summaryrefslogtreecommitdiff
path: root/auth/credentials/credentials.h
diff options
context:
space:
mode:
Diffstat (limited to 'auth/credentials/credentials.h')
-rw-r--r--auth/credentials/credentials.h101
1 files changed, 8 insertions, 93 deletions
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index 1377bfa879..cb09dc326c 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -25,9 +25,17 @@
#include "../lib/util/data_blob.h"
#include "librpc/gen_ndr/misc.h"
+struct cli_credentials;
struct ccache_container;
struct tevent_context;
struct netlogon_creds_CredentialState;
+struct ldb_context;
+struct ldb_message;
+struct loadparm_context;
+struct ccache_container;
+struct gssapi_creds_container;
+struct smb_krb5_context;
+struct keytab_container;
/* In order of priority */
enum credentials_obtained {
@@ -57,99 +65,6 @@ enum credentials_krb_forwardable {
#define CLI_CRED_NTLM_AUTH 0x08
#define CLI_CRED_CLEAR_AUTH 0x10 /* TODO: Push cleartext auth with this flag */
-struct cli_credentials {
- enum credentials_obtained workstation_obtained;
- enum credentials_obtained username_obtained;
- enum credentials_obtained password_obtained;
- enum credentials_obtained domain_obtained;
- enum credentials_obtained realm_obtained;
- enum credentials_obtained ccache_obtained;
- enum credentials_obtained client_gss_creds_obtained;
- enum credentials_obtained principal_obtained;
- enum credentials_obtained keytab_obtained;
- enum credentials_obtained server_gss_creds_obtained;
-
- /* Threshold values (essentially a MAX() over a number of the
- * above) for the ccache and GSS credentials, to ensure we
- * regenerate/pick correctly */
-
- enum credentials_obtained ccache_threshold;
- enum credentials_obtained client_gss_creds_threshold;
-
- const char *workstation;
- const char *username;
- const char *password;
- const char *old_password;
- const char *domain;
- const char *realm;
- const char *principal;
- char *salt_principal;
- char *impersonate_principal;
- char *self_service;
- char *target_service;
-
- const char *bind_dn;
-
- /* Allows authentication from a keytab or similar */
- struct samr_Password *nt_hash;
-
- /* Allows NTLM pass-though authentication */
- DATA_BLOB lm_response;
- DATA_BLOB nt_response;
-
- struct ccache_container *ccache;
- struct gssapi_creds_container *client_gss_creds;
- struct keytab_container *keytab;
- struct gssapi_creds_container *server_gss_creds;
-
- const char *(*workstation_cb) (struct cli_credentials *);
- const char *(*password_cb) (struct cli_credentials *);
- const char *(*username_cb) (struct cli_credentials *);
- const char *(*domain_cb) (struct cli_credentials *);
- const char *(*realm_cb) (struct cli_credentials *);
- const char *(*principal_cb) (struct cli_credentials *);
-
- /* Private handle for the callback routines to use */
- void *priv_data;
-
- struct netlogon_creds_CredentialState *netlogon_creds;
- enum netr_SchannelType secure_channel_type;
- int kvno;
- time_t password_last_changed_time;
-
- struct smb_krb5_context *smb_krb5_context;
-
- /* We are flagged to get machine account details from the
- * secrets.ldb when we are asked for a username or password */
- bool machine_account_pending;
- struct loadparm_context *machine_account_pending_lp_ctx;
-
- /* Is this a machine account? */
- bool machine_account;
-
- /* Should we be trying to use kerberos? */
- enum credentials_use_kerberos use_kerberos;
-
- /* Should we get a forwardable ticket? */
- enum credentials_krb_forwardable krb_forwardable;
-
- /* gensec features which should be used for connections */
- uint32_t gensec_features;
-
- /* Number of retries left before bailing out */
- int tries;
-
- /* Whether any callback is currently running */
- bool callback_running;
-};
-
-struct ldb_context;
-struct ldb_message;
-struct loadparm_context;
-struct ccache_container;
-
-struct gssapi_creds_container;
-
const char *cli_credentials_get_workstation(struct cli_credentials *cred);
bool cli_credentials_set_workstation(struct cli_credentials *cred,
const char *val,