1*1fcced4cSJordan Brown /*
2*1fcced4cSJordan Brown  * CDDL HEADER START
3*1fcced4cSJordan Brown  *
4*1fcced4cSJordan Brown  * The contents of this file are subject to the terms of the
5*1fcced4cSJordan Brown  * Common Development and Distribution License (the "License").
6*1fcced4cSJordan Brown  * You may not use this file except in compliance with the License.
7*1fcced4cSJordan Brown  *
8*1fcced4cSJordan Brown  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9*1fcced4cSJordan Brown  * or http://www.opensolaris.org/os/licensing.
10*1fcced4cSJordan Brown  * See the License for the specific language governing permissions
11*1fcced4cSJordan Brown  * and limitations under the License.
12*1fcced4cSJordan Brown  *
13*1fcced4cSJordan Brown  * When distributing Covered Code, include this CDDL HEADER in each
14*1fcced4cSJordan Brown  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15*1fcced4cSJordan Brown  * If applicable, add the following below this CDDL HEADER, with the
16*1fcced4cSJordan Brown  * fields enclosed by brackets "[]" replaced with your own identifying
17*1fcced4cSJordan Brown  * information: Portions Copyright [yyyy] [name of copyright owner]
18*1fcced4cSJordan Brown  *
19*1fcced4cSJordan Brown  * CDDL HEADER END
20*1fcced4cSJordan Brown  */
21*1fcced4cSJordan Brown /*
22*1fcced4cSJordan Brown  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23*1fcced4cSJordan Brown  * Use is subject to license terms.
24*1fcced4cSJordan Brown  */
25*1fcced4cSJordan Brown 
26*1fcced4cSJordan Brown #ifndef _SIDUTIL_H
27*1fcced4cSJordan Brown #define	_SIDUTIL_H
28*1fcced4cSJordan Brown 
29*1fcced4cSJordan Brown /*
30*1fcced4cSJordan Brown  * Security Identifier (SID) interface definition.
31*1fcced4cSJordan Brown  *
32*1fcced4cSJordan Brown  * This is an extract from uts/common/smbsrv/smb_sid.h, with functions
33*1fcced4cSJordan Brown  * renamed as part of a tentative plan for convergence.
34*1fcced4cSJordan Brown  */
35*1fcced4cSJordan Brown 
36*1fcced4cSJordan Brown #ifdef __cplusplus
37*1fcced4cSJordan Brown extern "C" {
38*1fcced4cSJordan Brown #endif
39*1fcced4cSJordan Brown 
40*1fcced4cSJordan Brown /*
41*1fcced4cSJordan Brown  * Common definition for a SID.
42*1fcced4cSJordan Brown  */
43*1fcced4cSJordan Brown #define	NT_SID_REVISION		1
44*1fcced4cSJordan Brown #define	NT_SID_AUTH_MAX		6
45*1fcced4cSJordan Brown #define	NT_SID_SUBAUTH_MAX	15
46*1fcced4cSJordan Brown 
47*1fcced4cSJordan Brown #if	!defined(ANY_SIZE_ARRAY)
48*1fcced4cSJordan Brown #define	ANY_SIZE_ARRAY	1
49*1fcced4cSJordan Brown #endif
50*1fcced4cSJordan Brown 
51*1fcced4cSJordan Brown /*
52*1fcced4cSJordan Brown  * Security Identifier (SID)
53*1fcced4cSJordan Brown  *
54*1fcced4cSJordan Brown  * The security identifier (SID) uniquely identifies a user, group or
55*1fcced4cSJordan Brown  * a domain. It consists of a revision number, the identifier authority,
56*1fcced4cSJordan Brown  * and a list of sub-authorities. The revision number is currently 1.
57*1fcced4cSJordan Brown  * The identifier authority identifies which system issued the SID. The
58*1fcced4cSJordan Brown  * sub-authorities of a domain SID uniquely identify a domain. A user
59*1fcced4cSJordan Brown  * or group SID consists of a domain SID with the user or group id
60*1fcced4cSJordan Brown  * appended. The user or group id (also known as a relative id (RID)
61*1fcced4cSJordan Brown  * uniquely identifies a user within a domain. A user or group SID
62*1fcced4cSJordan Brown  * uniquely identifies a user or group across all domains. The SidType
63*1fcced4cSJordan Brown  * values identify the various types of SID.
64*1fcced4cSJordan Brown  *
65*1fcced4cSJordan Brown  *      1   1   1   1   1   1
66*1fcced4cSJordan Brown  *      5   4   3   2   1   0   9   8   7   6   5   4   3   2   1   0
67*1fcced4cSJordan Brown  *   +---------------------------------------------------------------+
68*1fcced4cSJordan Brown  *   |      SubAuthorityCount        |Reserved1 (SBZ)|   Revision    |
69*1fcced4cSJordan Brown  *   +---------------------------------------------------------------+
70*1fcced4cSJordan Brown  *   |                   IdentifierAuthority[0]                      |
71*1fcced4cSJordan Brown  *   +---------------------------------------------------------------+
72*1fcced4cSJordan Brown  *   |                   IdentifierAuthority[1]                      |
73*1fcced4cSJordan Brown  *   +---------------------------------------------------------------+
74*1fcced4cSJordan Brown  *   |                   IdentifierAuthority[2]                      |
75*1fcced4cSJordan Brown  *   +---------------------------------------------------------------+
76*1fcced4cSJordan Brown  *   |                                                               |
77*1fcced4cSJordan Brown  *   +- -  -  -  -  -  -  -  SubAuthority[]  -  -  -  -  -  -  -  - -+
78*1fcced4cSJordan Brown  *   |                                                               |
79*1fcced4cSJordan Brown  *   +---------------------------------------------------------------+
80*1fcced4cSJordan Brown  *
81*1fcced4cSJordan Brown  */
82*1fcced4cSJordan Brown /*
83*1fcced4cSJordan Brown  * Note: NT defines the Identifier Authority as a separate
84*1fcced4cSJordan Brown  * structure (SID_IDENTIFIER_AUTHORITY) containing a literal
85*1fcced4cSJordan Brown  * definition of a 6 byte vector but the effect is the same
86*1fcced4cSJordan Brown  * as defining it as a member value.
87*1fcced4cSJordan Brown  */
88*1fcced4cSJordan Brown typedef struct sid {
89*1fcced4cSJordan Brown 	uint8_t sid_revision;
90*1fcced4cSJordan Brown 	uint8_t sid_subauthcnt;
91*1fcced4cSJordan Brown 	uint8_t sid_authority[NT_SID_AUTH_MAX];
92*1fcced4cSJordan Brown 	uint32_t sid_subauth[ANY_SIZE_ARRAY];
93*1fcced4cSJordan Brown } sid_t;
94*1fcced4cSJordan Brown 
95*1fcced4cSJordan Brown /*
96*1fcced4cSJordan Brown  * The maximum size of a SID in string format
97*1fcced4cSJordan Brown  */
98*1fcced4cSJordan Brown #define	SID_STRSZ		256
99*1fcced4cSJordan Brown 
100*1fcced4cSJordan Brown /* Given a SID, return its length in bytes. */
101*1fcced4cSJordan Brown int sid_len(sid_t *);
102*1fcced4cSJordan Brown 
103*1fcced4cSJordan Brown /* Given a dynamically allocated SID (e.g. from sid_fromstr), free it. */
104*1fcced4cSJordan Brown void sid_free(sid_t *);
105*1fcced4cSJordan Brown 
106*1fcced4cSJordan Brown /* Translate a binary-format SID into the supplied SID_STRSZ buffer. */
107*1fcced4cSJordan Brown void sid_tostr(sid_t *, char *);
108*1fcced4cSJordan Brown 
109*1fcced4cSJordan Brown /* Translate a text-format SID into an allocated binary-format SID. */
110*1fcced4cSJordan Brown sid_t *sid_fromstr(char *);
111*1fcced4cSJordan Brown 
112*1fcced4cSJordan Brown /* In-place, translate a host-order SID into MS-native little endian. */
113*1fcced4cSJordan Brown void sid_to_le(sid_t *);
114*1fcced4cSJordan Brown 
115*1fcced4cSJordan Brown /* In-place, translate a MS-native little endian SID into host order. */
116*1fcced4cSJordan Brown void sid_from_le(sid_t *);
117*1fcced4cSJordan Brown 
118*1fcced4cSJordan Brown #ifdef __cplusplus
119*1fcced4cSJordan Brown }
120*1fcced4cSJordan Brown #endif
121*1fcced4cSJordan Brown 
122*1fcced4cSJordan Brown 
123*1fcced4cSJordan Brown #endif /* _SIDUTIL_H */
124