1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 23 * Copyright 2014 Nexenta Systems, Inc. All rights reserved. 24 */ 25 26 #ifndef _SMBSRV_SMB_KRB_H 27 #define _SMBSRV_SMB_KRB_H 28 29 #include <kerberosv5/krb5.h> 30 31 #ifdef __cplusplus 32 extern "C" { 33 #endif 34 35 #define SMBNS_KRB5_KEYTAB "/etc/krb5/krb5.keytab" 36 #define SMBNS_KRB5_KEYTAB_TMP "/etc/krb5/krb5.keytab.tmp.XXXXXX" 37 38 #define SMB_PN_SPN_ATTR 0x0001 /* w/o REALM portion */ 39 #define SMB_PN_UPN_ATTR 0x0002 /* w/ REALM */ 40 #define SMB_PN_KEYTAB_ENTRY 0x0004 /* w/ REALM */ 41 #define SMB_PN_SALT 0x0008 /* w/ REALM */ 42 43 #define SMB_PN_SVC_HOST "host" 44 #define SMB_PN_SVC_CIFS "cifs" 45 #define SMB_PN_SVC_NFS "nfs" 46 #define SMB_PN_SVC_HTTP "HTTP" 47 #define SMB_PN_SVC_ROOT "root" 48 49 /* Assign an identifier for each principal name format */ 50 typedef enum smb_krb5_pn_id { 51 SMB_KRB5_PN_ID_SALT, 52 SMB_KRB5_PN_ID_HOST_FQHN, /* fully qualified name */ 53 SMB_KRB5_PN_ID_HOST_SHORT, /* short name */ 54 SMB_KRB5_PN_ID_CIFS_FQHN, 55 SMB_KRB5_PN_ID_CIFS_SHORT, 56 SMB_KRB5_PN_ID_MACHINE, /* the machine account */ 57 SMB_KRB5_PN_ID_NFS_FQHN, 58 SMB_KRB5_PN_ID_HTTP_FQHN, 59 SMB_KRB5_PN_ID_ROOT_FQHN, 60 } smb_krb5_pn_id_t; 61 62 /* 63 * A principal name can be constructed based on the following: 64 * 65 * p_id - identifier for a principal name. 66 * p_svc - service with which the principal is associated. 67 * p_flags - usage of the principal is identified - whether it can be used as a 68 * SPN attribute, UPN attribute, or/and keytab entry, etc. 69 */ 70 typedef struct smb_krb5_pn { 71 smb_krb5_pn_id_t p_id; 72 char *p_svc; 73 uint32_t p_flags; 74 } smb_krb5_pn_t; 75 76 /* 77 * A set of principal names 78 * 79 * ps_cnt - the number of principal names in the array. 80 * ps_set - An array of principal names terminated with a NULL pointer. 81 */ 82 typedef struct smb_krb5_pn_set { 83 uint32_t s_cnt; 84 char **s_pns; 85 } smb_krb5_pn_set_t; 86 87 int smb_kinit(char *, char *, char *); 88 int smb_krb5_ctx_init(krb5_context *); 89 void smb_krb5_ctx_fini(krb5_context); 90 int smb_krb5_get_kprincs(krb5_context, char **, size_t, krb5_principal **); 91 void smb_krb5_free_kprincs(krb5_context, krb5_principal *, size_t); 92 int smb_krb5_setpwd(krb5_context, const char *, char *); 93 94 int smb_krb5_kt_populate(krb5_context, const char *, krb5_principal *, 95 int, char *, krb5_kvno, char *, krb5_enctype *, int); 96 boolean_t smb_krb5_kt_find(smb_krb5_pn_id_t, const char *, char *); 97 98 uint32_t smb_krb5_get_pn_set(smb_krb5_pn_set_t *, uint32_t, char *); 99 void smb_krb5_free_pn_set(smb_krb5_pn_set_t *); 100 void smb_krb5_log_errmsg(krb5_context, const char *, krb5_error_code); 101 102 #ifdef __cplusplus 103 } 104 #endif 105 106 #endif /* _SMBSRV_SMB_KRB_H */ 107