1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _SMBSRV_NTSID_H 27 #define _SMBSRV_NTSID_H 28 29 #pragma ident "@(#)ntsid.h 1.1 07/10/25 SMI" 30 31 /* 32 * NT Security Identifier (SID) interface definition. 33 */ 34 35 /* 36 * some kernel include file /usr/include/... is 37 * overriding DWORD and causing conflicts 38 * will investigate further - to be removed 39 */ 40 41 #ifdef DWORD 42 #undef DWORD 43 #define DWORD uint32_t 44 #endif 45 46 #include <smbsrv/wintypes.h> 47 48 49 #ifdef __cplusplus 50 extern "C" { 51 #endif 52 53 /* 54 * Predefined global user RIDs. 55 */ 56 #define DOMAIN_USER_RID_ADMIN (0x000001F4L) /* 500 */ 57 #define DOMAIN_USER_RID_GUEST (0x000001F5L) /* 501 */ 58 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L) /* 502 */ 59 60 /* 61 * Predefined global group RIDs. 62 */ 63 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L) /* 512 */ 64 #define DOMAIN_GROUP_RID_USERS (0x00000201L) 65 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L) 66 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L) 67 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L) 68 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L) 69 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L) 70 71 72 /* 73 * Predefined local alias RIDs. 74 */ 75 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L) /* 544 */ 76 #define DOMAIN_ALIAS_RID_USERS (0x00000221L) 77 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L) 78 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L) 79 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L) 80 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L) 81 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L) 82 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L) 83 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L) 84 85 86 /* 87 * Universal and NT well-known SIDs 88 */ 89 #define NT_NULL_SIDSTR "S-1-0-0" 90 #define NT_WORLD_SIDSTR "S-1-1-0" 91 #define NT_LOCAL_SIDSTR "S-1-2-0" 92 #define NT_CREATOR_OWNER_ID_SIDSTR "S-1-3-0" 93 #define NT_CREATOR_GROUP_ID_SIDSTR "S-1-3-1" 94 #define NT_CREATOR_OWNER_SERVER_ID_SIDSTR "S-1-3-2" 95 #define NT_CREATOR_GROUP_SERVER_ID_SIDSTR "S-1-3-3" 96 #define NT_NON_UNIQUE_IDS_SIDSTR "S-1-4" 97 #define NT_AUTHORITY_SIDSTR "S-1-5" 98 #define NT_DIALUP_SIDSTR "S-1-5-1" 99 #define NT_NETWORK_SIDSTR "S-1-5-2" 100 #define NT_BATCH_SIDSTR "S-1-5-3" 101 #define NT_INTERACTIVE_SIDSTR "S-1-5-4" 102 #define NT_SERVICE_SIDSTR "S-1-5-6" 103 #define NT_ANONYMOUS_LOGON_SIDSTR "S-1-5-7" 104 #define NT_PROXY_SIDSTR "S-1-5-8" 105 #define NT_SERVER_LOGON_SIDSTR "S-1-5-9" 106 #define NT_SELF_SIDSTR "S-1-5-10" 107 #define NT_AUTHENTICATED_USER_SIDSTR "S-1-5-11" 108 #define NT_RESTRICTED_CODE_SIDSTR "S-1-5-12" 109 #define NT_LOCAL_SYSTEM_SIDSTR "S-1-5-18" 110 #define NT_NON_UNIQUE_SIDSTR "S-1-5-21" 111 #define NT_BUILTIN_DOMAIN_SIDSTR "S-1-5-32" 112 113 114 /* 115 * SID type indicators (SID_NAME_USE). 116 */ 117 #define SidTypeNull 0 118 #define SidTypeUser 1 119 #define SidTypeGroup 2 120 #define SidTypeDomain 3 121 #define SidTypeAlias 4 122 #define SidTypeWellKnownGroup 5 123 #define SidTypeDeletedAccount 6 124 #define SidTypeInvalid 7 125 #define SidTypeUnknown 8 126 #define SidTypeComputer 9 127 128 129 /* 130 * Identifier authorities for various domains. 