1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright 2014 Nexenta Systems, Inc. All rights reserved.
*/
#ifndef _SMBSRV_SMB_KRB_H
#define _SMBSRV_SMB_KRB_H
#include <kerberosv5/krb5.h>
#ifdef __cplusplus
extern "C" {
#endif
#define SMBNS_KRB5_KEYTAB "/etc/krb5/krb5.keytab"
#define SMBNS_KRB5_KEYTAB_TMP "/etc/krb5/krb5.keytab.tmp.XXXXXX"
#define SMB_PN_SPN_ATTR 0x0001 /* w/o REALM portion */
#define SMB_PN_UPN_ATTR 0x0002 /* w/ REALM */
#define SMB_PN_KEYTAB_ENTRY 0x0004 /* w/ REALM */
#define SMB_PN_SALT 0x0008 /* w/ REALM */
#define SMB_PN_SVC_HOST "host"
#define SMB_PN_SVC_CIFS "cifs"
#define SMB_PN_SVC_NFS "nfs"
#define SMB_PN_SVC_HTTP "HTTP"
#define SMB_PN_SVC_ROOT "root"
/* Assign an identifier for each principal name format */
typedef enum smb_krb5_pn_id {
SMB_KRB5_PN_ID_SALT,
SMB_KRB5_PN_ID_HOST_FQHN, /* fully qualified name */
SMB_KRB5_PN_ID_HOST_SHORT, /* short name */
SMB_KRB5_PN_ID_CIFS_FQHN,
SMB_KRB5_PN_ID_CIFS_SHORT,
SMB_KRB5_PN_ID_MACHINE, /* the machine account */
SMB_KRB5_PN_ID_NFS_FQHN,
SMB_KRB5_PN_ID_HTTP_FQHN,
SMB_KRB5_PN_ID_ROOT_FQHN,
} smb_krb5_pn_id_t;
/*
* A principal name can be constructed based on the following:
*
* p_id - identifier for a principal name.
* p_svc - service with which the principal is associated.
* p_flags - usage of the principal is identified - whether it can be used as a
* SPN attribute, UPN attribute, or/and keytab entry, etc.
*/
typedef struct smb_krb5_pn {
smb_krb5_pn_id_t p_id;
char *p_svc;
uint32_t p_flags;
} smb_krb5_pn_t;
/*
* A set of principal names
*
* ps_cnt - the number of principal names in the array.
* ps_set - An array of principal names terminated with a NULL pointer.
*/
typedef struct smb_krb5_pn_set {
uint32_t s_cnt;
char **s_pns;
} smb_krb5_pn_set_t;
int smb_kinit(char *, char *, char *);
int smb_krb5_ctx_init(krb5_context *);
void smb_krb5_ctx_fini(krb5_context);
int smb_krb5_get_kprincs(krb5_context, char **, size_t, krb5_principal **);
void smb_krb5_free_kprincs(krb5_context, krb5_principal *, size_t);
int smb_krb5_setpwd(krb5_context, const char *, char *);
int smb_krb5_kt_populate(krb5_context, const char *, krb5_principal *,
int, char *, krb5_kvno, char *, krb5_enctype *, int);
boolean_t smb_krb5_kt_find(smb_krb5_pn_id_t, const char *, char *);
uint32_t smb_krb5_get_pn_set(smb_krb5_pn_set_t *, uint32_t, char *);
void smb_krb5_free_pn_set(smb_krb5_pn_set_t *);
void smb_krb5_log_errmsg(krb5_context, const char *, krb5_error_code);
#ifdef __cplusplus
}
#endif
#endif /* _SMBSRV_SMB_KRB_H */
|
