1*da6c28aaSamw /* 2*da6c28aaSamw * CDDL HEADER START 3*da6c28aaSamw * 4*da6c28aaSamw * The contents of this file are subject to the terms of the 5*da6c28aaSamw * Common Development and Distribution License (the "License"). 6*da6c28aaSamw * You may not use this file except in compliance with the License. 7*da6c28aaSamw * 8*da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*da6c28aaSamw * or http://www.opensolaris.org/os/licensing. 10*da6c28aaSamw * See the License for the specific language governing permissions 11*da6c28aaSamw * and limitations under the License. 12*da6c28aaSamw * 13*da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each 14*da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the 16*da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying 17*da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner] 18*da6c28aaSamw * 19*da6c28aaSamw * CDDL HEADER END 20*da6c28aaSamw */ 21*da6c28aaSamw /* 22*da6c28aaSamw * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23*da6c28aaSamw * Use is subject to license terms. 24*da6c28aaSamw */ 25*da6c28aaSamw 26*da6c28aaSamw #ifndef _LIBMLSVC_H 27*da6c28aaSamw #define _LIBMLSVC_H 28*da6c28aaSamw 29*da6c28aaSamw #pragma ident "%Z%%M% %I% %E% SMI" 30*da6c28aaSamw 31*da6c28aaSamw #include <sys/types.h> 32*da6c28aaSamw #include <smbsrv/ntsid.h> 33*da6c28aaSamw #include <smbsrv/hash_table.h> 34*da6c28aaSamw #include <smbsrv/smb_token.h> 35*da6c28aaSamw #include <smbsrv/smb_privilege.h> 36*da6c28aaSamw #include <smbsrv/lmshare.h> 37*da6c28aaSamw #include <smbsrv/libsmb.h> 38*da6c28aaSamw 39*da6c28aaSamw #ifdef __cplusplus 40*da6c28aaSamw extern "C" { 41*da6c28aaSamw #endif 42*da6c28aaSamw 43*da6c28aaSamw extern int mlsvc_init(void); 44*da6c28aaSamw extern int mlsvc_is_local_domain(const char *); 45*da6c28aaSamw extern DWORD lsa_query_primary_domain_info(void); 46*da6c28aaSamw extern DWORD lsa_query_account_domain_info(void); 47*da6c28aaSamw extern DWORD lsa_enum_trusted_domains(void); 48*da6c28aaSamw 49*da6c28aaSamw extern boolean_t locate_resource_pdc(char *); 50*da6c28aaSamw 51*da6c28aaSamw #define SMB_AUTOHOME_FILE "smbautohome" 52*da6c28aaSamw #define SMB_AUTOHOME_PATH "/etc" 53*da6c28aaSamw 54*da6c28aaSamw typedef struct smb_autohome { 55*da6c28aaSamw struct smb_autohome *ah_next; 56*da6c28aaSamw uint32_t ah_hits; 57*da6c28aaSamw time_t ah_timestamp; 58*da6c28aaSamw char *ah_name; /* User account name */ 59*da6c28aaSamw char *ah_path; /* Home directory path */ 60*da6c28aaSamw char *ah_container; /* ADS container distinguished name */ 61*da6c28aaSamw } smb_autohome_t; 62*da6c28aaSamw 63*da6c28aaSamw extern int smb_autohome_add(const char *); 64*da6c28aaSamw extern int smb_autohome_remove(const char *); 65*da6c28aaSamw extern int smb_is_autohome(const lmshare_info_t *); 66*da6c28aaSamw extern void smb_autohome_setent(void); 67*da6c28aaSamw extern void smb_autohome_endent(void); 68*da6c28aaSamw extern smb_autohome_t *smb_autohome_getent(const char *name); 69*da6c28aaSamw extern smb_autohome_t *smb_autohome_lookup(const char *name); 70*da6c28aaSamw 71*da6c28aaSamw /* 72*da6c28aaSamw * Local groups 73*da6c28aaSamw */ 74*da6c28aaSamw #define NT_GROUP_FMRI_PREFIX "network/smb/group" 75*da6c28aaSamw 76*da6c28aaSamw typedef enum { 77*da6c28aaSamw RWLOCK_NONE, 78*da6c28aaSamw RWLOCK_WRITER, 79*da6c28aaSamw RWLOCK_READER 80*da6c28aaSamw } krwmode_t; 81*da6c28aaSamw 82*da6c28aaSamw typedef struct nt_group_data { 83*da6c28aaSamw void *data; 84*da6c28aaSamw int size; 85*da6c28aaSamw } nt_group_data_t; 86*da6c28aaSamw 87*da6c28aaSamw /* 88*da6c28aaSamw * IMPORTANT NOTE: 89*da6c28aaSamw * If you change nt_group_member_t, nt_group_members_t, or