xref: /titanic_50/usr/src/lib/smbsrv/libsmb/common/libsmb.h (revision 8700009e2cc8cb186241e1fdd74973da1121ee4c)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef	_LIBSMB_H
27 #define	_LIBSMB_H
28 
29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
30 
31 #ifdef	__cplusplus
32 extern "C" {
33 #endif
34 
35 #include <sys/types.h>
36 #include <arpa/inet.h>
37 
38 #include <stdlib.h>
39 #include <libscf.h>
40 #include <libshare.h>
41 
42 #include <smbsrv/smb_idmap.h>
43 
44 /*
45  * XXX - These header files are here, only because other libraries
46  * can compile. Move the header files in to the internal header files
47  * of other libraries, once the restructure is complete. libsmb.h does not
48  * need these header files.
49  */
50 #include <smbsrv/lmshare.h>
51 #include <smbsrv/lmshare_door.h>
52 #include <smbsrv/ntstatus.h>
53 #include <smbsrv/smb_door_svc.h>
54 #include <smbsrv/alloc.h>
55 #include <smbsrv/codepage.h>
56 #include <smbsrv/crypt.h>
57 #include <smbsrv/ctype.h>
58 #include <smbsrv/hash_table.h>
59 #include <smbsrv/msgbuf.h>
60 #include <smbsrv/oem.h>
61 #include <smbsrv/string.h>
62 #include <smbsrv/smb_i18n.h>
63 #include <smbsrv/wintypes.h>
64 #include <smbsrv/smb_xdr.h>
65 #include <smbsrv/smbinfo.h>
66 /* End of header files to be removed. */
67 
68 /* Max value length of all SMB properties */
69 #define	MAX_VALUE_BUFLEN	512
70 #define	SMB_PI_MAX_DOMAIN_U	48
71 
72 #define	SMBD_FMRI_PREFIX		"network/smb/server"
73 #define	SMBD_DEFAULT_INSTANCE_FMRI	"svc:/network/smb/server:default"
74 #define	SMBD_PG_NAME			"smbd"
75 #define	SMBD_PROTECTED_PG_NAME		"read"
76 
77 #define	SMBD_SMF_OK		0
78 #define	SMBD_SMF_NO_MEMORY	1	/* no memory for data structures */
79 #define	SMBD_SMF_SYSTEM_ERR	2	/* system error, use errno */
80 #define	SMBD_SMF_NO_PERMISSION	3	/* no permission for operation */
81 
82 #define	SCH_STATE_UNINIT	0
83 #define	SCH_STATE_INITIALIZING	1
84 #define	SCH_STATE_INIT		2
85 
86 typedef struct smb_scfhandle {
87 	scf_handle_t		*scf_handle;
88 	int			scf_state;
89 	scf_service_t		*scf_service;
90 	scf_scope_t		*scf_scope;
91 	scf_transaction_t	*scf_trans;
92 	scf_transaction_entry_t	*scf_entry;
93 	scf_propertygroup_t	*scf_pg;
94 	scf_instance_t		*scf_instance;
95 	scf_iter_t		*scf_inst_iter;
96 	scf_iter_t		*scf_pg_iter;
97 } smb_scfhandle_t;
98 
99 /*
100  * CIFS Configuration Management
101  */
102 
103 /* macros for the description of all config params */
104 #define	SMB_CD_RDR_IPCMODE		"rdr_ipcmode"
105 #define	SMB_CD_RDR_IPCUSER 		"rdr_ipcuser"
106 #define	SMB_CD_RDR_IPCPWD		"rdr_ipcpasswd"
107 
108 #define	SMB_CD_OPLOCK_ENABLE		"oplock_enable"
109 #define	SMB_CD_OPLOCK_TIMEOUT		"oplock_timeout"
110 
111 #define	SMB_CD_AUTOHOME_MAP		"autohome_map"
112 
113 #define	SMB_CD_DOMAIN_SID		"domain_sid"
114 #define	SMB_CD_DOMAIN_MEMB		"domain_member"
115 #define	SMB_CD_DOMAIN_NAME		"domain_name"
116 #define	SMB_CD_DOMAIN_SRV		"pdc"
117 
118 #define	SMB_CD_WINS_SRV1		"wins_server_1"
119 #define	SMB_CD_WINS_SRV2		"wins_server_2"
120 #define	SMB_CD_WINS_EXCL		"wins_exclude"
121 
122 #define	SMB_CD_SRVSVC_SHRSET_ENABLE	"srvsvc_sharesetinfo_enable"
123 #define	SMB_CD_LOGR_ENABLE		"logr_enable"
124 #define	SMB_CD_MLRPC_KALIVE		"mlrpc_keep_alive_interval"
125 
126 #define	SMB_CD_MAX_BUFSIZE		"max_bufsize"
127 #define	SMB_CD_MAX_WORKERS		"max_workers"
128 #define	SMB_CD_MAX_CONNECTIONS		"max_connections"
129 #define	SMB_CD_KEEPALIVE		"keep_alive"
130 #define	SMB_CD_RESTRICT_ANON		"restrict_anonymous"
