2 Unix SMB/CIFS implementation.
4 Generic Authentication Interface
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #define GENSEC_OID_NTLMSSP "1 3 6 1 4 1 311 2 2 10"
25 #define GENSEC_OID_SPNEGO "1 3 6 1 5 5 2"
26 #define GENSEC_OID_KERBEROS5 "1 2 840 113554 1 2 2"
27 #define GENSEC_OID_KERBEROS5_OLD "1 2 840 48018 1 2 2"
28 #define GENSEC_OID_KERBEROS5_USER2USER "1 2 840 113554 1 2 2 3"
30 struct gensec_security
;
37 struct gensec_target
{
38 const char *principal
;
40 const struct sock_addr
*addr
;
44 #define GENSEC_FEATURE_SESSION_KEY 0x00000001
45 #define GENSEC_FEATURE_SIGN 0x00000002
46 #define GENSEC_FEATURE_SEAL 0x00000004
47 #define GENSEC_FEATURE_DCE_STYLE 0x00000008
56 struct auth_session_info
;
58 struct gensec_security_ops
{
60 const char *sasl_name
;
61 uint8 auth_type
; /* 0 if not offered on DCE-RPC */
62 const char *oid
; /* NULL if not offered by SPENGO */
63 NTSTATUS (*client_start
)(struct gensec_security
*gensec_security
);
64 NTSTATUS (*server_start
)(struct gensec_security
*gensec_security
);
65 NTSTATUS (*update
)(struct gensec_security
*gensec_security
, TALLOC_CTX
*out_mem_ctx
,
66 const DATA_BLOB in
, DATA_BLOB
*out
);
67 NTSTATUS (*seal_packet
)(struct gensec_security
*gensec_security
, TALLOC_CTX
*sig_mem_ctx
,
68 uint8_t *data
, size_t length
,
69 const uint8_t *whole_pdu
, size_t pdu_length
,
71 NTSTATUS (*sign_packet
)(struct gensec_security
*gensec_security
, TALLOC_CTX
*sig_mem_ctx
,
72 const uint8_t *data
, size_t length
,
73 const uint8_t *whole_pdu
, size_t pdu_length
,
75 size_t (*sig_size
)(struct gensec_security
*gensec_security
);
76 NTSTATUS (*check_packet
)(struct gensec_security
*gensec_security
, TALLOC_CTX
*sig_mem_ctx
,
77 const uint8_t *data
, size_t length
,
78 const uint8_t *whole_pdu
, size_t pdu_length
,
79 const DATA_BLOB
*sig
);
80 NTSTATUS (*unseal_packet
)(struct gensec_security
*gensec_security
, TALLOC_CTX
*sig_mem_ctx
,
81 uint8_t *data
, size_t length
,
82 const uint8_t *whole_pdu
, size_t pdu_length
,
84 NTSTATUS (*wrap
)(struct gensec_security
*gensec_security
,
88 NTSTATUS (*unwrap
)(struct gensec_security
*gensec_security
,
92 NTSTATUS (*session_key
)(struct gensec_security
*gensec_security
, DATA_BLOB
*session_key
);
93 NTSTATUS (*session_info
)(struct gensec_security
*gensec_security
,
94 struct auth_session_info
**session_info
);
95 BOOL (*have_feature
)(struct gensec_security
*gensec_security
,
100 #define GENSEC_INTERFACE_VERSION 0
102 struct gensec_security
{
103 gensec_password_callback password_callback
;
104 void *password_callback_private
;
105 const struct gensec_security_ops
*ops
;
107 struct gensec_user user
;
108 struct gensec_user default_user
;
109 struct gensec_target target
;
110 enum gensec_role gensec_role
;
112 uint32 want_features
;
115 /* this structure is used by backends to determine the size of some critical types */
116 struct gensec_critical_sizes
{
117 int interface_version
;
118 int sizeof_gensec_security_ops
;
119 int sizeof_gensec_security
;
123 /* pre-declare schannel structure for schannel backend */
124 struct schannel_state
;