2010-01-12 11:05:16 -05:00
/*
2003-08-13 01:53:07 +00:00
Unix SMB / CIFS implementation .
Standardised Authentication types
2005-01-09 12:55:25 +00:00
Copyright ( C ) Andrew Bartlett 2001
Copyright ( C ) Stefan Metzmacher 2005
2010-01-12 11:05:16 -05:00
2003-08-13 01:53:07 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 02:07:03 +00:00
the Free Software Foundation ; either version 3 of the License , or
2003-08-13 01:53:07 +00:00
( at your option ) any later version .
2010-01-12 11:05:16 -05:00
2003-08-13 01:53:07 +00:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2010-01-12 11:05:16 -05:00
2003-08-13 01:53:07 +00:00
You should have received a copy of the GNU General Public License
2007-07-10 02:07:03 +00:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2003-08-13 01:53:07 +00:00
*/
2004-02-03 11:10:56 +00:00
# ifndef _SAMBA_AUTH_H
# define _SAMBA_AUTH_H
2008-08-28 16:28:47 +10:00
# include "librpc/gen_ndr/ndr_krb5pac.h"
2011-02-08 16:39:34 +11:00
# include "librpc/gen_ndr/auth.h"
2010-05-04 16:44:08 +10:00
# include "../auth/common_auth.h"
2008-08-28 16:28:47 +10:00
2009-07-16 17:37:36 +10:00
extern const char * krbtgt_attrs [ ] ;
extern const char * server_attrs [ ] ;
2007-07-27 06:31:12 +00:00
extern const char * user_attrs [ ] ;
2006-11-07 00:48:36 +00:00
union netr_Validation ;
2006-11-07 12:42:51 +00:00
struct netr_SamBaseInfo ;
struct netr_SamInfo3 ;
2007-12-02 16:20:18 +01:00
struct loadparm_context ;
2004-11-02 02:57:18 +00:00
2004-02-03 11:10:56 +00:00
/* modules can use the following to determine if the interface has changed
* please increment the version number after each interface change
* with a comment and maybe update struct auth_critical_sizes .
*/
/* version 1 - version from samba 3.0 - metze */
/* version 2 - initial samba4 version - metze */
2004-05-02 08:45:00 +00:00
/* version 3 - subsequent samba4 version - abartlet */
2005-01-09 12:55:25 +00:00
/* version 4 - subsequent samba4 version - metze */
2006-07-27 11:24:18 +00:00
/* version 0 - till samba4 is stable - metze */
2011-05-07 08:14:06 +02:00
# define AUTH4_INTERFACE_VERSION 0
2003-08-13 01:53:07 +00:00
2005-01-09 12:55:25 +00:00
struct auth_method_context ;
2011-05-07 08:14:06 +02:00
struct auth4_context ;
2010-04-13 12:00:06 +10:00
struct auth_session_info ;
2010-04-15 11:58:05 +10:00
struct ldb_dn ;
2011-12-28 17:48:45 +11:00
struct smb_krb5_context ;
2003-08-13 01:53:07 +00:00
2005-01-09 12:55:25 +00:00
struct auth_operations {
const char * name ;
2003-12-14 10:45:50 +00:00
2006-07-27 11:24:18 +00:00
/* Given the user supplied info, check if this backend want to handle the password checking */
NTSTATUS ( * want_check ) ( struct auth_method_context * ctx , TALLOC_CTX * mem_ctx ,
const struct auth_usersupplied_info * user_info ) ;
2005-04-27 00:48:39 +00:00
/* Given the user supplied info, check a password */
2005-01-09 12:55:25 +00:00
NTSTATUS ( * check_password ) ( struct auth_method_context * ctx , TALLOC_CTX * mem_ctx ,
const struct auth_usersupplied_info * user_info ,
2017-04-03 15:21:29 +12:00
struct auth_user_info_dc * * interim_info ,
bool * authoritative ) ;
2017-06-17 00:05:22 +02:00
struct tevent_req * ( * check_password_send ) ( TALLOC_CTX * mem_ctx ,
struct tevent_context * ev ,
struct auth_method_context * ctx ,
const struct auth_usersupplied_info * user_info ) ;
NTSTATUS ( * check_password_recv ) ( struct tevent_req * subreq ,
TALLOC_CTX * mem_ctx ,
struct auth_user_info_dc * * interim_info ,
bool * authoritative ) ;
2011-02-08 16:53:13 +11:00
/* Lookup a 'session info interim' return based only on the principal or DN */
NTSTATUS ( * get_user_info_dc_principal ) ( TALLOC_CTX * mem_ctx ,
2011-05-07 08:14:06 +02:00
struct auth4_context * auth_context ,
2011-02-08 16:53:13 +11:00
const char * principal ,
struct ldb_dn * user_dn ,
struct auth_user_info_dc * * interim_info ) ;
2014-03-27 12:58:05 +13:00
uint32_t flags ;
2003-08-13 01:53:07 +00:00
} ;
2005-01-09 12:55:25 +00:00
struct auth_method_context {
struct auth_method_context * prev , * next ;
2011-05-07 08:14:06 +02:00
struct auth4_context * auth_ctx ;
2005-01-09 12:55:25 +00:00
const struct auth_operations * ops ;
int depth ;
2003-08-13 01:53:07 +00:00
void * private_data ;
2005-01-09 12:55:25 +00:00
} ;
2003-08-13 01:53:07 +00:00
2004-02-03 11:10:56 +00:00
/* this structure is used by backends to determine the size of some critical types */
struct auth_critical_sizes {
int interface_version ;
int sizeof_auth_operations ;
int sizeof_auth_methods ;
int sizeof_auth_context ;
int sizeof_auth_usersupplied_info ;
2011-02-08 16:53:13 +11:00
int sizeof_auth_user_info_dc ;
2004-02-03 11:10:56 +00:00
} ;
2011-05-07 08:14:06 +02:00
NTSTATUS encrypt_user_info ( TALLOC_CTX * mem_ctx , struct auth4_context * auth_context ,
2005-07-22 04:10:07 +00:00
enum auth_password_state to_state ,
const struct auth_usersupplied_info * user_info_in ,
const struct auth_usersupplied_info * * user_info_encrypted ) ;
2007-11-26 02:25:20 +01:00
# include "auth/session.h"
2011-07-21 17:06:17 +10:00
# include "auth/unix_token_proto.h"
2007-11-26 02:25:20 +01:00
# include "auth/system_session_proto.h"
2011-03-14 11:01:47 -04:00
# include "libcli/security/security.h"
2008-04-02 04:53:27 +02:00
struct ldb_message ;
struct ldb_context ;
2009-02-13 10:24:16 +11:00
struct gensec_security ;
2011-02-10 20:21:11 +11:00
struct cli_credentials ;
2009-02-13 10:24:16 +11:00
2011-05-07 08:14:06 +02:00
NTSTATUS auth_get_challenge ( struct auth4_context * auth_ctx , uint8_t chal [ 8 ] ) ;
2008-04-02 04:53:27 +02:00
NTSTATUS authsam_account_ok ( TALLOC_CTX * mem_ctx ,
struct ldb_context * sam_ctx ,
uint32_t logon_parameters ,
2009-05-26 12:31:39 +10:00
struct ldb_dn * domain_dn ,
2008-04-02 04:53:27 +02:00
struct ldb_message * msg ,
const char * logon_workstation ,
2008-12-04 15:09:21 +01:00
const char * name_for_logs ,
2009-06-18 11:08:46 +10:00
bool allow_domain_trust ,
bool password_change ) ;
2011-05-07 00:49:38 +10:00
2010-04-13 22:11:26 +10:00
struct auth_session_info * system_session ( struct loadparm_context * lp_ctx ) ;
2011-02-08 16:53:13 +11:00
NTSTATUS authsam_make_user_info_dc ( TALLOC_CTX * mem_ctx , struct ldb_context * sam_ctx ,
2008-04-02 04:53:27 +02:00
const char * netbios_name ,
2009-05-26 12:31:39 +10:00
const char * domain_name ,
2016-01-07 14:55:07 +01:00
const char * dns_domain_name ,
2010-01-12 11:05:16 -05:00
struct ldb_dn * domain_dn ,
2008-04-02 04:53:27 +02:00
struct ldb_message * msg ,
DATA_BLOB user_sess_key , DATA_BLOB lm_sess_key ,
2011-02-08 16:53:13 +11:00
struct auth_user_info_dc * * _user_info_dc ) ;
2018-02-01 23:12:36 +01:00
NTSTATUS authsam_update_user_info_dc ( TALLOC_CTX * mem_ctx ,
struct ldb_context * sam_ctx ,
struct auth_user_info_dc * user_info_dc ) ;
2010-01-12 11:05:16 -05:00
NTSTATUS auth_system_session_info ( TALLOC_CTX * parent_ctx ,
2008-04-02 04:53:27 +02:00
struct loadparm_context * lp_ctx ,
struct auth_session_info * * _session_info ) ;
2014-05-16 14:29:43 +12:00
NTSTATUS auth_context_create_methods ( TALLOC_CTX * mem_ctx , const char * const * methods ,
2008-12-29 20:24:57 +01:00
struct tevent_context * ev ,
2011-05-03 10:40:33 +10:00
struct imessaging_context * msg ,
2008-04-02 04:53:27 +02:00
struct loadparm_context * lp_ctx ,
2010-04-15 11:58:05 +10:00
struct ldb_context * sam_ctx ,
2011-05-07 08:14:06 +02:00
struct auth4_context * * auth_ctx ) ;
2011-01-18 19:13:19 +11:00
const char * * auth_methods_from_lp ( TALLOC_CTX * mem_ctx , struct loadparm_context * lp_ctx ) ;
2008-04-02 04:53:27 +02:00
2010-01-12 11:05:16 -05:00
NTSTATUS auth_context_create ( TALLOC_CTX * mem_ctx ,
2008-12-29 20:24:57 +01:00
struct tevent_context * ev ,
2011-05-03 10:40:33 +10:00
struct imessaging_context * msg ,
2008-04-02 04:53:27 +02:00
struct loadparm_context * lp_ctx ,
2011-05-07 08:14:06 +02:00
struct auth4_context * * auth_ctx ) ;
2017-03-17 12:08:59 +01:00
NTSTATUS auth_context_create_for_netlogon ( TALLOC_CTX * mem_ctx ,
struct tevent_context * ev ,
struct imessaging_context * msg ,
struct loadparm_context * lp_ctx ,
struct auth4_context * * auth_ctx ) ;
2008-04-02 04:53:27 +02:00
2011-05-07 08:14:06 +02:00
NTSTATUS auth_check_password ( struct auth4_context * auth_ctx ,
2008-04-02 04:53:27 +02:00
TALLOC_CTX * mem_ctx ,
2012-01-30 11:17:44 +11:00
const struct auth_usersupplied_info * user_info ,
2017-03-17 11:16:36 +01:00
struct auth_user_info_dc * * user_info_dc ,
uint8_t * pauthoritative ) ;
2011-02-15 16:30:35 +11:00
NTSTATUS auth4_init ( void ) ;
2017-05-09 12:39:14 -07:00
NTSTATUS auth_register ( TALLOC_CTX * mem_ctx , const struct auth_operations * ops ) ;
2017-04-20 12:24:43 -07:00
NTSTATUS server_service_auth_init ( TALLOC_CTX * ctx ) ;
2017-05-11 17:05:02 +02:00
struct tevent_req * authenticate_ldap_simple_bind_send ( TALLOC_CTX * mem_ctx ,
struct tevent_context * ev ,
struct imessaging_context * msg ,
struct loadparm_context * lp_ctx ,
struct tsocket_address * remote_address ,
struct tsocket_address * local_address ,
bool using_tls ,
const char * dn ,
const char * password ) ;
NTSTATUS authenticate_ldap_simple_bind_recv ( struct tevent_req * req ,
TALLOC_CTX * mem_ctx ,
struct auth_session_info * * session_info ) ;
2017-02-20 15:57:03 +13:00
NTSTATUS authenticate_ldap_simple_bind ( TALLOC_CTX * mem_ctx ,
struct tevent_context * ev ,
struct imessaging_context * msg ,
struct loadparm_context * lp_ctx ,
struct tsocket_address * remote_address ,
struct tsocket_address * local_address ,
2017-03-06 14:10:17 +13:00
bool using_tls ,
2017-02-20 15:57:03 +13:00
const char * dn ,
const char * password ,
struct auth_session_info * * session_info ) ;
2009-12-23 09:09:37 +01:00
struct tevent_req * auth_check_password_send ( TALLOC_CTX * mem_ctx ,
struct tevent_context * ev ,
2011-05-07 08:14:06 +02:00
struct auth4_context * auth_ctx ,
2009-12-23 09:09:37 +01:00
const struct auth_usersupplied_info * user_info ) ;
NTSTATUS auth_check_password_recv ( struct tevent_req * req ,
2008-04-02 04:53:27 +02:00
TALLOC_CTX * mem_ctx ,
2017-03-17 11:16:36 +01:00
struct auth_user_info_dc * * user_info_dc ,
uint8_t * pauthoritative ) ;
2008-04-02 04:53:27 +02:00
2011-05-07 08:14:06 +02:00
NTSTATUS auth_context_set_challenge ( struct auth4_context * auth_ctx , const uint8_t chal [ 8 ] , const char * set_by ) ;
2005-07-22 04:10:07 +00:00
2009-02-13 10:24:16 +11:00
NTSTATUS samba_server_gensec_start ( TALLOC_CTX * mem_ctx ,
struct tevent_context * event_ctx ,
2011-05-03 10:40:33 +10:00
struct imessaging_context * msg_ctx ,
2009-02-13 10:24:16 +11:00
struct loadparm_context * lp_ctx ,
struct cli_credentials * server_credentials ,
const char * target_service ,
struct gensec_security * * gensec_context ) ;
2017-05-15 07:17:30 +02:00
NTSTATUS samba_server_gensec_krb5_start ( TALLOC_CTX * mem_ctx ,
struct tevent_context * event_ctx ,
struct imessaging_context * msg_ctx ,
struct loadparm_context * lp_ctx ,
struct cli_credentials * server_credentials ,
const char * target_service ,
struct gensec_security * * gensec_context ) ;
2009-02-13 10:24:16 +11:00
2004-05-02 08:45:00 +00:00
# endif /* _SMBAUTH_H_ */