131 
132 #define	SMB_CD_SIGNING_ENABLE		"signing_enabled"
133 #define	SMB_CD_SIGNING_REQD		"signing_required"
134 #define	SMB_CD_SIGNING_CHECK		"signing_check"
135 
136 #define	SMB_CD_FLUSH_REQUIRED		"flush_required"
137 #define	SMB_CD_SYNC_ENABLE		"sync_enable"
138 #define	SMB_CD_DIRSYMLINK_DISABLE	"dir_symlink_disable"
139 #define	SMB_CD_ANNONCE_QUOTA		"announce_quota"
140 
141 #define	SMB_CD_SECURITY			"security"
142 #define	SMB_CD_NBSCOPE			"netbios_scope"
143 #define	SMB_CD_SYS_CMNT			"system_comment"
144 #define	SMB_CD_LM_LEVEL			"lmauth_level"
145 #define	SMB_CD_MSDCS_DISABLE		"msdcs_disable"
146 
147 #define	SMB_CD_ADS_ENABLE		"ads_enable"
148 #define	SMB_CD_ADS_USER			"ads_user"
149 #define	SMB_CD_ADS_PASSWD		"ads_passwd"
150 #define	SMB_CD_ADS_DOMAIN		"ads_domain"
151 #define	SMB_CD_ADS_USER_CONTAINER	"ads_user_container"
152 #define	SMB_CD_ADS_SITE			"ads_site"
153 #define	SMB_CD_ADS_IPLOOKUP		"ads_ip_lookup"
154 
155 #define	SMB_CD_DYNDNS_ENABLE		"ddns_enable"
156 #define	SMB_CD_DYNDNS_RETRY_COUNT	"ddns_retry_cnt"
157 #define	SMB_CD_DYNDNS_RETRY_SEC		"ddns_retry_sec"
158 
159 #define	SMB_CD_MACHINE_PASSWD		"machine_passwd"
160 
161 /* configuration identifier */
162 typedef enum {
163 	SMB_CI_RDR_IPCMODE = 0,
164 	SMB_CI_RDR_IPCUSER,
165 	SMB_CI_RDR_IPCPWD,
166 
167 	SMB_CI_OPLOCK_ENABLE,
168 	SMB_CI_OPLOCK_TIMEOUT,
169 
170 	SMB_CI_AUTOHOME_MAP,
171 
172 	SMB_CI_DOMAIN_SID,
173 	SMB_CI_DOMAIN_MEMB,
174 	SMB_CI_DOMAIN_NAME,
175 	SMB_CI_DOMAIN_SRV,
176 
177 	SMB_CI_WINS_SRV1,
178 	SMB_CI_WINS_SRV2,
179 	SMB_CI_WINS_EXCL,
180 
181 	SMB_CI_SRVSVC_SHRSET_ENABLE,
182 	SMB_CI_LOGR_ENABLE,
183 	SMB_CI_MLRPC_KALIVE,
184 
185 	SMB_CI_MAX_BUFSIZE,
186 	SMB_CI_MAX_WORKERS,
187 	SMB_CI_MAX_CONNECTIONS,
188 	SMB_CI_KEEPALIVE,
189 	SMB_CI_RESTRICT_ANON,
190 
191 	SMB_CI_SIGNING_ENABLE,
192 	SMB_CI_SIGNING_REQD,
193 	SMB_CI_SIGNING_CHECK,
194 
195 	SMB_CI_FLUSH_REQUIRED,
196 	SMB_CI_SYNC_ENABLE,
197 	SMB_CI_DIRSYMLINK_DISABLE,
198 	SMB_CI_ANNONCE_QUOTA,
199 
200 	SMB_CI_SECURITY,
201 	SMB_CI_NBSCOPE,
202 	SMB_CI_SYS_CMNT,
203 	SMB_CI_LM_LEVEL,
204 	SMB_CI_MSDCS_DISABLE,
205 
206 	SMB_CI_ADS_ENABLE,
207 	SMB_CI_ADS_USER,
208 	SMB_CI_ADS_PASSWD,
209 	SMB_CI_ADS_DOMAIN,
210 	SMB_CI_ADS_USER_CONTAINER,
211 	SMB_CI_ADS_SITE,
212 	SMB_CI_ADS_IPLOOKUP,
213 
214 	SMB_CI_DYNDNS_ENABLE,
215 	SMB_CI_DYNDNS_RETRY_COUNT,
216 	SMB_CI_DYNDNS_RETRY_SEC,
217 
218 	SMB_CI_MACHINE_PASSWD,
219 	SMB_CI_MAX
220 } smb_cfg_id_t;
221 
222 /* SMF helper functions */
223 extern smb_scfhandle_t *smb_smf_scf_init(char *);
224 extern void smb_smf_scf_fini(smb_scfhandle_t *);
225 extern int smb_smf_start_transaction(smb_scfhandle_t *);
226 extern int smb_smf_end_transaction(smb_scfhandle_t *);
227 extern int smb_smf_set_string_property(smb_scfhandle_t *, char *, char *);
228 extern int smb_smf_get_string_property(smb_scfhandle_t *, char *,
229     char *, size_t);
230 extern int smb_smf_set_integer_property(smb_scfhandle_t *, char *, int64_t);
231 extern int smb_smf_get_integer_property(smb_scfhandle_t *, char *, int64_t *);
232 extern int smb_smf_set_boolean_property(smb_scfhandle_t *, char *, uint8_t);
233 extern int smb_smf_get_boolean_property(smb_scfhandle_t *, char *, uint8_t *);
234 extern int smb_smf_set_opaque_property(smb_scfhandle_t *, char *,
235     void *, size_t);
236 extern int smb_smf_get_opaque_property(smb_scfhandle_t *, char *,
237     void *, size_t);
238 extern int smb_smf_create_service_pgroup(smb_scfhandle_t *, char *);
