search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
winbindd: add routing_domain as parameter to add_trusted_domain
[Samba.git] / auth / credentials / credentials.h
blob9fe6a82b1ead5a56f06d830a39c3023d6ac5a956
1 /*
2 samba -- Unix SMB/CIFS implementation.
3
4 Client credentials structure
5
6 Copyright (C) Jelmer Vernooij 2004-2006
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22 #ifndef __CREDENTIALS_H__
23 #define __CREDENTIALS_H__
24
25 #include "../lib/util/time.h"
26 #include "../lib/util/data_blob.h"
27 #include "librpc/gen_ndr/misc.h"
28
29 struct cli_credentials;
30 struct ccache_container;
31 struct tevent_context;
32 struct netlogon_creds_CredentialState;
33 struct ldb_context;
34 struct ldb_message;
35 struct loadparm_context;
36 struct ccache_container;
37 struct gssapi_creds_container;
38 struct smb_krb5_context;
39 struct keytab_container;
40 struct db_context;
41
42 /* In order of priority */
43 enum credentials_obtained {
44 CRED_UNINITIALISED = 0, /* We don't even have a guess yet */
45 CRED_CALLBACK, /* Callback should be used to obtain value */
46 CRED_GUESS_ENV, /* Current value should be used, which was guessed */
47 CRED_GUESS_FILE, /* A guess from a file (or file pointed at in env variable) */
48 CRED_CALLBACK_RESULT, /* Value was obtained from a callback */
49 CRED_SPECIFIED /* Was explicitly specified on the command-line */
50 };
51
52 enum credentials_use_kerberos {
53 CRED_AUTO_USE_KERBEROS = 0, /* Default, we try kerberos if available */
54 CRED_DONT_USE_KERBEROS, /* Sometimes trying kerberos just does 'bad things', so don't */
55 CRED_MUST_USE_KERBEROS /* Sometimes administrators are parinoid, so always do kerberos */
56 };
57
58 enum credentials_krb_forwardable {
59 CRED_AUTO_KRB_FORWARDABLE = 0, /* Default, follow library defaults */
60 CRED_NO_KRB_FORWARDABLE, /* not forwardable */
61 CRED_FORCE_KRB_FORWARDABLE /* forwardable */
62 };
63
64 #define CLI_CRED_NTLM2 0x01
65 #define CLI_CRED_NTLMv2_AUTH 0x02
66 #define CLI_CRED_LANMAN_AUTH 0x04
67 #define CLI_CRED_NTLM_AUTH 0x08
68 #define CLI_CRED_CLEAR_AUTH 0x10 /* TODO: Push cleartext auth with this flag */
69
70 const char *cli_credentials_get_workstation(struct cli_credentials *cred);
71 bool cli_credentials_set_workstation(struct cli_credentials *cred,
72 const char *val,
73 enum credentials_obtained obtained);
74 bool cli_credentials_is_anonymous(struct cli_credentials *cred);
75 struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx);
76 void cli_credentials_set_anonymous(struct cli_credentials *cred);
77 bool cli_credentials_wrong_password(struct cli_credentials *cred);
78 const char *cli_credentials_get_password(struct cli_credentials *cred);
79 void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx,
80 const char **username,
81 const char **domain);
82 NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx,
83 int *flags,
84 DATA_BLOB challenge,
85 const NTTIME *server_timestamp,
86 DATA_BLOB target_info,
87 DATA_BLOB *_lm_response, DATA_BLOB *_nt_response,
88 DATA_BLOB *_lm_session_key, DATA_BLOB *_session_key);
89 const char *cli_credentials_get_realm(struct cli_credentials *cred);
90 const char *cli_credentials_get_username(struct cli_credentials *cred);
91 int cli_credentials_get_krb5_context(struct cli_credentials *cred,
92 struct loadparm_context *lp_ctx,
93 struct smb_krb5_context **smb_krb5_context);
94 int cli_credentials_get_ccache(struct cli_credentials *cred,
95 struct tevent_context *event_ctx,
96 struct loadparm_context *lp_ctx,
97 struct ccache_container **ccc,
98 const char **error_string);
99 int cli_credentials_get_named_ccache(struct cli_credentials *cred,
100 struct tevent_context *event_ctx,
101 struct loadparm_context *lp_ctx,
102 char *ccache_name,
103 struct ccache_container **ccc, const char **error_string);
104 bool cli_credentials_failed_kerberos_login(struct cli_credentials *cred,
105 const char *principal,
106 unsigned int *count);
107 int cli_credentials_get_keytab(struct cli_credentials *cred,
108 struct loadparm_context *lp_ctx,
109 struct keytab_container **_ktc);
110 const char *cli_credentials_get_domain(struct cli_credentials *cred);
111 struct netlogon_creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred);
112 void cli_credentials_set_machine_account_pending(struct cli_credentials *cred,
113 struct loadparm_context *lp_ctx);
114 void cli_credentials_set_conf(struct cli_credentials *cred,
115 struct loadparm_context *lp_ctx);
116 char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx);
117 int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
118 struct loadparm_context *lp_ctx,
119 struct gssapi_creds_container **_gcc);
