r25026: Move param/param.h out of includes.h
[kai/samba-autobuild/.git] / source4 / auth / credentials / credentials.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    User credentials handling
5
6    Copyright (C) Jelmer Vernooij 2005
7    Copyright (C) Tim Potter 2001
8    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
9    
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License as published by
12    the Free Software Foundation; either version 3 of the License, or
13    (at your option) any later version.
14    
15    This program is distributed in the hope that it will be useful,
16    but WITHOUT ANY WARRANTY; without even the implied warranty of
17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18    GNU General Public License for more details.
19    
20    You should have received a copy of the GNU General Public License
21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "librpc/gen_ndr/samr.h" /* for struct samrPassword */
26 #include "auth/credentials/credentials.h"
27 #include "auth/credentials/credentials_krb5.h"
28 #include "libcli/auth/libcli_auth.h"
29 #include "lib/events/events.h"
30 #include "param/param.h"
31
32 /**
33  * Create a new credentials structure
34  * @param mem_ctx TALLOC_CTX parent for credentials structure 
35  */
36 struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) 
37 {
38         struct cli_credentials *cred = talloc(mem_ctx, struct cli_credentials);
39         if (!cred) {
40                 return cred;
41         }
42
43         cred->netlogon_creds = NULL;
44         cred->machine_account_pending = False;
45         cred->workstation_obtained = CRED_UNINITIALISED;
46         cred->username_obtained = CRED_UNINITIALISED;
47         cred->password_obtained = CRED_UNINITIALISED;
48         cred->domain_obtained = CRED_UNINITIALISED;
49         cred->realm_obtained = CRED_UNINITIALISED;
50         cred->ccache_obtained = CRED_UNINITIALISED;
51         cred->client_gss_creds_obtained = CRED_UNINITIALISED;
52         cred->server_gss_creds_obtained = CRED_UNINITIALISED;
53         cred->keytab_obtained = CRED_UNINITIALISED;
54         cred->principal_obtained = CRED_UNINITIALISED;
55
56         cred->ccache_threshold = CRED_UNINITIALISED;
57         cred->client_gss_creds_threshold = CRED_UNINITIALISED;
58
59         cred->old_password = NULL;
60         cred->smb_krb5_context = NULL;
61         cred->salt_principal = NULL;
62         cred->machine_account = False;
63
64         cred->bind_dn = NULL;
65
66         cred->tries = 3;
67         cred->callback_running = False;
68         cred->ev = NULL;
69
70         cli_credentials_set_kerberos_state(cred, CRED_AUTO_USE_KERBEROS);
71         cli_credentials_set_gensec_features(cred, 0);
72
73         return cred;
74 }
75
76 /**
77  * Create a new anonymous credential
78  * @param mem_ctx TALLOC_CTX parent for credentials structure 
79  */
80 struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx) 
81 {
82         struct cli_credentials *anon_credentials;
83
84         anon_credentials = cli_credentials_init(mem_ctx);
85         cli_credentials_set_conf(anon_credentials);
86         cli_credentials_set_anonymous(anon_credentials);
87
88         return anon_credentials;
89 }
90
91 void cli_credentials_set_kerberos_state(struct cli_credentials *creds, 
92                                         enum credentials_use_kerberos use_kerberos)
93 {
94         creds->use_kerberos = use_kerberos;
95 }
96
97 enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds)
98 {
99         return creds->use_kerberos;
100 }
101
102 void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features)
103 {
104         creds->gensec_features = gensec_features;
105 }
106
107 uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds)
108 {
109         return creds->gensec_features;
110 }
111
112
113 /**
114  * Obtain the username for this credentials context.
115  * @param cred credentials context
116  * @retval The username set on this context.
117  * @note Return value will never be NULL except by programmer error.
