Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

source: branches/samba-3.5.x/source4/auth/gensec/gensec.h

Visit:

Last change on this file was 414, checked in by Herwig Bauernfeind, 15 years ago
Samba 3.5.0: Initial import
File size: 12.3 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3
4	Generic Authentication Interface
5
6	Copyright (C) Andrew Tridgell 2003
7	Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
8
9	This program is free software; you can redistribute it and/or modify
10	it under the terms of the GNU General Public License as published by
11	the Free Software Foundation; either version 3 of the License, or
12	(at your option) any later version.
13
14	This program is distributed in the hope that it will be useful,
15	but WITHOUT ANY WARRANTY; without even the implied warranty of
16	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17	GNU General Public License for more details.
18
19	You should have received a copy of the GNU General Public License
20	along with this program. If not, see <http://www.gnu.org/licenses/>.
21	*/
22
23	#ifndef __GENSEC_H__
24	#define __GENSEC_H__
25
26	#include "../lib/util/data_blob.h"
27	#include "libcli/util/ntstatus.h"
28
29	#define GENSEC_OID_NTLMSSP "1.3.6.1.4.1.311.2.2.10"
30	#define GENSEC_OID_SPNEGO "1.3.6.1.5.5.2"
31	#define GENSEC_OID_KERBEROS5 "1.2.840.113554.1.2.2"
32	#define GENSEC_OID_KERBEROS5_OLD "1.2.840.48018.1.2.2"
33	#define GENSEC_OID_KERBEROS5_USER2USER "1.2.840.113554.1.2.2.3"
34
35	enum gensec_priority {
36	GENSEC_SPNEGO = 90,
37	GENSEC_GSSAPI = 80,
38	GENSEC_KRB5 = 70,
39	GENSEC_SCHANNEL = 60,
40	GENSEC_NTLMSSP = 50,
41	GENSEC_SASL = 20,
42	GENSEC_OTHER = 0
43	};
44
45	struct gensec_security;
46	struct gensec_target {
47	const char *principal;
48	const char *hostname;
49	const char *service;
50	};
51
52	#define GENSEC_FEATURE_SESSION_KEY 0x00000001
53	#define GENSEC_FEATURE_SIGN 0x00000002
54	#define GENSEC_FEATURE_SEAL 0x00000004
55	#define GENSEC_FEATURE_DCE_STYLE 0x00000008
56	#define GENSEC_FEATURE_ASYNC_REPLIES 0x00000010
57	#define GENSEC_FEATURE_DATAGRAM_MODE 0x00000020
58	#define GENSEC_FEATURE_SIGN_PKT_HEADER 0x00000040
59	#define GENSEC_FEATURE_NEW_SPNEGO 0x00000080
60
61	/* GENSEC mode */
62	enum gensec_role
63	{
64	GENSEC_SERVER,
65	GENSEC_CLIENT
66	};
67
68	struct auth_session_info;
69	struct cli_credentials;
70	struct gensec_settings;
71	struct tevent_context;
72
73	struct gensec_update_request {
74	struct gensec_security *gensec_security;
75	void *private_data;
76	DATA_BLOB in;
77	DATA_BLOB out;
78	NTSTATUS status;
79	struct {
80	void (fn)(struct gensec_update_request req, void *private_data);
81	void *private_data;
82	} callback;
83	};
84
85	struct gensec_settings {
86	struct loadparm_context *lp_ctx;
87	struct smb_iconv_convenience *iconv_convenience;
88	const char *target_hostname;
89	};
90
91	struct gensec_security_ops {
92	const char *name;
93	const char *sasl_name;
94	uint8_t auth_type; /* 0 if not offered on DCE-RPC */
95	const char *oid; / NULL if not offered by SPNEGO */
96	NTSTATUS (client_start)(struct gensec_security gensec_security);
97	NTSTATUS (server_start)(struct gensec_security gensec_security);
98	/**
99	Determine if a packet has the right 'magic' for this mechanism
100	*/
101	NTSTATUS (magic)(struct gensec_security gensec_security,
102	const DATA_BLOB *first_packet);
103	NTSTATUS (update)(struct gensec_security gensec_security, TALLOC_CTX *out_mem_ctx,
104	const DATA_BLOB in, DATA_BLOB *out);
105	NTSTATUS (seal_packet)(struct gensec_security gensec_security, TALLOC_CTX *sig_mem_ctx,
106	uint8_t *data, size_t length,
107	const uint8_t *whole_pdu, size_t pdu_length,
108	DATA_BLOB *sig);
109	NTSTATUS (sign_packet)(struct gensec_security gensec_security, TALLOC_CTX *sig_mem_ctx,
110	const uint8_t *data, size_t length,
111	const uint8_t *whole_pdu, size_t pdu_length,
112	DATA_BLOB *sig);
113	size_t (sig_size)(struct gensec_security gensec_security, size_t data_size);
114	size_t (max_input_size)(struct gensec_security gensec_security);
115	size_t (max_wrapped_size)(struct gensec_security gensec_security);
116	NTSTATUS (check_packet)(struct gensec_security gensec_security, TALLOC_CTX *sig_mem_ctx,
117	const uint8_t *data, size_t length,
118	const uint8_t *whole_pdu, size_t pdu_length,
119	const DATA_BLOB *sig);
