xref: /illumos-gate/usr/src/uts/common/smbsrv/smb_token.h (revision 34841cc2abc43146ada78560d5f179be666acbda)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef _SMB_TOKEN_H
27 #define	_SMB_TOKEN_H
28 
29 #include <smbsrv/netrauth.h>
30 #include <smbsrv/smb_privilege.h>
31 #include <smbsrv/smb_sid.h>
32 #include <smbsrv/smb_xdr.h>
33 
34 #ifdef __cplusplus
35 extern "C" {
36 #endif
37 
38 /*
39  * User Session Key
40  *
41  * This is part of the MAC key which is required for signing SMB messages.
42  */
43 typedef struct smb_session_key {
44 	uint8_t data[16];
45 } smb_session_key_t;
46 
47 /*
48  * Access Token
49  *
50  * An access token identifies a user, the user's privileges and the
51  * list of groups of which the user is a member. This information is
52  * used when access is requested to an object by comparing this
53  * information with the DACL in the object's security descriptor.
54  *
55  * There should be one unique token per user per session per client.
56  *
57  * Access Token Flags
58  *
59  * SMB_ATF_GUEST	Token belongs to guest user
60  * SMB_ATF_ANON		Token belongs to anonymous user
61  * 			and it's only good for IPC Connection.
62  * SMB_ATF_POWERUSER	Token belongs to a Power User member
63  * SMB_ATF_BACKUPOP	Token belongs to a Power User member
64  * SMB_ATF_ADMIN	Token belongs to a Domain Admins member
65  */
66 #define	SMB_ATF_GUEST		0x00000001
67 #define	SMB_ATF_ANON		0x00000002
68 #define	SMB_ATF_POWERUSER	0x00000004
69 #define	SMB_ATF_BACKUPOP	0x00000008
70 #define	SMB_ATF_ADMIN		0x00000010
71 
72 #define	SMB_POSIX_GRPS_SIZE(n) \
73 	(sizeof (smb_posix_grps_t) + (n - 1) * sizeof (gid_t))
74 /*
75  * It consists of the primary and supplementary POSIX groups.
76  */
77 typedef struct smb_posix_grps {
78 	uint32_t	pg_ngrps;
79 	gid_t		pg_grps[ANY_SIZE_ARRAY];
80 } smb_posix_grps_t;
81 
82 typedef struct smb_token {
83 	smb_id_t	tkn_user;
84 	smb_id_t	tkn_owner;
85 	smb_id_t	tkn_primary_grp;
86 	smb_ids_t	tkn_win_grps;
87 	smb_privset_t	*tkn_privileges;
88 	char		*tkn_account_name;
89 	char		*tkn_domain_name;
90 	uint32_t	tkn_flags;
91 	uint32_t	tkn_audit_sid;
92 	smb_session_key_t *tkn_session_key;
93 	smb_posix_grps_t *tkn_posix_grps;
94 } smb_token_t;
95 
96 /* XDR routines */
97 extern bool_t xdr_netr_client_t();
98 extern bool_t xdr_smb_token_t();
99 
100 
101 #ifndef _KERNEL
102 smb_token_t *smb_logon(netr_client_t *clnt);
103 void smb_token_destroy(smb_token_t *token);
104 uint8_t *smb_token_mkselfrel(smb_token_t *obj, uint32_t *len);
105 netr_client_t *netr_client_mkabsolute(uint8_t *buf, uint32_t len);
106 void netr_client_xfree(netr_client_t *);
107 void smb_token_log(smb_token_t *token);
108 #else /* _KERNEL */
109 smb_token_t *smb_token_mkabsolute(uint8_t *buf, uint32_t len);
110 void smb_token_free(smb_token_t *token);
111 uint8_t *netr_client_mkselfrel(netr_client_t *obj, uint32_t *len);
112 #endif /* _KERNEL */
113 
114 int smb_token_query_privilege(smb_token_t *token, int priv_id);
115 
116 #ifdef __cplusplus
117 }
118 #endif
119 
120 
121 #endif /* _SMB_TOKEN_H */
122