1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
24 */
25
26 /*
27 * CIFS configuration management library
28 */
29
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <unistd.h>
33 #include <synch.h>
34 #include <string.h>
35 #include <strings.h>
36 #include <syslog.h>
37 #include <netdb.h>
38 #include <ctype.h>
39 #include <sys/types.h>
40 #include <libscf.h>
41 #include <assert.h>
42 #include <uuid/uuid.h>
43 #include <smbsrv/libsmb.h>
44
45 typedef struct smb_cfg_param {
46 smb_cfg_id_t sc_id;
47 char *sc_name;
48 int sc_type;
49 uint32_t sc_flags;
50 } smb_cfg_param_t;
51
52 struct str_val {
53 char *str;
54 uint32_t val;
55 };
56
57 /*
58 * config parameter flags
59 */
60 #define SMB_CF_PROTECTED 0x01
61 #define SMB_CF_EXEC 0x02
62
63 /* idmap SMF fmri and Property Group */
64 #define IDMAP_FMRI_PREFIX "system/idmap"
65 #define MACHINE_SID "machine_sid"
66 #define MACHINE_UUID "machine_uuid"
67 #define IDMAP_DOMAIN "domain_name"
68 #define IDMAP_PREF_DC "preferred_dc"
69 #define IDMAP_PG_NAME "config"
70
71 #define SMB_SECMODE_WORKGRP_STR "workgroup"
72 #define SMB_SECMODE_DOMAIN_STR "domain"
73
74 #define SMB_ENC_LEN 1024
75 #define SMB_DEC_LEN 256
76
77 static char *b64_data =
78 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
79
80 static smb_cfg_param_t smb_cfg_table[] =
81 {
82 {SMB_CI_VERSION, "sv_version", SCF_TYPE_ASTRING, 0},
83
84 /* Oplock configuration, Kernel Only */
85 {SMB_CI_OPLOCK_ENABLE, "oplock_enable", SCF_TYPE_BOOLEAN, 0},
86
87 /* Autohome configuration */
88 {SMB_CI_AUTOHOME_MAP, "autohome_map", SCF_TYPE_ASTRING, 0},
89
90 /* Domain/PDC configuration */
91 {SMB_CI_DOMAIN_SID, "domain_sid", SCF_TYPE_ASTRING, 0},
92 {SMB_CI_DOMAIN_MEMB, "domain_member", SCF_TYPE_BOOLEAN, 0},
93 {SMB_CI_DOMAIN_NAME, "domain_name", SCF_TYPE_ASTRING, 0},
94 {SMB_CI_DOMAIN_FQDN, "fqdn", SCF_TYPE_ASTRING, 0},
95 {SMB_CI_DOMAIN_FOREST, "forest", SCF_TYPE_ASTRING, 0},
96 {SMB_CI_DOMAIN_GUID, "domain_guid", SCF_TYPE_ASTRING, 0},
97 {SMB_CI_DOMAIN_SRV, "pdc", SCF_TYPE_ASTRING, 0},
98
99 /* WINS configuration */
100 {SMB_CI_WINS_SRV1, "wins_server_1", SCF_TYPE_ASTRING, 0},
101 {SMB_CI_WINS_SRV2, "wins_server_2", SCF_TYPE_ASTRING, 0},
102 {SMB_CI_WINS_EXCL, "wins_exclude", SCF_TYPE_ASTRING, 0},
103
104 /* Kmod specific configuration */
105 {SMB_CI_MAX_WORKERS, "max_workers", SCF_TYPE_INTEGER, 0},
106 {SMB_CI_MAX_CONNECTIONS, "max_connections", SCF_TYPE_INTEGER, 0},
107 {SMB_CI_KEEPALIVE, "keep_alive", SCF_TYPE_INTEGER, 0},
108 {SMB_CI_RESTRICT_ANON, "restrict_anonymous", SCF_TYPE_BOOLEAN, 0},
109
110 {SMB_CI_SIGNING_ENABLE, "signing_enabled", SCF_TYPE_BOOLEAN, 0},
111 {SMB_CI_SIGNING_REQD, "signing_required", SCF_TYPE_BOOLEAN, 0},
112
113 /* Kmod tuning configuration */
114 {SMB_CI_SYNC_ENABLE, "sync_enable", SCF_TYPE_BOOLEAN, 0},
115
116 /* SMBd configuration */
117 {SMB_CI_SECURITY, "security", SCF_TYPE_ASTRING, 0},
118 {SMB_CI_NETBIOS_ENABLE, "netbios_enable", SCF_TYPE_BOOLEAN, 0},
119 {SMB_CI_NBSCOPE, "netbios_scope", SCF_TYPE_ASTRING, 0},
120 {SMB_CI_SYS_CMNT, "system_comment", SCF_TYPE_ASTRING, 0},
121 {SMB_CI_LM_LEVEL, "lmauth_level", SCF_TYPE_INTEGER, 0},
122
123 /* ADS Configuration */
124 {SMB_CI_ADS_SITE, "ads_site", SCF_TYPE_ASTRING, 0},
125
126 /* Dynamic DNS */
127 {SMB_CI_DYNDNS_ENABLE, "ddns_enable", SCF_TYPE_BOOLEAN, 0},
128
