Lines Matching refs:token
57 static uint32_t smb_token_setup_anon(smb_token_t *token);
69 smb_token_idmap(smb_token_t *token, smb_idmap_batch_t *sib)
76 if (!token || !sib)
81 if (token->tkn_flags & SMB_ATF_ANON) {
82 token->tkn_user.i_id = UID_NOBODY;
83 token->tkn_owner.i_id = UID_NOBODY;
86 id = &token->tkn_user;
95 id = &token->tkn_owner;
105 id = &token->tkn_primary_grp;
114 for (i = 0; i < token->tkn_win_grps.i_cnt; i++, sim++) {
115 id = &token->tkn_win_grps.i_ids[i];
130 * This will map all the SIDs of the access token to UIDs/GIDs.
135 smb_token_sids2ids(smb_token_t *token)
145 if (token->tkn_flags & SMB_ATF_ANON)
146 nmaps = token->tkn_win_grps.i_cnt + 1;
148 nmaps = token->tkn_win_grps.i_cnt + 3;
154 stat = smb_token_idmap(token, &sib);
170 * Setup the POSIX group membership of the access token if the given UID is
173 * token.
241 * Release all of the memory associated with a token structure. Ensure
242 * that the token has been unlinked before calling.
245 smb_token_destroy(smb_token_t *token)
247 if (token != NULL) {
248 smb_sid_free(token->tkn_user.i_sid);
249 smb_sid_free(token->tkn_owner.i_sid);
250 smb_sid_free(token->tkn_primary_grp.i_sid);
251 smb_ids_free(&token->tkn_win_grps);
252 smb_privset_free(token->tkn_privileges);
253 free(token->tkn_posix_grps);
254 free(token->tkn_account_name);
255 free(token->tkn_domain_name);
256 free(token->tkn_session_key);
257 bzero(token, sizeof (smb_token_t));
258 free(token);
269 smb_token_set_owner(smb_token_t *token)
274 if (token->tkn_flags & SMB_ATF_ADMIN) {
278 owner_sid = token->tkn_user->i_sid;
281 token->tkn_owner.i_sid = smb_sid_dup(owner_sid);
283 token->tkn_owner.i_sid = smb_sid_dup(token->tkn_user.i_sid);
287 smb_token_create_privs(smb_token_t *token)
304 if (smb_lgrp_is_member(&grp, token->tkn_user.i_sid))
310 if (token->tkn_flags & SMB_ATF_ADMIN) {
327 smb_token_set_flags(smb_token_t *token)
329 if (smb_token_is_member(token, smb_wka_get_sid("Administrators")))
330 token->tkn_flags |= SMB_ATF_ADMIN;
332 if (smb_token_is_member(token, smb_wka_get_sid("Power Users")))
333 token->tkn_flags |= SMB_ATF_POWERUSER;
335 if (smb_token_is_member(token, smb_wka_get_sid("Backup Operators")))
336 token->tkn_flags |= SMB_ATF_BACKUPOP;
340 * Common token setup for both local and domain users.
347 smb_token_setup_common(smb_token_t *token)
349 smb_token_set_flags(token);
351 smb_token_set_owner(token);
352 if (token->tkn_owner.i_sid == NULL)
356 token->tkn_privileges = smb_token_create_privs(token);
357 if (token->tkn_privileges == NULL)
360 if (smb_token_sids2ids(token) != 0) {
362 token->tkn_domain_name, token->tkn_account_name);
367 token->tkn_posix_grps = smb_token_create_pxgrps(token->tkn_user.i_id);
369 return (smb_token_valid(token));
414 * On success, a pointer to a new access token is returned.
425 smb_token_t *token = NULL;
438 if ((token = calloc(1, sizeof (smb_token_t))) == NULL) {
445 (*ops[i])(user_info, token);
452 if (smb_token_setup_common(token))
453 return (token);
456 smb_token_destroy(token);
471 smb_logon_local(smb_logon_t *user_info, smb_token_t *token)
487 status = smb_token_auth_local(user_info, token, &smbpw);
490 status = smb_token_setup_guest(user_info, token);
492 status = smb_token_setup_local(&smbpw, token);
510 smb_logon_guest(smb_logon_t *user_info, smb_token_t *token)
524 status = smb_token_auth_local(user_info, token, &smbpw);
527 status = smb_token_setup_guest(user_info, token);
535 * If user_info represents an anonymous user then setup the token.
539 smb_logon_anon(smb_logon_t *user_info, smb_token_t *token)
542 user_info->lg_status = smb_token_setup_anon(token);
550 smb_token_auth_local(smb_logon_t *user_info, smb_token_t *token,
573 token->tkn_session_key = NULL;
577 token->tkn_session_key = malloc(SMBAUTH_SESSION_KEY_SZ);
578 if (token->tkn_session_key == NULL)
588 (uchar_t *)token->tkn_session_key);
602 * Setup an access token for the specified local user.
