info
*system_session(struct loadparm_context
*lp_ctx
);
131 NTSTATUS
authsam_make_user_info_dc(TALLOC_CTX
*mem_ctx
, struct ldb_context
*sam_ctx
,
132 const char *netbios_name
,
133 const char *domain_name
,
134 const char *dns_domain_name
,
135 struct ldb_dn
*domain_dn
,
136 struct ldb_message
*msg
,
137 DATA_BLOB user_sess_key
, DATA_BLOB lm_sess_key
,
138 struct auth_user_info_dc
**_user_info_dc
);
139 NTSTATUS
auth_system_session_info(TALLOC_CTX
*parent_ctx
,
140 struct loadparm_context
*lp_ctx
,
141 struct auth_session_info
**_session_info
) ;
143 NTSTATUS
auth_context_create_methods(TALLOC_CTX
*mem_ctx
, const char * const *methods
,
144 struct tevent_context
*ev
,
145 struct imessaging_context
*msg
,
146 struct loadparm_context
*lp_ctx
,
147 struct ldb_context
*sam_ctx
,
148 struct auth4_context
**auth_ctx
);
149 const char **auth_methods_from_lp(TALLOC_CTX
*mem_ctx
, struct loadparm_context
*lp_ctx
);
151 NTSTATUS
auth_context_create(TALLOC_CTX
*mem_ctx
,
152 struct tevent_context
*ev
,
153 struct imessaging_context
*msg
,
154 struct loadparm_context
*lp_ctx
,
155 struct auth4_context
**auth_ctx
);
156 NTSTATUS
auth_context_create_for_netlogon(TALLOC_CTX
*mem_ctx
,
157 struct tevent_context
*ev
,
158 struct imessaging_context
*msg
,
159 struct loadparm_context
*lp_ctx
,
160 struct auth4_context
**auth_ctx
);
162 NTSTATUS
auth_check_password(struct auth4_context
*auth_ctx
,
164 const struct auth_usersupplied_info
*user_info
,
165 struct auth_user_info_dc
**user_info_dc
,
166 uint8_t *pauthoritative
);
167 NTSTATUS
auth4_init(void);
168 NTSTATUS
auth_register(TALLOC_CTX
*mem_ctx
, const struct auth_operations
*ops
);
169 NTSTATUS
server_service_auth_init(TALLOC_CTX
*ctx
);
170 struct tevent_req
*authenticate_ldap_simple_bind_send(TALLOC_CTX
*mem_ctx
,
171 struct tevent_context
*ev
,
172 struct imessaging_context
*msg
,
173 struct loadparm_context
*lp_ctx
,
174 struct tsocket_address
*remote_address
,
175 struct tsocket_address
*local_address
,
178 const char *password
);
179 NTSTATUS
authenticate_ldap_simple_bind_recv(struct tevent_req
*req
,
181 struct auth_session_info
**session_info
);
182 NTSTATUS
authenticate_ldap_simple_bind(TALLOC_CTX
*mem_ctx
,
183 struct tevent_context
*ev
,
184 struct imessaging_context
*msg
,
185 struct loadparm_context
*lp_ctx
,
186 struct tsocket_address
*remote_address
,
187 struct tsocket_address
*local_address
,
190 const char *password
,
191 struct auth_session_info
**session_info
);
193 struct tevent_req
*auth_check_password_send(TALLOC_CTX
*mem_ctx
,
194 struct tevent_context
*ev
,
195 struct auth4_context
*auth_ctx
,
196 const struct auth_usersupplied_info
*user_info
);
197 NTSTATUS
auth_check_password_recv(struct tevent_req
*req
,
199 struct auth_user_info_dc
**user_info_dc
,
200 uint8_t *pauthoritative
);
202 NTSTATUS
auth_context_set_challenge(struct auth4_context
*auth_ctx
, const uint8_t chal
[8], const char *set_by
);
204 NTSTATUS
samba_server_gensec_start(TALLOC_CTX
*mem_ctx
,
205 struct tevent_context
*event_ctx
,
206 struct imessaging_context
*msg_ctx
,
207 struct loadparm_context
*lp_ctx
,
208 struct cli_credentials
*server_credentials
,
209 const char *target_service
,
210 struct gensec_security
**gensec_context
);
211 NTSTATUS
samba_server_gensec_krb5_start(TALLOC_CTX
*mem_ctx
,
212 struct tevent_context
*event_ctx
,
213 struct imessaging_context
*msg_ctx
,
214 struct loadparm_context
*lp_ctx
,
215 struct cli_credentials
*server_credentials
,
216 const char *target_service
,
217 struct gensec_security
**gensec_context
);
219 #endif /* _SMBAUTH_H_ */
