libmlsvc/common/smb_logon.c

b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * CDDL HEADER START
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * The contents of this file are subject to the terms of the
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Common Development and Distribution License (the "License").
b89a8333Snatalie li - Sun Microsystems - Irvine United States * You may not use this file except in compliance with the License.
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
b89a8333Snatalie li - Sun Microsystems - Irvine United States * or http://www.opensolaris.org/os/licensing.
b89a8333Snatalie li - Sun Microsystems - Irvine United States * See the License for the specific language governing permissions
b89a8333Snatalie li - Sun Microsystems - Irvine United States * and limitations under the License.
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * When distributing Covered Code, include this CDDL HEADER in each
b89a8333Snatalie li - Sun Microsystems - Irvine United States * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
b89a8333Snatalie li - Sun Microsystems - Irvine United States * If applicable, add the following below this CDDL HEADER, with the
b89a8333Snatalie li - Sun Microsystems - Irvine United States * fields enclosed by brackets "[]" replaced with your own identifying
b89a8333Snatalie li - Sun Microsystems - Irvine United States * information: Portions Copyright [yyyy] [name of copyright owner]
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * CDDL HEADER END
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Use is subject to license terms.
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Security database interface.
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United States#include <unistd.h>
b89a8333Snatalie li - Sun Microsystems - Irvine United States#include <strings.h>
b89a8333Snatalie li - Sun Microsystems - Irvine United States#include <pwd.h>
b89a8333Snatalie li - Sun Microsystems - Irvine United States#include <grp.h>
b89a8333Snatalie li - Sun Microsystems - Irvine United States#include <time.h>
b89a8333Snatalie li - Sun Microsystems - Irvine United States#include <syslog.h>
b89a8333Snatalie li - Sun Microsystems - Irvine United States#include <assert.h>
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States#include <smbsrv/libsmb.h>
b89a8333Snatalie li - Sun Microsystems - Irvine United States#include <smbsrv/libmlsvc.h>
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States#include <smbsrv/smbinfo.h>
b89a8333Snatalie li - Sun Microsystems - Irvine United States#include <smbsrv/smb_token.h>
*8d7e4166Sjose borrego#include <lsalib.h>
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesextern uint32_t netlogon_logon(netr_client_t *clnt, smb_userinfo_t *uinfo);
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic uint32_t smb_logon_domain(netr_client_t *clnt, smb_userinfo_t *uinfo);
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic uint32_t smb_logon_local(netr_client_t *clnt, smb_userinfo_t *uinfo);
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic uint32_t smb_logon_none(netr_client_t *clnt, smb_userinfo_t *uinfo);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic uint32_t smb_setup_luinfo(smb_userinfo_t *, netr_client_t *, uid_t);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic int smb_token_is_member(smb_token_t *token, smb_sid_t *sid);
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic int smb_token_is_valid(smb_token_t *token);
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic smb_win_grps_t *smb_token_create_wingrps(smb_userinfo_t *user_info);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic smb_posix_grps_t *smb_token_create_pxgrps(uid_t uid);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States/* Consolidation private function from Network Repository */
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesextern int _getgroupsbymember(const char *, gid_t[], int, int);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic idmap_stat
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_token_idmap(smb_token_t *token, smb_idmap_batch_t *sib)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States	idmap_stat stat;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_idmap_t *sim;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_id_t *id;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	int i;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (!token || !sib)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (IDMAP_ERR_ARG);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	sim = sib->sib_maps;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (token->tkn_flags & SMB_ATF_ANON) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		token->tkn_user->i_id = UID_NOBODY;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		token->tkn_owner->i_id = UID_NOBODY;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	} else {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		/* User SID */
b89a8333Snatalie li - Sun Microsystems - Irvine United States		id = token->tkn_user;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		sim->sim_id = &id->i_id;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		stat = smb_idmap_batch_getid(sib->sib_idmaph, sim++,
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    id->i_sidattr.sid, SMB_IDMAP_USER);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (stat != IDMAP_SUCCESS)
b89a8333Snatalie li - Sun Microsystems - Irvine United States			return (stat);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		/* Owner SID */
b89a8333Snatalie li - Sun Microsystems - Irvine United States		id = token->tkn_owner;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		sim->sim_id = &id->i_id;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		stat = smb_idmap_batch_getid(sib->sib_idmaph, sim++,
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    id->i_sidattr.sid, SMB_IDMAP_USER);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (stat != IDMAP_SUCCESS)
b89a8333Snatalie li - Sun Microsystems - Irvine United States			return (stat);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	/* Primary Group SID */
b89a8333Snatalie li - Sun Microsystems - Irvine United States	id = token->tkn_primary_grp;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	sim->sim_id = &id->i_id;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	stat = smb_idmap_batch_getid(sib->sib_idmaph, sim++,
b89a8333Snatalie li - Sun Microsystems - Irvine United States	    id->i_sidattr.sid, SMB_IDMAP_GROUP);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (stat != IDMAP_SUCCESS)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (stat);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	/* Other Windows Group SIDs */
b89a8333Snatalie li - Sun Microsystems - Irvine United States	for (i = 0; i < token->tkn_win_grps->wg_count; i++, sim++) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		id = &token->tkn_win_grps->wg_groups[i];
b89a8333Snatalie li - Sun Microsystems - Irvine United States		sim->sim_id = &id->i_id;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		stat = smb_idmap_batch_getid(sib->sib_idmaph, sim,
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    id->i_sidattr.sid, SMB_IDMAP_GROUP);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (stat != IDMAP_SUCCESS)
b89a8333Snatalie li - Sun Microsystems - Irvine United States			break;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	return (stat);
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * smb_token_sids2ids
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * This will map all the SIDs of the access token to UIDs/GIDs.
