1da6c28aaSamw /* 2da6c28aaSamw * CDDL HEADER START 3da6c28aaSamw * 4da6c28aaSamw * The contents of this file are subject to the terms of the 5da6c28aaSamw * Common Development and Distribution License (the "License"). 6da6c28aaSamw * You may not use this file except in compliance with the License. 7da6c28aaSamw * 8da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9da6c28aaSamw * or http://www.opensolaris.org/os/licensing. 10da6c28aaSamw * See the License for the specific language governing permissions 11da6c28aaSamw * and limitations under the License. 12da6c28aaSamw * 13da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each 14da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the 16da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying 17da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner] 18da6c28aaSamw * 19da6c28aaSamw * CDDL HEADER END 20da6c28aaSamw */ 21da6c28aaSamw /* 229fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23da6c28aaSamw * Use is subject to license terms. 24*b819cea2SGordon Ross * 25*b819cea2SGordon Ross * Copyright 2013 Nexenta Systems, Inc. All rights reserved. 26da6c28aaSamw */ 27da6c28aaSamw 28da6c28aaSamw /* 29da6c28aaSamw * NT Token library (kernel/user) 30da6c28aaSamw */ 31da6c28aaSamw 32*b819cea2SGordon Ross #if defined(_KERNEL) || defined(_FAKE_KERNEL) 33da6c28aaSamw #include <sys/types.h> 34da6c28aaSamw #include <sys/cmn_err.h> 35da6c28aaSamw #include <sys/kmem.h> 36da6c28aaSamw #else /* _KERNEL */ 37da6c28aaSamw #include <stdlib.h> 38da6c28aaSamw #include <strings.h> 39da6c28aaSamw #include <syslog.h> 40da6c28aaSamw #endif /* _KERNEL */ 41da6c28aaSamw 42da6c28aaSamw #include <smbsrv/string.h> 43da6c28aaSamw #include <smbsrv/smb_token.h> 44da6c28aaSamw #include <smbsrv/smb_xdr.h> 45da6c28aaSamw 46da6c28aaSamw /* 47da6c28aaSamw * smb_token_query_privilege 48da6c28aaSamw * 49da6c28aaSamw * Find out if the specified privilege is enable in the given 50da6c28aaSamw * access token. 51da6c28aaSamw */ 52da6c28aaSamw int 53da6c28aaSamw smb_token_query_privilege(smb_token_t *token, int priv_id) 54da6c28aaSamw { 55da6c28aaSamw smb_privset_t *privset; 56da6c28aaSamw int i; 57da6c28aaSamw 58da6c28aaSamw if ((token == NULL) || (token->tkn_privileges == NULL)) 59da6c28aaSamw return (0); 60da6c28aaSamw 61da6c28aaSamw privset = token->tkn_privileges; 62da6c28aaSamw for (i = 0; privset->priv_cnt; i++) { 63da6c28aaSamw if (privset->priv[i].luid.lo_part == priv_id) { 64da6c28aaSamw if (privset->priv[i].attrs == SE_PRIVILEGE_ENABLED) 65da6c28aaSamw return (1); 66da6c28aaSamw else 67da6c28aaSamw return (0); 68da6c28aaSamw } 69da6c28aaSamw } 70da6c28aaSamw 71da6c28aaSamw return (0); 72da6c28aaSamw } 73da6c28aaSamw 749fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States /* 759fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * Basic sanity check on a token. 769fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States */ 779fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States boolean_t 789fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_token_valid(smb_token_t *token) 799fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States { 809fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (token == NULL) 819fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (B_FALSE); 829fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 839fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if ((token->tkn_user.i_sid == NULL) || 849fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States (token->tkn_owner.i_sid == NULL) || 859fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States (token->tkn_primary_grp.i_sid == NULL) || 869fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States (token->tkn_account_name == NULL) || 879fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States (token->tkn_domain_name == NULL) || 889fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States (token->tkn_posix_grps == NULL)) 899fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (B_FALSE); 909fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 919fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if ((token->tkn_win_grps.i_cnt != 0) && 929fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States (token->tkn_win_grps.i_ids == NULL)) 939fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (B_FALSE); 949fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 959fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (B_TRUE); 969fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States } 979fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 98*b819cea2SGordon Ross #if !defined(_KERNEL) && !defined(_FAKE_KERNEL) 99da6c28aaSamw /* 1009fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * Encode: structure -> flat buffer (buffer size) 101da6c28aaSamw * Pre-condition: obj is non-null. 102da6c28aaSamw */ 103da6c28aaSamw uint8_t * 1049fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_token_encode(smb_token_t *obj, uint32_t *len) 105da6c28aaSamw { 106da6c28aaSamw uint8_t *buf; 107da6c28aaSamw XDR xdrs; 108da6c28aaSamw 109da6c28aaSamw if (!obj) { 1109fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States syslog(LOG_ERR, "smb_token_encode: invalid parameter"); 111da6c28aaSamw return (NULL); 112da6c28aaSamw } 113da6c28aaSamw 1149fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States *len = xdr_sizeof(smb_token_xdr, obj); 115da6c28aaSamw buf = (uint8_t *)malloc(*len); 116da6c28aaSamw if (!buf) { 1179fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States syslog(LOG_ERR, "smb_token_encode: %m"); 118da6c28aaSamw return (NULL); 119da6c28aaSamw } 120da6c28aaSamw 121da6c28aaSamw xdrmem_create(&xdrs, (const caddr_t)buf, *len, XDR_ENCODE); 122da6c28aaSamw 1239fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (!smb_token_xdr(&xdrs, obj)) { 1249fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States syslog(LOG_ERR, "smb_token_encode: XDR encode error"); 125da6c28aaSamw *len = 0; 126da6c28aaSamw free(buf); 127da6c28aaSamw buf = NULL; 128da6c28aaSamw } 129da6c28aaSamw 130da6c28aaSamw xdr_destroy(&xdrs); 131da6c28aaSamw return (buf); 132da6c28aaSamw } 133da6c28aaSamw 134da6c28aaSamw /* 1359fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * Decode: flat buffer -> structure 136da6c28aaSamw */ 1379fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_logon_t * 1389fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_logon_decode(uint8_t *buf, uint32_t len) 139da6c28aaSamw { 1409fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_logon_t *obj; 141da6c28aaSamw XDR xdrs; 142da6c28aaSamw 143da6c28aaSamw xdrmem_create(&xdrs, (const caddr_t)buf, len, XDR_DECODE); 1449fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 1459fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if ((obj = malloc(sizeof (smb_logon_t))) == NULL) { 1469fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States syslog(LOG_ERR, "smb_logon_decode: %m"); 147da6c28aaSamw xdr_destroy(&xdrs); 148da6c28aaSamw return (NULL); 149da6c28aaSamw } 150da6c28aaSamw 1519fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States bzero(obj, sizeof (smb_logon_t)); 1529fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (!smb_logon_xdr(&xdrs, obj)) { 1539fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States syslog(LOG_ERR, "smb_logon_decode: XDR decode error"); 154da6c28aaSamw free(obj); 155da6c28aaSamw obj = NULL; 156da6c28aaSamw } 157da6c28aaSamw 158da6c28aaSamw xdr_destroy(&xdrs); 159da6c28aaSamw return (obj); 160da6c28aaSamw } 161cbfb650aScp160787 162cbfb650aScp160787 void 1639fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_logon_free(smb_logon_t *obj) 164cbfb650aScp160787 { 1659fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States xdr_free(smb_logon_xdr, (char *)obj); 1669fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States free(obj); 167cbfb650aScp160787 } 168da6c28aaSamw #endif /* _KERNEL */ 169