auth/gensec: make sure there's only one pending gensec_update_send() per context
[vlendec/samba-autobuild/.git] / auth / gensec / gensec_internal.h
1 /*
2    Unix SMB/CIFS implementation.
3
4    Generic Authentication Interface
5
6    Copyright (C) Andrew Tridgell 2003
7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
8
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 3 of the License, or
12    (at your option) any later version.
13
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18
19    You should have received a copy of the GNU General Public License
20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #ifndef __GENSEC_INTERNAL_H__
24 #define __GENSEC_INTERNAL_H__
25
26 struct gensec_security;
27
28 struct gensec_security_ops {
29         const char *name;
30         const char *sasl_name;
31         uint8_t auth_type;  /* 0 if not offered on DCE-RPC */
32         const char **oid;  /* NULL if not offered by SPNEGO */
33         NTSTATUS (*client_start)(struct gensec_security *gensec_security);
34         NTSTATUS (*server_start)(struct gensec_security *gensec_security);
35         /**
36            Determine if a packet has the right 'magic' for this mechanism
37         */
38         NTSTATUS (*magic)(struct gensec_security *gensec_security,
39                           const DATA_BLOB *first_packet);
40         struct tevent_req *(*update_send)(TALLOC_CTX *mem_ctx,
41                                           struct tevent_context *ev,
42                                           struct gensec_security *gensec_security,
43                                           const DATA_BLOB in);
44         NTSTATUS (*update_recv)(struct tevent_req *req,
45                                 TALLOC_CTX *out_mem_ctx,
46                                 DATA_BLOB *out);
47         NTSTATUS (*may_reset_crypto)(struct gensec_security *gensec_security,
48                                      bool full_reset);
49         NTSTATUS (*seal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
50                                 uint8_t *data, size_t length,
51                                 const uint8_t *whole_pdu, size_t pdu_length,
52                                 DATA_BLOB *sig);
53         NTSTATUS (*sign_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
54                                 const uint8_t *data, size_t length,
55                                 const uint8_t *whole_pdu, size_t pdu_length,
56                                 DATA_BLOB *sig);
57         size_t   (*sig_size)(struct gensec_security *gensec_security, size_t data_size);
58         size_t   (*max_input_size)(struct gensec_security *gensec_security);
59         size_t   (*max_wrapped_size)(struct gensec_security *gensec_security);
60         NTSTATUS (*check_packet)(struct gensec_security *gensec_security,
61                                  const uint8_t *data, size_t length,
62                                  const uint8_t *whole_pdu, size_t pdu_length,
63                                  const DATA_BLOB *sig);
64         NTSTATUS (*unseal_packet)(struct gensec_security *gensec_security,
65                                   uint8_t *data, size_t length,
66                                   const uint8_t *whole_pdu, size_t pdu_length,
67                                   const DATA_BLOB *sig);
68         NTSTATUS (*wrap)(struct gensec_security *gensec_security,
69                                   TALLOC_CTX *mem_ctx,
70                                   const DATA_BLOB *in,
71                                   DATA_BLOB *out);
72         NTSTATUS (*unwrap)(struct gensec_security *gensec_security,
73                            TALLOC_CTX *mem_ctx,
74                            const DATA_BLOB *in,
75                            DATA_BLOB *out);
76         NTSTATUS (*session_key)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx,
77                                 DATA_BLOB *session_key);
78         NTSTATUS (*session_info)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx,
79                                  struct auth_session_info **session_info);
80         void (*want_feature)(struct gensec_security *gensec_security,
81                                     uint32_t feature);
82         bool (*have_feature)(struct gensec_security *gensec_security,
83                                     uint32_t feature);
84         NTTIME (*expire_time)(struct gensec_security *gensec_security);
85         const char *(*final_auth_type)(struct gensec_security *gensec_security);
86         bool enabled;
87         bool kerberos;
88         enum gensec_priority priority;
89 };
90
91 struct gensec_security_ops_wrapper {
92         const struct gensec_security_ops *op;
93         const char *oid;
94 };
95
96 struct gensec_security {
97         const struct gensec_security_ops *ops;
98         void *private_data;
99         struct cli_credentials *credentials;
100         struct gensec_target target;
101         enum gensec_role gensec_role;
102         bool subcontext;
103         uint32_t want_features;
104         uint32_t max_update_size;
105         uint8_t dcerpc_auth_level;
106         struct tsocket_address *local_addr, *remote_addr;
107         struct gensec_settings *settings;
108
109         /* When we are a server, this may be filled in to provide an
110          * NTLM authentication backend, and user lookup (such as if no
111          * PAC is found) */
112         struct auth4_context *auth_context;
113
114         struct gensec_security *parent_security;
115         struct gensec_security *child_security;
116
117         /*
118          * This is used to mark the context as being
119          * busy in an async gensec_update_send().
