auth/credentials/credentials_internal.h

   1 /*
   2    samba -- Unix SMB/CIFS implementation.
   3
   4    Client credentials structure
   5
   6    Copyright (C) Jelmer Vernooij 2004-2006
   7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22 #ifndef __CREDENTIALS_INTERNAL_H__
  23 #define __CREDENTIALS_INTERNAL_H__
  24
  25 #include "../lib/util/data_blob.h"
  26 #include "librpc/gen_ndr/misc.h"
  27
  28 struct cli_credentials {
  29         enum credentials_obtained workstation_obtained;
  30         enum credentials_obtained username_obtained;
  31         enum credentials_obtained password_obtained;
  32         enum credentials_obtained domain_obtained;
  33         enum credentials_obtained realm_obtained;
  34         enum credentials_obtained ccache_obtained;
  35         enum credentials_obtained krb5_ccache_obtained;
  36         enum credentials_obtained client_gss_creds_obtained;
  37         enum credentials_obtained principal_obtained;
  38         enum credentials_obtained keytab_obtained;
  39         enum credentials_obtained server_gss_creds_obtained;
  40
  41         /* Threshold values (essentially a MAX() over a number of the
  42          * above) for the ccache and GSS credentials, to ensure we
  43          * regenerate/pick correctly */
  44
  45         enum credentials_obtained ccache_threshold;
  46         enum credentials_obtained client_gss_creds_threshold;
  47
  48         const char *workstation;
  49         const char *username;
  50         const char *password;
  51         const char *old_password;
  52         const char *domain;
  53         const char *realm;
  54         const char *principal;
  55         char *salt_principal;
  56         char *impersonate_principal;
  57         char *self_service;
  58         char *target_service;
  59
  60         const char *bind_dn;
  61
  62         /* Allows authentication from a keytab or similar */
  63         struct samr_Password *nt_hash;
  64         struct samr_Password *old_nt_hash;
  65
  66         /* Allows NTLM pass-though authentication */
  67         DATA_BLOB lm_response;
  68         DATA_BLOB nt_response;
  69
  70         struct ccache_container *ccache;
  71         struct ccache_container *krb5_ccache;
  72         struct gssapi_creds_container *client_gss_creds;
  73         struct keytab_container *keytab;
  74         struct gssapi_creds_container *server_gss_creds;
  75
  76         const char *(*workstation_cb) (struct cli_credentials *);
  77         const char *(*password_cb) (struct cli_credentials *);
  78         const char *(*username_cb) (struct cli_credentials *);
  79         const char *(*domain_cb) (struct cli_credentials *);
  80         const char *(*realm_cb) (struct cli_credentials *);
  81         const char *(*principal_cb) (struct cli_credentials *);
  82
  83         /* Private handle for the callback routines to use */
  84         void *priv_data;
  85
  86         struct netlogon_creds_CredentialState *netlogon_creds;
  87         enum netr_SchannelType secure_channel_type;
  88         int kvno;
  89         time_t password_last_changed_time;
  90
  91         struct smb_krb5_context *smb_krb5_context;
  92
  93         /* We are flagged to get machine account details from the
  94          * secrets.ldb when we are asked for a username or password */
  95         bool machine_account_pending;
  96         struct loadparm_context *machine_account_pending_lp_ctx;
  97
  98         /* Is this a machine account? */
  99         bool machine_account;
 100
 101         /* Should we be trying to use kerberos? */
 102         enum credentials_use_kerberos use_kerberos;
 103
 104         /* Should we get a forwardable ticket? */
 105         enum credentials_krb_forwardable krb_forwardable;
 106
 107         /* Forced SASL mechansim */
 108         char *forced_sasl_mech;
 109
 110         /* gensec features which should be used for connections */
 111         uint32_t gensec_features;
 112
 113         /* Number of retries left before bailing out */
 114         uint32_t password_tries;
 115
 116         /* Whether any callback is currently running */
 117         bool callback_running;
 118
 119         char winbind_separator;
 120
 121         bool password_will_be_nt_hash;
 122 };
 123
 124 #endif /* __CREDENTIALS_INTERNAL_H__ */