2 Unix SMB/CIFS implementation.
3 Standardised Authentication types
4 Copyright (C) Andrew Bartlett 2001
5 Copyright (C) Stefan Metzmacher 2005
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "librpc/gen_ndr/ndr_krb5pac.h"
25 #include "librpc/gen_ndr/auth.h"
26 #include "../auth/common_auth.h"
28 extern const char *krbtgt_attrs
[];
29 extern const char *server_attrs
[];
30 extern const char *user_attrs
[];
32 union netr_Validation
;
33 struct netr_SamBaseInfo
;
35 struct loadparm_context
;
37 /* modules can use the following to determine if the interface has changed
38 * please increment the version number after each interface change
39 * with a comment and maybe update struct auth_critical_sizes.
41 /* version 1 - version from samba 3.0 - metze */
42 /* version 2 - initial samba4 version - metze */
43 /* version 3 - subsequent samba4 version - abartlet */
44 /* version 4 - subsequent samba4 version - metze */
45 /* version 0 - till samba4 is stable - metze */
46 #define AUTH4_INTERFACE_VERSION 0
48 struct auth_method_context
;
49 struct auth_check_password_request
;
51 struct auth_session_info
;
53 struct smb_krb5_context
;
55 struct auth_operations
{
58 /* If you are using this interface, then you are probably
59 * getting something wrong. This interface is only for
60 * security=server, and makes a number of compromises to allow
61 * that. It is not compatible with being a PDC. */
63 NTSTATUS (*get_challenge
)(struct auth_method_context
*ctx
, TALLOC_CTX
*mem_ctx
, uint8_t chal
[8]);
65 /* Given the user supplied info, check if this backend want to handle the password checking */
67 NTSTATUS (*want_check
)(struct auth_method_context
*ctx
, TALLOC_CTX
*mem_ctx
,
68 const struct auth_usersupplied_info
*user_info
);
70 /* Given the user supplied info, check a password */
72 NTSTATUS (*check_password
)(struct auth_method_context
*ctx
, TALLOC_CTX
*mem_ctx
,
73 const struct auth_usersupplied_info
*user_info
,
74 struct auth_user_info_dc
**interim_info
);
76 /* Lookup a 'session info interim' return based only on the principal or DN */
77 NTSTATUS (*get_user_info_dc_principal
)(TALLOC_CTX
*mem_ctx
,
78 struct auth4_context
*auth_context
,
79 const char *principal
,
80 struct ldb_dn
*user_dn
,
81 struct auth_user_info_dc
**interim_info
);
84 struct auth_method_context
{
85 struct auth_method_context
*prev
, *next
;
86 struct auth4_context
*auth_ctx
;
87 const struct auth_operations
*ops
;
92 /* this structure is used by backends to determine the size of some critical types */
93 struct auth_critical_sizes
{
94 int interface_version
;
95 int sizeof_auth_operations
;
96 int sizeof_auth_methods
;
97 int sizeof_auth_context
;
98 int sizeof_auth_usersupplied_info
;
99 int sizeof_auth_user_info_dc
;
102 NTSTATUS
encrypt_user_info(TALLOC_CTX
*mem_ctx
, struct auth4_context
*auth_context
,
103 enum auth_password_state to_state
,
104 const struct auth_usersupplied_info
*user_info_in
,
105 const struct auth_usersupplied_info
**user_info_encrypted
);
108 #include "auth/session.h"
109 #include "auth/unix_token_proto.h"
110 #include "auth/system_session_proto.h"
111 #include "libcli/security/security.h"
115 struct gensec_security
;
116 struct cli_credentials
;
118 NTSTATUS
auth_get_challenge(struct auth4_context
*auth_ctx
, uint8_t chal
[8]);
119 NTSTATUS
