xref: /titanic_52/usr/src/uts/common/smbsrv/netrauth.h (revision ccdeb6b6d71f3c9aa7e78b688f7b34fff109a817)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  *
25  * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
26  */
27 
28 #ifndef _SMBSRV_NETRAUTH_H
29 #define	_SMBSRV_NETRAUTH_H
30 
31 /*
32  * NETR remote authentication and logon services.
33  */
34 
35 #include <sys/types.h>
36 #include <smbsrv/wintypes.h>
37 #include <smbsrv/netbios.h>
38 #include <smbsrv/smbinfo.h>
39 #include <netdb.h>
40 
41 #ifdef __cplusplus
42 extern "C" {
43 #endif
44 
45 /*
46  * See also netlogon.ndl.
47  */
48 #define	NETR_WKSTA_TRUST_ACCOUNT_TYPE		0x02
49 #define	NETR_DOMAIN_TRUST_ACCOUNT_TYPE		0x04
50 
51 /*
52  * Negotiation flags for challenge/response authentication.
53  */
54 #define	NETR_NEGOTIATE_BASE_FLAGS		0x000001FF
55 #define	NETR_NEGOTIATE_STRONGKEY_FLAG		0x00004000
56 
57 #define	NETR_SESSKEY64_SZ			8
58 #define	NETR_SESSKEY128_SZ			16
59 #define	NETR_SESSKEY_MAXSZ			NETR_SESSKEY128_SZ
60 #define	NETR_CRED_DATA_SZ			8
61 #define	NETR_OWF_PASSWORD_SZ			16
62 
63 /*
64  * SAM logon levels: interactive and network.
65  */
66 #define	NETR_INTERACTIVE_LOGON			0x01
67 #define	NETR_NETWORK_LOGON			0x02
68 
69 /*
70  * SAM logon validation levels.
71  */
72 #define	NETR_VALIDATION_LEVEL3			0x03
73 
74 /*
75  * Most of these are from: "MSV1_0_LM20_LOGON structure"
76  * http://msdn.microsoft.com/en-us/library/windows/desktop/aa378762
77  * and a few are from the ntddk (ntmsv1_0.h) found many places.
78  */
79 #define	MSV1_0_CLEARTEXT_PASSWORD_ALLOWED	0x00000002
80 #define	MSV1_0_UPDATE_LOGON_STATISTICS		0x00000004
81 #define	MSV1_0_RETURN_USER_PARAMETERS		0x00000008
82 #define	MSV1_0_DONT_TRY_GUEST_ACCOUNT		0x00000010
83 #define	MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT	0x00000020
84 #define	MSV1_0_RETURN_PASSWORD_EXPIRY		0x00000040
85 /*
86  * MSV1_0_USE_CLIENT_CHALLENGE means the LM response field contains the
87  * "client challenge" in the first 8 bytes instead of the LM response.
88  */
89 #define	MSV1_0_USE_CLIENT_CHALLENGE		0x00000080
90 #define	MSV1_0_TRY_GUEST_ACCOUNT_ONLY		0x00000100
91 #define	MSV1_0_RETURN_PROFILE_PATH		0x00000200
92 #define	MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY	0x00000400
93 #define	MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT	0x00000800
94 #define	MSV1_0_DISABLE_PERSONAL_FALLBACK	0x00001000
95 #define	MSV1_0_ALLOW_FORCE_GUEST		0x00002000
96 #define	MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED	0x00004000
97 #define	MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY	0x00008000
98 #define	MSV1_0_SUBAUTHENTICATION_DLL_EX		0x00100000
99 
100 /*
101  * This is a duplicate of the netr_credential
102  * from netlogon.ndl.
103  */
104 typedef struct netr_cred {
105 	BYTE data[NETR_CRED_DATA_SZ];
106 } netr_cred_t;
107 
108 typedef struct netr_session_key {
109 	BYTE key[NETR_SESSKEY_MAXSZ];
110 	short len;
111 } netr_session_key_t;
112 
113 #define	NETR_FLG_NULL		0x00000001
114 #define	NETR_FLG_VALID		0x00000001
115 #define	NETR_FLG_INIT		0x00000002
116 
117 /*
118  * 120-byte machine account password (null-terminated)
119  */
120 #define	NETR_MACHINE_ACCT_PASSWD_MAX	120 + 1
121 
122 typedef struct netr_info {
123 	DWORD flags;
124 	char server[MAXHOSTNAMELEN];		/* Current DC, FQDN */
125 	char hostname[NETBIOS_NAME_SZ * 2];	/* local "flat" name */
126 	netr_cred_t client_challenge;
127 	netr_cred_t server_challenge;
128 	netr_cred_t client_credential;
129 	netr_cred_t server_credential;
130 	netr_session_key_t session_key;
131 	BYTE password[NETR_MACHINE_ACCT_PASSWD_MAX];
132 	time_t timestamp;
133 } netr_info_t;
134 
135 /*
136  * NETLOGON private interface.
137  */
138 int netr_gen_skey64(netr_info_t *);
139 int netr_gen_skey128(netr_info_t *);
140 
141 int netr_gen_credentials(BYTE *, netr_cred_t *, DWORD, netr_cred_t *);
142 
143 
144 #define	NETR_A2H(c) (isdigit(c)) ? ((c) - '0') : ((c) - 'A' + 10)
145 
146 #ifdef __cplusplus
147 }
148 #endif
149 
150 #endif /* _SMBSRV_NETRAUTH_H */
151