1*5331Samw /* 2*5331Samw * CDDL HEADER START 3*5331Samw * 4*5331Samw * The contents of this file are subject to the terms of the 5*5331Samw * Common Development and Distribution License (the "License"). 6*5331Samw * You may not use this file except in compliance with the License. 7*5331Samw * 8*5331Samw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*5331Samw * or http://www.opensolaris.org/os/licensing. 10*5331Samw * See the License for the specific language governing permissions 11*5331Samw * and limitations under the License. 12*5331Samw * 13*5331Samw * When distributing Covered Code, include this CDDL HEADER in each 14*5331Samw * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*5331Samw * If applicable, add the following below this CDDL HEADER, with the 16*5331Samw * fields enclosed by brackets "[]" replaced with your own identifying 17*5331Samw * information: Portions Copyright [yyyy] [name of copyright owner] 18*5331Samw * 19*5331Samw * CDDL HEADER END 20*5331Samw */ 21*5331Samw /* 22*5331Samw * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23*5331Samw * Use is subject to license terms. 24*5331Samw */ 25*5331Samw 26*5331Samw #ifndef _LIBMLSVC_H 27*5331Samw #define _LIBMLSVC_H 28*5331Samw 29*5331Samw #pragma ident "%Z%%M% %I% %E% SMI" 30*5331Samw 31*5331Samw #include <sys/types.h> 32*5331Samw #include <smbsrv/ntsid.h> 33*5331Samw #include <smbsrv/hash_table.h> 34*5331Samw #include <smbsrv/smb_token.h> 35*5331Samw #include <smbsrv/smb_privilege.h> 36*5331Samw #include <smbsrv/lmshare.h> 37*5331Samw #include <smbsrv/libsmb.h> 38*5331Samw 39*5331Samw #ifdef __cplusplus 40*5331Samw extern "C" { 41*5331Samw #endif 42*5331Samw 43*5331Samw extern int mlsvc_init(void); 44*5331Samw extern int mlsvc_is_local_domain(const char *); 45*5331Samw extern DWORD lsa_query_primary_domain_info(void); 46*5331Samw extern DWORD lsa_query_account_domain_info(void); 47*5331Samw extern DWORD lsa_enum_trusted_domains(void); 48*5331Samw 49*5331Samw extern boolean_t locate_resource_pdc(char *); 50*5331Samw 51*5331Samw #define SMB_AUTOHOME_FILE "smbautohome" 52*5331Samw #define SMB_AUTOHOME_PATH "/etc" 53*5331Samw 54*5331Samw typedef struct smb_autohome { 55*5331Samw struct smb_autohome *ah_next; 56*5331Samw uint32_t ah_hits; 57*5331Samw time_t ah_timestamp; 58*5331Samw char *ah_name; /* User account name */ 59*5331Samw char *ah_path; /* Home directory path */ 60*5331Samw char *ah_container; /* ADS container distinguished name */ 61*5331Samw } smb_autohome_t; 62*5331Samw 63*5331Samw extern int smb_autohome_add(const char *); 64*5331Samw extern int smb_autohome_remove(const char *); 65*5331Samw extern int smb_is_autohome(const lmshare_info_t *); 66*5331Samw extern void smb_autohome_setent(void); 67*5331Samw extern void smb_autohome_endent(void); 68*5331Samw extern smb_autohome_t *smb_autohome_getent(const char *name); 69*5331Samw extern smb_autohome_t *smb_autohome_lookup(const char *name); 70*5331Samw 71*5331Samw /* 72*5331Samw * Local groups 73*5331Samw */ 74*5331Samw #define NT_GROUP_FMRI_PREFIX "network/smb/group" 75*5331Samw 76*5331Samw typedef enum { 77*5331Samw RWLOCK_NONE, 78*5331Samw RWLOCK_WRITER, 79*5331Samw RWLOCK_READER 80*5331Samw } krwmode_t; 81*5331Samw 82*5331Samw typedef struct nt_group_data { 83*5331Samw void *data; 84*5331Samw int size; 85*5331Samw } nt_group_data_t; 86*5331Samw 87*5331Samw /* 88*5331Samw * IMPORTANT NOTE: 89*5331Samw * If you change nt_group_member_t, nt_group_members_t, or nt_group_t 90*5331Samw * structures, you MIGHT have to change following functions accordingly: 91*5331Samw * nt_group_setfields 92*5331Samw * nt_group_init_size 93*5331Samw * nt_group_init 94*5331Samw */ 95*5331Samw typedef struct nt_group_member { 96*5331Samw uint16_t info_size; /* size of the whole structure */ 97*5331Samw uint16_t sid_name_use; /* type of the specified SID */ 98*5331Samw char *account; /* Pointer to account name of member */ 99*5331Samw nt_sid_t sid; /* Variable length */ 100*5331Samw } nt_group_member_t; 101*5331Samw 102*5331Samw typedef struct nt_group_members { 103*5331Samw uint32_t size; /* in bytes */ 104*5331Samw uint32_t count; 105*5331Samw nt_group_member_t list[ANY_SIZE_ARRAY]; 106*5331Samw } nt_group_members_t; 107*5331Samw 108*5331Samw typedef struct nt_group { 109*5331Samw time_t age; 110*5331Samw nt_group_data_t info; 111*5331Samw /* 112*5331Samw * following fields point to a contigous block 113*5331Samw * of memory that is read and written from/to DB 114*5331Samw */ 115*5331Samw uint32_t *attr; 116*5331Samw uint16_t *sid_name_use; 117*5331Samw char *name; 118*5331Samw char *comment; 119*5331Samw nt_sid_t *sid; 120*5331Samw smb_privset_t *privileges; 121*5331Samw nt_group_members_t *members; 122*5331Samw } nt_group_t; 123*5331Samw 124*5331Samw typedef struct nt_group_iterator { 125*5331Samw HT_ITERATOR *iterator; 126*5331Samw int iteration; 127*5331Samw } nt_group_iterator_t; 128*5331Samw 129*5331Samw extern int nt_group_num_groups(void); 130*5331Samw extern uint32_t nt_group_add(char *, char *); 131*5331Samw extern uint32_t nt_group_modify(char *, char *, char *); 132*5331Samw extern uint32_t nt_group_delete(char *); 133*5331Samw extern nt_group_t *nt_group_getinfo(char *, krwmode_t); 134*5331Samw extern void nt_group_putinfo(nt_group_t *); 135*5331Samw 136*5331Samw extern int nt_group_getpriv(nt_group_t *, uint32_t); 137*5331Samw extern uint32_t nt_group_setpriv(nt_group_t *, uint32_t, uint32_t); 138*5331Samw 139*5331Samw /* Member manipulation functions */ 140*5331Samw extern int nt_group_is_member(nt_group_t *, nt_sid_t *); 141*5331Samw extern uint32_t nt_group_del_member(nt_group_t *, void *, int); 142*5331Samw extern uint32_t nt_group_add_member(nt_group_t *, nt_sid_t *, uint16_t, char *); 143*5331Samw extern int nt_group_num_members(nt_group_t *); 144*5331Samw 145*5331Samw extern void nt_group_ht_lock(krwmode_t); 146*5331Samw extern void nt_group_ht_unlock(void); 147*5331Samw 148*5331Samw extern nt_group_iterator_t *nt_group_open_iterator(void); 149*5331Samw extern void nt_group_close_iterator(nt_group_iterator_t *); 150*5331Samw extern nt_group_t *nt_group_iterate(nt_group_iterator_t *); 151*5331Samw 152*5331Samw extern int nt_group_cache_size(void); 153*5331Samw 154*5331Samw extern int nt_group_member_list(int offset, nt_group_t *grp, 155*5331Samw ntgrp_member_list_t *rmembers); 156*5331Samw extern void nt_group_list(int offset, char *pattern, ntgrp_list_t *list); 157*5331Samw 158*5331Samw extern uint32_t sam_init(void); 159*5331Samw 160*5331Samw extern uint32_t nt_group_add_member_byname(char *, char *); 161*5331Samw extern uint32_t nt_group_del_member_byname(nt_group_t *, char *); 162*5331Samw extern void nt_group_add_groupprivs(nt_group_t *, smb_privset_t *); 163*5331Samw 164*5331Samw extern uint32_t