1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  *
  25  * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
  26  */
  27 
  28 #ifndef _SMBSRV_NETRAUTH_H
  29 #define _SMBSRV_NETRAUTH_H
  30 
  31 /*
  32  * NETR remote authentication and logon services.
  33  */
  34 
  35 #include <sys/types.h>
  36 #include <smbsrv/wintypes.h>
  37 #include <smbsrv/netbios.h>
  38 #include <smbsrv/smbinfo.h>
  39 #include <netdb.h>
  40 
  41 #ifdef __cplusplus
  42 extern "C" {
  43 #endif
  44 
  45 /*
  46  * See also netlogon.ndl.
  47  */
  48 #define NETR_WKSTA_TRUST_ACCOUNT_TYPE           0x02
  49 #define NETR_DOMAIN_TRUST_ACCOUNT_TYPE          0x04
  50 
  51 /*
  52  * Negotiation flags for challenge/response authentication.
  53  */
  54 #define NETR_NEGOTIATE_BASE_FLAGS               0x000001FF
  55 #define NETR_NEGOTIATE_STRONGKEY_FLAG           0x00004000
  56 
  57 #define NETR_SESSKEY64_SZ                       8
  58 #define NETR_SESSKEY128_SZ                      16
  59 #define NETR_SESSKEY_MAXSZ                      NETR_SESSKEY128_SZ
  60 #define NETR_CRED_DATA_SZ                       8
  61 #define NETR_OWF_PASSWORD_SZ                    16
  62 
  63 /*
  64  * SAM logon levels: interactive and network.
  65  */
  66 #define NETR_INTERACTIVE_LOGON                  0x01
  67 #define NETR_NETWORK_LOGON                      0x02
  68 
  69 /*
  70  * SAM logon validation levels.
  71  */
  72 #define NETR_VALIDATION_LEVEL3                  0x03
  73 
  74 /*
  75  * Most of these are from: "MSV1_0_LM20_LOGON structure"
  76  * http://msdn.microsoft.com/en-us/library/windows/desktop/aa378762
  77  * and a few are from the ntddk (ntmsv1_0.h) found many places.
  78  */
  79 #define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED       0x00000002
  80 #define MSV1_0_UPDATE_LOGON_STATISTICS          0x00000004
  81 #define MSV1_0_RETURN_USER_PARAMETERS           0x00000008
  82 #define MSV1_0_DONT_TRY_GUEST_ACCOUNT           0x00000010
  83 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT       0x00000020
  84 #define MSV1_0_RETURN_PASSWORD_EXPIRY           0x00000040
  85 /*
  86  * MSV1_0_USE_CLIENT_CHALLENGE means the LM response field contains the
  87  * "client challenge" in the first 8 bytes instead of the LM response.
  88  */
  89 #define MSV1_0_USE_CLIENT_CHALLENGE             0x00000080
  90 #define MSV1_0_TRY_GUEST_ACCOUNT_ONLY           0x00000100
  91 #define MSV1_0_RETURN_PROFILE_PATH              0x00000200
  92 #define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY        0x00000400
  93 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT  0x00000800
  94 #define MSV1_0_DISABLE_PERSONAL_FALLBACK        0x00001000
  95 #define MSV1_0_ALLOW_FORCE_GUEST                0x00002000
  96 #define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED      0x00004000
  97 #define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY      0x00008000
  98 #define MSV1_0_SUBAUTHENTICATION_DLL_EX         0x00100000
  99 
 100 /*
 101  * This is a duplicate of the netr_credential
 102  * from netlogon.ndl.
 103  */
 104 typedef struct netr_cred {
 105         BYTE data[NETR_CRED_DATA_SZ];
 106 } netr_cred_t;
 107 
 108 typedef struct netr_session_key {
 109         BYTE key[NETR_SESSKEY_MAXSZ];
 110         short len;
 111 } netr_session_key_t;
 112 
 113 #define NETR_FLG_NULL           0x00000001
 114 #define NETR_FLG_VALID          0x00000001
 115 #define NETR_FLG_INIT           0x00000002
 116 
 117 /*
 118  * 120-byte machine account password (null-terminated)
 119  */
 120 #define NETR_MACHINE_ACCT_PASSWD_MAX    120 + 1
 121 
 122 typedef struct netr_info {
 123         DWORD flags;
 124         char server[MAXHOSTNAMELEN];            /* Current DC, FQDN */
 125         char hostname[NETBIOS_NAME_SZ * 2];     /* local "flat" name */
 126         netr_cred_t client_challenge;
 127         netr_cred_t server_challenge;
 128         netr_cred_t client_credential;
 129         netr_cred_t server_credential;
 130         netr_session_key_t session_key;
 131         BYTE password[NETR_MACHINE_ACCT_PASSWD_MAX];
 132         time_t timestamp;
 133 } netr_info_t;
 134 
 135 /*
 136  * NETLOGON private interface.
 137  */
 138 int netr_gen_skey64(netr_info_t *);
 139 int netr_gen_skey128(netr_info_t *);
 140 
 141 int netr_gen_credentials(BYTE *, netr_cred_t *, DWORD, netr_cred_t *);
 142 
 143 
 144 #define NETR_A2H(c) (isdigit(c)) ? ((c) - '0') : ((c) - 'A' + 10)
 145 
 146 #ifdef __cplusplus
 147 }
 148 #endif
 149 
 150 #endif /* _SMBSRV_NETRAUTH_H */