1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
24 */
25
26 #include <assert.h>
27 #include <syslog.h>
28 #include <door.h>
29 #include <fcntl.h>
30 #include <string.h>
31 #include <strings.h>
32 #include <stdlib.h>
33 #include <unistd.h>
34 #include <errno.h>
35 #include <sys/mman.h>
36 #include <smbsrv/libsmb.h>
37 #include <smbsrv/wintypes.h>
38 #include <smbsrv/smb_door.h>
39
40 static int smb_door_call(uint32_t, void *, xdrproc_t, void *, xdrproc_t);
41 static int smb_door_call_private(int, smb_doorarg_t *);
42 static int smb_door_encode(smb_doorarg_t *, uint32_t);
43 static int smb_door_decode(smb_doorarg_t *);
44 static void smb_door_sethdr(smb_doorhdr_t *, uint32_t, uint32_t);
45 static boolean_t smb_door_chkhdr(smb_doorarg_t *, smb_doorhdr_t *);
46 static void smb_door_free(door_arg_t *arg);
47
48 /*
49 * Given a SID, make a door call to get the associated name.
50 *
51 * Returns 0 if the door call is successful, otherwise -1.
52 *
53 * If 0 is returned, the lookup result will be available in a_status.
54 * NT_STATUS_SUCCESS The SID was mapped to a name.
55 * NT_STATUS_NONE_MAPPED The SID could not be mapped to a name.
56 */
57 int
smb_lookup_sid(const char * sid,lsa_account_t * acct)58 smb_lookup_sid(const char *sid, lsa_account_t *acct)
59 {
60 int rc;
61
62 assert((sid != NULL) && (acct != NULL));
63
64 bzero(acct, sizeof (lsa_account_t));
65 (void) strlcpy(acct->a_sid, sid, SMB_SID_STRSZ);
66
67 rc = smb_door_call(SMB_DR_LOOKUP_SID, acct, lsa_account_xdr,
68 acct, lsa_account_xdr);
69
70 if (rc != 0)
71 syslog(LOG_DEBUG, "smb_lookup_sid: %m");
72 return (rc);
73 }
74
75 /*
76 * Given a name, make a door call to get the associated SID.
77 *
78 * Returns 0 if the door call is successful, otherwise -1.
79 *
80 * If 0 is returned, the lookup result will be available in a_status.
81 * NT_STATUS_SUCCESS The name was mapped to a SID.
82 * NT_STATUS_NONE_MAPPED The name could not be mapped to a SID.
83 */
84 int
smb_lookup_name(const char * name,sid_type_t sidtype,lsa_account_t * acct)85 smb_lookup_name(const char *name, sid_type_t sidtype, lsa_account_t *acct)
86 {
87 char tmp[MAXNAMELEN];
88 char *dp = NULL;
89 char *np = NULL;
90 int rc;
91
92 assert((name != NULL) && (acct != NULL));
93
94 (void) strlcpy(tmp, name, MAXNAMELEN);
95 smb_name_parse(tmp, &np, &dp);
96
97 bzero(acct, sizeof (lsa_account_t));
98 acct->a_sidtype = sidtype;
99
100 if (dp != NULL && np != NULL) {
101 (void) strlcpy(acct->a_domain, dp, MAXNAMELEN);
102 (void) strlcpy(acct->a_name, np, MAXNAMELEN);
103 } else {
104 (void) strlcpy(acct->a_name, name, MAXNAMELEN);
105 }
106
107 rc = smb_door_call(SMB_DR_LOOKUP_NAME, acct, lsa_account_xdr,
108 acct, lsa_account_xdr);
109
110 if (rc != 0)
111 syslog(LOG_DEBUG, "smb_lookup_name: %m");
112 return (rc);
113 }
114
115 uint32_t
smb_join(smb_joininfo_t * jdi)116 smb_join(smb_joininfo_t *jdi)
117 {
118 uint32_t status;
119 int rc;
120
121 if (jdi == NULL)
122 return (NT_STATUS_INVALID_PARAMETER);
123
124 rc = smb_door_call(SMB_DR_JOIN, jdi, smb_joininfo_xdr,
125 &status, xdr_uint32_t);
126
127 if (rc != 0) {
128 /*
129 * This usually means the SMB service is not running.
130 */
131 syslog(LOG_DEBUG, "smb_join: %m");
132 status = NT_STATUS_SERVER_DISABLED;
133 }
134
135 return (status);
136 }
137
138 /*
139 * Get information about the Domain Controller in the joined resource domain.
