Samba4/Auth: Difference between revisions

From SambaWiki
 
Line 1: Line 1:
= Structures =
= Structures =

== auth_usersupplied_info ==

<pre>
struct auth_usersupplied_info {

const char *workstation_name;
struct socket_address *remote_host;

uint32_t logon_parameters;

bool mapped_state;
/* the values the client gives us */
struct {
const char *account_name;
const char *domain_name;
} client, mapped;

enum auth_password_state password_state;

union {
struct {
DATA_BLOB lanman;
DATA_BLOB nt;
} response;
struct {
struct samr_Password *lanman;
struct samr_Password *nt;
} hash;
char *plaintext;
} password;

uint32_t flags;
};
</pre>


== auth_operations ==
== auth_operations ==
Line 32: Line 68:
const char *principal,
const char *principal,
struct auth_serversupplied_info **server_info);
struct auth_serversupplied_info **server_info);
}
};
</pre>
</pre>


Line 44: Line 80:
int depth;
int depth;
void *private_data;
void *private_data;
}
};
</pre>
</pre>


Line 88: Line 124:
const char *principal,
const char *principal,
struct auth_serversupplied_info **server_info);
struct auth_serversupplied_info **server_info);
}
};
</pre>
</pre>

Latest revision as of 02:08, 20 October 2009

Structures

auth_usersupplied_info

struct auth_usersupplied_info {

    const char *workstation_name;
    struct socket_address *remote_host;

    uint32_t logon_parameters;

    bool mapped_state;
    /* the values the client gives us */
    struct {
        const char *account_name;
        const char *domain_name;
    } client, mapped;

    enum auth_password_state password_state;

    union {
        struct {
            DATA_BLOB lanman;
            DATA_BLOB nt;
        } response;
        struct {
            struct samr_Password *lanman;
            struct samr_Password *nt;
        } hash;
		
        char *plaintext;
    } password;

    uint32_t flags;
};

auth_operations

struct auth_operations {

    const char *name;

    /* If you are using this interface, then you are probably
     * getting something wrong.  This interface is only for
     * security=server, and makes a number of compromises to allow
     * that.  It is not compatible with being a PDC.  */

    NTSTATUS (*get_challenge)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *challenge);

    /* Given the user supplied info, check if this backend want to handle the password checking */

    NTSTATUS (*want_check)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx,
        const struct auth_usersupplied_info *user_info);

    /* Given the user supplied info, check a password */

    NTSTATUS (*check_password)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx,
        const struct auth_usersupplied_info *user_info,
        struct auth_serversupplied_info **server_info);

    /* Lookup a 'server info' return based only on the principal */

    NTSTATUS (*get_server_info_principal)(TALLOC_CTX *mem_ctx, 
        struct auth_context *auth_context,
        const char *principal,
        struct auth_serversupplied_info **server_info);
};

auth_method_context

struct auth_method_context {
    struct auth_method_context *prev, *next;
    struct auth_context *auth_ctx;
    const struct auth_operations *ops;
    int depth;
    void *private_data;
};

auth_context

struct auth_context {

    struct {
        /* Who set this up in the first place? */ 
        const char *set_by;

        bool may_be_modified;

        DATA_BLOB data; 
    } challenge;

    /* methods, in the order they should be called */
    struct auth_method_context *methods;

    /* the event context to use for calls that can block */
    struct tevent_context *event_ctx;

    /* the messaging context which can be used by backends */
    struct messaging_context *msg_ctx;

    /* loadparm context */
    struct loadparm_context *lp_ctx;

    NTSTATUS (*check_password)(struct auth_context *auth_ctx,
        TALLOC_CTX *mem_ctx,
        const struct auth_usersupplied_info *user_info, 
        struct auth_serversupplied_info **server_info);
	
    NTSTATUS (*get_challenge)(struct auth_context *auth_ctx, const uint8_t **_chal);

    bool (*challenge_may_be_modified)(struct auth_context *auth_ctx);

    NTSTATUS (*set_challenge)(struct auth_context *auth_ctx, const uint8_t chal[8], const char *set_by);
	
    NTSTATUS (*get_server_info_principal)(TALLOC_CTX *mem_ctx, 
        struct auth_context *auth_context,
        const char *principal,
        struct auth_serversupplied_info **server_info);
};