| 1 | /*
|
|---|
| 2 | samba -- Unix SMB/CIFS implementation.
|
|---|
| 3 |
|
|---|
| 4 | Client credentials structure
|
|---|
| 5 |
|
|---|
| 6 | Copyright (C) Jelmer Vernooij 2004-2006
|
|---|
| 7 | Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
|
|---|
| 8 |
|
|---|
| 9 | This program is free software; you can redistribute it and/or modify
|
|---|
| 10 | it under the terms of the GNU General Public License as published by
|
|---|
| 11 | the Free Software Foundation; either version 3 of the License, or
|
|---|
| 12 | (at your option) any later version.
|
|---|
| 13 |
|
|---|
| 14 | This program is distributed in the hope that it will be useful,
|
|---|
| 15 | but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|---|
| 16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|---|
| 17 | GNU General Public License for more details.
|
|---|
| 18 |
|
|---|
| 19 | You should have received a copy of the GNU General Public License
|
|---|
| 20 | along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|---|
| 21 | */
|
|---|
| 22 | #ifndef __CREDENTIALS_INTERNAL_H__
|
|---|
| 23 | #define __CREDENTIALS_INTERNAL_H__
|
|---|
| 24 |
|
|---|
| 25 | #include "../lib/util/data_blob.h"
|
|---|
| 26 | #include "librpc/gen_ndr/misc.h"
|
|---|
| 27 |
|
|---|
| 28 | struct cli_credentials {
|
|---|
| 29 | enum credentials_obtained workstation_obtained;
|
|---|
| 30 | enum credentials_obtained username_obtained;
|
|---|
| 31 | enum credentials_obtained password_obtained;
|
|---|
| 32 | enum credentials_obtained domain_obtained;
|
|---|
| 33 | enum credentials_obtained realm_obtained;
|
|---|
| 34 | enum credentials_obtained ccache_obtained;
|
|---|
| 35 | enum credentials_obtained client_gss_creds_obtained;
|
|---|
| 36 | enum credentials_obtained principal_obtained;
|
|---|
| 37 | enum credentials_obtained keytab_obtained;
|
|---|
| 38 | enum credentials_obtained server_gss_creds_obtained;
|
|---|
| 39 |
|
|---|
| 40 | /* Threshold values (essentially a MAX() over a number of the
|
|---|
| 41 | * above) for the ccache and GSS credentials, to ensure we
|
|---|
| 42 | * regenerate/pick correctly */
|
|---|
| 43 |
|
|---|
| 44 | enum credentials_obtained ccache_threshold;
|
|---|
| 45 | enum credentials_obtained client_gss_creds_threshold;
|
|---|
| 46 |
|
|---|
| 47 | const char *workstation;
|
|---|
| 48 | const char *username;
|
|---|
| 49 | const char *password;
|
|---|
| 50 | const char *old_password;
|
|---|
| 51 | const char *domain;
|
|---|
| 52 | const char *realm;
|
|---|
| 53 | const char *principal;
|
|---|
| 54 | char *salt_principal;
|
|---|
| 55 | char *impersonate_principal;
|
|---|
| 56 | char *self_service;
|
|---|
| 57 | char *target_service;
|
|---|
| 58 |
|
|---|
| 59 | const char *bind_dn;
|
|---|
| 60 |
|
|---|
| 61 | /* Allows authentication from a keytab or similar */
|
|---|
| 62 | struct samr_Password *nt_hash;
|
|---|
| 63 | struct samr_Password *old_nt_hash;
|
|---|
| 64 |
|
|---|
| 65 | /* Allows NTLM pass-though authentication */
|
|---|
| 66 | DATA_BLOB lm_response;
|
|---|
| 67 | DATA_BLOB nt_response;
|
|---|
| 68 |
|
|---|
| 69 | struct ccache_container *ccache;
|
|---|
| 70 | struct gssapi_creds_container *client_gss_creds;
|
|---|
| 71 | struct keytab_container *keytab;
|
|---|
| 72 | struct gssapi_creds_container *server_gss_creds;
|
|---|
| 73 |
|
|---|
| 74 | const char *(*workstation_cb) (struct cli_credentials *);
|
|---|
| 75 | const char *(*password_cb) (struct cli_credentials *);
|
|---|
| 76 | const char *(*username_cb) (struct cli_credentials *);
|
|---|
| 77 | const char *(*domain_cb) (struct cli_credentials *);
|
|---|
| 78 | const char *(*realm_cb) (struct cli_credentials *);
|
|---|
| 79 | const char *(*principal_cb) (struct cli_credentials *);
|
|---|
| 80 |
|
|---|
| 81 | /* Private handle for the callback routines to use */
|
|---|
| 82 | void *priv_data;
|
|---|
| 83 |
|
|---|
| 84 | struct netlogon_creds_CredentialState *netlogon_creds;
|
|---|
| 85 | enum netr_SchannelType secure_channel_type;
|
|---|
| 86 | int kvno;
|
|---|
| 87 | time_t password_last_changed_time;
|
|---|
| 88 |
|
|---|
| 89 | struct smb_krb5_context *smb_krb5_context;
|
|---|
| 90 |
|
|---|
| 91 | /* We are flagged to get machine account details from the
|
|---|
| 92 | * secrets.ldb when we are asked for a username or password */
|
|---|
| 93 | bool machine_account_pending;
|
|---|
| 94 | struct loadparm_context *machine_account_pending_lp_ctx;
|
|---|
| 95 |
|
|---|
| 96 | /* Is this a machine account? */
|
|---|
| 97 | bool machine_account;
|
|---|
| 98 |
|
|---|
| 99 | /* Should we be trying to use kerberos? */
|
|---|
| 100 | enum credentials_use_kerberos use_kerberos;
|
|---|
| 101 |
|
|---|
| 102 | /* Should we get a forwardable ticket? */
|
|---|
| 103 | enum credentials_krb_forwardable krb_forwardable;
|
|---|
| 104 |
|
|---|
| 105 | /* Forced SASL mechansim */
|
|---|
| 106 | char *forced_sasl_mech;
|
|---|
| 107 |
|
|---|
| 108 | /* gensec features which should be used for connections */
|
|---|
| 109 | uint32_t gensec_features;
|
|---|
| 110 |
|
|---|
| 111 | /* Number of retries left before bailing out */
|
|---|
| 112 | uint32_t password_tries;
|
|---|
| 113 |
|
|---|
| 114 | /* Whether any callback is currently running */
|
|---|
| 115 | bool callback_running;
|
|---|
| 116 | };
|
|---|
| 117 |
|
|---|
| 118 | #endif /* __CREDENTIALS_INTERNAL_H__ */
|
|---|