nt_group_t 90*da6c28aaSamw * structures, you MIGHT have to change following functions accordingly: 91*da6c28aaSamw * nt_group_setfields 92*da6c28aaSamw * nt_group_init_size 93*da6c28aaSamw * nt_group_init 94*da6c28aaSamw */ 95*da6c28aaSamw typedef struct nt_group_member { 96*da6c28aaSamw uint16_t info_size; /* size of the whole structure */ 97*da6c28aaSamw uint16_t sid_name_use; /* type of the specified SID */ 98*da6c28aaSamw char *account; /* Pointer to account name of member */ 99*da6c28aaSamw nt_sid_t sid; /* Variable length */ 100*da6c28aaSamw } nt_group_member_t; 101*da6c28aaSamw 102*da6c28aaSamw typedef struct nt_group_members { 103*da6c28aaSamw uint32_t size; /* in bytes */ 104*da6c28aaSamw uint32_t count; 105*da6c28aaSamw nt_group_member_t list[ANY_SIZE_ARRAY]; 106*da6c28aaSamw } nt_group_members_t; 107*da6c28aaSamw 108*da6c28aaSamw typedef struct nt_group { 109*da6c28aaSamw time_t age; 110*da6c28aaSamw nt_group_data_t info; 111*da6c28aaSamw /* 112*da6c28aaSamw * following fields point to a contigous block 113*da6c28aaSamw * of memory that is read and written from/to DB 114*da6c28aaSamw */ 115*da6c28aaSamw uint32_t *attr; 116*da6c28aaSamw uint16_t *sid_name_use; 117*da6c28aaSamw char *name; 118*da6c28aaSamw char *comment; 119*da6c28aaSamw nt_sid_t *sid; 120*da6c28aaSamw smb_privset_t *privileges; 121*da6c28aaSamw nt_group_members_t *members; 122*da6c28aaSamw } nt_group_t; 123*da6c28aaSamw 124*da6c28aaSamw typedef struct nt_group_iterator { 125*da6c28aaSamw HT_ITERATOR *iterator; 126*da6c28aaSamw int iteration; 127*da6c28aaSamw } nt_group_iterator_t; 128*da6c28aaSamw 129*da6c28aaSamw extern int nt_group_num_groups(void); 130*da6c28aaSamw extern uint32_t nt_group_add(char *, char *); 131*da6c28aaSamw extern uint32_t nt_group_modify(char *, char *, char *); 132*da6c28aaSamw extern uint32_t nt_group_delete(char *); 133*da6c28aaSamw extern nt_group_t *nt_group_getinfo(char *, krwmode_t); 134*da6c28aaSamw extern void nt_group_putinfo(nt_group_t *); 135*da6c28aaSamw 136*da6c28aaSamw extern int nt_group_getpriv(nt_group_t *, uint32_t); 137*da6c28aaSamw extern uint32_t nt_group_setpriv(nt_group_t *, uint32_t, uint32_t); 138*da6c28aaSamw 139*da6c28aaSamw /* Member manipulation functions */ 140*da6c28aaSamw extern int nt_group_is_member(nt_group_t *, nt_sid_t *); 141*da6c28aaSamw extern uint32_t nt_group_del_member(nt_group_t *, void *, int); 142*da6c28aaSamw extern uint32_t nt_group_add_member(nt_group_t *, nt_sid_t *, uint16_t, char *); 143*da6c28aaSamw extern int nt_group_num_members(nt_group_t *); 144*da6c28aaSamw 145*da6c28aaSamw extern void nt_group_ht_lock(krwmode_t); 146*da6c28aaSamw extern void nt_group_ht_unlock(void); 147*da6c28aaSamw 148*da6c28aaSamw extern nt_group_iterator_t *nt_group_open_iterator(void); 149*da6c28aaSamw extern void nt_group_close_iterator(nt_group_iterator_t *); 150*da6c28aaSamw extern nt_group_t *nt_group_iterate(nt_group_iterator_t *); 151*da6c28aaSamw 152*da6c28aaSamw extern int nt_group_cache_size(void); 153*da6c28aaSamw 154*da6c28aaSamw extern int nt_group_member_list(int offset, nt_group_t *grp, 155*da6c28aaSamw ntgrp_member_list_t *rmembers); 156*da6c28aaSamw extern void nt_group_list(int offset, char *pattern, ntgrp_list_t *list); 157*da6c28aaSamw 158*da6c28aaSamw extern uint32_t sam_init(void); 159*da6c28aaSamw 160*da6c28aaSamw extern uint32_t nt_group_add_member_byname(char *, char *); 161*da6c28aaSamw extern uint32_t nt_group_del_member_byname(nt_group_t *, char *); 162*da6c28aaSamw extern void nt_group_add_groupprivs(nt_group_t *, smb_privset_t *); 163*da6c28aaSamw 164*da6c28aaSamw extern uint32_t nt_groups_member_privs(nt_sid_t *, smb_privset_t *); 165*da6c28aaSamw extern int nt_groups_member_ngroups(nt_sid_t *); 166*da6c28aaSamw extern uint32_t nt_groups_member_groups(nt_sid_t *, smb_id_t *, int); 167*da6c28aaSamw extern nt_group_t *nt_groups_lookup_rid(uint32_t); 168*da6c28aaSamw extern int nt_groups_count(int); 169*da6c28aaSamw 170*da6c28aaSamw /* 171*da6c28aaSamw * source for account name size is MSDN 172*da6c28aaSamw */ 173*da6c28aaSamw #define NT_GROUP_NAME_CHAR_MAX 32 174*da6c28aaSamw #define NT_GROUP_NAME_MAX (NT_GROUP_NAME_CHAR_MAX * 3 + 1) 175*da6c28aaSamw #define NT_GROUP_USER_NAME_MAX (NT_GROUP_NAME_CHAR_MAX * 3 + 1) 176*da6c28aaSamw #define NT_GROUP_MEMBER_NAME_MAX (NT_GROUP_NAME_CHAR_MAX * 3 + 1) 177*da6c28aaSamw #define NT_GROUP_COMMENT_MAX 256 178*da6c28aaSamw 179*da6c28aaSamw /* 180*da6c28aaSamw * flags for count operation 181*da6c28aaSamw */ 182*da6c28aaSamw #define NT_GROUP_CNT_BUILTIN 1 183*da6c28aaSamw #define NT_GROUP_CNT_LOCAL 2 184*da6c28aaSamw #define NT_GROUP_CNT_ALL 3 185*da6c28aaSamw 186*da6c28aaSamw /* 187*da6c28aaSamw * flag to distinguish between add and modify 188*da6c28aaSamw * operations. 189*da6c28aaSamw */ 190*da6c28aaSamw #define NT_GROUP_OP_CHANGE 1 191*da6c28aaSamw #define NT_GROUP_OP_SYNC 2 192*da6c28aaSamw 193*da6c28aaSamw /* 194*da6c28aaSamw * specify key type for deleting a member i.e. 195*da6c28aaSamw * whether it's member's name or member's SID. 196*da6c28aaSamw */ 197*da6c28aaSamw #define NT_GROUP_KEY_SID 1 198*da6c28aaSamw #define NT_GROUP_KEY_NAME 2 199*da6c28aaSamw 200*da6c28aaSamw /* Macro for walking members */ 201*da6c28aaSamw #define NEXT_MEMBER(m) (nt_group_member_t *)((char *)(m) + (m)->info_size) 202*da6c28aaSamw 203*da6c28aaSamw /* 204*da6c28aaSamw * When NT requests the security descriptor for a local file that 205*da6c28aaSamw * doesn't already have a one, we generate one on-the-fly. The SD 206*da6c28aaSamw * contains both user and group SIDs. The problem is that we need a 207*da6c28aaSamw * way to distinguish a user SID from a group SID when NT performs a 208*da6c28aaSamw * subsequent SID lookup to obtain the appropriate name to display. 209*da6c28aaSamw * The following macros are used to map to and from an external 210*da6c28aaSamw * representation so that we can tell the difference between UIDs 211*da6c28aaSamw * and GIDs. The local UID/GID is shifted left and the LSB is used 212*da6c28aaSamw * to distinguish the id type before it is inserted into the SID. 213*da6c28aaSamw * We can then use this type identifier during lookup operations. 214*da6c28aaSamw */ 215*da6c28aaSamw #define SAM_MIN_RID 1000 216*da6c28aaSamw #define SAM_RT_ERROR -1 217*da6c28aaSamw #define SAM_RT_UNIX_UID 0 218*da6c28aaSamw #define SAM_RT_UNIX_GID 1 219*da6c28aaSamw #define SAM_RT_NT_UID 2 220*da6c28aaSamw #define SAM_RT_NT_GID 3 221*da6c28aaSamw #define SAM_RT_MASK 0x3 222*da6c28aaSamw #define SAM_RT_EVERYONE 4 223*da6c28aaSamw #define SAM_RT_UNKNOWN 5 224*da6c28aaSamw 225*da6c28aaSamw #define SAM_RID_TYPE(rid) ((rid) & SAM_RT_MASK) 226*da6c28aaSamw #define SAM_DECODE_RID(rid) (((rid) - SAM_MIN_RID) >> 2) 227*da6c28aaSamw #define SAM_ENCODE_RID(type, id) ((((id) << 2) | type) + SAM_MIN_RID) 228*da6c28aaSamw #define SAM_ENCODE_UXUID(id) SAM_ENCODE_RID(SAM_RT_UNIX_UID, id) 229*da6c28aaSamw #define SAM_ENCODE_UXGID(id) SAM_ENCODE_RID(SAM_RT_UNIX_GID, id) 230*da6c28aaSamw #define SAM_ENCODE_NTUID(id) SAM_ENCODE_RID(SAM_RT_NT_UID, id) 231*da6c28aaSamw #define SAM_ENCODE_NTGID(id) SAM_ENCODE_RID(SAM_RT_NT_GID, id) 232*da6c28aaSamw 233*da6c28aaSamw #ifdef __cplusplus 234*da6c28aaSamw } 235*da6c28aaSamw #endif 236*da6c28aaSamw 237*da6c28aaSamw #endif /* _LIBMLSVC_H */ 238