root/source4/auth/credentials/credentials.h

/* [<][>][^][v][top][bottom][index][help] */

INCLUDED FROM


   1 /* 
   2    samba -- Unix SMB/CIFS implementation.
   3 
   4    Client credentials structure
   5 
   6    Copyright (C) Jelmer Vernooij 2004-2006
   7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
   8 
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13    
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18    
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22 #ifndef __CREDENTIALS_H__
  23 #define __CREDENTIALS_H__
  24 
  25 #include "../lib/util/data_blob.h"
  26 #include "librpc/gen_ndr/misc.h"
  27 
  28 struct ccache_container;
  29 struct tevent_context;
  30 
  31 /* In order of priority */
  32 enum credentials_obtained { 
  33         CRED_UNINITIALISED = 0,  /* We don't even have a guess yet */
  34         CRED_CALLBACK,           /* Callback should be used to obtain value */
  35         CRED_GUESS_ENV,          /* Current value should be used, which was guessed */
  36         CRED_GUESS_FILE,         /* A guess from a file (or file pointed at in env variable) */
  37         CRED_CALLBACK_RESULT,    /* Value was obtained from a callback */
  38         CRED_SPECIFIED           /* Was explicitly specified on the command-line */
  39 };
  40 
  41 enum credentials_use_kerberos {
  42         CRED_AUTO_USE_KERBEROS = 0, /* Default, we try kerberos if available */
  43         CRED_DONT_USE_KERBEROS,     /* Sometimes trying kerberos just does 'bad things', so don't */
  44         CRED_MUST_USE_KERBEROS      /* Sometimes administrators are parinoid, so always do kerberos */
  45 };
  46 
  47 #define CLI_CRED_NTLM2       0x01
  48 #define CLI_CRED_NTLMv2_AUTH 0x02
  49 #define CLI_CRED_LANMAN_AUTH 0x04
  50 #define CLI_CRED_NTLM_AUTH   0x08
  51 #define CLI_CRED_CLEAR_AUTH  0x10   /* TODO:  Push cleartext auth with this flag */
  52 
  53 struct cli_credentials {
  54         enum credentials_obtained workstation_obtained;
  55         enum credentials_obtained username_obtained;
  56         enum credentials_obtained password_obtained;
  57         enum credentials_obtained domain_obtained;
  58         enum credentials_obtained realm_obtained;
  59         enum credentials_obtained ccache_obtained;
  60         enum credentials_obtained client_gss_creds_obtained;
  61         enum credentials_obtained principal_obtained;
  62         enum credentials_obtained keytab_obtained;
  63         enum credentials_obtained server_gss_creds_obtained;
  64 
  65         /* Threshold values (essentially a MAX() over a number of the
  66          * above) for the ccache and GSS credentials, to ensure we
  67          * regenerate/pick correctly */
  68 
  69         enum credentials_obtained ccache_threshold;
  70         enum credentials_obtained client_gss_creds_threshold;
  71 
  72         const char *workstation;
  73         const char *username;
  74         const char *password;
  75         const char *old_password;
  76         const char *domain;
  77         const char *realm;
  78         const char *principal;
  79         const char *salt_principal;
  80 
  81         const char *bind_dn;
  82 
  83         /* Allows authentication from a keytab or similar */
  84         struct samr_Password *nt_hash;
  85 
  86         /* Allows NTLM pass-though authentication */
  87         DATA_BLOB lm_response;
  88         DATA_BLOB nt_response;
  89 
  90         struct ccache_container *ccache;
  91         struct gssapi_creds_container *client_gss_creds;
  92         struct keytab_container *keytab;
  93         struct gssapi_creds_container *server_gss_creds;
  94 
  95         const char *(*workstation_cb) (struct cli_credentials *);
  96         const char *(*password_cb) (struct cli_credentials *);
  97         const char *(*username_cb) (struct cli_credentials *);
  98         const char *(*domain_cb) (struct cli_credentials *);
  99         const char *(*realm_cb) (struct cli_credentials *);
 100         const char *(*principal_cb) (struct cli_credentials *);
 101 
 102         /* Private handle for the callback routines to use */
 103         void *priv_data;
 104 
 105         struct creds_CredentialState *netlogon_creds;
 106         enum netr_SchannelType secure_channel_type;
 107         int kvno;
 108 
 109         struct smb_krb5_context *smb_krb5_context;
 110 
 111         /* We are flagged to get machine account details from the
 112          * secrets.ldb when we are asked for a username or password */
 113         bool machine_account_pending;
 114         struct loadparm_context *machine_account_pending_lp_ctx;
 115         
 116         /* Is this a machine account? */
 117         bool machine_account;
 118 
 119         /* Should we be trying to use kerberos? */
 120         enum credentials_use_kerberos use_kerberos;
 121 
 122         /* gensec features which should be used for connections */
 123         uint32_t gensec_features;
 124 
 125         /* Number of retries left before bailing out */
 126         int tries;
 127 
