2011-07-21 07:20:26 +04:00
/*
2004-06-20 04:58:09 +04:00
Unix SMB / CIFS implementation .
2011-07-21 07:20:26 +04:00
2004-06-20 04:58:09 +04:00
Generic Authentication Interface
Copyright ( C ) Andrew Tridgell 2003
r6028: A MAJOR update to intergrate the new credentails system fully with
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.
GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.
In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct
cli_credentials'.
In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).
This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.
The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as. This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.
To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.
In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module. The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.
The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there. This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.
The auth_domain module continues to be developed, but is now just as
functional as auth_winbind. The changes here are consequential to the
schannel changes.
The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').
Andrew Bartlett
(This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2005-03-24 07:14:06 +03:00
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2004 - 2005
2011-07-21 07:20:26 +04:00
2004-06-20 04:58:09 +04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 06:07:03 +04:00
the Free Software Foundation ; either version 3 of the License , or
2004-06-20 04:58:09 +04:00
( at your option ) any later version .
2011-07-21 07:20:26 +04:00
2004-06-20 04:58:09 +04:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2011-07-21 07:20:26 +04:00
2004-06-20 04:58:09 +04:00
You should have received a copy of the GNU General Public License
2007-07-10 06:07:03 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2004-06-20 04:58:09 +04:00
*/
2006-03-14 04:29:56 +03:00
# ifndef __GENSEC_H__
# define __GENSEC_H__
2008-12-23 22:17:59 +03:00
# include "../lib/util/data_blob.h"
# include "libcli/util/ntstatus.h"
2010-06-01 13:12:29 +04:00
# define GENSEC_SASL_NAME_NTLMSSP "NTLM"
2006-12-19 22:25:49 +03:00
# define GENSEC_OID_NTLMSSP "1.3.6.1.4.1.311.2.2.10"
# define GENSEC_OID_SPNEGO "1.3.6.1.5.5.2"
# define GENSEC_OID_KERBEROS5 "1.2.840.113554.1.2.2"
# define GENSEC_OID_KERBEROS5_OLD "1.2.840.48018.1.2.2"
# define GENSEC_OID_KERBEROS5_USER2USER "1.2.840.113554.1.2.2.3"
2004-06-20 04:58:09 +04:00
2017-03-01 06:00:03 +03:00
# define GENSEC_FINAL_AUTH_TYPE_KRB5 "krb5"
# define GENSEC_FINAL_AUTH_TYPE_NTLMSSP "NTLMSSP"
2006-09-08 10:21:02 +04:00
enum gensec_priority {
GENSEC_SPNEGO = 90 ,
GENSEC_GSSAPI = 80 ,
GENSEC_KRB5 = 70 ,
GENSEC_SCHANNEL = 60 ,
GENSEC_NTLMSSP = 50 ,
GENSEC_SASL = 20 ,
2013-09-18 00:09:50 +04:00
GENSEC_OTHER = 10 ,
GENSEC_EXTERNAL = 0
2006-09-08 08:37:56 +04:00
} ;
2004-06-20 04:58:09 +04:00
struct gensec_security ;
2004-07-11 14:29:54 +04:00
struct gensec_target {
const char * principal ;
const char * hostname ;
2004-07-13 09:14:59 +04:00
const char * service ;
2017-02-20 03:32:47 +03:00
const char * service_description ;
2004-07-11 14:29:54 +04:00
} ;
2004-08-25 06:25:20 +04:00
2004-12-06 18:44:17 +03:00
# define GENSEC_FEATURE_SESSION_KEY 0x00000001
# define GENSEC_FEATURE_SIGN 0x00000002
# define GENSEC_FEATURE_SEAL 0x00000004
2004-12-21 15:39:39 +03:00