131 */ 132 #define NT_SID_NULL_AUTH 0 133 #define NT_SID_WORLD_AUTH 1 134 #define NT_SID_LOCAL_AUTH 2 135 #define NT_SID_CREATOR_AUTH 3 136 #define NT_SID_NON_UNIQUE_AUTH 4 137 #define NT_SID_NT_AUTH 5 138 139 140 #define NT_SECURITY_NULL_AUTH {0, 0, 0, 0, 0, 0} 141 #define NT_SECURITY_WORLD_AUTH {0, 0, 0, 0, 0, 1} 142 #define NT_SECURITY_LOCAL_AUTH {0, 0, 0, 0, 0, 2} 143 #define NT_SECURITY_CREATOR_AUTH {0, 0, 0, 0, 0, 3} 144 #define NT_SECURITY_NON_UNIQUE_AUTH {0, 0, 0, 0, 0, 4} 145 #define NT_SECURITY_NT_AUTH {0, 0, 0, 0, 0, 5} 146 #define NT_SECURITY_UNIX_AUTH {0, 0, 0, 0, 0, 99} 147 148 149 #define SECURITY_NULL_RID (0x00000000L) 150 #define SECURITY_WORLD_RID (0x00000000L) 151 #define SECURITY_LOCAL_RID (0X00000000L) 152 153 #define SECURITY_CREATOR_OWNER_RID (0x00000000L) 154 #define SECURITY_CREATOR_GROUP_RID (0x00000001L) 155 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L) 156 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L) 157 158 #define SECURITY_DIALUP_RID (0x00000001L) 159 #define SECURITY_NETWORK_RID (0x00000002L) 160 #define SECURITY_BATCH_RID (0x00000003L) 161 #define SECURITY_INTERACTIVE_RID (0x00000004L) 162 #define SECURITY_LOGON_IDS_RID (0x00000005L) 163 #define SECURITY_LOGON_IDS_RID_COUNT (3L) 164 #define SECURITY_SERVICE_RID (0x00000006L) 165 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L) 166 #define SECURITY_PROXY_RID (0x00000008L) 167 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L) 168 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID 169 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL) 170 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL) 171 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL) 172 173 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L) 174 #define SECURITY_NT_NON_UNIQUE (0x00000015L) 175 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L) 176 177 178 #define NT_SID_NON_UNIQUE_SUBAUTH 21 179 180 181 /* 182 * Common definition for a SID. 183 */ 184 #define NT_SID_REVISION 1 185 #define NT_SID_AUTH_MAX 6 186 #define NT_SID_SUBAUTH_MAX 15 187 188 189 /* 190 * Security Identifier (SID) 191 * 192 * The security identifier (SID) uniquely identifies a user, group or 193 * a domain. It consists of a revision number, the identifier authority, 194 * and a list of sub-authorities. The revision number is currently 1. 195 * The identifier authority identifies which system issued the SID. The 196 * sub-authorities of a domain SID uniquely identify a domain. A user 197 * or group SID consists of a domain SID with the user or group id 198 * appended. The user or group id (also known as a relative id (RID) 199 * uniquely identifies a user within a domain. A user or group SID 200 * uniquely identifies a user or group across all domains. The SidType 201 * values identify the various types of SID. 202 * 203 * 1 1 1 1 1 1 204 * 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 205 * +---------------------------------------------------------------+ 206 * | SubAuthorityCount |Reserved1 (SBZ)| Revision | 207 * +---------------------------------------------------------------+ 208 * | IdentifierAuthority[0] | 209 * +---------------------------------------------------------------+ 