source4/auth/gensec/gensec.h

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    Generic Authentication Interface
   5
   6    Copyright (C) Andrew Tridgell 2003
   7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 2 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program; if not, write to the Free Software
  21    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  22 */
  23
  24 #ifndef __GENSEC_H__
  25 #define __GENSEC_H__
  26
  27 #include "core.h"
  28
  29 #define GENSEC_OID_NTLMSSP "1 3 6 1 4 1 311 2 2 10"
  30 #define GENSEC_OID_SPNEGO "1 3 6 1 5 5 2"
  31 #define GENSEC_OID_KERBEROS5 "1 2 840 113554 1 2 2"
  32 #define GENSEC_OID_KERBEROS5_OLD "1 2 840 48018 1 2 2"
  33 #define GENSEC_OID_KERBEROS5_USER2USER "1 2 840 113554 1 2 2 3"
  34
  35 struct gensec_security;
  36 struct gensec_target {
  37         const char *principal;
  38         const char *hostname;
  39         const char *service;
  40 };
  41
  42 #define GENSEC_FEATURE_SESSION_KEY      0x00000001
  43 #define GENSEC_FEATURE_SIGN             0x00000002
  44 #define GENSEC_FEATURE_SEAL             0x00000004
  45 #define GENSEC_FEATURE_DCE_STYLE        0x00000008
  46 #define GENSEC_FEATURE_ASYNC_REPLIES    0x00000010
  47 #define GENSEC_FEATURE_DATAGRAM_MODE    0x00000020
  48
  49 /* GENSEC mode */
  50 enum gensec_role
  51 {
  52         GENSEC_SERVER,
  53         GENSEC_CLIENT
  54 };
  55
  56 struct auth_session_info;
  57
  58 struct gensec_update_request {
  59         struct gensec_security *gensec_security;
  60         void *private_data;
  61         DATA_BLOB in;
  62         DATA_BLOB out;
  63         NTSTATUS status;
  64         struct {
  65                 void (*fn)(struct gensec_update_request *req, void *private_data);
  66                 void *private_data;
  67         } callback;
  68 };
  69
  70 struct gensec_security_ops {
  71         const char *name;
  72         const char *sasl_name;
  73         uint8_t auth_type;  /* 0 if not offered on DCE-RPC */
  74         const char **oid;  /* NULL if not offered by SPNEGO */
  75         NTSTATUS (*client_start)(struct gensec_security *gensec_security);
  76         NTSTATUS (*server_start)(struct gensec_security *gensec_security);
  77         /**
  78            Determine if a packet has the right 'magic' for this mechanism
  79         */
  80         NTSTATUS (*magic)(struct gensec_security *gensec_security,
  81                           const DATA_BLOB *first_packet);
  82         NTSTATUS (*update)(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
  83                            const DATA_BLOB in, DATA_BLOB *out);
  84         NTSTATUS (*seal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
  85                                 uint8_t *data, size_t length,
  86                                 const uint8_t *whole_pdu, size_t pdu_length,
  87                                 DATA_BLOB *sig);
  88         NTSTATUS (*sign_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
  89                                 const uint8_t *data, size_t length,
  90                                 const uint8_t *whole_pdu, size_t pdu_length,
  91                                 DATA_BLOB *sig);
  92         size_t   (*sig_size)(struct gensec_security *gensec_security, size_t data_size);
  93         size_t   (*max_input_size)(struct gensec_security *gensec_security);
  94         size_t   (*max_wrapped_size)(struct gensec_security *gensec_security);
  95         NTSTATUS (*check_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
  96                                  const uint8_t *data, size_t length,
  97                                  const uint8_t *whole_pdu, size_t pdu_length,
  98                                  const DATA_BLOB *sig);
  99         NTSTATUS (*unseal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
 100                                   uint8_t *data, size_t length,
 101                                   const uint8_t *whole_pdu, size_t pdu_length,
 102                                   const DATA_BLOB *sig);
 103         NTSTATUS (*wrap)(struct gensec_security *gensec_security,
 104                                   TALLOC_CTX *mem_ctx,
 105                                   const DATA_BLOB *in,
 106                                   DATA_BLOB *out);
 107         NTSTATUS (*unwrap)(struct gensec_security *gensec_security,
 108                            TALLOC_CTX *mem_ctx,
 109                            const DATA_BLOB *in,
 110                            DATA_BLOB *out);
 111         NTSTATUS (*wrap_packets)(struct gensec_security *gensec_security,
 112                                  TALLOC_CTX *mem_ctx,
 113                                  const DATA_BLOB *in,
 114                                  DATA_BLOB *out,
 115                                  size_t *len_processed);
 116         NTSTATUS (*unwrap_packets)(struct gensec_security *gensec_security,
 117                                    TALLOC_CTX *mem_ctx,
 118                                    const DATA_BLOB *in,
 119                                    DATA_BLOB *out,
 120                                    size_t *len_processed);
 121         NTSTATUS (*packet_full_request)(struct gensec_security *gensec_security,
 122                                         DATA_BLOB blob, size_t *size);
 123         NTSTATUS (*session_key)(struct gensec_security *gensec_security, DATA_BLOB *session_key);
 124         NTSTATUS (*session_info)(struct gensec_security *gensec_security,
 125                                  struct auth_session_info **session_info);
 126         BOOL (*have_feature)(struct gensec_security *gensec_security,
 127                                     uint32_t feature);
 128         BOOL enabled;
 129         BOOL kerberos;
 130 };
 131
 132 struct gensec_security_ops_wrapper {
 133         const struct gensec_security_ops *op;
 134         const char *oid;
 135 };
 136
 137 #define GENSEC_INTERFACE_VERSION 0
 138
 139 struct gensec_security {
 140         const struct gensec_security_ops *ops;
 141         void *private_data;
 142         struct cli_credentials *credentials;
 143         struct gensec_target target;
 144         enum gensec_role gensec_role;
 145         BOOL subcontext;
 146         uint32_t want_features;
 147         struct event_context *event_ctx;
 148         struct messaging_context *msg_ctx; /* only valid as server */
 149         struct socket_address *my_addr, *peer_addr;
 150 };
 151
 152 /* this structure is used by backends to determine the size of some critical types */
 153 struct gensec_critical_sizes {
 154         int interface_version;
 155         int sizeof_gensec_security_ops;
 156         int sizeof_gensec_security;
 157 };
 158
 159 #include "auth/credentials/credentials.h"
 160 #include "auth/gensec/gensec_proto.h"
 161
 162 #endif /* __GENSEC_H__ */