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Returns 0 upon success.  Otherwise, returns -1.
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic int
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_token_sids2ids(smb_token_t *token)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States	idmap_stat stat;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	int nmaps, retries = 0;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_idmap_batch_t sib;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States	 * Number of idmap lookups: user SID, owner SID, primary group SID,
b89a8333Snatalie li - Sun Microsystems - Irvine United States	 * and all Windows group SIDs
b89a8333Snatalie li - Sun Microsystems - Irvine United States	 */
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (token->tkn_flags & SMB_ATF_ANON)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 * Don't include user and owner SID, they're Anonymous
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 */
b89a8333Snatalie li - Sun Microsystems - Irvine United States		nmaps = 1;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	else
b89a8333Snatalie li - Sun Microsystems - Irvine United States		nmaps = 3;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	nmaps += token->tkn_win_grps->wg_count;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	do {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		stat = smb_idmap_batch_create(&sib, nmaps, SMB_IDMAP_SID2ID);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (stat != IDMAP_SUCCESS)
b89a8333Snatalie li - Sun Microsystems - Irvine United States			return (-1);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		stat = smb_token_idmap(token, &sib);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (stat != IDMAP_SUCCESS) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States			smb_idmap_batch_destroy(&sib);
b89a8333Snatalie li - Sun Microsystems - Irvine United States			return (-1);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		stat = smb_idmap_batch_getmappings(&sib);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		smb_idmap_batch_destroy(&sib);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (stat == IDMAP_ERR_RPC_HANDLE)
b89a8333Snatalie li - Sun Microsystems - Irvine United States			if (smb_idmap_restart() < 0)
b89a8333Snatalie li - Sun Microsystems - Irvine United States				break;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	} while (stat == IDMAP_ERR_RPC_HANDLE && retries++ < 3);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	return (stat == IDMAP_SUCCESS ? 0 : -1);
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * smb_token_create_pxgrps
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Setup the POSIX group membership of the access token if the given UID is
b89a8333Snatalie li - Sun Microsystems - Irvine United States * a POSIX UID (non-ephemeral). Both the user's primary group and
b89a8333Snatalie li - Sun Microsystems - Irvine United States * supplementary groups will be added to the POSIX group array of the access
b89a8333Snatalie li - Sun Microsystems - Irvine United States * token.
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic smb_posix_grps_t *
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_token_create_pxgrps(uid_t uid)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States	struct passwd *pwd;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_posix_grps_t *pgrps;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	int ngroups_max, num;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	gid_t *gids;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if ((ngroups_max = sysconf(_SC_NGROUPS_MAX)) < 0) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		syslog(LOG_ERR, "smb_logon: failed to get _SC_NGROUPS_MAX");
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	pwd = getpwuid(uid);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (pwd == NULL) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		pgrps = malloc(sizeof (smb_posix_grps_t));
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (pgrps == NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States			return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		pgrps->pg_ngrps = 0;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (pgrps);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (pwd->pw_name == NULL) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		pgrps = malloc(sizeof (smb_posix_grps_t));
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (pgrps == NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States			return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		pgrps->pg_ngrps = 1;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		pgrps->pg_grps[0] = pwd->pw_gid;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (pgrps);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	gids = (gid_t *)malloc(ngroups_max * sizeof (gid_t));
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (gids == NULL) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States	bzero(gids, ngroups_max * sizeof (gid_t));
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	gids[0] = pwd->pw_gid;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States	 * Setup the groups starting at index 1 (the last arg)
b89a8333Snatalie li - Sun Microsystems - Irvine United States	 * of gids array.
b89a8333Snatalie li - Sun Microsystems - Irvine United States	 */
b89a8333Snatalie li - Sun Microsystems - Irvine United States	num = _getgroupsbymember(pwd->pw_name, gids, ngroups_max, 1);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (num == -1) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		syslog(LOG_ERR, "smb_logon: unable "
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    "to get user's supplementary groups");
b89a8333Snatalie li - Sun Microsystems - Irvine United States		num = 1;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	pgrps = (smb_posix_grps_t *)malloc(SMB_POSIX_GRPS_SIZE(num));
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (pgrps) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		pgrps->pg_ngrps = num;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		bcopy(gids, pgrps->pg_grps, num * sizeof (gid_t));
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	free(gids);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	return (pgrps);
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * smb_token_destroy
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Release all of the memory associated with a token structure. Ensure
b89a8333Snatalie li - Sun Microsystems - Irvine United States * that the token has been unlinked before calling.
