Samba4/Auth

From SambaWiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Structures

auth_operations

struct auth_operations {

    const char *name;

    /* If you are using this interface, then you are probably
     * getting something wrong.  This interface is only for
     * security=server, and makes a number of compromises to allow
     * that.  It is not compatible with being a PDC.  */

    NTSTATUS (*get_challenge)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *challenge);

    /* Given the user supplied info, check if this backend want to handle the password checking */

    NTSTATUS (*want_check)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx,
        const struct auth_usersupplied_info *user_info);

    /* Given the user supplied info, check a password */

    NTSTATUS (*check_password)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx,
        const struct auth_usersupplied_info *user_info,
        struct auth_serversupplied_info **server_info);

    /* Lookup a 'server info' return based only on the principal */

    NTSTATUS (*get_server_info_principal)(TALLOC_CTX *mem_ctx, 
        struct auth_context *auth_context,
        const char *principal,
        struct auth_serversupplied_info **server_info);
}

auth_method_context

struct auth_method_context {
    struct auth_method_context *prev, *next;
    struct auth_context *auth_ctx;
    const struct auth_operations *ops;
    int depth;
    void *private_data;
}

auth_context

struct auth_context {

    struct {
        /* Who set this up in the first place? */ 
        const char *set_by;

        bool may_be_modified;

        DATA_BLOB data; 
    } challenge;

    /* methods, in the order they should be called */
    struct auth_method_context *methods;

    /* the event context to use for calls that can block */
    struct tevent_context *event_ctx;

    /* the messaging context which can be used by backends */
    struct messaging_context *msg_ctx;

    /* loadparm context */
    struct loadparm_context *lp_ctx;

    NTSTATUS (*check_password)(struct auth_context *auth_ctx,
        TALLOC_CTX *mem_ctx,
        const struct auth_usersupplied_info *user_info, 
        struct auth_serversupplied_info **server_info);
	
    NTSTATUS (*get_challenge)(struct auth_context *auth_ctx, const uint8_t **_chal);

    bool (*challenge_may_be_modified)(struct auth_context *auth_ctx);

    NTSTATUS (*set_challenge)(struct auth_context *auth_ctx, const uint8_t chal[8], const char *set_by);
	
    NTSTATUS (*get_server_info_principal)(TALLOC_CTX *mem_ctx, 
        struct auth_context *auth_context,
        const char *principal,
        struct auth_serversupplied_info **server_info);
}