140 *
141 * Returns NT status codes.
142 */
143 uint32_t
smb_get_dcinfo(char * namebuf,uint32_t namebuflen,smb_inaddr_t * ipaddr)144 smb_get_dcinfo(char *namebuf, uint32_t namebuflen, smb_inaddr_t *ipaddr)
145 {
146 smb_string_t dcname;
147 struct hostent *h;
148 int rc;
149
150 assert((namebuf != NULL) && (namebuflen != 0));
151 *namebuf = '\0';
152 bzero(&dcname, sizeof (smb_string_t));
153
154 rc = smb_door_call(SMB_DR_GET_DCINFO, NULL, NULL,
155 &dcname, smb_string_xdr);
156
157 if (rc != 0) {
158 syslog(LOG_DEBUG, "smb_get_dcinfo: %m");
159 if (dcname.buf)
160 xdr_free(smb_string_xdr, (char *)&dcname);
161 return (NT_STATUS_INTERNAL_ERROR);
162 }
163
164 if (dcname.buf) {
165 (void) strlcpy(namebuf, dcname.buf, namebuflen);
166
167 if ((h = smb_gethostbyname(dcname.buf, &rc)) == NULL) {
168 bzero(ipaddr, sizeof (smb_inaddr_t));
169 } else {
170 (void) memcpy(ipaddr, h->h_addr, h->h_length);
171 ipaddr->a_family = h->h_addrtype;
172 freehostent(h);
173 }
174 xdr_free(smb_string_xdr, (char *)&dcname);
175 }
176
177 return (NT_STATUS_SUCCESS);
178 }
179
180 bool_t
smb_joininfo_xdr(XDR * xdrs,smb_joininfo_t * objp)181 smb_joininfo_xdr(XDR *xdrs, smb_joininfo_t *objp)
182 {
183 if (!xdr_vector(xdrs, (char *)objp->domain_name, MAXHOSTNAMELEN,
184 sizeof (char), (xdrproc_t)xdr_char))
185 return (FALSE);
186
187 if (!xdr_vector(xdrs, (char *)objp->domain_username,
188 SMB_USERNAME_MAXLEN + 1, sizeof (char), (xdrproc_t)xdr_char))
189 return (FALSE);
190
191 if (!xdr_vector(xdrs, (char *)objp->domain_passwd,
192 SMB_PASSWD_MAXLEN + 1, sizeof (char), (xdrproc_t)xdr_char))
193 return (FALSE);
194
195 if (!xdr_uint32_t(xdrs, &objp->mode))
196 return (FALSE);
197
198 return (TRUE);
199 }
200
201 /*
202 * Parameters:
203 * fqdn (input) - fully-qualified domain name
204 * buf (output) - fully-qualified hostname of the AD server found
205 * by this function.
206 * buflen (input) - length of the 'buf'
207 *
208 * Return:
209 * B_TRUE if an AD server is found. Otherwise, returns B_FALSE;
210 *
211 * The buffer passed in should be big enough to hold a fully-qualified
212 * hostname (MAXHOSTNAMELEN); otherwise, a truncated string will be
213 * returned. On error, an empty string will be returned.
214 */
215 boolean_t
smb_find_ads_server(char * fqdn,char * buf,int buflen)216 smb_find_ads_server(char *fqdn, char *buf, int buflen)
217 {
218 smb_string_t server;
219 smb_string_t domain;
220 boolean_t found = B_FALSE;
221 int rc;
222
223 if (fqdn == NULL || buf == NULL) {
224 if (buf)
225 *buf = '\0';
226 return (B_FALSE);
227 }
228
229 bzero(&server, sizeof (smb_string_t));
230 *buf = '\0';
231
232 domain.buf = fqdn;
233
234 rc = smb_door_call(SMB_DR_ADS_FIND_HOST, &domain, smb_string_xdr,
235 &server, smb_string_xdr);
236
237 if (rc != 0)
238 syslog(LOG_DEBUG, "smb_find_ads_server: %m");
239
240 if (server.buf != NULL) {
241 if (*server.buf != '\0') {
242 (void) strlcpy(buf, server.buf, buflen);
243 found = B_TRUE;
244 }
245
246 xdr_free(smb_string_xdr, (char *)&server);
247 }
248
249 return (found);
250 }
251
252 /*
253 * After a successful door call the local door_arg->data_ptr is assigned
254 * to the caller's arg->rbuf so that arg has references to both input and
255 * response buffers, which is required by smb_door_free.