210 * | IdentifierAuthority[1] | 211 * +---------------------------------------------------------------+ 212 * | IdentifierAuthority[2] | 213 * +---------------------------------------------------------------+ 214 * | | 215 * +- - - - - - - - SubAuthority[] - - - - - - - - -+ 216 * | | 217 * +---------------------------------------------------------------+ 218 * 219 */ 220 /* 221 * Note: NT defines the Identifier Authority as a separate 222 * structure (SID_IDENTIFIER_AUTHORITY) containing a literal 223 * definition of a 6 byte vector but the effect is the same 224 * as defining it as a member value. 225 */ 226 typedef struct nt_sid { 227 BYTE Revision; 228 BYTE SubAuthCount; 229 BYTE Authority[NT_SID_AUTH_MAX]; 230 DWORD SubAuthority[ANY_SIZE_ARRAY]; 231 } nt_sid_t; 232 233 /* 234 * The structure for entries in a static table of well known 235 * SIDs. The table definition is in os/libnt/ntbuitin.c 236 * The domain_ix field is an index into a predefined domain 237 * list in os/libnt/ntbuitin.c 238 */ 239 typedef struct well_known_account { 240 WORD sid_name_use; 241 WORD domain_ix; /* index to a predefine domain list */ 242 char *sid; 243 char *name; 244 WORD flags; 245 char *desc; 246 nt_sid_t *binsid; 247 } well_known_account_t; 248 249 /* 250 * flags for local group table entry 251 * 252 * LGF_HIDDEN this entry won't be represented to users 253 * via builtin group management interface 254 */ 255 #define LGF_HIDDEN 0x1 256 257 258 /* 259 * The maximum size of the SID format buffer. 260 */ 261 #define NT_SID_FMTBUF_SIZE 256 262 263 264 int nt_sid_is_valid(nt_sid_t *sid); 265 int nt_sid_length(nt_sid_t *sid); 266 nt_sid_t *nt_sid_dup(nt_sid_t *sid); 267 nt_sid_t *nt_sid_splice(nt_sid_t *domain_sid, DWORD rid); 268 int nt_sid_get_rid(nt_sid_t *sid, DWORD *rid); 269 int nt_sid_split(nt_sid_t *sid, DWORD *rid); 270 nt_sid_t *nt_sid_gen_null_sid(void); 271 int nt_sid_domain_equal(nt_sid_t *domain_sid, nt_sid_t *sid); 272 int nt_sid_is_equal(nt_sid_t *sid1, nt_sid_t *sid2); 273 int nt_sid_is_local(nt_sid_t *sid); 274 int nt_sid_is_builtin(nt_sid_t *sid); 275 int nt_sid_is_domain_equal(nt_sid_t *sid1, nt_sid_t *sid2); 276 int nt_sid_is_indomain(nt_sid_t *domain_sid, nt_sid_t *sid); 277 void nt_sid_logf(nt_sid_t *sid); 278 char *nt_sid_format(nt_sid_t *sid); 279 void nt_sid_format2(nt_sid_t *sid, char *fmtbuf); 280 nt_sid_t *nt_sid_strtosid(char *sidstr); 281 char *nt_sid_name_use(unsigned int snu_id); 282 int nt_sid_copy(nt_sid_t *dessid, nt_sid_t *srcsid, unsigned buflen); 283 284 285 /* 286 * SID/name translation service for NT BUILTIN SIDs. 287 */ 288 int nt_builtin_init(void); 289 void nt_builtin_fini(void); 290 well_known_account_t *nt_builtin_lookup(char *name); 291 char *nt_builtin_lookup_sid(nt_sid_t *sid, WORD *sid_name_use); 292 nt_sid_t *nt_builtin_lookup_name(char *name, WORD *sid_name_use); 293 char *nt_builtin_lookup_domain(char *name); 294 int nt_builtin_is_wellknown(char *name); 295 well_known_account_t *nt_builtin_findfirst(DWORD *iterator); 296 well_known_account_t *nt_builtin_findnext(DWORD *iterator); 297 298 299 #ifdef __cplusplus 300 } 301 #endif 302 303 304 #endif /* _SMBSRV_NTSID_H */ 305
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.