From 9325bd9cb6bb942ea989f4e32799c76ea8af3d3e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 31 Jul 2013 12:41:40 +0200 Subject: auth/credentials: keep cli_credentials private Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- auth/credentials/credentials.c | 1 + auth/credentials/credentials.h | 101 +++------------------------- auth/credentials/credentials_internal.h | 114 ++++++++++++++++++++++++++++++++ auth/credentials/credentials_krb5.c | 1 + auth/credentials/credentials_ntlm.c | 1 + auth/credentials/credentials_secrets.c | 1 + 6 files changed, 126 insertions(+), 93 deletions(-) create mode 100644 auth/credentials/credentials_internal.h diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index c1c6993032..f33446501c 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -24,6 +24,7 @@ #include "includes.h" #include "librpc/gen_ndr/samr.h" /* for struct samrPassword */ #include "auth/credentials/credentials.h" +#include "auth/credentials/credentials_internal.h" #include "libcli/auth/libcli_auth.h" #include "tevent.h" #include "param/param.h" diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h index 1377bfa879..cb09dc326c 100644 --- a/auth/credentials/credentials.h +++ b/auth/credentials/credentials.h @@ -25,9 +25,17 @@ #include "../lib/util/data_blob.h" #include "librpc/gen_ndr/misc.h" +struct cli_credentials; struct ccache_container; struct tevent_context; struct netlogon_creds_CredentialState; +struct ldb_context; +struct ldb_message; +struct loadparm_context; +struct ccache_container; +struct gssapi_creds_container; +struct smb_krb5_context; +struct keytab_container; /* In order of priority */ enum credentials_obtained { @@ -57,99 +65,6 @@ enum credentials_krb_forwardable { #define CLI_CRED_NTLM_AUTH 0x08 #define CLI_CRED_CLEAR_AUTH 0x10 /* TODO: Push cleartext auth with this flag */ -struct cli_credentials { - enum credentials_obtained workstation_obtained; - enum credentials_obtained username_obtained; - enum credentials_obtained password_obtained; - enum credentials_obtained domain_obtained; - enum credentials_obtained realm_obtained; - enum credentials_obtained ccache_obtained; - enum credentials_obtained client_gss_creds_obtained; - enum credentials_obtained principal_obtained; - enum credentials_obtained keytab_obtained; - enum credentials_obtained server_gss_creds_obtained; - - /* Threshold values (essentially a MAX() over a number of the - * above) for the ccache and GSS credentials, to ensure we - * regenerate/pick correctly */ - - enum credentials_obtained ccache_threshold; - enum credentials_obtained client_gss_creds_threshold; - - const char *workstation; - const char *username; - const char *password; - const char *old_password; - const char *domain; - const char *realm; - const char *principal; - char *salt_principal; - char *impersonate_principal; - char *self_service; - char *target_service; - - const char *bind_dn; - - /* Allows authentication from a keytab or similar */ - struct samr_Password *nt_hash; - - /* Allows NTLM pass-though authentication */ - DATA_BLOB lm_response; - DATA_BLOB nt_response; - - struct ccache_container *ccache; - struct gssapi_creds_container *client_gss_creds; - struct keytab_container *keytab; - struct gssapi_creds_container *server_gss_creds; - - const char *(*workstation_cb) (struct cli_credentials *); - const char *(*password_cb) (struct cli_credentials *); - const char *(*username_cb) (struct cli_credentials *); - const char *(*domain_cb) (struct cli_credentials *); - const char *(*realm_cb) (struct cli_credentials *); - const char *(*principal_cb) (struct cli_credentials *); - - /* Private handle for the callback routines to use */ - void *priv_data; - - struct netlogon_creds_CredentialState *netlogon_creds; - enum netr_SchannelType secure_channel_type; - int kvno; - time_t password_last_changed_time; - - struct smb_krb5_context *smb_krb5_context; - - /* We are flagged to get machine account details from the - * secrets.ldb when we are asked for a username or password */ - bool machine_account_pending; - struct loadparm_context *machine_account_pending_lp_ctx; - - /* Is this a machine account? */ - bool machine_account; - - /* Should we be trying to use kerberos? */ - enum credentials_use_kerberos use_kerberos; - - /* Should we get a forwardable ticket? */ - enum credentials_krb_forwardable krb_forwardable; - - /* gensec features which should be used for connections */ - uint32_t gensec_features; - - /* Number of retries left before bailing out */ - int tries; - - /* Whether any callback is currently running */ - bool callback_running; -}; - -struct ldb_context; -struct ldb_message; -struct loadparm_context; -struct ccache_container; - -struct gssapi_creds_container; - const char *cli_credentials_get_workstation(struct cli_credentials *cred); bool cli_credentials_set_workstation(struct