summaryrefslogtreecommitdiff
path: root/source4/auth/credentials
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth/credentials')
-rw-r--r--source4/auth/credentials/credentials.c12
-rw-r--r--source4/auth/credentials/credentials.h12
2 files changed, 24 insertions, 0 deletions
diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c
index acdcfdee69..e1965b3f84 100644
--- a/source4/auth/credentials/credentials.c
+++ b/source4/auth/credentials/credentials.c
@@ -109,6 +109,7 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
cli_credentials_set_kerberos_state(cred, CRED_AUTO_USE_KERBEROS);
cli_credentials_set_gensec_features(cred, 0);
+ cli_credentials_set_krb_forwardable(cred, CRED_AUTO_KRB_FORWARDABLE);
return cred;
}
@@ -133,11 +134,22 @@ _PUBLIC_ void cli_credentials_set_kerberos_state(struct cli_credentials *creds,
creds->use_kerberos = use_kerberos;
}
+_PUBLIC_ void cli_credentials_set_krb_forwardable(struct cli_credentials *creds,
+ enum credentials_krb_forwardable krb_forwardable)
+{
+ creds->krb_forwardable = krb_forwardable;
+}
+
_PUBLIC_ enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds)
{
return creds->use_kerberos;
}
+_PUBLIC_ enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(struct cli_credentials *creds)
+{
+ return creds->krb_forwardable;
+}
+
_PUBLIC_ void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features)
{
creds->gensec_features = gensec_features;
diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h
index c4c7d3f246..b7a9540d86 100644
--- a/source4/auth/credentials/credentials.h
+++ b/source4/auth/credentials/credentials.h
@@ -44,6 +44,12 @@ enum credentials_use_kerberos {
CRED_MUST_USE_KERBEROS /* Sometimes administrators are parinoid, so always do kerberos */
};
+enum credentials_krb_forwardable {
+ CRED_AUTO_KRB_FORWARDABLE = 0, /* Default, follow library defaults */
+ CRED_NO_KRB_FORWARDABLE, /* not forwardable */
+ CRED_FORCE_KRB_FORWARDABLE /* forwardable */
+};
+
#define CLI_CRED_NTLM2 0x01
#define CLI_CRED_NTLMv2_AUTH 0x02
#define CLI_CRED_LANMAN_AUTH 0x04
@@ -122,6 +128,9 @@ struct cli_credentials {
/* Should we be trying to use kerberos? */
enum credentials_use_kerberos use_kerberos;
+ /* Should we get a forwardable ticket? */
+ enum credentials_krb_forwardable krb_forwardable;
+
/* gensec features which should be used for connections */
uint32_t gensec_features;
@@ -193,6 +202,8 @@ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
const char **error_string);
void cli_credentials_set_kerberos_state(struct cli_credentials *creds,
enum credentials_use_kerberos use_kerberos);
+void cli_credentials_set_krb_forwardable(struct cli_credentials *creds,
+ enum credentials_krb_forwardable krb_forwardable);
bool cli_credentials_set_domain(struct cli_credentials *cred,
const char *val,
enum credentials_obtained obtained);
@@ -280,6 +291,7 @@ const char *cli_credentials_get_salt_principal(struct cli_credentials *cred);
const char *cli_credentials_get_impersonate_principal(struct cli_credentials *cred);
const char *cli_credentials_get_target_service(struct cli_credentials *cred);
enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds);
+enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(struct cli_credentials *creds);
NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,