129 {SMB_CI_MACHINE_PASSWD, "machine_passwd", SCF_TYPE_ASTRING,
130 SMB_CF_PROTECTED},
131
132 {SMB_CI_MACHINE_UUID, "machine_uuid", SCF_TYPE_ASTRING, 0},
133 {SMB_CI_KPASSWD_SRV, "kpasswd_server", SCF_TYPE_ASTRING, 0},
134 {SMB_CI_KPASSWD_DOMAIN, "kpasswd_domain", SCF_TYPE_ASTRING, 0},
135 {SMB_CI_KPASSWD_SEQNUM, "kpasswd_seqnum", SCF_TYPE_INTEGER, 0},
136 {SMB_CI_NETLOGON_SEQNUM, "netlogon_seqnum", SCF_TYPE_INTEGER, 0},
137 {SMB_CI_IPV6_ENABLE, "ipv6_enable", SCF_TYPE_BOOLEAN, 0},
138 {SMB_CI_PRINT_ENABLE, "print_enable", SCF_TYPE_BOOLEAN, 0},
139 {SMB_CI_MAP, "map", SCF_TYPE_ASTRING, SMB_CF_EXEC},
140 {SMB_CI_UNMAP, "unmap", SCF_TYPE_ASTRING, SMB_CF_EXEC},
141 {SMB_CI_DISPOSITION, "disposition", SCF_TYPE_ASTRING, SMB_CF_EXEC},
142 {SMB_CI_DFS_STDROOT_NUM, "dfs_stdroot_num", SCF_TYPE_INTEGER, 0},
143 {SMB_CI_TRAVERSE_MOUNTS, "traverse_mounts", SCF_TYPE_BOOLEAN, 0},
144 {SMB_CI_SMB2_ENABLE_OLD, "smb2_enable", SCF_TYPE_BOOLEAN, 0},
145 {SMB_CI_INITIAL_CREDITS, "initial_credits", SCF_TYPE_INTEGER, 0},
146 {SMB_CI_MAXIMUM_CREDITS, "maximum_credits", SCF_TYPE_INTEGER, 0},
147 {SMB_CI_MAX_PROTOCOL, "max_protocol", SCF_TYPE_ASTRING, 0},
148
149 /* SMB_CI_MAX */
150 };
151
152 static smb_cfg_param_t *smb_config_getent(smb_cfg_id_t);
153
154 static boolean_t smb_is_base64(unsigned char c);
155 static char *smb_base64_encode(char *str_to_encode);
156 static char *smb_base64_decode(char *encoded_str);
157 static int smb_config_get_idmap_preferred_dc(char *, int);
158 static int smb_config_set_idmap_preferred_dc(char *);
159
160 char *
smb_config_getname(smb_cfg_id_t id)161 smb_config_getname(smb_cfg_id_t id)
162 {
163 smb_cfg_param_t *cfg;
164 cfg = smb_config_getent(id);
165 return (cfg->sc_name);
166 }
167
168 static boolean_t
smb_is_base64(unsigned char c)169 smb_is_base64(unsigned char c)
170 {
171 return (isalnum(c) || (c == '+') || (c == '/'));
172 }
173
174 /*
175 * smb_base64_encode
176 *
177 * Encode a string using base64 algorithm.
178 * Caller should free the returned buffer when done.
179 */
180 static char *
smb_base64_encode(char * str_to_encode)181 smb_base64_encode(char *str_to_encode)
182 {
183 int ret_cnt = 0;
184 int i = 0, j = 0;
185 char arr_3[3], arr_4[4];
186 int len = strlen(str_to_encode);
187 char *ret = malloc(SMB_ENC_LEN);
188
189 if (ret == NULL) {
190 return (NULL);
191 }
192
193 while (len--) {
194 arr_3[i++] = *(str_to_encode++);
195 if (i == 3) {
196 arr_4[0] = (arr_3[0] & 0xfc) >> 2;
197 arr_4[1] = ((arr_3[0] & 0x03) << 4) +
198 ((arr_3[1] & 0xf0) >> 4);
199 arr_4[2] = ((arr_3[1] & 0x0f) << 2) +
200 ((arr_3[2] & 0xc0) >> 6);
201 arr_4[3] = arr_3[2] & 0x3f;
202
203 for (i = 0; i < 4; i++)
204 ret[ret_cnt++] = b64_data[arr_4[i]];
205 i = 0;
206 }
207 }
208
209 if (i) {
210 for (j = i; j < 3; j++)
211 arr_3[j] = '\0';
212
213 arr_4[0] = (arr_3[0] & 0xfc) >> 2;
214 arr_4[1] = ((arr_3[0] & 0x03) << 4) +
215 ((arr_3[1] & 0xf0) >> 4);
216 arr_4[2] = ((arr_3[1] & 0x0f) << 2) +
217 ((arr_3[2] & 0xc0) >> 6);
218 arr_4[3] = arr_3[2] & 0x3f;
219
220 for (j = 0; j < (i + 1); j++)
221 ret[ret_cnt++] = b64_data[arr_4[j]];
222
223 while (i++ < 3)
224 ret[ret_cnt++] = '=';
225 }
226
227 ret[ret_cnt++] = '\0';
228 return (ret);
229 }
230
231 /*
232 * smb_base64_decode
233 *
234 * Decode using base64 algorithm.
235 * Caller should free the returned buffer when done.
