2 Unix SMB/CIFS implementation.
3 Standardised Authentication types
4 Copyright (C) Andrew Bartlett 2001
5 Copyright (C) Stefan Metzmacher 2005
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "librpc/gen_ndr/ndr_krb5pac.h"
25 #include "librpc/gen_ndr/auth.h"
26 #include "../auth/common_auth.h"
28 extern const char *krbtgt_attrs
[];
29 extern const char *server_attrs
[];
30 extern const char *user_attrs
[];
32 union netr_Validation
;
33 struct netr_SamBaseInfo
;
35 struct loadparm_context
;
37 /* modules can use the following to determine if the interface has changed
38 * please increment the version number after each interface change
39 * with a comment and maybe update struct auth_critical_sizes.
41 /* version 1 - version from samba 3.0 - metze */
42 /* version 2 - initial samba4 version - metze */
43 /* version 3 - subsequent samba4 version - abartlet */
44 /* version 4 - subsequent samba4 version - metze */
45 /* version 0 - till samba4 is stable - metze */
46 #define AUTH4_INTERFACE_VERSION 0
48 struct auth_method_context
;
50 struct auth_session_info
;
52 struct smb_krb5_context
;
54 struct auth_operations
{
57 /* Given the user supplied info, check if this backend want to handle the password checking */
59 NTSTATUS (*want_check
)(struct auth_method_context
*ctx
, TALLOC_CTX
*mem_ctx
,
60 const struct auth_usersupplied_info
*user_info
);
62 /* Given the user supplied info, check a password */
64 struct tevent_req
*(*check_password_send
)(TALLOC_CTX
*mem_ctx
,
65 struct tevent_context
*ev
,
66 struct auth_method_context
*ctx
,
67 const struct auth_usersupplied_info
*user_info
);
68 NTSTATUS (*check_password_recv
)(struct tevent_req
*subreq
,
70 struct auth_user_info_dc
**interim_info
,
71 const struct authn_audit_info
**client_audit_info
,
72 const struct authn_audit_info
**server_audit_info
,
76 struct auth_method_context
{
77 struct auth_method_context
*prev
, *next
;
78 struct auth4_context
*auth_ctx
;
79 const struct auth_operations
*ops
;
84 /* this structure is used by backends to determine the size of some critical types */
85 struct auth_critical_sizes
{
86 int interface_version
;
87 int sizeof_auth_operations
;
88 int sizeof_auth_methods
;
89 int sizeof_auth_context
;
90 int sizeof_auth_usersupplied_info
;
91 int sizeof_auth_user_info_dc
;
94 NTSTATUS
encrypt_user_info(TALLOC_CTX
*mem_ctx
, struct auth4_context
*auth_context
,
95 enum auth_password_state to_state
,
96 const struct auth_usersupplied_info
*user_info_in
,
97 const struct auth_usersupplied_info
**user_info_encrypted
);
99 #include "auth/session.h"
100 #include "auth/unix_token_proto.h"
101 #include "auth/system_session_proto.h"
102 #include "libcli/security/security.h"
106 struct gensec_security
;
107 struct cli_credentials
;
109 NTSTATUS
auth_get_challenge(struct auth4_context
*auth_ctx
, uint8_t chal
[8]);
110 NTSTATUS
authsam_account_ok(TALLOC_CTX
*mem_ctx
,
111 struct ldb_context
*sam_ctx
,
113 uint32_t logon_parameters
,
114 struct ldb_dn
*domain_dn
,
115 struct ldb_message
*msg
,
116 const char *logon_workstation
,
117 const char *name_for_logs
,
118 bool allow_domain_trust
,
119 bool password_change
);
121 struct auth_session_info
*system_session(struct loadparm_context
*lp_ctx
);
122 NTSTATUS
authsam_make_user_info_dc(TALLOC_CTX
*mem_ctx
, struct ldb_context
*sam_ctx
,
123 const char *netbios_name
,
124 const char *domain_name
,
125 const char *dns_domain_name
,
126 struct ldb_dn
*domain_dn
,
127 const struct ldb_message
*msg
,
128 DATA_BLOB user_sess_key
, DATA_BLOB lm_sess_key
