1da6c28aaSamw /* 2da6c28aaSamw * CDDL HEADER START 3da6c28aaSamw * 4da6c28aaSamw * The contents of this file are subject to the terms of the 5da6c28aaSamw * Common Development and Distribution License (the "License"). 6da6c28aaSamw * You may not use this file except in compliance with the License. 7da6c28aaSamw * 8da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9da6c28aaSamw * or http://www.opensolaris.org/os/licensing. 10da6c28aaSamw * See the License for the specific language governing permissions 11da6c28aaSamw * and limitations under the License. 12da6c28aaSamw * 13da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each 14da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the 16da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying 17da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner] 18da6c28aaSamw * 19da6c28aaSamw * CDDL HEADER END 20da6c28aaSamw */ 21da6c28aaSamw /* 22*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23da6c28aaSamw * Use is subject to license terms. 24da6c28aaSamw */ 25da6c28aaSamw 26da6c28aaSamw /* 27da6c28aaSamw * NT Token library (kernel/user) 28da6c28aaSamw */ 29da6c28aaSamw 30da6c28aaSamw #ifdef _KERNEL 31da6c28aaSamw #include <sys/types.h> 32da6c28aaSamw #include <sys/cmn_err.h> 33da6c28aaSamw #include <sys/kmem.h> 34da6c28aaSamw #else /* _KERNEL */ 35da6c28aaSamw #include <stdlib.h> 36da6c28aaSamw #include <strings.h> 37da6c28aaSamw #include <syslog.h> 38da6c28aaSamw #endif /* _KERNEL */ 39da6c28aaSamw 40da6c28aaSamw #include <smbsrv/string.h> 41da6c28aaSamw #include <smbsrv/smb_token.h> 42da6c28aaSamw #include <smbsrv/smb_xdr.h> 43da6c28aaSamw 44da6c28aaSamw /* 45da6c28aaSamw * smb_token_query_privilege 46da6c28aaSamw * 47da6c28aaSamw * Find out if the specified privilege is enable in the given 48da6c28aaSamw * access token. 49da6c28aaSamw */ 50da6c28aaSamw int 51da6c28aaSamw smb_token_query_privilege(smb_token_t *token, int priv_id) 52da6c28aaSamw { 53da6c28aaSamw smb_privset_t *privset; 54da6c28aaSamw int i; 55da6c28aaSamw 56da6c28aaSamw if ((token == NULL) || (token->tkn_privileges == NULL)) 57da6c28aaSamw return (0); 58da6c28aaSamw 59da6c28aaSamw privset = token->tkn_privileges; 60da6c28aaSamw for (i = 0; privset->priv_cnt; i++) { 61da6c28aaSamw if (privset->priv[i].luid.lo_part == priv_id) { 62da6c28aaSamw if (privset->priv[i].attrs == SE_PRIVILEGE_ENABLED) 63da6c28aaSamw return (1); 64da6c28aaSamw else 65da6c28aaSamw return (0); 66da6c28aaSamw } 67da6c28aaSamw } 68da6c28aaSamw 69da6c28aaSamw return (0); 70da6c28aaSamw } 71da6c28aaSamw 72*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States /* 73*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * Basic sanity check on a token. 74*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States */ 75*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States boolean_t 76*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_token_valid(smb_token_t *token) 77*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States { 78*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (token == NULL) 79*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (B_FALSE); 80*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 81*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if ((token->tkn_user.i_sid == NULL) || 82*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States (token->tkn_owner.i_sid == NULL) || 83*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States (token->tkn_primary_grp.i_sid == NULL) || 84*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States (token->tkn_account_name == NULL) || 85*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States (token->tkn_domain_name == NULL) || 86*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States (token->tkn_posix_grps == NULL)) 87*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (B_FALSE); 88*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 89*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if ((token->tkn_win_grps.i_cnt != 0) && 90*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States (token->tkn_win_grps.i_ids == NULL)) 91*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (B_FALSE); 