source4/libcli/auth/gensec.h

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    Generic Authentication Interface
   5
   6    Copyright (C) Andrew Tridgell 2003
   7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 2 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program; if not, write to the Free Software
  21    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  22 */
  23
  24 #define GENSEC_OID_NTLMSSP "1 3 6 1 4 1 311 2 2 10"
  25 #define GENSEC_OID_SPNEGO "1 3 6 1 5 5 2"
  26 #define GENSEC_OID_KERBEROS5 "1 2 840 113554 1 2 2"
  27 #define GENSEC_OID_KERBEROS5_OLD "1 2 840 48018 1 2 2"
  28 #define GENSEC_OID_KERBEROS5_USER2USER "1 2 840 113554 1 2 2 3"
  29
  30 struct gensec_security;
  31 struct gensec_user {
  32         const char *domain;
  33         const char *realm;
  34         const char *name;
  35         const char *password;
  36 };
  37 struct gensec_target {
  38         const char *principal;
  39         const char *hostname;
  40         const struct sock_addr *addr;
  41         const char *service;
  42 };
  43
  44 #define GENSEC_FEATURE_SESSION_KEY      0x00000001
  45 #define GENSEC_FEATURE_SIGN             0x00000002
  46 #define GENSEC_FEATURE_SEAL             0x00000004
  47 #define GENSEC_FEATURE_DCE_STYLE        0x00000008
  48
  49 /* GENSEC mode */
  50 enum gensec_role
  51 {
  52         GENSEC_SERVER,
  53         GENSEC_CLIENT
  54 };
  55
  56 struct auth_session_info;
  57
  58 struct gensec_security_ops {
  59         const char *name;
  60         const char *sasl_name;
  61         uint8 auth_type;  /* 0 if not offered on DCE-RPC */
  62         const char *oid;  /* NULL if not offered by SPENGO */
  63         NTSTATUS (*client_start)(struct gensec_security *gensec_security);
  64         NTSTATUS (*server_start)(struct gensec_security *gensec_security);
  65         NTSTATUS (*update)(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
  66                            const DATA_BLOB in, DATA_BLOB *out);
  67         NTSTATUS (*seal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
  68                                 uint8_t *data, size_t length,
  69                                 const uint8_t *whole_pdu, size_t pdu_length,
  70                                 DATA_BLOB *sig);
  71         NTSTATUS (*sign_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
  72                                 const uint8_t *data, size_t length,
  73                                 const uint8_t *whole_pdu, size_t pdu_length,
  74                                 DATA_BLOB *sig);
  75         size_t   (*sig_size)(struct gensec_security *gensec_security);
  76         NTSTATUS (*check_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
  77                                  const uint8_t *data, size_t length,
  78                                  const uint8_t *whole_pdu, size_t pdu_length,
  79                                  const DATA_BLOB *sig);
  80         NTSTATUS (*unseal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
  81                                   uint8_t *data, size_t length,
  82                                   const uint8_t *whole_pdu, size_t pdu_length,
  83                                   DATA_BLOB *sig);
  84         NTSTATUS (*wrap)(struct gensec_security *gensec_security,
  85                                   TALLOC_CTX *mem_ctx,
  86                                   const DATA_BLOB *in,
  87                                   DATA_BLOB *out);
  88         NTSTATUS (*unwrap)(struct gensec_security *gensec_security,
  89                                   TALLOC_CTX *mem_ctx,
  90                                   const DATA_BLOB *in,
  91                                   DATA_BLOB *out);
  92         NTSTATUS (*session_key)(struct gensec_security *gensec_security, DATA_BLOB *session_key);
  93         NTSTATUS (*session_info)(struct gensec_security *gensec_security,
  94                                  struct auth_session_info **session_info);
  95         BOOL (*have_feature)(struct gensec_security *gensec_security,
  96                                     uint32 feature);
  97         BOOL enabled;
  98 };
  99
 100 #define GENSEC_INTERFACE_VERSION 0
 101
 102 struct gensec_security {
 103         gensec_password_callback password_callback;
 104         void *password_callback_private;
 105         const struct gensec_security_ops *ops;
 106         void *private_data;
 107         struct gensec_user user;
 108         struct gensec_user default_user;
 109         struct gensec_target target;
 110         enum gensec_role gensec_role;
 111         BOOL subcontext;
 112         uint32 want_features;
 113 };
 114
 115 /* this structure is used by backends to determine the size of some critical types */
 116 struct gensec_critical_sizes {
 117         int interface_version;
 118         int sizeof_gensec_security_ops;
 119         int sizeof_gensec_security;
 120 };
 121
 122
 123 /* pre-declare schannel structure for schannel backend */
 124 struct schannel_state;