1*da6c28aaSamw /* 2*da6c28aaSamw * CDDL HEADER START 3*da6c28aaSamw * 4*da6c28aaSamw * The contents of this file are subject to the terms of the 5*da6c28aaSamw * Common Development and Distribution License (the "License"). 6*da6c28aaSamw * You may not use this file except in compliance with the License. 7*da6c28aaSamw * 8*da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*da6c28aaSamw * or http://www.opensolaris.org/os/licensing. 10*da6c28aaSamw * See the License for the specific language governing permissions 11*da6c28aaSamw * and limitations under the License. 12*da6c28aaSamw * 13*da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each 14*da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the 16*da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying 17*da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner] 18*da6c28aaSamw * 19*da6c28aaSamw * CDDL HEADER END 20*da6c28aaSamw */ 21*da6c28aaSamw /* 22*da6c28aaSamw * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23*da6c28aaSamw * Use is subject to license terms. 24*da6c28aaSamw */ 25*da6c28aaSamw 26*da6c28aaSamw #ifndef _SMBSRV_NETRAUTH_H 27*da6c28aaSamw #define _SMBSRV_NETRAUTH_H 28*da6c28aaSamw 29*da6c28aaSamw #pragma ident "%Z%%M% %I% %E% SMI" 30*da6c28aaSamw 31*da6c28aaSamw 32*da6c28aaSamw /* 33*da6c28aaSamw * Interface definitions for the NETR remote authentication and logon 34*da6c28aaSamw * services. 35*da6c28aaSamw */ 36*da6c28aaSamw 37*da6c28aaSamw #include <sys/types.h> 38*da6c28aaSamw #include <smbsrv/wintypes.h> 39*da6c28aaSamw #include <smbsrv/mlsvc.h> 40*da6c28aaSamw 41*da6c28aaSamw #ifndef _KERNEL 42*da6c28aaSamw #include <syslog.h> 43*da6c28aaSamw #endif /* _KERNEL */ 44*da6c28aaSamw 45*da6c28aaSamw #ifdef __cplusplus 46*da6c28aaSamw extern "C" { 47*da6c28aaSamw #endif 48*da6c28aaSamw 49*da6c28aaSamw /* 50*da6c28aaSamw * See also netlogon.ndl. 51*da6c28aaSamw */ 52*da6c28aaSamw #define NETR_WKSTA_TRUST_ACCOUNT_TYPE 0x02 53*da6c28aaSamw #define NETR_DOMAIN_TRUST_ACCOUNT_TYPE 0x04 54*da6c28aaSamw 55*da6c28aaSamw /* 56*da6c28aaSamw * Negotiation flags for challenge/response authentication. 57*da6c28aaSamw * The extra flag (0x40000000) was added in SP4. 58*da6c28aaSamw */ 59*da6c28aaSamw #define NETR_NEGOTIATE_FLAGS 0x000001FF 60*da6c28aaSamw #define NETR_NEGOTIATE_SP4_FLAG 0x40000000 61*da6c28aaSamw 62*da6c28aaSamw #define NETR_SESSION_KEY_SZ 8 63*da6c28aaSamw #define NETR_CRED_DATA_SZ 8 64*da6c28aaSamw #define NETR_OWF_PASSWORD_SZ 16 65*da6c28aaSamw 66*da6c28aaSamw 67*da6c28aaSamw /* 68*da6c28aaSamw * SAM logon levels: interactive and network. 69*da6c28aaSamw */ 70*da6c28aaSamw #define NETR_INTERACTIVE_LOGON 0x01 71*da6c28aaSamw #define NETR_NETWORK_LOGON 0x02 72*da6c28aaSamw 73*da6c28aaSamw 74*da6c28aaSamw /* 75*da6c28aaSamw * SAM logon validation levels. 76*da6c28aaSamw */ 77*da6c28aaSamw #define NETR_VALIDATION_LEVEL3 0x03 78*da6c28aaSamw 79*da6c28aaSamw 80*da6c28aaSamw /* 81*da6c28aaSamw * This is a duplicate of the netr_credential 82*da6c28aaSamw * from netlogon.ndl. 83*da6c28aaSamw */ 84*da6c28aaSamw typedef struct netr_cred { 85*da6c28aaSamw BYTE data[NETR_CRED_DATA_SZ]; 86*da6c28aaSamw } netr_cred_t; 87*da6c28aaSamw 88*da6c28aaSamw 89*da6c28aaSamw 90*da6c28aaSamw #define NETR_FLG_NULL 0x00000001 91*da6c28aaSamw #define NETR_FLG_VALID 0x00000001 92*da6c28aaSamw #define NETR_FLG_INIT 0x00000002 93*da6c28aaSamw 94*da6c28aaSamw 95*da6c28aaSamw typedef struct netr_info { 96*da6c28aaSamw DWORD flags; 97*da6c28aaSamw char server[MLSVC_DOMAIN_NAME_MAX * 2]; 98*da6c28aaSamw char hostname[MLSVC_DOMAIN_NAME_MAX * 2]; 99*da6c28aaSamw netr_cred_t client_challenge; 100*da6c28aaSamw netr_cred_t server_challenge; 101*da6c28aaSamw netr_cred_t client_credential; 102*da6c28aaSamw netr_cred_t server_credential; 103*da6c28aaSamw BYTE session_key[NETR_SESSION_KEY_SZ]; 104*da6c28aaSamw BYTE password[MLSVC_MACHINE_ACCT_PASSWD_MAX]; 105*da6c28aaSamw time_t timestamp; 106*da6c28aaSamw } netr_info_t; 107*da6c28aaSamw 108*da6c28aaSamw /* 109*da6c28aaSamw * netr_client_t flags 110*da6c28aaSamw * 111*da6c28aaSamw * NETR_CFLG_ANON Anonymous connection 112*da6c28aaSamw * NETR_CFLG_LOCAL Local user 113*da6c28aaSamw * NETR_CFLG_DOMAIN Domain user 114*da6c28aaSamw */ 115*da6c28aaSamw #define NETR_CFLG_ANON 0x01 116*da6c28aaSamw #define NETR_CFLG_LOCAL 0x02 117*da6c28aaSamw #define NETR_CFLG_DOMAIN 0x04 118*da6c28aaSamw 119*da6c28aaSamw 120*da6c28aaSamw typedef struct netr_client { 121*da6c28aaSamw uint16_t logon_level; 122*da6c28aaSamw char *username; 123*da6c28aaSamw char *domain; 124*da6c28aaSamw char *workstation; 125*da6c28aaSamw uint32_t ipaddr; 126*da6c28aaSamw struct { 127*da6c28aaSamw uint32_t challenge_key_len; 128*da6c28aaSamw uint8_t *challenge_key_val; 129*da6c28aaSamw } challenge_key; 130*da6c28aaSamw struct { 131*da6c28aaSamw uint32_t nt_password_len; 132*da6c28aaSamw uint8_t *nt_password_val; 133*da6c28aaSamw } nt_password; 134*da6c28aaSamw struct { 135*da6c28aaSamw uint32_t lm_password_len; 136*da6c28aaSamw uint8_t *lm_password_val; 137*da6c28aaSamw } lm_password; 138*da6c28aaSamw uint32_t logon_id; 139*da6c28aaSamw int native_os; 140*da6c28aaSamw int native_lm; 141*da6c28aaSamw uint32_t local_ipaddr; 142*da6c28aaSamw uint16_t local_port; 143*da6c28aaSamw uint32_t flags; 144*da6c28aaSamw } netr_client_t; 145*da6c28aaSamw 146*da6c28aaSamw 147*da6c28aaSamw /* 148*da6c28aaSamw * NETLOGON private interface. 149*da6c28aaSamw */ 150*da6c28aaSamw int netr_gen_session_key(netr_info_t *netr_info); 151*da6c28aaSamw 152*da6c28aaSamw int netr_gen_credentials(BYTE *session_key, netr_cred_t *challenge, 153*da6c28aaSamw DWORD timestamp, netr_cred_t *out_cred); 154*da6c28aaSamw 155*da6c28aaSamw 156*da6c28aaSamw #define NETR_A2H(c) (isdigit(c)) ? ((c) - '0') : ((c) - 'A' + 10) 157*da6c28aaSamw 158*da6c28aaSamw #ifdef __cplusplus 159*da6c28aaSamw } 160*da6c28aaSamw #endif 161*da6c28aaSamw 162*da6c28aaSamw #endif /* _SMBSRV_NETRAUTH_H */ 163