From 561d834123a2a8a96954f7cca556f8838ab38b72 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 7 Oct 2011 17:20:33 +1100 Subject: auth: move credentials layer to the top level This will allow gensec_start.c to move to the top level. This does not change what code uses the cli_credentials code, but allows the gensec code to be more broadly. Andrew Bartlett --- source4/auth/credentials/credentials.h | 300 --------------------------------- 1 file changed, 300 deletions(-) delete mode 100644 source4/auth/credentials/credentials.h (limited to 'source4/auth/credentials/credentials.h') diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h deleted file mode 100644 index f8fa2f864b..0000000000 --- a/source4/auth/credentials/credentials.h +++ /dev/null @@ -1,300 +0,0 @@ -/* - samba -- Unix SMB/CIFS implementation. - - Client credentials structure - - Copyright (C) Jelmer Vernooij 2004-2006 - Copyright (C) Andrew Bartlett 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -#ifndef __CREDENTIALS_H__ -#define __CREDENTIALS_H__ - -#include "../lib/util/data_blob.h" -#include "librpc/gen_ndr/misc.h" - -struct ccache_container; -struct tevent_context; - -/* In order of priority */ -enum credentials_obtained { - CRED_UNINITIALISED = 0, /* We don't even have a guess yet */ - CRED_CALLBACK, /* Callback should be used to obtain value */ - CRED_GUESS_ENV, /* Current value should be used, which was guessed */ - CRED_GUESS_FILE, /* A guess from a file (or file pointed at in env variable) */ - CRED_CALLBACK_RESULT, /* Value was obtained from a callback */ - CRED_SPECIFIED /* Was explicitly specified on the command-line */ -}; - -enum credentials_use_kerberos { - CRED_AUTO_USE_KERBEROS = 0, /* Default, we try kerberos if available */ - CRED_DONT_USE_KERBEROS, /* Sometimes trying kerberos just does 'bad things', so don't */ - CRED_MUST_USE_KERBEROS /* Sometimes administrators are parinoid, so always do kerberos */ -}; - -enum credentials_krb_forwardable { - CRED_AUTO_KRB_FORWARDABLE = 0, /* Default, follow library defaults */ - CRED_NO_KRB_FORWARDABLE, /* not forwardable */ - CRED_FORCE_KRB_FORWARDABLE /* forwardable */ -}; - -#define CLI_CRED_NTLM2 0x01 -#define CLI_CRED_NTLMv2_AUTH 0x02 -#define CLI_CRED_LANMAN_AUTH 0x04 -#define CLI_CRED_NTLM_AUTH 0x08 -#define CLI_CRED_CLEAR_AUTH 0x10 /* TODO: Push cleartext auth with this flag */ - -struct cli_credentials { - enum credentials_obtained workstation_obtained; - enum credentials_obtained username_obtained; - enum credentials_obtained password_obtained; - enum credentials_obtained domain_obtained; - enum credentials_obtained realm_obtained; - enum credentials_obtained ccache_obtained; - enum credentials_obtained client_gss_creds_obtained; - enum credentials_obtained principal_obtained; - enum credentials_obtained keytab_obtained; - enum credentials_obtained server_gss_creds_obtained; - - /* Threshold values (essentially a MAX() over a number of the - * above) for the ccache and GSS credentials, to ensure we - * regenerate/pick correctly */ - - enum credentials_obtained ccache_threshold; - enum credentials_obtained client_gss_creds_threshold; - - const char *workstation; - const char *username; - const char *password; - const char *old_password; - const char *domain; - const char *realm; - const char *principal; - char *salt_principal; - char *impersonate_principal; - char *self_service; - char *target_service; - - const char *bind_dn; - - /* Allows authentication from a keytab or similar */ - struct samr_Password *nt_hash; - - /* Allows NTLM pass-though authentication */ - DATA_BLOB lm_response; - DATA_BLOB nt_response; - - struct ccache_container *ccache; - struct gssapi_creds_container *client_gss_creds; - struct keytab_container *keytab; - struct gssapi_creds_container *server_gss_creds; - - const char *(*workstation_cb) (struct cli_credentials *); - const char *(*password_cb) (struct cli_credentials *); - const char *(*username_cb) (struct cli_credentials *); - const char *(*domain_cb) (struct cli_credentials *); - const char *(*realm_cb) (struct cli_credentials *); - const char *(*principal_cb) (struct cli_credentials *); - - /* Private handle for the callback routines to use */ - void *priv_data; - - struct netlogon_creds_CredentialState *netlogon_creds; - enum netr_SchannelType