1#ifndef _SMBAUTH_H_ 2#define _SMBAUTH_H_ 3/* 4 Unix SMB/CIFS implementation. 5 Standardised Authentication types 6 Copyright (C) Andrew Bartlett 2001 7 8 This program is free software; you can redistribute it and/or modify 9 it under the terms of the GNU General Public License as published by 10 the Free Software Foundation; either version 3 of the License, or 11 (at your option) any later version. 12 13 This program is distributed in the hope that it will be useful, 14 but WITHOUT ANY WARRANTY; without even the implied warranty of 15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 GNU General Public License for more details. 17 18 You should have received a copy of the GNU General Public License 19 along with this program. If not, see <http://www.gnu.org/licenses/>. 20*/ 21 22typedef struct auth_usersupplied_info { 23 DATA_BLOB lm_resp; 24 DATA_BLOB nt_resp; 25 DATA_BLOB lm_interactive_pwd; 26 DATA_BLOB nt_interactive_pwd; 27 DATA_BLOB plaintext_password; 28 29 bool encrypted; 30 31 bool was_mapped; /* Did the username map actually match? */ 32 char *client_domain; /* domain name string */ 33 char *domain; /* domain name after mapping */ 34 char *internal_username; /* username after mapping */ 35 char *smb_name; /* username before mapping */ 36 char *wksta_name; /* workstation name (netbios calling 37 * name) unicode string */ 38 39 uint32 logon_parameters; 40 41} auth_usersupplied_info; 42 43typedef struct auth_serversupplied_info { 44 bool guest; 45 46 DOM_SID *sids; /* These SIDs are preliminary between 47 check_ntlm_password and the token creation. */ 48 size_t num_sids; 49 50 struct unix_user_token utok; 51 52 /* NT group information taken from the info3 structure */ 53 54 NT_USER_TOKEN *ptok; 55 56 DATA_BLOB user_session_key; 57 DATA_BLOB lm_session_key; 58 59 char *login_server; /* which server authorized the login? */ 60 61 struct samu *sam_account; 62 63 void *pam_handle; 64 65 /* 66 * This is a token from /etc/passwd and /etc/group 67 */ 68 bool nss_token; 69 70 char *unix_name; 71 72 /* 73 * For performance reasons we keep an alpha_strcpy-sanitized version 74 * of the username around as long as the global variable current_user 75 * still exists. If we did not do keep this, we'd have to call 76 * alpha_strcpy whenever we do a become_user(), potentially on every 77 * smb request. See set_current_user_info. 78 */ 79 char *sanitized_username; 80} auth_serversupplied_info; 81 82struct auth_context { 83 DATA_BLOB challenge; 84 85 /* Who set this up in the first place? */ 86 const char *challenge_set_by; 87 88 bool challenge_may_be_modified; 89 90 struct auth_methods *challenge_set_method; 91 /* What order are the various methods in? Try to stop it changing under us */ 92 struct auth_methods *auth_method_list; 93 94 TALLOC_CTX *mem_ctx; 95 void (*get_ntlm_challenge)(struct auth_context *auth_context, 96 uint8_t chal[8]); 97 NTSTATUS (*check_ntlm_password)(const struct auth_context *auth_context, 98 const struct auth_usersupplied_info *user_info, 99 struct auth_serversupplied_info **server_info); 100 NTSTATUS (*nt_status_squash)(NTSTATUS nt_status); 101 void (*free)(struct auth_context **auth_context); 102}; 103 104typedef struct auth_methods 105{ 106 struct auth_methods *prev, *next; 107 const char *name; /* What name got this module */ 108 109 NTSTATUS (*auth)(const struct auth_context *auth_context, 110 void *my_private_data, 111 TALLOC_CTX *mem_ctx, 112 const struct auth_usersupplied_info *user_info, 113 auth_serversupplied_info **server_info); 114 115 /* If you are using this interface, then you are probably 116 * getting something wrong. This interface is only for 117 * security=server, and makes a number of compromises to allow 118 * that. It is not compatible with being a PDC. */ 119 DATA_BLOB (*get_chal)(const struct auth_context *auth_context, 120 void **my_private_data, 121 TALLOC_CTX *mem_ctx); 122 123 /* Used to keep tabs on things like the cli for SMB server authentication */ 124 void *private_data; 125 126} auth_methods; 127 128typedef NTSTATUS (*auth_init_function)(struct auth_context *, const char *, struct auth_methods **); 129 130struct auth_init_function_entry { 131 const char *name; 132 /* Function to create a member of the authmethods list */ 133 134 auth_init_function init; 135 136 struct auth_init_function_entry *prev, *next; 137}; 138 139typedef struct auth_ntlmssp_state { 140 TALLOC_CTX *mem_ctx; 141 struct auth_context *auth_context; 142 struct auth_serversupplied_info *server_info; 143 struct ntlmssp_state *ntlmssp_state; 144} AUTH_NTLMSSP_STATE; 145 146/* Changed from 1 -> 2 to add the logon_parameters field. */ 147#define AUTH_INTERFACE_VERSION 2 148 149#endif /* _SMBAUTH_H_ */ 150