2 samba -- Unix SMB/CIFS implementation.
4 Client credentials structure
6 Copyright (C) Jelmer Vernooij 2004-2006
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #ifndef __CREDENTIALS_INTERNAL_H__
23 #define __CREDENTIALS_INTERNAL_H__
25 #include "../lib/util/data_blob.h"
26 #include "librpc/gen_ndr/misc.h"
28 struct cli_credentials
{
29 enum credentials_obtained workstation_obtained
;
30 enum credentials_obtained username_obtained
;
31 enum credentials_obtained password_obtained
;
32 enum credentials_obtained domain_obtained
;
33 enum credentials_obtained realm_obtained
;
34 enum credentials_obtained ccache_obtained
;
35 enum credentials_obtained client_gss_creds_obtained
;
36 enum credentials_obtained principal_obtained
;
37 enum credentials_obtained keytab_obtained
;
38 enum credentials_obtained server_gss_creds_obtained
;
40 /* Threshold values (essentially a MAX() over a number of the
41 * above) for the ccache and GSS credentials, to ensure we
42 * regenerate/pick correctly */
44 enum credentials_obtained ccache_threshold
;
45 enum credentials_obtained client_gss_creds_threshold
;
47 const char *workstation
;
50 const char *old_password
;
53 const char *principal
;
55 char *impersonate_principal
;
61 /* Allows authentication from a keytab or similar */
62 struct samr_Password
*nt_hash
;
63 struct samr_Password
*old_nt_hash
;
65 /* Allows NTLM pass-though authentication */
66 DATA_BLOB lm_response
;
67 DATA_BLOB nt_response
;
69 struct ccache_container
*ccache
;
70 struct gssapi_creds_container
*client_gss_creds
;
71 struct keytab_container
*keytab
;
72 struct gssapi_creds_container
*server_gss_creds
;
74 const char *(*workstation_cb
) (struct cli_credentials
*);
75 const char *(*password_cb
) (struct cli_credentials
*);
76 const char *(*username_cb
) (struct cli_credentials
*);
77 const char *(*domain_cb
) (struct cli_credentials
*);
78 const char *(*realm_cb
) (struct cli_credentials
*);
79 const char *(*principal_cb
) (struct cli_credentials
*);
81 /* Private handle for the callback routines to use */
84 struct netlogon_creds_CredentialState
*netlogon_creds
;
85 enum netr_SchannelType secure_channel_type
;
87 time_t password_last_changed_time
;
89 struct smb_krb5_context
*smb_krb5_context
;
91 /* We are flagged to get machine account details from the
92 * secrets.ldb when we are asked for a username or password */
93 bool machine_account_pending
;
94 struct loadparm_context
*machine_account_pending_lp_ctx
;
96 /* Is this a machine account? */
99 /* Should we be trying to use kerberos? */
100 enum credentials_use_kerberos use_kerberos
;
102 /* Should we get a forwardable ticket? */
103 enum credentials_krb_forwardable krb_forwardable
;
105 /* Forced SASL mechansim */
106 char *forced_sasl_mech
;
108 /* gensec features which should be used for connections */
109 uint32_t gensec_features
;
111 /* Number of retries left before bailing out */
112 uint32_t password_tries
;
114 /* Whether any callback is currently running */
115 bool callback_running
;
117 char winbind_separator
;
119 bool password_will_be_nt_hash
;
122 #endif /* __CREDENTIALS_INTERNAL_H__ */