118  */
119 const char *cli_credentials_get_username(struct cli_credentials *cred)
120 {
121         if (cred->machine_account_pending) {
122                 cli_credentials_set_machine_account(cred);
123         }
124
125         if (cred->username_obtained == CRED_CALLBACK && 
126             !cred->callback_running) {
127                 cred->callback_running = True;
128                 cred->username = cred->username_cb(cred);
129                 cred->callback_running = False;
130                 cred->username_obtained = CRED_SPECIFIED;
131                 cli_credentials_invalidate_ccache(cred, cred->username_obtained);
132         }
133
134         return cred->username;
135 }
136
137 BOOL cli_credentials_set_username(struct cli_credentials *cred, 
138                                   const char *val, enum credentials_obtained obtained)
139 {
140         if (obtained >= cred->username_obtained) {
141                 cred->username = talloc_strdup(cred, val);
142                 cred->username_obtained = obtained;
143                 cli_credentials_invalidate_ccache(cred, cred->username_obtained);
144                 return True;
145         }
146
147         return False;
148 }
149
150 BOOL cli_credentials_set_username_callback(struct cli_credentials *cred,
151                                   const char *(*username_cb) (struct cli_credentials *))
152 {
153         if (cred->username_obtained < CRED_CALLBACK) {
154                 cred->username_cb = username_cb;
155                 cred->username_obtained = CRED_CALLBACK;
156                 return True;
157         }
158
159         return False;
160 }
161
162 BOOL cli_credentials_set_bind_dn(struct cli_credentials *cred, 
163                                  const char *bind_dn)
164 {
165         cred->bind_dn = talloc_strdup(cred, bind_dn);
166         return True;
167 }
168
169 /**
170  * Obtain the BIND DN for this credentials context.
171  * @param cred credentials context
172  * @retval The username set on this context.
173  * @note Return value will be NULL if not specified explictly
174  */
175 const char *cli_credentials_get_bind_dn(struct cli_credentials *cred)
176 {
177         return cred->bind_dn;
178 }
179
180
181 /**
182  * Obtain the client principal for this credentials context.
183  * @param cred credentials context
184  * @retval The username set on this context.
185  * @note Return value will never be NULL except by programmer error.
186  */
187 const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx)
188 {
189         if (cred->machine_account_pending) {
190                 cli_credentials_set_machine_account(cred);
191         }
192
193         if (cred->principal_obtained == CRED_CALLBACK && 
194             !cred->callback_running) {
195                 cred->callback_running = True;
196                 cred->principal = cred->principal_cb(cred);
197                 cred->callback_running = False;
198                 cred->principal_obtained = CRED_SPECIFIED;
199                 cli_credentials_invalidate_ccache(cred, cred->principal_obtained);
200         }
201
202         if (cred->principal_obtained < cred->username_obtained) {
203                 if (cred->domain_obtained > cred->realm_obtained) {
204                         return talloc_asprintf(mem_ctx, "%s@%s", 
205                                                cli_credentials_get_username(cred),
206                                                cli_credentials_get_domain(cred));
207                 } else {
208                         return talloc_asprintf(mem_ctx, "%s@%s", 
209                                                cli_credentials_get_username(cred),
210                                                cli_credentials_get_realm(cred));
211                 }
212         }
213         return talloc_reference(mem_ctx, cred->principal);
214 }
215
216 BOOL cli_credentials_set_principal(struct cli_credentials *cred, 
217                                    const char *val, 
218                                    enum credentials_obtained obtained)
219 {
220         if (obtained >= cred->principal_obtained) {
221                 cred->principal = talloc_strdup(cred, val);
222                 cred->principal_obtained = obtained;
223                 cli_credentials_invalidate_ccache(cred, cred->principal_obtained);
224                 return True;
225         }
226
227         return False;
228 }
229
230 /* Set a callback to get the principal.  This could be a popup dialog,
231  * a terminal prompt or similar.  */
232
233 BOOL cli_credentials_set_principal_callback(struct cli_credentials *cred,
234                                   const char *(*principal_cb) (struct cli_credentials *))
235 {
236         if (cred->principal_obtained < CRED_CALLBACK) {
237                 cred->principal_cb = principal_cb;
238                 cred->principal_obtained = CRED_CALLBACK;
239                 return True;
240         }
241
242         return False;
243 }
244
245 /* Some of our tools are 'anonymous by default'.  This is a single
246  * function to determine if authentication has been explicitly
247  * requested */
248
249 BOOL cli_credentials_authentication_requested(struct cli_credentials *cred) 
250 {
251         if (cred->bind_dn) {
252                 return True;
253         }
254
255         if (cli_credentials_is_anonymous(cred)){
256                 return False;
257         }
258
259         if (cred->principal_obtained >= CRED_SPECIFIED) {
260                 return True;
261         }
262         if (cred->username_obtained >= CRED_SPECIFIED) {
263                 return True;
264         }
265
266         if (cli_credentials_get_kerberos_state(cred) == CRED_MUST_USE_KERBEROS) {
267                 return True;
268         }
269
270         return False;
271 }
272
273 /**
274  * Obtain the password for this credentials context.