cli_credentials *cred, const char *val, diff --git a/auth/credentials/credentials_internal.h b/auth/credentials/credentials_internal.h new file mode 100644 index 0000000000..5a3655b735 --- /dev/null +++ b/auth/credentials/credentials_internal.h @@ -0,0 +1,114 @@ +/* + samba -- Unix SMB/CIFS implementation. + + Client credentials structure + + Copyright (C) Jelmer Vernooij 2004-2006 + Copyright (C) Andrew Bartlett 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +#ifndef __CREDENTIALS_INTERNAL_H__ +#define __CREDENTIALS_INTERNAL_H__ + +#include "../lib/util/data_blob.h" +#include "librpc/gen_ndr/misc.h" + +struct cli_credentials { + enum credentials_obtained workstation_obtained; + enum credentials_obtained username_obtained; + enum credentials_obtained password_obtained; + enum credentials_obtained domain_obtained; + enum credentials_obtained realm_obtained; + enum credentials_obtained ccache_obtained; + enum credentials_obtained client_gss_creds_obtained; + enum credentials_obtained principal_obtained; + enum credentials_obtained keytab_obtained; + enum credentials_obtained server_gss_creds_obtained; + + /* Threshold values (essentially a MAX() over a number of the + * above) for the ccache and GSS credentials, to ensure we + * regenerate/pick correctly */ + + enum credentials_obtained ccache_threshold; + enum credentials_obtained client_gss_creds_threshold; + + const char *workstation; + const char *username; + const char *password; + const char *old_password; + const char *domain; + const char *realm; + const char *principal; + char *salt_principal; + char *impersonate_principal; + char *self_service; + char *target_service; + + const char *bind_dn; + + /* Allows authentication from a keytab or similar */ + struct samr_Password *nt_hash; + + /* Allows NTLM pass-though authentication */ + DATA_BLOB lm_response; + DATA_BLOB nt_response; + + struct ccache_container *ccache; + struct gssapi_creds_container *client_gss_creds; + struct keytab_container *keytab; + struct gssapi_creds_container *server_gss_creds; + + const char *(*workstation_cb) (struct cli_credentials *); + const char *(*password_cb) (struct cli_credentials *); + const char *(*username_cb) (struct cli_credentials *); + const char *(*domain_cb) (struct cli_credentials *); + const char *(*realm_cb) (struct cli_credentials *); + const char *(*principal_cb) (struct cli_credentials *); + + /* Private handle for the callback routines to use */ + void *priv_data; + + struct netlogon_creds_CredentialState *netlogon_creds; + enum netr_SchannelType secure_channel_type; + int kvno; + time_t password_last_changed_time; + + struct smb_krb5_context *smb_krb5_context; + + /* We are flagged to get machine account details from the + * secrets.ldb when we are asked for a username or password */ + bool machine_account_pending; + struct loadparm_context *machine_account_pending_lp_ctx; + + /* Is this a machine account? */ + bool machine_account; + + /* Should we be trying to use kerberos? */ + enum credentials_use_kerberos use_kerberos; + + /* Should we get a forwardable ticket? */ + enum credentials_krb_forwardable krb_forwardable; + + /* gensec features which should be used for connections */ + uint32_t gensec_features; + + /* Number of retries left before bailing out */ + int tries; + + /* Whether any callback is currently running */ + bool callback_running; +}; + +#endif /* __CREDENTIALS_INTERNAL_H__ */ diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c index cc51f56d79..31fc9d2beb 100644 --- a/auth/credentials/credentials_krb5.c +++ b/auth/credentials/credentials_krb5.c @@ -26,6 +26,7 @@ #include "system/gssapi.h" #include "auth/kerberos/kerberos.h" #include "auth/credentials/credentials.h" +#include "auth/credentials/credentials_internal.h" #include "auth/credentials/credentials_proto.h" #include "auth/credentials/credentials_krb5.h" #include "auth/kerberos/kerberos_credentials.h" diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c index 8f143bf3c0..8c6be39522 100644 --- a/auth/credentials/credentials_ntlm.c +++ b/auth/credentials/credentials_ntlm.c @@ -26,6 +26,7 @@ #include "../lib/crypto/crypto.h" #include "libcli/auth/libcli_auth.h" #include "auth/credentials/credentials.h" +#include "auth/credentials/credentials_internal.h" _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, int *flags, diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c index 27ee607228..678d16734c 100644 --- a/auth/credentials/credentials_secrets.c +++ b/auth/credentials/credentials_secrets.c @@ -28,6 +28,7 @@ #include "param/secrets.h" #include "system/filesys.h" #include "auth/credentials/credentials.h" +#include "auth/credentials/credentials_internal.h" #include "auth/credentials/credentials_proto.h" #include "auth/credentials/credentials_krb5.h" #include "auth/kerberos/kerberos_util.h" -- cgit