# define GENSEC_FEATURE_DCE_STYLE 0x00000008
2005-05-10 15:04:04 +04:00
# define GENSEC_FEATURE_ASYNC_REPLIES 0x00000010
2005-08-20 08:42:19 +04:00
# define GENSEC_FEATURE_DATAGRAM_MODE 0x00000020
2008-08-06 23:26:20 +04:00
# define GENSEC_FEATURE_SIGN_PKT_HEADER 0x00000040
2008-08-12 16:26:21 +04:00
# define GENSEC_FEATURE_NEW_SPNEGO 0x00000080
2011-07-21 09:39:27 +04:00
# define GENSEC_FEATURE_UNIX_TOKEN 0x00000100
2015-11-27 15:42:30 +03:00
# define GENSEC_FEATURE_NTLM_CCACHE 0x00000200
2015-12-09 16:48:14 +03:00
# define GENSEC_FEATURE_LDAP_STYLE 0x00000400
2017-03-01 02:18:49 +03:00
# define GENSEC_FEATURE_NO_AUTHZ_LOG 0x00000800
2017-03-06 04:10:17 +03:00
# define GENSEC_FEATURE_SMB_TRANSPORT 0x00001000
# define GENSEC_FEATURE_LDAPS_TRANSPORT 0x00002000
2004-07-11 14:29:54 +04:00
2012-03-03 07:32:45 +04:00
# define GENSEC_EXPIRE_TIME_INFINITY (NTTIME)0x8000000000000000LL
2004-06-20 04:58:09 +04:00
/* GENSEC mode */
enum gensec_role
{
GENSEC_SERVER ,
GENSEC_CLIENT
} ;
2004-07-14 15:28:34 +04:00
struct auth_session_info ;
2007-09-29 19:16:38 +04:00
struct cli_credentials ;
2008-11-02 04:05:48 +03:00
struct gensec_settings ;
2008-12-29 22:24:57 +03:00
struct tevent_context ;
2009-12-22 18:24:44 +03:00
struct tevent_req ;
2011-12-28 10:48:45 +04:00
struct smb_krb5_context ;
2013-08-05 09:12:01 +04:00
struct tsocket_address ;
2006-07-31 19:52:26 +04:00
2008-11-02 04:05:48 +03:00
struct gensec_settings {
struct loadparm_context * lp_ctx ;
const char * target_hostname ;
2011-12-26 03:53:56 +04:00
/* this allows callers to specify a specific set of ops that
* should be used , rather than those loaded by the plugin
* mechanism */
2013-08-05 13:20:21 +04:00
const struct gensec_security_ops * const * backends ;
2012-01-31 09:17:04 +04:00
/* To fill in our own name in the NTLMSSP server */
const char * server_dns_domain ;
const char * server_dns_name ;
2012-02-06 11:02:11 +04:00
const char * server_netbios_domain ;
const char * server_netbios_name ;
2008-11-02 04:05:48 +03:00
} ;
2013-08-05 09:12:01 +04:00
struct gensec_security_ops ;
struct gensec_security_ops_wrapper ;
2005-05-16 03:42:11 +04:00
2017-04-20 22:24:43 +03:00
/* Change to 1, loadable modules now take a TALLOC_CTX * init() parameter. */
# define GENSEC_INTERFACE_VERSION 1
r1294: A nice, large, commit...
This implements gensec for Samba's server side, and brings gensec up
to the standards of a full subsystem.
This means that use of the subsystem is by gensec_* functions, not
function pointers in structures (this is internal). This causes
changes in all the existing gensec users.
Our RPC server no longer contains it's own generalised security
scheme, and now calls gensec directly.
Gensec has also taken over the role of auth/auth_ntlmssp.c
An important part of gensec, is the output of the 'session_info'
struct. This is now reference counted, so that we can correctly free
it when a pipe is closed, no matter if it was inherited, or created by
per-pipe authentication.
The schannel code is reworked, to be in the same file for client and
server.
ntlm_auth is reworked to use gensec.
The major problem with this code is the way it relies on subsystem
auto-initialisation. The primary reason for this commit now.is to
allow these problems to be looked at, and fixed.
There are problems with the new code:
- I've tested it with smbtorture, but currently don't have VMware and
valgrind working (this I'll fix soon).
- The SPNEGO code is client-only at this point.
