git.samba.org / nivanova / samba-autobuild / .git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
auth: Move wbcAuthUserInfo_to_netr_SamInfo3 to the top level
[nivanova/samba-autobuild/.git] / source3 / auth / proto.h
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index 46846ac907486ef3bb98381664022322c6929b4a..9e11a0cc5da30473a81a2326f0de026a8f45c357 100644 (file)
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -44,33 +44,89 @@ NTSTATUS make_auth_context_fixed(TALLOC_CTX *mem_ctx,
                                 struct auth_context **auth_context,
                                 uchar chal[8]) ;
 
-/* The following definitions come from auth/auth_builtin.c  */
-
-NTSTATUS auth_builtin_init(void);
+/****************************************************************************
+ Try to get a challenge out of the various authentication modules.
+ Returns a const char of length 8 bytes.
+****************************************************************************/
 
-/* The following definitions come from auth/auth_compat.c  */
+NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context,
+                                uint8_t chal[8]);
 
-NTSTATUS check_plaintext_password(const char *smb_name,
-                                 DATA_BLOB plaintext_password,
+/**
+ * Check a user's Plaintext, LM or NTLM password.
+ *
+ * Check a user's password, as given in the user_info struct and return various
+ * interesting details in the server_info struct.
+ *
+ * This function does NOT need to be in a become_root()/unbecome_root() pair
+ * as it makes the calls itself when needed.
+ *
+ * The return value takes precedence over the contents of the server_info 
+ * struct.  When the return is other than NT_STATUS_OK the contents 
+ * of that structure is undefined.
+ *
+ * @param mem_ctx   The memory context to use to allocate server_info
+ *
+ * @param user_info Contains the user supplied components, including the passwords.
+ *                  Must be created with make_user_info() or one of its wrappers.
+ *
+ * @param auth_context Supplies the challenges and some other data. 
+ *                  Must be created with make_auth_context(), and the challenges should be 
+ *                  filled in, either at creation or by calling the challenge geneation 
+ *                  function auth_get_challenge().  
+ *
+ * @param server_info If successful, contains information about the authentication, 
+ *                    including a struct samu struct describing the user.
+ *
+ * @return An NTSTATUS with NT_STATUS_OK or an appropriate error.
+ *
+ **/
+NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx,
+                                 const struct auth_context *auth_context,
+                                 const struct auth_usersupplied_info *user_info,
                                  struct auth_serversupplied_info **server_info);
-bool password_ok(struct auth_context *actx, bool global_encrypted,
-                const char *session_workgroup,
-                const char *smb_name, DATA_BLOB password_blob);
+
+/* The following definitions come from auth/auth_builtin.c  */
+
+NTSTATUS auth_builtin_init(void);
 
 /* The following definitions come from auth/auth_domain.c  */
 
 void attempt_machine_password_change(void);
 NTSTATUS auth_domain_init(void);
 
-NTSTATUS auth_netlogond_init(void);
+/* The following definitions come from auth/auth_generic.c  */
+
+NTSTATUS make_auth4_context(TALLOC_CTX *mem_ctx, struct auth4_context **auth4_context_out);
+NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx, const struct tsocket_address *remote_address,
+                             struct gensec_security **gensec_security_out);
+
+NTSTATUS auth_check_password_session_info(struct auth4_context *auth_context,
+                                         TALLOC_CTX *mem_ctx,
+                                         struct auth_usersupplied_info *user_info,
+                                         struct auth_session_info **session_info);
 
 /* The following definitions come from auth/auth_ntlmssp.c  */
 
-NTSTATUS auth_ntlmssp_steal_session_info(TALLOC_CTX *mem_ctx,
-                               struct auth_ntlmssp_state *auth_ntlmssp_state,
-                               struct auth_serversupplied_info **session_info);
-NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state);
+NTSTATUS auth3_generate_session_info(struct auth4_context *auth_context,
+                                    TALLOC_CTX *mem_ctx,
+                                    void *server_returned_info,
+                                    const char *original_user_name,
+                                    uint32_t session_info_flags,
+                                    struct auth_session_info **session_info);
+
+NTSTATUS auth3_get_challenge(struct auth4_context *auth4_context,
+                            uint8_t chal[8]);
+
+bool auth3_may_set_challenge(struct auth4_context *auth4_context);
+NTSTATUS auth3_set_challenge(struct auth4_context *auth4_context, const uint8_t *chal,
+                            const char *challenge_set_by);
 
+NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
+                             TALLOC_CTX *mem_ctx,
+                             const struct auth_usersupplied_info *user_info,
+                             void **server_returned_info,
+                             DATA_BLOB *session_key, DATA_BLOB *lm_session_key);
 
 /* The following definitions come from auth/auth_sam.c  */
 
@@ -84,88 +140,102 @@ NTSTATUS check_sam_security_info3(const DATA_BLOB *challenge,
                                  struct netr_SamInfo3 **pinfo3);
 NTSTATUS auth_sam_init(void);
 
-/* The following definitions come from auth/auth_server.c  */
-
-NTSTATUS auth_server_init(void);
-
 /* The following definitions come from auth/auth_unix.c  */
 
