1da6c28aaSamw /* 2da6c28aaSamw * CDDL HEADER START 3da6c28aaSamw * 4da6c28aaSamw * The contents of this file are subject to the terms of the 5da6c28aaSamw * Common Development and Distribution License (the "License"). 6da6c28aaSamw * You may not use this file except in compliance with the License. 7da6c28aaSamw * 8da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9da6c28aaSamw * or http://www.opensolaris.org/os/licensing. 10da6c28aaSamw * See the License for the specific language governing permissions 11da6c28aaSamw * and limitations under the License. 12da6c28aaSamw * 13da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each 14da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the 16da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying 17da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner] 18da6c28aaSamw * 19da6c28aaSamw * CDDL HEADER END 20da6c28aaSamw */ 21da6c28aaSamw /* 229fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23da6c28aaSamw * Use is subject to license terms. 24*b819cea2SGordon Ross * 25*b819cea2SGordon Ross * Copyright 2013 Nexenta Systems, Inc. All rights reserved. 26da6c28aaSamw */ 27da6c28aaSamw 28da6c28aaSamw #ifndef _SMB_TOKEN_H 29da6c28aaSamw #define _SMB_TOKEN_H 30da6c28aaSamw 31da6c28aaSamw #include <smbsrv/netrauth.h> 32da6c28aaSamw #include <smbsrv/smb_privilege.h> 336537f381Sas200622 #include <smbsrv/smb_sid.h> 34da6c28aaSamw 35da6c28aaSamw #ifdef __cplusplus 36da6c28aaSamw extern "C" { 37da6c28aaSamw #endif 38da6c28aaSamw 39da6c28aaSamw /* 40da6c28aaSamw * User Session Key 41da6c28aaSamw * 42da6c28aaSamw * This is part of the MAC key which is required for signing SMB messages. 43da6c28aaSamw */ 44da6c28aaSamw typedef struct smb_session_key { 45da6c28aaSamw uint8_t data[16]; 46da6c28aaSamw } smb_session_key_t; 47da6c28aaSamw 48*b819cea2SGordon Ross /* 32-bit opaque buffer (non-null terminated strings) */ 49*b819cea2SGordon Ross typedef struct smb_buf32 { 50*b819cea2SGordon Ross uint32_t len; 51*b819cea2SGordon Ross uint8_t *val; 52*b819cea2SGordon Ross } smb_buf32_t; 53*b819cea2SGordon Ross 54da6c28aaSamw /* 55da6c28aaSamw * Access Token 56da6c28aaSamw * 57da6c28aaSamw * An access token identifies a user, the user's privileges and the 58da6c28aaSamw * list of groups of which the user is a member. This information is 59da6c28aaSamw * used when access is requested to an object by comparing this 60da6c28aaSamw * information with the DACL in the object's security descriptor. 61da6c28aaSamw * 627f667e74Sjose borrego * There should be one unique token per user per session per client. 637f667e74Sjose borrego * 64da6c28aaSamw * Access Token Flags 65da6c28aaSamw * 66da6c28aaSamw * SMB_ATF_GUEST Token belongs to guest user 67da6c28aaSamw * SMB_ATF_ANON Token belongs to anonymous user 68da6c28aaSamw * and it's only good for IPC Connection. 69da6c28aaSamw * SMB_ATF_POWERUSER Token belongs to a Power User member 70da6c28aaSamw * SMB_ATF_BACKUPOP Token belongs to a Power User member 71da6c28aaSamw * SMB_ATF_ADMIN Token belongs to a Domain Admins member 72da6c28aaSamw */ 73da6c28aaSamw #define SMB_ATF_GUEST 0x00000001 74da6c28aaSamw #define SMB_ATF_ANON 0x00000002 75da6c28aaSamw #define SMB_ATF_POWERUSER 0x00000004 76da6c28aaSamw #define SMB_ATF_BACKUPOP 0x00000008 77da6c28aaSamw #define SMB_ATF_ADMIN 0x00000010 78da6c28aaSamw 79da6c28aaSamw #define SMB_POSIX_GRPS_SIZE(n) \ 80da6c28aaSamw (sizeof (smb_posix_grps_t) + (n - 1) * sizeof (gid_t)) 81da6c28aaSamw /* 82da6c28aaSamw * It consists of the primary and supplementary POSIX groups. 