236 */
237 static char *
smb_base64_decode(char * encoded_str)238 smb_base64_decode(char *encoded_str)
239 {
240 int len = strlen(encoded_str);
241 int i = 0, j = 0;
242 int en_ind = 0;
243 char arr_4[4], arr_3[3];
244 int ret_cnt = 0;
245 char *ret = malloc(SMB_DEC_LEN);
246 char *p;
247
248 if (ret == NULL) {
249 return (NULL);
250 }
251
252 while (len-- && (encoded_str[en_ind] != '=') &&
253 smb_is_base64(encoded_str[en_ind])) {
254 arr_4[i++] = encoded_str[en_ind];
255 en_ind++;
256 if (i == 4) {
257 for (i = 0; i < 4; i++) {
258 if ((p = strchr(b64_data, arr_4[i])) == NULL)
259 return (NULL);
260
261 arr_4[i] = (int)(p - b64_data);
262 }
263
264 arr_3[0] = (arr_4[0] << 2) +
265 ((arr_4[1] & 0x30) >> 4);
266 arr_3[1] = ((arr_4[1] & 0xf) << 4) +
267 ((arr_4[2] & 0x3c) >> 2);
268 arr_3[2] = ((arr_4[2] & 0x3) << 6) +
269 arr_4[3];
270
271 for (i = 0; i < 3; i++)
272 ret[ret_cnt++] = arr_3[i];
273
274 i = 0;
275 }
276 }
277
278 if (i) {
279 for (j = i; j < 4; j++)
280 arr_4[j] = 0;
281
282 for (j = 0; j < 4; j++) {
283 if ((p = strchr(b64_data, arr_4[j])) == NULL)
284 return (NULL);
285
286 arr_4[j] = (int)(p - b64_data);
287 }
288 arr_3[0] = (arr_4[0] << 2) +
289 ((arr_4[1] & 0x30) >> 4);
290 arr_3[1] = ((arr_4[1] & 0xf) << 4) +
291 ((arr_4[2] & 0x3c) >> 2);
292 arr_3[2] = ((arr_4[2] & 0x3) << 6) +
293 arr_4[3];
294 for (j = 0; j < (i - 1); j++)
295 ret[ret_cnt++] = arr_3[j];
296 }
297
298 ret[ret_cnt++] = '\0';
299 return (ret);
300 }
301
302 static char *
smb_config_getenv_generic(char * name,char * svc_fmri_prefix,char * svc_propgrp)303 smb_config_getenv_generic(char *name, char *svc_fmri_prefix, char *svc_propgrp)
304 {
305 smb_scfhandle_t *handle;
306 char *value;
307
308 if ((value = malloc(MAX_VALUE_BUFLEN * sizeof (char))) == NULL)
309 return (NULL);
310
311 handle = smb_smf_scf_init(svc_fmri_prefix);
312 if (handle == NULL) {
313 free(value);
314 return (NULL);
315 }
316
317 (void) smb_smf_create_service_pgroup(handle, svc_propgrp);
318
319 if (smb_smf_get_string_property(handle, name, value,
320 sizeof (char) * MAX_VALUE_BUFLEN) != 0) {
321 smb_smf_scf_fini(handle);
322 free(value);
323 return (NULL);
324 }
325
326 smb_smf_scf_fini(handle);
327 return (value);
328
329 }
330
331 static int
smb_config_setenv_generic(char * svc_fmri_prefix,char * svc_propgrp,char * name,char * value)332 smb_config_setenv_generic(char *svc_fmri_prefix, char *svc_propgrp,
333 char *name, char *value)
334 {
335 smb_scfhandle_t *handle = NULL;
336 int rc = 0;
337
338
339 handle = smb_smf_scf_init(svc_fmri_prefix);
340 if (handle == NULL) {
341 return (1);
342 }
343
344 (void) smb_smf_create_service_pgroup(handle, svc_propgrp);
345
346 if (smb_smf_start_transaction(handle) != SMBD_SMF_OK) {
347 smb_smf_scf_fini(handle);
348 return (1);
349 }
350
351 if (smb_smf_set_string_property(handle, name, value) != SMBD_SMF_OK)
352 rc = 1;
353
354 if (smb_smf_end_transaction(handle) != SMBD_SMF_OK)
355 rc = 1;
356
357 smb_smf_scf_fini(handle);
358 return (rc);
359 }
360
361 /*
362 * smb_config_getstr
363 *
364 * Fetch the specified string configuration item from SMF
365 */
366 int
smb_config_getstr(smb_cfg_id_t id,char * cbuf,int bufsz)367 smb_config_getstr(smb_cfg_id_t id, char *cbuf, int bufsz)
368 {
369 smb_scfhandle_t *handle;
370 smb_cfg_param_t *cfg;
371 int rc = SMBD_SMF_OK;
372 char *pg;
373 char protbuf[SMB_ENC_LEN];
374 char *tmp;
375
376 *cbuf = '\0';
377 cfg = smb_config_getent(id);
378 assert(cfg->sc_type == SCF_TYPE_ASTRING);
379
380 if (id == SMB_CI_DOMAIN_SRV)
381 return (smb_config_get_idmap_preferred_dc(cbuf, bufsz));
382
383 handle = smb_smf_scf_init(SMBD_FMRI_PREFIX);
384 if (handle == NULL)
385 return (SMBD_SMF_SYSTEM_ERR);
386
387 if (cfg->sc_flags & SMB_CF_PROTECTED) {
388 if ((rc = smb_smf_create_service_pgroup(handle,
389 SMBD_PROTECTED_PG_NAME)) != SMBD_SMF_OK)
390 goto error;
391
392 if ((rc = smb_smf_get_string_property(handle, cfg->sc_name,
393 protbuf, sizeof (protbuf))) != SMBD_SMF_OK)
394 goto error;
395
396 if (*protbuf != '\0') {
397 tmp = smb_base64_decode(protbuf);
398 (void) strlcpy(cbuf, tmp, bufsz);
399 free(tmp);
400 }
401 } else {
402 pg = (cfg->sc_flags & SMB_CF_EXEC) ? SMBD_EXEC_PG_NAME :
403 SMBD_PG_NAME;
404 rc = smb_smf_create_service_pgroup(handle, pg);
405 if (rc == SMBD_SMF_OK)
406 rc = smb_smf_get_string_property(handle, cfg->sc_name,
407 cbuf, bufsz);
408 }
409
410 error:
411 smb_smf_scf_fini(handle);
412 return (rc);
413 }
414
415 /*
416 * Translate the value of an astring SMF property into a binary
417 * IP address. If the value is neither a valid IPv4 nor IPv6
418 * address, attempt to look it up as a hostname using the
419 * configured address type.
420 */
421 int
smb_config_getip(smb_cfg_id_t sc_id,smb_inaddr_t * ipaddr)422 smb_config_getip(smb_cfg_id_t sc_id, smb_inaddr_t *ipaddr)
423 {
424 int rc, error;
425 int a_family;
426 char ipstr[MAXHOSTNAMELEN];
427 struct hostent *h;
428 smb_cfg_param_t *cfg;
429
430 if (ipaddr == NULL)
431 return (SMBD_SMF_INVALID_ARG);
432
433 bzero(ipaddr, sizeof (smb_inaddr_t));
434 rc = smb_config_getstr(sc_id, ipstr, sizeof (ipstr));
435 if (rc == SMBD_SMF_OK) {
436 if (*ipstr == '\0')
437 return (SMBD_SMF_INVALID_ARG);
438
439 if (inet_pton(AF_INET, ipstr, &ipaddr->a_ipv4) == 1) {
440 ipaddr->a_family = AF_INET;
441 return (SMBD_SMF_OK);
442 }
443
444 if (inet_pton(AF_INET6, ipstr, &ipaddr->a_ipv6) == 1) {
445 ipaddr->a_family = AF_INET6;
446 return (SMBD_SMF_OK);
447 }
448
449 /*
450 * The value is neither an IPv4 nor IPv6 address;
451 * so check if it's a hostname.
