diff options
Diffstat (limited to 'source4/auth')
33 files changed, 412 insertions, 106 deletions
diff --git a/source4/auth/auth.c b/source4/auth/auth.c index ed590f2ced..af3796a70d 100644 --- a/source4/auth/auth.c +++ b/source4/auth/auth.c @@ -21,6 +21,7 @@ #include "includes.h" #include "lib/util/dlinklist.h" #include "auth/auth.h" +#include "auth/auth_proto.h" #include "lib/events/events.h" #include "build.h" #include "param/param.h" @@ -28,7 +29,7 @@ /*************************************************************************** Set a fixed challenge ***************************************************************************/ -NTSTATUS auth_context_set_challenge(struct auth_context *auth_ctx, const uint8_t chal[8], const char *set_by) +_PUBLIC_ NTSTATUS auth_context_set_challenge(struct auth_context *auth_ctx, const uint8_t chal[8], const char *set_by) { auth_ctx->challenge.set_by = talloc_strdup(auth_ctx, set_by); NT_STATUS_HAVE_NO_MEMORY(auth_ctx->challenge.set_by); @@ -146,7 +147,7 @@ static void auth_check_password_sync_callback(struct auth_check_password_request * **/ -NTSTATUS auth_check_password(struct auth_context *auth_ctx, +_PUBLIC_ NTSTATUS auth_check_password(struct auth_context *auth_ctx, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info) @@ -218,7 +219,7 @@ static void auth_check_password_async_timed_handler(struct event_context *ev, st * **/ -void auth_check_password_send(struct auth_context *auth_ctx, +_PUBLIC_ void auth_check_password_send(struct auth_context *auth_ctx, const struct auth_usersupplied_info *user_info, void (*callback)(struct auth_check_password_request *req, void *private_data), void *private_data) @@ -320,7 +321,7 @@ failed: * **/ -NTSTATUS auth_check_password_recv(struct auth_check_password_request *req, +_PUBLIC_ NTSTATUS auth_check_password_recv(struct auth_check_password_request *req, TALLOC_CTX *mem_ctx, struct auth_serversupplied_info **server_info) { @@ -350,7 +351,7 @@ NTSTATUS auth_check_password_recv(struct auth_check_password_request *req, Make a auth_info struct for the auth subsystem - Allow the caller to specify the methods to use ***************************************************************************/ -NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods, +_PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods, struct event_context *ev, struct messaging_context *msg, struct loadparm_context *lp_ctx, @@ -413,7 +414,7 @@ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods, Make a auth_info struct for the auth subsystem - Uses default auth_methods, depending on server role and smb.conf settings ***************************************************************************/ -NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, +_PUBLIC_ NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, struct event_context *ev, struct messaging_context *msg, struct loadparm_context *lp_ctx, @@ -447,7 +448,7 @@ static int num_backends; The 'name' can be later used by other backends to find the operations structure for this backend. */ -NTSTATUS auth_register(const struct auth_operations *ops) +_PUBLIC_ NTSTATUS auth_register(const struct auth_operations *ops) { struct auth_operations *new_ops; @@ -512,7 +513,7 @@ const struct auth_critical_sizes *auth_interface_version(void) return &critical_sizes; } -NTSTATUS auth_init(void) +_PUBLIC_ NTSTATUS auth_init(void) { static bool initialized = false; diff --git a/source4/auth/auth.h b/source4/auth/auth.h index ff7132c3ff..da8aac48ef 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -190,6 +190,63 @@ struct auth_critical_sizes { #include "auth/session.h" #include "auth/system_session_proto.h" -#include "auth/auth_proto.h" + +struct ldb_message; +struct ldb_context; +NTSTATUS auth_get_challenge(struct auth_context *auth_ctx, const uint8_t **_chal); +NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, + struct ldb_context *sam_ctx, + uint32_t logon_parameters, + struct ldb_message *msg, + struct ldb_message *msg_domain_ref, + const char *logon_workstation, + const char *name_for_logs); +struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx); +NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx, + const char *netbios_name, + struct ldb_message *msg, + struct ldb_message *msg_domain_ref, + DATA_BLOB user_sess_key, DATA_BLOB lm_sess_key, + struct auth_serversupplied_info **_server_info); +NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx, + struct loadparm_context *lp_ctx, + struct auth_session_info **_session_info) ; +NTSTATUS auth_nt_status_squash(NTSTATUS nt_status); + +NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods, + struct event_context *ev, + struct messaging_context *msg, + struct loadparm_context *lp_ctx, + struct auth_context **auth_ctx); + +NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct messaging_context *msg, + struct loadparm_context *lp_ctx, + struct auth_context **auth_ctx); + +NTSTATUS auth_check_password(struct auth_context *auth_ctx, + TALLOC_CTX *mem_ctx, + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info); +NTSTATUS auth_init(void); +NTSTATUS auth_register(const struct auth_operations *ops); +NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct messaging_context *msg, + struct loadparm_context *lp_ctx, + const char *nt4_domain, + const char *nt4_username, + const char *password, + struct auth_session_info **session_info); +NTSTATUS auth_check_password_recv(struct auth_check_password_request *req, + TALLOC_CTX *mem_ctx, + struct auth_serversupplied_info **server_info); + +void auth_check_password_send(struct auth_context *auth_ctx, + const struct auth_usersupplied_info *user_info, + void (*callback)(struct auth_check_password_request *req, void *private_data), + void *private_data); +NTSTATUS auth_context_set_challenge(struct auth_context *auth_ctx, const uint8_t chal[8], const char *set_by); #endif /* _SMBAUTH_H_ */ diff --git a/source4/auth/auth_anonymous.c b/source4/auth/auth_anonymous.c index 38c13d4b65..b93c7c2008 100644 --- a/source4/auth/auth_anonymous.c +++ b/source4/auth/auth_anonymous.c @@ -21,6 +21,7 @@ #include "includes.h" #include "auth/auth.h" +#include "auth/auth_proto.h" #include "param/param.h" /** diff --git a/source4/auth/auth_developer.c b/source4/auth/auth_developer.c index 0da947b68d..a2c9cbc828 100644 --- a/source4/auth/auth_developer.c +++ b/source4/auth/auth_developer.c @@ -21,6 +21,7 @@ #include "includes.h" #include "auth/auth.h" +#include "auth/auth_proto.h" #include "libcli/security/security.h" #include "librpc/gen_ndr/ndr_samr.h" diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c index 4cb8d2b304..4b467cee75 100644 --- a/source4/auth/auth_sam.c +++ b/source4/auth/auth_sam.c @@ -25,6 +25,7 @@ #include "lib/ldb/include/ldb.h" #include "util/util_ldb.h" #include "auth/auth.h" +#include "auth/auth_proto.h" #include "auth/auth_sam.h" #include "dsdb/samdb/samdb.h" #include "libcli/security/security.h" diff --git a/source4/auth/auth_simple.c b/source4/auth/auth_simple.c index 3c7bf5433a..50be02a353 100644 --- a/source4/auth/auth_simple.c +++ b/source4/auth/auth_simple.c @@ -25,6 +25,7 @@ #include "auth/auth.h" #include "lib/events/events.h" #include "param/param.h" +#include "auth/session_proto.h" /* It's allowed to pass NULL as session_info, diff --git a/source4/auth/auth_unix.c b/source4/auth/auth_unix.c index 20e198701d..a417107025 100644 --- a/source4/auth/auth_unix.c +++ b/source4/auth/auth_unix.c @@ -21,6 +21,7 @@ #include "includes.h" #include "auth/auth.h" +#include "auth/auth_proto.h" #include "system/passwd.h" /* needed by some systems for struct passwd */ #include "lib/socket/socket.h" #include "auth/pam_errors.h" diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c index 5d2bc6bac0..1d86b858cf 100644 --- a/source4/auth/auth_util.c +++ b/source4/auth/auth_util.c @@ -246,7 +246,7 @@ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_contex * @param nt_status NTSTATUS input for squashing. * @return the 'squashed' nt_status **/ -NTSTATUS auth_nt_status_squash(NTSTATUS nt_status) +_PUBLIC_ NTSTATUS auth_nt_status_squash(NTSTATUS nt_status) { if NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) { /* Match WinXP and don't give the game away */ diff --git a/source4/auth/auth_winbind.c b/source4/auth/auth_winbind.c index 2f8074d3cb..149f549afa 100644 --- a/source4/auth/auth_winbind.c +++ b/source4/auth/auth_winbind.c @@ -23,6 +23,8 @@ #include "includes.h" #include "auth/auth.h" +#include "auth/auth_proto.h" +#include "auth/session_proto.h" #include "nsswitch/winbind_client.h" #include "librpc/gen_ndr/ndr_netlogon.h" #include "librpc/gen_ndr/ndr_winbind.h" diff --git a/source4/auth/config.mk b/source4/auth/config.mk index 369c5bb4e6..63aec09847 100644 --- a/source4/auth/config.mk +++ b/source4/auth/config.mk @@ -9,7 +9,7 @@ OBJ_FILES = session.o PRIVATE_PROTO_HEADER = session_proto.h PUBLIC_DEPENDENCIES = CREDENTIALS -PUBLIC_HEADERS += auth/session.h +# PUBLIC_HEADERS += auth/session.h [SUBSYSTEM::auth_system_session] OBJ_FILES = system_session.o @@ -92,7 +92,7 @@ PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL # End SUBSYSTEM auth ####################### -PUBLIC_HEADERS += auth/auth.h +# PUBLIC_HEADERS += auth/auth.h [PYTHON::swig_auth] PUBLIC_DEPENDENCIES = auth_system_session diff --git a/source4/auth/credentials/config.mk b/source4/auth/credentials/config.mk index ef8db50109..83f2f0db93 100644 --- a/source4/auth/credentials/config.mk +++ b/source4/auth/credentials/config.mk @@ -12,7 +12,7 @@ PUBLIC_DEPENDENCIES = \ PRIVATE_DEPENDENCIES = \ SECRETS -PUBLIC_HEADERS += $(addprefix auth/credentials/, credentials.h credentials_krb5.h) +PUBLIC_HEADERS += auth/credentials/credentials.h [PYTHON::swig_credentials] PUBLIC_DEPENDENCIES = CREDENTIALS LIBCMDLINE_CREDENTIALS diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c index 6d5c1210c9..89dddc9e05 100644 --- a/source4/auth/credentials/credentials.c +++ b/source4/auth/credentials/credentials.c @@ -33,7 +33,7 @@ * Create a new credentials structure * @param mem_ctx TALLOC_CTX parent for credentials structure */ -struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) +_PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) { struct cli_credentials *cred = talloc(mem_ctx, struct cli_credentials); if (!cred) { @@ -77,7 +77,7 @@ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) * Create a new anonymous credential * @param mem_ctx TALLOC_CTX parent for credentials structure */ -struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx) +_PUBLIC_ struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx) { struct cli_credentials *anon_credentials; @@ -87,23 +87,23 @@ struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx) return anon_credentials; } -void cli_credentials_set_kerberos_state(struct cli_credentials *creds, +_PUBLIC_ void cli_credentials_set_kerberos_state(struct cli_credentials *creds, enum credentials_use_kerberos use_kerberos) { creds->use_kerberos = use_kerberos; } -enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds) +_PUBLIC_ enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds) { return creds->use_kerberos; } -void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features) +_PUBLIC_ void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features) { creds->gensec_features = gensec_features; } -uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds) +_PUBLIC_ uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds) { return creds->gensec_features; } @@ -115,7 +115,7 @@ uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds) * @retval The username set on this context. * @note Return value will never be NULL except by programmer error. */ -const char *cli_credentials_get_username(struct cli_credentials *cred) +_PUBLIC_ const char *cli_credentials_get_username(struct cli_credentials *cred) { if (cred->machine_account_pending) { cli_credentials_set_machine_account(cred, @@ -134,7 +134,7 @@ const char *cli_credentials_get_username(struct cli_credentials *cred) return cred->username; } -bool cli_credentials_set_username(struct cli_credentials *cred, +_PUBLIC_ bool cli_credentials_set_username(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained) { if (obtained >= cred->username_obtained) { @@ -159,7 +159,7 @@ bool cli_credentials_set_username_callback(struct cli_credentials *cred, return false; } -bool cli_credentials_set_bind_dn(struct cli_credentials *cred, +_PUBLIC_ bool cli_credentials_set_bind_dn(struct cli_credentials *cred, const char *bind_dn) { cred->bind_dn = talloc_strdup(cred, bind_dn); @@ -172,7 +172,7 @@ bool cli_credentials_set_bind_dn(struct cli_credentials *cred, * @retval The username set on this context. * @note Return value will be NULL if not specified explictly */ -const char *cli_credentials_get_bind_dn(struct cli_credentials *cred) +_PUBLIC_ const char *cli_credentials_get_bind_dn(struct cli_credentials *cred) { return cred->bind_dn; } @@ -184,7 +184,7 @@ const char *cli_credentials_get_bind_dn(struct cli_credentials *cred) * @retval The username set on this context. * @note Return value will never be NULL except by programmer error. */ -const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx) +_PUBLIC_ const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx) { if (cred->machine_account_pending) { cli_credentials_set_machine_account(cred, @@ -246,7 +246,7 @@ bool cli_credentials_set_principal_callback(struct cli_credentials *cred, * function to determine if authentication has been explicitly * requested */ -bool cli_credentials_authentication_requested(struct cli_credentials *cred) +_PUBLIC_ bool cli_credentials_authentication_requested(struct cli_credentials *cred) { if (cred->bind_dn) { return true; @@ -275,7 +275,7 @@ bool cli_credentials_authentication_requested(struct cli_credentials *cred) * @param cred credentials context * @retval If set, the cleartext password, otherwise NULL */ -const char *cli_credentials_get_password(struct cli_credentials *cred) +_PUBLIC_ const char *cli_credentials_get_password(struct cli_credentials *cred) { if (cred->machine_account_pending) { cli_credentials_set_machine_account(cred, @@ -297,7 +297,7 @@ const char *cli_credentials_get_password(struct cli_credentials *cred) /* Set a password on the credentials context, including an indication * of 'how' the password was obtained */ -bool cli_credentials_set_password(struct cli_credentials *cred, +_PUBLIC_ bool cli_credentials_set_password(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained) { @@ -313,7 +313,7 @@ bool cli_credentials_set_password(struct cli_credentials *cred, return false; } -bool cli_credentials_set_password_callback(struct cli_credentials *cred, +_PUBLIC_ bool cli_credentials_set_password_callback(struct cli_credentials *cred, const char *(*password_cb) (struct cli_credentials *)) { if (cred->password_obtained < CRED_CALLBACK) { @@ -358,7 +358,7 @@ bool cli_credentials_set_old_password(struct cli_credentials *cred, * @param cred credentials context * @retval If set, the cleartext password, otherwise NULL */ -const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred, +_PUBLIC_ const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred, TALLOC_CTX *mem_ctx) { const char *password = cli_credentials_get_password(cred); @@ -377,7 +377,7 @@ const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials * } } -bool cli_credentials_set_nt_hash(struct cli_credentials *cred, +_PUBLIC_ bool cli_credentials_set_nt_hash(struct cli_credentials *cred, const struct samr_Password *nt_hash, enum credentials_obtained obtained) { @@ -401,7 +401,7 @@ bool cli_credentials_set_nt_hash(struct cli_credentials *cred, * @retval The domain set on this context. * @note Return value will never be NULL except by programmer error. */ -const char *cli_credentials_get_domain(struct cli_credentials *cred) +_PUBLIC_ const char *cli_credentials_get_domain(struct cli_credentials *cred) { if (cred->machine_account_pending) { cli_credentials_set_machine_account(cred, @@ -421,7 +421,7 @@ const char *cli_credentials_get_domain(struct cli_credentials *cred) } -bool cli_credentials_set_domain(struct cli_credentials *cred, +_PUBLIC_ bool cli_credentials_set_domain(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained) { @@ -456,7 +456,7 @@ bool cli_credentials_set_domain_callback(struct cli_credentials *cred, * @retval The realm set on this context. * @note Return value will never be NULL except by programmer error. */ -const char *cli_credentials_get_realm(struct cli_credentials *cred) +_PUBLIC_ const char *cli_credentials_get_realm(struct cli_credentials *cred) { if (cred->machine_account_pending) { cli_credentials_set_machine_account(cred, @@ -479,7 +479,7 @@ const char *cli_credentials_get_realm(struct cli_credentials *cred) * Set the realm for this credentials context, and force it to * uppercase for the sainity of our local kerberos libraries */ -bool cli_credentials_set_realm(struct cli_credentials *cred, +_PUBLIC_ bool cli_credentials_set_realm(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained) { @@ -512,7 +512,7 @@ bool cli_credentials_set_realm_callback(struct cli_credentials *cred, * @retval The workstation name set on this context. * @note Return value will never be NULL except by programmer error. */ -const char *cli_credentials_get_workstation(struct cli_credentials *cred) +_PUBLIC_ const char *cli_credentials_get_workstation(struct cli_credentials *cred) { if (cred->workstation_obtained == CRED_CALLBACK && !cred->callback_running) { @@ -525,7 +525,7 @@ const char *cli_credentials_get_workstation(struct cli_credentials *cred) return cred->workstation; } -bool cli_credentials_set_workstation(struct cli_credentials *cred, +_PUBLIC_ bool cli_credentials_set_workstation(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained) { @@ -560,7 +560,7 @@ bool cli_credentials_set_workstation_callback(struct cli_credentials *cred, * @param obtained This enum describes how 'specified' this password is */ -void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained) +_PUBLIC_ void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained) { char *uname, *p; @@ -597,7 +597,7 @@ void cli_credentials_parse_string(struct cli_credentials *credentials, const cha * @param mem_ctx The memory context to place the result on */ -const char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx) +_PUBLIC_ const char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx) { const char *bind_dn = cli_credentials_get_bind_dn(credentials); const char *domain; @@ -625,7 +625,7 @@ const char *cli_credentials_get_unparsed_name(struct cli_credentials *credential * * @param cred Credentials structure to fill in */ -void cli_credentials_set_conf(struct cli_credentials *cred, +_PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred, struct loadparm_context *lp_ctx) { cli_credentials_set_username(cred, "", CRED_UNINITIALISED); @@ -640,7 +640,7 @@ void cli_credentials_set_conf(struct cli_credentials *cred, * * @param cred Credentials structure to fill in */ -void cli_credentials_guess(struct cli_credentials *cred, +_PUBLIC_ void cli_credentials_guess(struct cli_credentials *cred, struct loadparm_context *lp_ctx) { char *p; @@ -683,7 +683,7 @@ void cli_credentials_guess(struct cli_credentials *cred, * Attach NETLOGON credentials for use with SCHANNEL */ -void cli_credentials_set_netlogon_creds(struct cli_credentials *cred, +_PUBLIC_ void cli_credentials_set_netlogon_creds(struct cli_credentials *cred, struct creds_CredentialState *netlogon_creds) { cred->netlogon_creds = talloc_reference(cred, netlogon_creds); @@ -702,7 +702,7 @@ struct creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_cred * Set NETLOGON secure channel type */ -void cli_credentials_set_secure_channel_type(struct cli_credentials *cred, +_PUBLIC_ void cli_credentials_set_secure_channel_type(struct cli_credentials *cred, enum netr_SchannelType secure_channel_type) { cred->secure_channel_type = secure_channel_type; @@ -712,7 +712,7 @@ void cli_credentials_set_secure_channel_type(struct cli_credentials *cred, * Return NETLOGON secure chanel type */ -enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred) +_PUBLIC_ enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred) { return cred->secure_channel_type; } @@ -720,7 +720,7 @@ enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_creden /** * Fill in a credentials structure as the anonymous user */ -void cli_credentials_set_anonymous(struct cli_credentials *cred) +_PUBLIC_ void cli_credentials_set_anonymous(struct cli_credentials *cred) { cli_credentials_set_username(cred, "", CRED_SPECIFIED); cli_credentials_set_domain(cred, "", CRED_SPECIFIED); @@ -734,7 +734,7 @@ void cli_credentials_set_anonymous(struct cli_credentials *cred) * @retval true if anonymous, false if a username is specified */ -bool cli_credentials_is_anonymous(struct cli_credentials *cred) +_PUBLIC_ bool cli_credentials_is_anonymous(struct cli_credentials *cred) { const char *username; @@ -763,7 +763,7 @@ bool cli_credentials_is_anonymous(struct cli_credentials *cred) * * @retval whether the credentials struct is finished */ -bool cli_credentials_wrong_password(struct