xref: /illumos-gate/usr/src/lib/smbsrv/libsmbns/common/smbns_krb.h (revision 89b42a211fa7d3527b9615260f495d22e430c5c5)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23  */
24 
25 #ifndef _SMBSRV_SMB_KRB_H
26 #define	_SMBSRV_SMB_KRB_H
27 
28 #include <kerberosv5/krb5.h>
29 
30 #ifdef __cplusplus
31 extern "C" {
32 #endif
33 
34 #define	SMBNS_KRB5_KEYTAB	"/etc/krb5/krb5.keytab"
35 #define	SMBNS_KRB5_KEYTAB_TMP	"/etc/krb5/krb5.keytab.tmp.XXXXXX"
36 
37 #define	SMB_PN_SPN_ATTR			0x0001 /* w/o REALM portion */
38 #define	SMB_PN_UPN_ATTR			0x0002 /* w/  REALM */
39 #define	SMB_PN_KEYTAB_ENTRY		0x0004 /* w/  REALM */
40 #define	SMB_PN_SALT			0x0008 /* w/  REALM */
41 
42 #define	SMB_PN_SVC_HOST			"host"
43 #define	SMB_PN_SVC_NFS			"nfs"
44 #define	SMB_PN_SVC_HTTP			"HTTP"
45 #define	SMB_PN_SVC_ROOT			"root"
46 
47 /* Assign an identifier for each principal name format */
48 typedef enum smb_krb5_pn_id {
49 	SMB_KRB5_PN_ID_SALT,
50 	SMB_KRB5_PN_ID_HOST_FQHN,
51 	SMB_KRB5_PN_ID_NFS_FQHN,
52 	SMB_KRB5_PN_ID_HTTP_FQHN,
53 	SMB_KRB5_PN_ID_ROOT_FQHN,
54 } smb_krb5_pn_id_t;
55 
56 /*
57  * A principal name can be constructed based on the following:
58  *
59  * p_id    - identifier for a principal name.
60  * p_svc   - service with which the principal is associated.
61  * p_flags - usage of the principal is identified - whether it can be used as a
62  *           SPN attribute, UPN attribute, or/and keytab entry, etc.
63  */
64 typedef struct smb_krb5_pn {
65 	smb_krb5_pn_id_t	p_id;
66 	char			*p_svc;
67 	uint32_t		p_flags;
68 } smb_krb5_pn_t;
69 
70 /*
71  * A set of principal names
72  *
73  * ps_cnt - the number of principal names in the array.
74  * ps_set - An array of principal names terminated with a NULL pointer.
75  */
76 typedef struct smb_krb5_pn_set {
77 	uint32_t	s_cnt;
78 	char		**s_pns;
79 } smb_krb5_pn_set_t;
80 
81 int smb_kinit(char *, char *);
82 int smb_krb5_ctx_init(krb5_context *);
83 void smb_krb5_ctx_fini(krb5_context);
84 int smb_krb5_get_kprincs(krb5_context, char **, size_t, krb5_principal **);
85 void smb_krb5_free_kprincs(krb5_context, krb5_principal *, size_t);
86 int smb_krb5_setpwd(krb5_context, const char *, char *);
87 
88 int smb_krb5_kt_populate(krb5_context, const char *, krb5_principal *,
89     int, char *, krb5_kvno, char *, krb5_enctype *, int);
90 boolean_t smb_krb5_kt_find(smb_krb5_pn_id_t, const char *, char *);
91 
92 uint32_t smb_krb5_get_pn_set(smb_krb5_pn_set_t *, uint32_t, char *);
93 void smb_krb5_free_pn_set(smb_krb5_pn_set_t *);
94 void smb_krb5_log_errmsg(krb5_context, const char *, krb5_error_code);
95 
96 #ifdef __cplusplus
97 }
98 #endif
99 
100 #endif /* _SMBSRV_SMB_KRB_H */
101