5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 *
25 * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
26 */
27
28 #ifndef _SMB_TOKEN_H
29 #define _SMB_TOKEN_H
30
31 #include <smbsrv/smb_inet.h>
32 #include <smbsrv/smb_privilege.h>
33 #include <smbsrv/smb_sid.h>
34
35 /*
36 * Don't want <smbsrv/netrauth.h> in here, but
37 * uts/common/fs/smbsrv/smb_authenticate.c
38 * wants this. Todo: cleanup
39 */
40 #define NETR_NETWORK_LOGON 0x02
41
42 #ifdef __cplusplus
43 extern "C" {
44 #endif
45
46 /*
47 * 32-bit opaque buffer (non-null terminated strings)
48 * See also: smb_buf32_xdr()
49 */
50 typedef struct smb_buf32 {
51 uint32_t len;
52 uint8_t *val;
53 } smb_buf32_t;
54
55 /*
56 * Access Token
57 *
58 * An access token identifies a user, the user's privileges and the
59 * list of groups of which the user is a member. This information is
60 * used when access is requested to an object by comparing this
61 * information with the DACL in the object's security descriptor.
62 *
63 * There should be one unique token per user per session per client.
64 *
65 * Access Token Flags
66 *
67 * SMB_ATF_GUEST Token belongs to guest user
68 * SMB_ATF_ANON Token belongs to anonymous user
69 * and it's only good for IPC Connection.
70 * SMB_ATF_POWERUSER Token belongs to a Power User member
71 * SMB_ATF_BACKUPOP Token belongs to a Power User member
72 * SMB_ATF_ADMIN Token belongs to a Domain Admins member
73 */
74 #define SMB_ATF_GUEST 0x00000001
75 #define SMB_ATF_ANON 0x00000002
76 #define SMB_ATF_POWERUSER 0x00000004
77 #define SMB_ATF_BACKUPOP 0x00000008
78 #define SMB_ATF_ADMIN 0x00000010
79
80 #define SMB_POSIX_GRPS_SIZE(n) \
81 (sizeof (smb_posix_grps_t) + (n - 1) * sizeof (gid_t))
82 /*
83 * It consists of the primary and supplementary POSIX groups.
84 * See also: smb_posix_grps_xdr()
85 */
86 typedef struct smb_posix_grps {
87 uint32_t pg_ngrps;
88 gid_t pg_grps[ANY_SIZE_ARRAY];
89 } smb_posix_grps_t;
90
91 /*
92 * An NT-style logon "token" (NT terminology)
93 * See also: smb_token_xdr()
94 */
95 typedef struct smb_token {
96 smb_id_t tkn_user;
97 smb_id_t tkn_owner;
98 smb_id_t tkn_primary_grp;
99 smb_ids_t tkn_win_grps;
100 smb_privset_t *tkn_privileges;
101 char *tkn_account_name;
102 char *tkn_domain_name;
103 uint32_t tkn_flags;
104 uint32_t tkn_audit_sid;
105 smb_buf32_t tkn_ssnkey;
106 smb_posix_grps_t *tkn_posix_grps;
107 } smb_token_t;
108
109 /*
110 * Details required to authenticate a user.
111 * See also: smb_logon_xdr()
112 */
113 typedef struct smb_logon {
114 uint16_t lg_level;
115 char *lg_username; /* requested username */
116 char *lg_domain; /* requested domain */
117 char *lg_e_username; /* effective username */
118 char *lg_e_domain; /* effective domain */
119 char *lg_workstation;
120 smb_inaddr_t lg_clnt_ipaddr;
121 smb_inaddr_t lg_local_ipaddr;
122 uint16_t lg_local_port;
123 smb_buf32_t lg_challenge_key;
124 smb_buf32_t lg_nt_password;
125 smb_buf32_t lg_lm_password;
126 uint32_t lg_ntlm_flags;
|
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 *
25 * Copyright 2018 Nexenta Systems, Inc. All rights reserved.
26 */
27
28 #ifndef _SMB_TOKEN_H
29 #define _SMB_TOKEN_H
30
31 #include <smbsrv/smb_inet.h>
32 #include <smbsrv/smb_privilege.h>
33 #include <smbsrv/smb_sid.h>
34
35 #if defined(_KERNEL) || defined(_FAKE_KERNEL)
36 #include <c2/audit.h>
37 #else
38 #include <bsm/audit.h>
39 #endif
40
41 /*
42 * Don't want <smbsrv/netrauth.h> in here, but
43 * uts/common/fs/smbsrv/smb_authenticate.c
44 * wants this. Todo: cleanup
45 */
46 #define NETR_NETWORK_LOGON 0x02
47
48 #ifdef __cplusplus
49 extern "C" {
50 #endif
51
52 /*
53 * 32-bit opaque buffer (non-null terminated strings)
54 * See also: smb_buf32_xdr()
55 */
56 typedef struct smb_buf32 {
57 uint32_t len;
58 uint8_t *val;
59 } smb_buf32_t;
60
61 /*
62 * Access Token
63 *
64 * An access token identifies a user, the user's privileges and the
65 * list of groups of which the user is a member. This information is
66 * used when access is requested to an object by comparing this
67 * information with the DACL in the object's security descriptor.
68 *
69 * There should be one unique token per user per session per client.
70 *
71 * Access Token Flags
72 *
73 * SMB_ATF_GUEST Token belongs to guest user
74 * SMB_ATF_ANON Token belongs to anonymous user
75 * and it's only good for IPC Connection.
76 * SMB_ATF_POWERUSER Token belongs to a Power User member
77 * SMB_ATF_BACKUPOP Token belongs to a Power User member
78 * SMB_ATF_ADMIN Token belongs to a Domain Admins member
79 */
80 #define SMB_ATF_ANON 0x00000001
81 #define SMB_ATF_GUEST 0x00000002
82 #define SMB_ATF_POWERUSER 0x00000004
83 #define SMB_ATF_BACKUPOP 0x00000008
84 #define SMB_ATF_ADMIN 0x00000010
85
86 #define SMB_POSIX_GRPS_SIZE(n) \
87 (sizeof (smb_posix_grps_t) + (n - 1) * sizeof (gid_t))
88 /*
89 * It consists of the primary and supplementary POSIX groups.
90 * See also: smb_posix_grps_xdr()
91 */
92 typedef struct smb_posix_grps {
93 uint32_t pg_ngrps;
94 gid_t pg_grps[ANY_SIZE_ARRAY];
95 } smb_posix_grps_t;
96
97 /*
98 * An NT-style logon "token" (NT terminology)
99 * See also: smb_token_xdr()
100 */
101 typedef struct smb_token {
102 smb_id_t tkn_user;
103 smb_id_t tkn_owner;
104 smb_id_t tkn_primary_grp;
105 smb_ids_t tkn_win_grps;
106 smb_privset_t *tkn_privileges;
107 char *tkn_account_name;
108 char *tkn_domain_name;
109 uint32_t tkn_flags;
110 uint32_t tkn_audit_sid;
111 smb_buf32_t tkn_ssnkey;
112 smb_posix_grps_t *tkn_posix_grps;
113 au_id_t tkn_auid;
114 au_mask_t tkn_amask;
115 au_asid_t tkn_asid;
116 } smb_token_t;
117
118 /*
119 * Details required to authenticate a user.
120 * See also: smb_logon_xdr()
121 */
122 typedef struct smb_logon {
123 uint16_t lg_level;
124 char *lg_username; /* requested username */
125 char *lg_domain; /* requested domain */
126 char *lg_e_username; /* effective username */
127 char *lg_e_domain; /* effective domain */
128 char *lg_workstation;
129 smb_inaddr_t lg_clnt_ipaddr;
130 smb_inaddr_t lg_local_ipaddr;
131 uint16_t lg_local_port;
132 smb_buf32_t lg_challenge_key;
133 smb_buf32_t lg_nt_password;
134 smb_buf32_t lg_lm_password;
135 uint32_t lg_ntlm_flags;
|