This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __CREDENTIALS_H__
#define __CREDENTIALS_H__
/* In order of priority */
enum credentials_obtained {
CRED_UNINITIALISED = 0, /* We don't even have a guess yet */
- CRED_GUESS_ENV, /* Current value should be used, which was guessed */
CRED_CALLBACK, /* Callback should be used to obtain value */
+ CRED_GUESS_ENV, /* Current value should be used, which was guessed */
CRED_GUESS_FILE, /* A guess from a file (or file pointed at in env variable) */
CRED_CALLBACK_RESULT, /* Value was obtained from a callback */
CRED_SPECIFIED /* Was explicitly specified on the command-line */
enum credentials_obtained keytab_obtained;
enum credentials_obtained server_gss_creds_obtained;
+ /* Threshold values (essentially a MAX() over a number of the
+ * above) for the ccache and GSS credentials, to ensure we
+ * regenerate/pick correctly */
+
+ enum credentials_obtained ccache_threshold;
+ enum credentials_obtained client_gss_creds_threshold;
+
const char *workstation;
const char *username;
const char *password;
/* We are flagged to get machine account details from the
* secrets.ldb when we are asked for a username or password */
- BOOL machine_account_pending;
+ bool machine_account_pending;
/* Is this a machine account? */
- BOOL machine_account;
+ bool machine_account;
/* Should we be trying to use kerberos? */
enum credentials_use_kerberos use_kerberos;
+ /* gensec features which should be used for connections */
+ uint32_t gensec_features;
+
/* Number of retries left before bailing out */
int tries;
/* Whether any callback is currently running */
- BOOL callback_running;
+ bool callback_running;
+
+ /* an event context for anyone wanting to use the credentials */
+ struct event_context *ev;
};
+struct ldb_context;
#include "auth/credentials/credentials_proto.h"
#endif /* __CREDENTIALS_H__ */