2 samba -- Unix SMB/CIFS implementation.
4 Client credentials structure
6 Copyright (C) Jelmer Vernooij 2004-2006
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 #ifndef __CREDENTIALS_H__
24 #define __CREDENTIALS_H__
26 #include "librpc/gen_ndr/misc.h"
28 struct ccache_container
;
30 /* In order of priority */
31 enum credentials_obtained
{
32 CRED_UNINITIALISED
= 0, /* We don't even have a guess yet */
33 CRED_GUESS_ENV
, /* Current value should be used, which was guessed */
34 CRED_CALLBACK
, /* Callback should be used to obtain value */
35 CRED_GUESS_FILE
, /* A guess from a file (or file pointed at in env variable) */
36 CRED_CALLBACK_RESULT
, /* Value was obtained from a callback */
37 CRED_SPECIFIED
/* Was explicitly specified on the command-line */
40 enum credentials_use_kerberos
{
41 CRED_AUTO_USE_KERBEROS
= 0, /* Default, we try kerberos if available */
42 CRED_DONT_USE_KERBEROS
, /* Sometimes trying kerberos just does 'bad things', so don't */
43 CRED_MUST_USE_KERBEROS
/* Sometimes administrators are parinoid, so always do kerberos */
46 #define CLI_CRED_NTLM2 0x01
47 #define CLI_CRED_NTLMv2_AUTH 0x02
48 #define CLI_CRED_LANMAN_AUTH 0x04
49 #define CLI_CRED_NTLM_AUTH 0x08
50 #define CLI_CRED_CLEAR_AUTH 0x10 /* TODO: Push cleartext auth with this flag */
52 struct cli_credentials
{
53 enum credentials_obtained workstation_obtained
;
54 enum credentials_obtained username_obtained
;
55 enum credentials_obtained password_obtained
;
56 enum credentials_obtained domain_obtained
;
57 enum credentials_obtained realm_obtained
;
58 enum credentials_obtained ccache_obtained
;
59 enum credentials_obtained client_gss_creds_obtained
;
60 enum credentials_obtained principal_obtained
;
61 enum credentials_obtained keytab_obtained
;
62 enum credentials_obtained server_gss_creds_obtained
;
64 const char *workstation
;
67 const char *old_password
;
70 const char *principal
;
71 const char *salt_principal
;
75 struct samr_Password
*nt_hash
;
77 struct ccache_container
*ccache
;
78 struct gssapi_creds_container
*client_gss_creds
;
79 struct keytab_container
*keytab
;
80 struct gssapi_creds_container
*server_gss_creds
;
82 const char *(*workstation_cb
) (struct cli_credentials
*);
83 const char *(*password_cb
) (struct cli_credentials
*);
84 const char *(*username_cb
) (struct cli_credentials
*);
85 const char *(*domain_cb
) (struct cli_credentials
*);
86 const char *(*realm_cb
) (struct cli_credentials
*);
87 const char *(*principal_cb
) (struct cli_credentials
*);
89 /* Private handle for the callback routines to use */
92 struct creds_CredentialState
*netlogon_creds
;
93 enum netr_SchannelType secure_channel_type
;
96 struct smb_krb5_context
*smb_krb5_context
;
98 /* We are flagged to get machine account details from the
99 * secrets.ldb when we are asked for a username or password */
101 BOOL machine_account_pending
;
103 /* Is this a machine account? */
104 BOOL machine_account
;
106 /* Should we be trying to use kerberos? */
107 enum credentials_use_kerberos use_kerberos
;
109 /* gensec features which should be used for connections */
110 uint32_t gensec_features
;
112 /* Number of retries left before bailing out */
115 /* Whether any callback is currently running */
116 BOOL callback_running
;
120 #include "auth/credentials/credentials_proto.h"
122 #endif /* __CREDENTIALS_H__ */