s3-samr: remove duplicate copies of Alias Object specific access rights.
[Samba/bb.git] / source / include / auth.h
blobadcd6e943f9240e89e2e5f07cc165925075b0831
1 #ifndef _SMBAUTH_H_
2 #define _SMBAUTH_H_
3 /*
4 Unix SMB/CIFS implementation.
5 Standardised Authentication types
6 Copyright (C) Andrew Bartlett 2001
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 typedef struct auth_usersupplied_info {
23 DATA_BLOB lm_resp;
24 DATA_BLOB nt_resp;
25 DATA_BLOB lm_interactive_pwd;
26 DATA_BLOB nt_interactive_pwd;
27 DATA_BLOB plaintext_password;
29 bool encrypted;
31 bool was_mapped; /* Did the username map actually match? */
32 char *client_domain; /* domain name string */
33 char *domain; /* domain name after mapping */
34 char *internal_username; /* username after mapping */
35 char *smb_name; /* username before mapping */
36 char *wksta_name; /* workstation name (netbios calling
37 * name) unicode string */
39 uint32 logon_parameters;
41 } auth_usersupplied_info;
43 typedef struct auth_serversupplied_info {
44 bool guest;
46 DOM_SID *sids; /* These SIDs are preliminary between
47 check_ntlm_password and the token creation. */
48 size_t num_sids;
50 struct unix_user_token utok;
52 /* NT group information taken from the info3 structure */
54 NT_USER_TOKEN *ptok;
56 DATA_BLOB user_session_key;
57 DATA_BLOB lm_session_key;
59 char *login_server; /* which server authorized the login? */
61 struct samu *sam_account;
63 void *pam_handle;
66 * This is a token from /etc/passwd and /etc/group
68 bool nss_token;
70 char *unix_name;
73 * For performance reasons we keep an alpha_strcpy-sanitized version
74 * of the username around as long as the global variable current_user
75 * still exists. If we did not do keep this, we'd have to call
76 * alpha_strcpy whenever we do a become_user(), potentially on every
77 * smb request. See set_current_user_info.
79 char *sanitized_username;
80 } auth_serversupplied_info;
82 struct auth_context {
83 DATA_BLOB challenge;
85 /* Who set this up in the first place? */
86 const char *challenge_set_by;
88 bool challenge_may_be_modified;
90 struct auth_methods *challenge_set_method;
91 /* What order are the various methods in? Try to stop it changing under us */
92 struct auth_methods *auth_method_list;
94 TALLOC_CTX *mem_ctx;
95 const uint8 *(*get_ntlm_challenge)(struct auth_context *auth_context);
96 NTSTATUS (*check_ntlm_password)(const struct auth_context *auth_context,
97 const struct auth_usersupplied_info *user_info,
98 struct auth_serversupplied_info **server_info);
99 NTSTATUS (*nt_status_squash)(NTSTATUS nt_status);
100 void (*free)(struct auth_context **auth_context);
103 typedef struct auth_methods
105 struct auth_methods *prev, *next;
106 const char *name; /* What name got this module */
108 NTSTATUS (*auth)(const struct auth_context *auth_context,
109 void *my_private_data,
110 TALLOC_CTX *mem_ctx,
111 const struct auth_usersupplied_info *user_info,
112 auth_serversupplied_info **server_info);
114 /* If you are using this interface, then you are probably
115 * getting something wrong. This interface is only for
116 * security=server, and makes a number of compromises to allow
117 * that. It is not compatible with being a PDC. */
118 DATA_BLOB (*get_chal)(const struct auth_context *auth_context,
119 void **my_private_data,
120 TALLOC_CTX *mem_ctx);
122 /* Used to keep tabs on things like the cli for SMB server authentication */
123 void *private_data;
125 } auth_methods;
127 typedef NTSTATUS (*auth_init_function)(struct auth_context *, const char *, struct auth_methods **);
129 struct auth_init_function_entry {
130 const char *name;
131 /* Function to create a member of the authmethods list */
133 auth_init_function init;
135 struct auth_init_function_entry *prev, *next;
138 typedef struct auth_ntlmssp_state {
139 TALLOC_CTX *mem_ctx;
140 struct auth_context *auth_context;
141 struct auth_serversupplied_info *server_info;
142 struct ntlmssp_state *ntlmssp_state;
143 } AUTH_NTLMSSP_STATE;
145 /* Changed from 1 -> 2 to add the logon_parameters field. */
146 #define AUTH_INTERFACE_VERSION 2
148 #endif /* _SMBAUTH_H_ */