1#ifndef _SMBAUTH_H_ 2#define _SMBAUTH_H_ 3/* 4 Unix SMB/CIFS implementation. 5 Standardised Authentication types 6 Copyright (C) Andrew Bartlett 2001 7 8 This program is free software; you can redistribute it and/or modify 9 it under the terms of the GNU General Public License as published by 10 the Free Software Foundation; either version 2 of the License, or 11 (at your option) any later version. 12 13 This program is distributed in the hope that it will be useful, 14 but WITHOUT ANY WARRANTY; without even the implied warranty of 15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 GNU General Public License for more details. 17 18 You should have received a copy of the GNU General Public License 19 along with this program; if not, write to the Free Software 20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 21*/ 22 23/* AUTH_STR - string */ 24typedef struct normal_string 25{ 26 int len; 27 char *str; 28} AUTH_STR; 29 30typedef struct auth_usersupplied_info 31{ 32 33 DATA_BLOB lm_resp; 34 DATA_BLOB nt_resp; 35 DATA_BLOB lm_interactive_pwd; 36 DATA_BLOB nt_interactive_pwd; 37 DATA_BLOB plaintext_password; 38 39 BOOL encrypted; 40 41 AUTH_STR client_domain; /* domain name string */ 42 AUTH_STR domain; /* domain name after mapping */ 43 AUTH_STR internal_username; /* username after mapping */ 44 AUTH_STR smb_name; /* username before mapping */ 45 AUTH_STR wksta_name; /* workstation name (netbios calling name) unicode string */ 46 47} auth_usersupplied_info; 48 49#define SAM_FILL_NAME 0x01 50#define SAM_FILL_INFO3 0x02 51#define SAM_FILL_SAM 0x04 52#define SAM_FILL_UNIX 0x08 53#define SAM_FILL_ALL (SAM_FILL_NAME | SAM_FILL_INFO3 | SAM_FILL_SAM | SAM_FILL_UNIX) 54 55typedef struct auth_serversupplied_info 56{ 57 BOOL guest; 58 59 uid_t uid; 60 gid_t gid; 61 62 /* This groups info is needed for when we become_user() for this uid */ 63 int n_groups; 64 gid_t *groups; 65 66 /* NT group information taken from the info3 structure */ 67 68 NT_USER_TOKEN *ptok; 69 70 DATA_BLOB user_session_key; 71 DATA_BLOB lm_session_key; 72 73 uint32 sam_fill_level; /* How far is this structure filled? */ 74 75 SAM_ACCOUNT *sam_account; 76 77 void *pam_handle; 78 79 char *unix_name; 80 81} auth_serversupplied_info; 82 83struct auth_context { 84 DATA_BLOB challenge; 85 86 /* Who set this up in the first place? */ 87 const char *challenge_set_by; 88 89 BOOL challenge_may_be_modified; 90 91 struct auth_methods *challenge_set_method; 92 /* What order are the various methods in? Try to stop it changing under us */ 93 struct auth_methods *auth_method_list; 94 95 TALLOC_CTX *mem_ctx; 96 const uint8 *(*get_ntlm_challenge)(struct auth_context *auth_context); 97 NTSTATUS (*check_ntlm_password)(const struct auth_context *auth_context, 98 const struct auth_usersupplied_info *user_info, 99 struct auth_serversupplied_info **server_info); 100 NTSTATUS (*nt_status_squash)(NTSTATUS nt_status); 101 void (*free)(struct auth_context **auth_context); 102}; 103 104typedef struct auth_methods 105{ 106 struct auth_methods *prev, *next; 107 const char *name; /* What name got this module */ 108 109 NTSTATUS (*auth)(const struct auth_context *auth_context, 110 void *my_private_data, 111 TALLOC_CTX *mem_ctx, 112 const struct auth_usersupplied_info *user_info, 113 auth_serversupplied_info **server_info); 114 115 /* If you are using this interface, then you are probably 116 * getting something wrong. This interface is only for 117 * security=server, and makes a number of compromises to allow 118 * that. It is not compatible with being a PDC. */ 119 DATA_BLOB (*get_chal)(const struct auth_context *auth_context, 120 void **my_private_data, 121 TALLOC_CTX *mem_ctx); 122 123 /* Used to keep tabs on things like the cli for SMB server authentication */ 124 void *private_data; 125 126 /* Function to clean up the above arbitary structure */ 127 void (*free_private_data)(void **private_data); 128 129 /* Function to send a keepalive message on the above structure */ 130 void (*send_keepalive)(void **private_data); 131 132} auth_methods; 133 134typedef NTSTATUS (*auth_init_function)(struct auth_context *, const char *, struct auth_methods **); 135 136struct auth_init_function_entry { 137 const char *name; 138 /* Function to create a member of the authmethods list */ 139 140 auth_init_function init; 141 142 struct auth_init_function_entry *prev, *next; 143}; 144 145typedef struct auth_ntlmssp_state 146{ 147 TALLOC_CTX *mem_ctx; 148 struct auth_context *auth_context; 149 struct auth_serversupplied_info *server_info; 150 struct ntlmssp_state *ntlmssp_state; 151} AUTH_NTLMSSP_STATE; 152 153#define AUTH_INTERFACE_VERSION 1 154 155#endif /* _SMBAUTH_H_ */ 156