xref: /illumos-gate/usr/src/lib/smbsrv/libsmbns/common/smbns_krb.h (revision 1a2d662a91cee3bf82f41cd47c7ae6f3825d9db2) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23  * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
24  */
25 
26 #ifndef _SMBSRV_SMB_KRB_H
27 #define	_SMBSRV_SMB_KRB_H
28 
29 #include <kerberosv5/krb5.h>
30 
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34 
35 #define	SMBNS_KRB5_KEYTAB	"/etc/krb5/krb5.keytab"
36 #define	SMBNS_KRB5_KEYTAB_TMP	"/etc/krb5/krb5.keytab.tmp.XXXXXX"
37 
38 #define	SMB_PN_SPN_ATTR			0x0001 /* w/o REALM portion */
39 #define	SMB_PN_UPN_ATTR			0x0002 /* w/  REALM */
40 #define	SMB_PN_KEYTAB_ENTRY		0x0004 /* w/  REALM */
41 #define	SMB_PN_SALT			0x0008 /* w/  REALM */
42 
43 #define	SMB_PN_SVC_HOST			"host"
44 #define	SMB_PN_SVC_CIFS			"cifs"
45 #define	SMB_PN_SVC_NFS			"nfs"
46 #define	SMB_PN_SVC_HTTP			"HTTP"
47 #define	SMB_PN_SVC_ROOT			"root"
48 
49 /* Assign an identifier for each principal name format */
50 typedef enum smb_krb5_pn_id {
51 	SMB_KRB5_PN_ID_SALT,
52 	SMB_KRB5_PN_ID_HOST_FQHN,	/* fully qualified name */
53 	SMB_KRB5_PN_ID_HOST_SHORT,	/* short name */
54 	SMB_KRB5_PN_ID_CIFS_FQHN,
55 	SMB_KRB5_PN_ID_CIFS_SHORT,
56 	SMB_KRB5_PN_ID_MACHINE,		/* the machine account */
57 	SMB_KRB5_PN_ID_NFS_FQHN,
58 	SMB_KRB5_PN_ID_HTTP_FQHN,
59 	SMB_KRB5_PN_ID_ROOT_FQHN,
60 } smb_krb5_pn_id_t;
61 
62 /*
63  * A principal name can be constructed based on the following:
64  *
65  * p_id    - identifier for a principal name.
66  * p_svc   - service with which the principal is associated.
67  * p_flags - usage of the principal is identified - whether it can be used as a
68  *           SPN attribute, UPN attribute, or/and keytab entry, etc.
69  */
70 typedef struct smb_krb5_pn {
71 	smb_krb5_pn_id_t	p_id;
72 	char			*p_svc;
73 	uint32_t		p_flags;
74 } smb_krb5_pn_t;
75 
76 /*
77  * A set of principal names
78  *
79  * ps_cnt - the number of principal names in the array.
80  * ps_set - An array of principal names terminated with a NULL pointer.
81  */
82 typedef struct smb_krb5_pn_set {
83 	uint32_t	s_cnt;
84 	char		**s_pns;
85 } smb_krb5_pn_set_t;
86 
87 int smb_kinit(char *, char *, char *);
88 int smb_krb5_ctx_init(krb5_context *);
89 void smb_krb5_ctx_fini(krb5_context);
90 int smb_krb5_get_kprincs(krb5_context, char **, size_t, krb5_principal **);
91 void smb_krb5_free_kprincs(krb5_context, krb5_principal *, size_t);
92 int smb_krb5_setpwd(krb5_context, const char *, char *);
93 
94 int smb_krb5_kt_populate(krb5_context, const char *, krb5_principal *,
95     int, char *, krb5_kvno, char *, krb5_enctype *, int);
96 boolean_t smb_krb5_kt_find(smb_krb5_pn_id_t, const char *, char *);
97 
98 uint32_t smb_krb5_get_pn_set(smb_krb5_pn_set_t *, uint32_t, char *);
99 void smb_krb5_free_pn_set(smb_krb5_pn_set_t *);
100 void smb_krb5_log_errmsg(krb5_context, const char *, krb5_error_code);
101 
102 #ifdef __cplusplus
103 }
104 #endif
105 
106 #endif /* _SMBSRV_SMB_KRB_H */
107