Print this page
1575 untangle libmlrpc ... (smbsrv)
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/smbsrv/smb_sid.h
+++ new/usr/src/uts/common/smbsrv/smb_sid.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
|
↓ open down ↓ |
21 lines elided |
↑ open up ↑ |
22 22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23 23 * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
24 24 */
25 25
26 26 #ifndef _SMB_SID_H
27 27 #define _SMB_SID_H
28 28
29 29 /*
30 30 * Security Identifier (SID) interface definition.
31 31 */
32 -#include <smbsrv/wintypes.h>
32 +#include <smb/wintypes.h>
33 33
34 34 #ifdef __cplusplus
35 35 extern "C" {
36 36 #endif
37 37
38 38 /*
39 39 * Predefined global user RIDs.
40 40 */
41 41 #define DOMAIN_USER_RID_ADMIN (0x000001F4L) /* 500 */
42 42 #define DOMAIN_USER_RID_GUEST (0x000001F5L) /* 501 */
43 43 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L) /* 502 */
44 44
45 45 /*
46 46 * Predefined global group RIDs.
47 47 */
48 48 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L) /* 512 */
49 49 #define DOMAIN_GROUP_RID_USERS (0x00000201L) /* 513 */
50 50 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L) /* 514 */
51 51 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L) /* 515 */
52 52 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L) /* 516 */
53 53 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L) /* 517 */
54 54 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L) /* 518 */
55 55 #define DOMAIN_GROUP_RID_EP_ADMINS (0x00000207L) /* 519 */
56 56 #define DOMAIN_GROUP_RID_GP_CREATOR (0x00000208L) /* 520 */
57 57
58 58
59 59 /*
60 60 * Predefined local alias RIDs.
61 61 */
62 62 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L) /* 544 */
63 63 #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
64 64 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
65 65 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
66 66 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
67 67 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
68 68 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
69 69 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
70 70 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
71 71
72 72
73 73 /*
74 74 * Universal and NT well-known SIDs
75 75 */
76 76 #define NT_NULL_AUTH_SIDSTR "S-1-0"
77 77 #define NT_NULL_SIDSTR "S-1-0-0"
78 78 #define NT_WORLD_AUTH_SIDSTR "S-1-1"
79 79 #define NT_WORLD_SIDSTR "S-1-1-0"
80 80 #define NT_LOCAL_AUTH_SIDSTR "S-1-2"
81 81 #define NT_LOCAL_SIDSTR "S-1-2-0"
82 82 #define NT_CREATOR_AUTH_SIDSTR "S-1-3"
83 83 #define NT_CREATOR_OWNER_ID_SIDSTR "S-1-3-0"
84 84 #define NT_CREATOR_GROUP_ID_SIDSTR "S-1-3-1"
85 85 #define NT_CREATOR_OWNER_SERVER_ID_SIDSTR "S-1-3-2"
86 86 #define NT_CREATOR_GROUP_SERVER_ID_SIDSTR "S-1-3-3"
87 87 #define NT_OWNER_RIGHTS_SIDSTR "S-1-3-4"
88 88 #define NT_GROUP_RIGHTS_SIDSTR "S-1-3-5"
89 89 #define NT_NON_UNIQUE_IDS_SIDSTR "S-1-4"
90 90 #define NT_AUTHORITY_SIDSTR "S-1-5"
91 91 #define NT_DIALUP_SIDSTR "S-1-5-1"
92 92 #define NT_NETWORK_SIDSTR "S-1-5-2"
93 93 #define NT_BATCH_SIDSTR "S-1-5-3"
94 94 #define NT_INTERACTIVE_SIDSTR "S-1-5-4"
95 95 #define NT_LOGON_SESSION_SIDSTR "S-1-5-5"
96 96 #define NT_SERVICE_SIDSTR "S-1-5-6"
97 97 #define NT_ANONYMOUS_LOGON_SIDSTR "S-1-5-7"
98 98 #define NT_PROXY_SIDSTR "S-1-5-8"
99 99 #define NT_SERVER_LOGON_SIDSTR "S-1-5-9"
100 100 #define NT_SELF_SIDSTR "S-1-5-10"
101 101 #define NT_AUTHENTICATED_USER_SIDSTR "S-1-5-11"
102 102 #define NT_RESTRICTED_CODE_SIDSTR "S-1-5-12"
103 103 #define NT_TERMINAL_SERVER_SIDSTR "S-1-5-13"
104 104 #define NT_LOCAL_SYSTEM_SIDSTR "S-1-5-18"
105 105 #define NT_NON_UNIQUE_SIDSTR "S-1-5-21"
106 106 #define NT_BUILTIN_DOMAIN_SIDSTR "S-1-5-32"
107 107 #define NT_BUILTIN_CURRENT_OWNER_SIDSTR "S-1-5-32-766"
108 108 #define NT_BUILTIN_CURRENT_GROUP_SIDSTR "S-1-5-32-767"
109 109
110 110
111 111 /*
112 112 * SID type indicators (SID_NAME_USE).
113 113 */
114 114 #define SidTypeNull 0
115 115 #define SidTypeUser 1
116 116 #define SidTypeGroup 2
117 117 #define SidTypeDomain 3
118 118 #define SidTypeAlias 4
119 119 #define SidTypeWellKnownGroup 5
120 120 #define SidTypeDeletedAccount 6
121 121 #define SidTypeInvalid 7
122 122 #define SidTypeUnknown 8
123 123 #define SidTypeComputer 9
124 124 #define SidTypeLabel 10
125 125
126 126
127 127 /*
128 128 * Identifier authorities for various domains.
129 129 */
130 130 #define NT_SID_NULL_AUTH 0
131 131 #define NT_SID_WORLD_AUTH 1
132 132 #define NT_SID_LOCAL_AUTH 2
133 133 #define NT_SID_CREATOR_AUTH 3
134 134 #define NT_SID_NON_UNIQUE_AUTH 4
135 135 #define NT_SID_NT_AUTH 5
136 136
137 137
138 138 #define NT_SECURITY_NULL_AUTH {0, 0, 0, 0, 0, 0}
139 139 #define NT_SECURITY_WORLD_AUTH {0, 0, 0, 0, 0, 1}
140 140 #define NT_SECURITY_LOCAL_AUTH {0, 0, 0, 0, 0, 2}
141 141 #define NT_SECURITY_CREATOR_AUTH {0, 0, 0, 0, 0, 3}
142 142 #define NT_SECURITY_NON_UNIQUE_AUTH {0, 0, 0, 0, 0, 4}
143 143 #define NT_SECURITY_NT_AUTH {0, 0, 0, 0, 0, 5}
144 144 #define NT_SECURITY_UNIX_AUTH {0, 0, 0, 0, 0, 99}
145 145
146 146
147 147 #define SECURITY_NULL_RID (0x00000000L)
148 148 #define SECURITY_WORLD_RID (0x00000000L)
149 149 #define SECURITY_LOCAL_RID (0X00000000L)
150 150
151 151 #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
152 152 #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
153 153 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
154 154 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
155 155 #define SECURITY_OWNER_RIGHTS_RID (0x00000004L)
156 156 #define SECURITY_GROUP_RIGHTS_RID (0x00000005L)
157 157 #define SECURITY_CURRENT_OWNER_RID (0x000002FEL)
158 158 #define SECURITY_CURRENT_GROUP_RID (0x000002FFL)
159 159
160 160 #define SECURITY_DIALUP_RID (0x00000001L)
161 161 #define SECURITY_NETWORK_RID (0x00000002L)
162 162 #define SECURITY_BATCH_RID (0x00000003L)
163 163 #define SECURITY_INTERACTIVE_RID (0x00000004L)
164 164 #define SECURITY_LOGON_IDS_RID (0x00000005L)
165 165 #define SECURITY_LOGON_IDS_RID_COUNT (3L)
166 166 #define SECURITY_SERVICE_RID (0x00000006L)
167 167 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
168 168 #define SECURITY_PROXY_RID (0x00000008L)
169 169 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
170 170 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
171 171 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
172 172 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
173 173 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
174 174
175 175 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
176 176 #define SECURITY_NT_NON_UNIQUE (0x00000015L)
177 177 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
178 178
179 179
180 180 #define NT_SID_NON_UNIQUE_SUBAUTH 21
181 181
182 182
183 183 /*
184 184 * Common definition for a SID.
185 185 */
186 186 #define NT_SID_REVISION 1
187 187 #define NT_SID_AUTH_MAX 6
188 188 #define NT_SID_SUBAUTH_MAX 15
189 189
190 190
191 191 /*
192 192 * Security Identifier (SID)
193 193 *
194 194 * The security identifier (SID) uniquely identifies a user, group or
195 195 * a domain. It consists of a revision number, the identifier authority,
196 196 * and a list of sub-authorities. The revision number is currently 1.
197 197 * The identifier authority identifies which system issued the SID. The
198 198 * sub-authorities of a domain SID uniquely identify a domain. A user
199 199 * or group SID consists of a domain SID with the user or group id
200 200 * appended. The user or group id (also known as a relative id (RID)
201 201 * uniquely identifies a user within a domain. A user or group SID
202 202 * uniquely identifies a user or group across all domains. The SidType
203 203 * values identify the various types of SID.
204 204 *
205 205 * 1 1 1 1 1 1
206 206 * 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
207 207 * +---------------------------------------------------------------+
208 208 * | SubAuthorityCount |Reserved1 (SBZ)| Revision |
209 209 * +---------------------------------------------------------------+
210 210 * | IdentifierAuthority[0] |
211 211 * +---------------------------------------------------------------+
212 212 * | IdentifierAuthority[1] |
213 213 * +---------------------------------------------------------------+
214 214 * | IdentifierAuthority[2] |
215 215 * +---------------------------------------------------------------+
216 216 * | |
217 217 * +- - - - - - - - SubAuthority[] - - - - - - - - -+
218 218 * | |
219 219 * +---------------------------------------------------------------+
220 220 *
221 221 */
222 222 /*
223 223 * Note: NT defines the Identifier Authority as a separate
224 224 * structure (SID_IDENTIFIER_AUTHORITY) containing a literal
225 225 * definition of a 6 byte vector but the effect is the same
226 226 * as defining it as a member value.
227 227 * See also: smb_sid_xdr()
228 228 */
229 229 typedef struct smb_sid {
230 230 uint8_t sid_revision;
231 231 uint8_t sid_subauthcnt;
232 232 uint8_t sid_authority[NT_SID_AUTH_MAX];
233 233 uint32_t sid_subauth[ANY_SIZE_ARRAY];
234 234 } smb_sid_t;
235 235
236 236 #define SMB_MAX_SID_SIZE ((2 * sizeof (uint8_t)) + \
237 237 (NT_SID_AUTH_MAX * sizeof (uint8_t)) + \
238 238 (NT_SID_SUBAUTH_MAX * sizeof (uint32_t)))
239 239
240 240 /*
241 241 * Estimated number of sid_subauth is SECURITY_LOGON_IDS_RID_COUNT
242 242 * plus the DOMAIN_RID and the RID.
243 243 */
244 244 #define SMB_EST_SID_SIZE ((2 * sizeof (uint8_t)) + \
245 245 (NT_SID_AUTH_MAX * sizeof (uint8_t)) + \
246 246 ((2 + SECURITY_LOGON_IDS_RID_COUNT) * sizeof (uint32_t)))
247 247
248 248 /*
249 249 * Only group attributes are defined. No user attributes defined.
250 250 */
251 251 #define SE_GROUP_MANDATORY 0x00000001
252 252 #define SE_GROUP_ENABLED_BY_DEFAULT 0x00000002
253 253 #define SE_GROUP_ENABLED 0x00000004
254 254 #define SE_GROUP_OWNER 0x00000008
255 255 #define SE_GROUP_USE_FOR_DENY_ONLY 0x00000010
256 256 #define SE_GROUP_LOGON_ID 0xC0000000
257 257
258 258 /*
259 259 * smb_id_t consists of both the Windows security identifier
260 260 * and its corresponding POSIX/ephemeral ID.
261 261 * See also: smb_id_xdr()
262 262 */
263 263 typedef struct smb_id {
264 264 uint32_t i_attrs;
265 265 smb_sid_t *i_sid;
266 266 uid_t i_id;
267 267 } smb_id_t;
268 268
269 269 /*
270 270 * Array of smb_id_t
271 271 * See also: smb_ids_xdr()
272 272 */
273 273 typedef struct smb_ids {
274 274 uint32_t i_cnt;
275 275 smb_id_t *i_ids;
276 276 } smb_ids_t;
277 277
278 278 /*
279 279 * The maximum size of a SID in string format
280 280 */
281 281 #define SMB_SID_STRSZ 256
282 282
283 283 boolean_t smb_sid_isvalid(smb_sid_t *);
284 284 int smb_sid_len(smb_sid_t *);
285 285 smb_sid_t *smb_sid_dup(smb_sid_t *);
286 286 smb_sid_t *smb_sid_splice(smb_sid_t *, uint32_t);
287 287 int smb_sid_getrid(smb_sid_t *, uint32_t *);
288 288 smb_sid_t *smb_sid_split(smb_sid_t *, uint32_t *);
289 289 boolean_t smb_sid_cmp(smb_sid_t *, smb_sid_t *);
290 290 boolean_t smb_sid_islocal(smb_sid_t *);
291 291 boolean_t smb_sid_indomain(smb_sid_t *, smb_sid_t *);
292 292 void smb_sid_free(smb_sid_t *);
293 293 int smb_sid_splitstr(char *, uint32_t *);
294 294 void smb_sid_tostr(const smb_sid_t *, char *);
295 295 smb_sid_t *smb_sid_fromstr(const char *);
296 296 char *smb_sid_type2str(uint16_t);
297 297
298 298 void smb_ids_free(smb_ids_t *);
299 299
300 300 #ifdef __cplusplus
301 301 }
302 302 #endif
303 303
304 304
305 305 #endif /* _SMB_SID_H */
|
↓ open down ↓ |
263 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX