auth/credentials/credentials_internal.h

   1 /*
   2    samba -- Unix SMB/CIFS implementation.
   3
   4    Client credentials structure
   5
   6    Copyright (C) Jelmer Vernooij 2004-2006
   7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22 #ifndef __CREDENTIALS_INTERNAL_H__
  23 #define __CREDENTIALS_INTERNAL_H__
  24
  25 #include "../lib/util/data_blob.h"
  26 #include "librpc/gen_ndr/misc.h"
  27 #include "libcli/smb/smb_constants.h"
  28
  29 struct cli_credentials {
  30         enum credentials_obtained workstation_obtained;
  31         enum credentials_obtained username_obtained;
  32         enum credentials_obtained password_obtained;
  33         enum credentials_obtained domain_obtained;
  34         enum credentials_obtained realm_obtained;
  35         enum credentials_obtained ccache_obtained;
  36         enum credentials_obtained client_gss_creds_obtained;
  37         enum credentials_obtained principal_obtained;
  38         enum credentials_obtained keytab_obtained;
  39         enum credentials_obtained server_gss_creds_obtained;
  40         enum credentials_obtained signing_state_obtained;
  41         enum credentials_obtained ipc_signing_state_obtained;
  42         enum credentials_obtained encryption_state_obtained;
  43         enum credentials_obtained kerberos_state_obtained;
  44         enum credentials_obtained gensec_features_obtained;
  45
  46         /* Threshold values (essentially a MAX() over a number of the
  47          * above) for the ccache and GSS credentials, to ensure we
  48          * regenerate/pick correctly */
  49
  50         enum credentials_obtained ccache_threshold;
  51         enum credentials_obtained client_gss_creds_threshold;
  52
  53         const char *workstation;
  54         const char *username;
  55         const char *password;
  56         const char *old_password;
  57         const char *domain;
  58         const char *realm;
  59         const char *principal;
  60         char *salt_principal;
  61         char *impersonate_principal;
  62         char *self_service;
  63         char *target_service;
  64
  65         const char *bind_dn;
  66
  67         /* Allows authentication from a keytab or similar */
  68         struct samr_Password *nt_hash;
  69         struct samr_Password *old_nt_hash;
  70
  71         /* Allows NTLM pass-though authentication */
  72         DATA_BLOB lm_response;
  73         DATA_BLOB lm_session_key;
  74         DATA_BLOB nt_response;
  75         DATA_BLOB nt_session_key;
  76
  77         struct ccache_container *ccache;
  78         struct gssapi_creds_container *client_gss_creds;
  79         struct keytab_container *keytab;
  80         struct gssapi_creds_container *server_gss_creds;
  81
  82         const char *(*workstation_cb) (struct cli_credentials *);
  83         const char *(*password_cb) (struct cli_credentials *);
  84         const char *(*username_cb) (struct cli_credentials *);
  85         const char *(*domain_cb) (struct cli_credentials *);
  86         const char *(*realm_cb) (struct cli_credentials *);
  87         const char *(*principal_cb) (struct cli_credentials *);
  88
  89         /* Private handle for the callback routines to use */
  90         void *priv_data;
  91
  92         struct netlogon_creds_CredentialState *netlogon_creds;
  93         enum netr_SchannelType secure_channel_type;
  94         int kvno;
  95         time_t password_last_changed_time;
  96
  97         struct smb_krb5_context *smb_krb5_context;
  98
  99         /* We are flagged to get machine account details from the
 100          * secrets.ldb when we are asked for a username or password */
 101         bool machine_account_pending;
 102         struct loadparm_context *machine_account_pending_lp_ctx;
 103
 104         /* Is this a machine account? */
 105         bool machine_account;
 106
 107         /* Should we be trying to use kerberos? */
 108         enum credentials_use_kerberos kerberos_state;
 109
 110         /* Should we get a forwardable ticket? */
 111         enum credentials_krb_forwardable krb_forwardable;
 112
 113         /* Forced SASL mechanism */
 114         char *forced_sasl_mech;
 115
 116         /* gensec features which should be used for connections */
 117         uint32_t gensec_features;
 118
 119         /* Number of retries left before bailing out */
 120         uint32_t password_tries;
 121
 122         /* Whether any callback is currently running */
 123         bool callback_running;
 124
 125         char winbind_separator;
 126
 127         bool password_will_be_nt_hash;
 128
 129         enum smb_signing_setting signing_state;
 130
 131         enum smb_signing_setting ipc_signing_state;
 132
 133         enum smb_encryption_setting encryption_state;
 134 };
 135
 136 #endif /* __CREDENTIALS_INTERNAL_H__ */