xref: /onnv-gate/usr/src/common/smbsrv/smb_token.c (revision 11963:061945695ce1) 
15331Samw /*
25331Samw  * CDDL HEADER START
35331Samw  *
45331Samw  * The contents of this file are subject to the terms of the
55331Samw  * Common Development and Distribution License (the "License").
65331Samw  * You may not use this file except in compliance with the License.
75331Samw  *
85331Samw  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
95331Samw  * or http://www.opensolaris.org/os/licensing.
105331Samw  * See the License for the specific language governing permissions
115331Samw  * and limitations under the License.
125331Samw  *
135331Samw  * When distributing Covered Code, include this CDDL HEADER in each
145331Samw  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
155331Samw  * If applicable, add the following below this CDDL HEADER, with the
165331Samw  * fields enclosed by brackets "[]" replaced with your own identifying
175331Samw  * information: Portions Copyright [yyyy] [name of copyright owner]
185331Samw  *
195331Samw  * CDDL HEADER END
205331Samw  */
215331Samw /*
22*11963SAfshin.Ardakani@Sun.COM  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
235331Samw  * Use is subject to license terms.
245331Samw  */
255331Samw 
265331Samw /*
275331Samw  * NT Token library (kernel/user)
285331Samw  */
295331Samw 
305331Samw #ifdef _KERNEL
315331Samw #include <sys/types.h>
325331Samw #include <sys/cmn_err.h>
335331Samw #include <sys/kmem.h>
345331Samw #else /* _KERNEL */
355331Samw #include <stdlib.h>
365331Samw #include <strings.h>
375331Samw #include <syslog.h>
385331Samw #endif /* _KERNEL */
395331Samw 
405331Samw #include <smbsrv/string.h>
415331Samw #include <smbsrv/smb_token.h>
425331Samw #include <smbsrv/smb_xdr.h>
435331Samw 
445331Samw /*
455331Samw  * smb_token_query_privilege
465331Samw  *
475331Samw  * Find out if the specified privilege is enable in the given
485331Samw  * access token.
495331Samw  */
505331Samw int
smb_token_query_privilege(smb_token_t * token,int priv_id)515331Samw smb_token_query_privilege(smb_token_t *token, int priv_id)
525331Samw {
535331Samw 	smb_privset_t *privset;
545331Samw 	int i;
555331Samw 
565331Samw 	if ((token == NULL) || (token->tkn_privileges == NULL))
575331Samw 		return (0);
585331Samw 
595331Samw 	privset = token->tkn_privileges;
605331Samw 	for (i = 0; privset->priv_cnt; i++) {
615331Samw 		if (privset->priv[i].luid.lo_part == priv_id) {
625331Samw 			if (privset->priv[i].attrs == SE_PRIVILEGE_ENABLED)
635331Samw 				return (1);
645331Samw 			else
655331Samw 				return (0);
665331Samw 		}
675331Samw 	}
685331Samw 
695331Samw 	return (0);
705331Samw }
715331Samw 
72*11963SAfshin.Ardakani@Sun.COM /*
73*11963SAfshin.Ardakani@Sun.COM  * Basic sanity check on a token.
74*11963SAfshin.Ardakani@Sun.COM  */
75*11963SAfshin.Ardakani@Sun.COM boolean_t
smb_token_valid(smb_token_t * token)76*11963SAfshin.Ardakani@Sun.COM smb_token_valid(smb_token_t *token)
77*11963SAfshin.Ardakani@Sun.COM {
78*11963SAfshin.Ardakani@Sun.COM 	if (token == NULL)
79*11963SAfshin.Ardakani@Sun.COM 		return (B_FALSE);
80*11963SAfshin.Ardakani@Sun.COM 
81*11963SAfshin.Ardakani@Sun.COM 	if ((token->tkn_user.i_sid == NULL) ||
82*11963SAfshin.Ardakani@Sun.COM 	    (token->tkn_owner.i_sid == NULL) ||
83*11963SAfshin.Ardakani@Sun.COM 	    (token->tkn_primary_grp.i_sid == NULL) ||
84*11963SAfshin.Ardakani@Sun.COM 	    (token->tkn_account_name == NULL) ||
85*11963SAfshin.Ardakani@Sun.COM 	    (token->tkn_domain_name == NULL) ||
86*11963SAfshin.Ardakani@Sun.COM 	    (token->tkn_posix_grps == NULL))
87*11963SAfshin.Ardakani@Sun.COM 		return (B_FALSE);
88*11963SAfshin.Ardakani@Sun.COM 
89*11963SAfshin.Ardakani@Sun.COM 	if ((token->tkn_win_grps.i_cnt != 0) &&
90*11963SAfshin.Ardakani@Sun.COM 	    (token->tkn_win_grps.i_ids == NULL))
91*11963SAfshin.Ardakani@Sun.COM 		return (B_FALSE);
92*11963SAfshin.Ardakani@Sun.COM 
93*11963SAfshin.Ardakani@Sun.COM 	return (B_TRUE);
94*11963SAfshin.Ardakani@Sun.COM }
95*11963SAfshin.Ardakani@Sun.COM 
965331Samw #ifndef _KERNEL
975331Samw /*
98*11963SAfshin.Ardakani@Sun.COM  * Encode: structure -> flat buffer (buffer size)
995331Samw  * Pre-condition: obj is non-null.
