Print this page
NEX-17589 Get "too high" smbd error when copy big file to cifs share
Reviewed by: Joyce McIntosh <joyce.mcintosh@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
NEX-17795 SMB logon should tolerate idmap problems
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Joyce McIntosh <joyce.mcintosh@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
NEX-4083 Upstream changes from illumos 5917 and 5995
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
NEX-2461 smb_split_sid uses wrong allocation size
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/smbsrv/libsmb/common/smb_idmap.c
+++ new/usr/src/lib/smbsrv/libsmb/common/smb_idmap.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23 - * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
23 + * Copyright 2018 Nexenta Systems, Inc. All rights reserved.
24 24 */
25 25
26 26 /*
27 27 * SMB server interface to idmap
28 28 * (smb_idmap_get..., smb_idmap_batch_...)
29 29 *
30 - * There are three implementations of this interface:
31 - * uts/common/fs/smbsrv/smb_idmap.c (smbsrv kmod)
32 - * lib/smbsrv/libfksmbsrv/common/fksmb_idmap.c (libfksmbsrv)
33 - * lib/smbsrv/libsmb/common/smb_idmap.c (libsmb)
30 + * There are three implementations of this interface.
31 + * This is the libsmb version of these routines. See also:
32 + * $SRC/uts/common/fs/smbsrv/smb_idmap.c
33 + * $SRC/lib/smbsrv/libfksmbsrv/common/fksmb_idmap.c
34 34 *
35 35 * There are enough differences (relative to the code size)
36 36 * that it's more trouble than it's worth to merge them.
37 37 *
38 38 * This one differs from the others in that it:
39 39 * calls idmap interfaces (libidmap)
40 40 * domain SIDs returned are allocated
41 41 */
42 42
43 43 #include <syslog.h>
44 44 #include <strings.h>
45 45 #include <smbsrv/libsmb.h>
46 46
47 47 static int smb_idmap_batch_binsid(smb_idmap_batch_t *sib);
48 48
49 49 /*
50 50 * Report an idmap error.
51 51 */
52 52 void
53 53 smb_idmap_check(const char *s, idmap_stat stat)
54 54 {
55 55 if (stat != IDMAP_SUCCESS) {
56 56 if (s == NULL)
57 57 s = "smb_idmap_check";
58 58
59 59 syslog(LOG_ERR, "%s: %s", s, idmap_stat2string(stat));
60 60 }
61 61 }
62 62
63 63 /*
64 64 * smb_idmap_getsid
65 65 *
66 66 * Tries to get a mapping for the given uid/gid
67 67 * Allocates ->sim_domsid
68 68 */
69 69 idmap_stat
70 70 smb_idmap_getsid(uid_t id, int idtype, smb_sid_t **sid)
71 71 {
72 72 smb_idmap_batch_t sib;
73 73 idmap_stat stat;
74 74
75 75 stat = smb_idmap_batch_create(&sib, 1, SMB_IDMAP_ID2SID);
76 76 if (stat != IDMAP_SUCCESS)
77 77 return (stat);
78 78
79 79 stat = smb_idmap_batch_getsid(sib.sib_idmaph, &sib.sib_maps[0],
80 80 id, idtype);
81 81
82 82 if (stat != IDMAP_SUCCESS) {
83 83 smb_idmap_batch_destroy(&sib);
84 84 return (stat);
85 85 }
86 86
87 87 stat = smb_idmap_batch_getmappings(&sib);
88 88
89 89 if (stat != IDMAP_SUCCESS) {
90 90 smb_idmap_batch_destroy(&sib);
91 91 return (stat);
92 92 }
93 93
94 94 *sid = smb_sid_dup(sib.sib_maps[0].sim_sid);
95 95
96 96 smb_idmap_batch_destroy(&sib);
97 97
98 98 return (IDMAP_SUCCESS);
99 99 }
100 100
101 101 /*
102 102 * smb_idmap_getid
103 103 *
104 104 * Tries to get a mapping for the given SID
105 105 */
106 106 idmap_stat
107 107 smb_idmap_getid(smb_sid_t *sid, uid_t *id, int *id_type)
108 108 {
109 109 smb_idmap_batch_t sib;
110 110 smb_idmap_t *sim;
111 111 idmap_stat stat;
112 112
113 113 stat = smb_idmap_batch_create(&sib, 1, SMB_IDMAP_SID2ID);
114 114 if (stat != IDMAP_SUCCESS)
115 115 return (stat);
116 116
117 117 sim = &sib.sib_maps[0];
118 118 sim->sim_id = id;
119 119 stat = smb_idmap_batch_getid(sib.sib_idmaph, sim, sid, *id_type);
120 120 if (stat != IDMAP_SUCCESS) {
121 121 smb_idmap_batch_destroy(&sib);
122 122 return (stat);
123 123 }
124 124
125 125 stat = smb_idmap_batch_getmappings(&sib);
126 126
127 127 if (stat != IDMAP_SUCCESS) {
128 128 smb_idmap_batch_destroy(&sib);
129 129 return (stat);
130 130 }
131 131
132 132 *id_type = sim->sim_idtype;
133 133 smb_idmap_batch_destroy(&sib);
134 134
135 135 return (IDMAP_SUCCESS);
136 136 }
137 137
138 138 /*
139 139 * smb_idmap_batch_create
140 140 *
141 141 * Creates and initializes the context for batch ID mapping.
142 142 */
143 143 idmap_stat
144 144 smb_idmap_batch_create(smb_idmap_batch_t *sib, uint16_t nmap, int flags)
145 145 {
146 146 idmap_stat stat;
147 147
148 148 if (!sib)
149 149 return (IDMAP_ERR_ARG);
150 150
151 151 bzero(sib, sizeof (smb_idmap_batch_t));
152 152 stat = idmap_get_create(&sib->sib_idmaph);
153 153
154 154 if (stat != IDMAP_SUCCESS) {
155 155 smb_idmap_check("idmap_get_create", stat);
156 156 return (stat);
157 157 }
158 158
159 159 sib->sib_flags = flags;
160 160 sib->sib_nmap = nmap;
161 161 sib->sib_size = nmap * sizeof (smb_idmap_t);
162 162 sib->sib_maps = malloc(sib->sib_size);
163 163 if (!sib->sib_maps)
164 164 return (IDMAP_ERR_MEMORY);
165 165
166 166 bzero(sib->sib_maps, sib->sib_size);
167 167 return (IDMAP_SUCCESS);
168 168 }
169 169
170 170 /*
171 171 * smb_idmap_batch_destroy
172 172 *
173 173 * Frees the batch ID mapping context.
174 174 */
175 175 void
176 176 smb_idmap_batch_destroy(smb_idmap_batch_t *sib)
177 177 {
178 178 int i;
179 179
180 180 if (sib == NULL)
181 181 return;
182 182
183 183 if (sib->sib_idmaph) {
184 184 idmap_get_destroy(sib->sib_idmaph);
185 185 sib->sib_idmaph = NULL;
186 186 }
187 187
188 188 if (sib->sib_maps == NULL)
189 189 return;
|
↓ open down ↓ |
146 lines elided |
↑ open up ↑ |
190 190
191 191 if (sib->sib_flags & SMB_IDMAP_ID2SID) {
192 192 /*
193 193 * SIDs are allocated only when mapping
194 194 * UID/GID to SIDs
195 195 */
196 196 for (i = 0; i < sib->sib_nmap; i++) {
197 197 smb_sid_free(sib->sib_maps[i].sim_sid);
198 198 free(sib->sib_maps[i].sim_domsid);
199 199 }
200 + } else if (sib->sib_flags & SMB_IDMAP_SID2ID) {
201 + /*
202 + * SID prefixes are allocated only when mapping
203 + * SIDs to UID/GID
204 + */
205 + for (i = 0; i < sib->sib_nmap; i++) {
206 + free(sib->sib_maps[i].sim_domsid);
207 + }
200 208 }
201 209
202 210 if (sib->sib_size && sib->sib_maps) {
203 211 free(sib->sib_maps);
204 212 sib->sib_maps = NULL;
205 213 }
206 214 }
207 215
208 216 /*
209 217 * smb_idmap_batch_getid
210 218 *
211 219 * Queue a request to map the given SID to a UID or GID.
212 220 *
213 221 * sim->sim_id should point to variable that's supposed to
214 222 * hold the returned UID/GID. This needs to be setup by caller
215 223 * of this function.
216 224 * If requested ID type is known, it's passed as 'idtype',
217 225 * if it's unknown it'll be returned in sim->sim_idtype.
218 226 */
219 227 idmap_stat
220 228 smb_idmap_batch_getid(idmap_get_handle_t *idmaph, smb_idmap_t *sim,
221 229 smb_sid_t *sid, int idtype)
222 230 {
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
223 231 char sidstr[SMB_SID_STRSZ];
224 232 idmap_stat stat;
225 233 int flag = 0;
226 234
227 235 if (idmaph == NULL || sim == NULL || sid == NULL)
228 236 return (IDMAP_ERR_ARG);
229 237
230 238 smb_sid_tostr(sid, sidstr);
231 239 if (smb_sid_splitstr(sidstr, &sim->sim_rid) != 0)
232 240 return (IDMAP_ERR_SID);
233 - sim->sim_domsid = sidstr;
241 + /* Note: Free sim_domsid in smb_idmap_batch_destroy */
242 + sim->sim_domsid = strdup(sidstr);
234 243 sim->sim_idtype = idtype;
235 244
236 245 switch (idtype) {
237 246 case SMB_IDMAP_USER:
238 247 stat = idmap_get_uidbysid(idmaph, sim->sim_domsid,
239 248 sim->sim_rid, flag, sim->sim_id, &sim->sim_stat);
240 249 smb_idmap_check("idmap_get_uidbysid", stat);
241 250 break;
242 251
243 252 case SMB_IDMAP_GROUP:
244 253 stat = idmap_get_gidbysid(idmaph, sim->sim_domsid,
245 254 sim->sim_rid, flag, sim->sim_id, &sim->sim_stat);
246 255 smb_idmap_check("idmap_get_gidbysid", stat);
247 256 break;
248 257
249 258 case SMB_IDMAP_UNKNOWN:
250 259 stat = idmap_get_pidbysid(idmaph, sim->sim_domsid,
|
↓ open down ↓ |
7 lines elided |
↑ open up ↑ |
251 260 sim->sim_rid, flag, sim->sim_id, &sim->sim_idtype,
252 261 &sim->sim_stat);
253 262 smb_idmap_check("idmap_get_pidbysid", stat);
254 263 break;
255 264
256 265 default:
257 266 stat = IDMAP_ERR_ARG;
258 267 break;
259 268 }
260 269
261 - /* This was copied by idmap_get_Xbysid. */
262 - sim->sim_domsid = NULL;
263 -
264 270 return (stat);
265 271 }
266 272
267 273 /*
268 274 * smb_idmap_batch_getsid
269 275 *
270 276 * Queue a request to map the given UID/GID to a SID.
271 277 *
272 278 * sim->sim_domsid and sim->sim_rid will contain the mapping
273 279 * result upon successful process of the batched request.
280 + * Stash the type for error reporting (caller saves the ID).
281 + *
274 282 * NB: sim_domsid allocated by strdup, here or in libidmap
275 283 */
276 284 idmap_stat
277 285 smb_idmap_batch_getsid(idmap_get_handle_t *idmaph, smb_idmap_t *sim,
278 286 uid_t id, int idtype)
279 287 {
280 288 idmap_stat stat;
281 289 int flag = 0;
282 290
283 291 if (!idmaph || !sim)
284 292 return (IDMAP_ERR_ARG);
285 293
294 + sim->sim_idtype = idtype;
286 295 switch (idtype) {
287 296 case SMB_IDMAP_USER:
288 297 stat = idmap_get_sidbyuid(idmaph, id, flag,
289 298 &sim->sim_domsid, &sim->sim_rid, &sim->sim_stat);
290 299 smb_idmap_check("idmap_get_sidbyuid", stat);
291 300 break;
292 301
293 302 case SMB_IDMAP_GROUP:
294 303 stat = idmap_get_sidbygid(idmaph, id, flag,
295 304 &sim->sim_domsid, &sim->sim_rid, &sim->sim_stat);
296 305 smb_idmap_check("idmap_get_sidbygid", stat);
297 306 break;
298 307
299 308 case SMB_IDMAP_OWNERAT:
300 309 /* Current Owner S-1-5-32-766 */
301 310 sim->sim_domsid = strdup(NT_BUILTIN_DOMAIN_SIDSTR);
302 311 sim->sim_rid = SECURITY_CURRENT_OWNER_RID;
303 312 sim->sim_stat = IDMAP_SUCCESS;
304 313 stat = IDMAP_SUCCESS;
305 314 break;
306 315
307 316 case SMB_IDMAP_GROUPAT:
308 317 /* Current Group S-1-5-32-767 */
309 318 sim->sim_domsid = strdup(NT_BUILTIN_DOMAIN_SIDSTR);
310 319 sim->sim_rid = SECURITY_CURRENT_GROUP_RID;
311 320 sim->sim_stat = IDMAP_SUCCESS;
312 321 stat = IDMAP_SUCCESS;
313 322 break;
314 323
315 324 case SMB_IDMAP_EVERYONE:
316 325 /* Everyone S-1-1-0 */
317 326 sim->sim_domsid = strdup(NT_WORLD_AUTH_SIDSTR);
318 327 sim->sim_rid = 0;
319 328 sim->sim_stat = IDMAP_SUCCESS;
|
↓ open down ↓ |
24 lines elided |
↑ open up ↑ |
320 329 stat = IDMAP_SUCCESS;
321 330 break;
322 331
323 332 default:
324 333 return (IDMAP_ERR_ARG);
325 334 }
326 335
327 336 return (stat);
328 337 }
329 338
339 +static void
340 +smb_idmap_bgm_report(smb_idmap_batch_t *sib, smb_idmap_t *sim)
341 +{
342 +
343 + if ((sib->sib_flags & SMB_IDMAP_ID2SID) != 0) {
344 + /*
345 + * Note: The ID and type we asked idmap to map
346 + * were saved in *sim_id and sim_idtype.
