auth/credentials: add cli_credentials_get_principal_obtained()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 6a590483e9993dbb73d22be97b2159efdfe345fc..7564ede5a427e6dbd307e9ebd4203a4532c39196 100644 (file)
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -268,6 +268,64 @@ _PUBLIC_ const char *cli_credentials_get_bind_dn(struct cli_credentials *cred)
 }
 
 
+/**
+ * @brief Find out how the principal was obtained.
+ *
+ * @param cred A credentials context.
+ *
+ * @return The obtained information for the principal.
+ */
+_PUBLIC_ enum credentials_obtained
+cli_credentials_get_principal_obtained(struct cli_credentials *cred)
+{
+       if (cred->machine_account_pending) {
+               cli_credentials_set_machine_account(cred,
+                                       cred->machine_account_pending_lp_ctx);
+       }
+
+       if (cred->principal_obtained < cred->username_obtained
+           || cred->principal_obtained < MAX(cred->domain_obtained, cred->realm_obtained)) {
+               const char *effective_username = NULL;
+               const char *effective_realm = NULL;
+               enum credentials_obtained effective_obtained;
+
+               /*
+                * We don't want to trigger a callbacks in
+                * cli_credentials_get_username()
+                * cli_credentials_get_domain()
+                * nor
+                * cli_credentials_get_realm()
+                */
+
+               effective_username = cred->username;
+               if (effective_username == NULL || strlen(effective_username) == 0) {
+                       return cred->username_obtained;
+               }
+
+               if (cred->domain_obtained > cred->realm_obtained) {
+                       effective_realm = cred->domain;
+                       effective_obtained = MIN(cred->domain_obtained,
+                                                cred->username_obtained);
+               } else {
+                       effective_realm = cred->realm;
+                       effective_obtained = MIN(cred->realm_obtained,
+                                                cred->username_obtained);
+               }
+
+               if (effective_realm == NULL || strlen(effective_realm) == 0) {
+                       effective_realm = cred->domain;
+                       effective_obtained = MIN(cred->domain_obtained,
+                                                cred->username_obtained);
+               }
+
+               if (effective_realm != NULL && strlen(effective_realm) != 0) {
+                       return effective_obtained;
+               }
+       }
+
+       return cred->principal_obtained;
+}
+
 /**
  * Obtain the client principal for this credentials context.
  * @param cred credentials context

diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index 9a9bd513201a00f2bfb08c1f78f941c2bc863a24..6b35914b4310759b8f177efcb8555ceb5fc38879 100644 (file)
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -280,6 +280,8 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
 bool cli_credentials_set_username_callback(struct cli_credentials *cred,
                                  const char *(*username_cb) (struct cli_credentials *));
 
+enum credentials_obtained cli_credentials_get_principal_obtained(struct cli_credentials *cred);
+
 /**
  * Obtain the client principal for this credentials context.
  * @param cred credentials context