authsam_account_ok(TALLOC_CTX
*mem_ctx
,
120 struct ldb_context
*sam_ctx
,
121 uint32_t logon_parameters
,
122 struct ldb_dn
*domain_dn
,
123 struct ldb_message
*msg
,
124 const char *logon_workstation
,
125 const char *name_for_logs
,
126 bool allow_domain_trust
,
127 bool password_change
);
129 struct auth_session_info
*system_session(struct loadparm_context
*lp_ctx
);
130 NTSTATUS
authsam_make_user_info_dc(TALLOC_CTX
*mem_ctx
, struct ldb_context
*sam_ctx
,
131 const char *netbios_name
,
132 const char *domain_name
,
133 struct ldb_dn
*domain_dn
,
134 struct ldb_message
*msg
,
135 DATA_BLOB user_sess_key
, DATA_BLOB lm_sess_key
,
136 struct auth_user_info_dc
**_user_info_dc
);
137 NTSTATUS
auth_system_session_info(TALLOC_CTX
*parent_ctx
,
138 struct loadparm_context
*lp_ctx
,
139 struct auth_session_info
**_session_info
) ;
141 NTSTATUS
auth_context_create_methods(TALLOC_CTX
*mem_ctx
, const char **methods
,
142 struct tevent_context
*ev
,
143 struct imessaging_context
*msg
,
144 struct loadparm_context
*lp_ctx
,
145 struct ldb_context
*sam_ctx
,
146 struct auth4_context
**auth_ctx
);
147 const char **auth_methods_from_lp(TALLOC_CTX
*mem_ctx
, struct loadparm_context
*lp_ctx
);
149 NTSTATUS
auth_context_create(TALLOC_CTX
*mem_ctx
,
150 struct tevent_context
*ev
,
151 struct imessaging_context
*msg
,
152 struct loadparm_context
*lp_ctx
,
153 struct auth4_context
**auth_ctx
);
155 NTSTATUS
auth_check_password_wrapper(struct auth4_context
*auth_ctx
,
157 const struct auth_usersupplied_info
*user_info
,
158 void **server_returned_info
,
159 DATA_BLOB
*user_session_key
, DATA_BLOB
*lm_session_key
);
161 NTSTATUS
auth_check_password(struct auth4_context
*auth_ctx
,
163 const struct auth_usersupplied_info
*user_info
,
164 struct auth_user_info_dc
**user_info_dc
);
165 NTSTATUS
auth4_init(void);
166 NTSTATUS
auth_register(const struct auth_operations
*ops
);
167 NTSTATUS
server_service_auth_init(void);
168 NTSTATUS
authenticate_username_pw(TALLOC_CTX
*mem_ctx
,
169 struct tevent_context
*ev
,
170 struct imessaging_context
*msg
,
171 struct loadparm_context
*lp_ctx
,
172 const char *nt4_domain
,
173 const char *nt4_username
,
174 const char *password
,
175 const uint32_t logon_parameters
,
176 struct auth_session_info
**session_info
);
178 struct tevent_req
*auth_check_password_send(TALLOC_CTX
*mem_ctx
,
179 struct tevent_context
*ev
,
180 struct auth4_context
*auth_ctx
,
181 const struct auth_usersupplied_info
*user_info
);
182 NTSTATUS
auth_check_password_recv(struct tevent_req
*req
,
184 struct auth_user_info_dc
**user_info_dc
);
186 bool auth_challenge_may_be_modified(struct auth4_context
*auth_ctx
);
187 NTSTATUS
auth_context_set_challenge(struct auth4_context
*auth_ctx
, const uint8_t chal
[8], const char *set_by
);
189 NTSTATUS
auth_get_user_info_dc_principal(TALLOC_CTX
*mem_ctx
,
190 struct auth4_context
*auth_ctx
,
191 const char *principal
,
192 struct ldb_dn
*user_dn
,
193 struct auth_user_info_dc
**user_info_dc
);
195 NTSTATUS
samba_server_gensec_start(TALLOC_CTX
*mem_ctx
,
196 struct tevent_context
*event_ctx
,
197 struct imessaging_context
*msg_ctx
,
198 struct loadparm_context
*lp_ctx
,
199 struct cli_credentials
*server_credentials
,
200 const char *target_service
,
201 struct gensec_security
**gensec_context
);
203 #endif /* _SMBAUTH_H_ */