1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26#ifndef _SMB_TOKEN_H 27#define _SMB_TOKEN_H 28 29#include <smbsrv/netrauth.h> 30#include <smbsrv/smb_privilege.h> 31#include <smbsrv/smb_sid.h> 32#include <smbsrv/smb_xdr.h> 33 34#ifdef __cplusplus 35extern "C" { 36#endif 37 38/* 39 * User Session Key 40 * 41 * This is part of the MAC key which is required for signing SMB messages. 42 */ 43typedef struct smb_session_key { 44 uint8_t data[16]; 45} smb_session_key_t; 46 47/* 48 * Access Token 49 * 50 * An access token identifies a user, the user's privileges and the 51 * list of groups of which the user is a member. This information is 52 * used when access is requested to an object by comparing this 53 * information with the DACL in the object's security descriptor. 54 * 55 * There should be one unique token per user per session per client. 56 * 57 * Access Token Flags 58 * 59 * SMB_ATF_GUEST Token belongs to guest user 60 * SMB_ATF_ANON Token belongs to anonymous user 61 * and it's only good for IPC Connection. 62 * SMB_ATF_POWERUSER Token belongs to a Power User member 63 * SMB_ATF_BACKUPOP Token belongs to a Power User member 64 * SMB_ATF_ADMIN Token belongs to a Domain Admins member 65 */ 66#define SMB_ATF_GUEST 0x00000001 67#define SMB_ATF_ANON 0x00000002 68#define SMB_ATF_POWERUSER 0x00000004 69#define SMB_ATF_BACKUPOP 0x00000008 70#define SMB_ATF_ADMIN 0x00000010 71 72#define SMB_POSIX_GRPS_SIZE(n) \ 73 (sizeof (smb_posix_grps_t) + (n - 1) * sizeof (gid_t)) 74/* 75 * It consists of the primary and supplementary POSIX groups. 76 */ 77typedef struct smb_posix_grps { 78 uint32_t pg_ngrps; 79 gid_t pg_grps[ANY_SIZE_ARRAY]; 80} smb_posix_grps_t; 81 82typedef struct smb_token { 83 smb_id_t tkn_user; 84 smb_id_t tkn_owner; 85 smb_id_t tkn_primary_grp; 86 smb_ids_t tkn_win_grps; 87 smb_privset_t *tkn_privileges; 88 char *tkn_account_name; 89 char *tkn_domain_name; 90 uint32_t tkn_flags; 91 uint32_t tkn_audit_sid; 92 smb_session_key_t *tkn_session_key; 93 smb_posix_grps_t *tkn_posix_grps; 94} smb_token_t; 95 96/* 97 * Details required to authenticate a user. 98 */ 99typedef struct smb_logon { 100 uint16_t lg_level; 101 char *lg_username; /* requested username */ 102 char *lg_domain; /* requested domain */ 103 char *lg_e_username; /* effective username */ 104 char *lg_e_domain; /* effective domain */ 105 char *lg_workstation; 106 smb_inaddr_t lg_clnt_ipaddr; 107 smb_inaddr_t lg_local_ipaddr; 108 uint16_t lg_local_port; 109 smb_buf32_t lg_challenge_key; 110 smb_buf32_t lg_nt_password; 111 smb_buf32_t lg_lm_password; 112 int lg_native_os; 113 int lg_native_lm; 114 uint32_t lg_flags; 115 uint32_t lg_logon_id; /* filled in user space */ 116 uint32_t lg_domain_type; /* filled in user space */ 117 uint32_t lg_secmode; /* filled in user space */ 118 uint32_t lg_status; /* filled in user space */ 119} smb_logon_t; 120 121bool_t smb_logon_xdr(); 122bool_t smb_token_xdr(); 123 124#ifndef _KERNEL 125smb_token_t *smb_logon(smb_logon_t *); 126void smb_logon_abort(void); 127void smb_token_destroy(smb_token_t *); 128uint8_t *smb_token_encode(smb_token_t *, uint32_t *); 129void smb_token_log(smb_token_t *); 130smb_logon_t *smb_logon_decode(uint8_t *, uint32_t); 131void smb_logon_free(smb_logon_t *); 132#else /* _KERNEL */ 133void smb_token_free(smb_token_t *); 134#endif /* _KERNEL */ 135 136int smb_token_query_privilege(smb_token_t *token, int priv_id); 137boolean_t smb_token_valid(smb_token_t *); 138 139#ifdef __cplusplus 140} 141#endif 142 143 144#endif /* _SMB_TOKEN_H */ 145