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesvoid
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_token_destroy(smb_token_t *token)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_win_grps_t *groups;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	int i;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (token == NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (token->tkn_user) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		free(token->tkn_user->i_sidattr.sid);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		free(token->tkn_user);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (token->tkn_owner) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		free(token->tkn_owner->i_sidattr.sid);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		free(token->tkn_owner);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (token->tkn_primary_grp) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		free(token->tkn_primary_grp->i_sidattr.sid);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		free(token->tkn_primary_grp);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if ((groups = token->tkn_win_grps) != NULL) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		for (i = 0; i < groups->wg_count; ++i)
b89a8333Snatalie li - Sun Microsystems - Irvine United States			free(groups->wg_groups[i].i_sidattr.sid);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		free(groups);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_privset_free(token->tkn_privileges);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	free(token->tkn_posix_grps);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	free(token->tkn_account_name);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	free(token->tkn_domain_name);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	free(token->tkn_session_key);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	free(token);
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic smb_id_t *
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_token_create_id(smb_sid_t *sid)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_id_t *id;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if ((id = malloc(sizeof (smb_id_t))) == NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	id->i_id = (uid_t)-1;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	id->i_sidattr.attrs = 7;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	id->i_sidattr.sid = smb_sid_dup(sid);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (id->i_sidattr.sid == NULL) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		free(id);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		id = NULL;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	return (id);
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Token owner should be set to local Administrators group
b89a8333Snatalie li - Sun Microsystems - Irvine United States * in two cases:
b89a8333Snatalie li - Sun Microsystems - Irvine United States *   1. The logged on user is a member of Domain Admins group
b89a8333Snatalie li - Sun Microsystems - Irvine United States *   2. he/she is a member of local Administrators group
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic smb_id_t *
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_token_create_owner(smb_userinfo_t *user_info)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States#ifdef SMB_SUPPORT_GROUP_OWNER
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_sid_t *owner_sid;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_wka_t *wka;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (user_info->flags & SMB_UINFO_FLAG_ADMIN) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		wka = smb_wka_lookup("Administrators");
b89a8333Snatalie li - Sun Microsystems - Irvine United States		assert(wka);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		owner_sid = wka->wka_binsid;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	} else {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		owner_sid = user_info->user_sid;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	return (smb_token_create_id(owner_sid));
b89a8333Snatalie li - Sun Microsystems - Irvine United States#endif
b89a8333Snatalie li - Sun Microsystems - Irvine United States	return (smb_token_create_id(user_info->user_sid));
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic smb_privset_t *
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_token_create_privs(smb_userinfo_t *user_info)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_privset_t *privs;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_giter_t gi;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_group_t grp;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	int rc;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	privs = smb_privset_new();
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (privs == NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (smb_lgrp_iteropen(&gi) != SMB_LGRP_SUCCESS) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		smb_privset_free(privs);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	while (smb_lgrp_iterate(&gi, &grp) == SMB_LGRP_SUCCESS) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (smb_lgrp_is_member(&grp, user_info->user_sid)) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States			smb_privset_merge(privs, grp.sg_privs);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		}
b89a8333Snatalie li - Sun Microsystems - Irvine United States		smb_lgrp_free(&grp);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_lgrp_iterclose(&gi);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (user_info->flags & SMB_UINFO_FLAG_ADMIN) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		rc = smb_lgrp_getbyname("Administrators", &grp);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (rc == SMB_LGRP_SUCCESS) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States			smb_privset_merge(privs, grp.sg_privs);
b89a8333Snatalie li - Sun Microsystems - Irvine United States			smb_lgrp_free(&grp);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 * This privilege is required to view/edit SACL
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 */
b89a8333Snatalie li - Sun Microsystems - Irvine United States		smb_privset_enable(privs, SE_SECURITY_LUID);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	return (privs);
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic void
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_token_set_flags(smb_token_t *token, smb_userinfo_t *user_info)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_wka_t *wka;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (user_info->flags & SMB_UINFO_FLAG_ANON) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		token->tkn_flags |= SMB_ATF_ANON;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (user_info->rid == DOMAIN_USER_RID_GUEST) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		token->tkn_flags |= SMB_ATF_GUEST;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	wka = smb_wka_lookup("Administrators");
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (wka->wka_binsid && smb_token_is_member(token, wka->wka_binsid))
b89a8333Snatalie li - Sun Microsystems - Irvine United States		token->tkn_flags |= SMB_ATF_ADMIN;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	wka = smb_wka_lookup("Power Users");
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (wka->wka_binsid && smb_token_is_member(token, wka->wka_binsid))
b89a8333Snatalie li - Sun Microsystems - Irvine United States		token->tkn_flags |= SMB_ATF_POWERUSER;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	wka = smb_wka_lookup("Backup Operators");
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (wka->wka_binsid && smb_token_is_member(token, wka->wka_binsid))
b89a8333Snatalie li - Sun Microsystems - Irvine United States		token->tkn_flags |= SMB_ATF_BACKUPOP;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * smb_token_create
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Build an access token based on the given user information (user_info).
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * If everything is successful, a pointer to an access token is
b89a8333Snatalie li - Sun Microsystems - Irvine United States * returned. Otherwise a null pointer is returned.
