5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 *
25 * Copyright 2013 Nexenta Systems, Inc. All rights reserved.
26 */
27
28 #include <strings.h>
29 #include <smbsrv/libsmb.h>
30
31 extern int smb_pwd_num(void);
32 extern int smb_lgrp_numbydomain(smb_domain_type_t, int *);
33
34 static uint32_t smb_sam_lookup_user(char *, smb_sid_t **);
35 static uint32_t smb_sam_lookup_group(char *, smb_sid_t **);
36
37 /*
38 * Local well-known accounts data structure table and prototypes
39 */
40 typedef struct smb_lwka {
41 uint32_t lwka_rid;
42 char *lwka_name;
43 uint16_t lwka_type;
44 } smb_lwka_t;
45
242 if (!smb_sid_indomain(di.di_binsid, sid)) {
243 /* This is not a local SID */
244 return (NT_STATUS_NOT_FOUND);
245 }
246
247 if ((lwka = smb_lwka_lookup_sid(sid)) != NULL) {
248 account->a_type = lwka->lwka_type;
249 account->a_name = strdup(lwka->lwka_name);
250 } else {
251 id_type = SMB_IDMAP_UNKNOWN;
252 if (smb_idmap_getid(sid, &id, &id_type) != IDMAP_SUCCESS)
253 return (NT_STATUS_NONE_MAPPED);
254
255 switch (id_type) {
256 case SMB_IDMAP_USER:
257 account->a_type = SidTypeUser;
258 if (smb_pwd_getpwuid(id, &smbpw) == NULL)
259 return (NT_STATUS_NO_SUCH_USER);
260
261 account->a_name = strdup(smbpw.pw_name);
262 break;
263
264 case SMB_IDMAP_GROUP:
265 account->a_type = SidTypeAlias;
266 (void) smb_sid_getrid(sid, &rid);
267 rc = smb_lgrp_getbyrid(rid, SMB_DOMAIN_LOCAL, &grp);
268 if (rc != SMB_LGRP_SUCCESS)
269 return (NT_STATUS_NO_SUCH_ALIAS);
270
271 account->a_name = strdup(grp.sg_name);
272 smb_lgrp_free(&grp);
273 break;
274
275 default:
276 return (NT_STATUS_NONE_MAPPED);
277 }
278 }
279
280 if (smb_getnetbiosname(hostname, MAXHOSTNAMELEN) == 0)
281 account->a_domain = strdup(hostname);
460 /*
461 * Determines whether the given SID is a member of the group
462 * specified by gname.
463 */
464 boolean_t
465 smb_sam_grp_ismember(const char *gname, smb_sid_t *sid)
466 {
467 smb_group_t grp;
468 boolean_t ismember = B_FALSE;
469
470 if (smb_lgrp_getbyname((char *)gname, &grp) == SMB_LGRP_SUCCESS) {
471 ismember = smb_lgrp_is_member(&grp, sid);
472 smb_lgrp_free(&grp);
473 }
474
475 return (ismember);
476 }
477
478 /*
479 * Frees memories allocated for the passed account fields.
480 */
481 void
482 smb_account_free(smb_account_t *account)
483 {
484 free(account->a_name);
485 free(account->a_domain);
486 smb_sid_free(account->a_sid);
487 smb_sid_free(account->a_domsid);
488 }
489
490 /*
491 * Validates the given account.
492 */
493 boolean_t
494 smb_account_validate(smb_account_t *account)
495 {
496 return ((account->a_name != NULL) && (account->a_sid != NULL) &&
497 (account->a_domain != NULL) && (account->a_domsid != NULL));
498 }
499
500 /*
501 * Lookup local SMB user account database (/var/smb/smbpasswd)
502 * if there's a match query its SID from idmap service and make
503 * sure the SID is a local SID.
504 *
505 * The memory for the returned SID must be freed by the caller.
506 */
507 static uint32_t
|
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 *
25 * Copyright 2017 Nexenta Systems, Inc. All rights reserved.
26 * Copyright 2018 RackTop Systems.
27 */
28
29 #include <strings.h>
30 #include <smbsrv/libsmb.h>
31
32 extern int smb_pwd_num(void);
33 extern int smb_lgrp_numbydomain(smb_domain_type_t, int *);
34
35 static uint32_t smb_sam_lookup_user(char *, smb_sid_t **);
36 static uint32_t smb_sam_lookup_group(char *, smb_sid_t **);
37
38 /*
39 * Local well-known accounts data structure table and prototypes
40 */
41 typedef struct smb_lwka {
42 uint32_t lwka_rid;
43 char *lwka_name;
44 uint16_t lwka_type;
45 } smb_lwka_t;
46
243 if (!smb_sid_indomain(di.di_binsid, sid)) {
244 /* This is not a local SID */
245 return (NT_STATUS_NOT_FOUND);
246 }
247
248 if ((lwka = smb_lwka_lookup_sid(sid)) != NULL) {
249 account->a_type = lwka->lwka_type;
250 account->a_name = strdup(lwka->lwka_name);
251 } else {
252 id_type = SMB_IDMAP_UNKNOWN;
253 if (smb_idmap_getid(sid, &id, &id_type) != IDMAP_SUCCESS)
254 return (NT_STATUS_NONE_MAPPED);
255
256 switch (id_type) {
257 case SMB_IDMAP_USER:
258 account->a_type = SidTypeUser;
259 if (smb_pwd_getpwuid(id, &smbpw) == NULL)
260 return (NT_STATUS_NO_SUCH_USER);
261
262 account->a_name = strdup(smbpw.pw_name);
263 account->a_flags = smbpw.pw_flags;
264 break;
265
266 case SMB_IDMAP_GROUP:
267 account->a_type = SidTypeAlias;
268 (void) smb_sid_getrid(sid, &rid);
269 rc = smb_lgrp_getbyrid(rid, SMB_DOMAIN_LOCAL, &grp);
270 if (rc != SMB_LGRP_SUCCESS)
271 return (NT_STATUS_NO_SUCH_ALIAS);
272
273 account->a_name = strdup(grp.sg_name);
274 smb_lgrp_free(&grp);
275 break;
276
277 default:
278 return (NT_STATUS_NONE_MAPPED);
279 }
280 }
281
282 if (smb_getnetbiosname(hostname, MAXHOSTNAMELEN) == 0)
283 account->a_domain = strdup(hostname);
462 /*
463 * Determines whether the given SID is a member of the group
464 * specified by gname.
465 */
466 boolean_t
467 smb_sam_grp_ismember(const char *gname, smb_sid_t *sid)
468 {
469 smb_group_t grp;
470 boolean_t ismember = B_FALSE;
471
472 if (smb_lgrp_getbyname((char *)gname, &grp) == SMB_LGRP_SUCCESS) {
473 ismember = smb_lgrp_is_member(&grp, sid);
474 smb_lgrp_free(&grp);
475 }
476
477 return (ismember);
478 }
479
480 /*
481 * Frees memories allocated for the passed account fields.
482 * Initializes @account after all.
483 */
484 void
485 smb_account_free(smb_account_t *account)
486 {
487 free(account->a_name);
488 free(account->a_domain);
489 smb_sid_free(account->a_sid);
490 smb_sid_free(account->a_domsid);
491
492 bzero(account, sizeof (smb_account_t));
493 }
494
495 /*
496 * Validates the given account.
497 */
498 boolean_t
499 smb_account_validate(smb_account_t *account)
500 {
501 return ((account->a_name != NULL) && (account->a_sid != NULL) &&
502 (account->a_domain != NULL) && (account->a_domsid != NULL));
503 }
504
505 /*
506 * Lookup local SMB user account database (/var/smb/smbpasswd)
507 * if there's a match query its SID from idmap service and make
508 * sure the SID is a local SID.
509 *
510 * The memory for the returned SID must be freed by the caller.
511 */
512 static uint32_t
|