xref: /titanic_41/usr/src/lib/smbsrv/libsmb/common/libsmb.h (revision 1ba18ff1efb9bb19540297cbee0a824685da1622)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef	_LIBSMB_H
27 #define	_LIBSMB_H
28 
29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
30 
31 #ifdef	__cplusplus
32 extern "C" {
33 #endif
34 
35 #include <sys/types.h>
36 #include <arpa/inet.h>
37 
38 #include <stdlib.h>
39 #include <libscf.h>
40 #include <libshare.h>
41 
42 #include <smbsrv/smb_idmap.h>
43 
44 /*
45  * XXX - These header files are here, only because other libraries
46  * can compile. Move the header files in to the internal header files
47  * of other libraries, once the restructure is complete. libsmb.h does not
48  * need these header files.
49  */
50 #include <smbsrv/lmshare.h>
51 #include <smbsrv/lmshare_door.h>
52 #include <smbsrv/ntstatus.h>
53 #include <smbsrv/smb_door_svc.h>
54 #include <smbsrv/alloc.h>
55 #include <smbsrv/codepage.h>
56 #include <smbsrv/crypt.h>
57 #include <smbsrv/ctype.h>
58 #include <smbsrv/hash_table.h>
59 #include <smbsrv/msgbuf.h>
60 #include <smbsrv/oem.h>
61 #include <smbsrv/string.h>
62 #include <smbsrv/smb_i18n.h>
63 #include <smbsrv/wintypes.h>
64 #include <smbsrv/smb_xdr.h>
65 #include <smbsrv/smbinfo.h>
66 /* End of header files to be removed. */
67 
68 /* Max value length of all SMB properties */
69 #define	MAX_VALUE_BUFLEN	512
70 #define	SMB_PI_MAX_DOMAIN_U	48
71 
72 #define	SMBD_FMRI_PREFIX		"network/smb/server"
73 #define	SMBD_DEFAULT_INSTANCE_FMRI	"svc:/network/smb/server:default"
74 #define	SMBD_PG_NAME			"smbd"
75 #define	SMBD_PROTECTED_PG_NAME		"read"
76 
77 #define	SMBD_SMF_OK		0
78 #define	SMBD_SMF_NO_MEMORY	1	/* no memory for data structures */
79 #define	SMBD_SMF_SYSTEM_ERR	2	/* system error, use errno */
80 #define	SMBD_SMF_NO_PERMISSION	3	/* no permission for operation */
81 
82 #define	SCH_STATE_UNINIT	0
83 #define	SCH_STATE_INITIALIZING	1
84 #define	SCH_STATE_INIT		2
85 
86 typedef struct smb_scfhandle {
87 	scf_handle_t		*scf_handle;
88 	int			scf_state;
89 	scf_service_t		*scf_service;
90 	scf_scope_t		*scf_scope;
91 	scf_transaction_t	*scf_trans;
92 	scf_transaction_entry_t	*scf_entry;
93 	scf_propertygroup_t	*scf_pg;
94 	scf_instance_t		*scf_instance;
95 	scf_iter_t		*scf_inst_iter;
96 	scf_iter_t		*scf_pg_iter;
97 } smb_scfhandle_t;
98 
99 /*
100  * CIFS Configuration Management
101  */
102 
103 /* macros for the description of all config params */
104 #define	SMB_CD_RDR_IPCMODE		"rdr_ipcmode"
105 #define	SMB_CD_RDR_IPCUSER 		"rdr_ipcuser"
106 #define	SMB_CD_RDR_IPCPWD		"rdr_ipcpasswd"
107 
108 #define	SMB_CD_OPLOCK_ENABLE		"oplock_enable"
109 #define	SMB_CD_OPLOCK_TIMEOUT		"oplock_timeout"
110 
111 #define	SMB_CD_AUTOHOME_MAP		"autohome_map"
112 
113 #define	SMB_CD_DOMAIN_SID		"domain_sid"
114 #define	SMB_CD_DOMAIN_MEMB		"domain_member"
115 #define	SMB_CD_DOMAIN_NAME		"domain_name"
116 #define	SMB_CD_DOMAIN_SRV		"pdc"
117 
118 #define	SMB_CD_WINS_SRV1		"wins_server_1"
119 #define	SMB_CD_WINS_SRV2		"wins_server_2"
120 #define	SMB_CD_WINS_EXCL		"wins_exclude"
121 
122 #define	SMB_CD_SRVSVC_SHRSET_ENABLE	"srvsvc_sharesetinfo_enable"
123 #define	SMB_CD_LOGR_ENABLE		"logr_enable"
124 #define	SMB_CD_MLRPC_KALIVE		"mlrpc_keep_alive_interval"
125 
126 #define	SMB_CD_MAX_BUFSIZE		"max_bufsize"
127 #define	SMB_CD_MAX_WORKERS		"max_workers"
128 #define	SMB_CD_MAX_CONNECTIONS		"max_connections"
129 #define	SMB_CD_KEEPALIVE		"keep_alive"
