Lines Matching defs:token
57 static uint32_t smb_token_setup_anon(smb_token_t *token);
69 smb_token_idmap(smb_token_t *token, smb_idmap_batch_t *sib)
76 if (!token || !sib)
81 if (token->tkn_flags & SMB_ATF_ANON) {
82 token->tkn_user.i_id = UID_NOBODY;
83 token->tkn_owner.i_id = UID_NOBODY;
86 id = &token->tkn_user;
95 id = &token->tkn_owner;
105 id = &token->tkn_primary_grp;
114 for (i = 0; i < token->tkn_win_grps.i_cnt; i++, sim++) {
115 id = &token->tkn_win_grps.i_ids[i];
130 * This will map all the SIDs of the access token to UIDs/GIDs.
135 smb_token_sids2ids(smb_token_t *token)
145 if (token->tkn_flags & SMB_ATF_ANON)
146 nmaps = token->tkn_win_grps.i_cnt + 1;
148 nmaps = token->tkn_win_grps.i_cnt + 3;
154 stat = smb_token_idmap(token, &sib);
170 * Setup the POSIX group membership of the access token if the given UID is
173 * token.
241 * Release all of the memory associated with a token structure. Ensure
242 * that the token has been unlinked before calling.
245 smb_token_destroy(smb_token_t *token)
247 if (token != NULL) {
248 smb_sid_free(token->tkn_user.i_sid);
249 smb_sid_free(token->tkn_owner.i_sid);
250 smb_sid_free(token->tkn_primary_grp.i_sid);
251 smb_ids_free(&token->tkn_win_grps);
252 smb_privset_free(token->tkn_privileges);
253 free(token->tkn_posix_grps);
254 free(token->tkn_account_name);
255 free(token->tkn_domain_name);
256 free(token->tkn_ssnkey.val);
257 bzero(token, sizeof (smb_token_t));
258 free(token);
269 smb_token_set_owner(smb_token_t *token)
274 if (token->tkn_flags & SMB_ATF_ADMIN) {
278 owner_sid = token->tkn_user->i_sid;
281 token->tkn_owner.i_sid = smb_sid_dup(owner_sid);
283 token->tkn_owner.i_sid = smb_sid_dup(token->tkn_user.i_sid);
287 smb_token_create_privs(smb_token_t *token)
304 if (smb_lgrp_is_member(&grp, token->tkn_user.i_sid))
310 if (token->tkn_flags & SMB_ATF_ADMIN) {
329 smb_token_set_flags(smb_token_t *token)
331 if (smb_token_is_member(token, smb_wka_get_sid("Administrators")))
332 token->tkn_flags |= SMB_ATF_ADMIN;
334 if (smb_token_is_member(token, smb_wka_get_sid("Power Users")))
335 token->tkn_flags |= SMB_ATF_POWERUSER;
337 if (smb_token_is_member(token, smb_wka_get_sid("Backup Operators")))
338 token->tkn_flags |= SMB_ATF_BACKUPOP;
342 * Common token setup for both local and domain users.
351 smb_token_setup_common(smb_token_t *token)
353 smb_token_set_flags(token);
355 smb_token_set_owner(token);
356 if (token->tkn_owner.i_sid == NULL)
360 token->tkn_privileges = smb_token_create_privs(token);
361 if (token->tkn_privileges == NULL)
364 if (smb_token_sids2ids(token) != 0) {
366 token->tkn_domain_name, token->tkn_account_name);
371 token->tkn_posix_grps = smb_token_create_pxgrps(token->tkn_user.i_id);
373 return (smb_token_valid(token));
418 * On success, a pointer to a new access token is returned.
429 smb_token_t *token = NULL;
442 if ((token = calloc(1, sizeof (smb_token_t))) == NULL) {
449 (*ops[i])(user_info, token);
456 if (smb_token_setup_common(token))
457 return (token);
460 smb_token_destroy(token);
475 smb_logon_local(smb_logon_t *user_info, smb_token_t *token)
496 status = smb_token_auth_local(user_info, token, &smbpw);
498 status = smb_token_setup_local(&smbpw, token);
515 smb_logon_guest(smb_logon_t *user_info, smb_token_t *token)
539 * the guest token.
543 user_info->lg_status = smb_token_setup_guest(user_info, token);
548 * If user_info represents an anonymous user then setup the token.
552 smb_logon_anon(smb_logon_t *user_info, smb_token_t *token)
555 user_info->lg_status = smb_token_setup_anon(token);
563 smb_token_auth_local(smb_logon_t *user_info, smb_token_t *token,
584 token->tkn_ssnkey.val = malloc(SMBAUTH_SESSION_KEY_SZ);
585 if (token->tkn_ssnkey.val == NULL)
587 token->tkn_ssnkey.len = SMBAUTH_SESSION_KEY_SZ;
599 token->tkn_ssnkey.val);
603 free(token->tkn_ssnkey.val);
604 token->tkn_ssnkey.val = NULL;
605 token->tkn_ssnkey.len = 0;
616 * Setup an access token for the specified local user.