275  * @param cred credentials context
276  * @retval If set, the cleartext password, otherwise NULL
277  */
278 const char *cli_credentials_get_password(struct cli_credentials *cred)
279 {
280         if (cred->machine_account_pending) {
281                 cli_credentials_set_machine_account(cred);
282         }
283
284         if (cred->password_obtained == CRED_CALLBACK && 
285             !cred->callback_running) {
286                 cred->callback_running = True;
287                 cred->password = cred->password_cb(cred);
288                 cred->callback_running = False;
289                 cred->password_obtained = CRED_CALLBACK_RESULT;
290                 cli_credentials_invalidate_ccache(cred, cred->password_obtained);
291         }
292
293         return cred->password;
294 }
295
296 /* Set a password on the credentials context, including an indication
297  * of 'how' the password was obtained */
298
299 BOOL cli_credentials_set_password(struct cli_credentials *cred, 
300                                   const char *val, 
301                                   enum credentials_obtained obtained)
302 {
303         if (obtained >= cred->password_obtained) {
304                 cred->password = talloc_strdup(cred, val);
305                 cred->password_obtained = obtained;
306                 cli_credentials_invalidate_ccache(cred, cred->password_obtained);
307
308                 cred->nt_hash = NULL;
309                 return True;
310         }
311
312         return False;
313 }
314
315 BOOL cli_credentials_set_password_callback(struct cli_credentials *cred,
316                                            const char *(*password_cb) (struct cli_credentials *))
317 {
318         if (cred->password_obtained < CRED_CALLBACK) {
319                 cred->password_cb = password_cb;
320                 cred->password_obtained = CRED_CALLBACK;
321                 cli_credentials_invalidate_ccache(cred, cred->password_obtained);
322                 return True;
323         }
324
325         return False;
326 }
327
328 /**
329  * Obtain the 'old' password for this credentials context (used for join accounts).
330  * @param cred credentials context
331  * @retval If set, the cleartext password, otherwise NULL
332  */
333 const char *cli_credentials_get_old_password(struct cli_credentials *cred)
334 {
335         if (cred->machine_account_pending) {
336                 cli_credentials_set_machine_account(cred);
337         }
338
339         return cred->old_password;
340 }
341
342 BOOL cli_credentials_set_old_password(struct cli_credentials *cred, 
343                                       const char *val, 
344                                       enum credentials_obtained obtained)
345 {
346         cred->old_password = talloc_strdup(cred, val);
347         return True;
348 }
349
350 /**
351  * Obtain the password, in the form MD4(unicode(password)) for this credentials context.
352  *
353  * Sometimes we only have this much of the password, while the rest of
354  * the time this call avoids calling E_md4hash themselves.
355  *
356  * @param cred credentials context
357  * @retval If set, the cleartext password, otherwise NULL
358  */
359 const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred, 
360                                                         TALLOC_CTX *mem_ctx)
361 {
362         const char *password = cli_credentials_get_password(cred);
363
364         if (password) {
365                 struct samr_Password *nt_hash = talloc(mem_ctx, struct samr_Password);
366                 if (!nt_hash) {
367                         return NULL;
368                 }
369                 
370                 E_md4hash(password, nt_hash->hash);    
371
372                 return nt_hash;
373         } else {
374                 return cred->nt_hash;
375         }
376 }
377
378 BOOL cli_credentials_set_nt_hash(struct cli_credentials *cred,
379                                  const struct samr_Password *nt_hash, 
380                                  enum credentials_obtained obtained)
381 {
382         if (obtained >= cred->password_obtained) {
383                 cli_credentials_set_password(cred, NULL, obtained);
384                 if (nt_hash) {
385                         cred->nt_hash = talloc(cred, struct samr_Password);
386                         *cred->nt_hash = *nt_hash;
387                 } else {
388                         cred->nt_hash = NULL;
389                 }
390                 return True;
391         }
392
393         return False;
394 }
395
396 /**
397  * Obtain the 'short' or 'NetBIOS' domain for this credentials context.