452 */
453 a_family = smb_config_getbool(SMB_CI_IPV6_ENABLE) ?
454 AF_INET6 : AF_INET;
455 h = getipnodebyname(ipstr, a_family, AI_DEFAULT,
456 &error);
457 if (h != NULL) {
458 bcopy(*(h->h_addr_list), &ipaddr->a_ip,
459 h->h_length);
460 ipaddr->a_family = a_family;
461 freehostent(h);
462 rc = SMBD_SMF_OK;
463 } else {
464 cfg = smb_config_getent(sc_id);
465 syslog(LOG_ERR, "smbd/%s: %s unable to get %s "
466 "address: %d", cfg->sc_name, ipstr,
467 a_family == AF_INET ? "IPv4" : "IPv6", error);
468 rc = SMBD_SMF_INVALID_ARG;
469 }
470 }
471
472 return (rc);
473 }
474
475 /*
476 * smb_config_getnum
477 *
478 * Returns the value of a numeric config param.
479 */
480 int
smb_config_getnum(smb_cfg_id_t id,int64_t * cint)481 smb_config_getnum(smb_cfg_id_t id, int64_t *cint)
482 {
483 smb_scfhandle_t *handle;
484 smb_cfg_param_t *cfg;
485 int rc = SMBD_SMF_OK;
486
487 *cint = 0;
488 cfg = smb_config_getent(id);
489 assert(cfg->sc_type == SCF_TYPE_INTEGER);
490
491 handle = smb_smf_scf_init(SMBD_FMRI_PREFIX);
492 if (handle == NULL)
493 return (SMBD_SMF_SYSTEM_ERR);
494
495 rc = smb_smf_create_service_pgroup(handle, SMBD_PG_NAME);
496 if (rc == SMBD_SMF_OK)
497 rc = smb_smf_get_integer_property(handle, cfg->sc_name, cint);
498 smb_smf_scf_fini(handle);
499
500 return (rc);
501 }
502
503 /*
504 * smb_config_getbool
505 *
506 * Returns the value of a boolean config param.
507 */
508 boolean_t
smb_config_getbool(smb_cfg_id_t id)509 smb_config_getbool(smb_cfg_id_t id)
510 {
511 smb_scfhandle_t *handle;
512 smb_cfg_param_t *cfg;
513 int rc = SMBD_SMF_OK;
514 uint8_t vbool;
515
516 cfg = smb_config_getent(id);
517 assert(cfg->sc_type == SCF_TYPE_BOOLEAN);
518
519 handle = smb_smf_scf_init(SMBD_FMRI_PREFIX);
520 if (handle == NULL)
521 return (B_FALSE);
522
523 rc = smb_smf_create_service_pgroup(handle, SMBD_PG_NAME);
524 if (rc == SMBD_SMF_OK)
525 rc = smb_smf_get_boolean_property(handle, cfg->sc_name, &vbool);
526 smb_smf_scf_fini(handle);
527
528 return ((rc == SMBD_SMF_OK) ? (vbool == 1) : B_FALSE);
529 }
530
531 /*
532 * smb_config_get
533 *
534 * This function returns the value of the requested config
535 * iterm regardless of its type in string format. This should
536 * be used when the config item type is not known by the caller.
537 */
538 int
smb_config_get(smb_cfg_id_t id,char * cbuf,int bufsz)539 smb_config_get(smb_cfg_id_t id, char *cbuf, int bufsz)
540 {
541 smb_cfg_param_t *cfg;
542 int64_t cint;
543 int rc;
544
545 cfg = smb_config_getent(id);
546 switch (cfg->sc_type) {
547 case SCF_TYPE_ASTRING:
548 return (smb_config_getstr(id, cbuf, bufsz));
549
550 case SCF_TYPE_INTEGER:
551 rc = smb_config_getnum(id, &cint);
552 if (rc == SMBD_SMF_OK)
553 (void) snprintf(cbuf, bufsz, "%lld", cint);
554 return (rc);
555
556 case SCF_TYPE_BOOLEAN:
557 if (smb_config_getbool(id))
558 (void) strlcpy(cbuf, "true", bufsz);
559 else
560 (void) strlcpy(cbuf, "false", bufsz);
561 return (SMBD_SMF_OK);
562 }
563
564 return (SMBD_SMF_INVALID_ARG);
565 }
566
567 /*
568 * smb_config_setstr
569 *
570 * Set the specified config param with the given
571 * value.