239 extern int smb_smf_delete_service_pgroup(smb_scfhandle_t *, char *);
240 extern int smb_smf_create_instance_pgroup(smb_scfhandle_t *, char *);
241 extern int smb_smf_delete_instance_pgroup(smb_scfhandle_t *, char *);
242 extern int smb_smf_delete_property(smb_scfhandle_t *, char *);
243 extern int smb_smf_instance_exists(smb_scfhandle_t *, char *);
244 extern int smb_smf_instance_create(smb_scfhandle_t *, char *, char *);
245 extern int smb_smf_instance_delete(smb_scfhandle_t *, char *);
246 extern smb_scfhandle_t *smb_smf_get_iterator(char *);
247 extern int smb_smf_get_property(smb_scfhandle_t *, int, char *, char *,
248     size_t);
249 extern int smb_smf_set_property(smb_scfhandle_t *, int, char *, char *);
250 
251 /* Configuration management functions  */
252 extern int smb_config_load(void);
253 extern void smb_config_rdlock(void);
254 extern void smb_config_wrlock(void);
255 extern void smb_config_unlock(void);
256 extern char *smb_config_get(smb_cfg_id_t);
257 extern char *smb_config_getstr(smb_cfg_id_t);
258 extern int smb_config_getyorn(smb_cfg_id_t);
259 extern uint32_t smb_config_getnum(smb_cfg_id_t);
260 
261 /*
262  * smb_config_getenv
263  *
264  * Retrieves the property value from SMF.
265  * Caller must free the returned buffer.
266  *
267  */
268 extern char *smb_config_getenv(smb_cfg_id_t id);
269 
270 extern int smb_config_set(smb_cfg_id_t, char *);
271 extern int smb_config_setnum(smb_cfg_id_t, uint32_t);
272 extern uint8_t smb_config_get_fg_flag(void);
273 extern int smb_config_setenv(smb_cfg_id_t id, char *);
274 extern char *smb_config_get_localsid(void);
275 extern int smb_config_secmode_fromstr(char *secmode);
276 extern char *smb_config_secmode_tostr(int secmode);
277 extern int smb_config_get_secmode(void);
278 extern int smb_config_set_secmode(int secmode);
279 extern int smb_config_set_idmap_domain(char *value);
280 extern int smb_config_set_idmap_gc(char *value);
281 extern int smb_config_refresh_idmap(void);
282 extern int smb_config_refresh(void);
283 
284 /* smb_door_client.c */
285 typedef struct smb_joininfo {
286 	char domain_name[SMB_PI_MAX_DOMAIN];
287 	char domain_username[BUF_LEN + 1];
288 	char domain_passwd[BUF_LEN + 1];
289 	uint32_t mode;
290 } smb_joininfo_t;
291 
292 /* APIs to communicate with SMB daemon via door calls */
293 extern int smbd_set_param(smb_cfg_id_t, char *);
294 extern int smbd_get_param(smb_cfg_id_t, char *);
295 extern int smbd_get_security_mode(int *);
296 extern int smb_set_machine_pwd(char *);
297 extern int smbd_netbios_reconfig(void);
298 extern uint32_t smb_join(smb_joininfo_t *info);
299 extern int smb_ads_domain_change_notify(char *);
300 
301 
302 #define	SMB_DOMAIN_NOMACHINE_SID	-1
303 #define	SMB_DOMAIN_NODOMAIN_SID		-2
304 
305 extern int nt_domain_init(char *resource_domain, uint32_t secmode);
306 
307 /* Following set of functions, manipulate WINS server configuration */
308 extern int smb_wins_allow_list(char *config_list, char *allow_list);
309 extern int smb_wins_exclude_list(char *config_list, char *exclude_list);
310 extern boolean_t smb_wins_is_excluded(in_addr_t ipaddr,
311     ipaddr_t *exclude_list, int nexclude);
312 extern void smb_wins_build_list(char *buf, uint32_t iplist[], int max_naddr);
313 extern int smb_wins_iplist(char *list, uint32_t iplist[], int max_naddr);
314 
315 /*
316  * Information on a particular domain: the domain name, the
317  * name of a controller (PDC or BDC) and it's ip address.
