xref: /titanic_50/usr/src/lib/smbsrv/libsmbns/common/smbns_krb.h (revision b3700b074e637f8c6991b70754c88a2cfffb246b) 
1da6c28aaSamw /*
2da6c28aaSamw  * CDDL HEADER START
3da6c28aaSamw  *
4da6c28aaSamw  * The contents of this file are subject to the terms of the
5da6c28aaSamw  * Common Development and Distribution License (the "License").
6da6c28aaSamw  * You may not use this file except in compliance with the License.
7da6c28aaSamw  *
8da6c28aaSamw  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9da6c28aaSamw  * or http://www.opensolaris.org/os/licensing.
10da6c28aaSamw  * See the License for the specific language governing permissions
11da6c28aaSamw  * and limitations under the License.
12da6c28aaSamw  *
13da6c28aaSamw  * When distributing Covered Code, include this CDDL HEADER in each
14da6c28aaSamw  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15da6c28aaSamw  * If applicable, add the following below this CDDL HEADER, with the
16da6c28aaSamw  * fields enclosed by brackets "[]" replaced with your own identifying
17da6c28aaSamw  * information: Portions Copyright [yyyy] [name of copyright owner]
18da6c28aaSamw  *
19da6c28aaSamw  * CDDL HEADER END
20da6c28aaSamw  */
21da6c28aaSamw /*
22148c5f43SAlan Wright  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
2312b65585SGordon Ross  * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
24da6c28aaSamw  */
25da6c28aaSamw 
26a0aa776eSAlan Wright #ifndef _SMBSRV_SMB_KRB_H
27a0aa776eSAlan Wright #define	_SMBSRV_SMB_KRB_H
28da6c28aaSamw 
29da6c28aaSamw #include <kerberosv5/krb5.h>
30da6c28aaSamw 
31da6c28aaSamw #ifdef __cplusplus
32da6c28aaSamw extern "C" {
33da6c28aaSamw #endif
34da6c28aaSamw 
3555bf511dSas200622 #define	SMBNS_KRB5_KEYTAB	"/etc/krb5/krb5.keytab"
368d7e4166Sjose borrego #define	SMBNS_KRB5_KEYTAB_TMP	"/etc/krb5/krb5.keytab.tmp.XXXXXX"
3755bf511dSas200622 
38148c5f43SAlan Wright #define	SMB_PN_SPN_ATTR			0x0001 /* w/o REALM portion */
39148c5f43SAlan Wright #define	SMB_PN_UPN_ATTR			0x0002 /* w/  REALM */
40148c5f43SAlan Wright #define	SMB_PN_KEYTAB_ENTRY		0x0004 /* w/  REALM */
41148c5f43SAlan Wright #define	SMB_PN_SALT			0x0008 /* w/  REALM */
42148c5f43SAlan Wright 
43148c5f43SAlan Wright #define	SMB_PN_SVC_HOST			"host"
4412b65585SGordon Ross #define	SMB_PN_SVC_CIFS			"cifs"
45148c5f43SAlan Wright #define	SMB_PN_SVC_NFS			"nfs"
46148c5f43SAlan Wright #define	SMB_PN_SVC_HTTP			"HTTP"
47148c5f43SAlan Wright #define	SMB_PN_SVC_ROOT			"root"
48148c5f43SAlan Wright 
49148c5f43SAlan Wright /* Assign an identifier for each principal name format */
50148c5f43SAlan Wright typedef enum smb_krb5_pn_id {
51148c5f43SAlan Wright 	SMB_KRB5_PN_ID_SALT,
5212b65585SGordon Ross 	SMB_KRB5_PN_ID_HOST_FQHN,	/* fully qualified name */
5312b65585SGordon Ross 	SMB_KRB5_PN_ID_HOST_SHORT,	/* short name */
5412b65585SGordon Ross 	SMB_KRB5_PN_ID_CIFS_FQHN,
5512b65585SGordon Ross 	SMB_KRB5_PN_ID_CIFS_SHORT,
5612b65585SGordon Ross 	SMB_KRB5_PN_ID_MACHINE,		/* the machine account */
57148c5f43SAlan Wright 	SMB_KRB5_PN_ID_NFS_FQHN,
58148c5f43SAlan Wright 	SMB_KRB5_PN_ID_HTTP_FQHN,
59148c5f43SAlan Wright 	SMB_KRB5_PN_ID_ROOT_FQHN,
60148c5f43SAlan Wright } smb_krb5_pn_id_t;
61148c5f43SAlan Wright 
62148c5f43SAlan Wright /*
63148c5f43SAlan Wright  * A principal name can be constructed based on the following:
64148c5f43SAlan Wright  *
65148c5f43SAlan Wright  * p_id    - identifier for a principal name.
