Move ntlm_check.h into the common libcli/auth
[kai/samba.git] / libcli / auth / credentials.h
1 /* 
2    Unix SMB/CIFS implementation.
3
4    code to manipulate domain credentials
5
6    Copyright (C) Andrew Tridgell 2004
7    
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License as published by
10    the Free Software Foundation; either version 3 of the License, or
11    (at your option) any later version.
12    
13    This program is distributed in the hope that it will be useful,
14    but WITHOUT ANY WARRANTY; without even the implied warranty of
15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16    GNU General Public License for more details.
17    
18    You should have received a copy of the GNU General Public License
19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "librpc/gen_ndr/netlogon.h"
23
24 struct creds_CredentialState {
25         uint32_t negotiate_flags;
26         uint8_t session_key[16];
27         uint32_t sequence;
28         struct netr_Credential seed;
29         struct netr_Credential client;
30         struct netr_Credential server;
31         uint16_t secure_channel_type;
32         const char *domain;
33         const char *computer_name;
34         const char *account_name;
35         struct dom_sid *sid;
36 };
37
38 /* The 7 here seems to be required to get Win2k not to downgrade us
39    to NT4.  Actually, anything other than 1ff would seem to do... */
40 #define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff
41 /*
42         (NETLOGON_NEG_ACCOUNT_LOCKOUT |
43          NETLOGON_NEG_PERSISTENT_SAMREPL |
44          NETLOGON_NEG_ARCFOUR |
45          NETLOGON_NEG_PROMOTION_COUNT |
46          NETLOGON_NEG_CHANGELOG_BDC |
47          NETLOGON_NEG_FULL_SYNC_REPL |
48          NETLOGON_NEG_MULTIPLE_SIDS |
49          NETLOGON_NEG_REDO |
50          NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
51          NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
52          NETLOGON_NEG_PASSWORD_SET2 |
53          NETLOGON_NEG_GETDOMAININFO)
54 */
55 #define NETLOGON_NEG_DOMAIN_TRUST_ACCOUNT       0x2010b000
56
57 /* these are the flags that ADS clients use */
58 /*
59         (NETLOGON_NEG_ACCOUNT_LOCKOUT |
60          NETLOGON_NEG_PERSISTENT_SAMREPL |
61          NETLOGON_NEG_ARCFOUR |
62          NETLOGON_NEG_PROMOTION_COUNT |
63          NETLOGON_NEG_CHANGELOG_BDC |
64          NETLOGON_NEG_FULL_SYNC_REPL |
65          NETLOGON_NEG_MULTIPLE_SIDS |
66          NETLOGON_NEG_REDO |
67          NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
68          NETLOGON_NEG_SEND_PASSWORD_INFO_PDC |
69          NETLOGON_NEG_GENERIC_PASSTHROUGH |
70          NETLOGON_NEG_CONCURRENT_RPC |
71          NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL |
72          NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL |
73          NETLOGON_NEG_128BIT |
74          NETLOGON_NEG_TRANSITIVE_TRUSTS |
75          NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
76          NETLOGON_NEG_PASSWORD_SET2 |
77          NETLOGON_NEG_GETDOMAININFO |
78          NETLOGON_NEG_CROSS_FOREST_TRUSTS |
79          NETLOGON_NEG_AUTHENTICATED_RPC_LSASS |
80          NETLOGON_NEG_SCHANNEL)
81 */
82
83 #define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL)
84
85