1 /* 2 samba -- Unix SMB/CIFS implementation. 3 4 Client credentials structure 5 6 Copyright (C) Jelmer Vernooij 2004-2006 7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005 8 9 This program is free software; you can redistribute it and/or modify 10 it under the terms of the GNU General Public License as published by 11 the Free Software Foundation; either version 3 of the License, or 12 (at your option) any later version. 13 14 This program is distributed in the hope that it will be useful, 15 but WITHOUT ANY WARRANTY; without even the implied warranty of 16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 GNU General Public License for more details. 18 19 You should have received a copy of the GNU General Public License 20 along with this program. If not, see <http://www.gnu.org/licenses/>. 21 */ 22 #ifndef __CREDENTIALS_INTERNAL_H__ 23 #define __CREDENTIALS_INTERNAL_H__ 24 25 #include "../lib/util/data_blob.h" 26 #include "librpc/gen_ndr/misc.h" 27 28 struct cli_credentials { 29 enum credentials_obtained workstation_obtained; 30 enum credentials_obtained username_obtained; 31 enum credentials_obtained password_obtained; 32 enum credentials_obtained domain_obtained; 33 enum credentials_obtained realm_obtained; 34 enum credentials_obtained ccache_obtained; 35 enum credentials_obtained client_gss_creds_obtained; 36 enum credentials_obtained principal_obtained; 37 enum credentials_obtained keytab_obtained; 38 enum credentials_obtained server_gss_creds_obtained; 39 40 /* Threshold values (essentially a MAX() over a number of the 41 * above) for the ccache and GSS credentials, to ensure we 42 * regenerate/pick correctly */ 43 44 enum credentials_obtained ccache_threshold; 45 enum credentials_obtained client_gss_creds_threshold; 46 47 const char *workstation; 48 const char *username; 49 const char *password; 50 const char *old_password; 51 const char *domain; 52 const char *realm; 53 const char *principal; 54 char *salt_principal; 55 char *impersonate_principal; 56 char *self_service; 57 char *target_service; 58 59 const char *bind_dn; 60 61 /* Allows authentication from a keytab or similar */ 62 struct samr_Password *nt_hash; 63 struct samr_Password *old_nt_hash; 64 65 /* Allows NTLM pass-though authentication */ 66 DATA_BLOB lm_response; 67 DATA_BLOB nt_response; 68 69 struct ccache_container *ccache; 70 struct gssapi_creds_container *client_gss_creds; 71 struct keytab_container *keytab; 72 struct gssapi_creds_container *server_gss_creds; 73 74 const char *(*workstation_cb) (struct cli_credentials *); 75 const char *(*password_cb) (struct cli_credentials *); 76 const char *(*username_cb) (struct cli_credentials *); 77 const char *(*domain_cb) (struct cli_credentials *); 78 const char *(*realm_cb) (struct cli_credentials *); 79 const char *(*principal_cb) (struct cli_credentials *); 80 81 /* Private handle for the callback routines to use */ 82 void *priv_data; 83 84 struct netlogon_creds_CredentialState *netlogon_creds; 85 enum netr_SchannelType secure_channel_type; 86 int kvno; 87 time_t password_last_changed_time; 88 89 struct smb_krb5_context *smb_krb5_context; 90 91 /* We are flagged to get machine account details from the 92 * secrets.ldb when we are asked for a username or password */ 93 bool machine_account_pending; 94 struct loadparm_context *machine_account_pending_lp_ctx; 95 96 /* Is this a machine account? */ 97 bool machine_account; 98 99 /* Should we be trying to use kerberos? */ 100 enum credentials_use_kerberos use_kerberos; 101 102 /* Should we get a forwardable ticket? */ 103 enum credentials_krb_forwardable krb_forwardable; 104 105 /* Forced SASL mechansim */ 106 char *forced_sasl_mech; 107 108 /* gensec features which should be used for connections */ 109 uint32_t gensec_features; 110 111 /* Number of retries left before bailing out */ 112 uint32_t password_tries; 113 114 /* Whether any callback is currently running */ 115 bool callback_running; 116 117 char winbind_separator; 118 119 bool password_will_be_nt_hash; 120 }; 121 122 #endif /* __CREDENTIALS_INTERNAL_H__ */ 123