auth: Add SID_NT_NTLM_AUTHENTICATION / S-1-5-64-10 to the token during NTLM auth

[amitay/samba.git] / auth / common_auth.h

diff --git a/auth/common_auth.h b/auth/common_auth.h
index 453c0c9efbddbbe3a5ea96d37e252e4b0eec60bd..95b36cd334faead6d3b8a23779ff41d196f86deb 100644 (file)
--- a/auth/common_auth.h
+++ b/auth/common_auth.h
@@ -25,7 +25,9 @@
 #define USER_INFO_CASE_INSENSITIVE_USERNAME 0x01 /* username may be in any case */
 #define USER_INFO_CASE_INSENSITIVE_PASSWORD 0x02 /* password may be in any case */
 #define USER_INFO_DONT_CHECK_UNIX_ACCOUNT   0x04 /* don't check unix account status */
-#define USER_INFO_INTERACTIVE_LOGON         0x08 /* don't check unix account status */
+#define USER_INFO_INTERACTIVE_LOGON         0x08 /* Interactive logon */
+/*unused #define USER_INFO_LOCAL_SAM_ONLY   0x10    Only authenticate against the local SAM, do not map missing passwords to NO_SUCH_USER */
+#define USER_INFO_INFO3_AND_NO_AUTHZ        0x20 /* Only fill in server_info->info3 and do not do any authorization steps */
 
 enum auth_password_state {
        AUTH_PASSWORD_PLAIN = 1,
@@ -37,6 +39,7 @@ enum auth_password_state {
 #define AUTH_SESSION_INFO_AUTHENTICATED      0x02 /* Add the user to the 'authenticated users' group */
 #define AUTH_SESSION_INFO_SIMPLE_PRIVILEGES  0x04 /* Use a trivial map between users and privilages, rather than a DB */
 #define AUTH_SESSION_INFO_UNIX_TOKEN         0x08 /* The returned token must have the unix_token and unix_info elements provided */
+#define AUTH_SESSION_INFO_NTLM               0x10 /* The returned token must have authenticated-with-NTLM flag set */
 
 struct auth_usersupplied_info
 {
@@ -82,8 +85,6 @@ struct auth4_context {
                /* Who set this up in the first place? */
                const char *set_by;
 
-               bool may_be_modified;
-
                DATA_BLOB data;
        } challenge;
 
@@ -105,21 +106,21 @@ struct auth4_context {
        /* Private data for the callbacks on this auth context */
        void *private_data;
 
-       NTSTATUS (*check_password)(struct auth4_context *auth_ctx,
-                                  TALLOC_CTX *mem_ctx,
-                                  const struct auth_usersupplied_info *user_info,
-                                  void **server_returned_info,
-                                  DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key);
-
-       NTSTATUS (*get_challenge)(struct auth4_context *auth_ctx, uint8_t chal[8]);
+       NTSTATUS (*check_ntlm_password)(struct auth4_context *auth_ctx,
+                                       TALLOC_CTX *mem_ctx,
+                                       const struct auth_usersupplied_info *user_info,
+                                       uint8_t *pauthoritative,
+                                       void **server_returned_info,
+                                       DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key);
 
-       bool (*challenge_may_be_modified)(struct auth4_context *auth_ctx);
+       NTSTATUS (*get_ntlm_challenge)(struct auth4_context *auth_ctx, uint8_t chal[8]);
 
-       NTSTATUS (*set_challenge)(struct auth4_context *auth_ctx, const uint8_t chal[8], const char *set_by);
+       NTSTATUS (*set_ntlm_challenge)(struct auth4_context *auth_ctx, const uint8_t chal[8], const char *set_by);
 
-       NTSTATUS (*generate_session_info)(TALLOC_CTX *mem_ctx,
-                                         struct auth4_context *auth_context,
+       NTSTATUS (*generate_session_info)(struct auth4_context *auth_context,
+                                         TALLOC_CTX *mem_ctx,
                                          void *server_returned_info,
+                                         const char *original_user_name,
                                          uint32_t session_info_flags,
                                          struct auth_session_info **session_info);