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic smb_token_t *
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_token_create(smb_userinfo_t *user_info)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_token_t *token;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (user_info->sid_name_use != SidTypeUser)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	token = (smb_token_t *)malloc(sizeof (smb_token_t));
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (token == NULL) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		syslog(LOG_ERR, "smb_token_create: resource shortage");
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States	bzero(token, sizeof (smb_token_t));
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	/* User */
b89a8333Snatalie li - Sun Microsystems - Irvine United States	token->tkn_user = smb_token_create_id(user_info->user_sid);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (token->tkn_user == NULL) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		smb_token_destroy(token);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	/* Owner */
b89a8333Snatalie li - Sun Microsystems - Irvine United States	token->tkn_owner = smb_token_create_owner(user_info);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (token->tkn_owner == NULL) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		smb_token_destroy(token);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	/* Primary Group */
b89a8333Snatalie li - Sun Microsystems - Irvine United States	token->tkn_primary_grp = smb_token_create_id(user_info->pgrp_sid);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (token->tkn_primary_grp == NULL) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		smb_token_destroy(token);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	/* Privileges */
b89a8333Snatalie li - Sun Microsystems - Irvine United States	token->tkn_privileges = smb_token_create_privs(user_info);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (token->tkn_privileges == NULL) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		smb_token_destroy(token);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	/* Windows Groups */
b89a8333Snatalie li - Sun Microsystems - Irvine United States	token->tkn_win_grps = smb_token_create_wingrps(user_info);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_token_set_flags(token, user_info);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States	 * IMPORTANT
b89a8333Snatalie li - Sun Microsystems - Irvine United States	 *
b89a8333Snatalie li - Sun Microsystems - Irvine United States	 * This function has to be called after all the SIDs in the
b89a8333Snatalie li - Sun Microsystems - Irvine United States	 * token are setup (i.e. user, owner, primary and supplementary
b89a8333Snatalie li - Sun Microsystems - Irvine United States	 * groups) and before setting up Solaris groups.
b89a8333Snatalie li - Sun Microsystems - Irvine United States	 */
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (smb_token_sids2ids(token) != 0) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		syslog(LOG_ERR, "%s\\%s: idmap failed",
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    (user_info->domain_name) ? user_info->domain_name : "",
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    (user_info->name) ? user_info->name : "");
b89a8333Snatalie li - Sun Microsystems - Irvine United States		smb_token_destroy(token);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	/* Solaris Groups */
b89a8333Snatalie li - Sun Microsystems - Irvine United States	token->tkn_posix_grps = smb_token_create_pxgrps(token->tkn_user->i_id);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (user_info->session_key) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		token->tkn_session_key = malloc(sizeof (smb_session_key_t));
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (token->tkn_session_key == NULL) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States			smb_token_destroy(token);
b89a8333Snatalie li - Sun Microsystems - Irvine United States			return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		(void) memcpy(token->tkn_session_key,
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    user_info->session_key, sizeof (smb_session_key_t));
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	token->tkn_account_name = strdup(user_info->name);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	token->tkn_domain_name = strdup(user_info->domain_name);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (!smb_token_is_valid(token)) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		smb_token_destroy(token);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	return (token);
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * smb_token_create_wingrps
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * This private function supports smb_token_create() by mapping the group
b89a8333Snatalie li - Sun Microsystems - Irvine United States * information in the user_info structure to the form required in an
b89a8333Snatalie li - Sun Microsystems - Irvine United States * access token. The main difference is that the user_info contains
b89a8333Snatalie li - Sun Microsystems - Irvine United States * RIDs while and access token contains full SIDs. Memory allocated
b89a8333Snatalie li - Sun Microsystems - Irvine United States * here will be deallocated as part of smb_token_destroy().
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * If everything is successful, a pointer to a smb_win_grps_t
b89a8333Snatalie li - Sun Microsystems - Irvine United States * structure is returned. Otherwise a null pointer is returned.
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic smb_win_grps_t *
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_token_create_wingrps(smb_userinfo_t *user_info)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States	static char *wk_grps[] =
b89a8333Snatalie li - Sun Microsystems - Irvine United States		{"Authenticated Users", "NETWORK", "Administrators"};
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_win_grps_t *tkn_grps;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_sid_attrs_t *dlg_grps;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_rid_attrs_t *g_grps;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_sid_attrs_t *grp;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_sid_t *builtin_sid;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_giter_t gi;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_group_t lgrp;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	uint32_t n_gg, n_lg, n_dlg, n_wg;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	uint32_t i, j;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	int size, count;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (user_info == NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	n_gg = user_info->n_groups;		/* Global Groups */
b89a8333Snatalie li - Sun Microsystems - Irvine United States	n_dlg = user_info->n_other_grps;	/* Domain Local Groups */
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	/* Local Groups */
b89a8333Snatalie li - Sun Microsystems - Irvine United States	(void) smb_lgrp_numbymember(user_info->user_sid, (int *)&n_lg);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	/* Well known Groups */
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if ((user_info->flags & SMB_UINFO_FLAG_ADMIN) == SMB_UINFO_FLAG_DADMIN)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		/* if user is a domain admin but not a local admin */
b89a8333Snatalie li - Sun Microsystems - Irvine United States		n_wg = 3;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	else if (user_info->flags & SMB_UINFO_FLAG_ANON)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		n_wg = 0;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	else
b89a8333Snatalie li - Sun Microsystems - Irvine United States		n_wg = 2;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	count = n_gg + n_dlg + n_lg + n_wg;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	size = sizeof (smb_win_grps_t) + (count * sizeof (smb_id_t));
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if ((tkn_grps = malloc(size)) == NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	bzero(tkn_grps, size);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	/* Add global groups */
b89a8333Snatalie li - Sun Microsystems - Irvine United States	g_grps = user_info->groups;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	for (i = 0; i < n_gg; i++) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		grp = &tkn_grps->wg_groups[i].i_sidattr;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		grp->sid = smb_sid_splice(user_info->domain_sid, g_grps[i].rid);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (grp->sid == NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States			break;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		grp->attrs = g_grps[i].attributes;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (n_gg == 0) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 * if there's no global group should add the
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 * primary group.
