Print this page
NEX-13644 File access audit logging
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Reviewed by: Saso Kiselkov <saso.kiselkov@nexenta.com>
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
NEX-3080 SMB1 signing problem with Kerberos auth.
Reviewed by: Bayard Bell <bayard.bell@nexenta.com>
Reviewed by: Dan Fields <dan.fields@nexenta.com>
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Matt Barden <Matt.Barden@nexenta.com>
NEX-2485 SMB authentication flood handled poorly
NEX-2225 Unable to join NexentaStor to 2008 AD
SMB-108 Should have comments to relate types with their XDR functions
SMB-56 extended security NTLMSSP, inbound
SMB-50 User-mode SMB server
Includes work by these authors:
Thomas Keiser <thomas.keiser@nexenta.com>
Albert Lee <trisk@nexenta.com>
*** 20,39 ****
*/
/*
* Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
! * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
*/
#ifndef _SMB_TOKEN_H
#define _SMB_TOKEN_H
#include <smbsrv/smb_inet.h>
#include <smbsrv/smb_privilege.h>
#include <smbsrv/smb_sid.h>
/*
* Don't want <smbsrv/netrauth.h> in here, but
* uts/common/fs/smbsrv/smb_authenticate.c
* wants this. Todo: cleanup
*/
--- 20,45 ----
*/
/*
* Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
! * Copyright 2018 Nexenta Systems, Inc. All rights reserved.
*/
#ifndef _SMB_TOKEN_H
#define _SMB_TOKEN_H
#include <smbsrv/smb_inet.h>
#include <smbsrv/smb_privilege.h>
#include <smbsrv/smb_sid.h>
+ #if defined(_KERNEL) || defined(_FAKE_KERNEL)
+ #include <c2/audit.h>
+ #else
+ #include <bsm/audit.h>
+ #endif
+
/*
* Don't want <smbsrv/netrauth.h> in here, but
* uts/common/fs/smbsrv/smb_authenticate.c
* wants this. Todo: cleanup
*/
*** 69,80 ****
* and it's only good for IPC Connection.
* SMB_ATF_POWERUSER Token belongs to a Power User member
* SMB_ATF_BACKUPOP Token belongs to a Power User member
* SMB_ATF_ADMIN Token belongs to a Domain Admins member
*/
! #define SMB_ATF_GUEST 0x00000001
! #define SMB_ATF_ANON 0x00000002
#define SMB_ATF_POWERUSER 0x00000004
#define SMB_ATF_BACKUPOP 0x00000008
#define SMB_ATF_ADMIN 0x00000010
#define SMB_POSIX_GRPS_SIZE(n) \
--- 75,86 ----
* and it's only good for IPC Connection.
* SMB_ATF_POWERUSER Token belongs to a Power User member
* SMB_ATF_BACKUPOP Token belongs to a Power User member
* SMB_ATF_ADMIN Token belongs to a Domain Admins member
*/
! #define SMB_ATF_ANON 0x00000001
! #define SMB_ATF_GUEST 0x00000002
#define SMB_ATF_POWERUSER 0x00000004
#define SMB_ATF_BACKUPOP 0x00000008
#define SMB_ATF_ADMIN 0x00000010
#define SMB_POSIX_GRPS_SIZE(n) \
*** 102,111 ****
--- 108,120 ----
char *tkn_domain_name;
uint32_t tkn_flags;
uint32_t tkn_audit_sid;
smb_buf32_t tkn_ssnkey;
smb_posix_grps_t *tkn_posix_grps;
+ au_id_t tkn_auid;
+ au_mask_t tkn_amask;
+ au_asid_t tkn_asid;
} smb_token_t;
/*
* Details required to authenticate a user.
* See also: smb_logon_xdr()