318  */
319 typedef struct smb_ntdomain {
320 	char domain[SMB_PI_MAX_DOMAIN_U];
321 	char server[SMB_PI_MAX_DOMAIN_U];
322 	uint32_t ipaddr;
323 } smb_ntdomain_t;
324 
325 /* SMB domain information management functions */
326 extern void smb_purge_domain_info(void);
327 extern int smb_is_domain_member(void);
328 extern uint8_t smb_get_fg_flag(void);
329 extern void smb_set_domain_member(int set);
330 extern smb_ntdomain_t *smb_getdomaininfo(uint32_t timeout);
331 extern void smb_setdomaininfo(char *domain, char *server, uint32_t ipaddr);
332 extern void smb_logdomaininfo(smb_ntdomain_t *di);
333 extern uint32_t smb_get_security_mode(void);
334 
335 extern int nt_priv_presentable_num(void);
336 
337 /*
338  * Following set of function, handle calls to SMB Kernel driver, via
339  * Kernel doors interface.
340  */
341 extern uint64_t smb_dwncall_user_num(void);
342 extern int smb_dwncall_share(int, char *, char *);
343 
344 /*
345  * buffer context structure. This is used to keep track of the buffer
346  * context.
347  *
348  * basep:  points to the beginning of the buffer
349  * curp:   points to the current offset
350  * endp:   points to the limit of the buffer
351  */
352 typedef struct {
353 	unsigned char *basep;
354 	unsigned char *curp;
355 	unsigned char *endp;
356 } smb_ctxbuf_t;
357 
358 extern int smb_ctxbuf_init(smb_ctxbuf_t *ctx, unsigned char *buf,
359     size_t buflen);
360 extern int smb_ctxbuf_len(smb_ctxbuf_t *ctx);
361 extern int smb_ctxbuf_printf(smb_ctxbuf_t *ctx, const char *fmt, ...);
362 
363 /* Functions to handle SMB daemon communications with idmap service */
364 extern int smb_idmap_start(void);
365 extern void smb_idmap_stop(void);
366 extern int smb_idmap_restart(void);
367 
368 /* Miscellaneous functions */
369 extern void hexdump(unsigned char *, int);
370 extern size_t bintohex(const char *, size_t, char *, size_t);
371 extern size_t hextobin(const char *, size_t, char *, size_t);
372 extern char *trim_whitespace(char *buf);
373 extern void randomize(char *, unsigned);
374 extern void rand_hash(unsigned char *, size_t, unsigned char *, size_t);
375 
376 extern int smb_getdomainname(char *, size_t);
377 extern int smb_getfqhostname(char *, size_t);
378 extern int smb_gethostname(char *, size_t, int);
379 extern int smb_getnetbiosname(char *, size_t);
380 
381 void smb_trace(const char *s);
382 void smb_tracef(const char *fmt, ...);
383 
384 /*
385  * Authentication
386  */
387 
388 #define	SMBAUTH_LM_MAGIC_STR	"KGS!@#$%"
389 
390 #define	SMBAUTH_HASH_SZ		16	/* also LM/NTLM/NTLMv2 Hash size */
391 #define	SMBAUTH_LM_RESP_SZ	24	/* also NTLM Response size */
392 #define	SMBAUTH_LM_PWD_SZ	14	/* LM password size */
393 #define	SMBAUTH_V2_CLNT_CHALLENGE_SZ 8	/* both LMv2 and NTLMv2 */
394 #define	SMBAUTH_SESSION_KEY_SZ	SMBAUTH_HASH_SZ
395 #define	SMBAUTH_HEXHASH_SZ	(SMBAUTH_HASH_SZ * 2)
396 
397 #define	SMBAUTH_FAILURE		1
398 #define	SMBAUTH_SUCCESS		0
399 #define	MD_DIGEST_LEN		16
400 
401 /*
402  * Name Types
403  *
404  * The list of names near the end of the data blob (i.e. the ndb_names
405  * field of the smb_auth_data_blob_t data structure) can be classify into
406  * the following types:
407  *
408  * 0x0000 Indicates the end of the list.