 128         /* Whether any callback is currently running */
 129         bool callback_running;
 130 };
 131 
 132 struct ldb_context;
 133 struct loadparm_context;
 134 struct ccache_container;
 135 
 136 struct gssapi_creds_container;
 137 
 138 const char *cli_credentials_get_workstation(struct cli_credentials *cred);
 139 bool cli_credentials_set_workstation(struct cli_credentials *cred, 
 140                                      const char *val, 
 141                                      enum credentials_obtained obtained);
 142 bool cli_credentials_is_anonymous(struct cli_credentials *cred);
 143 struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx);
 144 void cli_credentials_set_anonymous(struct cli_credentials *cred);
 145 bool cli_credentials_wrong_password(struct cli_credentials *cred);
 146 const char *cli_credentials_get_password(struct cli_credentials *cred);
 147 void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, 
 148                                               const char **username, 
 149                                               const char **domain);
 150 NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, 
 151                                            int *flags,
 152                                            DATA_BLOB challenge, DATA_BLOB target_info, 
 153                                            DATA_BLOB *_lm_response, DATA_BLOB *_nt_response, 
 154                                            DATA_BLOB *_lm_session_key, DATA_BLOB *_session_key);
 155 const char *cli_credentials_get_realm(struct cli_credentials *cred);
 156 const char *cli_credentials_get_username(struct cli_credentials *cred);
 157 int cli_credentials_get_krb5_context(struct cli_credentials *cred, 
 158                                      struct tevent_context *event_ctx,
 159                                      struct loadparm_context *lp_ctx,
 160                                      struct smb_krb5_context **smb_krb5_context);
 161 int cli_credentials_get_ccache(struct cli_credentials *cred, 
 162                                struct tevent_context *event_ctx,
 163                                struct loadparm_context *lp_ctx,
 164                                struct ccache_container **ccc);
 165 int cli_credentials_get_keytab(struct cli_credentials *cred, 
 166                                struct tevent_context *event_ctx,
 167                                struct loadparm_context *lp_ctx,
 168                                struct keytab_container **_ktc);
 169 const char *cli_credentials_get_domain(struct cli_credentials *cred);
 170 struct creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred);
 171 void cli_credentials_set_machine_account_pending(struct cli_credentials *cred,
 172                                                  struct loadparm_context *lp_ctx);
 173 void cli_credentials_set_conf(struct cli_credentials *cred, 
 174                               struct loadparm_context *lp_ctx);
 175 const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx);
 176 int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, 
 177                                          struct tevent_context *event_ctx,
 178                                          struct loadparm_context *lp_ctx,
 179                                          struct gssapi_creds_container **_gcc);
 180 int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, 
 181                                          struct tevent_context *event_ctx,
 182                                          struct loadparm_context *lp_ctx,
 183                                          struct gssapi_creds_container **_gcc);
 184 void cli_credentials_set_kerberos_state(struct cli_credentials *creds, 
 185                                         enum credentials_use_kerberos use_kerberos);
 186 bool cli_credentials_set_domain(struct cli_credentials *cred, 
 187                                 const char *val, 
 188                                 enum credentials_obtained obtained);
 189 bool cli_credentials_set_domain_callback(struct cli_credentials *cred,
 190                                          const char *(*domain_cb) (struct cli_credentials *));
 191 bool cli_credentials_set_username(struct cli_credentials *cred, 
 192                                   const char *val, enum credentials_obtained obtained);
 193 bool cli_credentials_set_username_callback(struct cli_credentials *cred,
 194                                   const char *(*username_cb) (struct cli_credentials *));
 195 bool cli_credentials_set_principal(struct cli_credentials *cred, 
 196                                    const char *val, 
 197                                    enum credentials_obtained obtained);
 198 bool cli_credentials_set_principal_callback(struct cli_credentials *cred,
 199                                   const char *(*principal_cb) (struct cli_credentials *));
 200 bool cli_credentials_set_password(struct cli_credentials *cred, 
 201                                   const char *val, 
 202                                   enum credentials_obtained obtained);