120	NTSTATUS (unseal_packet)(struct gensec_security gensec_security, TALLOC_CTX *sig_mem_ctx,
121	uint8_t *data, size_t length,
122	const uint8_t *whole_pdu, size_t pdu_length,
123	const DATA_BLOB *sig);
124	NTSTATUS (wrap)(struct gensec_security gensec_security,
125	TALLOC_CTX *mem_ctx,
126	const DATA_BLOB *in,
127	DATA_BLOB *out);
128	NTSTATUS (unwrap)(struct gensec_security gensec_security,
129	TALLOC_CTX *mem_ctx,
130	const DATA_BLOB *in,
131	DATA_BLOB *out);
132	NTSTATUS (wrap_packets)(struct gensec_security gensec_security,
133	TALLOC_CTX *mem_ctx,
134	const DATA_BLOB *in,
135	DATA_BLOB *out,
136	size_t *len_processed);
137	NTSTATUS (unwrap_packets)(struct gensec_security gensec_security,
138	TALLOC_CTX *mem_ctx,
139	const DATA_BLOB *in,
140	DATA_BLOB *out,
141	size_t *len_processed);
142	NTSTATUS (packet_full_request)(struct gensec_security gensec_security,
143	DATA_BLOB blob, size_t *size);
144	NTSTATUS (session_key)(struct gensec_security gensec_security, DATA_BLOB *session_key);
145	NTSTATUS (session_info)(struct gensec_security gensec_security,
146	struct auth_session_info **session_info);
147	void (want_feature)(struct gensec_security gensec_security,
148	uint32_t feature);
149	bool (have_feature)(struct gensec_security gensec_security,
150	uint32_t feature);
151	bool enabled;
152	bool kerberos;
153	enum gensec_priority priority;
154	};
155
156	struct gensec_security_ops_wrapper {
157	const struct gensec_security_ops *op;
158	const char *oid;
159	};
160
161	#define GENSEC_INTERFACE_VERSION 0
162
163	struct gensec_security {
164	const struct gensec_security_ops *ops;
165	void *private_data;
166	struct cli_credentials *credentials;
167	struct gensec_target target;
168	enum gensec_role gensec_role;
169	bool subcontext;
170	uint32_t want_features;
171	struct tevent_context *event_ctx;
172	struct socket_address my_addr, peer_addr;
173	struct gensec_settings *settings;
174
175	/* When we are a server, this may be filled in to provide an
176	* NTLM authentication backend, and user lookup (such as if no
177	* PAC is found) */
178	struct auth_context *auth_context;
179	};
180
181	/* this structure is used by backends to determine the size of some critical types */
182	struct gensec_critical_sizes {
183	int interface_version;
184	int sizeof_gensec_security_ops;
185	int sizeof_gensec_security;
186	};
187
188	/* Socket wrapper */
189
190	struct gensec_security;
191	struct socket_context;
192	struct auth_context;
193
194	NTSTATUS gensec_socket_init(struct gensec_security *gensec_security,
195	TALLOC_CTX *mem_ctx,
196	struct socket_context *current_socket,
197	struct tevent_context *ev,
198	void (recv_handler)(void , uint16_t),
199	void *recv_private,
200	struct socket_context **new_socket);
201	/* These functions are for use here only (public because SPNEGO must
202	* use them for recursion) */
203	NTSTATUS gensec_wrap_packets(struct gensec_security *gensec_security,
204	TALLOC_CTX *mem_ctx,
205	const DATA_BLOB *in,
206	DATA_BLOB *out,
207	size_t *len_processed);
208	/* These functions are for use here only (public because SPNEGO must
209	* use them for recursion) */
210	NTSTATUS gensec_unwrap_packets(struct gensec_security *gensec_security,
211	TALLOC_CTX *mem_ctx,
212	const DATA_BLOB *in,
213	DATA_BLOB *out,
214	size_t *len_processed);
215
216	/* These functions are for use here only (public because SPNEGO must
217	* use them for recursion) */
218	NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security,
219	DATA_BLOB blob, size_t *size);
220
221	struct loadparm_context;
222
223	NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
224	struct gensec_security *parent,
225	struct gensec_security **gensec_security);
226	NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
227	struct gensec_security **gensec_security,
228	struct tevent_context *ev,
229	struct gensec_settings *settings);
230	NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_security,
231	const char **sasl_names);
232	NTSTATUS gensec_update(struct gensec_security gensec_security, TALLOC_CTX out_mem_ctx,
233	const DATA_BLOB in, DATA_BLOB *out);
234	void gensec_update_send(struct gensec_security *gensec_security, const DATA_BLOB in,
235	void (callback)(struct gensec_update_request req, void *private_data),
236	void *private_data);
