auth/credentials/credentials_internal.h

   1 /*
   2    samba -- Unix SMB/CIFS implementation.
   3
   4    Client credentials structure
   5
   6    Copyright (C) Jelmer Vernooij 2004-2006
   7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22 #ifndef __CREDENTIALS_INTERNAL_H__
  23 #define __CREDENTIALS_INTERNAL_H__
  24
  25 #include "../lib/util/data_blob.h"
  26 #include "librpc/gen_ndr/misc.h"
  27
  28 struct cli_credentials {
  29         enum credentials_obtained workstation_obtained;
  30         enum credentials_obtained username_obtained;
  31         enum credentials_obtained password_obtained;
  32         enum credentials_obtained domain_obtained;
  33         enum credentials_obtained realm_obtained;
  34         enum credentials_obtained ccache_obtained;
  35         enum credentials_obtained client_gss_creds_obtained;
  36         enum credentials_obtained principal_obtained;
  37         enum credentials_obtained keytab_obtained;
  38         enum credentials_obtained server_gss_creds_obtained;
  39
  40         /* Threshold values (essentially a MAX() over a number of the
  41          * above) for the ccache and GSS credentials, to ensure we
  42          * regenerate/pick correctly */
  43
  44         enum credentials_obtained ccache_threshold;
  45         enum credentials_obtained client_gss_creds_threshold;
  46
  47         const char *workstation;
  48         const char *username;
  49         const char *password;
  50         const char *old_password;
  51         const char *domain;
  52         const char *realm;
  53         const char *principal;
  54         char *salt_principal;
  55         char *impersonate_principal;
  56         char *self_service;
  57         char *target_service;
  58
  59         const char *bind_dn;
  60
  61         /* Allows authentication from a keytab or similar */
  62         struct samr_Password *nt_hash;
  63
  64         /* Allows NTLM pass-though authentication */
  65         DATA_BLOB lm_response;
  66         DATA_BLOB nt_response;
  67
  68         struct ccache_container *ccache;
  69         struct gssapi_creds_container *client_gss_creds;
  70         struct keytab_container *keytab;
  71         struct gssapi_creds_container *server_gss_creds;
  72
  73         const char *(*workstation_cb) (struct cli_credentials *);
  74         const char *(*password_cb) (struct cli_credentials *);
  75         const char *(*username_cb) (struct cli_credentials *);
  76         const char *(*domain_cb) (struct cli_credentials *);
  77         const char *(*realm_cb) (struct cli_credentials *);
  78         const char *(*principal_cb) (struct cli_credentials *);
  79
  80         /* Private handle for the callback routines to use */
  81         void *priv_data;
  82
  83         struct netlogon_creds_CredentialState *netlogon_creds;
  84         enum netr_SchannelType secure_channel_type;
  85         int kvno;
  86         time_t password_last_changed_time;
  87
  88         struct smb_krb5_context *smb_krb5_context;
  89
  90         /* We are flagged to get machine account details from the
  91          * secrets.ldb when we are asked for a username or password */
  92         bool machine_account_pending;
  93         struct loadparm_context *machine_account_pending_lp_ctx;
  94
  95         /* Is this a machine account? */
  96         bool machine_account;
  97
  98         /* Should we be trying to use kerberos? */
  99         enum credentials_use_kerberos use_kerberos;
 100
 101         /* Should we get a forwardable ticket? */
 102         enum credentials_krb_forwardable krb_forwardable;
 103
 104         /* gensec features which should be used for connections */
 105         uint32_t gensec_features;
 106
 107         /* Number of retries left before bailing out */
 108         uint32_t password_tries;
 109
 110         /* Whether any callback is currently running */
 111         bool callback_running;
 112 };
 113
 114 #endif /* __CREDENTIALS_INTERNAL_H__ */