398  * @param cred credentials context
399  * @retval The domain set on this context. 
400  * @note Return value will never be NULL except by programmer error.
401  */
402 const char *cli_credentials_get_domain(struct cli_credentials *cred)
403 {
404         if (cred->machine_account_pending) {
405                 cli_credentials_set_machine_account(cred);
406         }
407
408         if (cred->domain_obtained == CRED_CALLBACK && 
409             !cred->callback_running) {
410                 cred->callback_running = True;
411                 cred->domain = cred->domain_cb(cred);
412                 cred->callback_running = False;
413                 cred->domain_obtained = CRED_SPECIFIED;
414                 cli_credentials_invalidate_ccache(cred, cred->domain_obtained);
415         }
416
417         return cred->domain;
418 }
419
420
421 BOOL cli_credentials_set_domain(struct cli_credentials *cred, 
422                                 const char *val, 
423                                 enum credentials_obtained obtained)
424 {
425         if (obtained >= cred->domain_obtained) {
426                 /* it is important that the domain be in upper case,
427                  * particularly for the sensitive NTLMv2
428                  * calculations */
429                 cred->domain = strupper_talloc(cred, val);
430                 cred->domain_obtained = obtained;
431                 cli_credentials_invalidate_ccache(cred, cred->domain_obtained);
432                 return True;
433         }
434
435         return False;
436 }
437
438 BOOL cli_credentials_set_domain_callback(struct cli_credentials *cred,
439                                          const char *(*domain_cb) (struct cli_credentials *))
440 {
441         if (cred->domain_obtained < CRED_CALLBACK) {
442                 cred->domain_cb = domain_cb;
443                 cred->domain_obtained = CRED_CALLBACK;
444                 return True;
445         }
446
447         return False;
448 }
449
450 /**
451  * Obtain the Kerberos realm for this credentials context.
452  * @param cred credentials context
453  * @retval The realm set on this context. 
454  * @note Return value will never be NULL except by programmer error.
455  */
456 const char *cli_credentials_get_realm(struct cli_credentials *cred)
457 {       
458         if (cred->machine_account_pending) {
459                 cli_credentials_set_machine_account(cred);
460         }
461
462         if (cred->realm_obtained == CRED_CALLBACK && 
463             !cred->callback_running) {
464                 cred->callback_running = True;
465                 cred->realm = cred->realm_cb(cred);
466                 cred->callback_running = False;
467                 cred->realm_obtained = CRED_SPECIFIED;
468                 cli_credentials_invalidate_ccache(cred, cred->realm_obtained);
469         }
470
471         return cred->realm;
472 }
473
474 /**
475  * Set the realm for this credentials context, and force it to
476  * uppercase for the sainity of our local kerberos libraries 
477  */
478 BOOL cli_credentials_set_realm(struct cli_credentials *cred, 
479                                const char *val, 
480                                enum credentials_obtained obtained)
481 {
482         if (obtained >= cred->realm_obtained) {
483                 cred->realm = strupper_talloc(cred, val);
484                 cred->realm_obtained = obtained;
485                 cli_credentials_invalidate_ccache(cred, cred->realm_obtained);
486                 return True;
487         }
488
489         return False;
490 }
491
492 BOOL cli_credentials_set_realm_callback(struct cli_credentials *cred,
493                                         const char *(*realm_cb) (struct cli_credentials *))
494 {
495         if (cred->realm_obtained < CRED_CALLBACK) {
496                 cred->realm_cb = realm_cb;
497                 cred->realm_obtained = CRED_CALLBACK;
498                 return True;
499         }
500
501         return False;
502 }
503
504 /**
505  * Obtain the 'short' or 'NetBIOS' workstation name for this credentials context.
506  *
507  * @param cred credentials context
508  * @retval The workstation name set on this context. 
509  * @note Return value will never be NULL except by programmer error.
