2011-05-30 23:54:36 +02:00
/*
* Unix SMB / CIFS implementation .
* Password and authentication handling
*
* Copyright ( C ) Andrew Tridgell 1992 - 2001
* Copyright ( C ) Luke Kenneth Casson Leighton 1996 - 2000
* Copyright ( C ) Jeremy Allison 1997 - 2001
* Copyright ( C ) John H Terpsta 1999 - 2001
* Copyright ( C ) Tim Potter 2000
* Copyright ( C ) Andrew Bartlett 2001 - 2003
* Copyright ( C ) Jelmer Vernooij 2002
* Copyright ( C ) Rafal Szczesniak 2002
* Copyright ( C ) Gerald Carter 2003
* Copyright ( C ) Volker Lendecke 2006 , 2010
* Copyright ( C ) Michael Adam 2007
* Copyright ( C ) Dan Sledz 2009
* Copyright ( C ) Simo Sorce 2010
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
2011-03-25 02:27:24 +01:00
2011-05-30 23:57:23 +02:00
# ifndef _AUTH_PROTO_H_
# define _AUTH_PROTO_H_
2011-03-25 02:27:24 +01:00
/* The following definitions come from auth/auth.c */
NTSTATUS smb_register_auth ( int version , const char * name , auth_init_function init ) ;
bool load_auth_module ( struct auth_context * auth_context ,
const char * module , auth_methods * * ret ) ;
2017-03-17 09:13:02 +01:00
NTSTATUS make_auth3_context_for_ntlm ( TALLOC_CTX * mem_ctx ,
struct auth_context * * auth_context ) ;
NTSTATUS make_auth3_context_for_netlogon ( TALLOC_CTX * mem_ctx ,
struct auth_context * * auth_context ) ;
NTSTATUS make_auth3_context_for_winbind ( TALLOC_CTX * mem_ctx ,
struct auth_context * * auth_context ) ;
2017-03-13 08:08:44 +01:00
bool auth3_context_set_challenge ( struct auth_context * ctx , uint8_t chal [ 8 ] ,
const char * challenge_set_by ) ;
2011-03-25 02:27:24 +01:00
2012-02-03 21:58:44 +11:00
/****************************************************************************
Try to get a challenge out of the various authentication modules .
Returns a const char of length 8 bytes .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
NTSTATUS auth_get_ntlm_challenge ( struct auth_context * auth_context ,
uint8_t chal [ 8 ] ) ;
/**
* Check a user ' s Plaintext , LM or NTLM password .
*
* Check a user ' s password , as given in the user_info struct and return various
* interesting details in the server_info struct .
*
* This function does NOT need to be in a become_root ( ) / unbecome_root ( ) pair
* as it makes the calls itself when needed .
*
* The return value takes precedence over the contents of the server_info
* struct . When the return is other than NT_STATUS_OK the contents
* of that structure is undefined .
*
2014-02-18 10:19:57 +01:00
* @ param mem_ctx The memory context to use to allocate server_info
*
2012-02-03 21:58:44 +11:00
* @ param user_info Contains the user supplied components , including the passwords .
* Must be created with make_user_info ( ) or one of its wrappers .
*
* @ param auth_context Supplies the challenges and some other data .
* Must be created with make_auth_context ( ) , and the challenges should be
* filled in , either at creation or by calling the challenge geneation
* function auth_get_challenge ( ) .
*
2017-03-17 09:43:59 +01:00
* @ param pserver_info If successful , contains information about the authentication ,
* including a struct samu struct describing the user .
*
* @ param pauthoritative Indicates if the result should be treated as final
* result .
2012-02-03 21:58:44 +11:00
*
* @ return An NTSTATUS with NT_STATUS_OK or an appropriate error .