572 */
573 int
smb_config_setstr(smb_cfg_id_t id,char * value)574 smb_config_setstr(smb_cfg_id_t id, char *value)
575 {
576 smb_scfhandle_t *handle;
577 smb_cfg_param_t *cfg;
578 int rc = SMBD_SMF_OK;
579 boolean_t protected;
580 char *tmp = NULL;
581 char *pg;
582
583 cfg = smb_config_getent(id);
584 assert(cfg->sc_type == SCF_TYPE_ASTRING);
585
586 if (id == SMB_CI_DOMAIN_SRV)
587 return (smb_config_set_idmap_preferred_dc(value));
588
589 protected = B_FALSE;
590
591 switch (cfg->sc_flags) {
592 case SMB_CF_PROTECTED:
593 protected = B_TRUE;
594 pg = SMBD_PROTECTED_PG_NAME;
595 break;
596 case SMB_CF_EXEC:
597 pg = SMBD_EXEC_PG_NAME;
598 break;
599 default:
600 pg = SMBD_PG_NAME;
601 break;
602 }
603
604 handle = smb_smf_scf_init(SMBD_FMRI_PREFIX);
605 if (handle == NULL)
606 return (SMBD_SMF_SYSTEM_ERR);
607
608 rc = smb_smf_create_service_pgroup(handle, pg);
609 if (rc == SMBD_SMF_OK)
610 rc = smb_smf_start_transaction(handle);
611
612 if (rc != SMBD_SMF_OK) {
613 smb_smf_scf_fini(handle);
614 return (rc);
615 }
616
617 if (protected && value && (*value != '\0')) {
618 if ((tmp = smb_base64_encode(value)) == NULL) {
619 (void) smb_smf_end_transaction(handle);
620 smb_smf_scf_fini(handle);
621 return (SMBD_SMF_NO_MEMORY);
622 }
623
624 value = tmp;
625 }
626
627 rc = smb_smf_set_string_property(handle, cfg->sc_name, value);
628
629 free(tmp);
630 (void) smb_smf_end_transaction(handle);
631 smb_smf_scf_fini(handle);
632 return (rc);
633 }
634
635 /*
636 * smb_config_setnum
637 *
638 * Sets a numeric configuration iterm
639 */
640 int
smb_config_setnum(smb_cfg_id_t id,int64_t value)641 smb_config_setnum(smb_cfg_id_t id, int64_t value)
642 {
643 smb_scfhandle_t *handle;
644 smb_cfg_param_t *cfg;
645 int rc = SMBD_SMF_OK;
646
647 cfg = smb_config_getent(id);
648 assert(cfg->sc_type == SCF_TYPE_INTEGER);
649
650 handle = smb_smf_scf_init(SMBD_FMRI_PREFIX);
651 if (handle == NULL)
652 return (SMBD_SMF_SYSTEM_ERR);
653
654 rc = smb_smf_create_service_pgroup(handle, SMBD_PG_NAME);
655 if (rc == SMBD_SMF_OK)
656 rc = smb_smf_start_transaction(handle);
657
658 if (rc != SMBD_SMF_OK) {
659 smb_smf_scf_fini(handle);
660 return (rc);
661 }
662
663 rc = smb_smf_set_integer_property(handle, cfg->sc_name, value);
664
665 (void) smb_smf_end_transaction(handle);
666 smb_smf_scf_fini(handle);
667 return (rc);
668 }
669
670 /*
671 * smb_config_setbool
672 *
673 * Sets a boolean configuration iterm
674 */
675 int
smb_config_setbool(smb_cfg_id_t id,boolean_t value)676 smb_config_setbool(smb_cfg_id_t id, boolean_t value)
677 {
678 smb_scfhandle_t *handle;
679 smb_cfg_param_t *cfg;
680 int rc = SMBD_SMF_OK;
681
682 cfg = smb_config_getent(id);
683 assert(cfg->sc_type == SCF_TYPE_BOOLEAN);
684
685 handle = smb_smf_scf_init(SMBD_FMRI_PREFIX);
686 if (handle == NULL)
687 return (SMBD_SMF_SYSTEM_ERR);
688
689 rc = smb_smf_create_service_pgroup(handle, SMBD_PG_NAME);
690 if (rc == SMBD_SMF_OK)
691 rc = smb_smf_start_transaction(handle);
692
693 if (rc != SMBD_SMF_OK) {
694 smb_smf_scf_fini(handle);
695 return (rc);
696 }
697
698 rc = smb_smf_set_boolean_property(handle, cfg->sc_name, value);
699
700 (void) smb_smf_end_transaction(handle);
701 smb_smf_scf_fini(handle);
702 return (rc);
703 }
704
705 /*
706 * smb_config_set
707 *
708 * This function sets the value of the specified config
709 * iterm regardless of its type in string format. This should
710 * be used when the config item type is not known by the caller.
711 */
712 int
smb_config_set(smb_cfg_id_t id,char * value)713 smb_config_set(smb_cfg_id_t id, char *value)
714 {
715 smb_cfg_param_t *cfg;
716 int64_t cint;
717
718 cfg = smb_config_getent(id);
719 switch (cfg->sc_type) {
720 case SCF_TYPE_ASTRING:
721 return (smb_config_setstr(id, value));
722
723 case SCF_TYPE_INTEGER:
724 cint = atoi(value);
725 return (smb_config_setnum(id, cint));
726
727 case SCF_TYPE_BOOLEAN:
728 return (smb_config_setbool(id, strcasecmp(value, "true") == 0));
729 }
730
731 return (SMBD_SMF_INVALID_ARG);
732 }
733
734 int
smb_config_get_debug()735 smb_config_get_debug()
736 {
737 int64_t val64;
738 int val = 0; /* default */
739 smb_scfhandle_t *handle = NULL;
740
741 handle = smb_smf_scf_init(SMBD_FMRI_PREFIX);
742 if (handle == NULL) {
743 return (val);
744 }
745
746 if (smb_smf_create_service_pgroup(handle,
747 SMBD_PG_NAME) != SMBD_SMF_OK) {
748 smb_smf_scf_fini(handle);
749 return (val);
750 }
751
752 if (smb_smf_get_integer_property(handle, "debug", &val64) != 0) {
753 smb_smf_scf_fini(handle);
754 return (val);
755 }
756 val = (int)val64;
757
758 smb_smf_scf_fini(handle);
759
760 return (val);
761 }
762
763 uint8_t
smb_config_get_fg_flag()764 smb_config_get_fg_flag()
765 {
766 uint8_t run_fg = 0; /* Default is to run in daemon mode */
767 smb_scfhandle_t *handle = NULL;
768
769 handle = smb_smf_scf_init(SMBD_FMRI_PREFIX);
770 if (handle == NULL) {
771 return (run_fg);
772 }
773
774 if (smb_smf_create_service_pgroup(handle,
775 SMBD_PG_NAME) != SMBD_SMF_OK) {
776 smb_smf_scf_fini(handle);
777 return (run_fg);
778 }
779
780 if (smb_smf_get_boolean_property(handle, "run_fg", &run_fg) != 0) {
781 smb_smf_scf_fini(handle);
782 return (run_fg);
783 }
784
785 smb_smf_scf_fini(handle);
786
787 return (run_fg);
788 }
789
790 /*
791 * smb_config_get_ads_enable
792 *
793 * Returns value of the "config/use_ads" parameter
794 * from the IDMAP SMF configuration repository.
795 *
796 */
797 boolean_t
smb_config_get_ads_enable(void)798 smb_config_get_ads_enable(void)
799 {
800 smb_scfhandle_t *handle = NULL;
801 uint8_t vbool;
802 int rc = 0;
803
804 handle = smb_smf_scf_init(IDMAP_FMRI_PREFIX);
805 if (handle == NULL)
806 return (B_FALSE);
807
808 rc = smb_smf_create_service_pgroup(handle, IDMAP_PG_NAME);
809 if (rc == SMBD_SMF_OK)
810 rc = smb_smf_get_boolean_property(handle, "use_ads", &vbool);
811 smb_smf_scf_fini(handle);
812
813 return ((rc == SMBD_SMF_OK) ? (vbool == 1) : B_TRUE);
814 }
815
816 /*
817 * smb_config_get_localsid
818 *
819 * Returns value of the "config/machine_sid" parameter
820 * from the IDMAP SMF configuration repository.
821 * Result is allocated; caller should free.
822 */
823 char *
smb_config_get_localsid(void)824 smb_config_get_localsid(void)
825 {
826 return (smb_config_getenv_generic(MACHINE_SID, IDMAP_FMRI_PREFIX,
827 IDMAP_PG_NAME));
828 }
829
830 /*
831 * smb_config_get_localuuid
832 *
833 * Returns value of the "config/machine_uuid" parameter
834 * from the IDMAP SMF configuration repository.
835 *
836 */
837 int
smb_config_get_localuuid(uuid_t uu)838 smb_config_get_localuuid(uuid_t uu)
839 {
840 char *s;
841
842 uuid_clear(uu);
843 s = smb_config_getenv_generic(MACHINE_UUID, IDMAP_FMRI_PREFIX,
844 IDMAP_PG_NAME);
845 if (s == NULL)
846 return (-1);
847
848 if (uuid_parse(s, uu) < 0) {
849 free(s);
850 return (-1);
851 }
852
853 return (0);
854 }
855
856 static int
smb_config_get_idmap_preferred_dc(char * cbuf,int bufsz)857 smb_config_get_idmap_preferred_dc(char *cbuf, int bufsz)
858 {
859 char *s;
860 int len, rc = -1;
861
862 s = smb_config_getenv_generic(IDMAP_PREF_DC,
863 IDMAP_FMRI_PREFIX, IDMAP_PG_NAME);
864 if (s != NULL) {
865 len = strlcpy(cbuf, s, bufsz);
866 if (len < bufsz)
867 rc = 0;
868 free(s);
869 }
870 return (rc);
871 }
872
873 static int
smb_config_set_idmap_preferred_dc(char * value)874 smb_config_set_idmap_preferred_dc(char *value)
875 {
876 return (smb_config_setenv_generic(IDMAP_FMRI_PREFIX, IDMAP_PG_NAME,
877 IDMAP_PREF_DC, value));
878 }
879
880 /*
881 * smb_config_set_idmap_domain
882 *
883 * Set the "config/domain_name" parameter from IDMAP SMF repository.
884 */
885 int
smb_config_set_idmap_domain(char * value)886 smb_config_set_idmap_domain(char *value)
887 {
888 return (smb_config_setenv_generic(IDMAP_FMRI_PREFIX, IDMAP_PG_NAME,
889 IDMAP_DOMAIN, value));
890 }
891
892 /*
893 * smb_config_refresh_idmap
894 *
895 * Refresh IDMAP SMF service after making changes to its configuration.
896 */
897 int
smb_config_refresh_idmap(void)898 smb_config_refresh_idmap(void)
899 {
900 char instance[32];
901
902 (void) snprintf(instance, sizeof (instance), "%s:default",
903 IDMAP_FMRI_PREFIX);
904 return (smf_refresh_instance(instance));
905 }
906
907 int
smb_config_secmode_fromstr(char * secmode)908 smb_config_secmode_fromstr(char *secmode)
909 {
910 if (secmode == NULL)
911 return (SMB_SECMODE_WORKGRP);
912
913 if (strcasecmp(secmode, SMB_SECMODE_DOMAIN_STR) == 0)
914 return (SMB_SECMODE_DOMAIN);
915
916 return (SMB_SECMODE_WORKGRP);
917 }
918
919 char *
smb_config_secmode_tostr(int secmode)920 smb_config_secmode_tostr(int secmode)
921 {
922 if (secmode == SMB_SECMODE_DOMAIN)
923 return (SMB_SECMODE_DOMAIN_STR);
924
925 return (SMB_SECMODE_WORKGRP_STR);
926 }
927
928 int
smb_config_get_secmode()929 smb_config_get_secmode()
930 {
931 char p[16];
932
933 (void) smb_config_getstr(SMB_CI_SECURITY, p, sizeof (p));
934 return (smb_config_secmode_fromstr(p));
935 }
936
937 int
smb_config_set_secmode(int secmode)938 smb_config_set_secmode(int secmode)
939 {
940 char *p;
941
942 p = smb_config_secmode_tostr(secmode);
943 return (smb_config_setstr(SMB_CI_SECURITY, p));
944 }
945
946 void
smb_config_getdomaininfo(char * domain,char * fqdn,char * sid,char * forest,char * guid)947 smb_config_getdomaininfo(char *domain, char *fqdn, char *sid, char *forest,
948 char *guid)
949 {
950 if (domain)
951 (void) smb_config_getstr(SMB_CI_DOMAIN_NAME, domain,
952 NETBIOS_NAME_SZ);
953
954 if (fqdn)
955 (void) smb_config_getstr(SMB_CI_DOMAIN_FQDN, fqdn,
956 MAXHOSTNAMELEN);
957
958 if (sid)
959 (void) smb_config_getstr(SMB_CI_DOMAIN_SID, sid,
960 SMB_SID_STRSZ);
961
962 if (forest)
963 (void) smb_config_getstr(SMB_CI_DOMAIN_FOREST, forest,
964 MAXHOSTNAMELEN);
965
966 if (guid)
967 (void) smb_config_getstr(SMB_CI_DOMAIN_GUID, guid,
968 UUID_PRINTABLE_STRING_LENGTH);
969 }
970
971 void
smb_config_setdomaininfo(char * domain,char * fqdn,char * sid,char * forest,char * guid)972 smb_config_setdomaininfo(char *domain, char *fqdn, char *sid, char *forest,
973 char *guid)
974 {
975 if (domain)
976 (void) smb_config_setstr(SMB_CI_DOMAIN_NAME, domain);
977 if (fqdn)
978 (void) smb_config_setstr(SMB_CI_DOMAIN_FQDN, fqdn);
979 if (sid)
980 (void) smb_config_setstr(SMB_CI_DOMAIN_SID, sid);
981 if (forest)
982 (void) smb_config_setstr(SMB_CI_DOMAIN_FOREST, forest);
983 if (guid)
984 (void) smb_config_setstr(SMB_CI_DOMAIN_GUID, guid);
985 }
986
987 /*
988 * The version stored in SMF in string format as N.N where
989 * N is a number defined by Microsoft. The first number represents
990 * the major version and the second number is the minor version.
