xref: /illumos-gate/usr/src/uts/common/smbsrv/smb_token.h (revision 45818ee124adeaaf947698996b4f4c722afc6d1f) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  *
25  * Copyright 2013 Nexenta Systems, Inc.  All rights reserved.
26  */
27 
28 #ifndef _SMB_TOKEN_H
29 #define	_SMB_TOKEN_H
30 
31 #include <smbsrv/netrauth.h>
32 #include <smbsrv/smb_privilege.h>
33 #include <smbsrv/smb_sid.h>
34 
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38 
39 /*
40  * User Session Key
41  *
42  * This is part of the MAC key which is required for signing SMB messages.
43  */
44 typedef struct smb_session_key {
45 	uint8_t data[16];
46 } smb_session_key_t;
47 
48 /* 32-bit opaque buffer (non-null terminated strings) */
49 typedef struct smb_buf32 {
50 	uint32_t	len;
51 	uint8_t		*val;
52 } smb_buf32_t;
53 
54 /*
55  * Access Token
56  *
57  * An access token identifies a user, the user's privileges and the
58  * list of groups of which the user is a member. This information is
59  * used when access is requested to an object by comparing this
60  * information with the DACL in the object's security descriptor.
61  *
62  * There should be one unique token per user per session per client.
63  *
64  * Access Token Flags
65  *
66  * SMB_ATF_GUEST	Token belongs to guest user
67  * SMB_ATF_ANON		Token belongs to anonymous user
68  * 			and it's only good for IPC Connection.
69  * SMB_ATF_POWERUSER	Token belongs to a Power User member
70  * SMB_ATF_BACKUPOP	Token belongs to a Power User member
71  * SMB_ATF_ADMIN	Token belongs to a Domain Admins member
72  */
73 #define	SMB_ATF_GUEST		0x00000001
74 #define	SMB_ATF_ANON		0x00000002
75 #define	SMB_ATF_POWERUSER	0x00000004
76 #define	SMB_ATF_BACKUPOP	0x00000008
77 #define	SMB_ATF_ADMIN		0x00000010
78 
79 #define	SMB_POSIX_GRPS_SIZE(n) \
80 	(sizeof (smb_posix_grps_t) + (n - 1) * sizeof (gid_t))
81 /*
82  * It consists of the primary and supplementary POSIX groups.
83  */
84 typedef struct smb_posix_grps {
85 	uint32_t	pg_ngrps;
86 	gid_t		pg_grps[ANY_SIZE_ARRAY];
87 } smb_posix_grps_t;
88 
89 typedef struct smb_token {
90 	smb_id_t	tkn_user;
91 	smb_id_t	tkn_owner;
92 	smb_id_t	tkn_primary_grp;
93 	smb_ids_t	tkn_win_grps;
94 	smb_privset_t	*tkn_privileges;
95 	char		*tkn_account_name;
96 	char		*tkn_domain_name;
97 	uint32_t	tkn_flags;
98 	uint32_t	tkn_audit_sid;
99 	smb_session_key_t *tkn_session_key;
100 	smb_posix_grps_t *tkn_posix_grps;
101 } smb_token_t;
102 
103 /*
104  * Details required to authenticate a user.
105  */
106 typedef struct smb_logon {
107 	uint16_t	lg_level;
108 	char		*lg_username;	/* requested username */
109 	char		*lg_domain;	/* requested domain */
110 	char		*lg_e_username;	/* effective username */
111 	char		*lg_e_domain;	/* effective domain */
112 	char		*lg_workstation;
113 	smb_inaddr_t	lg_clnt_ipaddr;
114 	smb_inaddr_t	lg_local_ipaddr;
115 	uint16_t	lg_local_port;
116 	smb_buf32_t	lg_challenge_key;
117 	smb_buf32_t	lg_nt_password;
118 	smb_buf32_t	lg_lm_password;
119 	int		lg_native_os;
120 	int		lg_native_lm;
121 	uint32_t	lg_flags;
122 	uint32_t	lg_logon_id;	/* filled in user space */
123 	uint32_t	lg_domain_type;	/* filled in user space */
124 	uint32_t	lg_secmode;	/* filled in user space */
125 	uint32_t	lg_status;	/* filled in user space */
126 } smb_logon_t;
127 
128 int smb_logon_xdr();
129 int smb_token_xdr();
130 
131 #if defined(_KERNEL) || defined(_FAKE_KERNEL)
132 void smb_token_free(smb_token_t *);
133 #else /* _KERNEL */
134 smb_token_t *smb_logon(smb_logon_t *);
135 void smb_logon_abort(void);
136 void smb_token_destroy(smb_token_t *);
137 uint8_t *smb_token_encode(smb_token_t *, uint32_t *);
138 void smb_token_log(smb_token_t *);
139 smb_logon_t *smb_logon_decode(uint8_t *, uint32_t);
140 void smb_logon_free(smb_logon_t *);
141 #endif /* _KERNEL */
142 
143 int smb_token_query_privilege(smb_token_t *token, int priv_id);
144 boolean_t smb_token_valid(smb_token_t *);
145 
146 #ifdef __cplusplus
147 }
148 #endif
149 
150 #endif /* _SMB_TOKEN_H */
151