66148c5f43SAlan Wright  * p_svc   - service with which the principal is associated.
67148c5f43SAlan Wright  * p_flags - usage of the principal is identified - whether it can be used as a
68148c5f43SAlan Wright  *           SPN attribute, UPN attribute, or/and keytab entry, etc.
69148c5f43SAlan Wright  */
70148c5f43SAlan Wright typedef struct smb_krb5_pn {
71148c5f43SAlan Wright 	smb_krb5_pn_id_t	p_id;
72148c5f43SAlan Wright 	char			*p_svc;
73148c5f43SAlan Wright 	uint32_t		p_flags;
74148c5f43SAlan Wright } smb_krb5_pn_t;
75148c5f43SAlan Wright 
76148c5f43SAlan Wright /*
77148c5f43SAlan Wright  * A set of principal names
78148c5f43SAlan Wright  *
79148c5f43SAlan Wright  * ps_cnt - the number of principal names in the array.
80148c5f43SAlan Wright  * ps_set - An array of principal names terminated with a NULL pointer.
81148c5f43SAlan Wright  */
82148c5f43SAlan Wright typedef struct smb_krb5_pn_set {
83148c5f43SAlan Wright 	uint32_t	s_cnt;
84148c5f43SAlan Wright 	char		**s_pns;
85148c5f43SAlan Wright } smb_krb5_pn_set_t;
86faa1795aSjb150015 
87*b3700b07SGordon Ross int smb_kinit(char *, char *, char *);
88148c5f43SAlan Wright int smb_krb5_ctx_init(krb5_context *);
89148c5f43SAlan Wright void smb_krb5_ctx_fini(krb5_context);
90148c5f43SAlan Wright int smb_krb5_get_kprincs(krb5_context, char **, size_t, krb5_principal **);
91148c5f43SAlan Wright void smb_krb5_free_kprincs(krb5_context, krb5_principal *, size_t);
92148c5f43SAlan Wright int smb_krb5_setpwd(krb5_context, const char *, char *);
93148c5f43SAlan Wright 
94148c5f43SAlan Wright int smb_krb5_kt_populate(krb5_context, const char *, krb5_principal *,
95148c5f43SAlan Wright     int, char *, krb5_kvno, char *, krb5_enctype *, int);
96148c5f43SAlan Wright boolean_t smb_krb5_kt_find(smb_krb5_pn_id_t, const char *, char *);
97148c5f43SAlan Wright 
98148c5f43SAlan Wright uint32_t smb_krb5_get_pn_set(smb_krb5_pn_set_t *, uint32_t, char *);
99148c5f43SAlan Wright void smb_krb5_free_pn_set(smb_krb5_pn_set_t *);
100148c5f43SAlan Wright void smb_krb5_log_errmsg(krb5_context, const char *, krb5_error_code);
101da6c28aaSamw 
102da6c28aaSamw #ifdef __cplusplus
103da6c28aaSamw }
104da6c28aaSamw #endif
105da6c28aaSamw 
106a0aa776eSAlan Wright #endif /* _SMBSRV_SMB_KRB_H */
107