1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _LIBMLSVC_H 27 #define _LIBMLSVC_H 28 29 #pragma ident "%Z%%M% %I% %E% SMI" 30 31 #include <sys/types.h> 32 #include <smbsrv/ntsid.h> 33 #include <smbsrv/hash_table.h> 34 #include <smbsrv/smb_token.h> 35 #include <smbsrv/smb_privilege.h> 36 #include <smbsrv/lmshare.h> 37 #include <smbsrv/libsmb.h> 38 39 #ifdef __cplusplus 40 extern "C" { 41 #endif 42 43 extern int mlsvc_init(void); 44 extern int mlsvc_is_local_domain(const char *); 45 extern DWORD lsa_query_primary_domain_info(void); 46 extern DWORD lsa_query_account_domain_info(void); 47 extern DWORD lsa_enum_trusted_domains(void); 48 49 extern boolean_t locate_resource_pdc(char *); 50 51 #define SMB_AUTOHOME_FILE "smbautohome" 52 #define SMB_AUTOHOME_PATH "/etc" 53 54 typedef struct smb_autohome { 55 struct smb_autohome *ah_next; 56 uint32_t ah_hits; 57 time_t ah_timestamp; 58 char *ah_name; /* User account name */ 59 char *ah_path; /* Home directory path */ 60 char *ah_container; /* ADS container distinguished name */ 61 } smb_autohome_t; 62 63 extern int smb_autohome_add(const char *); 64 extern int smb_autohome_remove(const char *); 65 extern int smb_is_autohome(const lmshare_info_t *); 66 extern void smb_autohome_setent(void); 67 extern void smb_autohome_endent(void); 68 extern smb_autohome_t *smb_autohome_getent(const char *name); 69 extern smb_autohome_t *smb_autohome_lookup(const char *name); 70 71 /* 72 * Local groups 73 */ 74 #define NT_GROUP_FMRI_PREFIX "network/smb/group" 75 76 typedef enum { 77 RWLOCK_NONE, 78 RWLOCK_WRITER, 79 RWLOCK_READER 80 } krwmode_t; 81 82 typedef struct nt_group_data { 83 void *data; 84 int size; 85 } nt_group_data_t; 86 87 /* 88 * IMPORTANT NOTE: 89 * If you change nt_group_member_t, nt_group_members_t, or nt_group_t 90 * structures, you MIGHT have to change following functions accordingly: 91 * nt_group_setfields 92 * nt_group_init_size 93 * nt_group_init 94 */ 95 typedef struct nt_group_member { 96 uint16_t info_size; /* size of the whole structure */ 97 uint16_t sid_name_use; /* type of the specified SID */ 98 char *account; /* Pointer to account name of member */ 99 nt_sid_t sid; /* Variable length */ 100 } nt_group_member_t; 101 102 typedef struct nt_group_members { 103 uint32_t size; /* in bytes */ 104 uint32_t count; 105 nt_group_member_t list[ANY_SIZE_ARRAY]; 106 } nt_group_members_t; 107 108 typedef struct nt_group { 109 time_t age; 110 nt_group_data_t info; 111 /* 112 * following fields point to a contigous block 113 * of memory that is read and written from/to DB 114 */ 115 uint32_t *attr; 116 uint16_t *sid_name_use; 117 char *name; 118 char *comment; 119 nt_sid_t *sid; 120 smb_privset_t *privileges; 121 nt_group_members_t *members; 122 } nt_group_t; 123 124 typedef struct nt_group_iterator { 125 HT_ITERATOR *iterator; 126 int iteration; 127 } nt_group_iterator_t; 128 129 extern int nt_group_num_groups(void); 130 extern uint32_t nt_group_add(char *, char *); 131 extern uint32_t nt_group_modify(char *, char *, char *); 132 extern uint32_t nt_group_delete(char *); 133 extern nt_group_t *nt_group_getinfo(char *, krwmode_t); 134 extern void nt_group_putinfo(nt_group_t *); 135 136 extern int nt_group_getpriv(nt_group_t *, uint32_t); 137 extern uint32_t nt_group_setpriv(nt_group_t *, uint32_t, uint32_t); 138 139 /* Member manipulation functions */ 140 extern int nt_group_is_member(nt_group_t *, nt_sid_t *); 141 extern uint32_t nt_group_del_member(nt_group_t *, void *, int); 142 extern uint32_t nt_group_add_member(nt_group_t *, nt_sid_t *, uint16_t, char *); 143 extern int nt_group_num_members(nt_group_t *); 144 145 extern void nt_group_ht_lock(krwmode_t); 146 extern void nt_group_ht_unlock(void); 147 148 extern nt_group_iterator_t *nt_group_open_iterator(void); 149 extern void nt_group_close_iterator(nt_group_iterator_t *); 150 extern nt_group_t *nt_group_iterate(nt_group_iterator_t *); 151 152 extern int nt_group_cache_size(void); 153 154 extern int nt_group_member_list(int offset, nt_group_t *grp, 155 ntgrp_member_list_t *rmembers); 156 extern void nt_group_list(int offset, char *pattern, ntgrp_list_t *list); 157 158 extern uint32_t sam_init(void); 159 160 extern uint32_t nt_group_add_member_byname(char *, char *); 161 extern uint32_t nt_group_del_member_byname(nt_group_t *, char *); 162 extern void nt_group_add_groupprivs(nt_group_t *, smb_privset_t *); 163 164 extern uint32_t nt_groups_member_privs(nt_sid_t *, smb_privset_t *); 165 extern int nt_groups_member_ngroups(nt_sid_t *); 166 extern uint32_t nt_groups_member_groups(nt_sid_t *, smb_id_t *, int); 167 extern nt_group_t *nt_groups_lookup_rid(uint32_t); 168 extern int nt_groups_count(int); 169 170 /* 171 * source for account name size is MSDN 172 */ 173 #define NT_GROUP_NAME_CHAR_MAX 32 174 #define NT_GROUP_NAME_MAX (NT_GROUP_NAME_CHAR_MAX * 3 + 1) 175 #define NT_GROUP_USER_NAME_MAX (NT_GROUP_NAME_CHAR_MAX * 3 + 1) 176 #define NT_GROUP_MEMBER_NAME_MAX (NT_GROUP_NAME_CHAR_MAX * 3 + 1) 177 #define NT_GROUP_COMMENT_MAX 256 178 179 /* 180 * flags for count operation 181 */ 182 #define NT_GROUP_CNT_BUILTIN 1 183 #define NT_GROUP_CNT_LOCAL 2 184 #define NT_GROUP_CNT_ALL 3 185 186 /* 187 * flag to distinguish between add and modify 188 * operations. 189 */ 190 #define NT_GROUP_OP_CHANGE 1 191 #define NT_GROUP_OP_SYNC 2 192 193 /* 194 * specify key type for deleting a member i.e. 195 * whether it's member's name or member's SID. 196 */ 197 #define NT_GROUP_KEY_SID 1 198 #define NT_GROUP_KEY_NAME 2 199 200 /* Macro for walking members */ 201 #define NEXT_MEMBER(m) (nt_group_member_t *)((char *)(m) + (m)->info_size) 202 203 /* 204 * When NT requests the security descriptor for a local file that 205 * doesn't already have a one, we generate one on-the-fly. The SD 206 * contains both user and group SIDs. The problem is that we need a 207 * way to distinguish a user SID from a group SID when NT performs a 208 * subsequent SID lookup to obtain the appropriate name to display. 209 * The following macros are used to map to and from an external 210 * representation so that we can tell the difference between UIDs 211 * and GIDs. The local UID/GID is shifted left and the LSB is used 212 * to distinguish the id type before it is inserted into the SID. 213 * We can then use this type identifier during lookup operations. 214 */ 215 #define SAM_MIN_RID 1000 216 #define SAM_RT_ERROR -1 217 #define SAM_RT_UNIX_UID 0 218 #define SAM_RT_UNIX_GID 1 219 #define SAM_RT_NT_UID 2 220 #define SAM_RT_NT_GID 3 221 #define SAM_RT_MASK 0x3 222 #define SAM_RT_EVERYONE 4 223 #define SAM_RT_UNKNOWN 5 224 225 #define SAM_RID_TYPE(rid) ((rid) & SAM_RT_MASK) 226 #define SAM_DECODE_RID(rid) (((rid) - SAM_MIN_RID) >> 2) 227 #define SAM_ENCODE_RID(type, id) ((((id) << 2) | type) + SAM_MIN_RID) 228 #define SAM_ENCODE_UXUID(id) SAM_ENCODE_RID(SAM_RT_UNIX_UID, id) 229 #define SAM_ENCODE_UXGID(id) SAM_ENCODE_RID(SAM_RT_UNIX_GID, id) 230 #define SAM_ENCODE_NTUID(id) SAM_ENCODE_RID(SAM_RT_NT_UID, id) 231 #define SAM_ENCODE_NTGID(id) SAM_ENCODE_RID(SAM_RT_NT_GID, id) 232 233 #ifdef __cplusplus 234 } 235 #endif 236 237 #endif /* _LIBMLSVC_H */ 238