4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
29 #include <smbsrv/netrauth.h>
30 #include <smbsrv/smb_privilege.h>
31 #include <smbsrv/smb_sid.h>
32 #include <smbsrv/smb_xdr.h>
41 * This is part of the MAC key which is required for signing SMB messages.
43 typedef struct smb_session_key
{
50 * An access token identifies a user, the user's privileges and the
51 * list of groups of which the user is a member. This information is
52 * used when access is requested to an object by comparing this
53 * information with the DACL in the object's security descriptor.
55 * There should be one unique token per user per session per client.
59 * SMB_ATF_GUEST Token belongs to guest user
60 * SMB_ATF_ANON Token belongs to anonymous user
61 * and it's only good for IPC Connection.
62 * SMB_ATF_POWERUSER Token belongs to a Power User member
63 * SMB_ATF_BACKUPOP Token belongs to a Power User member
64 * SMB_ATF_ADMIN Token belongs to a Domain Admins member
66 #define SMB_ATF_GUEST 0x00000001
67 #define SMB_ATF_ANON 0x00000002
68 #define SMB_ATF_POWERUSER 0x00000004
69 #define SMB_ATF_BACKUPOP 0x00000008
70 #define SMB_ATF_ADMIN 0x00000010
72 #define SMB_POSIX_GRPS_SIZE(n) \
73 (sizeof (smb_posix_grps_t) + (n - 1) * sizeof (gid_t))
75 * It consists of the primary and supplementary POSIX groups.
77 typedef struct smb_posix_grps
{
79 gid_t pg_grps
[ANY_SIZE_ARRAY
];
82 typedef struct smb_token
{
85 smb_id_t tkn_primary_grp
;
86 smb_ids_t tkn_win_grps
;
87 smb_privset_t
*tkn_privileges
;
88 char *tkn_account_name
;
89 char *tkn_domain_name
;
91 uint32_t tkn_audit_sid
;
92 smb_session_key_t
*tkn_session_key
;
93 smb_posix_grps_t
*tkn_posix_grps
;
97 * Details required to authenticate a user.
99 typedef struct smb_logon
{
101 char *lg_username
; /* requested username */
102 char *lg_domain
; /* requested domain */
103 char *lg_e_username
; /* effective username */
104 char *lg_e_domain
; /* effective domain */
105 char *lg_workstation
;
106 smb_inaddr_t lg_clnt_ipaddr
;
107 smb_inaddr_t lg_local_ipaddr
;
108 uint16_t lg_local_port
;
109 smb_buf32_t lg_challenge_key
;
110 smb_buf32_t lg_nt_password
;
111 smb_buf32_t lg_lm_password
;
115 uint32_t lg_logon_id
; /* filled in user space */
116 uint32_t lg_domain_type
; /* filled in user space */
117 uint32_t lg_secmode
; /* filled in user space */
118 uint32_t lg_status
; /* filled in user space */
121 bool_t
smb_logon_xdr();
122 bool_t
smb_token_xdr();
125 smb_token_t
*smb_logon(smb_logon_t
*);
126 void smb_logon_abort(void);
127 void smb_token_destroy(smb_token_t
*);
128 uint8_t *smb_token_encode(smb_token_t
*, uint32_t *);
129 void smb_token_log(smb_token_t
*);
130 smb_logon_t
*smb_logon_decode(uint8_t *, uint32_t);
131 void smb_logon_free(smb_logon_t
*);
133 void smb_token_free(smb_token_t
*);
136 int smb_token_query_privilege(smb_token_t
*token
, int priv_id
);
137 boolean_t
smb_token_valid(smb_token_t
*);
144 #endif /* _SMB_TOKEN_H */