130 #define	SMB_CD_RESTRICT_ANON		"restrict_anonymous"
131 
132 #define	SMB_CD_SIGNING_ENABLE		"signing_enabled"
133 #define	SMB_CD_SIGNING_REQD		"signing_required"
134 #define	SMB_CD_SIGNING_CHECK		"signing_check"
135 
136 #define	SMB_CD_FLUSH_REQUIRED		"flush_required"
137 #define	SMB_CD_SYNC_ENABLE		"sync_enable"
138 #define	SMB_CD_DIRSYMLINK_DISABLE	"dir_symlink_disable"
139 #define	SMB_CD_ANNONCE_QUOTA		"announce_quota"
140 
141 #define	SMB_CD_SECURITY			"security"
142 #define	SMB_CD_NBSCOPE			"netbios_scope"
143 #define	SMB_CD_SYS_CMNT			"system_comment"
144 #define	SMB_CD_LM_LEVEL			"lmauth_level"
145 #define	SMB_CD_MSDCS_DISABLE		"msdcs_disable"
146 
147 #define	SMB_CD_ADS_ENABLE		"ads_enable"
148 #define	SMB_CD_ADS_USER			"ads_user"
149 #define	SMB_CD_ADS_PASSWD		"ads_passwd"
150 #define	SMB_CD_ADS_DOMAIN		"ads_domain"
151 #define	SMB_CD_ADS_USER_CONTAINER	"ads_user_container"
152 #define	SMB_CD_ADS_SITE			"ads_site"
153 #define	SMB_CD_ADS_IPLOOKUP		"ads_ip_lookup"
154 
155 #define	SMB_CD_DYNDNS_ENABLE		"ddns_enable"
156 #define	SMB_CD_DYNDNS_RETRY_COUNT	"ddns_retry_cnt"
157 #define	SMB_CD_DYNDNS_RETRY_SEC		"ddns_retry_sec"
158 
159 #define	SMB_CD_MACHINE_PASSWD		"machine_passwd"
160 
161 /* configuration identifier */
162 typedef enum {
163 	SMB_CI_RDR_IPCMODE = 0,
164 	SMB_CI_RDR_IPCUSER,
165 	SMB_CI_RDR_IPCPWD,
166 
167 	SMB_CI_OPLOCK_ENABLE,
168 	SMB_CI_OPLOCK_TIMEOUT,
169 
170 	SMB_CI_AUTOHOME_MAP,
171 
172 	SMB_CI_DOMAIN_SID,
173 	SMB_CI_DOMAIN_MEMB,
174 	SMB_CI_DOMAIN_NAME,
175 	SMB_CI_DOMAIN_SRV,
176 
177 	SMB_CI_WINS_SRV1,
178 	SMB_CI_WINS_SRV2,
179 	SMB_CI_WINS_EXCL,
180 
181 	SMB_CI_SRVSVC_SHRSET_ENABLE,
182 	SMB_CI_LOGR_ENABLE,
183 	SMB_CI_MLRPC_KALIVE,
184 
185 	SMB_CI_MAX_BUFSIZE,
186 	SMB_CI_MAX_WORKERS,
187 	SMB_CI_MAX_CONNECTIONS,
188 	SMB_CI_KEEPALIVE,
189 	SMB_CI_RESTRICT_ANON,
190 
191 	SMB_CI_SIGNING_ENABLE,
192 	SMB_CI_SIGNING_REQD,
193 	SMB_CI_SIGNING_CHECK,
194 
195 	SMB_CI_FLUSH_REQUIRED,
196 	SMB_CI_SYNC_ENABLE,
197 	SMB_CI_DIRSYMLINK_DISABLE,
198 	SMB_CI_ANNONCE_QUOTA,
199 
200 	SMB_CI_SECURITY,
201 	SMB_CI_NBSCOPE,
202 	SMB_CI_SYS_CMNT,
203 	SMB_CI_LM_LEVEL,
204 	SMB_CI_MSDCS_DISABLE,
205 
206 	SMB_CI_ADS_ENABLE,
207 	SMB_CI_ADS_USER,
208 	SMB_CI_ADS_PASSWD,
209 	SMB_CI_ADS_DOMAIN,
210 	SMB_CI_ADS_USER_CONTAINER,
211 	SMB_CI_ADS_SITE,
212 	SMB_CI_ADS_IPLOOKUP,
213 
214 	SMB_CI_DYNDNS_ENABLE,
215 	SMB_CI_DYNDNS_RETRY_COUNT,
216 	SMB_CI_DYNDNS_RETRY_SEC,
217 
218 	SMB_CI_MACHINE_PASSWD,
219 	SMB_CI_MAX
220 } smb_cfg_id_t;
221 
222 /* SMF helper functions */
223 extern smb_scfhandle_t *smb_smf_scf_init(char *);
224 extern void smb_smf_scf_fini(smb_scfhandle_t *);
225 extern int smb_smf_start_transaction(smb_scfhandle_t *);
226 extern int smb_smf_end_transaction(smb_scfhandle_t *);
227 extern int smb_smf_set_string_property(smb_scfhandle_t *, char *, char *);
228 extern int smb_smf_get_string_property(smb_scfhandle_t *, char *,
229     char *, size_t);
230 extern int smb_smf_set_integer_property(smb_scfhandle_t *, char *, int64_t);
231 extern int smb_smf_get_integer_property(smb_scfhandle_t *, char *, int64_t *);
232 extern int smb_smf_set_boolean_property(smb_scfhandle_t *, char *, uint8_t);
233 extern int smb_smf_get_boolean_property(smb_scfhandle_t *, char *, uint8_t *);
234 extern int smb_smf_set_opaque_property(smb_scfhandle_t *, char *,
235     void *, size_t);
236 extern int smb_smf_get_opaque_property(smb_scfhandle_t *, char *,