,
129 struct auth_user_info_dc
**_user_info_dc
);
130 NTSTATUS
authsam_update_user_info_dc(TALLOC_CTX
*mem_ctx
,
131 struct ldb_context
*sam_ctx
,
132 struct auth_user_info_dc
*user_info_dc
);
133 NTSTATUS
authsam_shallow_copy_user_info_dc(TALLOC_CTX
*mem_ctx
,
134 const struct auth_user_info_dc
*user_info_dc_in
,
135 struct auth_user_info_dc
**user_info_dc_out
);
136 NTSTATUS
auth_system_session_info(TALLOC_CTX
*parent_ctx
,
137 struct loadparm_context
*lp_ctx
,
138 struct auth_session_info
**_session_info
) ;
140 NTSTATUS
auth_context_create_methods(TALLOC_CTX
*mem_ctx
, const char * const *methods
,
141 struct tevent_context
*ev
,
142 struct imessaging_context
*msg
,
143 struct loadparm_context
*lp_ctx
,
144 struct ldb_context
*sam_ctx
,
145 struct auth4_context
**auth_ctx
);
146 const char **auth_methods_from_lp(TALLOC_CTX
*mem_ctx
, struct loadparm_context
*lp_ctx
);
148 NTSTATUS
auth_context_create(TALLOC_CTX
*mem_ctx
,
149 struct tevent_context
*ev
,
150 struct imessaging_context
*msg
,
151 struct loadparm_context
*lp_ctx
,
152 struct auth4_context
**auth_ctx
);
153 NTSTATUS
auth_context_create_for_netlogon(TALLOC_CTX
*mem_ctx
,
154 struct tevent_context
*ev
,
155 struct imessaging_context
*msg
,
156 struct loadparm_context
*lp_ctx
,
157 struct auth4_context
**auth_ctx
);
159 NTSTATUS
auth_check_password(struct auth4_context
*auth_ctx
,
161 const struct auth_usersupplied_info
*user_info
,
162 struct auth_user_info_dc
**user_info_dc
,
163 uint8_t *pauthoritative
);
164 NTSTATUS
auth4_init(void);
165 NTSTATUS
auth_register(TALLOC_CTX
*mem_ctx
, const struct auth_operations
*ops
);
166 NTSTATUS
server_service_auth_init(TALLOC_CTX
*ctx
);
167 struct tevent_req
*authenticate_ldap_simple_bind_send(TALLOC_CTX
*mem_ctx
,
168 struct tevent_context
*ev
,
169 struct imessaging_context
*msg
,
170 struct loadparm_context
*lp_ctx
,
171 struct tsocket_address
*remote_address
,
172 struct tsocket_address
*local_address
,
175 const char *password
);
176 NTSTATUS
authenticate_ldap_simple_bind_recv(struct tevent_req
*req
,
178 struct auth_session_info
**session_info
);
179 NTSTATUS
authenticate_ldap_simple_bind(TALLOC_CTX
*mem_ctx
,
180 struct tevent_context
*ev
,
181 struct imessaging_context
*msg
,
182 struct loadparm_context
*lp_ctx
,
183 struct tsocket_address
*remote_address
,
184 struct tsocket_address
*local_address
,
187 const char *password
,
188 struct auth_session_info
**session_info
);
190 struct tevent_req
*auth_check_password_send(TALLOC_CTX
*mem_ctx
,
191 struct tevent_context
*ev
,
192 struct auth4_context
*auth_ctx
,
193 const struct auth_usersupplied_info
*user_info
);
194 NTSTATUS
auth_check_password_recv(struct tevent_req
*req
,
196 struct auth_user_info_dc
**user_info_dc
,
197 uint8_t *pauthoritative
);
199 NTSTATUS
auth_context_set_challenge(struct auth4_context
*auth_ctx
, const uint8_t chal
[8], const char *set_by
);
201 NTSTATUS
samba_server_gensec_start(TALLOC_CTX
*mem_ctx
,
202 struct tevent_context
*event_ctx
,
203 struct imessaging_context
*msg_ctx
,
204 struct loadparm_context
*lp_ctx
,
205 struct cli_credentials
*server_credentials
,
206 const char *target_service
,
207 struct gensec_security
**gensec_context
);
208 NTSTATUS
samba_server_gensec_krb5_start(TALLOC_CTX
*mem_ctx
,
209 struct tevent_context
*event_ctx
,
210 struct imessaging_context
*msg_ctx
,
211 struct loadparm_context
*lp_ctx
,
212 struct cli_credentials
*server_credentials
,
213 const char *target_service
,
214 struct gensec_security
**gensec_context
);
216 #endif /* _SMBAUTH_H_ */
