xref: /titanic_52/usr/src/common/smbsrv/smb_token.c (revision db2417522bcef7cf091649ee369330ecefbaf183)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  *
25  * Copyright 2013 Nexenta Systems, Inc.  All rights reserved.
26  */
27 
28 /*
29  * NT Token library (kernel/user)
30  */
31 
32 #if defined(_KERNEL) || defined(_FAKE_KERNEL)
33 #include <sys/types.h>
34 #include <sys/cmn_err.h>
35 #include <sys/kmem.h>
36 #else /* _KERNEL */
37 #include <stdlib.h>
38 #include <strings.h>
39 #include <syslog.h>
40 #endif /* _KERNEL */
41 
42 #include <smbsrv/string.h>
43 #include <smbsrv/smb_token.h>
44 #include <smbsrv/smb_xdr.h>
45 
46 /*
47  * smb_token_query_privilege
48  *
49  * Find out if the specified privilege is enable in the given
50  * access token.
51  */
52 int
53 smb_token_query_privilege(smb_token_t *token, int priv_id)
54 {
55 	smb_privset_t *privset;
56 	int i;
57 
58 	if ((token == NULL) || (token->tkn_privileges == NULL))
59 		return (0);
60 
61 	privset = token->tkn_privileges;
62 	for (i = 0; privset->priv_cnt; i++) {
63 		if (privset->priv[i].luid.lo_part == priv_id) {
64 			if (privset->priv[i].attrs == SE_PRIVILEGE_ENABLED)
65 				return (1);
66 			else
67 				return (0);
68 		}
69 	}
70 
71 	return (0);
72 }
73 
74 /*
75  * Basic sanity check on a token.
76  */
77 boolean_t
78 smb_token_valid(smb_token_t *token)
79 {
80 	if (token == NULL)
81 		return (B_FALSE);
82 
83 	if ((token->tkn_user.i_sid == NULL) ||
84 	    (token->tkn_owner.i_sid == NULL) ||
85 	    (token->tkn_primary_grp.i_sid == NULL) ||
86 	    (token->tkn_account_name == NULL) ||
87 	    (token->tkn_domain_name == NULL) ||
88 	    (token->tkn_posix_grps == NULL))
89 		return (B_FALSE);
90 
91 	if ((token->tkn_win_grps.i_cnt != 0) &&
92 	    (token->tkn_win_grps.i_ids == NULL))
93 		return (B_FALSE);
94 
95 	return (B_TRUE);
96 }
97 
98 #if !defined(_KERNEL) && !defined(_FAKE_KERNEL)
99 /*
100  * Encode: structure -> flat buffer (buffer size)
101  * Pre-condition: obj is non-null.
102  */
103 uint8_t *
104 smb_token_encode(smb_token_t *obj, uint32_t *len)
105 {
106 	uint8_t *buf;
107 	XDR xdrs;
108 
109 	if (!obj) {
110 		syslog(LOG_ERR, "smb_token_encode: invalid parameter");
111 		return (NULL);
112 	}
113 
114 	*len = xdr_sizeof(smb_token_xdr, obj);
115 	buf = (uint8_t *)malloc(*len);
116 	if (!buf) {
117 		syslog(LOG_ERR, "smb_token_encode: %m");
118 		return (NULL);
119 	}
120 
121 	xdrmem_create(&xdrs, (const caddr_t)buf, *len, XDR_ENCODE);
122 
123 	if (!smb_token_xdr(&xdrs, obj)) {
124 		syslog(LOG_ERR, "smb_token_encode: XDR encode error");
125 		*len = 0;
126 		free(buf);
127 		buf = NULL;
128 	}
129 
130 	xdr_destroy(&xdrs);
131 	return (buf);
132 }
133 
134 /*
135  * Decode: flat buffer -> structure
136  */
137 smb_logon_t *
138 smb_logon_decode(uint8_t *buf, uint32_t len)
139 {
140 	smb_logon_t	*obj;
141 	XDR		xdrs;
142 
143 	xdrmem_create(&xdrs, (const caddr_t)buf, len, XDR_DECODE);
144 
145 	if ((obj = malloc(sizeof (smb_logon_t))) == NULL) {
146 		syslog(LOG_ERR, "smb_logon_decode: %m");
147 		xdr_destroy(&xdrs);
148 		return (NULL);
149 	}
150 
151 	bzero(obj, sizeof (smb_logon_t));
152 	if (!smb_logon_xdr(&xdrs, obj)) {
153 		syslog(LOG_ERR, "smb_logon_decode: XDR decode error");
154 		free(obj);
155 		obj = NULL;
156 	}
157 
158 	xdr_destroy(&xdrs);
159 	return (obj);
160 }
161 
162 void
163 smb_logon_free(smb_logon_t *obj)
164 {
165 	xdr_free(smb_logon_xdr, (char *)obj);
166 	free(obj);
167 }
168 #else /* _KERNEL */
169 /*
170  * Tokens are allocated in the kernel via XDR.
171  * Call xdr_free before freeing the token structure.
172  */
173 void
174 smb_token_free(smb_token_t *token)
175 {
176 	if (token != NULL) {
177 		xdr_free(smb_token_xdr, (char *)token);
178 		kmem_free(token, sizeof (smb_token_t));
179 	}
180 }
181 #endif /* _KERNEL */
182