409  * 0x0001 The name is a NetBIOS machine name (e.g. server name)
410  * 0x0002 The name is an NT Domain NetBIOS name.
411  * 0x0003 The name is the server's DNS hostname.
412  * 0x0004 The name is a W2K Domain name (a DNS name).
413  */
414 #define	SMBAUTH_NAME_TYPE_LIST_END		0x0000
415 #define	SMBAUTH_NAME_TYPE_SERVER_NETBIOS 	0x0001
416 #define	SMBAUTH_NAME_TYPE_DOMAIN_NETBIOS 	0x0002
417 #define	SMBAUTH_NAME_TYPE_SERVER_DNS		0x0003
418 #define	SMBAUTH_NAME_TYPE_DOMAIN_DNS 		0x0004
419 
420 /*
421  * smb_auth_name_entry_t
422  *
423  * Each name entry in the data blob consists of the following 3 fields:
424  *
425  * nne_type - name type
426  * nne_len  - the length of the name
427  * nne_name - the name, in uppercase UCS-2LE Unicode format
428  */
429 typedef struct smb_auth_name_entry {
430 	unsigned short nne_type;
431 	unsigned short nne_len;
432 	mts_wchar_t nne_name[SMB_PI_MAX_DOMAIN * 2];
433 } smb_auth_name_entry_t;
434 
435 /*
436  * smb_auth_data_blob
437  *
438  * The format of this NTLMv2 data blob structure is as follow:
439  *
440  *	- Blob Signature 0x01010000 (4 bytes)
441  * - Reserved (0x00000000) (4 bytes)
442  * - Timestamp Little-endian, 64-bit signed value representing
443  *   the number of tenths of a microsecond since January 1, 1601.
444  *   (8 bytes)
445  * - Client Challenge (8 bytes)
446  * - Unknown1 (4 bytes)
447  * - List of Target Information (variable length)
448  * - Unknown2 (4 bytes)
449  */
450 typedef struct smb_auth_data_blob {
451 	unsigned char ndb_signature[4];
452 	unsigned char ndb_reserved[4];
453 	uint64_t ndb_timestamp;
454 	unsigned char ndb_clnt_challenge[SMBAUTH_V2_CLNT_CHALLENGE_SZ];
455 	unsigned char ndb_unknown[4];
456 	smb_auth_name_entry_t ndb_names[2];
457 	unsigned char ndb_unknown2[4];
458 } smb_auth_data_blob_t;
459 
460 #define	SMBAUTH_BLOB_MAXLEN (sizeof (smb_auth_data_blob_t))
461 #define	SMBAUTH_CI_MAXLEN   SMBAUTH_LM_RESP_SZ
462 #define	SMBAUTH_CS_MAXLEN   (SMBAUTH_BLOB_MAXLEN + SMBAUTH_HASH_SZ)
463 
464 /*
465  * smb_auth_info_t
466  *
467  * The structure contains all the authentication information
468  * needed for the preparaton of the SMBSessionSetupAndx request
469  * and the user session key.
470  *
471  * hash      - NTLM hash
472  * hash_v2   - NTLMv2 hash
473  * ci_len    - the length of the case-insensitive password
474  * ci        - case-insensitive password
475  *             (If NTLMv2 authentication mechanism is used, it
476  *              represents the LMv2 response. Otherwise, it
477  *              is empty.)
478  * cs_len    - the length of the case-sensitive password
479  * cs        - case-sensitive password
480  *             (If NTLMv2 authentication mechanism is used, it
481  *              represents the NTLMv2 response. Otherwise, it
482  *              represents the NTLM response.)
