auth/credentials: keep cli_credentials private

Signed-off-by: Stefan Metzmacher <[email protected]>

Reviewed-by: Andrew Bartlett <[email protected]>

auth/credentials/credentials.c

@@ -24,6 +24,7 @@
 #include "includes.h"
 #include "librpc/gen_ndr/samr.h" /* for struct samrPassword */
 #include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_internal.h"
 #include "libcli/auth/libcli_auth.h"
 #include "tevent.h"
 #include "param/param.h"

auth/credentials/credentials.h

@@ -25,9 +25,17 @@
 #include "../lib/util/data_blob.h"
 #include "librpc/gen_ndr/misc.h"
 
+struct cli_credentials;
 struct ccache_container;
 struct tevent_context;
 struct netlogon_creds_CredentialState;
+struct ldb_context;
+struct ldb_message;
+struct loadparm_context;
+struct ccache_container;
+struct gssapi_creds_container;
+struct smb_krb5_context;
+struct keytab_container;
 
 /* In order of priority */
 enum credentials_obtained { 
@@ -57,99 +65,6 @@ enum credentials_krb_forwardable {
 #define CLI_CRED_NTLM_AUTH   0x08
 #define CLI_CRED_CLEAR_AUTH  0x10   /* TODO:  Push cleartext auth with this flag */
 
-struct cli_credentials {
-	enum credentials_obtained workstation_obtained;
-	enum credentials_obtained username_obtained;
-	enum credentials_obtained password_obtained;
-	enum credentials_obtained domain_obtained;
-	enum credentials_obtained realm_obtained;
-	enum credentials_obtained ccache_obtained;
-	enum credentials_obtained client_gss_creds_obtained;
-	enum credentials_obtained principal_obtained;
-	enum credentials_obtained keytab_obtained;
-	enum credentials_obtained server_gss_creds_obtained;
-
-	/* Threshold values (essentially a MAX() over a number of the
-	 * above) for the ccache and GSS credentials, to ensure we
-	 * regenerate/pick correctly */
-
-	enum credentials_obtained ccache_threshold;
-	enum credentials_obtained client_gss_creds_threshold;
-
-	const char *workstation;
-	const char *username;
-	const char *password;
-	const char *old_password;
-	const char *domain;
-	const char *realm;
-	const char *principal;
-	char *salt_principal;
-	char *impersonate_principal;
-	char *self_service;
-	char *target_service;
-
-	const char *bind_dn;
-
-	/* Allows authentication from a keytab or similar */
-	struct samr_Password *nt_hash;
-
-	/* Allows NTLM pass-though authentication */
-	DATA_BLOB lm_response;
-	DATA_BLOB nt_response;
-
-	struct ccache_container *ccache;
-	struct gssapi_creds_container *client_gss_creds;
-	struct keytab_container *keytab;
-	struct gssapi_creds_container *server_gss_creds;
-
-	const char *(*workstation_cb) (struct cli_credentials *);
-	const char *(*password_cb) (struct cli_credentials *);
-	const char *(*username_cb) (struct cli_credentials *);
-	const char *(*domain_cb) (struct cli_credentials *);
-	const char *(*realm_cb) (struct cli_credentials *);
-	const char *(*principal_cb) (struct cli_credentials *);
-
-	/* Private handle for the callback routines to use */
-	void *priv_data;
-
-	struct netlogon_creds_CredentialState *netlogon_creds;
-	enum netr_SchannelType secure_channel_type;
-	int kvno;
-	time_t password_last_changed_time;
-
-	struct smb_krb5_context *smb_krb5_context;
-
-	/* We are flagged to get machine account details from the
-	 * secrets.ldb when we are asked for a username or password */
-	bool machine_account_pending;
-	struct loadparm_context *machine_account_pending_lp_ctx;
-
-	/* Is this a machine account? */
-	bool machine_account;
-
-	/* Should we be trying to use kerberos? */
-	enum credentials_use_kerberos use_kerberos;
-
-	/* Should we get a forwardable ticket? */
-	enum credentials_krb_forwardable krb_forwardable;
-
-	/* gensec features which should be used for connections */
-	uint32_t gensec_features;
-
-	/* Number of retries left before bailing out */
-	int tries;
-
-	/* Whether any callback is currently running */
-	bool callback_running;
-};
-
-struct ldb_context;
-struct ldb_message;
-struct loadparm_context;
-struct ccache_container;
-
-struct gssapi_creds_container;
-
 const char *cli_credentials_get_workstation(struct cli_credentials *cred);
 bool cli_credentials_set_workstation(struct cli_credentials *cred, 
 				     const char *val, 

