usr/src/uts/common/smbsrv/smb_token.h

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25
  26 #ifndef _SMB_TOKEN_H
  27 #define _SMB_TOKEN_H
  28
  29 #include <smbsrv/netrauth.h>
  30 #include <smbsrv/smb_privilege.h>
  31 #include <smbsrv/smb_sid.h>
  32 #include <smbsrv/smb_xdr.h>
  33
  34 #ifdef __cplusplus
  35 extern "C" {
  36 #endif
  37
  38 /*
  39  * User Session Key
  40  *
  41  * This is part of the MAC key which is required for signing SMB messages.
  42  */
  43 typedef struct smb_session_key {
  44         uint8_t data[16];
  45 } smb_session_key_t;
  46
  47 /*
  48  * Access Token
  49  *
  50  * An access token identifies a user, the user's privileges and the
  51  * list of groups of which the user is a member. This information is
  52  * used when access is requested to an object by comparing this
  53  * information with the DACL in the object's security descriptor.
  54  *
  55  * There should be one unique token per user per session per client.
  56  *
  57  * Access Token Flags
  58  *
  59  * SMB_ATF_GUEST        Token belongs to guest user
  60  * SMB_ATF_ANON         Token belongs to anonymous user
  61  *                      and it's only good for IPC Connection.
  62  * SMB_ATF_POWERUSER    Token belongs to a Power User member
  63  * SMB_ATF_BACKUPOP     Token belongs to a Power User member
  64  * SMB_ATF_ADMIN        Token belongs to a Domain Admins member
  65  */
  66 #define SMB_ATF_GUEST           0x00000001
  67 #define SMB_ATF_ANON            0x00000002
  68 #define SMB_ATF_POWERUSER       0x00000004
  69 #define SMB_ATF_BACKUPOP        0x00000008
  70 #define SMB_ATF_ADMIN           0x00000010
  71
  72 #define SMB_POSIX_GRPS_SIZE(n) \
  73         (sizeof (smb_posix_grps_t) + (n - 1) * sizeof (gid_t))
  74 /*
  75  * It consists of the primary and supplementary POSIX groups.
  76  */
  77 typedef struct smb_posix_grps {
  78         uint32_t        pg_ngrps;
  79         gid_t           pg_grps[ANY_SIZE_ARRAY];
  80 } smb_posix_grps_t;
  81
  82 typedef struct smb_token {
  83         smb_id_t        tkn_user;
  84         smb_id_t        tkn_owner;
  85         smb_id_t        tkn_primary_grp;
  86         smb_ids_t       tkn_win_grps;
  87         smb_privset_t   *tkn_privileges;
  88         char            *tkn_account_name;
  89         char            *tkn_domain_name;
  90         uint32_t        tkn_flags;
  91         uint32_t        tkn_audit_sid;
  92         smb_session_key_t *tkn_session_key;
  93         smb_posix_grps_t *tkn_posix_grps;
  94 } smb_token_t;
  95
  96 /*
  97  * Details required to authenticate a user.
  98  */
  99 typedef struct smb_logon {
 100         uint16_t        lg_level;
 101         char            *lg_username;   /* requested username */
 102         char            *lg_domain;     /* requested domain */
 103         char            *lg_e_username; /* effective username */
 104         char            *lg_e_domain;   /* effective domain */
 105         char            *lg_workstation;
 106         smb_inaddr_t    lg_clnt_ipaddr;
 107         smb_inaddr_t    lg_local_ipaddr;
 108         uint16_t        lg_local_port;
 109         smb_buf32_t     lg_challenge_key;
 110         smb_buf32_t     lg_nt_password;
 111         smb_buf32_t     lg_lm_password;
 112         int             lg_native_os;
 113         int             lg_native_lm;
 114         uint32_t        lg_flags;
 115         uint32_t        lg_logon_id;    /* filled in user space */
 116         uint32_t        lg_domain_type; /* filled in user space */
 117         uint32_t        lg_secmode;     /* filled in user space */
 118         uint32_t        lg_status;      /* filled in user space */
 119 } smb_logon_t;
 120
 121 bool_t smb_logon_xdr();
 122 bool_t smb_token_xdr();
 123
 124 #ifndef _KERNEL
 125 smb_token_t *smb_logon(smb_logon_t *);
 126 void smb_logon_abort(void);
 127 void smb_token_destroy(smb_token_t *);
 128 uint8_t *smb_token_encode(smb_token_t *, uint32_t *);
 129 void smb_token_log(smb_token_t *);
 130 smb_logon_t *smb_logon_decode(uint8_t *, uint32_t);
 131 void smb_logon_free(smb_logon_t *);
 132 #else /* _KERNEL */
 133 void smb_token_free(smb_token_t *);
 134 #endif /* _KERNEL */
 135
 136 int smb_token_query_privilege(smb_token_t *token, int priv_id);
 137 boolean_t smb_token_valid(smb_token_t *);
 138
 139 #ifdef __cplusplus
 140 }
 141 #endif
 142
 143
 144 #endif /* _SMB_TOKEN_H */