secure_channel_type; - int kvno; - time_t password_last_changed_time; - - struct smb_krb5_context *smb_krb5_context; - - /* We are flagged to get machine account details from the - * secrets.ldb when we are asked for a username or password */ - bool machine_account_pending; - struct loadparm_context *machine_account_pending_lp_ctx; - - /* Is this a machine account? */ - bool machine_account; - - /* Should we be trying to use kerberos? */ - enum credentials_use_kerberos use_kerberos; - - /* Should we get a forwardable ticket? */ - enum credentials_krb_forwardable krb_forwardable; - - /* gensec features which should be used for connections */ - uint32_t gensec_features; - - /* Number of retries left before bailing out */ - int tries; - - /* Whether any callback is currently running */ - bool callback_running; -}; - -struct ldb_context; -struct ldb_message; -struct loadparm_context; -struct ccache_container; - -struct gssapi_creds_container; - -const char *cli_credentials_get_workstation(struct cli_credentials *cred); -bool cli_credentials_set_workstation(struct cli_credentials *cred, - const char *val, - enum credentials_obtained obtained); -bool cli_credentials_is_anonymous(struct cli_credentials *cred); -struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx); -void cli_credentials_set_anonymous(struct cli_credentials *cred); -bool cli_credentials_wrong_password(struct cli_credentials *cred); -const char *cli_credentials_get_password(struct cli_credentials *cred); -void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, - const char **username, - const char **domain); -NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, - int *flags, - DATA_BLOB challenge, DATA_BLOB target_info, - DATA_BLOB *_lm_response, DATA_BLOB *_nt_response, - DATA_BLOB *_lm_session_key, DATA_BLOB *_session_key); -const char *cli_credentials_get_realm(struct cli_credentials *cred); -const char *cli_credentials_get_username(struct cli_credentials *cred); -int cli_credentials_get_krb5_context(struct cli_credentials *cred, - struct loadparm_context *lp_ctx, - struct smb_krb5_context **smb_krb5_context); -int cli_credentials_get_ccache(struct cli_credentials *cred, - struct tevent_context *event_ctx, - struct loadparm_context *lp_ctx, - struct ccache_container **ccc, - const char **error_string); -int cli_credentials_get_named_ccache(struct cli_credentials *cred, - struct tevent_context *event_ctx, - struct loadparm_context *lp_ctx, - char *ccache_name, - struct ccache_container **ccc, const char **error_string); -int cli_credentials_get_keytab(struct cli_credentials *cred, - struct loadparm_context *lp_ctx, - struct keytab_container **_ktc); -const char *cli_credentials_get_domain(struct cli_credentials *cred); -struct netlogon_creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred); -void cli_credentials_set_machine_account_pending(struct cli_credentials *cred, - struct loadparm_context *lp_ctx); -void cli_credentials_set_conf(struct cli_credentials *cred, - struct loadparm_context *lp_ctx); -const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx); -int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, - struct loadparm_context *lp_ctx, - struct gssapi_creds_container **_gcc); -int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, - struct tevent_context *event_ctx, - struct loadparm_context *lp_ctx, - struct gssapi_creds_container **_gcc, - const char **error_string); -void cli_credentials_set_kerberos_state(struct cli_credentials *creds, - enum credentials_use_kerberos use_kerberos); -void cli_credentials_set_krb_forwardable(struct cli_credentials *creds, - enum credentials_krb_forwardable krb_forwardable); -bool cli_credentials_set_domain(struct cli_credentials *cred, - const char *val, - enum credentials_obtained obtained); -bool cli_credentials_set_domain_callback(struct cli_credentials *cred, - const char *(*domain_cb) (struct cli_credentials *)); -bool cli_credentials_set_username(struct cli_credentials *cred, - const char *val, enum credentials_obtained obtained); -bool cli_credentials_set_username_callback(struct cli_credentials *cred, - const char *(*username_cb) (struct cli_credentials *)); -bool cli_credentials_set_principal(struct cli_credentials *cred, - const char *val, - enum credentials_obtained obtained); -bool cli_credentials_set_principal_callback(struct cli_credentials *cred, - const char *(*principal_cb) (struct cli_credentials *)); -bool cli_credentials_set_password(struct cli_credentials *cred, - const char *val, - enum credentials_obtained obtained); -struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx); -void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained); -const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred, - TALLOC_CTX *mem_ctx); -bool cli_credentials_set_realm(struct cli_credentials *cred, - const char *val, - enum credentials_obtained obtained); -void cli_credentials_set_secure_channel_type(struct cli_credentials *cred, - enum netr_SchannelType secure_channel_type); -void cli_credentials_set_password_last_changed_time(struct cli_credentials *cred, - time_t last_change_time); -void cli_credentials_set_netlogon_creds(struct cli_credentials *cred, - struct netlogon_creds_CredentialState *netlogon_creds); -NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred, - struct smb_krb5_context *smb_krb5_context); -NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, - struct loadparm_context *lp_ctx, - const char *serviceprincipal); -NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred, - struct loadparm_context *lp_ctx); -bool cli_credentials_authentication_requested(struct cli_credentials *cred); -void cli_credentials_guess(struct cli_credentials *cred, - struct loadparm_context *lp_ctx); -bool cli_credentials_set_bind_dn(struct cli_credentials *cred, - const char *bind_dn); -const char *cli_credentials_get_bind_dn(struct cli_credentials *cred); -bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, enum credentials_obtained obtained); -const char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx); -bool cli_credentials_set_password_callback(struct cli_credentials *cred, - const char *(*password_cb) (struct cli_credentials *)); -enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred); -time_t cli_credentials_get_password_last_changed_time(struct cli_credentials *cred); -void cli_credentials_set_kvno(struct cli_credentials *cred, - int kvno); -bool cli_credentials_set_nt_hash(struct cli_credentials *cred, - const struct samr_Password *nt_hash, - enum credentials_obtained obtained); -bool cli_credentials_set_ntlm_response(struct cli_credentials *cred, - const DATA_BLOB *lm_response, - const DATA_BLOB *nt_response, - enum credentials_obtained obtained); -int cli_credentials_set_keytab_name(struct cli_credentials *cred, - struct loadparm_context *lp_ctx, - const char *keytab_name, - enum credentials_obtained obtained); -void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features); -uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds); -int cli_credentials_set_ccache(struct cli_credentials *cred, - struct loadparm_context *lp_ctx, - const char *name, - enum credentials_obtained obtained, - const char **error_string); -bool cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained); -bool cli_credentials_parse_password_fd(struct cli_credentials *credentials, - int fd, enum credentials_obtained obtained); -void cli_credentials_invalidate_ccache(struct cli_credentials *cred, - enum credentials_obtained obtained); -void cli_credentials_set_salt_principal(struct cli_credentials *cred, const char *principal); -void cli_credentials_set_impersonate_principal(struct cli_credentials *cred, - const char *principal, - const char *self_service); -void cli_credentials_set_target_service(struct cli_credentials *cred, const char *principal); -const char *cli_credentials_get_salt_principal(struct cli_credentials *cred); -const char *cli_credentials_get_impersonate_principal(struct cli_credentials *cred); -const char *cli_credentials_get_self_service(struct cli_credentials *cred); -const char *cli_credentials_get_target_service(struct cli_credentials *cred); -enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds); -enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(struct cli_credentials *creds); -NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, - struct loadparm_context *lp_ctx, - struct ldb_context *ldb, - const char *base, - const char *filter, - char **error_string); - int cli_credentials_get_kvno(struct cli_credentials *cred); - - -#endif /* __CREDENTIALS_H__ */ -- cgit