libnet: Fix Coverity ID 1634803 Dereference after null check
[samba4-gss.git] / auth / credentials / credentials_internal.h
blobcda361e1dd03612c80b3b158eb12af1ac77ae9fb
1 /*
2 samba -- Unix SMB/CIFS implementation.
4 Client credentials structure
6 Copyright (C) Jelmer Vernooij 2004-2006
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #ifndef __CREDENTIALS_INTERNAL_H__
23 #define __CREDENTIALS_INTERNAL_H__
25 #include "../lib/util/data_blob.h"
26 #include "librpc/gen_ndr/misc.h"
27 #include "libcli/smb/smb_constants.h"
29 struct cli_credentials {
30 enum credentials_obtained workstation_obtained;
31 enum credentials_obtained username_obtained;
32 enum credentials_obtained password_obtained;
33 enum credentials_obtained domain_obtained;
34 enum credentials_obtained realm_obtained;
35 enum credentials_obtained ccache_obtained;
36 enum credentials_obtained client_gss_creds_obtained;
37 enum credentials_obtained principal_obtained;
38 enum credentials_obtained keytab_obtained;
39 enum credentials_obtained server_gss_creds_obtained;
40 enum credentials_obtained signing_state_obtained;
41 enum credentials_obtained ipc_signing_state_obtained;
42 enum credentials_obtained encryption_state_obtained;
43 enum credentials_obtained kerberos_state_obtained;
44 enum credentials_obtained gensec_features_obtained;
46 /* Threshold values (essentially a MAX() over a number of the
47 * above) for the ccache and GSS credentials, to ensure we
48 * regenerate/pick correctly */
50 enum credentials_obtained ccache_threshold;
51 enum credentials_obtained client_gss_creds_threshold;
53 const char *workstation;
54 const char *username;
55 const char *password;
56 const char *old_password;
57 const char *domain;
58 const char *realm;
59 const char *principal;
60 char *salt_principal;
61 char *impersonate_principal;
62 char *self_service;
63 char *target_service;
65 const char *bind_dn;
67 /* Allows authentication from a keytab or similar */
68 struct samr_Password *nt_hash;
69 struct samr_Password *old_nt_hash;
71 /* Allows NTLM pass-though authentication */
72 DATA_BLOB lm_response;
73 DATA_BLOB lm_session_key;
74 DATA_BLOB nt_response;
75 DATA_BLOB nt_session_key;
77 struct ccache_container *ccache;
78 struct gssapi_creds_container *client_gss_creds;
79 struct keytab_container *keytab;
80 struct gssapi_creds_container *server_gss_creds;
82 const char *(*workstation_cb) (struct cli_credentials *);
83 const char *(*password_cb) (struct cli_credentials *);
84 const char *(*username_cb) (struct cli_credentials *);
85 const char *(*domain_cb) (struct cli_credentials *);
86 const char *(*realm_cb) (struct cli_credentials *);
87 const char *(*principal_cb) (struct cli_credentials *);
89 /* Private handle for the callback routines to use */
90 void *priv_data;
92 struct netlogon_creds_CredentialState *netlogon_creds;
93 enum netr_SchannelType secure_channel_type;
94 int kvno;
95 time_t password_last_changed_time;
97 struct smb_krb5_context *smb_krb5_context;
99 /* We are flagged to get machine account details from the
100 * secrets.ldb when we are asked for a username or password */
101 bool machine_account_pending;
102 struct loadparm_context *machine_account_pending_lp_ctx;
104 /* Is this a machine account? */
105 bool machine_account;
107 /* Should we be trying to use kerberos? */
108 enum credentials_use_kerberos kerberos_state;
110 /* Should we get a forwardable ticket? */
111 enum credentials_krb_forwardable krb_forwardable;
113 /* Forced SASL mechanism */
114 char *forced_sasl_mech;
116 /* gensec features which should be used for connections */
117 uint32_t gensec_features;
119 /* Number of retries left before bailing out */
120 uint32_t password_tries;
122 /* Whether any callback is currently running */
123 bool callback_running;
125 char winbind_separator;
127 bool password_will_be_nt_hash;
129 enum smb_signing_setting signing_state;
131 enum smb_signing_setting ipc_signing_state;
133 enum smb_encryption_setting encryption_state;
135 /* Credentials to use for FAST */
136 struct cli_credentials *krb5_fast_armor_credentials;
138 /* Should we require FAST? */
139 bool krb5_require_fast_armor;
142 #endif /* __CREDENTIALS_INTERNAL_H__ */