Initial GSS Mechanism code.

Implements init sec context and basic mechanism initialization.
author: Simo Sorce <idra@samba.org> 2013-06-23 12:02:47 -0400
committer: Simo Sorce <simo@redhat.com> 2013-07-18 22:37:25 -0400
commit: dc2cf8903ca08152464ef50ec989e97640cf1248 (patch)
tree: 219cdd208441557fe6187dd8104b95d498baba8c /src/gss_ntlmssp.h
parent: 994d9639caeec0164134e3bd6c16512defe93021 (diff)
download: gss-ntlmssp-dc2cf8903ca08152464ef50ec989e97640cf1248.tar.gz
gss-ntlmssp-dc2cf8903ca08152464ef50ec989e97640cf1248.tar.xz
gss-ntlmssp-dc2cf8903ca08152464ef50ec989e97640cf1248.zip
1 files changed, 145 insertions, 1 deletions
diff --git a/src/gss_ntlmssp.h b/src/gss_ntlmssp.h
index f7164a9..882de13 100644
--- a/src/gss_ntlmssp.h
+++ b/src/gss_ntlmssp.h
@@ -18,6 +18,150 @@
 #ifndef _GSS_NTLMSSP_H_
 #define _GSS_NTLMSSP_H_
 
-#include <gssapi/gssapi.h>
+#include "ntlm.h"
+#include "crypto.h"
+
+#define SEC_LEVEL_MIN 0
+#define SEC_LEVEL_MAX 5
+
+#define SEC_LM_OK 0x01
+#define SEC_NTLM_OK 0x02
+#define SEC_EXT_SEC_OK 0x04
+#define SEC_V2_ONLY 0x08
+#define SEC_DC_LM_OK 0x10
+#define SEC_DC_NTLM_OK 0x20
+#define SEC_DC_V2_OK 0x40
+
+#define NTLMSSP_DEFAULT_CLIENT_FLAGS ( \
+                NTLMSSP_NEGOTIATE_ALWAYS_SIGN | \
+                NTLMSSP_NEGOTIATE_128 | \
+                NTLMSSP_NEGOTIATE_56 | \
+                NTLMSSP_NEGOTIATE_NTLM | \
+                NTLMSSP_NEGOTIATE_UNICODE)
+
+struct gssntlm_name {
+    enum ntlm_name_type {
+        GSSNTLM_NAME_NONE,
+        GSSNTLM_NAME_USER,
+        GSSNTLM_NAME_SERVER
+    } type;
+
+    union {
+        struct {
+            char *domain;
+            char *name;
+        } user;
+        struct {
+            char *name;
+        } server;
+    } data;
+};
+
+struct gssntlm_cred {
+    enum ntlm_cred_type {
+        GSSNTLM_CRED_NONE,
+        GSSNTLM_CRED_ANON,
+        GSSNTLM_CRED_USER,
+        GSSNTLM_CRED_SERVER
+    } type;
+
+    union {
+        struct {
+            int dummy;
+        } anon;
+        struct {
+            struct gssntlm_name user;
+            struct ntlm_key nt_hash;
+            struct ntlm_key lm_hash;
+        } user;
+        struct {
+            int dummy;
+        } server;
+    } cred;
+};
+
+struct gssntlm_signseal {
+    struct ntlm_key sign_key;
+    struct ntlm_key seal_key;
+    struct ntlm_rc4_handle *seal_handle;
+    uint32_t seq_num;
+};
+
+struct gssntlm_ctx {
+    enum gssntlm_role {
+        GSSNTLM_CLIENT,
+        GSSNTLM_SERVER,
+        GSSNTLM_DOMAIN_SERVER,
+        GSSNTLM_DOMAIN_CONTROLLER
+    } role;
+
+    enum {
+        NTLMSSP_STAGE_INIT = 0,
+        NTLMSSP_STAGE_NEGOTIATE,
+        NTLMSSP_STAGE_CHALLENGE,
+        NTLMSSP_STAGE_AUTHENTICATE,
+        NTLMSSP_STAGE_DONE
+    } stage;
+
+    struct gssntlm_cred cred;
+    char *workstation;
+    int lm_compatibility_level;
+
+    struct ntlm_ctx *ntlm;
+    struct ntlm_buffer nego_msg;
+    struct ntlm_buffer chal_msg;
+    struct ntlm_buffer auth_msg;
+
+    /* requested gss fags */
+    uint32_t gss_flags;
+
+    /* negotiated flags */
+    uint32_t neg_flags;
+
+    /* TODO: Add whitelist of servers we are allowed to communicate with */
+
+    struct ntlm_key exported_session_key;
+    struct gssntlm_signseal send;
+    struct gssntlm_signseal recv;
+};
+
+uint8_t gssntlm_required_security(int security_level,
+                                  enum gssntlm_role role);
+void gssntlm_int_release_cred(struct gssntlm_cred *cred);
+
+int gssntlm_copy_creds(struct gssntlm_cred *in, struct gssntlm_cred *out);
+
+extern const gss_OID_desc gssntlm_oid;
+
+uint32_t gssntlm_acquire_cred(uint32_t *minor_status,
+                              gss_name_t desired_name,
+                              uint32_t time_req,
+                              gss_OID_set desired_mechs,
+                              gss_cred_usage_t cred_usage,
+                              gss_cred_id_t *output_cred_handle,
+                              gss_OID_set *actual_mechs,
+                              uint32_t *time_rec);
+
+uint32_t gssntlm_release_cred(uint32_t *minor_status,
+                              gss_cred_id_t *cred_handle);
+
+uint32_t gssntlm_init_sec_context(uint32_t *minor_status,
+                                  gss_cred_id_t claimant_cred_handle,
+                                  gss_ctx_id_t *context_handle,
+                                  gss_name_t target_name,
+                                  gss_OID mech_type,
+                                  uint32_t req_flags,
+                                  uint32_t time_req,
+                                  gss_channel_bindings_t input_chan_bindings,
+                                  gss_buffer_t input_token,
+                                  gss_OID *actual_mech_type,
+                                  gss_buffer_t output_token,
+                                  uint32_t *ret_flags,
+                                  uint32_t *time_rec);
+
+uint32_t gssntlm_delete_sec_context(uint32_t *minor_status,
+                                    gss_ctx_id_t *context_handle,
+                                    gss_buffer_t output_token);
+
 
 #endif /* _GSS_NTLMSSP_H_ */
author	Simo Sorce <idra@samba.org>	2013-06-23 12:02:47 -0400
committer	Simo Sorce <simo@redhat.com>	2013-07-18 22:37:25 -0400
commit	dc2cf8903ca08152464ef50ec989e97640cf1248 (patch)
tree	219cdd208441557fe6187dd8104b95d498baba8c /src/gss_ntlmssp.h
parent	994d9639caeec0164134e3bd6c16512defe93021 (diff)
download	gss-ntlmssp-dc2cf8903ca08152464ef50ec989e97640cf1248.tar.gz gss-ntlmssp-dc2cf8903ca08152464ef50ec989e97640cf1248.tar.xz gss-ntlmssp-dc2cf8903ca08152464ef50ec989e97640cf1248.zip