483  * data_blob - NTLMv2 data blob
484  */
485 typedef struct smb_auth_info {
486 	unsigned char hash[SMBAUTH_HASH_SZ];
487 	unsigned char hash_v2[SMBAUTH_HASH_SZ];
488 	unsigned short ci_len;
489 	unsigned char ci[SMBAUTH_CI_MAXLEN];
490 	unsigned short cs_len;
491 	unsigned char cs[SMBAUTH_CS_MAXLEN];
492 	int lmcompatibility_lvl;
493 	smb_auth_data_blob_t data_blob;
494 } smb_auth_info_t;
495 
496 extern int smb_getdomainname(char *, size_t);
497 extern int smb_getfqhostname(char *, size_t);
498 extern int smb_gethostname(char *, size_t, int);
499 extern int smb_getnetbiosname(char *, size_t);
500 
501 void smb_trace(const char *s);
502 void smb_tracef(const char *fmt, ...);
503 
504 /*
505  * SMB password management
506  */
507 
508 #define	SMB_PWF_LM	0x01	/* LM hash is present */
509 #define	SMB_PWF_NT	0x02	/* NT hash is present */
510 #define	SMB_PWF_DISABLE	0x04	/* Account is disabled */
511 
512 typedef struct smb_passwd {
513 	uid_t pw_uid;
514 	uint32_t pw_flags;
515 	unsigned char pw_lmhash[SMBAUTH_HASH_SZ];
516 	unsigned char pw_nthash[SMBAUTH_HASH_SZ];
517 } smb_passwd_t;
518 
519 /*
520  * Control flags passed to smb_pwd_setcntl
521  */
522 #define	SMB_PWC_DISABLE	0x01
523 #define	SMB_PWC_ENABLE	0x02
524 #define	SMB_PWC_NOLM	0x04
525 
526 #define	SMB_PWE_SUCCESS		0
527 #define	SMB_PWE_USER_UNKNOWN	1
528 #define	SMB_PWE_USER_DISABLE	2
529 #define	SMB_PWE_CLOSE_FAILED	3
530 #define	SMB_PWE_OPEN_FAILED	4
531 #define	SMB_PWE_WRITE_FAILED	6
532 #define	SMB_PWE_UPDATE_FAILED	7
533 #define	SMB_PWE_STAT_FAILED	8
534 #define	SMB_PWE_BUSY		9
535 #define	SMB_PWE_DENIED		10
536 #define	SMB_PWE_SYSTEM_ERROR	11
537 #define	SMB_PWE_MAX		12
538 
539 extern smb_passwd_t *smb_pwd_getpasswd(const char *, smb_passwd_t *);
540 extern int smb_pwd_setpasswd(const char *, const char *);
541 extern int smb_pwd_setcntl(const char *, int);
542 
543 extern int smb_auth_qnd_unicode(mts_wchar_t *dst, char *src, int length);
544 extern int smb_auth_hmac_md5(unsigned char *data, int data_len,
545     unsigned char *key, int key_len, unsigned char *digest);
546 
547 /*
548  * A variation on HMAC-MD5 known as HMACT64 is used by Windows systems.
549  * The HMACT64() function is the same as the HMAC-MD5() except that
550  * it truncates the input key to 64 bytes rather than hashing it down
551  * to 16 bytes using the MD5() function.
552  */
553 #define	SMBAUTH_HMACT64(D, Ds, K, Ks, digest) \
554 	smb_auth_hmac_md5(D, Ds, K, (Ks > 64) ? 64 : Ks, digest)
555 
556 extern int smb_auth_DES(unsigned char *, int, unsigned char *, int,
557     unsigned char *, int);
558 
559 extern int smb_auth_md4(unsigned char *, unsigned char *, int);
560 extern int smb_auth_lm_hash(char *, unsigned char *);
561 extern int smb_auth_ntlm_hash(char *, unsigned char *);
562 
563 extern int smb_auth_set_info(char *, char *,
564     unsigned char *, char *, unsigned char *,
565     int, int, smb_auth_info_t *);
566 
567 extern int smb_auth_gen_session_key(smb_auth_info_t *, unsigned char *);
568 
569 boolean_t smb_auth_validate_lm(unsigned char *, uint32_t, smb_passwd_t *,
570     unsigned char *, int, char *);
571 boolean_t smb_auth_validate_nt(unsigned char *, uint32_t, smb_passwd_t *,
572     unsigned char *, int, char *);
573 
574 /*
575  * SMB MAC Signing
576  */
577 
578 #define	SMB_MAC_KEY_SZ	(SMBAUTH_SESSION_KEY_SZ + SMBAUTH_CS_MAXLEN)
579 #define	SMB_SIG_OFFS	14	/* signature field offset within header */
580 #define	SMB_SIG_SIZE	8	/* SMB signature size */
581 
582 /*
583  * Signing flags:
584  *
585  * SMB_SCF_ENABLE                 Signing is enabled.