619 smb_token_setup_local(smb_passwd_t *smbpw, smb_token_t *token)
629 token->tkn_account_name = strdup(smbpw->pw_name);
630 token->tkn_domain_name = strdup(nbname);
632 if (token->tkn_account_name == NULL ||
633 token->tkn_domain_name == NULL)
665 token->tkn_user.i_sid = smb_sid_dup(umap->sim_sid);
666 token->tkn_primary_grp.i_sid = smb_sid_dup(gmap->sim_sid);
670 if (token->tkn_user.i_sid == NULL ||
671 token->tkn_primary_grp.i_sid == NULL)
674 return (smb_token_setup_wingrps(token));
678 * Setup access token for guest connections
681 smb_token_setup_guest(smb_logon_t *user_info, smb_token_t *token)
683 token->tkn_account_name = strdup(user_info->lg_e_username);
686 token->tkn_domain_name = strdup(smb_guest.a_domain);
687 token->tkn_user.i_sid = smb_sid_dup(smb_guest.a_sid);
688 token->tkn_primary_grp.i_sid = smb_sid_dup(smb_domusers.a_sid);
690 token->tkn_flags = SMB_ATF_GUEST;
692 if (token->tkn_account_name == NULL ||
693 token->tkn_domain_name == NULL ||
694 token->tkn_user.i_sid == NULL ||
695 token->tkn_primary_grp.i_sid == NULL)
698 return (smb_token_setup_wingrps(token));
702 * Setup access token for anonymous connections
705 smb_token_setup_anon(smb_token_t *token)
709 token->tkn_account_name = strdup("Anonymous");
710 token->tkn_domain_name = strdup("NT Authority");
712 token->tkn_user.i_sid = smb_sid_dup(user_sid);
713 token->tkn_primary_grp.i_sid = smb_sid_dup(user_sid);
714 token->tkn_flags = SMB_ATF_ANON;
716 if (token->tkn_account_name == NULL ||
717 token->tkn_domain_name == NULL ||
718 token->tkn_user.i_sid == NULL ||
719 token->tkn_primary_grp.i_sid == NULL)
722 return (smb_token_setup_wingrps(token));
728 * Return a pointer to the user SID in the specified token. A null
732 smb_token_user_sid(smb_token_t *token)
734 return ((token) ? token->tkn_user.i_sid : NULL);
752 smb_token_group_sid(smb_token_t *token, int *iterator)
756 if (token == NULL || iterator == NULL)
759 if (token->tkn_win_grps.i_ids == NULL)
764 if (index < 0 || index >= token->tkn_win_grps.i_cnt)
768 return (token->tkn_win_grps.i_ids[index].i_sid);
775 * member of a token. The user SID and all group SIDs are tested.
776 * Returns 1 if the SID is a member of the token. Otherwise returns 0.
779 smb_token_is_member(smb_token_t *token, smb_sid_t *sid)
784 if (token == NULL || sid == NULL)
787 tsid = smb_token_user_sid(token);
792 tsid = smb_token_group_sid(token, &iterator);
801 * Diagnostic routine to write the contents of a token to the log.
804 smb_token_log(smb_token_t *token)
812 if (token == NULL)
816 (token->tkn_domain_name) ? token->tkn_domain_name : "-NULL-",
817 (token->tkn_account_name) ? token->tkn_account_name : "-NULL-");
819 syslog(LOG_DEBUG, " User->Attr: %d", token->tkn_user.i_attrs);
820 smb_sid_tostr((smb_sid_t *)token->tkn_user.i_sid, sidstr);
822 token->tkn_user.i_id);
824 smb_sid_tostr((smb_sid_t *)token->tkn_owner.i_sid, sidstr);
826 sidstr, token->tkn_owner.i_id);
828 smb_sid_tostr((smb_sid_t *)token->tkn_primary_grp.i_sid, sidstr);
830 sidstr, token->tkn_primary_grp.i_id);
832 w_grps = &token->tkn_win_grps;
850 x_grps = token->tkn_posix_grps;
859 if (token->tkn_privileges)
860 smb_privset_log(token->tkn_privileges);
867 * token. Two assumptions have been made here:
869 * a) token already contains a valid user SID so that group
872 * b) token belongs to a local or anonymous user
875 smb_token_setup_wingrps(smb_token_t *token)
889 tkn_grps.i_ids->i_sid = smb_sid_dup(token->tkn_primary_grp.i_sid);
890 tkn_grps.i_ids->i_attrs = token->tkn_primary_grp.i_attrs;
896 status = smb_sam_usr_groups(token->tkn_user.i_sid, &tkn_grps);
902 status = smb_wka_token_groups(token->tkn_flags, &tkn_grps);
908 token->tkn_win_grps = tkn_grps;