83da6c28aaSamw */ 84da6c28aaSamw typedef struct smb_posix_grps { 85da6c28aaSamw uint32_t pg_ngrps; 86da6c28aaSamw gid_t pg_grps[ANY_SIZE_ARRAY]; 87da6c28aaSamw } smb_posix_grps_t; 88da6c28aaSamw 89da6c28aaSamw typedef struct smb_token { 907f667e74Sjose borrego smb_id_t tkn_user; 917f667e74Sjose borrego smb_id_t tkn_owner; 927f667e74Sjose borrego smb_id_t tkn_primary_grp; 937f667e74Sjose borrego smb_ids_t tkn_win_grps; 94da6c28aaSamw smb_privset_t *tkn_privileges; 95da6c28aaSamw char *tkn_account_name; 96da6c28aaSamw char *tkn_domain_name; 97da6c28aaSamw uint32_t tkn_flags; 98da6c28aaSamw uint32_t tkn_audit_sid; 99da6c28aaSamw smb_session_key_t *tkn_session_key; 100da6c28aaSamw smb_posix_grps_t *tkn_posix_grps; 101da6c28aaSamw } smb_token_t; 102da6c28aaSamw 1039fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States /* 1049fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * Details required to authenticate a user. 1059fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States */ 1069fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States typedef struct smb_logon { 1079fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States uint16_t lg_level; 1089fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States char *lg_username; /* requested username */ 1099fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States char *lg_domain; /* requested domain */ 1109fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States char *lg_e_username; /* effective username */ 1119fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States char *lg_e_domain; /* effective domain */ 1129fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States char *lg_workstation; 1139fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_inaddr_t lg_clnt_ipaddr; 1149fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_inaddr_t lg_local_ipaddr; 1159fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States uint16_t lg_local_port; 1169fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_buf32_t lg_challenge_key; 1179fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_buf32_t lg_nt_password; 1189fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_buf32_t lg_lm_password; 1199fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States int lg_native_os; 1209fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States int lg_native_lm; 1219fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States uint32_t lg_flags; 1229fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States uint32_t lg_logon_id; /* filled in user space */ 1239fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States uint32_t lg_domain_type; /* filled in user space */ 1249fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States uint32_t lg_secmode; /* filled in user space */ 1259fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States uint32_t lg_status; /* filled in user space */ 1269fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States } smb_logon_t; 127da6c28aaSamw 128*b819cea2SGordon Ross int smb_logon_xdr(); 129*b819cea2SGordon Ross int smb_token_xdr(); 130da6c28aaSamw 131*b819cea2SGordon Ross #if defined(_KERNEL) || defined(_FAKE_KERNEL) 132*b819cea2SGordon Ross void smb_token_free(smb_token_t *); 133*b819cea2SGordon Ross #else /* _KERNEL */ 1349fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_token_t *smb_logon(smb_logon_t *); 1359fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States void smb_logon_abort(void); 1369fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States void smb_token_destroy(smb_token_t *); 1379fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States uint8_t *smb_token_encode(smb_token_t *, uint32_t *); 1389fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States void smb_token_log(smb_token_t *); 1399fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_logon_t *smb_logon_decode(uint8_t *, uint32_t); 1409fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States void smb_logon_free(smb_logon_t *); 141da6c28aaSamw #endif /* _KERNEL */ 142da6c28aaSamw 143da6c28aaSamw int smb_token_query_privilege(smb_token_t *token, int priv_id); 1449fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States boolean_t smb_token_valid(smb_token_t *); 145da6c28aaSamw 146da6c28aaSamw #ifdef __cplusplus 147da6c28aaSamw } 148da6c28aaSamw #endif 149da6c28aaSamw 150da6c28aaSamw #endif /* _SMB_TOKEN_H */ 151