586  *
587  * SMB_SCF_REQUIRED               Signing is enabled and required.
588  *                                This flag shouldn't be set if
589  *                                SMB_SCF_ENABLE isn't set.
590  *
591  * SMB_SCF_STARTED                Signing will start after receiving
592  *                                the first non-anonymous SessionSetup
593  *                                request.
594  *
595  * SMB_SCF_KEY_ISSET_THIS_LOGON   Indicates whether the MAC key has just
596  *                                been set for this logon. (prior to
597  *                                sending the SMBSessionSetup request)
598  *
599  */
600 #define	SMB_SCF_ENABLE		0x01
601 #define	SMB_SCF_REQUIRED	0x02
602 #define	SMB_SCF_STARTED		0x04
603 #define	SMB_SCF_KEY_ISSET_THIS_LOGON	0x08
604 
605 /*
606  * smb_sign_ctx
607  *
608  * SMB signing context.
609  *
610  *	ssc_seqnum				sequence number
611  *	ssc_keylen				mac key length
612  *	ssc_mid					multiplex id - reserved
613  *	ssc_flags				flags
614  *	ssc_mackey				mac key
615  *	ssc_sign				mac signature
616  *
617  */
618 typedef struct smb_sign_ctx {
619 	unsigned int ssc_seqnum;
620 	unsigned short ssc_keylen;
621 	unsigned short ssc_mid;
622 	unsigned int ssc_flags;
623 	unsigned char ssc_mackey[SMB_MAC_KEY_SZ];
624 	unsigned char ssc_sign[SMB_SIG_SIZE];
625 } smb_sign_ctx_t;
626 
627 extern int smb_mac_init(smb_sign_ctx_t *sign_ctx, smb_auth_info_t *auth);
628 extern int smb_mac_calc(smb_sign_ctx_t *sign_ctx,
629     const unsigned char *buf, size_t buf_len, unsigned char *mac_sign);
630 extern int smb_mac_chk(smb_sign_ctx_t *sign_ctx,
631     const unsigned char *buf, size_t buf_len);
632 extern int smb_mac_sign(smb_sign_ctx_t *sign_ctx,
633     unsigned char *buf, size_t buf_len);
634 extern void smb_mac_inc_seqnum(smb_sign_ctx_t *sign_ctx);
635 extern void smb_mac_dec_seqnum(smb_sign_ctx_t *sign_ctx);
636 
637 /*
638  * Each domain is categorized using the enum values below.
639  * The local domain refers to the local machine and is named
640  * after the local hostname. The primary domain is the domain
641  * that the system joined. All other domains are either
642  * trusted or untrusted, as defined by the primary domain PDC.
643  *
644  * This enum must be kept in step with the table of strings
645  * in ntdomain.c.
646  */
647 typedef enum nt_domain_type {
648 	NT_DOMAIN_NULL,
649 	NT_DOMAIN_BUILTIN,
650 	NT_DOMAIN_LOCAL,
651 	NT_DOMAIN_PRIMARY,
652 	NT_DOMAIN_ACCOUNT,
653 	NT_DOMAIN_TRUSTED,
654 	NT_DOMAIN_UNTRUSTED,
655 	NT_DOMAIN_NUM_TYPES
656 } nt_domain_type_t;
657 
658 
659 /*
660  * This is the information that is held about each domain. The database
661  * is a linked list that is threaded through the domain structures. As
662  * the number of domains in the database should be small (32 max), this
663  * should be sufficient.
664  */
665 typedef struct nt_domain {
666 	struct nt_domain *next;
667 	nt_domain_type_t type;
668 	char *name;
669 	nt_sid_t *sid;
670 } nt_domain_t;
671 
672 nt_domain_t *nt_domain_new(nt_domain_type_t type, char *name, nt_sid_t *sid);
673 void nt_domain_delete(nt_domain_t *domain);
674 nt_domain_t *nt_domain_add(nt_domain_t *new_domain);
675 void nt_domain_remove(nt_domain_t *domain);
676 void nt_domain_flush(nt_domain_type_t domain_type);
677 void nt_domain_sync(void);
678 char *nt_domain_xlat_type(nt_domain_type_t domain_type);
679 nt_domain_type_t nt_domain_xlat_type_name(char *type_name);
680 nt_domain_t *nt_domain_lookup_name(char *domain_name);
681 nt_domain_t *nt_domain_lookup_sid(nt_sid_t *domain_sid);
682 nt_domain_t *nt_domain_lookupbytype(nt_domain_type_t type);
683 nt_sid_t *nt_domain_local_sid(void);
684 
685 #define	SMB_GROUP_PER_LIST	5
686 
687 /*
688  * This structure takes different args passed from the client/server routines
689  * of the SMB local group door service. Extend this structure if a new type
690  * client paramater needs to be passed.
691  */
692 typedef struct ntgrp_dr_arg {
693 	char *gname;
694 	char *desc;
695 	char *member;
696 	char *newgname;
697 	uint32_t privid;
698 	uint32_t priv_attr;
699 	int offset;
700 	char *scope;
701 	int type;
702 	int count;
703 	uint32_t ntstatus;
704 } ntgrp_dr_arg_t;
705 
706 typedef struct ntgrp {
707 	DWORD rid;	/* Rid of the group */
708 	char *name;	/* Name of the group */
709 	char *desc;	/* Desc of gruup */
710 	char *type;	/* sid_name_use */
711 	char *sid;	/* Sid */
712 	DWORD attr;	/* Attribute */
713 } ntgrp_t;
714 
715 typedef struct ntgrp_list {
716 	int cnt;
717 	ntgrp_t groups[SMB_GROUP_PER_LIST];
718 } ntgrp_list_t;
719 
720 typedef char *members_list;
721 typedef struct ntgrp_member_list {
722 	DWORD rid;	/* Rid of the group in which members belong */
723 	int cnt;	/* members */
724 	members_list members[SMB_GROUP_PER_LIST];
725 } ntgrp_member_list_t;
726 
727 typedef struct ntpriv {
728 	DWORD id;		/* Id of priv */
729 	char *name;	/* Name of priv */
730 } ntpriv_t;
731 typedef ntpriv_t *privs_t;
732 
733 typedef struct ntpriv_list {
734 	int cnt;		/* Number of privs */
735 	privs_t	privs[ANY_SIZE_ARRAY];	/* privs only presentable ones */
736 } ntpriv_list_t;
737 
738 
739 /* the xdr functions */
740 extern bool_t xdr_ntgrp_dr_arg_t(XDR *, ntgrp_dr_arg_t *);
741 extern bool_t xdr_ntgrp_t(XDR *, ntgrp_t *);
742 extern bool_t xdr_ntgrp_list_t(XDR *, ntgrp_list_t *);
743 extern bool_t xdr_members_list(XDR *, members_list *);
744 extern bool_t xdr_ntgrp_member_list_t(XDR *, ntgrp_member_list_t *);
745 extern bool_t xdr_ntpriv_t(XDR *, ntpriv_t *);
746 extern bool_t xdr_privs_t(XDR *, privs_t *);
747 extern bool_t xdr_ntpriv_list_t(XDR *, ntpriv_list_t *);
748 
749 extern void smb_group_free_memberlist(ntgrp_member_list_t *, int);
750 extern void smb_group_free_list(ntgrp_list_t *, int);
751 extern void smb_group_free_privlist(ntpriv_list_t *, int);
752 
753 extern uint32_t smb_group_add(char *, char *);
754 extern uint32_t smb_group_modify(char *, char *, char *);
755 extern uint32_t smb_group_delete(char *);
756 extern uint32_t smb_group_member_remove(char *, char *);
757 extern uint32_t smb_group_member_add(char *, char *);
758 extern uint32_t smb_group_priv_num(int *);
759 extern uint32_t smb_group_priv_list(ntpriv_list_t **);
760 extern uint32_t smb_group_priv_get(char *, uint32_t, uint32_t *);
761 extern uint32_t smb_group_priv_set(char *, uint32_t, uint32_t);
762 extern uint32_t smb_group_count(int *);
763 extern uint32_t smb_group_list(int, ntgrp_list_t **, char *, int);
764 extern uint32_t smb_group_member_count(char *, int *);
765 extern uint32_t smb_group_member_list(char *, int, ntgrp_member_list_t **);
766 
767 extern char *smb_dr_encode_grp_privlist(uint32_t, ntpriv_list_t *, size_t *);
768 extern ntpriv_list_t *smb_dr_decode_grp_privlist(char *, size_t);
769 
770 extern char *smb_dr_encode_grp_list(uint32_t, ntgrp_list_t *, size_t *);
771 extern ntgrp_list_t *smb_dr_decode_grp_list(char *, size_t);
772 
773 extern char *smb_dr_encode_grp_memberlist(uint32_t, ntgrp_member_list_t *,
774     size_t *);
775 extern ntgrp_member_list_t *smb_dr_decode_grp_memberlist(char *buf, size_t len);
776 
777 #ifdef	__cplusplus
778 }
779 #endif
780 
781 #endif	/* _LIBSMB_H */
782