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 */
b89a8333Snatalie li - Sun Microsystems - Irvine United States		grp = &tkn_grps->wg_groups[i].i_sidattr;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		grp->sid = smb_sid_dup(user_info->pgrp_sid);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (grp->sid != NULL) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States			grp->attrs = 0x7;
b89a8333Snatalie li - Sun Microsystems - Irvine United States			i++;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		}
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	/* Add domain local groups */
b89a8333Snatalie li - Sun Microsystems - Irvine United States	dlg_grps = user_info->other_grps;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	for (j = 0; j < n_dlg; j++, i++) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		grp = &tkn_grps->wg_groups[i].i_sidattr;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		grp->sid = smb_sid_dup(dlg_grps[j].sid);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (grp->sid == NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States			break;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		grp->attrs = dlg_grps[j].attrs;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	/* Add local groups */
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (n_lg && (smb_lgrp_iteropen(&gi) == SMB_LGRP_SUCCESS)) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		j = 0;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		while (smb_lgrp_iterate(&gi, &lgrp) == SMB_LGRP_SUCCESS) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States			if ((j < n_lg) &&
b89a8333Snatalie li - Sun Microsystems - Irvine United States			    smb_lgrp_is_member(&lgrp, user_info->user_sid)) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States				grp = &tkn_grps->wg_groups[i].i_sidattr;
b89a8333Snatalie li - Sun Microsystems - Irvine United States				grp->sid = smb_sid_dup(lgrp.sg_id.gs_sid);
b89a8333Snatalie li - Sun Microsystems - Irvine United States				if (grp->sid == NULL) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States					smb_lgrp_free(&lgrp);
b89a8333Snatalie li - Sun Microsystems - Irvine United States					break;
b89a8333Snatalie li - Sun Microsystems - Irvine United States				}
b89a8333Snatalie li - Sun Microsystems - Irvine United States				grp->attrs = lgrp.sg_attr;
b89a8333Snatalie li - Sun Microsystems - Irvine United States				i++;
b89a8333Snatalie li - Sun Microsystems - Irvine United States				j++;
b89a8333Snatalie li - Sun Microsystems - Irvine United States			}
b89a8333Snatalie li - Sun Microsystems - Irvine United States			smb_lgrp_free(&lgrp);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		}
b89a8333Snatalie li - Sun Microsystems - Irvine United States		smb_lgrp_iterclose(&gi);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	/* Add well known groups */
b89a8333Snatalie li - Sun Microsystems - Irvine United States	for (j = 0; j < n_wg; j++, i++) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		builtin_sid = smb_wka_lookup_name(wk_grps[j], NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (builtin_sid == NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States			break;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		tkn_grps->wg_groups[i].i_sidattr.sid = builtin_sid;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		tkn_grps->wg_groups[i].i_sidattr.attrs = 0x7;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	tkn_grps->wg_count = i;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	return (tkn_grps);
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * smb_logon
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Performs user authentication and creates a token if the
b89a8333Snatalie li - Sun Microsystems - Irvine United States * authentication is successful.
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Returns pointer to the created token.
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_token_t *
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_logon(netr_client_t *clnt)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_token_t *token = NULL;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_userinfo_t *uinfo;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	uint32_t status;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if ((uinfo = mlsvc_alloc_user_info()) == 0)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	switch (clnt->flags) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States	case NETR_CFLG_DOMAIN:
b89a8333Snatalie li - Sun Microsystems - Irvine United States		/* Pass through authentication with DC */
b89a8333Snatalie li - Sun Microsystems - Irvine United States		status = smb_logon_domain(clnt, uinfo);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		break;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	case NETR_CFLG_LOCAL:
b89a8333Snatalie li - Sun Microsystems - Irvine United States		/* Local authentication */
b89a8333Snatalie li - Sun Microsystems - Irvine United States		status = smb_logon_local(clnt, uinfo);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		break;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	case NETR_CFLG_ANON:
b89a8333Snatalie li - Sun Microsystems - Irvine United States		/* Anonymous user; no authentication */
b89a8333Snatalie li - Sun Microsystems - Irvine United States		status = smb_logon_none(clnt, uinfo);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		break;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	default:
b89a8333Snatalie li - Sun Microsystems - Irvine United States		status = NT_STATUS_INVALID_PARAMETER;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		break;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (status == NT_STATUS_SUCCESS)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		token = smb_token_create(uinfo);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	mlsvc_free_user_info(uinfo);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	return (token);
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * smb_logon_domain
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Performs pass through authentication with PDC.