120 int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
121 struct tevent_context *event_ctx,
122 struct loadparm_context *lp_ctx,
123 struct gssapi_creds_container **_gcc,
124 const char **error_string);
125 void cli_credentials_set_forced_sasl_mech(struct cli_credentials *creds,
126 const char *sasl_mech);
127 void cli_credentials_set_kerberos_state(struct cli_credentials *creds,
128 enum credentials_use_kerberos use_kerberos);
129 void cli_credentials_set_krb_forwardable(struct cli_credentials *creds,
130 enum credentials_krb_forwardable krb_forwardable);
131 bool cli_credentials_set_domain(struct cli_credentials *cred,
132 const char *val,
133 enum credentials_obtained obtained);
134 bool cli_credentials_set_domain_callback(struct cli_credentials *cred,
135 const char *(*domain_cb) (struct cli_credentials *));
136 bool cli_credentials_set_username(struct cli_credentials *cred,
137 const char *val, enum credentials_obtained obtained);
138 bool cli_credentials_set_username_callback(struct cli_credentials *cred,
139 const char *(*username_cb) (struct cli_credentials *));
140 bool cli_credentials_set_principal(struct cli_credentials *cred,
141 const char *val,
142 enum credentials_obtained obtained);
143 bool cli_credentials_set_principal_callback(struct cli_credentials *cred,
144 const char *(*principal_cb) (struct cli_credentials *));
145 bool cli_credentials_set_password(struct cli_credentials *cred,
146 const char *val,
147 enum credentials_obtained obtained);
148 struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx);
149 void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained);
150 struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred,
151 TALLOC_CTX *mem_ctx);
152 struct samr_Password *cli_credentials_get_old_nt_hash(struct cli_credentials *cred,
153 TALLOC_CTX *mem_ctx);
154 bool cli_credentials_set_realm(struct cli_credentials *cred,
155 const char *val,
156 enum credentials_obtained obtained);
157 void cli_credentials_set_secure_channel_type(struct cli_credentials *cred,
158 enum netr_SchannelType secure_channel_type);
159 void cli_credentials_set_password_last_changed_time(struct cli_credentials *cred,
160 time_t last_change_time);
161 void cli_credentials_set_netlogon_creds(
162 struct cli_credentials *cred,
163 const struct netlogon_creds_CredentialState *netlogon_creds);
164 NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred,
165 struct smb_krb5_context *smb_krb5_context);
166 NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
167 struct loadparm_context *lp_ctx,
168 const char *serviceprincipal);
169 NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
170 struct loadparm_context *lp_ctx);
171 /**
172 * Fill in credentials for the machine trust account, from the
173 * secrets.ldb or passed in handle to secrets.tdb (perhaps in CTDB).
174 *
175 * This version is used in parts of the code that can link in the
176 * CTDB dbwrap backend, by passing down the already open handle.
177 *
178 * @param cred Credentials structure to fill in
179 * @param db_ctx dbwrap context for secrets.tdb
180 * @retval NTSTATUS error detailing any failure
181 */
182 NTSTATUS cli_credentials_set_machine_account_db_ctx(struct cli_credentials *cred,
183 struct loadparm_context *lp_ctx,
184 struct db_context *db_ctx);
185
186 bool cli_credentials_authentication_requested(struct cli_credentials *cred);
187 void cli_credentials_guess(struct cli_credentials *cred,
188 struct loadparm_context *lp_ctx);
189 bool cli_credentials_set_bind_dn(struct cli_credentials *cred,
190 const char *bind_dn);
191 const char *cli_credentials_get_bind_dn(struct cli_credentials *cred);
192 bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, enum credentials_obtained obtained);
193 char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx);
194 bool cli_credentials_set_password_callback(struct cli_credentials *cred,
195 const char *(*password_cb) (struct cli_credentials *));
196 enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred);
197 time_t cli_credentials_get_password_last_changed_time(struct cli_credentials *cred);
198 void cli_credentials_set_kvno(struct cli_credentials *cred,
199 int kvno);
200 bool cli_credentials_set_utf16_password(struct cli_credentials *cred,
201 const DATA_BLOB *password_utf16,
202 enum credentials_obtained obtained);
203 bool cli_credentials_set_old_utf16_password(struct cli_credentials *cred,
204 const DATA_BLOB *password_utf16);
205 void cli_credentials_set_password_will_be_nt_hash(struct cli_credentials *cred,
206 bool val);
207 bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
208 const struct samr_Password *nt_hash,
209 enum credentials_obtained obtained);
210 bool cli_credentials_set_old_nt_hash(struct cli_credentials *cred,
211 const struct samr_Password *nt_hash);
212 bool cli_credentials_set_ntlm_response(struct cli_credentials *cred,
213 const DATA_BLOB *lm_response,
214 const DATA_BLOB *nt_response,
215 enum credentials_obtained obtained);
216 int cli_credentials_set_keytab_name(struct cli_credentials *cred,
217 struct loadparm_context *lp_ctx,
218 const char *keytab_name,
219 enum credentials_obtained obtained);
220 void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features);
221 uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds);
222 int cli_credentials_set_ccache(struct cli_credentials *cred,
223 struct loadparm_context *lp_ctx,
224 const char *name,
225 enum credentials_obtained obtained,
226 const char **error_string);
227 bool cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained);
228 bool cli_credentials_parse_password_fd(struct cli_credentials *credentials,
229 int fd, enum credentials_obtained obtained);
230 void cli_credentials_invalidate_ccache(struct cli_credentials *cred,
231 enum credentials_obtained obtained);
232 void cli_credentials_set_salt_principal(struct cli_credentials *cred, const char *principal);
233 void cli_credentials_set_impersonate_principal(struct cli_credentials *cred,
234 const char *principal,
235 const char *self_service);
236 void cli_credentials_set_target_service(struct cli_credentials *cred, const char *principal);
237 const char *cli_credentials_get_salt_principal(struct cli_credentials *cred);
238 const char *cli_credentials_get_impersonate_principal(struct cli_credentials *cred);
239 const char *cli_credentials_get_self_service(struct cli_credentials *cred);
240 const char *cli_credentials_get_target_service(struct cli_credentials *cred);
241 enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds);
242 const char *cli_credentials_get_forced_sasl_mech(struct cli_credentials *cred);
243 enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(struct cli_credentials *creds);
244 NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
245 struct loadparm_context *lp_ctx,
246 struct ldb_context *ldb,
247 const char *base,
248 const char *filter,
249 char **error_string);
250 int cli_credentials_get_kvno(struct cli_credentials *cred);
251
252 bool cli_credentials_set_username_callback(struct cli_credentials *cred,
253 const char *(*username_cb) (struct cli_credentials *));
254
255 /**
256 * Obtain the client principal for this credentials context.
257 * @param cred credentials context
258 * @retval The username set on this context.
259 * @note Return value will never be NULL except by programmer error.
260 */
261 char *cli_credentials_get_principal_and_obtained(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, enum credentials_obtained *obtained);
262 bool cli_credentials_set_principal(struct cli_credentials *cred,
263 const char *val,
264 enum credentials_obtained obtained);
265 bool cli_credentials_set_principal_callback(struct cli_credentials *cred,
266 const char *(*principal_cb) (struct cli_credentials *));
267
268 /**
269 * Obtain the 'old' password for this credentials context (used for join accounts).
270 * @param cred credentials context
271 * @retval If set, the cleartext password, otherwise NULL
272 */
273 const char *cli_credentials_get_old_password(struct cli_credentials *cred);
274 bool cli_credentials_set_old_password(struct cli_credentials *cred,
275 const char *val,
276 enum credentials_obtained obtained);
277 bool cli_credentials_set_domain_callback(struct cli_credentials *cred,
278 const char *(*domain_cb) (struct cli_credentials *));
279 bool cli_credentials_set_realm_callback(struct cli_credentials *cred,
280 const char *(*realm_cb) (struct cli_credentials *));
281 bool cli_credentials_set_workstation_callback(struct cli_credentials *cred,
282 const char *(*workstation_cb) (struct cli_credentials *));
283
284 void cli_credentials_set_callback_data(struct cli_credentials *cred,
285 void *callback_data);
286 void *_cli_credentials_callback_data(struct cli_credentials *cred);
287 #define cli_credentials_callback_data(_cred, _type) \
288 talloc_get_type_abort(_cli_credentials_callback_data(_cred), _type)
289 #define cli_credentials_callback_data_void(_cred) \
290 _cli_credentials_callback_data(_cred)
291
292 /**
293 * Return attached NETLOGON credentials
294 */
295 struct netlogon_creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred);
296
297 NTSTATUS netlogon_creds_session_encrypt(
298 struct netlogon_creds_CredentialState *state,
299 DATA_BLOB data);
300
301 #endif /* __CREDENTIALS_H__ */
Samba GIT mirror