Changeset 740 for vendor/current/source4/auth/auth.h
- Timestamp:
- Nov 14, 2012, 12:59:34 PM (12 years ago)
- File:
-
- 1 edited
-
vendor/current/source4/auth/auth.h (modified) (10 diffs)
Legend:
- Unmodified
- Added
- Removed
-
TabularUnified vendor/current/source4/auth/auth.h ¶
r414 r740 1 /* 1 /* 2 2 Unix SMB/CIFS implementation. 3 3 Standardised Authentication types 4 4 Copyright (C) Andrew Bartlett 2001 5 5 Copyright (C) Stefan Metzmacher 2005 6 6 7 7 This program is free software; you can redistribute it and/or modify 8 8 it under the terms of the GNU General Public License as published by 9 9 the Free Software Foundation; either version 3 of the License, or 10 10 (at your option) any later version. 11 11 12 12 This program is distributed in the hope that it will be useful, 13 13 but WITHOUT ANY WARRANTY; without even the implied warranty of 14 14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 15 GNU General Public License for more details. 16 16 17 17 You should have received a copy of the GNU General Public License 18 18 along with this program. If not, see <http://www.gnu.org/licenses/>. … … 23 23 24 24 #include "librpc/gen_ndr/ndr_krb5pac.h" 25 #include "librpc/gen_ndr/auth.h" 26 #include "../auth/common_auth.h" 25 27 26 28 extern const char *krbtgt_attrs[]; … … 44 46 #define AUTH_INTERFACE_VERSION 0 45 47 46 #define USER_INFO_CASE_INSENSITIVE_USERNAME 0x01 /* username may be in any case */ 47 #define USER_INFO_CASE_INSENSITIVE_PASSWORD 0x02 /* password may be in any case */ 48 #define USER_INFO_DONT_CHECK_UNIX_ACCOUNT 0x04 /* dont check unix account status */ 49 #define USER_INFO_INTERACTIVE_LOGON 0x08 /* dont check unix account status */ 50 51 enum auth_password_state { 52 AUTH_PASSWORD_RESPONSE, 53 AUTH_PASSWORD_HASH, 54 AUTH_PASSWORD_PLAIN 55 }; 56 57 struct auth_usersupplied_info 58 { 59 const char *workstation_name; 60 struct socket_address *remote_host; 61 62 uint32_t logon_parameters; 63 64 bool mapped_state; 65 /* the values the client gives us */ 66 struct { 67 const char *account_name; 68 const char *domain_name; 69 } client, mapped; 70 71 enum auth_password_state password_state; 72 73 union { 74 struct { 75 DATA_BLOB lanman; 76 DATA_BLOB nt; 77 } response; 78 struct { 79 struct samr_Password *lanman; 80 struct samr_Password *nt; 81 } hash; 82 83 char *plaintext; 84 } password; 85 uint32_t flags; 86 }; 87 88 struct auth_serversupplied_info 89 { 90 struct dom_sid *account_sid; 91 struct dom_sid *primary_group_sid; 92 93 size_t n_domain_groups; 94 struct dom_sid **domain_groups; 95 96 DATA_BLOB user_session_key; 97 DATA_BLOB lm_session_key; 98 99 const char *account_name; 100 const char *domain_name; 101 102 const char *full_name; 103 const char *logon_script; 104 const char *profile_path; 105 const char *home_directory; 106 const char *home_drive; 107 const char *logon_server; 108 109 NTTIME last_logon; 110 NTTIME last_logoff; 111 NTTIME acct_expiry; 112 NTTIME last_password_change; 113 NTTIME allow_password_change; 114 NTTIME force_password_change; 115 116 uint16_t logon_count; 117 uint16_t bad_password_count; 118 119 uint32_t acct_flags; 120 121 bool authenticated; 122 123 struct PAC_SIGNATURE_DATA pac_srv_sig, pac_kdc_sig; 124 }; 48 #define AUTH_SESSION_INFO_DEFAULT_GROUPS 0x01 /* Add the user to the default world and network groups */ 49 #define AUTH_SESSION_INFO_AUTHENTICATED 0x02 /* Add the user to the 'authenticated users' group */ 50 #define AUTH_SESSION_INFO_SIMPLE_PRIVILEGES 0x04 /* Use a trivial map between users and privilages, rather than a DB */ 125 51 126 52 struct auth_method_context; 127 53 struct auth_check_password_request; 128 54 struct auth_context; 55 struct auth_session_info; 56 struct ldb_dn; 129 57 130 58 struct auth_operations { … … 136 64 * that. It is not compatible with being a PDC. */ 137 65 138 NTSTATUS (*get_challenge)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *challenge);66 NTSTATUS (*get_challenge)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, uint8_t chal[8]); 139 67 140 68 /* Given the user supplied info, check if this backend want to handle the password checking */ … … 147 75 NTSTATUS (*check_password)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, 148 76 const struct auth_usersupplied_info *user_info, 149 struct auth_serversupplied_info **server_info); 150 151 /* Lookup a 'server info' return based only on the principal */ 152 NTSTATUS (*get_server_info_principal)(TALLOC_CTX *mem_ctx, 153 struct auth_context *auth_context, 154 const char *principal, 155 struct auth_serversupplied_info **server_info); 77 struct auth_user_info_dc **interim_info); 78 79 /* Lookup a 'session info interim' return based only on the principal or DN */ 80 NTSTATUS (*get_user_info_dc_principal)(TALLOC_CTX *mem_ctx, 81 struct auth_context *auth_context, 82 const char *principal, 83 struct ldb_dn *user_dn, 84 struct auth_user_info_dc **interim_info); 156 85 }; 157 86 … … 166 95 struct auth_context { 167 96 struct { 168 /* Who set this up in the first place? */ 97 /* Who set this up in the first place? */ 169 98 const char *set_by; 170 99 171 100 bool may_be_modified; 172 101 173 DATA_BLOB data; 102 DATA_BLOB data; 174 103 } challenge; 175 104 … … 186 115 struct loadparm_context *lp_ctx; 187 116 117 /* SAM database for this local machine - to fill in local groups, or to authenticate local NTLM users */ 118 struct ldb_context *sam_ctx; 119 188 120 NTSTATUS (*check_password)(struct auth_context *auth_ctx, 189 121 TALLOC_CTX *mem_ctx, 190 const struct auth_usersupplied_info *user_info, 191 struct auth_ serversupplied_info **server_info);192 193 NTSTATUS (*get_challenge)(struct auth_context *auth_ctx, const uint8_t **_chal);122 const struct auth_usersupplied_info *user_info, 123 struct auth_user_info_dc **user_info_dc); 124 125 NTSTATUS (*get_challenge)(struct auth_context *auth_ctx, uint8_t chal[8]); 194 126 195 127 bool (*challenge_may_be_modified)(struct auth_context *auth_ctx); 196 128 197 129 NTSTATUS (*set_challenge)(struct auth_context *auth_ctx, const uint8_t chal[8], const char *set_by); 198 199 NTSTATUS (*get_server_info_principal)(TALLOC_CTX *mem_ctx, 200 struct auth_context *auth_context, 201 const char *principal, 202 struct auth_serversupplied_info **server_info); 203 130 131 NTSTATUS (*get_user_info_dc_principal)(TALLOC_CTX *mem_ctx, 132 struct auth_context *auth_ctx, 133 const char *principal, 134 struct ldb_dn *user_dn, 135 struct auth_user_info_dc **user_info_dc); 136 137 NTSTATUS (*generate_session_info)(TALLOC_CTX *mem_ctx, 138 struct auth_context *auth_context, 139 struct auth_user_info_dc *user_info_dc, 140 uint32_t session_info_flags, 141 struct auth_session_info **session_info); 204 142 }; 205 143 … … 211 149 int sizeof_auth_context; 212 150 int sizeof_auth_usersupplied_info; 213 int sizeof_auth_ serversupplied_info;214 }; 215 216 NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_context, 151 int sizeof_auth_user_info_dc; 152 }; 153 154 NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_context, 217 155 enum auth_password_state to_state, 218 156 const struct auth_usersupplied_info *user_info_in, … … 221 159 #include "auth/session.h" 222 160 #include "auth/system_session_proto.h" 161 #include "libcli/security/security.h" 223 162 224 163 struct ldb_message; 225 164 struct ldb_context; 226 struct ldb_dn;227 165 struct gensec_security; 228 229 NTSTATUS auth_get_challenge(struct auth_context *auth_ctx, const uint8_t **_chal); 166 struct cli_credentials; 167 168 NTSTATUS auth_get_challenge(struct auth_context *auth_ctx, uint8_t chal[8]); 230 169 NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, 231 170 struct ldb_context *sam_ctx, … … 237 176 bool allow_domain_trust, 238 177 bool password_change); 239 struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx); 240 NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx, 178 NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx, 179 struct ldb_val *dn_val, const bool only_childs, const char *filter, 180 TALLOC_CTX *res_sids_ctx, struct dom_sid ***res_sids, 181 unsigned int *num_res_sids); 182 struct auth_session_info *system_session(struct loadparm_context *lp_ctx); 183 NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx, 241 184 const char *netbios_name, 242 185 const char *domain_name, 243 struct ldb_dn *domain_dn, 186 struct ldb_dn *domain_dn, 244 187 struct ldb_message *msg, 245 188 DATA_BLOB user_sess_key, DATA_BLOB lm_sess_key, 246 struct auth_ serversupplied_info **_server_info);247 NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx, 189 struct auth_user_info_dc **_user_info_dc); 190 NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx, 248 191 struct loadparm_context *lp_ctx, 249 192 struct auth_session_info **_session_info) ; 250 NTSTATUS auth_nt_status_squash(NTSTATUS nt_status); 251 252 NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods, 193 194 NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods, 253 195 struct tevent_context *ev, 254 196 struct messaging_context *msg, 255 197 struct loadparm_context *lp_ctx, 198 struct ldb_context *sam_ctx, 256 199 struct auth_context **auth_ctx); 257 258 NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, 200 const char **auth_methods_from_lp(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx); 201 202 NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, 259 203 struct tevent_context *ev, 260 204 struct messaging_context *msg, 261 205 struct loadparm_context *lp_ctx, 262 206 struct auth_context **auth_ctx); 207 NTSTATUS auth_context_create_from_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct auth_context **auth_ctx); 263 208 264 209 NTSTATUS auth_check_password(struct auth_context *auth_ctx, 265 210 TALLOC_CTX *mem_ctx, 266 const struct auth_usersupplied_info *user_info, 267 struct auth_ serversupplied_info **server_info);268 NTSTATUS auth _init(void);211 const struct auth_usersupplied_info *user_info, 212 struct auth_user_info_dc **user_info_dc); 213 NTSTATUS auth4_init(void); 269 214 NTSTATUS auth_register(const struct auth_operations *ops); 215 NTSTATUS server_service_auth_init(void); 270 216 NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx, 271 struct tevent_context *ev, 272 struct messaging_context *msg, 273 struct loadparm_context *lp_ctx, 274 const char *nt4_domain, 275 const char *nt4_username, 276 const char *password, 277 struct auth_session_info **session_info); 278 NTSTATUS auth_check_password_recv(struct auth_check_password_request *req, 217 struct tevent_context *ev, 218 struct messaging_context *msg, 219 struct loadparm_context *lp_ctx, 220 const char *nt4_domain, 221 const char *nt4_username, 222 const char *password, 223 const uint32_t logon_parameters, 224 struct auth_session_info **session_info); 225 226 struct tevent_req *auth_check_password_send(TALLOC_CTX *mem_ctx, 227 struct tevent_context *ev, 228 struct auth_context *auth_ctx, 229 const struct auth_usersupplied_info *user_info); 230 NTSTATUS auth_check_password_recv(struct tevent_req *req, 279 231 TALLOC_CTX *mem_ctx, 280 struct auth_serversupplied_info **server_info); 281 282 void auth_check_password_send(struct auth_context *auth_ctx, 283 const struct auth_usersupplied_info *user_info, 284 void (*callback)(struct auth_check_password_request *req, void *private_data), 285 void *private_data); 232 struct auth_user_info_dc **user_info_dc); 233 234 bool auth_challenge_may_be_modified(struct auth_context *auth_ctx); 286 235 NTSTATUS auth_context_set_challenge(struct auth_context *auth_ctx, const uint8_t chal[8], const char *set_by); 236 237 NTSTATUS auth_get_user_info_dc_principal(TALLOC_CTX *mem_ctx, 238 struct auth_context *auth_ctx, 239 const char *principal, 240 struct ldb_dn *user_dn, 241 struct auth_user_info_dc **user_info_dc); 287 242 288 243 NTSTATUS samba_server_gensec_start(TALLOC_CTX *mem_ctx,
Note:
See TracChangeset
for help on using the changeset viewer.