237     void *, size_t);
238 extern int smb_smf_create_service_pgroup(smb_scfhandle_t *, char *);
239 extern int smb_smf_delete_service_pgroup(smb_scfhandle_t *, char *);
240 extern int smb_smf_create_instance_pgroup(smb_scfhandle_t *, char *);
241 extern int smb_smf_delete_instance_pgroup(smb_scfhandle_t *, char *);
242 extern int smb_smf_delete_property(smb_scfhandle_t *, char *);
243 extern int smb_smf_instance_exists(smb_scfhandle_t *, char *);
244 extern int smb_smf_instance_create(smb_scfhandle_t *, char *, char *);
245 extern int smb_smf_instance_delete(smb_scfhandle_t *, char *);
246 extern smb_scfhandle_t *smb_smf_get_iterator(char *);
247 extern int smb_smf_get_property(smb_scfhandle_t *, int, char *, char *,
248     size_t);
249 extern int smb_smf_set_property(smb_scfhandle_t *, int, char *, char *);
250 
251 /* Configuration management functions  */
252 extern int smb_config_load(void);
253 extern void smb_config_rdlock(void);
254 extern void smb_config_wrlock(void);
255 extern void smb_config_unlock(void);
256 extern char *smb_config_get(smb_cfg_id_t);
257 extern char *smb_config_getstr(smb_cfg_id_t);
258 extern int smb_config_getyorn(smb_cfg_id_t);
259 extern uint32_t smb_config_getnum(smb_cfg_id_t);
260 
261 /*
262  * smb_config_getenv
263  *
264  * Retrieves the property value from SMF.
265  * Caller must free the returned buffer.
266  *
267  */
268 extern char *smb_config_getenv(smb_cfg_id_t id);
269 
270 extern int smb_config_set(smb_cfg_id_t, char *);
271 extern int smb_config_setnum(smb_cfg_id_t, uint32_t);
272 extern uint8_t smb_config_get_fg_flag(void);
273 extern int smb_config_setenv(smb_cfg_id_t id, char *);
274 extern char *smb_config_get_localsid(void);
275 extern int smb_config_secmode_fromstr(char *secmode);
276 extern char *smb_config_secmode_tostr(int secmode);
277 extern int smb_config_get_secmode(void);
278 extern int smb_config_set_secmode(int secmode);
279 extern int smb_config_set_idmap_domain(char *value);
280 extern int smb_config_set_idmap_gc(char *value);
281 extern int smb_config_refresh_idmap(void);
282 
283 /* smb_door_client.c */
284 typedef struct smb_joininfo {
285 	char domain_name[SMB_PI_MAX_DOMAIN];
286 	char domain_username[BUF_LEN + 1];
287 	char domain_passwd[BUF_LEN + 1];
288 	uint32_t mode;
289 } smb_joininfo_t;
290 
291 /* APIs to communicate with SMB daemon via door calls */
292 extern int smbd_set_param(smb_cfg_id_t, char *);
293 extern int smbd_get_param(smb_cfg_id_t, char *);
294 extern int smbd_get_security_mode(int *);
295 extern int smbd_netbios_reconfig(void);
296 extern uint32_t smb_join(smb_joininfo_t *info);
297 
298 
299 #define	SMB_DOMAIN_NOMACHINE_SID	-1
300 #define	SMB_DOMAIN_NODOMAIN_SID		-2
301 
302 extern int nt_domain_init(char *resource_domain, uint32_t secmode);
303 
304 /* Following set of functions, manipulate WINS server configuration */
305 extern int smb_wins_allow_list(char *config_list, char *allow_list);
306 extern int smb_wins_exclude_list(char *config_list, char *exclude_list);
307 extern boolean_t smb_wins_is_excluded(in_addr_t ipaddr,
308     unsigned long *exclude_list, int nexclude);
309 extern void smb_wins_build_list(char *buf, uint32_t iplist[], int max_naddr);
310 extern int smb_wins_iplist(char *list, uint32_t iplist[], int max_naddr);
311 
312 /*
313  * Information on a particular domain: the domain name, the
314  * name of a controller (PDC or BDC) and it's ip address.
315  */
316 typedef struct smb_ntdomain {
317 	char domain[SMB_PI_MAX_DOMAIN_U];
318 	char server[SMB_PI_MAX_DOMAIN_U];
319 	uint32_t ipaddr;
320 } smb_ntdomain_t;
321 
322 /* SMB domain information management functions */
323 extern void smb_purge_domain_info(void);
324 extern int smb_is_domain_member(void);
325 extern uint8_t smb_get_fg_flag(void);
326 extern void smb_set_domain_member(int set);
327 extern smb_ntdomain_t *smb_getdomaininfo(uint32_t timeout);
328 extern void smb_setdomaininfo(char *domain, char *server, uint32_t ipaddr);
329 extern void smb_logdomaininfo(smb_ntdomain_t *di);
330 extern uint32_t smb_get_security_mode(void);
331 
332 extern int nt_priv_presentable_num(void);
333 
334 /*
335  * Following set of function, handle calls to SMB Kernel driver, via
336  * Kernel doors interface.
337  */
338 extern uint64_t smb_dwncall_user_num(void);
339 extern int smb_dwncall_share(int, char *, char *);
340 
341 /*
342  * buffer context structure. This is used to keep track of the buffer
343  * context.
344  *
345  * basep:  points to the beginning of the buffer
346  * curp:   points to the current offset
347  * endp:   points to the limit of the buffer
348  */
349 typedef struct {
350 	unsigned char *basep;
351 	unsigned char *curp;
352 	unsigned char *endp;
353 } smb_ctxbuf_t;
354 
355 extern int smb_ctxbuf_init(smb_ctxbuf_t *ctx, unsigned char *buf,
356     size_t buflen);
357 extern int smb_ctxbuf_len(smb_ctxbuf_t *ctx);
358 extern int smb_ctxbuf_printf(smb_ctxbuf_t *ctx, const char *fmt, ...);
359 
360 /* Functions to handle SMB daemon communications with idmap service */
361 extern int smb_idmap_start(void);
362 extern void smb_idmap_stop(void);
363 extern int smb_idmap_restart(void);
364 
365 /* Miscellaneous functions */
366 extern void hexdump(unsigned char *, int);
367 extern size_t bintohex(const char *, size_t, char *, size_t);
368 extern size_t hextobin(const char *, size_t, char *, size_t);
369 extern char *trim_whitespace(char *buf);
370 extern void randomize(char *, unsigned);
371 extern void rand_hash(unsigned char *, size_t, unsigned char *, size_t);
372 
373 extern int smb_getdomainname(char *, size_t);
374 extern int smb_getfqhostname(char *, size_t);
375 extern int smb_gethostname(char *, size_t, int);
376 extern int smb_getnetbiosname(char *, size_t);
377 
378 void smb_trace(const char *s);
379 void smb_tracef(const char *fmt, ...);
380 
381 /*
382  * Authentication
383  */
384 
385 #define	SMBAUTH_LM_MAGIC_STR	"KGS!@#$%"
386 
387 #define	SMBAUTH_HASH_SZ		16	/* also LM/NTLM/NTLMv2 Hash size */
388 #define	SMBAUTH_LM_RESP_SZ	24	/* also NTLM Response size */
389 #define	SMBAUTH_LM_PWD_SZ	14	/* LM password size */
390 #define	SMBAUTH_V2_CLNT_CHALLENGE_SZ 8	/* both LMv2 and NTLMv2 */
391 #define	SMBAUTH_SESSION_KEY_SZ	SMBAUTH_HASH_SZ
392 #define	SMBAUTH_HEXHASH_SZ	(SMBAUTH_HASH_SZ * 2)
393 
394 #define	SMBAUTH_FAILURE		1
395 #define	SMBAUTH_SUCCESS		0
396 #define	MD_DIGEST_LEN		16
397 
398 /*
399  * Name Types
400  *
401  * The list of names near the end of the data blob (i.e. the ndb_names
402  * field of the smb_auth_data_blob_t data structure) can be classify into
403  * the following types:
404  *
405  * 0x0000 Indicates the end of the list.