256 *
257 * On success, the object referenced by rsp_data will have been populated
258 * by passing rbuf through the rsp_xdr function.
259 */
260 static int
smb_door_call(uint32_t cmd,void * req_data,xdrproc_t req_xdr,void * rsp_data,xdrproc_t rsp_xdr)261 smb_door_call(uint32_t cmd, void *req_data, xdrproc_t req_xdr,
262 void *rsp_data, xdrproc_t rsp_xdr)
263 {
264 smb_doorarg_t da;
265 int fd;
266 int rc;
267 char *door_name;
268
269 bzero(&da, sizeof (smb_doorarg_t));
270 da.da_opcode = cmd;
271 da.da_opname = smb_doorhdr_opname(cmd);
272 da.da_req_xdr = req_xdr;
273 da.da_rsp_xdr = rsp_xdr;
274 da.da_req_data = req_data;
275 da.da_rsp_data = rsp_data;
276
277 if ((req_data == NULL && req_xdr != NULL) ||
278 (rsp_data == NULL && rsp_xdr != NULL)) {
279 errno = EINVAL;
280 syslog(LOG_DEBUG, "smb_door_call[%s]: %m", da.da_opname);
281 return (-1);
282 }
283
284 door_name = getenv("SMBD_DOOR_NAME");
285 if (door_name == NULL)
286 door_name = SMBD_DOOR_NAME;
287
288 if ((fd = open(door_name, O_RDONLY)) < 0) {
289 syslog(LOG_DEBUG, "smb_door_call[%s]: %m", da.da_opname);
290 return (-1);
291 }
292
293 if (smb_door_encode(&da, cmd) != 0) {
294 syslog(LOG_DEBUG, "smb_door_call[%s]: %m", da.da_opname);
295 (void) close(fd);
296 return (-1);
297 }
298
299 if (smb_door_call_private(fd, &da) != 0) {
300 syslog(LOG_DEBUG, "smb_door_call[%s]: %m", da.da_opname);
301 smb_door_free(&da.da_arg);
302 (void) close(fd);
303 return (-1);
304 }
305
306 if ((rc = smb_door_decode(&da)) != 0)
307 syslog(LOG_DEBUG, "smb_door_call[%s]: %m", da.da_opname);
308 smb_door_free(&da.da_arg);
309 (void) close(fd);
310 return (rc);
311 }
312
313 /*
314 * We use a copy of the door arg because doorfs may change data_ptr
315 * and we want to detect that when freeing the door buffers. After
316 * this call, response data must be referenced via rbuf and rsize.
317 */
318 static int
smb_door_call_private(int fd,smb_doorarg_t * da)319 smb_door_call_private(int fd, smb_doorarg_t *da)
320 {
321 door_arg_t door_arg;
322 int rc;
323 int i;
324
325 bcopy(&da->da_arg, &door_arg, sizeof (door_arg_t));
326
327 for (i = 0; i < SMB_DOOR_CALL_RETRIES; ++i) {
328 errno = 0;
329
330 if ((rc = door_call(fd, &door_arg)) == 0)
331 break;
332
333 if (errno != EAGAIN && errno != EINTR)
334 return (-1);
335 }
336
337 if (rc != 0 || door_arg.data_size == 0 || door_arg.rsize == 0) {
338 if (errno == 0)
339 errno = EIO;
340 return (-1);
341 }
342
343 da->da_arg.rbuf = door_arg.data_ptr;
344 da->da_arg.rsize = door_arg.rsize;
345 return (rc);
346 }
347
348 static int
smb_door_encode(smb_doorarg_t * da,uint32_t cmd)349 smb_door_encode(smb_doorarg_t *da, uint32_t cmd)
350 {
351 XDR xdrs;
352 char *buf;
353 uint32_t buflen;
354
355 buflen = xdr_sizeof(smb_doorhdr_xdr, &da->da_hdr);
356 if (da->da_req_xdr != NULL)
357 buflen += xdr_sizeof(da->da_req_xdr, da->da_req_data);
358
359 smb_door_sethdr(&da->da_hdr, cmd, buflen);
360
361 if ((buf = malloc(buflen)) == NULL)
362 return (-1);
363
364 xdrmem_create(&xdrs, buf, buflen, XDR_ENCODE);
365
366 if (!smb_doorhdr_xdr(&xdrs, &da->da_hdr)) {
367 errno = EPROTO;
368 free(buf);
369 xdr_destroy(&xdrs);
370 return (-1);
371 }
372
373 if (da->da_req_xdr != NULL) {
374 if (!da->da_req_xdr(&xdrs, da->da_req_data)) {
375 errno = EPROTO;
376 free(buf);
377 xdr_destroy(&xdrs);
378 return (-1);
379 }
380 }
381
382 da->da_arg.data_ptr = buf;
383 da->da_arg.data_size = buflen;
384 da->da_arg.desc_ptr = NULL;
385 da->da_arg.desc_num = 0;
386 da->da_arg.rbuf = buf;
387 da->da_arg.rsize = buflen;
388
389 xdr_destroy(&xdrs);
390 return (0);
391 }
392
393 /*
394 * Decode the response in rbuf and rsize.
395 */
396 static int
smb_door_decode(smb_doorarg_t * da)397 smb_door_decode(smb_doorarg_t *da)
398 {
399 XDR xdrs;
400 smb_doorhdr_t hdr;
401 char *rbuf = da->da_arg.rbuf;
402 uint32_t rsize = da->da_arg.rsize;
403
404 if (rbuf == NULL || rsize == 0) {
405 errno = EINVAL;
406 return (-1);
407 }
408
409 xdrmem_create(&xdrs, rbuf, rsize, XDR_DECODE);
410
411 if (!smb_doorhdr_xdr(&xdrs, &hdr)) {
412 errno = EPROTO;
413 xdr_destroy(&xdrs);
414 return (-1);
415 }
416
417 if (!smb_door_chkhdr(da, &hdr)) {
418 errno = EPROTO;
419 xdr_destroy(&xdrs);
420 return (-1);
421 }
422
423 if (da->da_rsp_xdr != NULL) {
424 if (!da->da_rsp_xdr(&xdrs, da->da_rsp_data)) {
425 errno = EPROTO;
426 xdr_destroy(&xdrs);
427 return (-1);
428 }
429 }
430
431 xdr_destroy(&xdrs);
432 return (0);
433 }
434
435 static void
smb_door_sethdr(smb_doorhdr_t * hdr,uint32_t cmd,uint32_t datalen)436 smb_door_sethdr(smb_doorhdr_t *hdr, uint32_t cmd, uint32_t datalen)
437 {
438 bzero(hdr, sizeof (smb_doorhdr_t));
439 hdr->dh_magic = SMB_DOOR_HDR_MAGIC;
440 hdr->dh_flags = SMB_DF_USERSPACE;
441 hdr->dh_op = cmd;
442 hdr->dh_txid = smb_get_txid();
443 hdr->dh_datalen = datalen;
444 hdr->dh_door_rc = SMB_DOP_NOT_CALLED;
445 }
446
447 static boolean_t
smb_door_chkhdr(smb_doorarg_t * da,smb_doorhdr_t * hdr)448 smb_door_chkhdr(smb_doorarg_t *da, smb_doorhdr_t *hdr)
449 {
450 if ((hdr->dh_magic != SMB_DOOR_HDR_MAGIC) ||
451 (hdr->dh_op != da->da_hdr.dh_op) ||
452 (hdr->dh_txid != da->da_hdr.dh_txid)) {
453 syslog(LOG_DEBUG, "smb_door_chkhdr[%s]: invalid header",
454 da->da_opname);
455 return (B_FALSE);
456 }
457
458 if (hdr->dh_door_rc != SMB_DOP_SUCCESS) {
459 syslog(LOG_DEBUG, "smb_door_chkhdr[%s]: call status=%d",
460 da->da_opname, hdr->dh_door_rc);
461 return (B_FALSE);
462 }
463
464 return (B_TRUE);
465 }
466
467 /*
468 * Free resources allocated for a door call. If the result buffer provided
469 * by the client is too small, doorfs will have allocated a new buffer,
470 * which must be unmapped here.
471 *
472 * This function must be called to free both the argument and result door
473 * buffers regardless of the status of the door call.
474 */
475 static void
smb_door_free(door_arg_t * arg)476 smb_door_free(door_arg_t *arg)
477 {
478 if (arg->rbuf && (arg->rbuf != arg->data_ptr))
479 (void) munmap(arg->rbuf, arg->rsize);
480
481 free(arg->data_ptr);
482 }
483