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic uint32_t
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_logon_domain(netr_client_t *clnt, smb_userinfo_t *uinfo)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States	uint32_t status;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if ((status = netlogon_logon(clnt, uinfo)) != 0) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (status == NT_STATUS_CANT_ACCESS_DOMAIN_INFO) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States			if ((status = netlogon_logon(clnt, uinfo)) != 0) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States				syslog(LOG_INFO, "SmbLogon[%s\\%s]: %s",
b89a8333Snatalie li - Sun Microsystems - Irvine United States				    clnt->domain, clnt->username,
b89a8333Snatalie li - Sun Microsystems - Irvine United States				    xlate_nt_status(status));
b89a8333Snatalie li - Sun Microsystems - Irvine United States				return (status);
b89a8333Snatalie li - Sun Microsystems - Irvine United States			}
b89a8333Snatalie li - Sun Microsystems - Irvine United States		}
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	return (status);
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * smb_logon_local
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Check to see if connected user has an entry in the local
b89a8333Snatalie li - Sun Microsystems - Irvine United States * smbpasswd database. If it has, tries both LM hash and NT
b89a8333Snatalie li - Sun Microsystems - Irvine United States * hash with user's password(s) to authenticate the user.
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic uint32_t
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_logon_local(netr_client_t *clnt, smb_userinfo_t *uinfo)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_passwd_t smbpw;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	boolean_t lm_ok, nt_ok;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	uint32_t status;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (smb_pwd_getpasswd(clnt->username, &smbpw) == NULL) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 * If user doesn't have entry either in smbpasswd
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 * or passwd it's considered as an invalid user.
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 */
b89a8333Snatalie li - Sun Microsystems - Irvine United States		status = NT_STATUS_NO_SUCH_USER;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		syslog(LOG_NOTICE, "SmbLogon[%s\\%s]: %s",
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    clnt->domain, clnt->username,
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    xlate_nt_status(status));
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (status);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (smbpw.pw_flags & SMB_PWF_DISABLE)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NT_STATUS_ACCOUNT_DISABLED);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	nt_ok = lm_ok = B_FALSE;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if ((smbpw.pw_flags & SMB_PWF_LM) &&
b89a8333Snatalie li - Sun Microsystems - Irvine United States	    (clnt->lm_password.lm_password_len != 0)) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		lm_ok = smb_auth_validate_lm(
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    clnt->challenge_key.challenge_key_val,
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    clnt->challenge_key.challenge_key_len,
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    &smbpw,
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    clnt->lm_password.lm_password_val,
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    clnt->lm_password.lm_password_len,
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    clnt->domain,
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    clnt->username);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		uinfo->session_key = NULL;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (!lm_ok && (clnt->nt_password.nt_password_len != 0)) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if ((uinfo->session_key =
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    malloc(SMBAUTH_SESSION_KEY_SZ)) == NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States			return (NT_STATUS_NO_MEMORY);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		nt_ok = smb_auth_validate_nt(
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    clnt->challenge_key.challenge_key_val,
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    clnt->challenge_key.challenge_key_len,
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    &smbpw,
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    clnt->nt_password.nt_password_val,
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    clnt->nt_password.nt_password_len,
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    clnt->domain,
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    clnt->username,
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    (uchar_t *)uinfo->session_key);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (!nt_ok && !lm_ok) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		status = NT_STATUS_WRONG_PASSWORD;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		syslog(LOG_NOTICE, "SmbLogon[%s\\%s]: %s",
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    clnt->domain, clnt->username,
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    xlate_nt_status(status));
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (status);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	status = smb_setup_luinfo(uinfo, clnt, smbpw.pw_uid);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	return (status);
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * smb_logon_none
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Setup user information for anonymous user.
b89a8333Snatalie li - Sun Microsystems - Irvine United States * No authentication is required.
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic uint32_t
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_logon_none(netr_client_t *clnt, smb_userinfo_t *uinfo)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States	return (smb_setup_luinfo(uinfo, clnt, (uid_t)-1));
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * smb_setup_luinfo
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Setup local user information based on the client information and
b89a8333Snatalie li - Sun Microsystems - Irvine United States * user's record in the local password file.