347 + */
348 + uint_t id = (sim->sim_id == NULL) ?
349 + 0 : (uint_t)*sim->sim_id;
350 + syslog(LOG_ERR, "Can't get SID for "
351 + "ID=%u type=%d, status=%d",
352 + id, sim->sim_idtype, sim->sim_stat);
353 + }
354 +
355 + if ((sib->sib_flags & SMB_IDMAP_SID2ID) != 0) {
356 + syslog(LOG_ERR, "Can't get ID for SID %s-%u, status=%d",
357 + sim->sim_domsid, sim->sim_rid, sim->sim_stat);
358 + }
359 +}
360 +
330 361 /*
331 362 * smb_idmap_batch_getmappings
332 363 *
333 364 * trigger ID mapping service to get the mappings for queued
334 365 * requests.
335 366 *
336 367 * Checks the result of all the queued requests.
337 368 */
338 369 idmap_stat
339 370 smb_idmap_batch_getmappings(smb_idmap_batch_t *sib)
340 371 {
341 372 idmap_stat stat = IDMAP_SUCCESS;
342 373 smb_idmap_t *sim;
343 374 int i;
344 375
|
↓ open down ↓ |
5 lines elided |
↑ open up ↑ |
345 376 if ((stat = idmap_get_mappings(sib->sib_idmaph)) != IDMAP_SUCCESS) {
346 377 smb_idmap_check("idmap_get_mappings", stat);
347 378 return (stat);
348 379 }
349 380
350 381 /*
351 382 * Check the status for all the queued requests
352 383 */
353 384 for (i = 0, sim = sib->sib_maps; i < sib->sib_nmap; i++, sim++) {
354 385 if (sim->sim_stat != IDMAP_SUCCESS) {
355 - if (sib->sib_flags == SMB_IDMAP_SID2ID) {
356 - smb_tracef("[%d] %d (%d)", sim->sim_idtype,
357 - sim->sim_rid, sim->sim_stat);
386 + smb_idmap_bgm_report(sib, sim);
387 + if ((sib->sib_flags & SMB_IDMAP_SKIP_ERRS) == 0) {
388 + return (sim->sim_stat);
358 389 }
359 - return (sim->sim_stat);
360 390 }
361 391 }
362 392
363 393 if (smb_idmap_batch_binsid(sib) != 0)
364 394 stat = IDMAP_ERR_OTHER;
365 395
366 396 return (stat);
367 397 }
368 398
369 399 /*
370 400 * smb_idmap_batch_binsid
371 401 *
372 402 * Convert sidrids to binary sids
373 403 *
374 404 * Returns 0 if successful and non-zero upon failure.
375 405 */
376 406 static int
377 407 smb_idmap_batch_binsid(smb_idmap_batch_t *sib)
378 408 {
379 409 smb_sid_t *sid;
380 410 smb_idmap_t *sim;
381 411 int i;
382 412
383 413 if (sib->sib_flags & SMB_IDMAP_SID2ID)
384 414 /* This operation is not required */
385 415 return (0);
386 416
387 417 sim = sib->sib_maps;
388 418 for (i = 0; i < sib->sib_nmap; sim++, i++) {
389 419 if (sim->sim_domsid == NULL)
390 420 return (-1);
391 421
392 422 sid = smb_sid_fromstr(sim->sim_domsid);
393 423 if (sid == NULL)
394 424 return (-1);
395 425
396 426 sim->sim_sid = smb_sid_splice(sid, sim->sim_rid);
397 427 smb_sid_free(sid);
398 428 }
399 429
400 430 return (0);
401 431 }
|
↓ open down ↓ |
32 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX