auth/credentials/credentials_internal.h

   1 /*
   2    samba -- Unix SMB/CIFS implementation.
   3
   4    Client credentials structure
   5
   6    Copyright (C) Jelmer Vernooij 2004-2006
   7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22 #ifndef __CREDENTIALS_INTERNAL_H__
  23 #define __CREDENTIALS_INTERNAL_H__
  24
  25 #include "../lib/util/data_blob.h"
  26 #include "librpc/gen_ndr/misc.h"
  27
  28 struct cli_credentials {
  29         enum credentials_obtained workstation_obtained;
  30         enum credentials_obtained username_obtained;
  31         enum credentials_obtained password_obtained;
  32         enum credentials_obtained domain_obtained;
  33         enum credentials_obtained realm_obtained;
  34         enum credentials_obtained ccache_obtained;
  35         enum credentials_obtained client_gss_creds_obtained;
  36         enum credentials_obtained principal_obtained;
  37         enum credentials_obtained keytab_obtained;
  38         enum credentials_obtained server_gss_creds_obtained;
  39
  40         /* Threshold values (essentially a MAX() over a number of the
  41          * above) for the ccache and GSS credentials, to ensure we
  42          * regenerate/pick correctly */
  43
  44         enum credentials_obtained ccache_threshold;
  45         enum credentials_obtained client_gss_creds_threshold;
  46
  47         const char *workstation;
  48         const char *username;
  49         const char *password;
  50         const char *old_password;
  51         const char *domain;
  52         const char *realm;
  53         const char *principal;
  54         char *salt_principal;
  55         char *impersonate_principal;
  56         char *self_service;
  57         char *target_service;
  58
  59         const char *bind_dn;
  60
  61         /* Allows authentication from a keytab or similar */
  62         struct samr_Password *nt_hash;
  63         struct samr_Password *old_nt_hash;
  64
  65         /* Allows NTLM pass-though authentication */
  66         DATA_BLOB lm_response;
  67         DATA_BLOB nt_response;
  68
  69         struct ccache_container *ccache;
  70         struct gssapi_creds_container *client_gss_creds;
  71         struct keytab_container *keytab;
  72         struct gssapi_creds_container *server_gss_creds;
  73
  74         const char *(*workstation_cb) (struct cli_credentials *);
  75         const char *(*password_cb) (struct cli_credentials *);
  76         const char *(*username_cb) (struct cli_credentials *);
  77         const char *(*domain_cb) (struct cli_credentials *);
  78         const char *(*realm_cb) (struct cli_credentials *);
  79         const char *(*principal_cb) (struct cli_credentials *);
  80
  81         /* Private handle for the callback routines to use */
  82         void *priv_data;
  83
  84         struct netlogon_creds_CredentialState *netlogon_creds;
  85         enum netr_SchannelType secure_channel_type;
  86         int kvno;
  87         time_t password_last_changed_time;
  88
  89         struct smb_krb5_context *smb_krb5_context;
  90
  91         /* We are flagged to get machine account details from the
  92          * secrets.ldb when we are asked for a username or password */
  93         bool machine_account_pending;
  94         struct loadparm_context *machine_account_pending_lp_ctx;
  95
  96         /* Is this a machine account? */
  97         bool machine_account;
  98
  99         /* Should we be trying to use kerberos? */
 100         enum credentials_use_kerberos use_kerberos;
 101
 102         /* Should we get a forwardable ticket? */
 103         enum credentials_krb_forwardable krb_forwardable;
 104
 105         /* Forced SASL mechansim */
 106         char *forced_sasl_mech;
 107
 108         /* gensec features which should be used for connections */
 109         uint32_t gensec_features;
 110
 111         /* Number of retries left before bailing out */
 112         uint32_t password_tries;
 113
 114         /* Whether any callback is currently running */
 115         bool callback_running;
 116
 117         char winbind_separator;
 118
 119         bool password_will_be_nt_hash;
 120 };
 121
 122 #endif /* __CREDENTIALS_INTERNAL_H__ */