1005331Samw  */
1015331Samw uint8_t *
smb_token_encode(smb_token_t * obj,uint32_t * len)102*11963SAfshin.Ardakani@Sun.COM smb_token_encode(smb_token_t *obj, uint32_t *len)
1035331Samw {
1045331Samw 	uint8_t *buf;
1055331Samw 	XDR xdrs;
1065331Samw 
1075331Samw 	if (!obj) {
108*11963SAfshin.Ardakani@Sun.COM 		syslog(LOG_ERR, "smb_token_encode: invalid parameter");
1095331Samw 		return (NULL);
1105331Samw 	}
1115331Samw 
112*11963SAfshin.Ardakani@Sun.COM 	*len = xdr_sizeof(smb_token_xdr, obj);
1135331Samw 	buf = (uint8_t *)malloc(*len);
1145331Samw 	if (!buf) {
115*11963SAfshin.Ardakani@Sun.COM 		syslog(LOG_ERR, "smb_token_encode: %m");
1165331Samw 		return (NULL);
1175331Samw 	}
1185331Samw 
1195331Samw 	xdrmem_create(&xdrs, (const caddr_t)buf, *len, XDR_ENCODE);
1205331Samw 
121*11963SAfshin.Ardakani@Sun.COM 	if (!smb_token_xdr(&xdrs, obj)) {
122*11963SAfshin.Ardakani@Sun.COM 		syslog(LOG_ERR, "smb_token_encode: XDR encode error");
1235331Samw 		*len = 0;
1245331Samw 		free(buf);
1255331Samw 		buf = NULL;
1265331Samw 	}
1275331Samw 
1285331Samw 	xdr_destroy(&xdrs);
1295331Samw 	return (buf);
1305331Samw }
1315331Samw 
1325331Samw /*
133*11963SAfshin.Ardakani@Sun.COM  * Decode: flat buffer -> structure
1345331Samw  */
135*11963SAfshin.Ardakani@Sun.COM smb_logon_t *
smb_logon_decode(uint8_t * buf,uint32_t len)136*11963SAfshin.Ardakani@Sun.COM smb_logon_decode(uint8_t *buf, uint32_t len)
1375331Samw {
138*11963SAfshin.Ardakani@Sun.COM 	smb_logon_t	*obj;
139*11963SAfshin.Ardakani@Sun.COM 	XDR		xdrs;
1405331Samw 
1415331Samw 	xdrmem_create(&xdrs, (const caddr_t)buf, len, XDR_DECODE);
142*11963SAfshin.Ardakani@Sun.COM 
143*11963SAfshin.Ardakani@Sun.COM 	if ((obj = malloc(sizeof (smb_logon_t))) == NULL) {
144*11963SAfshin.Ardakani@Sun.COM 		syslog(LOG_ERR, "smb_logon_decode: %m");
1455331Samw 		xdr_destroy(&xdrs);
1465331Samw 		return (NULL);
1475331Samw 	}
1485331Samw 
149*11963SAfshin.Ardakani@Sun.COM 	bzero(obj, sizeof (smb_logon_t));
150*11963SAfshin.Ardakani@Sun.COM 	if (!smb_logon_xdr(&xdrs, obj)) {
151*11963SAfshin.Ardakani@Sun.COM 		syslog(LOG_ERR, "smb_logon_decode: XDR decode error");
1525331Samw 		free(obj);
1535331Samw 		obj = NULL;
1545331Samw 	}
1555331Samw 
1565331Samw 	xdr_destroy(&xdrs);
1575331Samw 	return (obj);
1585331Samw }
1595967Scp160787 
1605967Scp160787 void
smb_logon_free(smb_logon_t * obj)161*11963SAfshin.Ardakani@Sun.COM smb_logon_free(smb_logon_t *obj)
1625967Scp160787 {
163*11963SAfshin.Ardakani@Sun.COM 	xdr_free(smb_logon_xdr, (char *)obj);
164*11963SAfshin.Ardakani@Sun.COM 	free(obj);
1655967Scp160787 }
1665331Samw #else /* _KERNEL */
1675331Samw /*
168*11963SAfshin.Ardakani@Sun.COM  * Tokens are allocated in the kernel via XDR.
169*11963SAfshin.Ardakani@Sun.COM  * Call xdr_free before freeing the token structure.
1705331Samw  */
1715331Samw void
smb_token_free(smb_token_t * token)1725331Samw smb_token_free(smb_token_t *token)
1735331Samw {
174*11963SAfshin.Ardakani@Sun.COM 	if (token != NULL) {
175*11963SAfshin.Ardakani@Sun.COM 		xdr_free(smb_token_xdr, (char *)token);
176*11963SAfshin.Ardakani@Sun.COM 		kmem_free(token, sizeof (smb_token_t));
177*11963SAfshin.Ardakani@Sun.COM 	}
1785331Samw }
1795331Samw #endif /* _KERNEL */
180