smb.conf.5: sort parameters alphabetically

[vlendec/samba-autobuild/.git] / auth / common_auth.h

diff --git a/auth/common_auth.h b/auth/common_auth.h
index 8950a0cdc9196f9065098402049e4163ba5c3feb..3de227ee35499b8b6546be658962c02efb55ab69 100644 (file)
--- a/auth/common_auth.h
+++ b/auth/common_auth.h
@@ -83,6 +83,13 @@ struct auth_usersupplied_info
 
        const char *service_description;
        const char *auth_description;
+
+       /*
+        * for logging only, normally worked out from the password but
+        * for krb5 logging only (krb5 normally doesn't use this) we
+        * record the enc type here
+        */
+       const char *password_type;
 };
 
 struct auth_method_context;
@@ -124,6 +131,16 @@ struct auth4_context {
                                        uint8_t *pauthoritative,
                                        void **server_returned_info,
                                        DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key);
+       struct tevent_req *(*check_ntlm_password_send)(TALLOC_CTX *mem_ctx,
+                                       struct tevent_context *ev,
+                                       struct auth4_context *auth_ctx,
+                                       const struct auth_usersupplied_info *user_info);
+       NTSTATUS (*check_ntlm_password_recv)(struct tevent_req *req,
+                                       TALLOC_CTX *mem_ctx,
+                                       uint8_t *pauthoritative,
+                                       void **server_returned_info,
+                                       DATA_BLOB *nt_session_key,
+                                       DATA_BLOB *lm_session_key);
 
        NTSTATUS (*get_ntlm_challenge)(struct auth4_context *auth_ctx, uint8_t chal[8]);
 
@@ -146,15 +163,47 @@ struct auth4_context {
                                              struct auth_session_info **session_info);
 };
 
-void log_authentication_event(const struct auth_usersupplied_info *ui,
+#define AUTHZ_TRANSPORT_PROTECTION_NONE "NONE"
+#define AUTHZ_TRANSPORT_PROTECTION_SMB "SMB"
+#define AUTHZ_TRANSPORT_PROTECTION_TLS "TLS"
+#define AUTHZ_TRANSPORT_PROTECTION_SEAL "SEAL"
+#define AUTHZ_TRANSPORT_PROTECTION_SIGN "SIGN"
+
+/*
+ * Log details of an authentication attempt.
+ * Successful and unsuccessful attempts are logged.
+ *
+ * NOTE: msg_ctx and lp_ctx is optional, but when supplied allows streaming the
+ * authentication events over the message bus.
+ */
+void log_authentication_event(struct imessaging_context *msg_ctx,
+                             struct loadparm_context *lp_ctx,
+                             const struct auth_usersupplied_info *ui,
                              NTSTATUS status,
                              const char *account_name,
                              const char *domain_name,
                              const char *unix_username,
                              struct dom_sid *sid);
 
-void log_successful_authz_event(const struct tsocket_address *remote,
+/*
+ * Log details of a successful authorization to a service.
+ *
+ * Only successful authorizations are logged.  For clarity:
+ * - NTLM bad passwords will be recorded by log_authentication_event
+ * - Kerberos decrypt failures need to be logged in gensec_gssapi et al
+ *
+ * The service may later refuse authorization due to an ACL.
+ *
+ *
+ * NOTE: msg_ctx and lp_ctx is optional, but when supplied allows streaming the
+ * authorization events over the message bus.
+ */
+void log_successful_authz_event(struct imessaging_context *msg_ctx,
+                               struct loadparm_context *lp_ctx,
+                               const struct tsocket_address *remote,
                                const struct tsocket_address *local,
                                const char *service_description,
+                               const char *auth_type,
+                               const char *transport_protection,
                                struct auth_session_info *session_info);
 #endif