406  * 0x0001 The name is a NetBIOS machine name (e.g. server name)
407  * 0x0002 The name is an NT Domain NetBIOS name.
408  * 0x0003 The name is the server's DNS hostname.
409  * 0x0004 The name is a W2K Domain name (a DNS name).
410  */
411 #define	SMBAUTH_NAME_TYPE_LIST_END		0x0000
412 #define	SMBAUTH_NAME_TYPE_SERVER_NETBIOS 	0x0001
413 #define	SMBAUTH_NAME_TYPE_DOMAIN_NETBIOS 	0x0002
414 #define	SMBAUTH_NAME_TYPE_SERVER_DNS		0x0003
415 #define	SMBAUTH_NAME_TYPE_DOMAIN_DNS 		0x0004
416 
417 /*
418  * smb_auth_name_entry_t
419  *
420  * Each name entry in the data blob consists of the following 3 fields:
421  *
422  * nne_type - name type
423  * nne_len  - the length of the name
424  * nne_name - the name, in uppercase UCS-2LE Unicode format
425  */
426 typedef struct smb_auth_name_entry {
427 	unsigned short nne_type;
428 	unsigned short nne_len;
429 	mts_wchar_t nne_name[SMB_PI_MAX_DOMAIN * 2];
430 } smb_auth_name_entry_t;
431 
432 /*
433  * smb_auth_data_blob
434  *
435  * The format of this NTLMv2 data blob structure is as follow:
436  *
437  *	- Blob Signature 0x01010000 (4 bytes)
438  * - Reserved (0x00000000) (4 bytes)
439  * - Timestamp Little-endian, 64-bit signed value representing
440  *   the number of tenths of a microsecond since January 1, 1601.
441  *   (8 bytes)
442  * - Client Challenge (8 bytes)
443  * - Unknown1 (4 bytes)
444  * - List of Target Information (variable length)
445  * - Unknown2 (4 bytes)
446  */
447 typedef struct smb_auth_data_blob {
448 	unsigned char ndb_signature[4];
449 	unsigned char ndb_reserved[4];
450 	uint64_t ndb_timestamp;
451 	unsigned char ndb_clnt_challenge[SMBAUTH_V2_CLNT_CHALLENGE_SZ];
452 	unsigned char ndb_unknown[4];
453 	smb_auth_name_entry_t ndb_names[2];
454 	unsigned char ndb_unknown2[4];
455 } smb_auth_data_blob_t;
456 
457 #define	SMBAUTH_BLOB_MAXLEN (sizeof (smb_auth_data_blob_t))
458 #define	SMBAUTH_CI_MAXLEN   SMBAUTH_LM_RESP_SZ
459 #define	SMBAUTH_CS_MAXLEN   (SMBAUTH_BLOB_MAXLEN + SMBAUTH_HASH_SZ)
460 
461 /*
462  * smb_auth_info_t
463  *
464  * The structure contains all the authentication information
465  * needed for the preparaton of the SMBSessionSetupAndx request
466  * and the user session key.
467  *
468  * hash      - NTLM hash
469  * hash_v2   - NTLMv2 hash
470  * ci_len    - the length of the case-insensitive password
471  * ci        - case-insensitive password
472  *             (If NTLMv2 authentication mechanism is used, it
473  *              represents the LMv2 response. Otherwise, it
474  *              is empty.)
475  * cs_len    - the length of the case-sensitive password
476  * cs        - case-sensitive password
477  *             (If NTLMv2 authentication mechanism is used, it
478  *              represents the NTLMv2 response. Otherwise, it
479  *              represents the NTLM response.)
