diff options
author | Andrew Bartlett <abartlet@samba.org> | 2001-08-03 13:09:23 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2001-08-03 13:09:23 +0000 |
commit | 986372901e85a79343ba32f590a4a3e7658d2565 (patch) | |
tree | 19c863631c1c0da0535adf090dbb4c566e7e9d3b /source3/include | |
parent | 8dad2a1310c6dc908934ac836377cbfed8f7a010 (diff) | |
download | samba-986372901e85a79343ba32f590a4a3e7658d2565.tar.gz samba-986372901e85a79343ba32f590a4a3e7658d2565.tar.bz2 samba-986372901e85a79343ba32f590a4a3e7658d2565.zip |
This is my 'Authentication Rewrite' version 1.01, mostly as submitted to
samba-technical a few weeks ago.
The idea here is to standardize the checking of user names and passwords,
thereby ensuring that all authtentications pass the same standards. The
interface currently implemented in as
nt_status = check_password(user_info, server_info)
where user_info contains (mostly) the authentication data, and server_info
contains things like the user-id they got, and their resolved user name.
The current ugliness with the way the structures are created will be killed
the next revision, when they will be created and malloced by creator functions.
This patch also includes the first implementation of NTLMv2 in HEAD, but which
needs some more testing. We also add a hack to allow plaintext passwords to be
compared with smbpasswd, not the system password database.
Finally, this patch probably reintroduces the PAM accounts bug we had in
2.2.0, I'll fix that once this hits the tree. (I've just finished testing
it on a wide variety of platforms, so I want to get this patch in).
(This used to be commit b30b6202f31d339b48d51c0d38174cafd1cfcd42)
Diffstat (limited to 'source3/include')
-rw-r--r-- | source3/include/auth.h | 95 | ||||
-rw-r--r-- | source3/include/includes.h | 2 |
2 files changed, 97 insertions, 0 deletions
diff --git a/source3/include/auth.h b/source3/include/auth.h new file mode 100644 index 0000000000..b81f80eca5 --- /dev/null +++ b/source3/include/auth.h @@ -0,0 +1,95 @@ +/* + Unix SMB/Netbios implementation. + Version 2.2 + Standardised Authentication types + Copyright (C) Andrew Bartlett 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* AUTH_STR - string */ +typedef struct normal_string +{ + int len; + char *str; +} AUTH_STR; + +/* AUTH_UNISTR - unicode string or buffer */ +typedef struct unicode_string +{ + int len; + uchar *unistr; +} AUTH_UNISTR; + +/* AUTH_BUFFER - 8-bit byte buffer */ +typedef struct auth_buffer +{ + int len; + uint8 *buffer; +} AUTH_BUFFER; + +typedef struct net_password +{ + AUTH_BUFFER lm_resp; + AUTH_BUFFER nt_resp; +} auth_net_password; + +typedef struct interactive_password +{ + OWF_INFO lm_owf; /* LM OWF Password */ + OWF_INFO nt_owf; /* NT OWF Password */ +} auth_interactive_password; + +typedef struct plaintext_password +{ + AUTH_STR password; +} auth_plaintext_password; + +typedef struct usersupplied_info +{ + + AUTH_BUFFER lm_resp; + AUTH_BUFFER nt_resp; + auth_interactive_password * interactive_password; + AUTH_STR plaintext_password; + + uint8 chal[8]; + + AUTH_STR requested_domain; /* domain name unicode string */ + AUTH_STR domain; /* domain name after mapping */ + AUTH_STR requested_username; + AUTH_STR smb_username; /* user name unicode string (after mapping) */ + AUTH_STR wksta_name; /* workstation name (netbios calling name) unicode string */ + +} auth_usersupplied_info; + +typedef struct serversupplied_info +{ + AUTH_STR full_name; + AUTH_STR unix_user; + + BOOL guest; + + uid_t unix_uid; + gid_t unix_gid; + + /* This groups info is needed for when we become_user() for this uid */ + int n_groups; + gid_t *groups; + + uchar session_key[16]; + +} auth_serversupplied_info; + diff --git a/source3/include/includes.h b/source3/include/includes.h index 2caeb255bd..63bcb1192e 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -666,6 +666,8 @@ extern int errno; #include "md5.h" #include "hmacmd5.h" +#include "auth.h" + #ifndef MAXCODEPAGELINES #define MAXCODEPAGELINES 256 #endif |