libsmbns/common/smbns_krb.h

da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER START
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The contents of this file are subject to the terms of the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Common Development and Distribution License (the "License").
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You may not use this file except in compliance with the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * or http://www.opensolaris.org/os/licensing.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * See the License for the specific language governing permissions
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and limitations under the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * When distributing Covered Code, include this CDDL HEADER in each
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If applicable, add the following below this CDDL HEADER, with the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * fields enclosed by brackets "[]" replaced with your own identifying
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * information: Portions Copyright [yyyy] [name of copyright owner]
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER END
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright#ifndef _SMBSRV_SMB_KRB_H
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright#define _SMBSRV_SMB_KRB_H
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <kerberosv5/krb5.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#ifdef __cplusplus
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwextern "C" {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
8d7e41661dc4633488e93b13363137523ce59977jose borrego#define SMBNS_KRB5_KEYTAB   "/etc/krb5/krb5.keytab"
8d7e41661dc4633488e93b13363137523ce59977jose borrego#define SMBNS_KRB5_KEYTAB_TMP   "/etc/krb5/krb5.keytab.tmp.XXXXXX"
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright#define SMB_PN_SPN_ATTR         0x0001 /* w/o REALM portion */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright#define SMB_PN_UPN_ATTR         0x0002 /* w/  REALM */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright#define SMB_PN_KEYTAB_ENTRY     0x0004 /* w/  REALM */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright#define SMB_PN_SALT         0x0008 /* w/  REALM */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright#define SMB_PN_SVC_HOST         "host"
12b65585e720714b31036daaa2b30eb76014048eGordon Ross#define SMB_PN_SVC_CIFS         "cifs"
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright#define SMB_PN_SVC_NFS          "nfs"
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright#define SMB_PN_SVC_HTTP         "HTTP"
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright#define SMB_PN_SVC_ROOT         "root"
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright/* Assign an identifier for each principal name format */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrighttypedef enum smb_krb5_pn_id {
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    SMB_KRB5_PN_ID_SALT,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross    SMB_KRB5_PN_ID_HOST_FQHN,   /* fully qualified name */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross    SMB_KRB5_PN_ID_HOST_SHORT,  /* short name */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross    SMB_KRB5_PN_ID_CIFS_FQHN,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross    SMB_KRB5_PN_ID_CIFS_SHORT,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross    SMB_KRB5_PN_ID_MACHINE,     /* the machine account */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    SMB_KRB5_PN_ID_NFS_FQHN,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    SMB_KRB5_PN_ID_HTTP_FQHN,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    SMB_KRB5_PN_ID_ROOT_FQHN,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright} smb_krb5_pn_id_t;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright/*
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * A principal name can be constructed based on the following:
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright *
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * p_id    - identifier for a principal name.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * p_svc   - service with which the principal is associated.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * p_flags - usage of the principal is identified - whether it can be used as a
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright *           SPN attribute, UPN attribute, or/and keytab entry, etc.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrighttypedef struct smb_krb5_pn {
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    smb_krb5_pn_id_t    p_id;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    char            *p_svc;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    uint32_t        p_flags;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright} smb_krb5_pn_t;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright/*
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * A set of principal names
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright *
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * ps_cnt - the number of principal names in the array.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * ps_set - An array of principal names terminated with a NULL pointer.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrighttypedef struct smb_krb5_pn_set {
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    uint32_t    s_cnt;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    char        **s_pns;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright} smb_krb5_pn_set_t;
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossint smb_kinit(char *, char *, char *);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightint smb_krb5_ctx_init(krb5_context *);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightvoid smb_krb5_ctx_fini(krb5_context);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightint smb_krb5_get_kprincs(krb5_context, char **, size_t, krb5_principal **);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightvoid smb_krb5_free_kprincs(krb5_context, krb5_principal *, size_t);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightint smb_krb5_setpwd(krb5_context, const char *, char *);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightint smb_krb5_kt_populate(krb5_context, const char *, krb5_principal *,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    int, char *, krb5_kvno, char *, krb5_enctype *, int);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightboolean_t smb_krb5_kt_find(smb_krb5_pn_id_t, const char *, char *);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightuint32_t smb_krb5_get_pn_set(smb_krb5_pn_set_t *, uint32_t, char *);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightvoid smb_krb5_free_pn_set(smb_krb5_pn_set_t *);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightvoid smb_krb5_log_errmsg(krb5_context, const char *, krb5_error_code);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#ifdef __cplusplus
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright#endif /* _SMBSRV_SMB_KRB_H */