NEX-15558 SMB logon fails during 1st second after service start
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-15558 SMB logon fails during 1st second after service start
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-2667 Wrong error when join domain with wrong password
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Bayard Bell <bayard.bell@nexenta.com>
NEX-2225 Unable to join NexentaStor to 2008 AD
re #12435 rb3958 r10 is added 2 times to panic info
re #12393 rb3935 Kerberos and smbd disagree about who is our AD server

          --- old/usr/src/lib/smbsrv/libmlsvc/common/smbrdr_glue.c
          +++ new/usr/src/lib/smbsrv/libmlsvc/common/smbrdr_glue.c

   1    1  /*
   2    2   * CDDL HEADER START
   3    3   *
   4    4   * The contents of this file are subject to the terms of the
   5    5   * Common Development and Distribution License (the "License").
   6    6   * You may not use this file except in compliance with the License.
   7    7   *
   8    8   * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9    9   * or http://www.opensolaris.org/os/licensing.
  10   10   * See the License for the specific language governing permissions
  11   11   * and limitations under the License.
  12   12   *
  13   13   * When distributing Covered Code, include this CDDL HEADER in each

  14   14   * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15   15   * If applicable, add the following below this CDDL HEADER, with the
  16   16   * fields enclosed by brackets "[]" replaced with your own identifying
  17   17   * information: Portions Copyright [yyyy] [name of copyright owner]
  18   18   *
  19   19   * CDDL HEADER END
  20   20   */
  21   21  
  22   22  /*
  23   23   * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
  24      - * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
       24 + * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
  25   25   */
  26   26  
  27   27  /*
  28   28   * There used to be a "redirector" library, which has been replaced,
  29   29   * leaving only the "glue" functions in this file that adapt this
  30   30   * library to the interface provided by libsmbfs.
  31   31   */
  32   32  
  33   33  #include <errno.h>
  34   34  #include <string.h>

  35   35  #include <strings.h>
  36   36  #include <unistd.h>
  37   37  #include <priv.h>
  38   38  
  39   39  #include <netsmb/smbfs_api.h>
  40   40  #include <smbsrv/libsmb.h>
  41   41  #include <smbsrv/libmlsvc.h>
  42   42  #include <libsmbrdr.h>
  43   43  #include <mlsvc.h>
  44   44  
  45   45  #include <assert.h>
  46   46  
  47   47  void
  48   48  smbrdr_initialize(void)
  49   49  {
  50   50          (void) smb_lib_init();
  51   51  }
  52   52  
  53   53  /*
  54   54   * mlsvc_disconnect
  55   55   *
  56   56   * Disconnects the session with given server.
  57   57   * The new conection manager is smart enough
  58   58   * so that we don't need this to do anything.
  59   59   */
  60   60  /* ARGSUSED */
  61   61  void
  62   62  smbrdr_disconnect(const char *server)
  63   63  {
  64   64  }
  65   65  
  66   66  
  67   67  /*
  68   68   * smbrdr_logon
  69   69   *
  70   70   * I'm not sure this really needs to do anything, but for now
  71   71   * let's go ahead and authenticate here so this can return a
  72   72   * status reflecting the outcome of authentication.
  73   73   *
  74   74   * If this successfully builds an smb_ctx, it just frees it.
  75   75   * The driver retains sessions for a little while after the
  76   76   * last reference goes away, so the session created here will
  77   77   * usually still exist when the next call to smbrdr_ctx_new
  78   78   * asks for this server+user (immediately after this returns),
  79   79   * and only one session setup will go over the wire.
  80   80   */
  81   81  int
  82   82  smbrdr_logon(char *srv, char *dom, char *user)
  83   83  {
  84   84          struct smb_ctx *ctx;
  85   85          int err;
  86   86  
  87   87          err = smbrdr_ctx_new(&ctx, srv, dom, user);
  88   88          if (err == 0)
  89   89                  smb_ctx_free(ctx);
  90   90          return (err);
  91   91  }
  92   92  
  93   93  void
  94   94  smbrdr_ctx_free(struct smb_ctx *ctx)
  95   95  {
  96   96          smb_ctx_free(ctx);
  97   97  }
  98   98  
  99   99  /*
 100  100   * Setup a new SMB client context.
 101  101   *
 102  102   * Get the SMB server's configuration stuff and
 103  103   * store it in the new client context object.
 104  104   */
 105  105  int
 106  106  smbrdr_ctx_new(struct smb_ctx **ctx_p, char *server,
 107  107          char *domain, char *user)
 108  108  {
 109  109          struct smb_ctx *ctx = NULL;
 110  110          uchar_t nthash[SMBAUTH_HASH_SZ];
 111  111          int64_t lmcl;
 112  112          int authflags, err;
 113  113  
 114  114          assert(server != NULL);
 115  115          assert(domain != NULL);
 116  116          assert(user != NULL);
 117  117  
 118  118          if (server[0] == '\0')
 119  119                  return (NT_STATUS_INTERNAL_ERROR);
 120  120  
 121  121          if ((err = smb_ctx_alloc(&ctx)) != 0)
 122  122                  return (NT_STATUS_NO_MEMORY);
 123  123  
 124  124          /*
 125  125           * Set server, share, domain, user
 126  126           * (in the ctx handle).
 127  127           */
 128  128          (void) smb_ctx_setfullserver(ctx, server);
 129  129          (void) smb_ctx_setshare(ctx, "IPC$", USE_IPC);
 130  130          (void) smb_ctx_setdomain(ctx, domain, B_TRUE);
 131  131          (void) smb_ctx_setuser(ctx, user, B_TRUE);
 132  132  
 133  133          /*
 134  134           * Set auth. info (hash) and type.
 135  135           */
 136  136          if (user[0] == '\0') {
 137  137                  authflags = SMB_AT_ANON;
 138  138          } else {
 139  139                  (void) smb_config_getnum(SMB_CI_LM_LEVEL, &lmcl);
 140  140                  if (lmcl <= 2) {
 141  141                          /* Send NTLM */
 142  142                          authflags = SMB_AT_NTLM1;
 143  143                  } else {
 144  144                          /* Send NTLMv2 */
 145  145                          authflags = SMB_AT_NTLM2;
 146  146                  }
 147  147                  smb_ipc_get_passwd(nthash, sizeof (nthash));
 148  148                  (void) smb_ctx_setpwhash(ctx, nthash, NULL);
 149  149          }
 150  150          (void) smb_ctx_setauthflags(ctx, authflags);

 151  151  
 152  152          /*
 153  153           * Do lookup, connect, session setup, tree connect.
 154  154           * Or find and reuse a session/tree, if one exists.
 155  155           */
 156  156          if ((err = smb_ctx_resolve(ctx)) != 0) {
 157  157                  err = NT_STATUS_BAD_NETWORK_PATH;
 158  158                  goto errout;
 159  159          }
 160  160          if ((err = smb_ctx_get_ssn(ctx)) != 0) {
 161      -                err = NT_STATUS_NETWORK_ACCESS_DENIED;
      161 +                switch (err) {
      162 +                case EAUTH:
      163 +                        err = NT_STATUS_NETWORK_ACCESS_DENIED;
      164 +                        break;
      165 +                default:
      166 +                        err = NT_STATUS_BAD_NETWORK_PATH;
      167 +                        break;
      168 +                }
 162  169                  goto errout;
 163  170          }
 164  171          if ((err = smb_ctx_get_tree(ctx)) != 0) {
 165  172                  err = NT_STATUS_BAD_NETWORK_NAME;
 166  173                  goto errout;
 167  174          }
 168  175  
 169  176          /* Success! */
 170  177          *ctx_p = ctx;
 171  178          return (0);
 172  179  
 173  180  errout:
 174  181          smb_ctx_free(ctx);
 175  182          return (err);
 176  183  }
    

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX