mkinclude gensec/config.mk
mkinclude kerberos/config.mk
mkinclude ntlmssp/config.mk
+mkinclude ntlm/config.mk
mkinclude credentials/config.mk
[SUBSYSTEM::auth_session]
PUBLIC_DEPENDENCIES = SAMDB UTIL_LDB LIBSECURITY
PRIVATE_DEPENDENCIES = LDAP_ENCODE
-auth_sam_OBJ_FILES = $(addprefix auth/, sam.o ntlm_check.o)
+auth_sam_OBJ_FILES = $(addprefix auth/, sam.o)
[SUBSYSTEM::auth_sam_reply]
PRIVATE_PROTO_HEADER = auth_sam_reply.h
auth_sam_reply_OBJ_FILES = $(addprefix auth/, auth_sam_reply.o)
-#######################
-# Start MODULE auth_sam
-[MODULE::auth_sam_module]
-# gensec_krb5 and gensec_gssapi depend on it
-INIT_FUNCTION = auth_sam_init
-SUBSYSTEM = auth
-PRIVATE_DEPENDENCIES = \
- SAMDB auth_sam
-# End MODULE auth_sam
-#######################
-
-auth_sam_module_OBJ_FILES = $(addprefix auth/, auth_sam.o)
-
-#######################
-# Start MODULE auth_anonymous
-[MODULE::auth_anonymous]
-INIT_FUNCTION = auth_anonymous_init
-SUBSYSTEM = auth
-# End MODULE auth_anonymous
-#######################
-
-auth_anonymous_OBJ_FILES = $(addprefix auth/, auth_anonymous.o)
-
-#######################
-# Start MODULE auth_anonymous
-[MODULE::auth_server]
-INIT_FUNCTION = auth_server_init
-SUBSYSTEM = auth
-PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBCLI_SMB
-OUTPUT_TYPE = SHARED_LIBRARY
-# End MODULE auth_server
-#######################
-
-auth_server_OBJ_FILES = $(addprefix auth/, auth_server.o)
-
-#######################
-# Start MODULE auth_winbind
-[MODULE::auth_winbind]
-INIT_FUNCTION = auth_winbind_init
-SUBSYSTEM = auth
-PRIVATE_DEPENDENCIES = NDR_WINBIND MESSAGING LIBWINBIND-CLIENT
-# End MODULE auth_winbind
-#######################
-
-auth_winbind_OBJ_FILES = $(addprefix auth/, auth_winbind.o)
-
-#######################
-# Start MODULE auth_developer
-[MODULE::auth_developer]
-INIT_FUNCTION = auth_developer_init
-SUBSYSTEM = auth
-# End MODULE auth_developer
-#######################
-
-auth_developer_OBJ_FILES = $(addprefix auth/, auth_developer.o)
-
-[MODULE::auth_unix]
-INIT_FUNCTION = auth_unix_init
-SUBSYSTEM = auth
-PRIVATE_DEPENDENCIES = CRYPT PAM PAM_ERRORS NSS_WRAPPER
-
-auth_unix_OBJ_FILES = $(addprefix auth/, auth_unix.o)
-
-[SUBSYSTEM::PAM_ERRORS]
-PRIVATE_PROTO_HEADER = pam_errors.h
-
-#VERSION = 0.0.1
-#SO_VERSION = 0
-PAM_ERRORS_OBJ_FILES = $(addprefix auth/, pam_errors.o)
-
-[MODULE::auth]
-INIT_FUNCTION = server_service_auth_init
-SUBSYSTEM = service
-PRIVATE_PROTO_HEADER = auth_proto.h
-PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBSECURITY SAMDB CREDENTIALS
-
-auth_OBJ_FILES = $(addprefix auth/, auth.o auth_util.o auth_simple.o)
-
-# PUBLIC_HEADERS += auth/auth.h
-
[PYTHON::swig_auth]
PUBLIC_DEPENDENCIES = auth_system_session
PRIVATE_DEPENDENCIES = SAMDB
--- /dev/null
+#ifndef __AUTH_NTLM_AUTH_PROTO_H__
+#define __AUTH_NTLM_AUTH_PROTO_H__
+
+#undef _PRINTF_ATTRIBUTE
+#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)
+/* This file was automatically generated by mkproto.pl. DO NOT EDIT */
+
+/* this file contains prototypes for functions that are private
+ * to this subsystem or library. These functions should not be
+ * used outside this particular subsystem! */
+
+
+/* The following definitions come from auth/ntlm/auth.c */
+
+
+/***************************************************************************
+ Set a fixed challenge
+***************************************************************************/
+bool auth_challenge_may_be_modified(struct auth_context *auth_ctx) ;
+const struct auth_operations *auth_backend_byname(const char *name);
+const struct auth_critical_sizes *auth_interface_version(void);
+NTSTATUS server_service_auth_init(void);
+
+/* The following definitions come from auth/ntlm/auth_util.c */
+
+NTSTATUS auth_get_challenge_not_implemented(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *challenge);
+
+/****************************************************************************
+ Create an auth_usersupplied_data structure after appropriate mapping.
+****************************************************************************/
+NTSTATUS map_user_info(TALLOC_CTX *mem_ctx,
+ const char *default_domain,
+ const struct auth_usersupplied_info *user_info,
+ struct auth_usersupplied_info **user_info_mapped);
+
+/****************************************************************************
+ Create an auth_usersupplied_data structure after appropriate mapping.
+****************************************************************************/
+NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_context,
+ enum auth_password_state to_state,
+ const struct auth_usersupplied_info *user_info_in,
+ const struct auth_usersupplied_info **user_info_encrypted);
+
+/* The following definitions come from auth/ntlm/auth_simple.c */
+
+#undef _PRINTF_ATTRIBUTE
+#define _PRINTF_ATTRIBUTE(a1, a2)
+
+#endif /* __AUTH_NTLM_AUTH_PROTO_H__ */
+
#include "lib/ldb/include/ldb.h"
#include "util/util_ldb.h"
#include "auth/auth.h"
-#include "auth/auth_proto.h"
+#include "auth/ntlm/ntlm_check.h"
+#include "auth/ntlm/auth_proto.h"
#include "auth/auth_sam.h"
#include "dsdb/samdb/samdb.h"
#include "libcli/security/security.h"
--- /dev/null
+# NTLM auth server subsystem
+
+[SUBSYSTEM::ntlm_check]
+PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL
+
+ntlm_check_OBJ_FILES = $(addprefix auth/ntlm/, ntlm_check.o)
+
+#######################
+# Start MODULE auth_sam
+[MODULE::auth_sam_module]
+# gensec_krb5 and gensec_gssapi depend on it
+INIT_FUNCTION = auth_sam_init
+SUBSYSTEM = auth
+PRIVATE_DEPENDENCIES = \
+ SAMDB auth_sam ntlm_check
+# End MODULE auth_sam
+#######################
+
+auth_sam_module_OBJ_FILES = $(addprefix auth/ntlm/, auth_sam.o)
+
+#######################
+# Start MODULE auth_anonymous
+[MODULE::auth_anonymous]
+INIT_FUNCTION = auth_anonymous_init
+SUBSYSTEM = auth
+# End MODULE auth_anonymous
+#######################
+
+auth_anonymous_OBJ_FILES = $(addprefix auth/ntlm/, auth_anonymous.o)
+
+#######################
+# Start MODULE auth_anonymous
+[MODULE::auth_server]
+INIT_FUNCTION = auth_server_init
+SUBSYSTEM = auth
+PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBCLI_SMB
+OUTPUT_TYPE = SHARED_LIBRARY
+# End MODULE auth_server
+#######################
+
+auth_server_OBJ_FILES = $(addprefix auth/ntlm/, auth_server.o)
+
+#######################
+# Start MODULE auth_winbind
+[MODULE::auth_winbind]
+INIT_FUNCTION = auth_winbind_init
+SUBSYSTEM = auth
+PRIVATE_DEPENDENCIES = NDR_WINBIND MESSAGING LIBWINBIND-CLIENT
+# End MODULE auth_winbind
+#######################
+
+auth_winbind_OBJ_FILES = $(addprefix auth/ntlm/, auth_winbind.o)
+
+#######################
+# Start MODULE auth_developer
+[MODULE::auth_developer]
+INIT_FUNCTION = auth_developer_init
+SUBSYSTEM = auth
+# End MODULE auth_developer
+#######################
+
+auth_developer_OBJ_FILES = $(addprefix auth/ntlm/, auth_developer.o)
+
+[MODULE::auth_unix]
+INIT_FUNCTION = auth_unix_init
+SUBSYSTEM = auth
+PRIVATE_DEPENDENCIES = CRYPT PAM PAM_ERRORS NSS_WRAPPER
+
+auth_unix_OBJ_FILES = $(addprefix auth/ntlm/, auth_unix.o)
+
+[SUBSYSTEM::PAM_ERRORS]
+PRIVATE_PROTO_HEADER = pam_errors.h
+
+#VERSION = 0.0.1
+#SO_VERSION = 0
+PAM_ERRORS_OBJ_FILES = $(addprefix auth/ntlm/, pam_errors.o)
+
+[MODULE::auth]
+INIT_FUNCTION = server_service_auth_init
+SUBSYSTEM = service
+PRIVATE_PROTO_HEADER = auth_proto.h
+PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBSECURITY SAMDB CREDENTIALS
+
+auth_OBJ_FILES = $(addprefix auth/ntlm/, auth.o auth_util.o auth_simple.o)
+
+# PUBLIC_HEADERS += auth/auth.h
+
#include "librpc/gen_ndr/netlogon.h"
#include "libcli/auth/libcli_auth.h"
#include "param/param.h"
+#include "auth/ntlm/ntlm_check.h"
/****************************************************************************
Core of smb password checking routine.
--- /dev/null
+/*
+ Unix SMB/CIFS implementation.
+ Password and authentication handling
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2004
+ Copyright (C) Gerald Carter 2003
+ Copyright (C) Luke Kenneth Casson Leighton 1996-2000
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+/**
+ * Compare password hashes against those from the SAM
+ *
+ * @param mem_ctx talloc context
+ * @param client_lanman LANMAN password hash, as supplied by the client
+ * @param client_nt NT (MD4) password hash, as supplied by the client
+ * @param username internal Samba username, for log messages
+ * @param client_username username the client used
+ * @param client_domain domain name the client used (may be mapped)
+ * @param stored_lanman LANMAN password hash, as stored on the SAM
+ * @param stored_nt NT (MD4) password hash, as stored on the SAM
+ * @param user_sess_key User session key
+ * @param lm_sess_key LM session key (first 8 bytes of the LM hash)
+ */
+
+NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx,
+ struct loadparm_context *lp_ctx,
+ const struct samr_Password *client_lanman,
+ const struct samr_Password *client_nt,
+ const char *username,
+ const struct samr_Password *stored_lanman,
+ const struct samr_Password *stored_nt);
+
+/**
+ * Check a challenge-response password against the value of the NT or
+ * LM password hash.
+ *
+ * @param mem_ctx talloc context
+ * @param challenge 8-byte challenge. If all zero, forces plaintext comparison
+ * @param nt_response 'unicode' NT response to the challenge, or unicode password
+ * @param lm_response ASCII or LANMAN response to the challenge, or password in DOS code page
+ * @param username internal Samba username, for log messages
+ * @param client_username username the client used
+ * @param client_domain domain name the client used (may be mapped)
+ * @param stored_lanman LANMAN ASCII password from our passdb or similar
+ * @param stored_nt MD4 unicode password from our passdb or similar
+ * @param user_sess_key User session key
+ * @param lm_sess_key LM session key (first 8 bytes of the LM hash)
+ */
+
+NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
+ struct loadparm_context *lp_ctx,
+ uint32_t logon_parameters,
+ const DATA_BLOB *challenge,
+ const DATA_BLOB *lm_response,
+ const DATA_BLOB *nt_response,
+ const char *username,
+ const char *client_username,
+ const char *client_domain,
+ const struct samr_Password *stored_lanman,
+ const struct samr_Password *stored_nt,
+ DATA_BLOB *user_sess_key,
+ DATA_BLOB *lm_sess_key);
--- /dev/null
+#ifndef __AUTH_NTLM_PAM_ERRORS_H__
+#define __AUTH_NTLM_PAM_ERRORS_H__
+
+#undef _PRINTF_ATTRIBUTE
+#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)
+/* This file was automatically generated by mkproto.pl. DO NOT EDIT */
+
+/* this file contains prototypes for functions that are private
+ * to this subsystem or library. These functions should not be
+ * used outside this particular subsystem! */
+
+
+/* The following definitions come from auth/ntlm/pam_errors.c */
+
+
+/*****************************************************************************
+convert a PAM error to a NT status32 code
+ *****************************************************************************/
+NTSTATUS pam_to_nt_status(int pam_error);
+
+/*****************************************************************************
+convert an NT status32 code to a PAM error
+ *****************************************************************************/
+int nt_status_to_pam(NTSTATUS nt_status);
+
+/*****************************************************************************
+convert a PAM error to a NT status32 code
+ *****************************************************************************/
+NTSTATUS pam_to_nt_status(int pam_error);
+
+/*****************************************************************************
+convert an NT status32 code to a PAM error
+ *****************************************************************************/
+int nt_status_to_pam(NTSTATUS nt_status);
+#undef _PRINTF_ATTRIBUTE
+#define _PRINTF_ATTRIBUTE(a1, a2)
+
+#endif /* __AUTH_NTLM_PAM_ERRORS_H__ */
+
gensec \
LIBCLI_RESOLVE \
auth \
+ ntlm_check \
MESSAGING \
LIBEVENTS
# End BINARY ntlm_auth
#include "auth/auth.h"
#include "librpc/gen_ndr/ndr_netlogon.h"
#include "auth/auth_sam.h"
+#include "auth/ntlm/ntlm_check.h"
#include "pstring.h"
#include "libcli/auth/libcli_auth.h"
#include "libcli/security/security.h"
git.samba.org / samba.git / commitdiff