- We still do not do kerberos.
Andrew Bartlett
(This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
2004-06-29 13:40:10 +04:00
/* this structure is used by backends to determine the size of some critical types */
2013-08-05 09:12:01 +04:00
struct gensec_critical_sizes ;
2013-05-11 12:35:33 +04:00
const struct gensec_critical_sizes * gensec_interface_version ( void ) ;
r1294: A nice, large, commit...
This implements gensec for Samba's server side, and brings gensec up
to the standards of a full subsystem.
This means that use of the subsystem is by gensec_* functions, not
function pointers in structures (this is internal). This causes
changes in all the existing gensec users.
Our RPC server no longer contains it's own generalised security
scheme, and now calls gensec directly.
Gensec has also taken over the role of auth/auth_ntlmssp.c
An important part of gensec, is the output of the 'session_info'
struct. This is now reference counted, so that we can correctly free
it when a pipe is closed, no matter if it was inherited, or created by
per-pipe authentication.
The schannel code is reworked, to be in the same file for client and
server.
ntlm_auth is reworked to use gensec.
The major problem with this code is the way it relies on subsystem
auto-initialisation. The primary reason for this commit now.is to
allow these problems to be looked at, and fixed.
There are problems with the new code:
- I've tested it with smbtorture, but currently don't have VMware and
valgrind working (this I'll fix soon).
- The SPNEGO code is client-only at this point.
- We still do not do kerberos.
Andrew Bartlett
(This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
2004-06-29 13:40:10 +04:00
2007-12-10 20:42:07 +03:00
/* Socket wrapper */
struct gensec_security ;
2011-05-07 10:14:06 +04:00
struct auth4_context ;
2011-02-08 08:53:13 +03:00
struct auth_user_info_dc ;
2007-12-10 20:42:07 +03:00
2007-12-02 19:09:43 +03:00
struct loadparm_context ;
2011-07-21 07:20:26 +04:00
NTSTATUS gensec_subcontext_start ( TALLOC_CTX * mem_ctx ,
struct gensec_security * parent ,
2008-04-02 06:53:27 +04:00
struct gensec_security * * gensec_security ) ;
2011-07-21 07:20:26 +04:00
NTSTATUS gensec_client_start ( TALLOC_CTX * mem_ctx ,
2008-04-02 06:53:27 +04:00
struct gensec_security * * gensec_security ,
2008-11-02 04:05:48 +03:00
struct gensec_settings * settings ) ;
2011-07-21 07:20:26 +04:00
NTSTATUS gensec_start_mech_by_ops ( struct gensec_security * gensec_security ,
const struct gensec_security_ops * ops ) ;
NTSTATUS gensec_start_mech_by_sasl_list ( struct gensec_security * gensec_security ,
2008-04-02 06:53:27 +04:00
const char * * sasl_names ) ;
2011-12-24 04:14:26 +04:00
void gensec_set_max_update_size ( struct gensec_security * gensec_security ,
uint32_t max_update_size ) ;
size_t gensec_max_update_size ( struct gensec_security * gensec_security ) ;
2013-12-13 22:56:13 +04:00
NTSTATUS gensec_update ( struct gensec_security * gensec_security ,
TALLOC_CTX * out_mem_ctx ,
2008-04-02 06:53:27 +04:00
const DATA_BLOB in , DATA_BLOB * out ) ;
2013-12-13 22:18:48 +04:00
NTSTATUS gensec_update_ev ( struct gensec_security * gensec_security ,
TALLOC_CTX * out_mem_ctx ,
struct tevent_context * ev ,
const DATA_BLOB in , DATA_BLOB * out ) ;
2009-12-22 18:24:44 +03:00
struct tevent_req * gensec_update_send ( TALLOC_CTX * mem_ctx ,
struct tevent_context * ev ,
struct gensec_security * gensec_security ,
const DATA_BLOB in ) ;
NTSTATUS gensec_update_recv ( struct tevent_req * req , TALLOC_CTX * out_mem_ctx , DATA_BLOB * out ) ;
2017-05-14 03:06:08 +03:00
/**
* @ brief Ask for features for a following authentication
*
* Typically only one specific feature bit should be passed ,
* but it also works to ask for more features .
