2010-05-04 10:44:08 +04:00
/*
Unix SMB / CIFS implementation .
Standardised Authentication types
Copyright ( C ) Andrew Bartlett 2001 - 2010
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
2011-05-07 10:36:06 +04:00
# ifndef AUTH_COMMON_AUTH_H
# define AUTH_COMMON_AUTH_H
2011-07-15 09:22:41 +04:00
# include "librpc/gen_ndr/auth.h"
2010-05-04 10:44:08 +04:00
# define USER_INFO_CASE_INSENSITIVE_USERNAME 0x01 /* username may be in any case */
# define USER_INFO_CASE_INSENSITIVE_PASSWORD 0x02 /* password may be in any case */
# define USER_INFO_DONT_CHECK_UNIX_ACCOUNT 0x04 /* don't check unix account status */
2014-03-27 03:58:05 +04:00
# define USER_INFO_INTERACTIVE_LOGON 0x08 /* Interactive logon */
2017-03-21 10:32:27 +03:00
/*unused #define USER_INFO_LOCAL_SAM_ONLY 0x10 Only authenticate against the local SAM, do not map missing passwords to NO_SUCH_USER */
2014-03-27 03:58:05 +04:00
# define USER_INFO_INFO3_AND_NO_AUTHZ 0x20 /* Only fill in server_info->info3 and do not do any authorization steps */
2010-05-04 10:44:08 +04:00
enum auth_password_state {
2010-06-01 15:52:01 +04:00
AUTH_PASSWORD_PLAIN = 1 ,
AUTH_PASSWORD_HASH = 2 ,
AUTH_PASSWORD_RESPONSE = 3
2010-05-04 10:44:08 +04:00
} ;
2011-12-31 15:24:44 +04:00
# define AUTH_SESSION_INFO_DEFAULT_GROUPS 0x01 /* Add the user to the default world and network groups */
# define AUTH_SESSION_INFO_AUTHENTICATED 0x02 /* Add the user to the 'authenticated users' group */
# define AUTH_SESSION_INFO_SIMPLE_PRIVILEGES 0x04 /* Use a trivial map between users and privilages, rather than a DB */
# define AUTH_SESSION_INFO_UNIX_TOKEN 0x08 /* The returned token must have the unix_token and unix_info elements provided */
2010-05-04 10:44:08 +04:00
struct auth_usersupplied_info
{
const char * workstation_name ;
const struct tsocket_address * remote_host ;
uint32_t logon_parameters ;
bool mapped_state ;
bool was_mapped ;
/* the values the client gives us */
struct {
const char * account_name ;
const char * domain_name ;
} client , mapped ;
enum auth_password_state password_state ;
struct {
struct {
DATA_BLOB lanman ;
DATA_BLOB nt ;
} response ;
struct {
struct samr_Password * lanman ;
struct samr_Password * nt ;
} hash ;
char * plaintext ;
} password ;
uint32_t flags ;
} ;
2011-05-07 10:36:06 +04:00
2011-12-31 15:45:51 +04:00
struct auth_method_context ;
struct tevent_context ;
struct imessaging_context ;
struct loadparm_context ;
struct ldb_context ;
struct smb_krb5_context ;
struct auth4_context {
struct {
/* Who set this up in the first place? */
const char * set_by ;
DATA_BLOB data ;
} challenge ;
/* methods, in the order they should be called */
struct auth_method_context * methods ;
/* the event context to use for calls that can block */
struct tevent_context * event_ctx ;
/* the messaging context which can be used by backends */
struct imessaging_context * msg_ctx ;
/* loadparm context */
struct loadparm_context * lp_ctx ;
/* SAM database for this local machine - to fill in local groups, or to authenticate local NTLM users */
struct ldb_context * sam_ctx ;
2012-01-30 01:00:28 +04:00
/* Private data for the callbacks on this auth context */
void * private_data ;
2012-02-03 09:33:44 +04:00
NTSTATUS ( * check_ntlm_password ) ( struct auth4_context * auth_ctx ,
TALLOC_CTX * mem_ctx ,
const struct auth_usersupplied_info * user_info ,
2017-03-17 13:52:51 +03:00
uint8_t * pauthoritative ,
2012-02-03 09:33:44 +04:00
void * * server_returned_info ,
DATA_BLOB * nt_session_key , DATA_BLOB * lm_session_key ) ;
2011-12-31 15:45:51 +04:00
2012-02-03 09:33:44 +04:00
NTSTATUS ( * get_ntlm_challenge ) ( struct auth4_context * auth_ctx , uint8_t chal [ 8 ] ) ;
2011-12-31 15:45:51 +04:00
2012-02-03 09:33:44 +04:00
NTSTATUS ( * set_ntlm_challenge ) ( struct auth4_context * auth_ctx , const uint8_t chal [ 8 ] , const char * set_by ) ;
2011-12-31 15:45:51 +04:00
2012-02-04 10:49:49 +04:00
NTSTATUS ( * generate_session_info ) ( struct auth4_context * auth_context ,
TALLOC_CTX * mem_ctx ,
2012-01-30 04:17:44 +04:00
void * server_returned_info ,
2012-01-30 14:49:33 +04:00
const char * original_user_name ,
2011-12-31 15:45:51 +04:00
uint32_t session_info_flags ,
struct auth_session_info * * session_info ) ;
NTSTATUS ( * generate_session_info_pac ) ( struct auth4_context * auth_ctx ,
TALLOC_CTX * mem_ctx ,
struct smb_krb5_context * smb_krb5_context ,
DATA_BLOB * pac_blob ,
const char * principal_name ,
const struct tsocket_address * remote_address ,
uint32_t session_info_flags ,
struct auth_session_info * * session_info ) ;
} ;
2011-05-07 10:36:06 +04:00
# endif