cli_credentials *cred) +_PUBLIC_ bool cli_credentials_wrong_password(struct cli_credentials *cred) { if (cred->password_obtained != CRED_CALLBACK_RESULT) { return false; @@ -779,7 +779,7 @@ bool cli_credentials_wrong_password(struct cli_credentials *cred) /* set the common event context for this set of credentials */ -void cli_credentials_set_event_context(struct cli_credentials *cred, struct event_context *ev) +_PUBLIC_ void cli_credentials_set_event_context(struct cli_credentials *cred, struct event_context *ev) { cred->ev = ev; } @@ -787,7 +787,7 @@ void cli_credentials_set_event_context(struct cli_credentials *cred, struct even /* set the common event context for this set of credentials */ -struct event_context *cli_credentials_get_event_context(struct cli_credentials *cred) +_PUBLIC_ struct event_context *cli_credentials_get_event_context(struct cli_credentials *cred) { if (cred->ev == NULL) { cred->ev = event_context_find(cred); diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h index 1b205c61ce..afcb300638 100644 --- a/source4/auth/credentials/credentials.h +++ b/source4/auth/credentials/credentials.h @@ -132,6 +132,117 @@ struct ccache_container; struct gssapi_creds_container; -#include "auth/credentials/credentials_proto.h" +const char *cli_credentials_get_workstation(struct cli_credentials *cred); +bool cli_credentials_set_workstation(struct cli_credentials *cred, + const char *val, + enum credentials_obtained obtained); +bool cli_credentials_is_anonymous(struct cli_credentials *cred); +struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx); +void cli_credentials_set_anonymous(struct cli_credentials *cred); +bool cli_credentials_wrong_password(struct cli_credentials *cred); +const char *cli_credentials_get_password(struct cli_credentials *cred); +void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, + const char **username, + const char **domain); +NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, + int *flags, + DATA_BLOB challenge, DATA_BLOB target_info, + DATA_BLOB *_lm_response, DATA_BLOB *_nt_response, + DATA_BLOB *_lm_session_key, DATA_BLOB *_session_key); +const char *cli_credentials_get_realm(struct cli_credentials *cred); +const char *cli_credentials_get_username(struct cli_credentials *cred); +int cli_credentials_get_krb5_context(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + struct smb_krb5_context **smb_krb5_context); +int cli_credentials_get_ccache(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + struct ccache_container **ccc); +int cli_credentials_get_keytab(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + struct keytab_container **_ktc); +const char *cli_credentials_get_domain(struct cli_credentials *cred); +struct creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred); +void cli_credentials_set_machine_account_pending(struct cli_credentials *cred, + struct loadparm_context *lp_ctx); +void cli_credentials_set_conf(struct cli_credentials *cred, + struct loadparm_context *lp_ctx); +const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx); +int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + struct gssapi_creds_container **_gcc); +int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + struct gssapi_creds_container **_gcc); +void cli_credentials_set_event_context(struct cli_credentials *cred, struct event_context *ev); +void cli_credentials_set_kerberos_state(struct cli_credentials *creds, + enum credentials_use_kerberos use_kerberos); +struct event_context *cli_credentials_get_event_context(struct cli_credentials *cred); +bool cli_credentials_set_domain(struct cli_credentials *cred, + const char *val, + enum credentials_obtained obtained); +bool cli_credentials_set_username(struct cli_credentials *cred, + const char *val, enum credentials_obtained obtained); +bool cli_credentials_set_password(struct cli_credentials *cred, + const char *val, + enum credentials_obtained obtained); +struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx); +void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained); +const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred, + TALLOC_CTX *mem_ctx); +bool cli_credentials_set_realm(struct cli_credentials *cred, + const char *val, + enum credentials_obtained obtained); +void cli_credentials_set_secure_channel_type(struct cli_credentials *cred, + enum netr_SchannelType secure_channel_type); +void cli_credentials_set_netlogon_creds(struct cli_credentials *cred, + struct creds_CredentialState *netlogon_creds); +NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred, + struct smb_krb5_context *smb_krb5_context); +NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + const char *serviceprincipal); +NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred, + struct loadparm_context *lp_ctx); +bool cli_credentials_authentication_requested(struct cli_credentials *cred); +void cli_credentials_guess(struct cli_credentials *cred, + struct loadparm_context *lp_ctx); +bool cli_credentials_set_bind_dn(struct cli_credentials *cred, + const char *bind_dn); +const char *cli_credentials_get_bind_dn(struct cli_credentials *cred); +bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, enum credentials_obtained obtained); +const char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx); +bool cli_credentials_set_password_callback(struct cli_credentials *cred, + const char *(*password_cb) (struct cli_credentials *)); +enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred); +void cli_credentials_set_kvno(struct cli_credentials *cred, + int kvno); +bool cli_credentials_set_nt_hash(struct cli_credentials *cred, + const struct samr_Password *nt_hash, + enum credentials_obtained obtained); +int cli_credentials_set_keytab_name(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + const char *keytab_name, + enum credentials_obtained obtained); +int cli_credentials_update_keytab(struct cli_credentials *cred, + struct loadparm_context *lp_ctx); +void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features); +uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds); +int cli_credentials_set_ccache(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + const char *name, + enum credentials_obtained obtained); +bool cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained); +bool cli_credentials_parse_password_fd(struct cli_credentials *credentials, + int fd, enum credentials_obtained obtained); +void cli_credentials_invalidate_ccache(struct cli_credentials *cred, + enum credentials_obtained obtained); +void cli_credentials_set_salt_principal(struct cli_credentials *cred, const char *principal); +enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds); +NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + struct ldb_context *ldb, + const char *base, + const char *filter); + int cli_credentials_get_kvno(struct cli_credentials *cred); #endif /* __CREDENTIALS_H__ */ diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c index c1001c9622..8bcbc65575 100644 --- a/source4/auth/credentials/credentials_files.c +++ b/source4/auth/credentials/credentials_files.c @@ -39,7 +39,7 @@ * @param obtained This enum describes how 'specified' this password is */ -bool cli_credentials_parse_password_fd(struct cli_credentials *credentials, +_PUBLIC_ bool cli_credentials_parse_password_fd(struct cli_credentials *credentials, int fd, enum credentials_obtained obtained) { char *p; @@ -83,7 +83,7 @@ bool cli_credentials_parse_password_fd(struct cli_credentials *credentials, * @param obtained This enum describes how 'specified' this password is */ -bool cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained) +_PUBLIC_ bool cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained) { int fd = open(file, O_RDONLY, 0); bool ret; @@ -109,7 +109,7 @@ bool cli_credentials_parse_password_file(struct cli_credentials *credentials, co * @param obtained This enum describes how 'specified' this password is */ -bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, enum credentials_obtained obtained) +_PUBLIC_ bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, enum credentials_obtained obtained) { uint16_t len = 0; char *ptr, *val, *param; @@ -168,7 +168,7 @@ bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, * @param cred Credentials structure to fill in * @retval NTSTATUS error detailing any failure */ -NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, +_PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, struct loadparm_context *lp_ctx, struct ldb_context *ldb, const char *base, @@ -326,7 +326,7 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, * @param cred Credentials structure to fill in * @retval NTSTATUS error detailing any failure */ -NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred, +_PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred, struct loadparm_context *lp_ctx) { char *filter; @@ -369,7 +369,7 @@ NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred, * @param cred Credentials structure to fill in * @retval NTSTATUS error detailing any failure */ -NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, +_PUBLIC_ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, struct loadparm_context *lp_ctx, const char *serviceprincipal) { @@ -395,7 +395,7 @@ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, * than during, popt processing. * */ -void cli_credentials_set_machine_account_pending(struct cli_credentials *cred, +_PUBLIC_ void cli_credentials_set_machine_account_pending(struct cli_credentials *cred, struct loadparm_context *lp_ctx) { cred->machine_account_pending = true; diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c index 52bf9f124f..cd9285b09d 100644 --- a/source4/auth/credentials/credentials_krb5.c +++ b/source4/auth/credentials/credentials_krb5.c @@ -25,10 +25,11 @@ #include "system/kerberos.h" #include "auth/kerberos/kerberos.h" #include "auth/credentials/credentials.h" +#include "auth/credentials/credentials_proto.h" #include "auth/credentials/credentials_krb5.h" #include "param/param.h" -int cli_credentials_get_krb5_context(struct cli_credentials *cred, +_PUBLIC_ int cli_credentials_get_krb5_context(struct cli_credentials *cred, struct loadparm_context *lp_ctx, struct smb_krb5_context **smb_krb5_context) { @@ -52,7 +53,7 @@ int cli_credentials_get_krb5_context(struct cli_credentials *cred, * otherwise we might have problems with the krb5 context already * being here. */ -NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred, +_PUBLIC_ NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred, struct smb_krb5_context *smb_krb5_context) { if (!talloc_reference(cred, smb_krb5_context)) { @@ -126,7 +127,7 @@ static int free_dccache(struct ccache_container *ccc) { return 0; } -int cli_credentials_set_ccache(struct cli_credentials *cred, +_PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred, struct loadparm_context *lp_ctx, const char *name, enum credentials_obtained obtained) @@ -251,7 +252,7 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred, return ret; } -int cli_credentials_get_ccache(struct cli_credentials *cred, +_PUBLIC_ int cli_credentials_get_ccache(struct cli_credentials *cred, struct loadparm_context *lp_ctx, struct ccache_container **ccc) { @@ -315,7 +316,7 @@ void cli_credentials_invalidate_client_gss_creds(struct cli_credentials *cred, } } -void cli_credentials_invalidate_ccache(struct cli_credentials *cred, +_PUBLIC_ void cli_credentials_invalidate_ccache(struct cli_credentials *cred, enum credentials_obtained obtained) { /* If the caller just changed the username/password etc, then @@ -346,7 +347,7 @@ static int free_gssapi_creds(struct gssapi_creds_container *gcc) return 0; } -int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, +_PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, struct loadparm_context *lp_ctx, struct gssapi_creds_container **_gcc) { @@ -454,7 +455,7 @@ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, * attached to this context. If this hasn't been done or set before, * it will be generated from the password. */ -int cli_credentials_get_keytab(struct cli_credentials *cred, +_PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred, struct loadparm_context *lp_ctx, struct keytab_container **_ktc) { @@ -508,7 +509,7 @@ int cli_credentials_get_keytab(struct cli_credentials *cred, /* Given the name of a keytab (presumably in the format * FILE:/etc/krb5.keytab), open it and attach it */ -int cli_credentials_set_keytab_name(struct cli_credentials *cred, +_PUBLIC_ int cli_credentials_set_keytab_name(struct cli_credentials *cred, struct loadparm_context *lp_ctx, const char *keytab_name, enum credentials_obtained obtained) @@ -547,7 +548,7 @@ int cli_credentials_set_keytab_name(struct cli_credentials *cred, return ret; } -int cli_credentials_update_keytab(struct cli_credentials *cred, +_PUBLIC_ int cli_credentials_update_keytab(struct cli_credentials *cred, struct loadparm_context *lp_ctx) { krb5_error_code ret; @@ -583,7 +584,7 @@ int cli_credentials_update_keytab(struct cli_credentials *cred, /* Get server gss credentials (in gsskrb5, this means the keytab) */ -int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, +_PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, struct loadparm_context *lp_ctx, struct gssapi_creds_container **_gcc) { @@ -657,7 +658,7 @@ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, * Set Kerberos KVNO */ -void cli_credentials_set_kvno(struct cli_credentials *cred, +_PUBLIC_ void cli_credentials_set_kvno(struct cli_credentials *cred, int kvno) { cred->kvno = kvno; @@ -667,7 +668,7 @@ void cli_credentials_set_kvno(struct cli_credentials *cred, * Return Kerberos KVNO */ -int cli_credentials_get_kvno(struct cli_credentials *cred) +_PUBLIC_ int cli_credentials_get_kvno(struct cli_credentials *cred) { return cred->kvno; } @@ -693,7 +694,7 @@ const char *cli_credentials_get_salt_principal(struct cli_credentials *cred) return cred->salt_principal; } -void cli_credentials_set_salt_principal(struct cli_credentials *cred, const char *principal) +_PUBLIC_ void cli_credentials_set_salt_principal(struct cli_credentials *cred, const char *principal) { cred->salt_principal = talloc_strdup(cred, principal); } diff --git a/source4/auth/credentials/credentials_ntlm.c b/source4/auth/credentials/credentials_ntlm.c index 04f1d312e6..b88f2018df 100644 --- a/source4/auth/credentials/credentials_ntlm.c +++ b/source4/auth/credentials/credentials_ntlm.c @@ -27,7 +27,7 @@ #include "libcli/auth/libcli_auth.h" #include "auth/credentials/credentials.h" -void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, +_PUBLIC_ void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, const char **username, const char **domain) { @@ -40,7 +40,7 @@ void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALL } } -NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, +_PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, int *flags, DATA_BLOB challenge, DATA_BLOB target_info, DATA_BLOB *_lm_response, DATA_BLOB *_nt_response, diff --git a/source4/auth/gensec/config.mk b/source4/auth/gensec/config.mk index b60f039284..14864f7e4c 100644 --- a/source4/auth/gensec/config.mk +++ b/source4/auth/gensec/config.mk @@ -11,7 +11,7 @@ PUBLIC_DEPENDENCIES = \ # End SUBSYSTEM gensec ################################# -PUBLIC_HEADERS += $(addprefix auth/gensec/, gensec.h spnego.h) +PUBLIC_HEADERS += auth/gensec/gensec.h ################################################ # Start MODULE gensec_krb5 diff --git a/source4/auth/gensec/cyrus_sasl.c b/source4/auth/gensec/cyrus_sasl.c index cb7bcb71d8..06a7b8a382 100644 --- a/source4/auth/gensec/cyrus_sasl.c +++ b/source4/auth/gensec/cyrus_sasl.c @@ -23,6 +23,7 @@ #include "auth/auth.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" #include "lib/socket/socket.h" #include <sasl/sasl.h> diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index cd2066d9fd..59c19b96ab 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -27,6 +27,7 @@ #include "librpc/rpc/dcerpc.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" #include "param/param.h" /* the list of currently registered GENSEC backends */ @@ -35,7 +36,7 @@ static int gensec_num_backends; /* Return all the registered mechs. Don't modify the return pointer, * but you may talloc_reference it if convient */ -struct gensec_security_ops **gensec_security_all(void) +_PUBLIC_ struct gensec_security_ops **gensec_security_all(void) { return generic_security_ops; } @@ -45,7 +46,7 @@ struct gensec_security_ops **gensec_security_all(void) * gensec_security_all(), or from cli_credentials_gensec_list() (ie, * an existing list we have trimmed down) */ -struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, +_PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, struct gensec_security_ops **old_gensec_list, struct cli_credentials *creds) { @@ -572,7 +573,7 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, @param gensec_security Returned GENSEC context pointer. @note The mem_ctx is only a parent and may be NULL. */ -NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, +_PUBLIC_ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, struct event_context *ev, struct loadparm_context *lp_ctx, struct messaging_context *msg, @@ -637,7 +638,7 @@ static NTSTATUS gensec_start_mech(struct gensec_security *gensec_security) * @param auth_level DCERPC auth level */ -NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security, uint8_t auth_type, uint8_t auth_level) { gensec_security->ops = gensec_security_by_authtype(gensec_security, auth_type); @@ -663,7 +664,7 @@ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security, return gensec_start_mech(gensec_security); } -const char *gensec_get_name_by_authtype(uint8_t authtype) +_PUBLIC_ const char *gensec_get_name_by_authtype(uint8_t authtype) { const struct gensec_security_ops *ops; ops = gensec_security_by_authtype(NULL, authtype); @@ -674,7 +675,7 @@ const char *gensec_get_name_by_authtype(uint8_t authtype) } -const char *gensec_get_name_by_oid(const char *oid_string) +_PUBLIC_ const char *gensec_get_name_by_oid(const char *oid_string) { const struct gensec_security_ops *ops; ops = gensec_security_by_oid(NULL, oid_string); @@ -704,7 +705,7 @@ NTSTATUS gensec_start_mech_by_ops(struct gensec_security *gensec_security, * well-known #define to hook it in. */ -NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security, const char *mech_oid) { gensec_security->ops = gensec_security_by_oid(gensec_security, mech_oid); @@ -720,7 +721,7 @@ NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security, * */ -NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security, const char *sasl_name) { gensec_security->ops = gensec_security_by_sasl_name(gensec_security, sasl_name); @@ -769,7 +770,7 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_ * */ -NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security, const char *name) { gensec_security->ops = gensec_security_by_name(gensec_security, name); @@ -783,7 +784,7 @@ NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security, /* wrappers for the gensec function pointers */ -NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, @@ -802,7 +803,7 @@ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security, sig); } -NTSTATUS gensec_check_packet(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_check_packet(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, const uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, @@ -818,7 +819,7 @@ NTSTATUS gensec_check_packet(struct gensec_security *gensec_security, return gensec_security->ops->check_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig); } -NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, @@ -834,7 +835,7 @@ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security, return gensec_security->ops->seal_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig); } -NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, const uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, @@ -850,7 +851,7 @@ NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security, return gensec_security->ops->sign_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig); } -size_t gensec_sig_size(struct gensec_security *gensec_security, size_t data_size) +_PUBLIC_ size_t gensec_sig_size(struct gensec_security *gensec_security, size_t data_size) { if (!gensec_security->ops->sig_size) { return 0; @@ -880,7 +881,7 @@ size_t gensec_max_input_size(struct gensec_security *gensec_security) return gensec_security->ops->max_input_size(gensec_security); } -NTSTATUS gensec_wrap(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_wrap(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, const DATA_BLOB *in, DATA_BLOB *out) @@ -891,7 +892,7 @@ NTSTATUS gensec_wrap(struct gensec_security *gensec_security, return gensec_security->ops->wrap(gensec_security, mem_ctx, in, out); } -NTSTATUS gensec_unwrap(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_unwrap(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, const DATA_BLOB *in, DATA_BLOB *out) @@ -902,7 +903,7 @@ NTSTATUS gensec_unwrap(struct gensec_security *gensec_security, return gensec_security->ops->unwrap(gensec_security, mem_ctx, in, out); } -NTSTATUS gensec_session_key(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_session_key(struct gensec_security *gensec_security, DATA_BLOB *session_key) { if (!gensec_security->ops->session_key) { @@ -925,7 +926,7 @@ NTSTATUS gensec_session_key(struct gensec_security *gensec_security, * */ -NTSTATUS gensec_session_info(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_session_info(struct gensec_security *gensec_security, struct auth_session_info **session_info) { if (!gensec_security->ops->session_info) { @@ -1065,7 +1066,7 @@ _PUBLIC_ NTSTATUS gensec_set_credentials(struct gensec_security *gensec_security * */ -struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security) +_PUBLIC_ struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security) { if (!gensec_security) { return NULL; @@ -1135,7 +1136,7 @@ _PUBLIC_ const char *gensec_get_target_hostname(struct gensec_security *gensec_s * cryptographic tokens, to avoid certain attacks. */ -NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr) +_PUBLIC_ NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr) { gensec_security->my_addr = my_addr; if (my_addr && !talloc_reference(gensec_security, my_addr)) { @@ -1144,7 +1145,7 @@ NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct sock return NT_STATUS_OK; } -NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr) +_PUBLIC_ NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr) { gensec_security->peer_addr = peer_addr; if (peer_addr && !talloc_reference(gensec_security, peer_addr)) { @@ -1164,7 +1165,7 @@ struct socket_address *gensec_get_my_addr(struct gensec_security *gensec_securit return NULL; } -struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security) +_PUBLIC_ struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security) { if (gensec_security->peer_addr) { return gensec_security->peer_addr; @@ -1264,7 +1265,7 @@ static int sort_gensec(struct gensec_security_ops **gs1, struct gensec_security_ /* initialise the GENSEC subsystem */ -NTSTATUS gensec_init(struct loadparm_context *lp_ctx) +_PUBLIC_ NTSTATUS gensec_init(struct loadparm_context *lp_ctx) { static bool initialized = false; diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index 3413e5c8ce..7a1abfbc3b 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -199,6 +199,96 @@ NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security, struct loadparm_context; -#include "auth/gensec/gensec_proto.h" +NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx, + struct gensec_security *parent, + struct gensec_security **gensec_security); +NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, + struct gensec_security **gensec_security, + struct event_context *ev, + struct loadparm_context *lp_ctx); +NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_security, + const char **sasl_names); +NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, + const DATA_BLOB in, DATA_BLOB *out); +void gensec_update_send(struct gensec_security *gensec_security, const DATA_BLOB in, + void (*callback)(struct gensec_update_request *req, void *private_data), + void *private_data); +NTSTATUS gensec_update_recv(struct gensec_update_request *req, TALLOC_CTX *out_mem_ctx, DATA_BLOB *out); +void gensec_want_feature(struct gensec_security *gensec_security, + uint32_t feature); +bool gensec_have_feature(struct gensec_security *gensec_security, + uint32_t feature); +NTSTATUS gensec_set_credentials(struct gensec_security *gensec_security, struct cli_credentials *credentials); +NTSTATUS gensec_set_target_service(struct gensec_security *gensec_security, const char *service); +const char *gensec_get_target_service(struct gensec_security *gensec_security); +NTSTATUS gensec_set_target_hostname(struct gensec_security *gensec_security, const char *hostname); +const char *gensec_get_target_hostname(struct gensec_security *gensec_security); +NTSTATUS gensec_session_key(struct gensec_security *gensec_security, + DATA_BLOB *session_key); +NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security, + const char *mech_oid); +const char *gensec_get_name_by_oid(const char *oid_string); +struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security); +struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security); +NTSTATUS gensec_init(struct loadparm_context *lp_ctx); +NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + const DATA_BLOB *sig); +NTSTATUS gensec_check_packet(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + const DATA_BLOB *sig); +size_t gensec_sig_size(struct gensec_security *gensec_security, size_t data_size); +NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + DATA_BLOB *sig); +NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + DATA_BLOB *sig); +NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security, + uint8_t auth_type, uint8_t auth_level); +const char *gensec_get_name_by_authtype(uint8_t authtype); +NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct loadparm_context *lp_ctx, + struct messaging_context *msg, + struct gensec_security **gensec_security); +NTSTATUS gensec_session_info(struct gensec_security *gensec_security, + struct auth_session_info **session_info); +NTSTATUS auth_nt_status_squash(NTSTATUS nt_status); +struct creds_CredentialState; +NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + struct creds_CredentialState **creds); +NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr); +NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr); + +NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security, + const char *name); + +NTSTATUS gensec_unwrap(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const DATA_BLOB *in, + DATA_BLOB *out); +NTSTATUS gensec_wrap(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const DATA_BLOB *in, + DATA_BLOB *out); + +struct gensec_security_ops **gensec_security_all(void); +struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, + struct gensec_security_ops **old_gensec_list, + struct cli_credentials *creds); + +NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security, + const char *sasl_name); + #endif /* __GENSEC_H__ */ diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index d8cdb90197..e7dcb4ea68 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -34,7 +34,9 @@ #include "auth/credentials/credentials.h" #include "auth/credentials/credentials_krb5.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" #include "param/param.h" +#include "auth/session_proto.h" enum gensec_gssapi_sasl_state { diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index 88432c7f89..ae601b19c2 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -36,7 +36,9 @@ #include "auth/credentials/credentials.h" #include "auth/credentials/credentials_krb5.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" #include "param/param.h" +#include "auth/session_proto.h" enum GENSEC_KRB5_STATE { GENSEC_KRB5_SERVER_START, diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index 96e3478982..b3117ee9b2 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -25,11 +25,13 @@ #include "auth/auth.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" #include "auth/gensec/schannel.h" #include "auth/gensec/schannel_state.h" #include "auth/gensec/schannel_proto.h" #include "librpc/rpc/dcerpc.h" #include "param/param.h" +#include "auth/session_proto.h" static size_t schannel_sig_size(struct gensec_security *gensec_security, size_t data_size) { diff --git a/source4/auth/gensec/socket.c b/source4/auth/gensec/socket.c index 4dc05e8cc4..27449bf610 100644 --- a/source4/auth/gensec/socket.c +++ b/source4/auth/gensec/socket.c @@ -24,6 +24,7 @@ #include "lib/socket/socket.h" #include "lib/stream/packet.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" static const struct socket_ops gensec_socket_ops; diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c index f593d17d4b..1544326bb1 100644 --- a/source4/auth/gensec/spnego.c +++ b/source4/auth/gensec/spnego.c @@ -26,6 +26,7 @@ #include "librpc/gen_ndr/ndr_dcerpc.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" enum spnego_state_position { SPNEGO_SERVER_START, diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index e905e3e704..9002715065 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -24,6 +24,7 @@ #include "system/kerberos.h" #include "auth/kerberos/kerberos.h" #include "auth/credentials/credentials.h" +#include "auth/credentials/credentials_proto.h" #include "auth/credentials/credentials_krb5.h" struct principal_container { @@ -634,7 +635,7 @@ int smb_krb5_update_keytab(TALLOC_CTX *parent_ctx, return ret; } -_PUBLIC_ int smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx, +int smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx, struct cli_credentials *machine_account, struct smb_krb5_context *smb_krb5_context, const char **enctype_strings, diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c index 8901488004..64bfebd3d1 100644 --- a/source4/auth/ntlmssp/ntlmssp.c +++ b/source4/auth/ntlmssp/ntlmssp.c @@ -27,7 +27,9 @@ #include "librpc/gen_ndr/ndr_dcerpc.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" #include "auth/auth.h" +#include "auth/auth_proto.h" #include "param/param.h" /** diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h index 5efc0a2eb1..df950e4756 100644 --- a/source4/auth/ntlmssp/ntlmssp.h +++ b/source4/auth/ntlmssp/ntlmssp.h @@ -186,4 +186,5 @@ struct gensec_ntlmssp_state struct loadparm_context; struct auth_session_info; + #include "auth/ntlmssp/proto.h" diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index eb6dbc5bca..12802b7e79 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -30,7 +30,9 @@ #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" #include "auth/auth.h" +#include "auth/auth_proto.h" #include "param/param.h" +#include "auth/session_proto.h" /** * Set a username on an NTLMSSP context - ensures it is talloc()ed diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c index b003dc865f..063b16f539 100644 --- a/source4/auth/ntlmssp/ntlmssp_sign.c +++ b/source4/auth/ntlmssp/ntlmssp_sign.c @@ -134,7 +134,7 @@ static NTSTATUS ntlmssp_make_packet_signature(struct gensec_ntlmssp_state *gense } /* TODO: make this non-public */ -_PUBLIC_ NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security, +NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx, const uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, @@ -306,7 +306,7 @@ NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security, Initialise the state for NTLMSSP signing. */ /* TODO: make this non-public */ -_PUBLIC_ NTSTATUS ntlmssp_sign_init(struct gensec_ntlmssp_state *gensec_ntlmssp_state) +NTSTATUS ntlmssp_sign_init(struct gensec_ntlmssp_state *gensec_ntlmssp_state) { TALLOC_CTX *mem_ctx = talloc_new(gensec_ntlmssp_state); diff --git a/source4/auth/sam.c b/source4/auth/sam.c index b171fc57b9..ed44754993 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -383,7 +383,7 @@ _PUBLIC_ NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_conte return NT_STATUS_OK; } -_PUBLIC_ NTSTATUS sam_get_results_principal(struct ldb_context *sam_ctx, +NTSTATUS sam_get_results_principal(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, const char *principal, struct ldb_message ***msgs, struct ldb_message ***msgs_domain_ref) diff --git a/source4/auth/session.c b/source4/auth/session.c index c86fff90df..112eac95d8 100644 --- a/source4/auth/session.c +++ b/source4/auth/session.c @@ -28,8 +28,9 @@ #include "dsdb/samdb/samdb.h" #include "auth/credentials/credentials.h" #include "param/param.h" +#include "auth/session_proto.h" -struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx, +_PUBLIC_ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) { NTSTATUS nt_status; @@ -41,7 +42,7 @@ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx, return session_info; } -NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, +_PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, struct loadparm_context *lp_ctx, struct auth_session_info **_session_info) { @@ -77,7 +78,7 @@ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, return NT_STATUS_OK; } -NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx, +_PUBLIC_ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx, const char *netbios_name, struct auth_serversupplied_info **_server_info) { @@ -149,7 +150,7 @@ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, +_PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, struct auth_serversupplied_info *server_info, struct auth_session_info **_session_info) @@ -199,7 +200,7 @@ void auth_session_info_debug(int dbg_lev, /** * Make a server_info struct from the info3 returned by a domain logon */ -NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx, +_PUBLIC_ NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx, const char *account_name, uint16_t validation_level, union netr_Validation *validation, diff --git a/source4/auth/session.h b/source4/auth/session.h index 039c005bb0..87fc47791a 100644 --- a/source4/auth/session.h +++ b/source4/auth/session.h @@ -29,6 +29,28 @@ struct auth_session_info { }; #include "librpc/gen_ndr/netlogon.h" -#include "auth/session_proto.h" + +struct auth_session_info *system_session_anon(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx); +struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) ; +NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx, + const char *netbios_name, + struct auth_serversupplied_info **_server_info) ; +NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, + struct auth_serversupplied_info *server_info, + struct auth_session_info **_session_info) ; + +NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx, + const char *account_name, + uint16_t validation_level, + union netr_Validation *validation, + struct auth_serversupplied_info **_server_info); +NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, + struct loadparm_context *lp_ctx, + struct auth_session_info **_session_info); + +struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx); + #endif /* _SAMBA_AUTH_SESSION_H */ |