 203 struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx);
 204 void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained);
 205 const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred, 
 206                                                         TALLOC_CTX *mem_ctx);
 207 bool cli_credentials_set_realm(struct cli_credentials *cred, 
 208                                const char *val, 
 209                                enum credentials_obtained obtained);
 210 void cli_credentials_set_secure_channel_type(struct cli_credentials *cred,
 211                                      enum netr_SchannelType secure_channel_type);
 212 void cli_credentials_set_netlogon_creds(struct cli_credentials *cred, 
 213                                         struct creds_CredentialState *netlogon_creds);
 214 NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred, 
 215                                           struct smb_krb5_context *smb_krb5_context);
 216 NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
 217                                               struct tevent_context *event_ctx,
 218                                               struct loadparm_context *lp_ctx,
 219                                               const char *serviceprincipal);
 220 NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
 221                                              struct loadparm_context *lp_ctx);
 222 bool cli_credentials_authentication_requested(struct cli_credentials *cred);
 223 void cli_credentials_guess(struct cli_credentials *cred,
 224                            struct loadparm_context *lp_ctx);
 225 bool cli_credentials_set_bind_dn(struct cli_credentials *cred, 
 226                                  const char *bind_dn);
 227 const char *cli_credentials_get_bind_dn(struct cli_credentials *cred);
 228 bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, enum credentials_obtained obtained);
 229 const char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx);
 230 bool cli_credentials_set_password_callback(struct cli_credentials *cred,
 231                                            const char *(*password_cb) (struct cli_credentials *));
 232 enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred);
 233 void cli_credentials_set_kvno(struct cli_credentials *cred,
 234                               int kvno);
 235 bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
 236                                  const struct samr_Password *nt_hash, 
 237                                  enum credentials_obtained obtained);
 238 bool cli_credentials_set_ntlm_response(struct cli_credentials *cred,
 239                                        const DATA_BLOB *lm_response, 
 240                                        const DATA_BLOB *nt_response, 
 241                                        enum credentials_obtained obtained);
 242 int cli_credentials_set_keytab_name(struct cli_credentials *cred, 
 243                                     struct tevent_context *event_ctx,
 244                                     struct loadparm_context *lp_ctx,
 245                                     const char *keytab_name, 
 246                                     enum credentials_obtained obtained);
 247 int cli_credentials_update_keytab(struct cli_credentials *cred, 
 248                                   struct tevent_context *event_ctx,
 249                                   struct loadparm_context *lp_ctx);
 250 void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features);
 251 uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds);
 252 int cli_credentials_set_ccache(struct cli_credentials *cred, 
 253                                struct tevent_context *event_ctx,
 254                                struct loadparm_context *lp_ctx,
 255                                const char *name, 
 256                                enum credentials_obtained obtained);
 257 bool cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained);
 258 bool cli_credentials_parse_password_fd(struct cli_credentials *credentials, 
 259                                        int fd, enum credentials_obtained obtained);
 260 void cli_credentials_invalidate_ccache(struct cli_credentials *cred, 
 261                                        enum credentials_obtained obtained);
 262 void cli_credentials_set_salt_principal(struct cli_credentials *cred, const char *principal);
 263 enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds);
 264 NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, 
 265                                      struct tevent_context *event_ctx,
 266                                      struct loadparm_context *lp_ctx,
 267                                      struct ldb_context *ldb,
 268                                      const char *base,
 269                                      const char *filter);
 270  int cli_credentials_get_kvno(struct cli_credentials *cred);
 271 
 272 #endif /* __CREDENTIALS_H__ */

/* [<][>][^][v][top][bottom][index][help] */