480  * data_blob - NTLMv2 data blob
481  */
482 typedef struct smb_auth_info {
483 	unsigned char hash[SMBAUTH_HASH_SZ];
484 	unsigned char hash_v2[SMBAUTH_HASH_SZ];
485 	unsigned short ci_len;
486 	unsigned char ci[SMBAUTH_CI_MAXLEN];
487 	unsigned short cs_len;
488 	unsigned char cs[SMBAUTH_CS_MAXLEN];
489 	int lmcompatibility_lvl;
490 	smb_auth_data_blob_t data_blob;
491 } smb_auth_info_t;
492 
493 extern int smb_getdomainname(char *, size_t);
494 extern int smb_getfqhostname(char *, size_t);
495 extern int smb_gethostname(char *, size_t, int);
496 extern int smb_getnetbiosname(char *, size_t);
497 
498 void smb_trace(const char *s);
499 void smb_tracef(const char *fmt, ...);
500 
501 /*
502  * SMB password management
503  */
504 
505 #define	SMB_PWF_LM	0x01	/* LM hash is present */
506 #define	SMB_PWF_NT	0x02	/* NT hash is present */
507 #define	SMB_PWF_DISABLE	0x04	/* Account is disabled */
508 
509 typedef struct smb_passwd {
510 	uid_t pw_uid;
511 	uint32_t pw_flags;
512 	unsigned char pw_lmhash[SMBAUTH_HASH_SZ];
513 	unsigned char pw_nthash[SMBAUTH_HASH_SZ];
514 } smb_passwd_t;
515 
516 /*
517  * Control flags passed to smb_pwd_setcntl
518  */
519 #define	SMB_PWC_DISABLE	0x01
520 #define	SMB_PWC_ENABLE	0x02
521 #define	SMB_PWC_NOLM	0x04
522 
523 #define	SMB_PWE_SUCCESS		0
524 #define	SMB_PWE_USER_UNKNOWN	1
525 #define	SMB_PWE_USER_DISABLE	2
526 #define	SMB_PWE_CLOSE_FAILED	3
527 #define	SMB_PWE_OPEN_FAILED	4
528 #define	SMB_PWE_WRITE_FAILED	6
529 #define	SMB_PWE_UPDATE_FAILED	7
530 #define	SMB_PWE_STAT_FAILED	8
531 #define	SMB_PWE_BUSY		9
532 #define	SMB_PWE_DENIED		10
533 #define	SMB_PWE_SYSTEM_ERROR	11
534 #define	SMB_PWE_MAX		12
535 
536 extern smb_passwd_t *smb_pwd_getpasswd(const char *, smb_passwd_t *);
537 extern int smb_pwd_setpasswd(const char *, const char *);
538 extern int smb_pwd_setcntl(const char *, int);
539 
540 extern int smb_auth_qnd_unicode(mts_wchar_t *dst, char *src, int length);
541 extern int smb_auth_hmac_md5(unsigned char *data, int data_len,
542     unsigned char *key, int key_len, unsigned char *digest);
543 
544 /*
545  * A variation on HMAC-MD5 known as HMACT64 is used by Windows systems.
546  * The HMACT64() function is the same as the HMAC-MD5() except that
547  * it truncates the input key to 64 bytes rather than hashing it down
548  * to 16 bytes using the MD5() function.
549  */
550 #define	SMBAUTH_HMACT64(D, Ds, K, Ks, digest) \
551 	smb_auth_hmac_md5(D, Ds, K, (Ks > 64) ? 64 : Ks, digest)
552 
553 extern int smb_auth_DES(unsigned char *, int, unsigned char *, int,
554     unsigned char *, int);
555 
556 extern int smb_auth_md4(unsigned char *, unsigned char *, int);
557 extern int smb_auth_lm_hash(char *, unsigned char *);
558 extern int smb_auth_ntlm_hash(char *, unsigned char *);
559 
560 extern int smb_auth_set_info(char *, char *,
561     unsigned char *, char *, unsigned char *,
562     int, int, smb_auth_info_t *);
563 
564 extern int smb_auth_gen_session_key(smb_auth_info_t *, unsigned char *);
565 
566 boolean_t smb_auth_validate_lm(unsigned char *, uint32_t, smb_passwd_t *,
567     unsigned char *, int, char *);
568 boolean_t smb_auth_validate_nt(unsigned char *, uint32_t, smb_passwd_t *,
569     unsigned char *, int, char *);
570 
571 /*
572  * SMB MAC Signing
573  */
574 
575 #define	SMB_MAC_KEY_SZ	(SMBAUTH_SESSION_KEY_SZ + SMBAUTH_CS_MAXLEN)
576 #define	SMB_SIG_OFFS	14	/* signature field offset within header */
577 #define	SMB_SIG_SIZE	8	/* SMB signature size */
578 
579 /*
580  * Signing flags:
581  *
582  * SMB_SCF_ENABLE                 Signing is enabled.
