2 Unix SMB/CIFS implementation.
4 Generic Authentication Interface
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 #define GENSEC_OID_NTLMSSP "1 3 6 1 4 1 311 2 2 10"
30 #define GENSEC_OID_SPNEGO "1 3 6 1 5 5 2"
31 #define GENSEC_OID_KERBEROS5 "1 2 840 113554 1 2 2"
32 #define GENSEC_OID_KERBEROS5_OLD "1 2 840 48018 1 2 2"
33 #define GENSEC_OID_KERBEROS5_USER2USER "1 2 840 113554 1 2 2 3"
35 enum gensec_priority {
45 enum credentials_use_kerberos;
47 struct gensec_security;
48 struct gensec_target {
49 const char *principal;
54 #define GENSEC_FEATURE_SESSION_KEY 0x00000001
55 #define GENSEC_FEATURE_SIGN 0x00000002
56 #define GENSEC_FEATURE_SEAL 0x00000004
57 #define GENSEC_FEATURE_DCE_STYLE 0x00000008
58 #define GENSEC_FEATURE_ASYNC_REPLIES 0x00000010
59 #define GENSEC_FEATURE_DATAGRAM_MODE 0x00000020
68 struct auth_session_info;
70 struct gensec_update_request {
71 struct gensec_security *gensec_security;
77 void (*fn)(struct gensec_update_request *req, void *private_data);
82 struct gensec_security_ops {
84 const char *sasl_name;
85 uint8_t auth_type; /* 0 if not offered on DCE-RPC */
86 const char **oid; /* NULL if not offered by SPNEGO */
87 NTSTATUS (*client_start)(struct gensec_security *gensec_security);
88 NTSTATUS (*server_start)(struct gensec_security *gensec_security);
90 Determine if a packet has the right 'magic' for this mechanism
92 NTSTATUS (*magic)(struct gensec_security *gensec_security,
93 const DATA_BLOB *first_packet);
94 NTSTATUS (*update)(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
95 const DATA_BLOB in, DATA_BLOB *out);
96 NTSTATUS (*seal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
97 uint8_t *data, size_t length,
98 const uint8_t *whole_pdu, size_t pdu_length,
100 NTSTATUS (*sign_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
101 const uint8_t *data, size_t length,
102 const uint8_t *whole_pdu, size_t pdu_length,
104 size_t (*sig_size)(struct gensec_security *gensec_security, size_t data_size);
105 size_t (*max_input_size)(struct gensec_security *gensec_security);
106 size_t (*max_wrapped_size)(struct gensec_security *gensec_security);
107 NTSTATUS (*check_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
108 const uint8_t *data, size_t length,
109 const uint8_t *whole_pdu, size_t pdu_length,
110 const DATA_BLOB *sig);
111 NTSTATUS (*unseal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
112 uint8_t *data, size_t length,
113 const uint8_t *whole_pdu, size_t pdu_length,
114 const DATA_BLOB *sig);
115 NTSTATUS (*wrap)(struct gensec_security *gensec_security,
119 NTSTATUS (*unwrap)(struct gensec_security *gensec_security,
123 NTSTATUS (*wrap_packets)(struct gensec_security *gensec_security,
127 size_t *len_processed);
128 NTSTATUS (*unwrap_packets)(struct gensec_security *gensec_security,
132 size_t *len_processed);
133 NTSTATUS (*packet_full_request)(struct gensec_security *gensec_security,
134 DATA_BLOB blob, size_t *size);
135 NTSTATUS (*session_key)(struct gensec_security *gensec_security, DATA_BLOB *session_key);
136 NTSTATUS (*session_info)(struct gensec_security *gensec_security,
137 struct auth_session_info **session_info);
138 BOOL (*have_feature)(struct gensec_security *gensec_security,
142 enum gensec_priority priority;
145 struct gensec_security_ops_wrapper {
146 const struct gensec_security_ops *op;
150 #define GENSEC_INTERFACE_VERSION 0
152 struct gensec_security {
153 const struct gensec_security_ops *ops;
155 struct cli_credentials *credentials;
156 struct gensec_target target;
157 enum gensec_role gensec_role;
159 uint32_t want_features;
160 struct event_context *event_ctx;
161 struct messaging_context *msg_ctx; /* only valid as server */
162 struct socket_address *my_addr, *peer_addr;
165 /* this structure is used by backends to determine the size of some critical types */
166 struct gensec_critical_sizes {
167 int interface_version;
168 int sizeof_gensec_security_ops;
169 int sizeof_gensec_security;
172 #include "auth/gensec/gensec_proto.h"
174 #endif /* __GENSEC_H__ */