source/auth/credentials/credentials.h

   1 /*
   2    samba -- Unix SMB/CIFS implementation.
   3
   4    Client credentials structure
   5
   6    Copyright (C) Jelmer Vernooij 2004-2006
   7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 2 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program; if not, write to the Free Software
  21    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  22 */
  23 #ifndef __CREDENTIALS_H__
  24 #define __CREDENTIALS_H__
  25
  26 #include "librpc/gen_ndr/misc.h"
  27
  28 struct ccache_container;
  29
  30 /* In order of priority */
  31 enum credentials_obtained {
  32         CRED_UNINITIALISED = 0,  /* We don't even have a guess yet */
  33         CRED_CALLBACK,           /* Callback should be used to obtain value */
  34         CRED_GUESS_ENV,          /* Current value should be used, which was guessed */
  35         CRED_GUESS_FILE,         /* A guess from a file (or file pointed at in env variable) */
  36         CRED_CALLBACK_RESULT,    /* Value was obtained from a callback */
  37         CRED_SPECIFIED           /* Was explicitly specified on the command-line */
  38 };
  39
  40 enum credentials_use_kerberos {
  41         CRED_AUTO_USE_KERBEROS = 0, /* Default, we try kerberos if available */
  42         CRED_DONT_USE_KERBEROS,     /* Sometimes trying kerberos just does 'bad things', so don't */
  43         CRED_MUST_USE_KERBEROS      /* Sometimes administrators are parinoid, so always do kerberos */
  44 };
  45
  46 #define CLI_CRED_NTLM2       0x01
  47 #define CLI_CRED_NTLMv2_AUTH 0x02
  48 #define CLI_CRED_LANMAN_AUTH 0x04
  49 #define CLI_CRED_NTLM_AUTH   0x08
  50 #define CLI_CRED_CLEAR_AUTH  0x10   /* TODO:  Push cleartext auth with this flag */
  51
  52 struct cli_credentials {
  53         enum credentials_obtained workstation_obtained;
  54         enum credentials_obtained username_obtained;
  55         enum credentials_obtained password_obtained;
  56         enum credentials_obtained domain_obtained;
  57         enum credentials_obtained realm_obtained;
  58         enum credentials_obtained ccache_obtained;
  59         enum credentials_obtained client_gss_creds_obtained;
  60         enum credentials_obtained principal_obtained;
  61         enum credentials_obtained keytab_obtained;
  62         enum credentials_obtained server_gss_creds_obtained;
  63
  64         /* Threshold values (essentially a MAX() over a number of the
  65          * above) for the ccache and GSS credentials, to ensure we
  66          * regenerate/pick correctly */
  67
  68         enum credentials_obtained ccache_threshold;
  69         enum credentials_obtained client_gss_creds_threshold;
  70
  71         const char *workstation;
  72         const char *username;
  73         const char *password;
  74         const char *old_password;
  75         const char *domain;
  76         const char *realm;
  77         const char *principal;
  78         const char *salt_principal;
  79
  80         const char *bind_dn;
  81
  82         struct samr_Password *nt_hash;
  83
  84         struct ccache_container *ccache;
  85         struct gssapi_creds_container *client_gss_creds;
  86         struct keytab_container *keytab;
  87         struct gssapi_creds_container *server_gss_creds;
  88
  89         const char *(*workstation_cb) (struct cli_credentials *);
  90         const char *(*password_cb) (struct cli_credentials *);
  91         const char *(*username_cb) (struct cli_credentials *);
  92         const char *(*domain_cb) (struct cli_credentials *);
  93         const char *(*realm_cb) (struct cli_credentials *);
  94         const char *(*principal_cb) (struct cli_credentials *);
  95
  96         /* Private handle for the callback routines to use */
  97         void *priv_data;
  98
  99         struct creds_CredentialState *netlogon_creds;
 100         enum netr_SchannelType secure_channel_type;
 101         int kvno;
 102
 103         struct smb_krb5_context *smb_krb5_context;
 104
 105         /* We are flagged to get machine account details from the
 106          * secrets.ldb when we are asked for a username or password */
 107
 108         BOOL machine_account_pending;
 109
 110         /* Is this a machine account? */
 111         BOOL machine_account;
 112
 113         /* Should we be trying to use kerberos? */
 114         enum credentials_use_kerberos use_kerberos;
 115
 116         /* gensec features which should be used for connections */
 117         uint32_t gensec_features;
 118
 119         /* Number of retries left before bailing out */
 120         int tries;
 121
 122         /* Whether any callback is currently running */
 123         BOOL callback_running;
 124
 125         /* an event context for anyone wanting to use the credentials */
 126         struct event_context *ev;
 127 };
 128
 129 struct ldb_context;
 130 #include "auth/credentials/credentials_proto.h"
 131
 132 #endif /* __CREDENTIALS_H__ */