583  *
584  * SMB_SCF_REQUIRED               Signing is enabled and required.
585  *                                This flag shouldn't be set if
586  *                                SMB_SCF_ENABLE isn't set.
587  *
588  * SMB_SCF_STARTED                Signing will start after receiving
589  *                                the first non-anonymous SessionSetup
590  *                                request.
591  *
592  * SMB_SCF_KEY_ISSET_THIS_LOGON   Indicates whether the MAC key has just
593  *                                been set for this logon. (prior to
594  *                                sending the SMBSessionSetup request)
595  *
596  */
597 #define	SMB_SCF_ENABLE		0x01
598 #define	SMB_SCF_REQUIRED	0x02
599 #define	SMB_SCF_STARTED		0x04
600 #define	SMB_SCF_KEY_ISSET_THIS_LOGON	0x08
601 
602 /*
603  * smb_sign_ctx
604  *
605  * SMB signing context.
606  *
607  *	ssc_seqnum				sequence number
608  *	ssc_keylen				mac key length
609  *	ssc_mid					multiplex id - reserved
610  *	ssc_flags				flags
611  *	ssc_mackey				mac key
612  *	ssc_sign				mac signature
613  *
614  */
615 typedef struct smb_sign_ctx {
616 	unsigned int ssc_seqnum;
617 	unsigned short ssc_keylen;
618 	unsigned short ssc_mid;
619 	unsigned int ssc_flags;
620 	unsigned char ssc_mackey[SMB_MAC_KEY_SZ];
621 	unsigned char ssc_sign[SMB_SIG_SIZE];
622 } smb_sign_ctx_t;
623 
624 extern int smb_mac_init(smb_sign_ctx_t *sign_ctx, smb_auth_info_t *auth);
625 extern int smb_mac_calc(smb_sign_ctx_t *sign_ctx,
626     const unsigned char *buf, size_t buf_len, unsigned char *mac_sign);
627 extern int smb_mac_chk(smb_sign_ctx_t *sign_ctx,
628     const unsigned char *buf, size_t buf_len);
629 extern int smb_mac_sign(smb_sign_ctx_t *sign_ctx,
630     unsigned char *buf, size_t buf_len);
631 extern void smb_mac_inc_seqnum(smb_sign_ctx_t *sign_ctx);
632 extern void smb_mac_dec_seqnum(smb_sign_ctx_t *sign_ctx);
633 
634 /*
635  * Each domain is categorized using the enum values below.
636  * The local domain refers to the local machine and is named
637  * after the local hostname. The primary domain is the domain
638  * that the system joined. All other domains are either
639  * trusted or untrusted, as defined by the primary domain PDC.
640  *
641  * This enum must be kept in step with the table of strings
642  * in ntdomain.c.
643  */
644 typedef enum nt_domain_type {
645 	NT_DOMAIN_NULL,
646 	NT_DOMAIN_BUILTIN,
647 	NT_DOMAIN_LOCAL,
648 	NT_DOMAIN_PRIMARY,
649 	NT_DOMAIN_ACCOUNT,
650 	NT_DOMAIN_TRUSTED,
651 	NT_DOMAIN_UNTRUSTED,
652 	NT_DOMAIN_NUM_TYPES
653 } nt_domain_type_t;
654 
655 
656 /*
657  * This is the information that is held about each domain. The database
658  * is a linked list that is threaded through the domain structures. As
659  * the number of domains in the database should be small (32 max), this
660  * should be sufficient.
661  */
662 typedef struct nt_domain {
663 	struct nt_domain *next;
664 	nt_domain_type_t type;
665 	char *name;
666 	nt_sid_t *sid;
667 } nt_domain_t;
668 
669 nt_domain_t *nt_domain_new(nt_domain_type_t type, char *name, nt_sid_t *sid);
670 void nt_domain_delete(nt_domain_t *domain);
671 nt_domain_t *nt_domain_add(nt_domain_t *new_domain);
672 void nt_domain_remove(nt_domain_t *domain);
673 void nt_domain_flush(nt_domain_type_t domain_type);
674 void nt_domain_sync(void);
675 char *nt_domain_xlat_type(nt_domain_type_t domain_type);
676 nt_domain_type_t nt_domain_xlat_type_name(char *type_name);
677 nt_domain_t *nt_domain_lookup_name(char *domain_name);
678 nt_domain_t *nt_domain_lookup_sid(nt_sid_t *domain_sid);
679 nt_domain_t *nt_domain_lookupbytype(nt_domain_type_t type);
680 nt_sid_t *nt_domain_local_sid(void);
681 
682 #define	SMB_GROUP_PER_LIST	5
683 
684 /*
685  * This structure takes different args passed from the client/server routines
686  * of the SMB local group door service. Extend this structure if a new type
687  * client paramater needs to be passed.
688  */
689 typedef struct ntgrp_dr_arg {
690 	char *gname;
691 	char *desc;
692 	char *member;
693 	char *newgname;
694 	uint32_t privid;
695 	uint32_t priv_attr;
696 	int offset;
697 	char *scope;
698 	int type;
699 	int count;
700 	uint32_t ntstatus;
701 } ntgrp_dr_arg_t;
702 
703 typedef struct ntgrp {
704 	DWORD rid;	/* Rid of the group */
705 	char *name;	/* Name of the group */
706 	char *desc;	/* Desc of gruup */
707 	char *type;	/* sid_name_use */
708 	char *sid;	/* Sid */
709 	DWORD attr;	/* Attribute */
710 } ntgrp_t;
711 
712 typedef struct ntgrp_list {
713 	int cnt;
714 	ntgrp_t groups[SMB_GROUP_PER_LIST];
715 } ntgrp_list_t;
716 
717 typedef char *members_list;
718 typedef struct ntgrp_member_list {
719 	DWORD rid;	/* Rid of the group in which members belong */
720 	int cnt;	/* members */
721 	members_list members[SMB_GROUP_PER_LIST];
722 } ntgrp_member_list_t;
723 
724 typedef struct ntpriv {
725 	DWORD id;		/* Id of priv */
726 	char *name;	/* Name of priv */
727 } ntpriv_t;
728 typedef ntpriv_t *privs_t;
729 
730 typedef struct ntpriv_list {
731 	int cnt;		/* Number of privs */
732 	privs_t	privs[ANY_SIZE_ARRAY];	/* privs only presentable ones */
733 } ntpriv_list_t;
734 
735 
736 /* the xdr functions */
737 extern bool_t xdr_ntgrp_dr_arg_t(XDR *, ntgrp_dr_arg_t *);
738 extern bool_t xdr_ntgrp_t(XDR *, ntgrp_t *);
739 extern bool_t xdr_ntgrp_list_t(XDR *, ntgrp_list_t *);
740 extern bool_t xdr_members_list(XDR *, members_list *);
741 extern bool_t xdr_ntgrp_member_list_t(XDR *, ntgrp_member_list_t *);
742 extern bool_t xdr_ntpriv_t(XDR *, ntpriv_t *);
743 extern bool_t xdr_privs_t(XDR *, privs_t *);
744 extern bool_t xdr_ntpriv_list_t(XDR *, ntpriv_list_t *);
745 
746 extern void smb_group_free_memberlist(ntgrp_member_list_t *, int);
747 extern void smb_group_free_list(ntgrp_list_t *, int);
748 extern void smb_group_free_privlist(ntpriv_list_t *, int);
749 
750 extern uint32_t smb_group_add(char *, char *);
751 extern uint32_t smb_group_modify(char *, char *, char *);
752 extern uint32_t smb_group_delete(char *);
753 extern uint32_t smb_group_member_remove(char *, char *);
754 extern uint32_t smb_group_member_add(char *, char *);
755 extern uint32_t smb_group_priv_num(int *);
756 extern uint32_t smb_group_priv_list(ntpriv_list_t **);
757 extern uint32_t smb_group_priv_get(char *, uint32_t, uint32_t *);
758 extern uint32_t smb_group_priv_set(char *, uint32_t, uint32_t);
759 extern uint32_t smb_group_count(int *);
760 extern uint32_t smb_group_list(int, ntgrp_list_t **, char *, int);
761 extern uint32_t smb_group_member_count(char *, int *);
762 extern uint32_t smb_group_member_list(char *, int, ntgrp_member_list_t **);
763 
764 extern char *smb_dr_encode_grp_privlist(uint32_t, ntpriv_list_t *, size_t *);
765 extern ntpriv_list_t *smb_dr_decode_grp_privlist(char *, size_t);
766 
767 extern char *smb_dr_encode_grp_list(uint32_t, ntgrp_list_t *, size_t *);
768 extern ntgrp_list_t *smb_dr_decode_grp_list(char *, size_t);
769 
770 extern char *smb_dr_encode_grp_memberlist(uint32_t, ntgrp_member_list_t *,
771     size_t *);
772 extern ntgrp_member_list_t *smb_dr_decode_grp_memberlist(char *buf, size_t len);
773 
774 #ifdef	__cplusplus
775 }
776 #endif
777 
778 #endif	/* _LIBSMB_H */
779