From 71c63e85e7a09acb57f6b75284358f2b3b29eeed Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 5 Aug 2013 07:12:01 +0200 Subject: auth/gensec: introduce gensec_internal.h We should treat most gensec related structures private. It's a long way, but this is a start. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- auth/gensec/gensec.c | 1 + auth/gensec/gensec.h | 100 ++------------------------- auth/gensec/gensec_internal.h | 127 +++++++++++++++++++++++++++++++++++ auth/gensec/gensec_start.c | 1 + auth/gensec/gensec_util.c | 1 + auth/gensec/spnego.c | 1 + auth/ntlmssp/gensec_ntlmssp.c | 1 + auth/ntlmssp/gensec_ntlmssp_server.c | 1 + auth/ntlmssp/ntlmssp.c | 1 + auth/ntlmssp/ntlmssp_client.c | 1 + auth/ntlmssp/ntlmssp_server.c | 1 + 11 files changed, 140 insertions(+), 96 deletions(-) create mode 100644 auth/gensec/gensec_internal.h (limited to 'auth') diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c index 9a8f0ef15a..d364a344a9 100644 --- a/auth/gensec/gensec.c +++ b/auth/gensec/gensec.c @@ -26,6 +26,7 @@ #include "lib/tsocket/tsocket.h" #include "lib/util/tevent_ntstatus.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_internal.h" #include "librpc/rpc/dcerpc.h" /* diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h index c080861664..5d39d8188f 100644 --- a/auth/gensec/gensec.h +++ b/auth/gensec/gensec.h @@ -76,6 +76,7 @@ struct gensec_settings; struct tevent_context; struct tevent_req; struct smb_krb5_context; +struct tsocket_address; struct gensec_settings { struct loadparm_context *lp_ctx; @@ -93,106 +94,13 @@ struct gensec_settings { const char *server_netbios_name; }; -struct gensec_security_ops { - const char *name; - const char *sasl_name; - uint8_t auth_type; /* 0 if not offered on DCE-RPC */ - const char **oid; /* NULL if not offered by SPNEGO */ - NTSTATUS (*client_start)(struct gensec_security *gensec_security); - NTSTATUS (*server_start)(struct gensec_security *gensec_security); - /** - Determine if a packet has the right 'magic' for this mechanism - */ - NTSTATUS (*magic)(struct gensec_security *gensec_security, - const DATA_BLOB *first_packet); - NTSTATUS (*update)(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, - struct tevent_context *ev, - const DATA_BLOB in, DATA_BLOB *out); - NTSTATUS (*seal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx, - uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - DATA_BLOB *sig); - NTSTATUS (*sign_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx, - const uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - DATA_BLOB *sig); - size_t (*sig_size)(struct gensec_security *gensec_security, size_t data_size); - size_t (*max_input_size)(struct gensec_security *gensec_security); - size_t (*max_wrapped_size)(struct gensec_security *gensec_security); - NTSTATUS (*check_packet)(struct gensec_security *gensec_security, - const uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - const DATA_BLOB *sig); - NTSTATUS (*unseal_packet)(struct gensec_security *gensec_security, - uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - const DATA_BLOB *sig); - NTSTATUS (*wrap)(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out); - NTSTATUS (*unwrap)(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out); - NTSTATUS (*wrap_packets)(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out, - size_t *len_processed); - NTSTATUS (*unwrap_packets)(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out, - size_t *len_processed); - NTSTATUS (*packet_full_request)(struct gensec_security *gensec_security, - DATA_BLOB blob, size_t *size); - NTSTATUS (*session_key)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, - DATA_BLOB *session_key); - NTSTATUS (*session_info)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, - struct auth_session_info **session_info); - void (*want_feature)(struct gensec_security *gensec_security, - uint32_t feature); - bool (*have_feature)(struct gensec_security *gensec_security, - uint32_t feature); - NTTIME (*expire_time)(struct gensec_security *gensec_security); - bool enabled; - bool kerberos; - enum gensec_priority priority; -}; - -struct gensec_security_ops_wrapper { - const struct gensec_security_ops *op; - const char *oid; -}; +struct gensec_security_ops; +struct gensec_security_ops_wrapper; #define GENSEC_INTERFACE_VERSION 0 -struct gensec_security { - const struct gensec_security_ops *ops; - void *private_data; - struct cli_credentials *credentials; - struct gensec_target target; - enum gensec_role gensec_role; - bool subcontext; - uint32_t want_features; - uint32_t max_update_size; - uint8_t dcerpc_auth_level; - struct tsocket_address *local_addr, *remote_addr; - struct gensec_settings *settings; - - /* When we are a server, this may be filled in to provide an - * NTLM authentication backend, and user lookup (such as if no - * PAC is found) */ - struct auth4_context *auth_context; -}; - /* this structure is used by backends to determine the size of some critical types */ -struct gensec_critical_sizes { - int interface_version; - int sizeof_gensec_security_ops; - int sizeof_gensec_security; -}; +struct gensec_critical_sizes; const struct gensec_critical_sizes *gensec_interface_version(void); /* Socket wrapper */ diff --git a/auth/gensec/gensec_internal.h b/auth/gensec/gensec_internal.h new file mode 100644 index 0000000000..41b6f0d6ef --- /dev/null +++ b/auth/gensec/gensec_internal.h @@ -0,0 +1,127 @@ +/* + Unix SMB/CIFS implementation. + + Generic Authentication Interface + + Copyright (C) Andrew Tridgell 2003 + Copyright (C) Andrew Bartlett 2004-2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef __GENSEC_INTERNAL_H__ +#define __GENSEC_INTERNAL_H__ + +struct gensec_security; + +struct gensec_security_ops { + const char *name; + const char *sasl_name; + uint8_t auth_type; /* 0 if not offered on DCE-RPC */ + const char **oid; /* NULL if not offered by SPNEGO */ + NTSTATUS (*client_start)(struct gensec_security *gensec_security); + NTSTATUS (*server_start)(struct gensec_security *gensec_security); + /** + Determine if a packet has the right 'magic' for this mechanism + */ + NTSTATUS (*magic)(struct gensec_security *gensec_security, + const DATA_BLOB *first_packet); + NTSTATUS (*update)(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, + struct tevent_context *ev, + const DATA_BLOB in, DATA_BLOB *out); + NTSTATUS (*seal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx, + uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + DATA_BLOB *sig); + NTSTATUS (*sign_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx, + const uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + DATA_BLOB *sig); + size_t (*sig_size)(struct gensec_security *gensec_security, size_t data_size); + size_t (*max_input_size)(struct gensec_security *gensec_security); + size_t (*max_wrapped_size)(struct gensec_security *gensec_security); + NTSTATUS (*check_packet)(struct gensec_security *gensec_security, + const uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + const DATA_BLOB *sig); + NTSTATUS (*unseal_packet)(struct gensec_security *gensec_security, + uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + const DATA_BLOB *sig); + NTSTATUS (*wrap)(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const DATA_BLOB *in, + DATA_BLOB *out); + NTSTATUS (*unwrap)(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const DATA_BLOB *in, + DATA_BLOB *out); + NTSTATUS (*wrap_packets)(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const DATA_BLOB *in, + DATA_BLOB *out, + size_t *len_processed); + NTSTATUS (*unwrap_packets)(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const DATA_BLOB *in, + DATA_BLOB *out, + size_t *len_processed); + NTSTATUS (*packet_full_request)(struct gensec_security *gensec_security, + DATA_BLOB blob, size_t *size); + NTSTATUS (*session_key)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, + DATA_BLOB *session_key); + NTSTATUS (*session_info)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, + struct auth_session_info **session_info); + void (*want_feature)(struct gensec_security *gensec_security, + uint32_t feature); + bool (*have_feature)(struct gensec_security *gensec_security, + uint32_t feature); + NTTIME (*expire_time)(struct gensec_security *gensec_security); + bool enabled; + bool kerberos; + enum gensec_priority priority; +}; + +struct gensec_security_ops_wrapper { + const struct gensec_security_ops *op; + const char *oid; +}; + +struct gensec_security { + const struct gensec_security_ops *ops; + void *private_data; + struct cli_credentials *credentials; + struct gensec_target target; + enum gensec_role gensec_role; + bool subcontext; + uint32_t want_features; + uint32_t max_update_size; + uint8_t dcerpc_auth_level; + struct tsocket_address *local_addr, *remote_addr; + struct gensec_settings *settings; + + /* When we are a server, this may be filled in to provide an + * NTLM authentication backend, and user lookup (such as if no + * PAC is found) */ + struct auth4_context *auth_context; +}; + +/* this structure is used by backends to determine the size of some critical types */ +struct gensec_critical_sizes { + int interface_version; + int sizeof_gensec_security_ops; + int sizeof_gensec_security; +}; + +#endif /* __GENSEC_H__ */ diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c index c2cfa1c375..34029f5d88 100644 --- a/auth/gensec/gensec_start.c +++ b/auth/gensec/gensec_start.c @@ -27,6 +27,7 @@ #include "librpc/rpc/dcerpc.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_internal.h" #include "lib/param/param.h" #include "lib/util/tsort.h" #include "lib/util/samba_modules.h" diff --git a/auth/gensec/gensec_util.c b/auth/gensec/gensec_util.c index 64952b1983..568128add1 100644 --- a/auth/gensec/gensec_util.c +++ b/auth/gensec/gensec_util.c @@ -22,6 +22,7 @@ #include "includes.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_internal.h" #include "auth/common_auth.h" #include "../lib/util/asn1.h" diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index da1fc0ecde..38a45f8bdc 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -27,6 +27,7 @@ #include "librpc/gen_ndr/ndr_dcerpc.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_internal.h" #include "param/param.h" #include "lib/util/asn1.h" diff --git a/auth/ntlmssp/gensec_ntlmssp.c b/auth/ntlmssp/gensec_ntlmssp.c index 9e1d8a839e..654c0e3cba 100644 --- a/auth/ntlmssp/gensec_ntlmssp.c +++ b/auth/ntlmssp/gensec_ntlmssp.c @@ -22,6 +22,7 @@ #include "includes.h" #include "auth/ntlmssp/ntlmssp.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_internal.h" #include "auth/ntlmssp/ntlmssp_private.h" NTSTATUS gensec_ntlmssp_magic(struct gensec_security *gensec_security, diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c b/auth/ntlmssp/gensec_ntlmssp_server.c index f4dfab3856..69c56fbbfb 100644 --- a/auth/ntlmssp/gensec_ntlmssp_server.c +++ b/auth/ntlmssp/gensec_ntlmssp_server.c @@ -31,6 +31,7 @@ #include "../libcli/auth/libcli_auth.h" #include "../lib/crypto/crypto.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_internal.h" #include "auth/common_auth.h" #include "param/param.h" diff --git a/auth/ntlmssp/ntlmssp.c b/auth/ntlmssp/ntlmssp.c index 1a2d662439..916b376b11 100644 --- a/auth/ntlmssp/ntlmssp.c +++ b/auth/ntlmssp/ntlmssp.c @@ -29,6 +29,7 @@ struct auth_session_info; #include "../libcli/auth/libcli_auth.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_internal.h" /** * Callbacks for NTLMSSP - for both client and server operating modes diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c index fc66a8d8e3..f99257d731 100644 --- a/auth/ntlmssp/ntlmssp_client.c +++ b/auth/ntlmssp/ntlmssp_client.c @@ -29,6 +29,7 @@ struct auth_session_info; #include "../libcli/auth/libcli_auth.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_internal.h" #include "param/param.h" #include "auth/ntlmssp/ntlmssp_private.h" #include "../librpc/gen_ndr/ndr_ntlmssp.h" diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c index 57179e1dca..2f3f0bb723 100644 --- a/auth/ntlmssp/ntlmssp_server.c +++ b/auth/ntlmssp/ntlmssp_server.c @@ -28,6 +28,7 @@ #include "../libcli/auth/libcli_auth.h" #include "../lib/crypto/crypto.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_internal.h" #include "auth/common_auth.h" /** -- cgit