diff options
author | Stefan Metzmacher <metze@samba.org> | 2013-08-05 07:12:01 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2013-08-10 09:19:02 +0200 |
commit | 71c63e85e7a09acb57f6b75284358f2b3b29eeed (patch) | |
tree | fa5b0231fc25a77dfdc499b6c98913ac9c64182f /auth/gensec/gensec.h | |
parent | 57bcbb9c50f0a0252110a1e04a2883b511cd9165 (diff) | |
download | samba-71c63e85e7a09acb57f6b75284358f2b3b29eeed.tar.gz samba-71c63e85e7a09acb57f6b75284358f2b3b29eeed.tar.bz2 samba-71c63e85e7a09acb57f6b75284358f2b3b29eeed.zip |
auth/gensec: introduce gensec_internal.h
We should treat most gensec related structures private.
It's a long way, but this is a start.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth/gensec/gensec.h')
-rw-r--r-- | auth/gensec/gensec.h | 100 |
1 files changed, 4 insertions, 96 deletions
diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h index c080861664..5d39d8188f 100644 --- a/auth/gensec/gensec.h +++ b/auth/gensec/gensec.h @@ -76,6 +76,7 @@ struct gensec_settings; struct tevent_context; struct tevent_req; struct smb_krb5_context; +struct tsocket_address; struct gensec_settings { struct loadparm_context *lp_ctx; @@ -93,106 +94,13 @@ struct gensec_settings { const char *server_netbios_name; }; -struct gensec_security_ops { - const char *name; - const char *sasl_name; - uint8_t auth_type; /* 0 if not offered on DCE-RPC */ - const char **oid; /* NULL if not offered by SPNEGO */ - NTSTATUS (*client_start)(struct gensec_security *gensec_security); - NTSTATUS (*server_start)(struct gensec_security *gensec_security); - /** - Determine if a packet has the right 'magic' for this mechanism - */ - NTSTATUS (*magic)(struct gensec_security *gensec_security, - const DATA_BLOB *first_packet); - NTSTATUS (*update)(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, - struct tevent_context *ev, - const DATA_BLOB in, DATA_BLOB *out); - NTSTATUS (*seal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx, - uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - DATA_BLOB *sig); - NTSTATUS (*sign_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx, - const uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - DATA_BLOB *sig); - size_t (*sig_size)(struct gensec_security *gensec_security, size_t data_size); - size_t (*max_input_size)(struct gensec_security *gensec_security); - size_t (*max_wrapped_size)(struct gensec_security *gensec_security); - NTSTATUS (*check_packet)(struct gensec_security *gensec_security, - const uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - const DATA_BLOB *sig); - NTSTATUS (*unseal_packet)(struct gensec_security *gensec_security, - uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - const DATA_BLOB *sig); - NTSTATUS (*wrap)(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out); - NTSTATUS (*unwrap)(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out); - NTSTATUS (*wrap_packets)(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out, - size_t *len_processed); - NTSTATUS (*unwrap_packets)(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out, - size_t *len_processed); - NTSTATUS (*packet_full_request)(struct gensec_security *gensec_security, - DATA_BLOB blob, size_t *size); - NTSTATUS (*session_key)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, - DATA_BLOB *session_key); - NTSTATUS (*session_info)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, - struct auth_session_info **session_info); - void (*want_feature)(struct gensec_security *gensec_security, - uint32_t feature); - bool (*have_feature)(struct gensec_security *gensec_security, - uint32_t feature); - NTTIME (*expire_time)(struct gensec_security *gensec_security); - bool enabled; - bool kerberos; - enum gensec_priority priority; -}; - -struct gensec_security_ops_wrapper { - const struct gensec_security_ops *op; - const char *oid; -}; +struct gensec_security_ops; +struct gensec_security_ops_wrapper; #define GENSEC_INTERFACE_VERSION 0 -struct gensec_security { - const struct gensec_security_ops *ops; - void *private_data; - struct cli_credentials *credentials; - struct gensec_target target; - enum gensec_role gensec_role; - bool subcontext; - uint32_t want_features; - uint32_t max_update_size; - uint8_t dcerpc_auth_level; - struct tsocket_address *local_addr, *remote_addr; - struct gensec_settings *settings; - - /* When we are a server, this may be filled in to provide an - * NTLM authentication backend, and user lookup (such as if no - * PAC is found) */ - struct auth4_context *auth_context; -}; - /* this structure is used by backends to determine the size of some critical types */ -struct gensec_critical_sizes { - int interface_version; - int sizeof_gensec_security_ops; - int sizeof_gensec_security; -}; +struct gensec_critical_sizes; const struct gensec_critical_sizes *gensec_interface_version(void); /* Socket wrapper */ |