605 smb_token_setup_local(smb_passwd_t *smbpw, smb_token_t *token)
615 token->tkn_account_name = strdup(smbpw->pw_name);
616 token->tkn_domain_name = strdup(nbname);
618 if (token->tkn_account_name == NULL ||
619 token->tkn_domain_name == NULL)
651 token->tkn_user.i_sid = smb_sid_dup(umap->sim_sid);
652 token->tkn_primary_grp.i_sid = smb_sid_dup(gmap->sim_sid);
656 if (token->tkn_user.i_sid == NULL ||
657 token->tkn_primary_grp.i_sid == NULL)
660 return (smb_token_setup_wingrps(token));
664 * Setup access token for guest connections
667 smb_token_setup_guest(smb_logon_t *user_info, smb_token_t *token)
669 token->tkn_account_name = strdup(user_info->lg_e_username);
672 token->tkn_domain_name = strdup(smb_guest.a_domain);
673 token->tkn_user.i_sid = smb_sid_dup(smb_guest.a_sid);
674 token->tkn_primary_grp.i_sid = smb_sid_dup(smb_domusers.a_sid);
676 token->tkn_flags = SMB_ATF_GUEST;
678 if (token->tkn_account_name == NULL ||
679 token->tkn_domain_name == NULL ||
680 token->tkn_user.i_sid == NULL ||
681 token->tkn_primary_grp.i_sid == NULL)
684 return (smb_token_setup_wingrps(token));
688 * Setup access token for anonymous connections
691 smb_token_setup_anon(smb_token_t *token)
695 token->tkn_account_name = strdup("Anonymous");
696 token->tkn_domain_name = strdup("NT Authority");
698 token->tkn_user.i_sid = smb_sid_dup(user_sid);
699 token->tkn_primary_grp.i_sid = smb_sid_dup(user_sid);
700 token->tkn_flags = SMB_ATF_ANON;
702 if (token->tkn_account_name == NULL ||
703 token->tkn_domain_name == NULL ||
704 token->tkn_user.i_sid == NULL ||
705 token->tkn_primary_grp.i_sid == NULL)
708 return (smb_token_setup_wingrps(token));
714 * Return a pointer to the user SID in the specified token. A null
718 smb_token_user_sid(smb_token_t *token)
720 return ((token) ? token->tkn_user.i_sid : NULL);
738 smb_token_group_sid(smb_token_t *token, int *iterator)
742 if (token == NULL || iterator == NULL)
745 if (token->tkn_win_grps.i_ids == NULL)
750 if (index < 0 || index >= token->tkn_win_grps.i_cnt)
754 return (token->tkn_win_grps.i_ids[index].i_sid);
761 * member of a token. The user SID and all group SIDs are tested.
762 * Returns 1 if the SID is a member of the token. Otherwise returns 0.
765 smb_token_is_member(smb_token_t *token, smb_sid_t *sid)
770 if (token == NULL || sid == NULL)
773 tsid = smb_token_user_sid(token);
778 tsid = smb_token_group_sid(token, &iterator);
787 * Diagnostic routine to write the contents of a token to the log.
790 smb_token_log(smb_token_t *token)
798 if (token == NULL)
802 (token->tkn_domain_name) ? token->tkn_domain_name : "-NULL-",
803 (token->tkn_account_name) ? token->tkn_account_name : "-NULL-");
805 syslog(LOG_DEBUG, " User->Attr: %d", token->tkn_user.i_attrs);
806 smb_sid_tostr((smb_sid_t *)token->tkn_user.i_sid, sidstr);
808 token->tkn_user.i_id);
810 smb_sid_tostr((smb_sid_t *)token->tkn_owner.i_sid, sidstr);
812 sidstr, token->tkn_owner.i_id);
814 smb_sid_tostr((smb_sid_t *)token->tkn_primary_grp.i_sid, sidstr);
816 sidstr, token->tkn_primary_grp.i_id);
818 w_grps = &token->tkn_win_grps;
836 x_grps = token->tkn_posix_grps;
845 if (token->tkn_privileges)
846 smb_privset_log(token->tkn_privileges);
853 * token. Two assumptions have been made here:
855 * a) token already contains a valid user SID so that group
858 * b) token belongs to a local or anonymous user
861 smb_token_setup_wingrps(smb_token_t *token)
875 tkn_grps.i_ids->i_sid = smb_sid_dup(token->tkn_primary_grp.i_sid);
876 tkn_grps.i_ids->i_attrs = token->tkn_primary_grp.i_attrs;
882 status = smb_sam_usr_groups(token->tkn_user.i_sid, &tkn_grps);
888 status = smb_wka_token_groups(token->tkn_flags, &tkn_grps);
894 token->tkn_win_grps = tkn_grps;