xref: /illumos-gate/usr/src/common/smbsrv/smb_token.c (revision f6e214c7418f43af38bd8c3a557e3d0a1d311cfa)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  * NT Token library (kernel/user)
28  */
29 
30 #ifdef _KERNEL
31 #include <sys/types.h>
32 #include <sys/cmn_err.h>
33 #include <sys/kmem.h>
34 #else /* _KERNEL */
35 #include <stdlib.h>
36 #include <strings.h>
37 #include <syslog.h>
38 #endif /* _KERNEL */
39 
40 #include <smbsrv/string.h>
41 #include <smbsrv/smb_token.h>
42 #include <smbsrv/smb_xdr.h>
43 
44 /*
45  * smb_token_query_privilege
46  *
47  * Find out if the specified privilege is enable in the given
48  * access token.
49  */
50 int
51 smb_token_query_privilege(smb_token_t *token, int priv_id)
52 {
53 	smb_privset_t *privset;
54 	int i;
55 
56 	if ((token == NULL) || (token->tkn_privileges == NULL))
57 		return (0);
58 
59 	privset = token->tkn_privileges;
60 	for (i = 0; privset->priv_cnt; i++) {
61 		if (privset->priv[i].luid.lo_part == priv_id) {
62 			if (privset->priv[i].attrs == SE_PRIVILEGE_ENABLED)
63 				return (1);
64 			else
65 				return (0);
66 		}
67 	}
68 
69 	return (0);
70 }
71 
72 /*
73  * Basic sanity check on a token.
74  */
75 boolean_t
76 smb_token_valid(smb_token_t *token)
77 {
78 	if (token == NULL)
79 		return (B_FALSE);
80 
81 	if ((token->tkn_user.i_sid == NULL) ||
82 	    (token->tkn_owner.i_sid == NULL) ||
83 	    (token->tkn_primary_grp.i_sid == NULL) ||
84 	    (token->tkn_account_name == NULL) ||
85 	    (token->tkn_domain_name == NULL) ||
86 	    (token->tkn_posix_grps == NULL))
87 		return (B_FALSE);
88 
89 	if ((token->tkn_win_grps.i_cnt != 0) &&
90 	    (token->tkn_win_grps.i_ids == NULL))
91 		return (B_FALSE);
92 
93 	return (B_TRUE);
94 }
95 
96 #ifndef _KERNEL
97 /*
98  * Encode: structure -> flat buffer (buffer size)
99  * Pre-condition: obj is non-null.
100  */
101 uint8_t *
102 smb_token_encode(smb_token_t *obj, uint32_t *len)
103 {
104 	uint8_t *buf;
105 	XDR xdrs;
106 
107 	if (!obj) {
108 		syslog(LOG_ERR, "smb_token_encode: invalid parameter");
109 		return (NULL);
110 	}
111 
112 	*len = xdr_sizeof(smb_token_xdr, obj);
113 	buf = (uint8_t *)malloc(*len);
114 	if (!buf) {
115 		syslog(LOG_ERR, "smb_token_encode: %m");
116 		return (NULL);
117 	}
118 
119 	xdrmem_create(&xdrs, (const caddr_t)buf, *len, XDR_ENCODE);
120 
121 	if (!smb_token_xdr(&xdrs, obj)) {
122 		syslog(LOG_ERR, "smb_token_encode: XDR encode error");
123 		*len = 0;
124 		free(buf);
125 		buf = NULL;
126 	}
127 
128 	xdr_destroy(&xdrs);
129 	return (buf);
130 }
131 
132 /*
133  * Decode: flat buffer -> structure
134  */
135 smb_logon_t *
136 smb_logon_decode(uint8_t *buf, uint32_t len)
137 {
138 	smb_logon_t	*obj;
139 	XDR		xdrs;
140 
141 	xdrmem_create(&xdrs, (const caddr_t)buf, len, XDR_DECODE);
142 
143 	if ((obj = malloc(sizeof (smb_logon_t))) == NULL) {
144 		syslog(LOG_ERR, "smb_logon_decode: %m");
145 		xdr_destroy(&xdrs);
146 		return (NULL);
147 	}
148 
149 	bzero(obj, sizeof (smb_logon_t));
150 	if (!smb_logon_xdr(&xdrs, obj)) {
151 		syslog(LOG_ERR, "smb_logon_decode: XDR decode error");
152 		free(obj);
153 		obj = NULL;
154 	}
155 
156 	xdr_destroy(&xdrs);
157 	return (obj);
158 }
159 
160 void
161 smb_logon_free(smb_logon_t *obj)
162 {
163 	xdr_free(smb_logon_xdr, (char *)obj);
164 	free(obj);
165 }
166 #else /* _KERNEL */
167 /*
168  * Tokens are allocated in the kernel via XDR.
169  * Call xdr_free before freeing the token structure.
170  */
171 void
172 smb_token_free(smb_token_t *token)
173 {
174 	if (token != NULL) {
175 		xdr_free(smb_token_xdr, (char *)token);
176 		kmem_free(token, sizeof (smb_token_t));
177 	}
178 }
179 #endif /* _KERNEL */
180