 NTSTATUS auth_unix_init(void);
 
 /* The following definitions come from auth/auth_util.c  */
+struct tsocket_address;
 
-NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info,
+NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx,
+                           struct auth_usersupplied_info **user_info,
                            const char *smb_name,
                            const char *client_domain,
                            const char *workstation_name,
-                           DATA_BLOB *lm_pwd,
-                           DATA_BLOB *nt_pwd,
+                           const struct tsocket_address *remote_address,
+                           const DATA_BLOB *lm_pwd,
+                           const DATA_BLOB *nt_pwd,
                            const struct samr_Password *lm_interactive_pwd,
                            const struct samr_Password *nt_interactive_pwd,
                            const char *plaintext,
                            enum auth_password_state password_state);
-bool make_user_info_netlogon_network(struct auth_usersupplied_info **user_info,
+bool make_user_info_netlogon_network(TALLOC_CTX *mem_ctx,
+                                    struct auth_usersupplied_info **user_info,
                                     const char *smb_name,
                                     const char *client_domain,
                                     const char *workstation_name,
+                                    const struct tsocket_address *remote_address,
                                     uint32 logon_parameters,
                                     const uchar *lm_network_pwd,
                                     int lm_pwd_len,
                                     const uchar *nt_network_pwd,
                                     int nt_pwd_len);
-bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_info,
+bool make_user_info_netlogon_interactive(TALLOC_CTX *mem_ctx,
+                                        struct auth_usersupplied_info **user_info,
                                         const char *smb_name,
                                         const char *client_domain,
                                         const char *workstation_name,
+                                        const struct tsocket_address *remote_address,
                                         uint32 logon_parameters,
                                         const uchar chal[8],
                                         const uchar lm_interactive_pwd[16],
-                                        const uchar nt_interactive_pwd[16],
-                                        const uchar *dc_sess_key);
-bool make_user_info_for_reply(struct auth_usersupplied_info **user_info,
+                                        const uchar nt_interactive_pwd[16]);
+bool make_user_info_for_reply(TALLOC_CTX *mem_ctx,
+                             struct auth_usersupplied_info **user_info,
                              const char *smb_name,
                              const char *client_domain,
+                             const struct tsocket_address *remote_address,
                              const uint8 chal[8],
                              DATA_BLOB plaintext_password);
-NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info **user_info,
+NTSTATUS make_user_info_for_reply_enc(TALLOC_CTX *mem_ctx,
+                                     struct auth_usersupplied_info **user_info,
                                       const char *smb_name,
                                       const char *client_domain,
+                                     const struct tsocket_address *remote_address,
                                       DATA_BLOB lm_resp, DATA_BLOB nt_resp);
-bool make_user_info_guest(struct auth_usersupplied_info **user_info) ;
+bool make_user_info_guest(TALLOC_CTX *mem_ctx,
+                         const struct tsocket_address *remote_address,
+                         struct auth_usersupplied_info **user_info);
+
 struct samu;
-NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
-                             struct samu *sampass);
+NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx,
+                             struct samu *sampass,
+                             struct auth_serversupplied_info **pserver_info);
 NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
                            const struct auth_serversupplied_info *server_info,
                            DATA_BLOB *session_key,
-                           struct auth_serversupplied_info **session_info_out);
+                           const char *smb_name,
+                           struct auth_session_info **session_info_out);
 NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
                                    bool is_guest,
                                    uid_t *uid, gid_t *gid,
                                    char **found_username,
                                    struct security_token **token);
 bool user_in_group_sid(const char *username, const struct dom_sid *group_sid);
+bool user_sid_in_group_sid(const struct dom_sid *sid, const struct dom_sid *group_sid);
 bool user_in_group(const char *username, const char *groupname);
 struct passwd;
-NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
-                             char *unix_username,
-                            struct passwd *pwd);
+NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx,
+                            const char *unix_username,
+                            const struct passwd *pwd,
+                            struct auth_serversupplied_info **server_info);
 NTSTATUS make_session_info_from_username(TALLOC_CTX *mem_ctx,
                                         const char *username,
                                         bool is_guest,
-                                        struct auth_serversupplied_info **session_info);
-struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx,
-                                                const struct auth_serversupplied_info *src);
+                                        struct auth_session_info **session_info);
+struct auth_session_info *copy_session_info(TALLOC_CTX *mem_ctx,
+                                            const struct auth_session_info *src);
 bool init_guest_info(void);
-NTSTATUS init_system_info(void);
-bool session_info_set_session_key(struct auth_serversupplied_info *info,
+NTSTATUS init_system_session_info(void);
+bool session_info_set_session_key(struct auth_session_info *info,
                                 DATA_BLOB session_key);
 NTSTATUS make_server_info_guest(TALLOC_CTX *mem_ctx,
                                struct auth_serversupplied_info **server_info);
+NTSTATUS make_session_info_guest(TALLOC_CTX *mem_ctx,
+                               struct auth_session_info **server_info);
 NTSTATUS make_session_info_system(TALLOC_CTX *mem_ctx,
-                                struct auth_serversupplied_info **session_info);
-const struct auth_serversupplied_info *get_session_info_system(void);
-bool copy_current_user(struct current_user *dst, struct current_user *src);
+                                struct auth_session_info **session_info);
+const struct auth_session_info *get_session_info_system(void);
 struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, const char *domuser,
                             char **p_save_username, bool create );
 NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
@@ -180,17 +250,19 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
                                          const struct wbcAuthUserInfo *info,
                                          struct auth_serversupplied_info **server_info);
 void free_user_info(struct auth_usersupplied_info **user_info);
-bool make_auth_methods(struct auth_context *auth_context, auth_methods **auth_method) ;
 bool is_trusted_domain(const char* dom_name);
+NTSTATUS session_extract_session_key(const struct auth_session_info *session_info, DATA_BLOB *session_key, enum session_key_use_intent intent);
 
 /* The following definitions come from auth/user_info.c  */
 
-NTSTATUS make_user_info(struct auth_usersupplied_info **ret_user_info,
+NTSTATUS make_user_info(TALLOC_CTX *mem_ctx,
+                       struct auth_usersupplied_info **ret_user_info,
                        const char *smb_name,
                        const char *internal_username,
                        const char *client_domain,
                        const char *domain,
                        const char *workstation_name,
+                       const struct tsocket_address *remote_address,
                        const DATA_BLOB *lm_pwd,
                        const DATA_BLOB *nt_pwd,
                        const struct samr_Password *lm_interactive_pwd,
@@ -199,6 +271,12 @@ NTSTATUS make_user_info(struct auth_usersupplied_info **ret_user_info,
                        enum auth_password_state password_state);
 void free_user_info(struct auth_usersupplied_info **user_info);
 
+NTSTATUS do_map_to_guest_server_info(TALLOC_CTX *mem_ctx,
+                                    NTSTATUS status,
+                                    const char *user,
+                                    const char *domain,
+                                    struct auth_serversupplied_info **server_info);
+
 /* The following definitions come from auth/auth_winbind.c  */
 
 NTSTATUS auth_winbind_init(void);
@@ -211,26 +289,22 @@ struct netr_SamInfo6;
 
 struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx);
 NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
-                               uint8_t *pipe_session_key,
-                               size_t pipe_session_key_len,
                                struct netr_SamInfo2 *sam2);
 NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_info,
-                               uint8_t *pipe_session_key,
-                               size_t pipe_session_key_len,
                                struct netr_SamInfo3 *sam3);
 NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info,
-                               uint8_t *pipe_session_key,
-                               size_t pipe_session_key_len,
                                struct netr_SamInfo6 *sam6);
 NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
                          struct samu *samu,
                          const char *login_server,
                          struct netr_SamInfo3 **_info3,
                          struct extra_auth_info *extra);
+NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
+                           const char *unix_username,
+                           const struct passwd *pwd,
+                           struct netr_SamInfo3 **pinfo3);
 struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx,
                                         struct netr_SamInfo3 *orig);
-struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx,
-                                       const struct wbcAuthUserInfo *info);
 
 /* The following definitions come from auth/auth_wbc.c  */
 
@@ -238,15 +312,13 @@ NTSTATUS auth_wbc_init(void);
 
 /* The following definitions come from auth/pampass.c  */
 
-bool smb_pam_claim_session(char *user, char *tty, char *rhost);
-bool smb_pam_close_session(char *user, char *tty, char *rhost);
+bool smb_pam_claim_session(const char *user, const char *tty, const char *rhost);
+bool smb_pam_close_session(const char *user, const char *tty, const char *rhost);
 NTSTATUS smb_pam_accountcheck(const char *user, const char *rhost);
 NTSTATUS smb_pam_passcheck(const char * user, const char * rhost,
                           const char * password);
 bool smb_pam_passchange(const char *user, const char *rhost,
                        const char *oldpassword, const char *newpassword);
-bool smb_pam_claim_session(char *user, char *tty, char *rhost);
-bool smb_pam_close_session(char *in_user, char *tty, char *rhost);
 
 /* The following definitions come from auth/pass_check.c  */
 
@@ -271,8 +343,8 @@ struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
                                            const struct dom_sid *groupsids);
 NTSTATUS create_local_nt_token_from_info3(TALLOC_CTX *mem_ctx,
                                          bool is_guest,
-                                         struct netr_SamInfo3 *info3,
-                                         struct extra_auth_info *extra,
+                                         const struct netr_SamInfo3 *info3,
+                                         const struct extra_auth_info *extra,
                                          struct security_token **ntok);
 void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid,
                           int n_groups, gid_t *groups);
@@ -303,6 +375,7 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
                                struct PAC_LOGON_INFO *logon_info,
                                bool mapped_to_guest, bool username_was_mapped,
                                DATA_BLOB *session_key,
-                               struct auth_serversupplied_info **session_info);
+                               struct auth_session_info **session_info);
+
 
 #endif /* _AUTH_PROTO_H_ */
Unnamed repository; edit this file 'description' to name the repository.