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic uint32_t
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_setup_luinfo(smb_userinfo_t *lui, netr_client_t *clnt, uid_t uid)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States	idmap_stat stat;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_idmap_batch_t sib;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_idmap_t *umap, *gmap;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_group_t grp;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	struct passwd pw;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	char pwbuf[1024];
b89a8333Snatalie li - Sun Microsystems - Irvine United States	char nbname[NETBIOS_NAME_SZ];
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	(void) smb_getnetbiosname(nbname, sizeof (nbname));
b89a8333Snatalie li - Sun Microsystems - Irvine United States	lui->sid_name_use = SidTypeUser;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	lui->domain_sid = smb_sid_dup(nt_domain_local_sid());
b89a8333Snatalie li - Sun Microsystems - Irvine United States	lui->name = strdup(clnt->username);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	lui->domain_name = strdup(nbname);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	lui->n_groups = 0;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	lui->groups = NULL;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	lui->n_other_grps = 0;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	lui->other_grps = NULL;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	lui->flags = 0;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (lui->name == NULL || lui->domain_name == NULL ||
b89a8333Snatalie li - Sun Microsystems - Irvine United States	    lui->domain_sid == NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NT_STATUS_INVALID_PARAMETER);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (clnt->flags & NETR_CFLG_ANON) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		lui->user_sid = smb_wka_lookup_name("Anonymous", NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		lui->pgrp_sid = smb_wka_lookup_name("Anonymous", NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		lui->flags = SMB_UINFO_FLAG_ANON;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (lui->user_sid == NULL || lui->pgrp_sid == NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States			return (NT_STATUS_NO_MEMORY);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NT_STATUS_SUCCESS);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (getpwuid_r(uid, &pw, pwbuf, sizeof (pwbuf)) == NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NT_STATUS_NO_SUCH_USER);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	/* Get the SID for user's uid & gid */
b89a8333Snatalie li - Sun Microsystems - Irvine United States	stat = smb_idmap_batch_create(&sib, 2, SMB_IDMAP_ID2SID);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (stat != IDMAP_SUCCESS) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NT_STATUS_INTERNAL_ERROR);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	umap = &sib.sib_maps[0];
b89a8333Snatalie li - Sun Microsystems - Irvine United States	stat = smb_idmap_batch_getsid(sib.sib_idmaph, umap, pw.pw_uid,
b89a8333Snatalie li - Sun Microsystems - Irvine United States	    SMB_IDMAP_USER);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (stat != IDMAP_SUCCESS) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		smb_idmap_batch_destroy(&sib);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NT_STATUS_INTERNAL_ERROR);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	gmap = &sib.sib_maps[1];
b89a8333Snatalie li - Sun Microsystems - Irvine United States	stat = smb_idmap_batch_getsid(sib.sib_idmaph, gmap, pw.pw_gid,
b89a8333Snatalie li - Sun Microsystems - Irvine United States	    SMB_IDMAP_GROUP);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (stat != IDMAP_SUCCESS) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		smb_idmap_batch_destroy(&sib);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NT_STATUS_INTERNAL_ERROR);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	stat = smb_idmap_batch_getmappings(&sib);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (stat != IDMAP_SUCCESS) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NT_STATUS_INTERNAL_ERROR);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	lui->rid = umap->sim_rid;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	lui->user_sid = smb_sid_dup(umap->sim_sid);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	lui->primary_group_rid = gmap->sim_rid;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	lui->pgrp_sid = smb_sid_dup(gmap->sim_sid);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_idmap_batch_destroy(&sib);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if ((lui->user_sid == NULL) || (lui->pgrp_sid == NULL))
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NT_STATUS_NO_MEMORY);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (smb_lgrp_getbyname("Administrators", &grp) == SMB_LGRP_SUCCESS) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (smb_lgrp_is_member(&grp, lui->user_sid))
b89a8333Snatalie li - Sun Microsystems - Irvine United States			lui->flags = SMB_UINFO_FLAG_LADMIN;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		smb_lgrp_free(&grp);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	return (NT_STATUS_SUCCESS);
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * smb_token_is_valid
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * check to see if specified fields of the given access
b89a8333Snatalie li - Sun Microsystems - Irvine United States * token are valid.
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Returns 1 if all of them are valid; otherwise 0.
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic int
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_token_is_valid(smb_token_t *token)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States	int valid;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	valid = (token->tkn_user != 0) &&
b89a8333Snatalie li - Sun Microsystems - Irvine United States	    (token->tkn_user->i_sidattr.sid != 0) &&
b89a8333Snatalie li - Sun Microsystems - Irvine United States	    (token->tkn_privileges != 0) &&
b89a8333Snatalie li - Sun Microsystems - Irvine United States	    (token->tkn_win_grps != 0) &&
b89a8333Snatalie li - Sun Microsystems - Irvine United States	    (token->tkn_owner != 0) &&
b89a8333Snatalie li - Sun Microsystems - Irvine United States	    (token->tkn_owner->i_sidattr.sid != 0) &&
b89a8333Snatalie li - Sun Microsystems - Irvine United States	    (token->tkn_primary_grp != 0) &&
b89a8333Snatalie li - Sun Microsystems - Irvine United States	    (token->tkn_primary_grp->i_sidattr.sid != 0);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	return (valid);
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * smb_token_user_sid
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Return a pointer to the user SID in the specified token. A null
b89a8333Snatalie li - Sun Microsystems - Irvine United States * pointer indicates an error.
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic smb_sid_t *
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_token_user_sid(smb_token_t *token)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (token && token->tkn_user)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return ((token)->tkn_user->i_sidattr.sid);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * smb_token_group_sid
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Return a pointer to the group SID as indicated by the iterator.
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Setting the iterator to 0 before calling this function will return
b89a8333Snatalie li - Sun Microsystems - Irvine United States * the first group, which will always be the primary group. The
b89a8333Snatalie li - Sun Microsystems - Irvine United States * iterator will be incremented before returning the SID so that this
b89a8333Snatalie li - Sun Microsystems - Irvine United States * function can be used to cycle through the groups. The caller can
b89a8333Snatalie li - Sun Microsystems - Irvine United States * adjust the iterator as required between calls to obtain any specific
b89a8333Snatalie li - Sun Microsystems - Irvine United States * group.
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * On success a pointer to the appropriate group SID will be returned.
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Otherwise a null pointer will be returned.