120          */
121         struct gensec_security **update_busy_ptr;
122 };
123
124 /* this structure is used by backends to determine the size of some critical types */
125 struct gensec_critical_sizes {
126         int interface_version;
127         int sizeof_gensec_security_ops;
128         int sizeof_gensec_security;
129 };
130
131 NTSTATUS gensec_may_reset_crypto(struct gensec_security *gensec_security,
132                                  bool full_reset);
133
134 const char *gensec_final_auth_type(struct gensec_security *gensec_security);
135
136 NTSTATUS gensec_child_ready(struct gensec_security *parent,
137                             struct gensec_security *child);
138 void gensec_child_want_feature(struct gensec_security *gensec_security,
139                                uint32_t feature);
140 bool gensec_child_have_feature(struct gensec_security *gensec_security,
141                                uint32_t feature);
142 NTSTATUS gensec_child_unseal_packet(struct gensec_security *gensec_security,
143                                     uint8_t *data, size_t length,
144                                     const uint8_t *whole_pdu, size_t pdu_length,
145                                     const DATA_BLOB *sig);
146 NTSTATUS gensec_child_check_packet(struct gensec_security *gensec_security,
147                                    const uint8_t *data, size_t length,
148                                    const uint8_t *whole_pdu, size_t pdu_length,
149                                    const DATA_BLOB *sig);
150 NTSTATUS gensec_child_seal_packet(struct gensec_security *gensec_security,
151                                   TALLOC_CTX *mem_ctx,
152                                   uint8_t *data, size_t length,
153                                   const uint8_t *whole_pdu, size_t pdu_length,
154                                   DATA_BLOB *sig);
155 NTSTATUS gensec_child_sign_packet(struct gensec_security *gensec_security,
156                                   TALLOC_CTX *mem_ctx,
157                                   const uint8_t *data, size_t length,
158                                   const uint8_t *whole_pdu, size_t pdu_length,
159                                   DATA_BLOB *sig);
160 NTSTATUS gensec_child_wrap(struct gensec_security *gensec_security,
161                            TALLOC_CTX *mem_ctx,
162                            const DATA_BLOB *in,
163                            DATA_BLOB *out);
164 NTSTATUS gensec_child_unwrap(struct gensec_security *gensec_security,
165                              TALLOC_CTX *mem_ctx,
166                              const DATA_BLOB *in,
167                              DATA_BLOB *out);
168 size_t gensec_child_sig_size(struct gensec_security *gensec_security,
169                              size_t data_size);
170 size_t gensec_child_max_input_size(struct gensec_security *gensec_security);
171 size_t gensec_child_max_wrapped_size(struct gensec_security *gensec_security);
172 NTSTATUS gensec_child_session_key(struct gensec_security *gensec_security,
173                                   TALLOC_CTX *mem_ctx,
174                                   DATA_BLOB *session_key);
175 NTSTATUS gensec_child_session_info(struct gensec_security *gensec_security,
176                                    TALLOC_CTX *mem_ctx,
177                                    struct auth_session_info **session_info);
178 NTTIME gensec_child_expire_time(struct gensec_security *gensec_security);
179 const char *gensec_child_final_auth_type(struct gensec_security *gensec_security);
180
181 #endif /* __GENSEC_H__ */