auth/credentials/credentials_internal.h

@@ -0,0 +1,114 @@
+/*
+   samba -- Unix SMB/CIFS implementation.
+
+   Client credentials structure
+
+   Copyright (C) Jelmer Vernooij 2004-2006
+   Copyright (C) Andrew Bartlett <[email protected]> 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+#ifndef __CREDENTIALS_INTERNAL_H__
+#define __CREDENTIALS_INTERNAL_H__
+
+#include "../lib/util/data_blob.h"
+#include "librpc/gen_ndr/misc.h"
+
+struct cli_credentials {
+	enum credentials_obtained workstation_obtained;
+	enum credentials_obtained username_obtained;
+	enum credentials_obtained password_obtained;
+	enum credentials_obtained domain_obtained;
+	enum credentials_obtained realm_obtained;
+	enum credentials_obtained ccache_obtained;
+	enum credentials_obtained client_gss_creds_obtained;
+	enum credentials_obtained principal_obtained;
+	enum credentials_obtained keytab_obtained;
+	enum credentials_obtained server_gss_creds_obtained;
+
+	/* Threshold values (essentially a MAX() over a number of the
+	 * above) for the ccache and GSS credentials, to ensure we
+	 * regenerate/pick correctly */
+
+	enum credentials_obtained ccache_threshold;
+	enum credentials_obtained client_gss_creds_threshold;
+
+	const char *workstation;
+	const char *username;
+	const char *password;
+	const char *old_password;
+	const char *domain;
+	const char *realm;
+	const char *principal;
+	char *salt_principal;
+	char *impersonate_principal;
+	char *self_service;
+	char *target_service;
+
+	const char *bind_dn;
+
+	/* Allows authentication from a keytab or similar */
+	struct samr_Password *nt_hash;
+
+	/* Allows NTLM pass-though authentication */
+	DATA_BLOB lm_response;
+	DATA_BLOB nt_response;
+
+	struct ccache_container *ccache;
+	struct gssapi_creds_container *client_gss_creds;
+	struct keytab_container *keytab;
+	struct gssapi_creds_container *server_gss_creds;
+
+	const char *(*workstation_cb) (struct cli_credentials *);
+	const char *(*password_cb) (struct cli_credentials *);
+	const char *(*username_cb) (struct cli_credentials *);
+	const char *(*domain_cb) (struct cli_credentials *);
+	const char *(*realm_cb) (struct cli_credentials *);
+	const char *(*principal_cb) (struct cli_credentials *);
+
+	/* Private handle for the callback routines to use */
+	void *priv_data;
+
+	struct netlogon_creds_CredentialState *netlogon_creds;
+	enum netr_SchannelType secure_channel_type;
+	int kvno;
+	time_t password_last_changed_time;
+
+	struct smb_krb5_context *smb_krb5_context;
+
+	/* We are flagged to get machine account details from the
+	 * secrets.ldb when we are asked for a username or password */
+	bool machine_account_pending;
+	struct loadparm_context *machine_account_pending_lp_ctx;
+
+	/* Is this a machine account? */
+	bool machine_account;
+
+	/* Should we be trying to use kerberos? */
+	enum credentials_use_kerberos use_kerberos;
+
+	/* Should we get a forwardable ticket? */
+	enum credentials_krb_forwardable krb_forwardable;
+
+	/* gensec features which should be used for connections */
+	uint32_t gensec_features;
+
+	/* Number of retries left before bailing out */
+	int tries;
+
+	/* Whether any callback is currently running */
+	bool callback_running;
+};
+
+#endif /* __CREDENTIALS_INTERNAL_H__ */

auth/credentials/credentials_krb5.c

@@ -26,6 +26,7 @@
 #include "system/gssapi.h"
 #include "auth/kerberos/kerberos.h"
 #include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_internal.h"
 #include "auth/credentials/credentials_proto.h"
 #include "auth/credentials/credentials_krb5.h"
 #include "auth/kerberos/kerberos_credentials.h"

auth/credentials/credentials_ntlm.c

@@ -26,6 +26,7 @@
 #include "../lib/crypto/crypto.h"
 #include "libcli/auth/libcli_auth.h"
 #include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_internal.h"
 
 _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, 
 					   int *flags,

auth/credentials/credentials_secrets.c

@@ -28,6 +28,7 @@
 #include "param/secrets.h"
 #include "system/filesys.h"
 #include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_internal.h"
 #include "auth/credentials/credentials_proto.h"
 #include "auth/credentials/credentials_krb5.h"
 #include "auth/kerberos/kerberos_util.h"