source4/auth/credentials/credentials.h

   1 /*
   2    samba -- Unix SMB/CIFS implementation.
   3
   4    Client credentials structure
   5
   6    Copyright (C) Jelmer Vernooij 2004-2006
   7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 2 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program; if not, write to the Free Software
  21    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  22 */
  23 #ifndef __CREDENTIALS_H__
  24 #define __CREDENTIALS_H__
  25
  26 #include "librpc/gen_ndr/misc.h"
  27
  28 struct ccache_container;
  29
  30 /* In order of priority */
  31 enum credentials_obtained {
  32         CRED_UNINITIALISED = 0,  /* We don't even have a guess yet */
  33         CRED_GUESS_ENV,          /* Current value should be used, which was guessed */
  34         CRED_CALLBACK,           /* Callback should be used to obtain value */
  35         CRED_GUESS_FILE,         /* A guess from a file (or file pointed at in env variable) */
  36         CRED_CALLBACK_RESULT,    /* Value was obtained from a callback */
  37         CRED_SPECIFIED           /* Was explicitly specified on the command-line */
  38 };
  39
  40 enum credentials_use_kerberos {
  41         CRED_AUTO_USE_KERBEROS = 0, /* Default, we try kerberos if available */
  42         CRED_DONT_USE_KERBEROS,     /* Sometimes trying kerberos just does 'bad things', so don't */
  43         CRED_MUST_USE_KERBEROS      /* Sometimes administrators are parinoid, so always do kerberos */
  44 };
  45
  46 #define CLI_CRED_NTLM2       0x01
  47 #define CLI_CRED_NTLMv2_AUTH 0x02
  48 #define CLI_CRED_LANMAN_AUTH 0x04
  49 #define CLI_CRED_NTLM_AUTH   0x08
  50 #define CLI_CRED_CLEAR_AUTH  0x10   /* TODO:  Push cleartext auth with this flag */
  51
  52 struct cli_credentials {
  53         enum credentials_obtained workstation_obtained;
  54         enum credentials_obtained username_obtained;
  55         enum credentials_obtained password_obtained;
  56         enum credentials_obtained domain_obtained;
  57         enum credentials_obtained realm_obtained;
  58         enum credentials_obtained ccache_obtained;
  59         enum credentials_obtained client_gss_creds_obtained;
  60         enum credentials_obtained principal_obtained;
  61         enum credentials_obtained keytab_obtained;
  62         enum credentials_obtained server_gss_creds_obtained;
  63
  64         const char *workstation;
  65         const char *username;
  66         const char *password;
  67         const char *old_password;
  68         const char *domain;
  69         const char *realm;
  70         const char *principal;
  71         const char *salt_principal;
  72
  73         const char *bind_dn;
  74
  75         struct samr_Password *nt_hash;
  76
  77         struct ccache_container *ccache;
  78         struct gssapi_creds_container *client_gss_creds;
  79         struct keytab_container *keytab;
  80         struct gssapi_creds_container *server_gss_creds;
  81
  82         const char *(*workstation_cb) (struct cli_credentials *);
  83         const char *(*password_cb) (struct cli_credentials *);
  84         const char *(*username_cb) (struct cli_credentials *);
  85         const char *(*domain_cb) (struct cli_credentials *);
  86         const char *(*realm_cb) (struct cli_credentials *);
  87         const char *(*principal_cb) (struct cli_credentials *);
  88
  89         /* Private handle for the callback routines to use */
  90         void *priv_data;
  91
  92         struct creds_CredentialState *netlogon_creds;
  93         enum netr_SchannelType secure_channel_type;
  94         int kvno;
  95
  96         struct smb_krb5_context *smb_krb5_context;
  97
  98         /* We are flagged to get machine account details from the
  99          * secrets.ldb when we are asked for a username or password */
 100
 101         BOOL machine_account_pending;
 102
 103         /* Is this a machine account? */
 104         BOOL machine_account;
 105
 106         /* Should we be trying to use kerberos? */
 107         enum credentials_use_kerberos use_kerberos;
 108
 109         /* gensec features which should be used for connections */
 110         uint32_t gensec_features;
 111
 112         /* Number of retries left before bailing out */
 113         int tries;
 114
 115         /* Whether any callback is currently running */
 116         BOOL callback_running;
 117 };
 118
 119 struct ldb_context;
 120 #include "auth/credentials/credentials_proto.h"
 121
 122 #endif /* __CREDENTIALS_H__ */