991 * Current defined values can be found here in 'ver_table'.
992 *
993 * This function reads the SMF string value and converts it to
994 * two numbers returned in the given 'version' structure.
995 * Current default version number is 5.0 which is for Windows 2000.
996 */
997 void
smb_config_get_version(smb_version_t * version)998 smb_config_get_version(smb_version_t *version)
999 {
1000 smb_version_t tmpver;
1001 char verstr[SMB_VERSTR_LEN];
1002 char *p;
1003 int rc, i;
1004 static smb_version_t ver_table [] = {
1005 { 0, SMB_MAJOR_NT, SMB_MINOR_NT, 1381, 0 },
1006 { 0, SMB_MAJOR_2000, SMB_MINOR_2000, 2195, 0 },
1007 { 0, SMB_MAJOR_XP, SMB_MINOR_XP, 2196, 0 },
1008 { 0, SMB_MAJOR_2003, SMB_MINOR_2003, 2196, 0 },
1009 { 0, SMB_MAJOR_VISTA, SMB_MINOR_VISTA, 6000, 0 },
1010 { 0, SMB_MAJOR_2008, SMB_MINOR_2008, 6000, 0 },
1011 { 0, SMB_MAJOR_2008R2, SMB_MINOR_2008R2, 7007, 0 },
1012 { 0, SMB_MAJOR_7, SMB_MINOR_7, 7007, 0 }
1013 };
1014
1015 *version = ver_table[1];
1016 version->sv_size = sizeof (smb_version_t);
1017
1018 rc = smb_config_getstr(SMB_CI_VERSION, verstr, sizeof (verstr));
1019 if (rc != SMBD_SMF_OK)
1020 return;
1021
1022 if ((p = strchr(verstr, '.')) == NULL)
1023 return;
1024
1025 *p = '\0';
1026 tmpver.sv_major = (uint8_t)atoi(verstr);
1027 tmpver.sv_minor = (uint8_t)atoi(p + 1);
1028
1029 for (i = 0; i < sizeof (ver_table)/sizeof (ver_table[0]); ++i) {
1030 if ((tmpver.sv_major == ver_table[i].sv_major) &&
1031 (tmpver.sv_minor == ver_table[i].sv_minor)) {
1032 *version = ver_table[i];
1033 version->sv_size = sizeof (smb_version_t);
1034 break;
1035 }
1036 }
1037 }
1038
1039 /*
1040 * Reads share exec script properties
1041 */
1042 uint32_t
smb_config_get_execinfo(char * map,char * unmap,size_t bufsz)1043 smb_config_get_execinfo(char *map, char *unmap, size_t bufsz)
1044 {
1045 char buf[MAXPATHLEN];
1046 uint32_t flags = 0;
1047
1048 if (map == NULL) {
1049 map = buf;
1050 bufsz = MAXPATHLEN;
1051 }
1052
1053 *map = '\0';
1054 (void) smb_config_getstr(SMB_CI_MAP, map, bufsz);
1055 if (*map != '\0')
1056 flags |= SMB_EXEC_MAP;
1057
1058 if (unmap == NULL) {
1059 unmap = buf;
1060 bufsz = MAXPATHLEN;
1061 }
1062
1063 *unmap = '\0';
1064 (void) smb_config_getstr(SMB_CI_UNMAP, unmap, bufsz);
1065 if (*unmap != '\0')
1066 flags |= SMB_EXEC_UNMAP;
1067
1068 *buf = '\0';
1069 (void) smb_config_getstr(SMB_CI_DISPOSITION, buf, sizeof (buf));
1070 if (*buf != '\0')
1071 if (strcasecmp(buf, SMB_EXEC_DISP_TERMINATE) == 0)
1072 flags |= SMB_EXEC_TERM;
1073
1074 return (flags);
1075 }
1076
1077 static smb_cfg_param_t *
smb_config_getent(smb_cfg_id_t id)1078 smb_config_getent(smb_cfg_id_t id)
1079 {
1080 int i;
1081
1082 for (i = 0; i < SMB_CI_MAX; i++)
1083 if (smb_cfg_table[i].sc_id == id)
1084 return (&smb_cfg_table[id]);
1085
1086 assert(0);
1087 return (NULL);
1088 }
1089
1090
1091 /*
1092 * We store the max SMB protocol version in SMF as a string,
1093 * (for convenience of svccfg etc) but the programmatic get/set
1094 * interfaces use the numeric form.