*
* The features must be requested before starting the
* gensec_update * ( ) loop .
*
* The current expection is GENSEC_FEATURE_SIGN_PKT_HEADER ,
* it can also be requested once the gensec_update * ( ) loop
* returned NT_STATUS_OK .
*
* The features should not be changed during the gensec_update * ( )
* loop .
*
* @ param [ in ] gensec_security The context to be used
*
* @ param [ in ] feature The requested feature [ s ] .
*
*/
2008-04-02 06:53:27 +04:00
void gensec_want_feature ( struct gensec_security * gensec_security ,
uint32_t feature ) ;
2017-05-14 03:06:08 +03:00
/**
* @ brief Ask for one feature after the finished authentication
*
* Because the return value is bool , the caller can only
* ask for one feature at a time .
*
* The features must be requested after the finished
* gensec_update * ( ) loop .
*
* The current expection is GENSEC_FEATURE_SIGN_PKT_HEADER ,
* it can also be requested before the gensec_update * ( ) loop ,
* as the return value only indicates if the backend supports
* dcerpc header signing , not if header signing will be used
* between client and server . It will be used only if the caller
* also used gensec_want_feature ( GENSEC_FEATURE_SIGN_PKT_HEADER ) .
*
* @ param [ in ] gensec_security The context to be used .
*
* @ param [ in ] feature The requested feature .
*
* @ return true if the feature is supported , false if not .
*/
2008-04-02 06:53:27 +04:00
bool gensec_have_feature ( struct gensec_security * gensec_security ,
uint32_t feature ) ;
2012-03-03 07:32:45 +04:00
NTTIME gensec_expire_time ( struct gensec_security * gensec_security ) ;
2008-04-02 06:53:27 +04:00
NTSTATUS gensec_set_credentials ( struct gensec_security * gensec_security , struct cli_credentials * credentials ) ;
2017-02-20 03:32:47 +03:00
/**
* Set the target service ( such as ' http ' or ' host ' ) on a GENSEC context - ensures it is talloc ( ) ed
*
* This is used for Kerberos service principal name resolution .
*/
2008-04-02 06:53:27 +04:00
NTSTATUS gensec_set_target_service ( struct gensec_security * gensec_security , const char * service ) ;
const char * gensec_get_target_service ( struct gensec_security * gensec_security ) ;
NTSTATUS gensec_set_target_hostname ( struct gensec_security * gensec_security , const char * hostname ) ;
const char * gensec_get_target_hostname ( struct gensec_security * gensec_security ) ;
2017-02-20 03:32:47 +03:00
/**
* Set the target service ( such as ' samr ' ) on an GENSEC context - ensures it is talloc ( ) ed .
*
* This is not the Kerberos service principal , instead this is a
* constant value that can be logged as part of authentication and
* authorization logging
*/
const char * gensec_get_target_service_description ( struct gensec_security * gensec_security ) ;
NTSTATUS gensec_set_target_service_description ( struct gensec_security * gensec_security ,
const char * service ) ;
2011-07-21 07:20:26 +04:00
NTSTATUS gensec_session_key ( struct gensec_security * gensec_security ,
2011-08-01 09:39:01 +04:00
TALLOC_CTX * mem_ctx ,
2008-04-02 06:53:27 +04:00
DATA_BLOB * session_key ) ;
2011-07-21 07:20:26 +04:00
NTSTATUS gensec_start_mech_by_oid ( struct gensec_security * gensec_security ,
2008-04-02 06:53:27 +04:00
const char * mech_oid ) ;
2008-11-03 01:58:49 +03:00
const char * gensec_get_name_by_oid ( struct gensec_security * gensec_security , const char * oid_string ) ;
2008-04-02 06:53:27 +04:00
struct cli_credentials * gensec_get_credentials ( struct gensec_security * gensec_security ) ;
2011-06-06 08:58:28 +04:00
NTSTATUS gensec_init ( void ) ;
2017-05-12 01:56:29 +03:00
NTSTATUS gensec_register ( TALLOC_CTX * ctx ,
const struct gensec_security_ops * ops ) ;
2012-01-12 19:18:38 +04:00
const struct gensec_security_ops * gensec_security_by_oid ( struct gensec_security * gensec_security ,
const char * oid_string ) ;
const struct gensec_security_ops * gensec_security_by_sasl_name ( struct gensec_security * gensec_security ,
const char * sasl_name ) ;
2013-08-03 13:43:58 +04:00
const struct gensec_security_ops * gensec_security_by_auth_type (
struct gensec_security * gensec_security ,
uint32_t auth_type ) ;
2015-11-26 13:43:02 +03:00
const struct gensec_security_ops * gensec_security_by_name ( struct gensec_security * gensec_security ,
const char * name ) ;
2013-08-05 13:20:21 +04:00
const struct gensec_security_ops * * gensec_security_mechs ( struct gensec_security * gensec_security ,
2012-01-12 19:18:38 +04:00
TALLOC_CTX * mem_ctx ) ;
const struct gensec_security_ops_wrapper * gensec_security_by_oid_list (
struct gensec_security * gensec_security ,
TALLOC_CTX * mem_ctx ,
2013-08-05 13:10:55 +04:00
const char * const * oid_strings ,
2012-01-12 19:18:38 +04:00
const char * skip ) ;
const char * * gensec_security_oids ( struct gensec_security * gensec_security ,
TALLOC_CTX * mem_ctx ,
const char * skip ) ;
const char * * gensec_security_oids_from_ops_wrapped ( TALLOC_CTX * mem_ctx ,
const struct gensec_security_ops_wrapper * wops ) ;
2011-07-21 07:20:26 +04:00
size_t gensec_max_input_size ( struct gensec_security * gensec_security ) ;
2012-01-12 19:18:38 +04:00
size_t gensec_max_wrapped_size ( struct gensec_security * gensec_security ) ;
2011-07-21 07:20:26 +04:00
NTSTATUS gensec_unseal_packet ( struct gensec_security * gensec_security ,
uint8_t * data , size_t length ,
const uint8_t * whole_pdu , size_t pdu_length ,
2008-04-02 06:53:27 +04:00
const DATA_BLOB * sig ) ;
2011-07-21 07:20:26 +04:00
NTSTATUS gensec_check_packet ( struct gensec_security * gensec_security ,
const uint8_t * data , size_t length ,
const uint8_t * whole_pdu , size_t pdu_length ,
2008-04-02 06:53:27 +04:00
const DATA_BLOB * sig ) ;
size_t gensec_sig_size ( struct gensec_security * gensec_security , size_t data_size ) ;
2011-07-21 07:20:26 +04:00
NTSTATUS gensec_seal_packet ( struct gensec_security * gensec_security ,
TALLOC_CTX * mem_ctx ,
uint8_t * data , size_t length ,
const uint8_t * whole_pdu , size_t pdu_length ,
2008-04-02 06:53:27 +04:00
DATA_BLOB * sig ) ;
2011-07-21 07:20:26 +04:00
NTSTATUS gensec_sign_packet ( struct gensec_security * gensec_security ,
TALLOC_CTX * mem_ctx ,
const uint8_t * data , size_t length ,
const uint8_t * whole_pdu , size_t pdu_length ,
2008-04-02 06:53:27 +04:00
DATA_BLOB * sig ) ;
2011-07-21 07:20:26 +04:00
NTSTATUS gensec_start_mech_by_authtype ( struct gensec_security * gensec_security ,
2008-04-02 06:53:27 +04:00
uint8_t auth_type , uint8_t auth_level ) ;
2008-11-03 01:58:49 +03:00
const char * gensec_get_name_by_authtype ( struct gensec_security * gensec_security , uint8_t authtype ) ;
2011-07-21 07:20:26 +04:00
NTSTATUS gensec_server_start ( TALLOC_CTX * mem_ctx ,
2008-11-02 04:05:48 +03:00
struct gensec_settings * settings ,
2011-05-07 10:14:06 +04:00
struct auth4_context * auth_context ,
2008-04-02 06:53:27 +04:00
struct gensec_security * * gensec_security ) ;
2011-07-21 07:20:26 +04:00
NTSTATUS gensec_session_info ( struct gensec_security * gensec_security ,
2011-08-01 09:39:01 +04:00
TALLOC_CTX * mem_ctx ,
2008-04-02 06:53:27 +04:00
struct auth_session_info * * session_info ) ;
2009-12-16 15:27:20 +03:00
NTSTATUS gensec_set_local_address ( struct gensec_security * gensec_security ,
const struct tsocket_address * local ) ;
NTSTATUS gensec_set_remote_address ( struct gensec_security * gensec_security ,
const struct tsocket_address * remote ) ;
const struct tsocket_address * gensec_get_local_address ( struct gensec_security * gensec_security ) ;
const struct tsocket_address * gensec_get_remote_address ( struct gensec_security * gensec_security ) ;
2011-07-21 07:20:26 +04:00
NTSTATUS gensec_start_mech_by_name ( struct gensec_security * gensec_security ,
2008-04-02 06:53:27 +04:00
const char * name ) ;
2011-07-21 07:20:26 +04:00
NTSTATUS gensec_unwrap ( struct gensec_security * gensec_security ,
TALLOC_CTX * mem_ctx ,
const DATA_BLOB * in ,
2008-04-02 06:53:27 +04:00
DATA_BLOB * out ) ;
2011-07-21 07:20:26 +04:00
NTSTATUS gensec_wrap ( struct gensec_security * gensec_security ,
TALLOC_CTX * mem_ctx ,
const DATA_BLOB * in ,
2008-04-02 06:53:27 +04:00
DATA_BLOB * out ) ;
2013-08-05 13:20:21 +04:00
const struct gensec_security_ops * const * gensec_security_all ( void ) ;
bool gensec_security_ops_enabled ( const struct gensec_security_ops * ops , struct gensec_security * security ) ;
const struct gensec_security_ops * * gensec_use_kerberos_mechs ( TALLOC_CTX * mem_ctx ,
const struct gensec_security_ops * const * old_gensec_list ,
struct cli_credentials * creds ) ;
2008-04-02 06:53:27 +04:00
2011-07-21 07:20:26 +04:00
NTSTATUS gensec_start_mech_by_sasl_name ( struct gensec_security * gensec_security ,
2008-04-02 06:53:27 +04:00
const char * sasl_name ) ;
2008-11-02 04:05:48 +03:00
int gensec_setting_int ( struct gensec_settings * settings , const char * mechanism , const char * name , int default_value ) ;
bool gensec_setting_bool ( struct gensec_settings * settings , const char * mechanism , const char * name , bool default_value ) ;
2006-03-14 04:29:56 +03:00
2010-05-13 01:59:41 +04:00
NTSTATUS gensec_set_target_principal ( struct gensec_security * gensec_security , const char * principal ) ;
2012-01-12 19:18:38 +04:00
const char * gensec_get_target_principal ( struct gensec_security * gensec_security ) ;
2010-05-13 01:59:41 +04:00
2011-12-31 15:24:44 +04:00
NTSTATUS gensec_generate_session_info_pac ( TALLOC_CTX * mem_ctx ,
struct gensec_security * gensec_security ,
struct smb_krb5_context * smb_krb5_context ,
DATA_BLOB * pac_blob ,
const char * principal_string ,
const struct tsocket_address * remote_address ,
struct auth_session_info * * session_info ) ;
2012-04-01 05:37:56 +04:00
NTSTATUS gensec_magic_check_krb5_oid ( struct gensec_security * unused ,
const DATA_BLOB * blob ) ;
2011-12-31 15:24:44 +04:00
2006-03-14 04:29:56 +03:00
# endif /* __GENSEC_H__ */