nt_groups_member_privs(nt_sid_t *, smb_privset_t *); 165*5331Samw extern int nt_groups_member_ngroups(nt_sid_t *); 166*5331Samw extern uint32_t nt_groups_member_groups(nt_sid_t *, smb_id_t *, int); 167*5331Samw extern nt_group_t *nt_groups_lookup_rid(uint32_t); 168*5331Samw extern int nt_groups_count(int); 169*5331Samw 170*5331Samw /* 171*5331Samw * source for account name size is MSDN 172*5331Samw */ 173*5331Samw #define NT_GROUP_NAME_CHAR_MAX 32 174*5331Samw #define NT_GROUP_NAME_MAX (NT_GROUP_NAME_CHAR_MAX * 3 + 1) 175*5331Samw #define NT_GROUP_USER_NAME_MAX (NT_GROUP_NAME_CHAR_MAX * 3 + 1) 176*5331Samw #define NT_GROUP_MEMBER_NAME_MAX (NT_GROUP_NAME_CHAR_MAX * 3 + 1) 177*5331Samw #define NT_GROUP_COMMENT_MAX 256 178*5331Samw 179*5331Samw /* 180*5331Samw * flags for count operation 181*5331Samw */ 182*5331Samw #define NT_GROUP_CNT_BUILTIN 1 183*5331Samw #define NT_GROUP_CNT_LOCAL 2 184*5331Samw #define NT_GROUP_CNT_ALL 3 185*5331Samw 186*5331Samw /* 187*5331Samw * flag to distinguish between add and modify 188*5331Samw * operations. 189*5331Samw */ 190*5331Samw #define NT_GROUP_OP_CHANGE 1 191*5331Samw #define NT_GROUP_OP_SYNC 2 192*5331Samw 193*5331Samw /* 194*5331Samw * specify key type for deleting a member i.e. 195*5331Samw * whether it's member's name or member's SID. 196*5331Samw */ 197*5331Samw #define NT_GROUP_KEY_SID 1 198*5331Samw #define NT_GROUP_KEY_NAME 2 199*5331Samw 200*5331Samw /* Macro for walking members */ 201*5331Samw #define NEXT_MEMBER(m) (nt_group_member_t *)((char *)(m) + (m)->info_size) 202*5331Samw 203*5331Samw /* 204*5331Samw * When NT requests the security descriptor for a local file that 205*5331Samw * doesn't already have a one, we generate one on-the-fly. The SD 206*5331Samw * contains both user and group SIDs. The problem is that we need a 207*5331Samw * way to distinguish a user SID from a group SID when NT performs a 208*5331Samw * subsequent SID lookup to obtain the appropriate name to display. 209*5331Samw * The following macros are used to map to and from an external 210*5331Samw * representation so that we can tell the difference between UIDs 211*5331Samw * and GIDs. The local UID/GID is shifted left and the LSB is used 212*5331Samw * to distinguish the id type before it is inserted into the SID. 213*5331Samw * We can then use this type identifier during lookup operations. 214*5331Samw */ 215*5331Samw #define SAM_MIN_RID 1000 216*5331Samw #define SAM_RT_ERROR -1 217*5331Samw #define SAM_RT_UNIX_UID 0 218*5331Samw #define SAM_RT_UNIX_GID 1 219*5331Samw #define SAM_RT_NT_UID 2 220*5331Samw #define SAM_RT_NT_GID 3 221*5331Samw #define SAM_RT_MASK 0x3 222*5331Samw #define SAM_RT_EVERYONE 4 223*5331Samw #define SAM_RT_UNKNOWN 5 224*5331Samw 225*5331Samw #define SAM_RID_TYPE(rid) ((rid) & SAM_RT_MASK) 226*5331Samw #define SAM_DECODE_RID(rid) (((rid) - SAM_MIN_RID) >> 2) 227*5331Samw #define SAM_ENCODE_RID(type, id) ((((id) << 2) | type) + SAM_MIN_RID) 228*5331Samw #define SAM_ENCODE_UXUID(id) SAM_ENCODE_RID(SAM_RT_UNIX_UID, id) 229*5331Samw #define SAM_ENCODE_UXGID(id) SAM_ENCODE_RID(SAM_RT_UNIX_GID, id) 230*5331Samw #define SAM_ENCODE_NTUID(id) SAM_ENCODE_RID(SAM_RT_NT_UID, id) 231*5331Samw #define SAM_ENCODE_NTGID(id) SAM_ENCODE_RID(SAM_RT_NT_GID, id) 232*5331Samw 233*5331Samw #ifdef __cplusplus 234*5331Samw } 235*5331Samw #endif 236*5331Samw 237*5331Samw #endif /* _LIBMLSVC_H */ 238