2013-07-31 14:41:40 +04:00
/*
samba - - Unix SMB / CIFS implementation .
Client credentials structure
Copyright ( C ) Jelmer Vernooij 2004 - 2006
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2005
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# ifndef __CREDENTIALS_INTERNAL_H__
# define __CREDENTIALS_INTERNAL_H__
# include "../lib/util/data_blob.h"
# include "librpc/gen_ndr/misc.h"
2020-05-26 10:32:44 +03:00
# include "libcli/smb/smb_constants.h"
2013-07-31 14:41:40 +04:00
struct cli_credentials {
enum credentials_obtained workstation_obtained ;
enum credentials_obtained username_obtained ;
enum credentials_obtained password_obtained ;
enum credentials_obtained domain_obtained ;
enum credentials_obtained realm_obtained ;
enum credentials_obtained ccache_obtained ;
enum credentials_obtained client_gss_creds_obtained ;
enum credentials_obtained principal_obtained ;
enum credentials_obtained keytab_obtained ;
enum credentials_obtained server_gss_creds_obtained ;
2020-05-26 10:32:44 +03:00
enum credentials_obtained signing_state_obtained ;
2020-05-28 17:31:35 +03:00
enum credentials_obtained ipc_signing_state_obtained ;
2020-05-28 17:10:52 +03:00
enum credentials_obtained encryption_state_obtained ;
2020-08-19 16:46:11 +03:00
enum credentials_obtained kerberos_state_obtained ;
2020-08-20 11:50:30 +03:00
enum credentials_obtained gensec_features_obtained ;
2013-07-31 14:41:40 +04:00
/* Threshold values (essentially a MAX() over a number of the
* above ) for the ccache and GSS credentials , to ensure we
* regenerate / pick correctly */
enum credentials_obtained ccache_threshold ;
enum credentials_obtained client_gss_creds_threshold ;
const char * workstation ;
const char * username ;
const char * password ;
const char * old_password ;
const char * domain ;
const char * realm ;
const char * principal ;
char * salt_principal ;
char * impersonate_principal ;
char * self_service ;
char * target_service ;
const char * bind_dn ;
/* Allows authentication from a keytab or similar */
struct samr_Password * nt_hash ;
2015-02-09 11:04:42 +03:00
struct samr_Password * old_nt_hash ;
2013-07-31 14:41:40 +04:00
/* Allows NTLM pass-though authentication */
DATA_BLOB lm_response ;
2021-12-18 12:40:36 +03:00
DATA_BLOB lm_session_key ;
2013-07-31 14:41:40 +04:00
DATA_BLOB nt_response ;
2021-12-18 12:40:36 +03:00
DATA_BLOB nt_session_key ;
2013-07-31 14:41:40 +04:00
struct ccache_container * ccache ;
struct gssapi_creds_container * client_gss_creds ;
struct keytab_container * keytab ;
struct gssapi_creds_container * server_gss_creds ;
const char * ( * workstation_cb ) ( struct cli_credentials * ) ;
const char * ( * password_cb ) ( struct cli_credentials * ) ;
const char * ( * username_cb ) ( struct cli_credentials * ) ;
const char * ( * domain_cb ) ( struct cli_credentials * ) ;
const char * ( * realm_cb ) ( struct cli_credentials * ) ;
const char * ( * principal_cb ) ( struct cli_credentials * ) ;
/* Private handle for the callback routines to use */
void * priv_data ;
struct netlogon_creds_CredentialState * netlogon_creds ;
enum netr_SchannelType secure_channel_type ;
int kvno ;
time_t password_last_changed_time ;
struct smb_krb5_context * smb_krb5_context ;
/* We are flagged to get machine account details from the
* secrets . ldb when we are asked for a username or password */
bool machine_account_pending ;
struct loadparm_context * machine_account_pending_lp_ctx ;
/* Is this a machine account? */
bool machine_account ;
/* Should we be trying to use kerberos? */
2020-08-19 16:46:11 +03:00
enum credentials_use_kerberos kerberos_state ;
2013-07-31 14:41:40 +04:00
/* Should we get a forwardable ticket? */
enum credentials_krb_forwardable krb_forwardable ;
2023-03-14 10:50:34 +03:00
/* Forced SASL mechanism */
2013-09-16 20:38:09 +04:00
char * forced_sasl_mech ;
2013-07-31 14:41:40 +04:00
/* gensec features which should be used for connections */
uint32_t gensec_features ;
/* Number of retries left before bailing out */
2013-07-31 16:25:54 +04:00
uint32_t password_tries ;
2013-07-31 14:41:40 +04:00
/* Whether any callback is currently running */
bool callback_running ;
2016-10-28 16:55:48 +03:00
char winbind_separator ;
2016-12-14 12:02:10 +03:00
bool password_will_be_nt_hash ;
2020-05-26 10:32:44 +03:00
enum smb_signing_setting signing_state ;
2020-05-28 17:31:35 +03:00
enum smb_signing_setting ipc_signing_state ;
2020-05-28 17:10:52 +03:00
enum smb_encryption_setting encryption_state ;
2023-11-17 07:41:53 +03:00
/* Credentials to use for FAST */
struct cli_credentials * krb5_fast_armor_credentials ;
/* Should we require FAST? */
bool krb5_require_fast_armor ;
2013-07-31 14:41:40 +04:00
} ;
# endif /* __CREDENTIALS_INTERNAL_H__ */
