source4/auth/gensec/gensec.h

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    Generic Authentication Interface
   5
   6    Copyright (C) Andrew Tridgell 2003
   7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 2 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program; if not, write to the Free Software
  21    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  22 */
  23
  24 #ifndef __GENSEC_H__
  25 #define __GENSEC_H__
  26
  27 #include "core.h"
  28
  29 #define GENSEC_OID_NTLMSSP "1 3 6 1 4 1 311 2 2 10"
  30 #define GENSEC_OID_SPNEGO "1 3 6 1 5 5 2"
  31 #define GENSEC_OID_KERBEROS5 "1 2 840 113554 1 2 2"
  32 #define GENSEC_OID_KERBEROS5_OLD "1 2 840 48018 1 2 2"
  33 #define GENSEC_OID_KERBEROS5_USER2USER "1 2 840 113554 1 2 2 3"
  34
  35 enum gensec_priority {
  36         GENSEC_SPNEGO = 90,
  37         GENSEC_GSSAPI = 80,
  38         GENSEC_KRB5 = 70,
  39         GENSEC_SCHANNEL = 60,
  40         GENSEC_NTLMSSP = 50,
  41         GENSEC_SASL = 20,
  42         GENSEC_OTHER = 0
  43 };
  44
  45 enum credentials_use_kerberos;
  46
  47 struct gensec_security;
  48 struct gensec_target {
  49         const char *principal;
  50         const char *hostname;
  51         const char *service;
  52 };
  53
  54 #define GENSEC_FEATURE_SESSION_KEY      0x00000001
  55 #define GENSEC_FEATURE_SIGN             0x00000002
  56 #define GENSEC_FEATURE_SEAL             0x00000004
  57 #define GENSEC_FEATURE_DCE_STYLE        0x00000008
  58 #define GENSEC_FEATURE_ASYNC_REPLIES    0x00000010
  59 #define GENSEC_FEATURE_DATAGRAM_MODE    0x00000020
  60
  61 /* GENSEC mode */
  62 enum gensec_role
  63 {
  64         GENSEC_SERVER,
  65         GENSEC_CLIENT
  66 };
  67
  68 struct auth_session_info;
  69
  70 struct gensec_update_request {
  71         struct gensec_security *gensec_security;
  72         void *private_data;
  73         DATA_BLOB in;
  74         DATA_BLOB out;
  75         NTSTATUS status;
  76         struct {
  77                 void (*fn)(struct gensec_update_request *req, void *private_data);
  78                 void *private_data;
  79         } callback;
  80 };
  81
  82 struct gensec_security_ops {
  83         const char *name;
  84         const char *sasl_name;
  85         uint8_t auth_type;  /* 0 if not offered on DCE-RPC */
  86         const char **oid;  /* NULL if not offered by SPNEGO */
  87         NTSTATUS (*client_start)(struct gensec_security *gensec_security);
  88         NTSTATUS (*server_start)(struct gensec_security *gensec_security);
  89         /**
  90            Determine if a packet has the right 'magic' for this mechanism
  91         */
  92         NTSTATUS (*magic)(struct gensec_security *gensec_security,
  93                           const DATA_BLOB *first_packet);
  94         NTSTATUS (*update)(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
  95                            const DATA_BLOB in, DATA_BLOB *out);
  96         NTSTATUS (*seal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
  97                                 uint8_t *data, size_t length,
  98                                 const uint8_t *whole_pdu, size_t pdu_length,
  99                                 DATA_BLOB *sig);
 100         NTSTATUS (*sign_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
 101                                 const uint8_t *data, size_t length,
 102                                 const uint8_t *whole_pdu, size_t pdu_length,
 103                                 DATA_BLOB *sig);
 104         size_t   (*sig_size)(struct gensec_security *gensec_security, size_t data_size);
 105         size_t   (*max_input_size)(struct gensec_security *gensec_security);
 106         size_t   (*max_wrapped_size)(struct gensec_security *gensec_security);
 107         NTSTATUS (*check_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
 108                                  const uint8_t *data, size_t length,
 109                                  const uint8_t *whole_pdu, size_t pdu_length,
 110                                  const DATA_BLOB *sig);
 111         NTSTATUS (*unseal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
 112                                   uint8_t *data, size_t length,
 113                                   const uint8_t *whole_pdu, size_t pdu_length,
 114                                   const DATA_BLOB *sig);
 115         NTSTATUS (*wrap)(struct gensec_security *gensec_security,
 116                                   TALLOC_CTX *mem_ctx,
 117                                   const DATA_BLOB *in,
 118                                   DATA_BLOB *out);
 119         NTSTATUS (*unwrap)(struct gensec_security *gensec_security,
 120                            TALLOC_CTX *mem_ctx,
 121                            const DATA_BLOB *in,
 122                            DATA_BLOB *out);
 123         NTSTATUS (*wrap_packets)(struct gensec_security *gensec_security,
 124                                  TALLOC_CTX *mem_ctx,
 125                                  const DATA_BLOB *in,
 126                                  DATA_BLOB *out,
 127                                  size_t *len_processed);
 128         NTSTATUS (*unwrap_packets)(struct gensec_security *gensec_security,
 129                                    TALLOC_CTX *mem_ctx,
 130                                    const DATA_BLOB *in,
 131                                    DATA_BLOB *out,
 132                                    size_t *len_processed);
 133         NTSTATUS (*packet_full_request)(struct gensec_security *gensec_security,
 134                                         DATA_BLOB blob, size_t *size);
 135         NTSTATUS (*session_key)(struct gensec_security *gensec_security, DATA_BLOB *session_key);
 136         NTSTATUS (*session_info)(struct gensec_security *gensec_security,
 137                                  struct auth_session_info **session_info);
 138         BOOL (*have_feature)(struct gensec_security *gensec_security,
 139                                     uint32_t feature);
 140         BOOL enabled;
 141         BOOL kerberos;
 142         enum gensec_priority priority;
 143 };
 144
 145 struct gensec_security_ops_wrapper {
 146         const struct gensec_security_ops *op;
 147         const char *oid;
 148 };
 149
 150 #define GENSEC_INTERFACE_VERSION 0
 151
 152 struct gensec_security {
 153         const struct gensec_security_ops *ops;
 154         void *private_data;
 155         struct cli_credentials *credentials;
 156         struct gensec_target target;
 157         enum gensec_role gensec_role;
 158         BOOL subcontext;
 159         uint32_t want_features;
 160         struct event_context *event_ctx;
 161         struct messaging_context *msg_ctx; /* only valid as server */
 162         struct socket_address *my_addr, *peer_addr;
 163 };
 164
 165 /* this structure is used by backends to determine the size of some critical types */
 166 struct gensec_critical_sizes {
 167         int interface_version;
 168         int sizeof_gensec_security_ops;
 169         int sizeof_gensec_security;
 170 };
 171
 172 #include "auth/gensec/gensec_proto.h"
 173
 174 #endif /* __GENSEC_H__ */