237	NTSTATUS gensec_update_recv(struct gensec_update_request req, TALLOC_CTX out_mem_ctx, DATA_BLOB *out);
238	void gensec_want_feature(struct gensec_security *gensec_security,
239	uint32_t feature);
240	bool gensec_have_feature(struct gensec_security *gensec_security,
241	uint32_t feature);
242	NTSTATUS gensec_set_credentials(struct gensec_security gensec_security, struct cli_credentials credentials);
243	NTSTATUS gensec_set_target_service(struct gensec_security gensec_security, const char service);
244	const char gensec_get_target_service(struct gensec_security gensec_security);
245	NTSTATUS gensec_set_target_hostname(struct gensec_security gensec_security, const char hostname);
246	const char gensec_get_target_hostname(struct gensec_security gensec_security);
247	NTSTATUS gensec_session_key(struct gensec_security *gensec_security,
248	DATA_BLOB *session_key);
249	NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security,
250	const char *mech_oid);
251	const char gensec_get_name_by_oid(struct gensec_security gensec_security, const char *oid_string);
252	struct cli_credentials gensec_get_credentials(struct gensec_security gensec_security);
253	struct socket_address gensec_get_peer_addr(struct gensec_security gensec_security);
254	NTSTATUS gensec_init(struct loadparm_context *lp_ctx);
255	NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
256	TALLOC_CTX *mem_ctx,
257	uint8_t *data, size_t length,
258	const uint8_t *whole_pdu, size_t pdu_length,
259	const DATA_BLOB *sig);
260	NTSTATUS gensec_check_packet(struct gensec_security *gensec_security,
261	TALLOC_CTX *mem_ctx,
262	const uint8_t *data, size_t length,
263	const uint8_t *whole_pdu, size_t pdu_length,
264	const DATA_BLOB *sig);
265	size_t gensec_sig_size(struct gensec_security *gensec_security, size_t data_size);
266	NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,
267	TALLOC_CTX *mem_ctx,
268	uint8_t *data, size_t length,
269	const uint8_t *whole_pdu, size_t pdu_length,
270	DATA_BLOB *sig);
271	NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security,
272	TALLOC_CTX *mem_ctx,
273	const uint8_t *data, size_t length,
274	const uint8_t *whole_pdu, size_t pdu_length,
275	DATA_BLOB *sig);
276	NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security,
277	uint8_t auth_type, uint8_t auth_level);
278	const char gensec_get_name_by_authtype(struct gensec_security gensec_security, uint8_t authtype);
279	NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
280	struct tevent_context *ev,
281	struct gensec_settings *settings,
282	struct auth_context *auth_context,
283	struct gensec_security **gensec_security);
284	NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
285	struct auth_session_info **session_info);
286	NTSTATUS auth_nt_status_squash(NTSTATUS nt_status);
287	struct netlogon_creds_CredentialState;
288	NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security,
289	TALLOC_CTX *mem_ctx,
290	struct netlogon_creds_CredentialState **creds);
291	NTSTATUS gensec_set_peer_addr(struct gensec_security gensec_security, struct socket_address peer_addr);
292	NTSTATUS gensec_set_my_addr(struct gensec_security gensec_security, struct socket_address my_addr);
293
294	NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security,
295	const char *name);
296
297	NTSTATUS gensec_unwrap(struct gensec_security *gensec_security,
298	TALLOC_CTX *mem_ctx,
299	const DATA_BLOB *in,
300	DATA_BLOB *out);
301	NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
302	TALLOC_CTX *mem_ctx,
303	const DATA_BLOB *in,
304	DATA_BLOB *out);
305
306	struct gensec_security_ops **gensec_security_all(void);
307	bool gensec_security_ops_enabled(struct gensec_security_ops ops, struct gensec_security security);
308	struct gensec_security_ops *gensec_use_kerberos_mechs(TALLOC_CTX mem_ctx,
309	struct gensec_security_ops **old_gensec_list,
310	struct cli_credentials *creds);
311
312	NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
313	const char *sasl_name);
314
315	int gensec_setting_int(struct gensec_settings settings, const char mechanism, const char *name, int default_value);
316	bool gensec_setting_bool(struct gensec_settings settings, const char mechanism, const char *name, bool default_value);
317
318	#endif /* __GENSEC_H__ */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: