smb_user.c revision 12b65585e720714b31036daaa2b30eb76014048e
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2014 Nexenta Systems, Inc. All rights reserved.
*/
/*
* General Structures Layout
* -------------------------
*
* This is a simplified diagram showing the relationship between most of the
* main structures.
*
* +-------------------+
* | SMB_INFO |
* +-------------------+
* |
* |
* v
* +-------------------+ +-------------------+ +-------------------+
* | SESSION |<----->| SESSION |......| SESSION |
* +-------------------+ +-------------------+ +-------------------+
* | |
* | |
* | v
* | +-------------------+ +-------------------+ +-------------------+
* | | USER |<--->| USER |...| USER |
* | +-------------------+ +-------------------+ +-------------------+
* |
* |
* v
* +-------------------+ +-------------------+ +-------------------+
* | TREE |<----->| TREE |......| TREE |
* +-------------------+ +-------------------+ +-------------------+
* | |
* | |
* | v
* | +-------+ +-------+ +-------+
* | | OFILE |<----->| OFILE |......| OFILE |
* | +-------+ +-------+ +-------+
* |
* |
* v
* +-------+ +------+ +------+
* | ODIR |<----->| ODIR |......| ODIR |
* +-------+ +------+ +------+
*
*
* User State Machine
* ------------------
*
*
* | T0: Creation/Allocation
* | (1st session setup)
* v
* +-----------------------------+
* | SMB_USER_STATE_LOGGING_ON |<----------+
* +-----------------------------+ addl. session setup
* | | (more proc. required)
* | T2 | ^
* | | | T1: (cont.)
* | +------->-------?
* v | T3: (fail)
* +-----------------------------+ v
* | SMB_USER_STATE_LOGGED_ON | (logged off)
* +-----------------------------+
* |
* | T4
* |
* v
* +-----------------------------+
* | SMB_USER_STATE_LOGGING_OFF |
* +-----------------------------+
* |
* | T5
* |
* v
* +-----------------------------+ T6
* +-----------------------------+
*
* SMB_USER_STATE_LOGGING_ON
*
* While in this state:
* - The user is in the list of users for his session.
* - References will be given out ONLY for session setup.
* - This user can not access anything yet.
*
* SMB_USER_STATE_LOGGED_ON
*
* While in this state:
* - The user is in the list of users for his session.
* - References will be given out if the user is looked up.
* - The user can access files and pipes.
*
* SMB_USER_STATE_LOGGING_OFF
*
* While in this state:
* - The user is in the list of users for his session.
* - References will not be given out if the user is looked up.
* - The trees the user connected are being disconnected.
* - The resources associated with the user remain.
*
* SMB_USER_STATE_LOGGED_OFF
*
* While in this state:
* - The user is queued in the list of users of his session.
* - References will not be given out if the user is looked up.
* - The user has no more trees connected.
* - The resources associated with the user remain.
*
* Transition T0
*
* First request in an SMB Session Setup sequence creates a
* new user object and adds it to the list of users for
* this session. User UID is assigned and returned.
*
* Transition T1
*
* Subsequent SMB Session Setup requests (on the same UID
* assigned in T0) update the state of this user object,
* communicating with smbd for the crypto work.
*
* Transition T2
*
* If the SMB Session Setup sequence is successful, T2
* makes the new user object available for requests.
*
* Transition T3
*
* If an Session Setup request gets an error other than
* the expected "more processing required", then T3
* leads to state "LOGGED_OFF" and then tear-down of the
* partially constructed user.
*
* Transition T4
*
* Normal SMB User Logoff request, or session tear-down.
*
* Transition T5
*
* This transition occurs in smb_user_release(). The resources associated
* with the user are deleted as well as the user. For the transition to
* occur, the user must be in the SMB_USER_STATE_LOGGED_OFF state and the
* reference count be zero.
*
* Comments
* --------
*
* The state machine of the user structures is controlled by 3 elements:
* - The list of users of the session he belongs to.
* - The mutex embedded in the structure itself.
* - The reference count.
*
* There's a mutex embedded in the user structure used to protect its fields
* and there's a lock embedded in the list of users of a session. To
* increment or to decrement the reference count the mutex must be entered.
* To insert the user into the list of users of the session and to remove
* the user from it, the lock must be entered in RW_WRITER mode.
*
* Rules of access to a user structure:
*
* 1) In order to avoid deadlocks, when both (mutex and lock of the session
* list) have to be entered, the lock must be entered first.
*
* 2) All actions applied to a user require a reference count.
*
* 3) There are 2 ways of getting a reference count. One is when the user
* logs in. The other when the user is looked up.
*
* It should be noted that the reference count of a user registers the
* number of references to the user in other structures (such as an smb
* request). The reference count is not incremented in these 2 instances:
*
* 1) The user is logged in. An user is anchored by his state. If there's
* no activity involving a user currently logged in, the reference
* count of that user is zero.
*
* 2) The user is queued in the list of users of the session. The fact of
* being queued in that list is NOT registered by incrementing the
* reference count.
*/
#include <sys/priv_names.h>
#include <smbsrv/smb_kproto.h>
#include <smbsrv/smb_door.h>
#define ADMINISTRATORS_SID "S-1-5-32-544"
static void smb_user_auth_logoff(smb_user_t *);
/*
* Create a new user.
*/
{
goto errout;
return (user);
return (NULL);
}
/*
* Fill in the details of a user, meaning a transition
* from state LOGGING_ON to state LOGGED_ON.
*/
int
char *domain_name,
char *account_name,
{
return (-1);
}
return (0);
}
/*
* smb_user_logoff
*
* Change the user state and disconnect trees.
* The user list must not be entered or modified here.
*/
void
{
case SMB_USER_STATE_LOGGING_ON: {
break;
}
case SMB_USER_STATE_LOGGED_ON: {
/*
* The user is moved into a state indicating that the log off
* process has started.
*/
break;
}
break;
default:
ASSERT(0);
break;
}
}
/*
* Take a reference on a user. Do not return a reference unless the user is in
* the logged-in state.
*/
{
return (B_TRUE);
}
return (B_FALSE);
}
/*
* Unconditionally take a reference on a user.
*/
void
{
}
/*
* Release a reference on a user. If the reference count falls to
* zero and the user has logged off, post the object for deletion.
* Object deletion is deferred to avoid modifying a list while an
* iteration may be in progress.
*/
void
{
break;
case SMB_USER_STATE_LOGGED_ON:
break;
default:
ASSERT(0);
break;
}
}
/*
* Determine whether or not the user is an administrator.
* Members of the administrators group have administrative rights.
*/
{
#ifdef _KERNEL
char sidstr[SMB_SID_STRSZ];
int i;
#endif /* _KERNEL */
if (SMB_USER_IS_ADMIN(user))
return (B_TRUE);
#ifdef _KERNEL
i = 0;
do {
break;
}
#endif /* _KERNEL */
return (rc);
}
/*
* This function should be called with a hold on the user.
*/
{
char *fq_name;
return (B_TRUE);
if (!match) {
}
return (match);
}
/*
* If the enumeration request is for user data, handle the request
* here. Otherwise, pass it on to the trees.
*
* This function should be called with a hold on the user.
*/
int
{
int rc = 0;
return (rc);
}
/* *************************** Static Functions ***************************** */
/*
* Delete a user. The tree list should be empty.
*
* Remove the user from the session's user list before freeing resources
* associated with the user.
*/
void
smb_user_delete(void *arg)
{
if (user->u_privcred)
}
cred_t *
{
}
cred_t *
{
}
#ifdef _KERNEL
/*
* Assign the user cred and privileges.
*
* and add those privileges to this new privileged cred.
*/
void
{
if (privileges & SMB_USER_PRIV_BACKUP) {
}
if (privileges & SMB_USER_PRIV_RESTORE) {
}
}
}
#endif /* _KERNEL */
/*
* Private function to support smb_user_enum.
*/
static int
{
int rc;
return (0);
}
return (0);
}
if (rc == 0) {
}
return (rc);
}
/*
* Encode the NetInfo for a user into a buffer. NetInfo contains
* information that is often needed in user space to support RPC
* requests.
*/
int
{
int rc;
return (rc);
}
void
{
char *buf;
}
void
{
return;
if (info->ui_account)
if (info->ui_workstation)
}
static void
{
}