510  */
511 const char *cli_credentials_get_workstation(struct cli_credentials *cred)
512 {
513         if (cred->workstation_obtained == CRED_CALLBACK && 
514             !cred->callback_running) {
515                 cred->callback_running = True;
516                 cred->workstation = cred->workstation_cb(cred);
517                 cred->callback_running = False;
518                 cred->workstation_obtained = CRED_SPECIFIED;
519         }
520
521         return cred->workstation;
522 }
523
524 BOOL cli_credentials_set_workstation(struct cli_credentials *cred, 
525                                      const char *val, 
526                                      enum credentials_obtained obtained)
527 {
528         if (obtained >= cred->workstation_obtained) {
529                 cred->workstation = talloc_strdup(cred, val);
530                 cred->workstation_obtained = obtained;
531                 return True;
532         }
533
534         return False;
535 }
536
537 BOOL cli_credentials_set_workstation_callback(struct cli_credentials *cred,
538                                               const char *(*workstation_cb) (struct cli_credentials *))
539 {
540         if (cred->workstation_obtained < CRED_CALLBACK) {
541                 cred->workstation_cb = workstation_cb;
542                 cred->workstation_obtained = CRED_CALLBACK;
543                 return True;
544         }
545
546         return False;
547 }
548
549 /**
550  * Given a string, typically obtained from a -U argument, parse it into domain, username, realm and password fields
551  *
552  * The format accepted is [domain\\]user[%password] or user[@realm][%password]
553  *
554  * @param credentials Credentials structure on which to set the password
555  * @param data the string containing the username, password etc
556  * @param obtained This enum describes how 'specified' this password is
557  */
558
559 void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained)
560 {
561         char *uname, *p;
562
563         if (strcmp("%",data) == 0) {
564                 cli_credentials_set_anonymous(credentials);
565                 return;
566         }
567
568         uname = talloc_strdup(credentials, data); 
569         if ((p = strchr_m(uname,'%'))) {
570                 *p = 0;
571                 cli_credentials_set_password(credentials, p+1, obtained);
572         }
573
574         if ((p = strchr_m(uname,'@'))) {
575                 cli_credentials_set_principal(credentials, uname, obtained);
576                 *p = 0;
577                 cli_credentials_set_realm(credentials, p+1, obtained);
578                 return;
579         } else if ((p = strchr_m(uname,'\\')) || (p = strchr_m(uname, '/'))) {
580                 *p = 0;
581                 cli_credentials_set_domain(credentials, uname, obtained);
582                 uname = p+1;
583         }
584         cli_credentials_set_username(credentials, uname, obtained);
585 }
586
587 /**
588  * Given a a credentials structure, print it as a string
589  *
590  * The format output is [domain\\]user[%password] or user[@realm][%password]
591  *
592  * @param credentials Credentials structure on which to set the password
593  * @param mem_ctx The memory context to place the result on
594  */
595
596 const char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx)
597 {
598         const char *bind_dn = cli_credentials_get_bind_dn(credentials);
599         const char *domain;
600         const char *username;
601         const char *name;
602
603         if (bind_dn) {
604                 name = talloc_reference(mem_ctx, bind_dn);
605         } else {
606                 cli_credentials_get_ntlm_username_domain(credentials, mem_ctx, &username, &domain);
607                 if (domain && domain[0]) {
608                         name = talloc_asprintf(mem_ctx, "%s\\%s", 
609                                                domain, username);
610                 } else {
611                         name = talloc_asprintf(mem_ctx, "%s", 
612                                                username);
613                 }
614         }
615         return name;
616 }
617
618 /**
619  * Specifies default values for domain, workstation and realm
620  * from the smb.conf configuration file
621  *
622  * @param cred Credentials structure to fill in
623  */
624 void cli_credentials_set_conf(struct cli_credentials *cred)
625 {
626         cli_credentials_set_username(cred, "", CRED_UNINITIALISED);
627         cli_credentials_set_domain(cred, lp_workgroup(), CRED_UNINITIALISED);
628         cli_credentials_set_workstation(cred, lp_netbios_name(), CRED_UNINITIALISED);
629         cli_credentials_set_realm(cred, lp_realm(), CRED_UNINITIALISED);
630 }
631
632 /**
633  * Guess defaults for credentials from environment variables, 
634  * and from the configuration file
635  * 
636  * @param cred Credentials structure to fill in
637  */
638 void cli_credentials_guess(struct cli_credentials *cred)
639 {
640         char *p;
641
642         cli_credentials_set_conf(cred);
643         
644         if (getenv("LOGNAME")) {
645                 cli_credentials_set_username(cred, getenv("LOGNAME"), CRED_GUESS_ENV);
646         }
647
648         if (getenv("USER")) {
649                 cli_credentials_parse_string(cred, getenv("USER"), CRED_GUESS_ENV);
650                 if ((p = strchr_m(getenv("USER"),'%'))) {
651                         memset(p,0,strlen(cred->password));
652                 }
653         }
654
655         if (getenv("PASSWD")) {
656                 cli_credentials_set_password(cred, getenv("PASSWD"), CRED_GUESS_ENV);
657         }
658
659         if (getenv("PASSWD_FD")) {
660                 cli_credentials_parse_password_fd(cred, atoi(getenv("PASSWD_FD")), CRED_GUESS_FILE);
661         }
662         
663         p = getenv("PASSWD_FILE");
664         if (p && p[0]) {
665                 cli_credentials_parse_password_file(cred, p, CRED_GUESS_FILE);
666         }
667         
668         if (cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) {
669                 cli_credentials_set_ccache(cred, NULL, CRED_GUESS_FILE);
670         }
671 }
672
673 /**
674  * Attach NETLOGON credentials for use with SCHANNEL
675  */
676
677 void cli_credentials_set_netlogon_creds(struct cli_credentials *cred, 
678                                         struct creds_CredentialState *netlogon_creds)
679 {
680         cred->netlogon_creds = talloc_reference(cred, netlogon_creds);
681 }
682
683 /**
684  * Return attached NETLOGON credentials 
685  */
686
687 struct creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred)
688 {
689         return cred->netlogon_creds;
690 }
691
692 /** 
693  * Set NETLOGON secure channel type
694  */
695
696 void cli_credentials_set_secure_channel_type(struct cli_credentials *cred,
697                                              enum netr_SchannelType secure_channel_type)
698 {
699         cred->secure_channel_type = secure_channel_type;
700 }
701
702 /**
703  * Return NETLOGON secure chanel type
704  */
705
706 enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred)
707 {
708         return cred->secure_channel_type;
709 }
710
711 /**
712  * Fill in a credentials structure as the anonymous user
713  */
714 void cli_credentials_set_anonymous(struct cli_credentials *cred) 
715 {
716         cli_credentials_set_username(cred, "", CRED_SPECIFIED);
717         cli_credentials_set_domain(cred, "", CRED_SPECIFIED);
718         cli_credentials_set_password(cred, NULL, CRED_SPECIFIED);
719 }
720
721 /**
722  * Describe a credentials context as anonymous or authenticated
723  * @retval True if anonymous, False if a username is specified
724  */
725
726 BOOL cli_credentials_is_anonymous(struct cli_credentials *cred)
727 {
728         const char *username;
729         
730         if (cred->machine_account_pending) {
731                 cli_credentials_set_machine_account(cred);
732         }
733
734         username = cli_credentials_get_username(cred);
735         
736         /* Yes, it is deliberate that we die if we have a NULL pointer
737          * here - anonymous is "", not NULL, which is 'never specified,
738          * never guessed', ie programmer bug */
739         if (!username[0]) {
740                 return True;
741         }
742
743         return False;
744 }
745
746 /**
747  * Mark the current password for a credentials struct as wrong. This will 
748  * cause the password to be prompted again (if a callback is set).
749  *
750  * This will decrement the number of times the password can be tried.
751  *
752  * @retval whether the credentials struct is finished
753  */
754 BOOL cli_credentials_wrong_password(struct cli_credentials *cred)
755 {
756         if (cred->password_obtained != CRED_CALLBACK_RESULT) {
757                 return False;
758         }
759         
760         cred->password_obtained = CRED_CALLBACK;
761
762         cred->tries--;
763
764         return (cred->tries > 0);
765 }
766
767 /*
768   set the common event context for this set of credentials
769  */
770 void cli_credentials_set_event_context(struct cli_credentials *cred, struct event_context *ev)
771 {
772         cred->ev = ev;
773 }
774
775 /*
776   set the common event context for this set of credentials
777  */
778 struct event_context *cli_credentials_get_event_context(struct cli_credentials *cred)
779 {
780         if (cred->ev == NULL) {
781                 cred->ev = event_context_find(cred);
782         }
783         return cred->ev;
784 }