92*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 93*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (B_TRUE); 94*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States } 95*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 96da6c28aaSamw #ifndef _KERNEL 97da6c28aaSamw /* 98*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * Encode: structure -> flat buffer (buffer size) 99da6c28aaSamw * Pre-condition: obj is non-null. 100da6c28aaSamw */ 101da6c28aaSamw uint8_t * 102*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_token_encode(smb_token_t *obj, uint32_t *len) 103da6c28aaSamw { 104da6c28aaSamw uint8_t *buf; 105da6c28aaSamw XDR xdrs; 106da6c28aaSamw 107da6c28aaSamw if (!obj) { 108*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States syslog(LOG_ERR, "smb_token_encode: invalid parameter"); 109da6c28aaSamw return (NULL); 110da6c28aaSamw } 111da6c28aaSamw 112*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States *len = xdr_sizeof(smb_token_xdr, obj); 113da6c28aaSamw buf = (uint8_t *)malloc(*len); 114da6c28aaSamw if (!buf) { 115*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States syslog(LOG_ERR, "smb_token_encode: %m"); 116da6c28aaSamw return (NULL); 117da6c28aaSamw } 118da6c28aaSamw 119da6c28aaSamw xdrmem_create(&xdrs, (const caddr_t)buf, *len, XDR_ENCODE); 120da6c28aaSamw 121*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (!smb_token_xdr(&xdrs, obj)) { 122*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States syslog(LOG_ERR, "smb_token_encode: XDR encode error"); 123da6c28aaSamw *len = 0; 124da6c28aaSamw free(buf); 125da6c28aaSamw buf = NULL; 126da6c28aaSamw } 127da6c28aaSamw 128da6c28aaSamw xdr_destroy(&xdrs); 129da6c28aaSamw return (buf); 130da6c28aaSamw } 131da6c28aaSamw 132da6c28aaSamw /* 133*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * Decode: flat buffer -> structure 134da6c28aaSamw */ 135*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_logon_t * 136*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_logon_decode(uint8_t *buf, uint32_t len) 137da6c28aaSamw { 138*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_logon_t *obj; 139da6c28aaSamw XDR xdrs; 140da6c28aaSamw 141da6c28aaSamw xdrmem_create(&xdrs, (const caddr_t)buf, len, XDR_DECODE); 142*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 143*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if ((obj = malloc(sizeof (smb_logon_t))) == NULL) { 144*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States syslog(LOG_ERR, "smb_logon_decode: %m"); 145da6c28aaSamw xdr_destroy(&xdrs); 146da6c28aaSamw return (NULL); 147da6c28aaSamw } 148da6c28aaSamw 149*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States bzero(obj, sizeof (smb_logon_t)); 150*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (!smb_logon_xdr(&xdrs, obj)) { 151*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States syslog(LOG_ERR, "smb_logon_decode: XDR decode error"); 152da6c28aaSamw free(obj); 153da6c28aaSamw obj = NULL; 154da6c28aaSamw } 155da6c28aaSamw 156da6c28aaSamw xdr_destroy(&xdrs); 157da6c28aaSamw return (obj); 158da6c28aaSamw } 159cbfb650aScp160787 160cbfb650aScp160787 void 161*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_logon_free(smb_logon_t *obj) 162cbfb650aScp160787 { 163*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States xdr_free(smb_logon_xdr, (char *)obj); 164*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States free(obj); 165cbfb650aScp160787 } 166da6c28aaSamw #else /* _KERNEL */ 167da6c28aaSamw /* 168*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * Tokens are allocated in the kernel via XDR. 169*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * Call xdr_free before freeing the token structure. 170da6c28aaSamw */ 171da6c28aaSamw void 172da6c28aaSamw smb_token_free(smb_token_t *token) 173da6c28aaSamw { 174*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (token != NULL) { 175*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States xdr_free(smb_token_xdr, (char *)token); 176da6c28aaSamw kmem_free(token, sizeof (smb_token_t)); 177da6c28aaSamw } 178*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States } 179da6c28aaSamw #endif /* _KERNEL */ 180