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic smb_sid_t *
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_token_group_sid(smb_token_t *token, int *iterator)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_win_grps_t *groups;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	int index;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (token == NULL || iterator == NULL) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if ((groups = token->tkn_win_grps) == NULL) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	index = *iterator;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (index < 0 || index >= groups->wg_count) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (NULL);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	++(*iterator);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	return (groups->wg_groups[index].i_sidattr.sid);
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * smb_token_is_member
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * This function will determine whether or not the specified SID is a
b89a8333Snatalie li - Sun Microsystems - Irvine United States * member of a token. The user SID and all group SIDs are tested.
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Returns 1 if the SID is a member of the token. Otherwise returns 0.
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic int
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_token_is_member(smb_token_t *token, smb_sid_t *sid)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_sid_t *tsid;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	int iterator = 0;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	tsid = smb_token_user_sid(token);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	while (tsid) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (smb_sid_cmp(tsid, sid))
b89a8333Snatalie li - Sun Microsystems - Irvine United States			return (1);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		tsid = smb_token_group_sid(token, &iterator);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	return (0);
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * smb_token_log
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Diagnostic routine to write the contents of a token to the log.
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesvoid
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_token_log(smb_token_t *token)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_win_grps_t *w_grps;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_posix_grps_t *x_grps;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_sid_attrs_t *grp;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	char sidstr[SMB_SID_STRSZ];
b89a8333Snatalie li - Sun Microsystems - Irvine United States	int i;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (token == NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	syslog(LOG_DEBUG, "Token for %s\\%s",
b89a8333Snatalie li - Sun Microsystems - Irvine United States	    (token->tkn_domain_name) ? token->tkn_domain_name : "-NULL-",
b89a8333Snatalie li - Sun Microsystems - Irvine United States	    (token->tkn_account_name) ? token->tkn_account_name : "-NULL-");
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	syslog(LOG_DEBUG, "   User->Attr: %d",
b89a8333Snatalie li - Sun Microsystems - Irvine United States	    token->tkn_user->i_sidattr.attrs);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_sid_tostr((smb_sid_t *)token->tkn_user->i_sidattr.sid, sidstr);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	syslog(LOG_DEBUG, "   User->Sid: %s (id=%u)",
b89a8333Snatalie li - Sun Microsystems - Irvine United States	    sidstr, token->tkn_user->i_id);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_sid_tostr((smb_sid_t *)token->tkn_owner->i_sidattr.sid, sidstr);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	syslog(LOG_DEBUG, "   Ownr->Sid: %s (id=%u)",
b89a8333Snatalie li - Sun Microsystems - Irvine United States	    sidstr, token->tkn_owner->i_id);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	smb_sid_tostr((smb_sid_t *)token->tkn_primary_grp->i_sidattr.sid,
b89a8333Snatalie li - Sun Microsystems - Irvine United States	    sidstr);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	syslog(LOG_DEBUG, "   PGrp->Sid: %s (id=%u)",
b89a8333Snatalie li - Sun Microsystems - Irvine United States	    sidstr, token->tkn_primary_grp->i_id);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	w_grps = token->tkn_win_grps;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (w_grps) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		syslog(LOG_DEBUG, "   Windows groups: %d",
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    w_grps->wg_count);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		for (i = 0; i < w_grps->wg_count; ++i) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States			grp = &w_grps->wg_groups[i].i_sidattr;
b89a8333Snatalie li - Sun Microsystems - Irvine United States			syslog(LOG_DEBUG,
b89a8333Snatalie li - Sun Microsystems - Irvine United States			    "    Grp[%d].Attr:%d", i, grp->attrs);
b89a8333Snatalie li - Sun Microsystems - Irvine United States			if (w_grps->wg_groups[i].i_sidattr.sid) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States				smb_sid_tostr((smb_sid_t *)grp->sid, sidstr);
b89a8333Snatalie li - Sun Microsystems - Irvine United States				syslog(LOG_DEBUG,
b89a8333Snatalie li - Sun Microsystems - Irvine United States				    "    Grp[%d].Sid: %s (id=%u)", i, sidstr,
b89a8333Snatalie li - Sun Microsystems - Irvine United States				    w_grps->wg_groups[i].i_id);
b89a8333Snatalie li - Sun Microsystems - Irvine United States			}
b89a8333Snatalie li - Sun Microsystems - Irvine United States		}
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States	else
b89a8333Snatalie li - Sun Microsystems - Irvine United States		syslog(LOG_DEBUG, "   No Windows groups");
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	x_grps = token->tkn_posix_grps;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (x_grps) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		syslog(LOG_DEBUG, "   Solaris groups: %d",
b89a8333Snatalie li - Sun Microsystems - Irvine United States		    x_grps->pg_ngrps);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		for (i = 0; i < x_grps->pg_ngrps; i++)
b89a8333Snatalie li - Sun Microsystems - Irvine United States			syslog(LOG_DEBUG, "    %u",
b89a8333Snatalie li - Sun Microsystems - Irvine United States			    x_grps->pg_grps[i]);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States	else
b89a8333Snatalie li - Sun Microsystems - Irvine United States		syslog(LOG_DEBUG, "   No Solaris groups");
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (token->tkn_privileges)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		smb_privset_log(token->tkn_privileges);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	else
b89a8333Snatalie li - Sun Microsystems - Irvine United States		syslog(LOG_DEBUG, "   No privileges");
b89a8333Snatalie li - Sun Microsystems - Irvine United States}