1095 *
1096 * The numeric values are as defined in the [MS-SMB2] spec.
1097 * except for how we represent "1" (for SMB1) which is an
1098 * arbitrary value below SMB2_VERS_BASE.
1099 */
1100 static struct str_val
1101 smb_versions[] = {
1102 { "3.0", SMB_VERS_3_0 },
1103 { "2.1", SMB_VERS_2_1 },
1104 { "2.002", SMB_VERS_2_002 },
1105 { "1", SMB_VERS_1 },
1106 { NULL, 0 }
1107 };
1108
1109 /*
1110 * This really should be the latest (SMB_VERS_3_0)
1111 * but we're being cautious with SMB3 for a while.
1112 */
1113 uint32_t max_protocol_default = SMB_VERS_2_1;
1114
1115 uint32_t
smb_config_get_max_protocol(void)1116 smb_config_get_max_protocol(void)
1117 {
1118 char str[SMB_VERSTR_LEN];
1119 int i, rc;
1120
1121 rc = smb_config_getstr(SMB_CI_MAX_PROTOCOL, str, sizeof (str));
1122 if (rc == SMBD_SMF_OK) {
1123 for (i = 0; smb_versions[i].str != NULL; i++) {
1124 if (strcmp(str, smb_versions[i].str) == 0)
1125 return (smb_versions[i].val);
1126 }
1127 if (str[0] != '\0') {
1128 syslog(LOG_ERR, "smbd/max_protocol value invalid");
1129 }
1130 }
1131
1132 return (max_protocol_default);
1133 }
1134
1135 int
smb_config_check_protocol(char * value)1136 smb_config_check_protocol(char *value)
1137 {
1138 int i;
1139
1140 for (i = 0; smb_versions[i].str != NULL; i++) {
1141 if (strcmp(value, smb_versions[i].str) == 0)
1142 return (0);
1143 }
1144
1145 return (-1);
1146 }
1147
1148 /*
1149 * If smb2_enable is present and max_protocol is empty,
1150 * set max_protocol. Delete smb2_enable.
1151 */
1152 static void
upgrade_smb2_enable()1153 upgrade_smb2_enable()
1154 {
1155 smb_scfhandle_t *handle;
1156 char *s2e_name = "smb2_enable";
1157 char *s2e_sval;
1158 uint8_t s2e_bval;
1159 char *maxp_name = "max_protocol";
1160 char *maxp_sval;
1161 char verstr[SMB_VERSTR_LEN];
1162 int rc;
1163
1164 handle = smb_smf_scf_init(SMBD_FMRI_PREFIX);
1165 if (handle == NULL)
1166 return;
1167 rc = smb_smf_create_service_pgroup(handle, SMBD_PG_NAME);
1168 if (rc != SMBD_SMF_OK)
1169 goto out;
1170
1171 /* Is there an "smb2_enable" property? */
1172 rc = smb_smf_get_boolean_property(handle, s2e_name, &s2e_bval);
1173 if (rc != SMBD_SMF_OK) {
1174 syslog(LOG_DEBUG, "upgrade: smb2_enable not found");
1175 goto out;
1176 }
1177
1178 /*
1179 * We will try to delete the smb2_enable property, so we need
1180 * the transaction to start now, before we modify max_protocol
1181 */
1182 if ((rc = smb_smf_start_transaction(handle)) != 0) {
1183 syslog(LOG_DEBUG, "upgrade_smb2_enable: start trans (%d)", rc);
1184 goto out;
1185 }
1186
1187 /*
1188 * Old (smb2_enable) property exists.
1189 * Does the new one? (max_protocol)
1190 */
1191 rc = smb_smf_get_string_property(handle, maxp_name,
1192 verstr, sizeof (verstr));
1193 if (rc == SMBD_SMF_OK && !smb_config_check_protocol(verstr)) {
1194 syslog(LOG_DEBUG, "upgrade: found %s = %s",
1195 maxp_name, verstr);
1196 /* Leave existing max_protocol as we found it. */
1197 } else {
1198 /*
1199 * New property missing or invalid.
1200 * Upgrade from "smb2_enable".
1201 */
1202 if (s2e_bval == 0) {
1203 s2e_sval = "false";
1204 maxp_sval = "1";
1205 } else {
1206 s2e_sval = "true";
1207 maxp_sval = "2.1";
1208 }
1209 /*
1210 * Note: Need this in the same transaction as the
1211 * delete of smb2_enable below.
1212 */
1213 rc = smb_smf_set_string_property(handle, maxp_name, maxp_sval);
1214 if (rc != SMBD_SMF_OK) {
1215 syslog(LOG_ERR, "failed to set smbd/%d (%d)",
1216 maxp_name, rc);
1217 goto out;
1218 }
1219 syslog(LOG_INFO, "upgrade smbd/smb2_enable=%s "
1220 "converted to smbd/max_protocol=%s",
1221 s2e_sval, maxp_sval);
1222 }
1223
1224 /*
1225 * Delete the old smb2_enable property.
1226 */
1227 if ((rc = smb_smf_delete_property(handle, s2e_name)) != 0) {
1228 syslog(LOG_DEBUG, "upgrade_smb2_enable: delete prop (%d)", rc);
1229 } else if ((rc = smb_smf_end_transaction(handle)) != 0) {
1230 syslog(LOG_DEBUG, "upgrade_smb2_enable: end trans (%d)", rc);
1231 }
1232 if (rc != 0) {
1233 syslog(LOG_ERR, "failed to delete property smbd/%d (%d)",
1234 s2e_name, rc);
1235 }
1236
1237 out:
1238 (void) smb_smf_end_transaction(handle);
1239 smb_smf_scf_fini(handle);
1240 }
1241
1242
1243 /*
1244 * Run once at startup convert old SMF settings to current.
1245 */
1246 void
smb_config_upgrade(void)1247 smb_config_upgrade(void)
1248 {
1249 upgrade_smb2_enable();
1250 }
1251