*
* */
2014-02-18 10:19:57 +01:00
NTSTATUS auth_check_ntlm_password ( TALLOC_CTX * mem_ctx ,
const struct auth_context * auth_context ,
const struct auth_usersupplied_info * user_info ,
2017-03-17 09:43:59 +01:00
struct auth_serversupplied_info * * pserver_info ,
uint8_t * pauthoritative ) ;
2012-02-03 21:58:44 +11:00
2011-03-25 02:27:24 +01:00
/* The following definitions come from auth/auth_builtin.c */
2017-04-20 12:24:43 -07:00
NTSTATUS auth_builtin_init ( TALLOC_CTX * mem_ctx ) ;
2011-03-25 02:27:24 +01:00
/* The following definitions come from auth/auth_domain.c */
2017-04-20 12:24:43 -07:00
NTSTATUS auth_domain_init ( TALLOC_CTX * mem_ctx ) ;
2011-03-25 02:27:24 +01:00
2012-01-30 22:11:41 +11:00
/* The following definitions come from auth/auth_generic.c */
2011-03-25 02:27:24 +01:00
2012-02-03 16:14:42 +11:00
NTSTATUS make_auth4_context ( TALLOC_CTX * mem_ctx , struct auth4_context * * auth4_context_out ) ;
2017-02-23 14:31:52 +13:00
NTSTATUS auth_generic_prepare ( TALLOC_CTX * mem_ctx ,
const struct tsocket_address * remote_address ,
const struct tsocket_address * local_address ,
2017-02-20 14:17:34 +13:00
const char * service_description ,
2011-12-26 14:23:15 +11:00
struct gensec_security * * gensec_security_out ) ;
2011-03-25 02:27:24 +01:00
2012-02-03 23:32:26 +11:00
NTSTATUS auth_check_password_session_info ( struct auth4_context * auth_context ,
TALLOC_CTX * mem_ctx ,
struct auth_usersupplied_info * user_info ,
struct auth_session_info * * session_info ) ;
2012-01-30 22:11:41 +11:00
/* The following definitions come from auth/auth_ntlmssp.c */
2012-02-04 17:49:49 +11:00
NTSTATUS auth3_generate_session_info ( struct auth4_context * auth_context ,
TALLOC_CTX * mem_ctx ,
2012-01-30 22:11:41 +11:00
void * server_returned_info ,
const char * original_user_name ,
uint32_t session_info_flags ,
struct auth_session_info * * session_info ) ;
NTSTATUS auth3_get_challenge ( struct auth4_context * auth4_context ,
uint8_t chal [ 8 ] ) ;
NTSTATUS auth3_set_challenge ( struct auth4_context * auth4_context , const uint8_t * chal ,
const char * challenge_set_by ) ;
NTSTATUS auth3_check_password ( struct auth4_context * auth4_context ,
TALLOC_CTX * mem_ctx ,
const struct auth_usersupplied_info * user_info ,
2017-03-17 11:52:51 +01:00
uint8_t * pauthoritative ,
2012-01-30 22:11:41 +11:00
void * * server_returned_info ,
DATA_BLOB * session_key , DATA_BLOB * lm_session_key ) ;
2011-03-25 02:27:24 +01:00
/* The following definitions come from auth/auth_sam.c */
NTSTATUS check_sam_security ( const DATA_BLOB * challenge ,
TALLOC_CTX * mem_ctx ,
const struct auth_usersupplied_info * user_info ,
struct auth_serversupplied_info * * server_info ) ;
NTSTATUS check_sam_security_info3 ( const DATA_BLOB * challenge ,
TALLOC_CTX * mem_ctx ,
const struct auth_usersupplied_info * user_info ,
struct netr_SamInfo3 * * pinfo3 ) ;
2017-04-20 12:24:43 -07:00
NTSTATUS auth_sam_init ( TALLOC_CTX * mem_ctx ) ;
2011-03-25 02:27:24 +01:00
/* The following definitions come from auth/auth_unix.c */
2017-04-20 12:24:43 -07:00
NTSTATUS auth_unix_init ( TALLOC_CTX * mem_ctx ) ;
2011-03-25 02:27:24 +01:00
/* The following definitions come from auth/auth_util.c */
2011-06-08 18:55:37 +02:00
struct tsocket_address ;
2011-03-25 02:27:24 +01:00
2014-03-27 09:17:15 +13:00
NTSTATUS make_user_info_map ( TALLOC_CTX * mem_ctx ,
struct auth_usersupplied_info * * user_info ,
2011-03-25 02:27:24 +01:00
const char * smb_name ,
const char * client_domain ,
const char * workstation_name ,
2011-06-08 18:55:37 +02:00
const struct tsocket_address * remote_address ,
2017-02-24 13:29:12 +13:00
const struct tsocket_address * local_address ,
2017-02-20 14:52:07 +13:00
const char * service_description ,
2012-01-30 22:44:28 +11:00
const DATA_BLOB * lm_pwd ,
const DATA_BLOB * nt_pwd ,
2011-03-25 02:27:24 +01:00
const struct samr_Password * lm_interactive_pwd ,
const struct samr_Password * nt_interactive_pwd ,
const char * plaintext ,
enum auth_password_state password_state ) ;
2014-03-27 09:17:15 +13:00
bool make_user_info_netlogon_network ( TALLOC_CTX * mem_ctx ,
struct auth_usersupplied_info * * user_info ,
2011-03-25 02:27:24 +01:00
const char * smb_name ,
const char * client_domain ,
const char * workstation_name ,
2011-06-08 18:55:37 +02:00
const struct tsocket_address * remote_address ,
2017-02-24 13:29:12 +13:00
const struct tsocket_address * local_address ,
2015-05-10 18:17:56 -07:00
uint32_t logon_parameters ,
2011-03-25 02:27:24 +01:00
const uchar * lm_network_pwd ,
int lm_pwd_len ,
const uchar * nt_network_pwd ,
int nt_pwd_len ) ;
2014-03-27 09:17:15 +13:00
bool make_user_info_netlogon_interactive ( TALLOC_CTX * mem_ctx ,
struct auth_usersupplied_info * * user_info ,
2011-03-25 02:27:24 +01:00
const char * smb_name ,
const char * client_domain ,
const char * workstation_name ,
2011-06-08 18:55:37 +02:00
const struct tsocket_address * remote_address ,
2017-02-24 13:29:12 +13:00
const struct tsocket_address * local_address ,
2015-05-10 18:17:56 -07:00
uint32_t logon_parameters ,
2011-03-25 02:27:24 +01:00
const uchar chal [ 8 ] ,
const uchar lm_interactive_pwd [ 16 ] ,
2012-12-05 19:49:52 +01:00
const uchar nt_interactive_pwd [ 16 ] ) ;
2014-03-27 09:17:15 +13:00
bool make_user_info_for_reply ( TALLOC_CTX * mem_ctx ,
struct auth_usersupplied_info * * user_info ,
2011-03-25 02:27:24 +01:00
const char * smb_name ,
const char * client_domain ,
2011-06-08 18:55:37 +02:00
const struct tsocket_address * remote_address ,
2017-02-24 13:29:12 +13:00
const struct tsocket_address * local_address ,
2017-02-20 14:52:07 +13:00
const char * service_description ,
2015-05-10 18:17:56 -07:00
const uint8_t chal [ 8 ] ,
2011-03-25 02:27:24 +01:00
DATA_BLOB plaintext_password ) ;
2014-03-27 09:17:15 +13:00
NTSTATUS make_user_info_for_reply_enc ( TALLOC_CTX * mem_ctx ,
struct auth_usersupplied_info * * user_info ,
2011-03-25 02:27:24 +01:00
const char * smb_name ,
const char * client_domain ,
2011-06-08 18:55:37 +02:00
const struct tsocket_address * remote_address ,
2017-02-24 13:29:12 +13:00
const struct tsocket_address * local_address ,
2017-02-20 14:52:07 +13:00
const char * service_description ,
2011-03-25 02:27:24 +01:00
DATA_BLOB lm_resp , DATA_BLOB nt_resp ) ;
2014-03-27 09:17:15 +13:00
bool make_user_info_guest ( TALLOC_CTX * mem_ctx ,
const struct tsocket_address * remote_address ,
2017-02-24 13:29:12 +13:00
const struct tsocket_address * local_address ,
2017-02-20 14:52:07 +13:00
const char * service_description ,
2011-06-08 18:55:37 +02:00
struct auth_usersupplied_info * * user_info ) ;
2011-03-25 02:27:24 +01:00
struct samu ;
2014-02-18 10:02:57 +01:00
NTSTATUS make_server_info_sam ( TALLOC_CTX * mem_ctx ,
struct samu * sampass ,
struct auth_serversupplied_info * * pserver_info ) ;
2011-02-11 11:50:37 +11:00
NTSTATUS create_local_token ( TALLOC_CTX * mem_ctx ,
2011-04-06 06:46:26 +10:00
const struct auth_serversupplied_info * server_info ,
2011-02-11 11:50:37 +11:00
DATA_BLOB * session_key ,
2011-07-26 13:37:36 +10:00
const char * smb_name ,
2011-07-18 13:06:47 +10:00
struct auth_session_info * * session_info_out ) ;
2011-03-25 02:27:24 +01:00
NTSTATUS create_token_from_username ( TALLOC_CTX * mem_ctx , const char * username ,
bool is_guest ,
uid_t * uid , gid_t * gid ,
char * * found_username ,
struct security_token * * token ) ;
bool user_in_group_sid ( const char * username , const struct dom_sid * group_sid ) ;
2012-05-10 09:19:46 +10:00
bool user_sid_in_group_sid ( const struct dom_sid * sid , const struct dom_sid * group_sid ) ;
2011-03-25 02:27:24 +01:00
bool user_in_group ( const char * username , const char * groupname ) ;
struct passwd ;
2013-12-13 19:11:01 +01:00
NTSTATUS make_server_info_pw ( TALLOC_CTX * mem_ctx ,
const char * unix_username ,
const struct passwd * pwd ,
struct auth_serversupplied_info * * server_info ) ;
2011-02-11 11:50:37 +11:00
NTSTATUS make_session_info_from_username ( TALLOC_CTX * mem_ctx ,
const char * username ,
bool is_guest ,
2011-07-18 13:06:47 +10:00
struct auth_session_info * * session_info ) ;
struct auth_session_info * copy_session_info ( TALLOC_CTX * mem_ctx ,
const struct auth_session_info * src ) ;
2011-03-25 02:27:24 +01:00
bool init_guest_info ( void ) ;
2012-05-14 10:37:59 +02:00
NTSTATUS init_system_session_info ( void ) ;
2011-07-18 13:06:47 +10:00
bool session_info_set_session_key ( struct auth_session_info * info ,
2011-03-25 02:27:24 +01:00
DATA_BLOB session_key ) ;
NTSTATUS make_server_info_guest ( TALLOC_CTX * mem_ctx ,
struct auth_serversupplied_info * * server_info ) ;
2011-07-15 12:45:17 +10:00
NTSTATUS make_session_info_guest ( TALLOC_CTX * mem_ctx ,
2011-07-18 13:06:47 +10:00
struct auth_session_info * * server_info ) ;
2011-03-25 02:27:24 +01:00
NTSTATUS make_session_info_system ( TALLOC_CTX * mem_ctx ,
2011-07-18 13:06:47 +10:00
struct auth_session_info * * session_info ) ;
const struct auth_session_info * get_session_info_system ( void ) ;
2011-03-25 02:27:24 +01:00
struct passwd * smb_getpwnam ( TALLOC_CTX * mem_ctx , const char * domuser ,
char * * p_save_username , bool create ) ;
NTSTATUS make_server_info_info3 ( TALLOC_CTX * mem_ctx ,
const char * sent_nt_username ,
const char * domain ,
struct auth_serversupplied_info * * server_info ,
2014-06-16 22:49:29 -07:00
const struct netr_SamInfo3 * info3 ) ;
2011-03-25 02:27:24 +01:00
struct wbcAuthUserInfo ;
NTSTATUS make_server_info_wbcAuthUserInfo ( TALLOC_CTX * mem_ctx ,
const char * sent_nt_username ,
const char * domain ,
const struct wbcAuthUserInfo * info ,
struct auth_serversupplied_info * * server_info ) ;
bool is_trusted_domain ( const char * dom_name ) ;
2012-03-02 16:18:16 +02:00
NTSTATUS session_extract_session_key ( const struct auth_session_info * session_info , DATA_BLOB * session_key , enum session_key_use_intent intent ) ;
2011-03-25 02:27:24 +01:00
/* The following definitions come from auth/user_info.c */
2014-03-27 09:17:15 +13:00
NTSTATUS make_user_info ( TALLOC_CTX * mem_ctx ,
struct auth_usersupplied_info * * ret_user_info ,
2011-03-25 02:27:24 +01:00
const char * smb_name ,
const char * internal_username ,
const char * client_domain ,
const char * domain ,
const char * workstation_name ,
2011-06-08 18:55:37 +02:00
const struct tsocket_address * remote_address ,
2017-02-24 13:29:12 +13:00
const struct tsocket_address * local_address ,
2017-02-20 14:52:07 +13:00
const char * service_description ,
2011-03-25 02:27:24 +01:00
const DATA_BLOB * lm_pwd ,
const DATA_BLOB * nt_pwd ,
const struct samr_Password * lm_interactive_pwd ,
const struct samr_Password * nt_interactive_pwd ,
const char * plaintext_password ,
enum auth_password_state password_state ) ;
2014-02-18 13:52:49 +01:00
NTSTATUS do_map_to_guest_server_info ( TALLOC_CTX * mem_ctx ,
NTSTATUS status ,
const char * user ,
const char * domain ,
struct auth_serversupplied_info * * server_info ) ;
2011-07-22 11:33:52 +10:00
2011-03-25 02:27:24 +01:00
/* The following definitions come from auth/auth_winbind.c */
2017-04-20 12:24:43 -07:00
NTSTATUS auth_winbind_init ( TALLOC_CTX * mem_ctx ) ;
2011-03-25 02:27:24 +01:00
/* The following definitions come from auth/server_info.c */
struct netr_SamInfo2 ;
struct netr_SamInfo3 ;
struct netr_SamInfo6 ;
struct auth_serversupplied_info * make_server_info ( TALLOC_CTX * mem_ctx ) ;
NTSTATUS serverinfo_to_SamInfo2 ( struct auth_serversupplied_info * server_info ,
struct netr_SamInfo2 * sam2 ) ;
NTSTATUS serverinfo_to_SamInfo3 ( const struct auth_serversupplied_info * server_info ,
struct netr_SamInfo3 * sam3 ) ;
NTSTATUS serverinfo_to_SamInfo6 ( struct auth_serversupplied_info * server_info ,
struct netr_SamInfo6 * sam6 ) ;
2014-06-16 23:11:58 -07:00
NTSTATUS create_info3_from_pac_logon_info ( TALLOC_CTX * mem_ctx ,
const struct PAC_LOGON_INFO * logon_info ,
struct netr_SamInfo3 * * pp_info3 ) ;
2011-03-25 02:27:24 +01:00
NTSTATUS samu_to_SamInfo3 ( TALLOC_CTX * mem_ctx ,
struct samu * samu ,
const char * login_server ,
struct netr_SamInfo3 * * _info3 ,
struct extra_auth_info * extra ) ;
2013-12-13 19:08:34 +01:00
NTSTATUS passwd_to_SamInfo3 ( TALLOC_CTX * mem_ctx ,
const char * unix_username ,
const struct passwd * pwd ,
2015-01-13 13:45:16 -08:00
struct netr_SamInfo3 * * pinfo3 ,
struct extra_auth_info * extra ) ;
2011-03-25 02:27:24 +01:00
struct netr_SamInfo3 * copy_netr_SamInfo3 ( TALLOC_CTX * mem_ctx ,
2014-06-16 22:49:29 -07:00
const struct netr_SamInfo3 * orig ) ;
2011-03-25 02:27:24 +01:00
/* The following definitions come from auth/pampass.c */
2012-09-03 13:55:50 +02:00
bool smb_pam_claim_session ( const char * user , const char * tty , const char * rhost ) ;
bool smb_pam_close_session ( const char * user , const char * tty , const char * rhost ) ;
2011-03-25 02:27:24 +01:00
NTSTATUS smb_pam_accountcheck ( const char * user , const char * rhost ) ;
NTSTATUS smb_pam_passcheck ( const char * user , const char * rhost ,
const char * password ) ;
bool smb_pam_passchange ( const char * user , const char * rhost ,
const char * oldpassword , const char * newpassword ) ;
/* The following definitions come from auth/pass_check.c */
NTSTATUS pass_check ( const struct passwd * pass ,
const char * user ,
const char * rhost ,
const char * password ,
bool run_cracker ) ;
/* The following definitions come from auth/token_util.c */
bool nt_token_check_sid ( const struct dom_sid * sid , const struct security_token * token ) ;
2015-05-10 18:17:56 -07:00
bool nt_token_check_domain_rid ( struct security_token * token , uint32_t rid ) ;
2011-03-25 02:27:24 +01:00
struct security_token * get_root_nt_token ( void ) ;
NTSTATUS add_aliases ( const struct dom_sid * domain_sid ,
struct security_token * token ) ;
struct security_token * create_local_nt_token ( TALLOC_CTX * mem_ctx ,
const struct dom_sid * user_sid ,
bool is_guest ,
int num_groupsids ,
const struct dom_sid * groupsids ) ;
2017-03-01 11:22:43 +13:00
NTSTATUS get_user_sid_info3_and_extra ( const struct netr_SamInfo3 * info3 ,
const struct extra_auth_info * extra ,
struct dom_sid * sid ) ;
2011-03-25 02:27:24 +01:00
NTSTATUS create_local_nt_token_from_info3 ( TALLOC_CTX * mem_ctx ,
bool is_guest ,
2011-07-18 10:19:27 +10:00
const struct netr_SamInfo3 * info3 ,
const struct extra_auth_info * extra ,
2011-03-25 02:27:24 +01:00
struct security_token * * ntok ) ;
void debug_unix_user_token ( int dbg_class , int dbg_lev , uid_t uid , gid_t gid ,
int n_groups , gid_t * groups ) ;
/* The following definitions come from auth/user_util.c */
bool map_username ( TALLOC_CTX * ctx , const char * user_in , char * * p_user_out ) ;
2011-03-24 14:16:28 +01:00
bool user_in_netgroup ( TALLOC_CTX * ctx , const char * user , const char * ngname ) ;
2014-02-26 20:16:26 +01:00
bool user_in_list ( TALLOC_CTX * ctx , const char * user , const char * const * list ) ;
2011-03-25 02:27:24 +01:00
/* The following definitions come from auth/user_krb5.c */
struct PAC_LOGON_INFO ;
NTSTATUS get_user_from_kerberos_info ( TALLOC_CTX * mem_ctx ,
const char * cli_name ,
const char * princ_name ,
struct PAC_LOGON_INFO * logon_info ,
bool * is_mapped ,
bool * mapped_to_guest ,
char * * ntuser ,
char * * ntdomain ,
char * * username ,
struct passwd * * _pw ) ;
2011-02-11 11:50:37 +11:00
NTSTATUS make_session_info_krb5 ( TALLOC_CTX * mem_ctx ,
2011-03-25 02:27:24 +01:00
char * ntuser ,
char * ntdomain ,
char * username ,
struct passwd * pw ,
2014-06-16 22:54:45 -07:00
const struct netr_SamInfo3 * info3 ,
2011-02-11 11:50:37 +11:00
bool mapped_to_guest , bool username_was_mapped ,
DATA_BLOB * session_key ,
2011-07-18 13:06:47 +10:00
struct auth_session_info * * session_info ) ;
2011-05-30 23:57:23 +02:00
2014-02-26 20:16:26 +01:00
/* The following definitions come from auth/auth_samba4.c */
2017-04-20 12:24:43 -07:00
NTSTATUS auth_samba4_init ( TALLOC_CTX * mem_ctx ) ;
2012-01-30 22:11:41 +11:00
2011-05-30 23:57:23 +02:00
# endif /* _AUTH_PROTO_H_ */