Samba4/Auth

Structures

auth_usersupplied_info

struct auth_usersupplied_info {

    const char *workstation_name;
    struct socket_address *remote_host;

    uint32_t logon_parameters;

    bool mapped_state;
    /* the values the client gives us */
    struct {
        const char *account_name;
        const char *domain_name;
    } client, mapped;

    enum auth_password_state password_state;

    union {
        struct {
            DATA_BLOB lanman;
            DATA_BLOB nt;
        } response;
        struct {
            struct samr_Password *lanman;
            struct samr_Password *nt;
        } hash;
		
        char *plaintext;
    } password;

    uint32_t flags;
};

auth_operations

struct auth_operations {

    const char *name;

    /* If you are using this interface, then you are probably
     * getting something wrong.  This interface is only for
     * security=server, and makes a number of compromises to allow
     * that.  It is not compatible with being a PDC.  */

    NTSTATUS (*get_challenge)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *challenge);

    /* Given the user supplied info, check if this backend want to handle the password checking */

    NTSTATUS (*want_check)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx,
        const struct auth_usersupplied_info *user_info);

    /* Given the user supplied info, check a password */

    NTSTATUS (*check_password)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx,
        const struct auth_usersupplied_info *user_info,
        struct auth_serversupplied_info **server_info);

    /* Lookup a 'server info' return based only on the principal */

    NTSTATUS (*get_server_info_principal)(TALLOC_CTX *mem_ctx, 
        struct auth_context *auth_context,
        const char *principal,
        struct auth_serversupplied_info **server_info);
};

auth_method_context

struct auth_method_context {
    struct auth_method_context *prev, *next;
    struct auth_context *auth_ctx;
    const struct auth_operations *ops;
    int depth;
    void *private_data;
};

auth_context

struct auth_context {

    struct {
        /* Who set this up in the first place? */ 
        const char *set_by;

        bool may_be_modified;

        DATA_BLOB data; 
    } challenge;

    /* methods, in the order they should be called */
    struct auth_method_context *methods;

    /* the event context to use for calls that can block */
    struct tevent_context *event_ctx;

    /* the messaging context which can be used by backends */
    struct messaging_context *msg_ctx;

    /* loadparm context */
    struct loadparm_context *lp_ctx;

    NTSTATUS (*check_password)(struct auth_context *auth_ctx,
        TALLOC_CTX *mem_ctx,
        const struct auth_usersupplied_info *user_info, 
        struct auth_serversupplied_info **server_info);
	
    NTSTATUS (*get_challenge)(struct auth_context *auth_ctx, const uint8_t **_chal);

    bool (*challenge_may_be_modified)(struct auth_context *auth_ctx);

    NTSTATUS (*set_challenge)(struct auth_context *auth_ctx, const uint8_t chal[8], const char *set_by);
	
    NTSTATUS (*get_server_info_principal)(TALLOC_CTX *mem_ctx, 
        struct auth_context *auth_context,
        const char *principal,
        struct auth_serversupplied_info **server_info);
};