1da6c28aaSamw /*
2da6c28aaSamw * CDDL HEADER START
3da6c28aaSamw *
4da6c28aaSamw * The contents of this file are subject to the terms of the
5da6c28aaSamw * Common Development and Distribution License (the "License").
6da6c28aaSamw * You may not use this file except in compliance with the License.
7da6c28aaSamw *
8da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9da6c28aaSamw * or http://www.opensolaris.org/os/licensing.
10da6c28aaSamw * See the License for the specific language governing permissions
11da6c28aaSamw * and limitations under the License.
12da6c28aaSamw *
13da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each
14da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the
16da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying
17da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner]
18da6c28aaSamw *
19da6c28aaSamw * CDDL HEADER END
20da6c28aaSamw */
21da6c28aaSamw /*
22c5866007SKeyur Desai * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23*ba5ca684SMatt Barden * Copyright 2022 Tintri by DDN, Inc. All rights reserved.
24da6c28aaSamw */
25da6c28aaSamw
26da6c28aaSamw #include <sys/types.h>
27da6c28aaSamw #include <errno.h>
28da6c28aaSamw #include <synch.h>
29da6c28aaSamw #include <stdio.h>
30da6c28aaSamw #include <stdlib.h>
31da6c28aaSamw #include <unistd.h>
32da6c28aaSamw #include <string.h>
33da6c28aaSamw #include <strings.h>
34da6c28aaSamw #include <syslog.h>
35da6c28aaSamw #include <fcntl.h>
36da6c28aaSamw #include <bsm/adt.h>
37da6c28aaSamw #include <bsm/adt_event.h>
38da6c28aaSamw #include <bsm/audit_uevents.h>
39c5866007SKeyur Desai #include <pwd.h>
40c5866007SKeyur Desai #include <nss_dbdefs.h>
41c5866007SKeyur Desai #include <sys/idmap.h>
42da6c28aaSamw #include "smbd.h"
43da6c28aaSamw
44da6c28aaSamw
45da6c28aaSamw /*
46da6c28aaSamw * An audit session is established at user logon and terminated at user
47da6c28aaSamw * logoff.
48da6c28aaSamw *
49da6c28aaSamw * SMB audit handles are allocated when users logon (SmbSessionSetupX)
50da6c28aaSamw * and deallocted when a user logs off (SmbLogoffX). Each time an SMB
51da6c28aaSamw * audit handle is allocated it is added to a global list.
52da6c28aaSamw */
53da6c28aaSamw typedef struct smb_audit {
54da6c28aaSamw struct smb_audit *sa_next;
55da6c28aaSamw adt_session_data_t *sa_handle;
56da6c28aaSamw uid_t sa_uid;
57da6c28aaSamw gid_t sa_gid;
58da6c28aaSamw uint32_t sa_audit_sid;
59da6c28aaSamw uint32_t sa_refcnt;
60da6c28aaSamw char *sa_domain;
61da6c28aaSamw char *sa_username;
62da6c28aaSamw } smb_audit_t;
63da6c28aaSamw
64da6c28aaSamw static smb_audit_t *smbd_audit_list;
65da6c28aaSamw static mutex_t smbd_audit_lock;
66da6c28aaSamw
67da6c28aaSamw /*
68da6c28aaSamw * Unique identifier for audit sessions in the audit list.
69da6c28aaSamw * Used to lookup an audit session on logoff.
70da6c28aaSamw */
71da6c28aaSamw static uint32_t smbd_audit_sid;
72da6c28aaSamw
73da6c28aaSamw static void smbd_audit_link(smb_audit_t *);
74da6c28aaSamw static smb_audit_t *smbd_audit_unlink(uint32_t);
75da6c28aaSamw
76da6c28aaSamw
77da6c28aaSamw /*
78da6c28aaSamw * Invoked at user logon due to SmbSessionSetupX. Authenticate the
79*ba5ca684SMatt Barden * user.
80975041ddSGordon Ross *
81*ba5ca684SMatt Barden * On error, returns NULL, and status in user_info->lg_status.
82*ba5ca684SMatt Barden *
83*ba5ca684SMatt Barden * Equivalent to smbd_krb5ssp_work().
84da6c28aaSamw */
85da6c28aaSamw smb_token_t *
smbd_user_auth_logon(smb_logon_t * user_info)869fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smbd_user_auth_logon(smb_logon_t *user_info)
87da6c28aaSamw {
88437d9da7SMatt Barden smb_token_t *token = NULL;
8912b65585SGordon Ross smb_logon_t tmp_user;
90437d9da7SMatt Barden char *p;
91437d9da7SMatt Barden char *buf = NULL;
92da6c28aaSamw
9312b65585SGordon Ross if (user_info->lg_username == NULL ||
9412b65585SGordon Ross user_info->lg_domain == NULL ||
9512b65585SGordon Ross user_info->lg_workstation == NULL) {
96975041ddSGordon Ross user_info->lg_status = NT_STATUS_INVALID_PARAMETER;
9712b65585SGordon Ross return (NULL);
9812b65585SGordon Ross }
9912b65585SGordon Ross
100975041ddSGordon Ross /*
101975041ddSGordon Ross * Avoid modifying the caller-provided struct because it
102975041ddSGordon Ross * may or may not point to allocated strings etc.
103975041ddSGordon Ross * Copy to tmp_user, auth, then copy the (out) lg_status
104975041ddSGordon Ross * member back to the caller-provided struct.
105975041ddSGordon Ross */
10612b65585SGordon Ross tmp_user = *user_info;
10712b65585SGordon Ross if (tmp_user.lg_username[0] == '\0') {
10812b65585SGordon Ross tmp_user.lg_flags |= SMB_ATF_ANON;
10912b65585SGordon Ross tmp_user.lg_e_username = "anonymous";
11012b65585SGordon Ross } else {
11112b65585SGordon Ross tmp_user.lg_e_username = tmp_user.lg_username;
11212b65585SGordon Ross }
113437d9da7SMatt Barden
114437d9da7SMatt Barden /* Handle user@domain format. */
115437d9da7SMatt Barden if (tmp_user.lg_domain[0] == '\0' &&
116437d9da7SMatt Barden (p = strchr(tmp_user.lg_e_username, '@')) != NULL) {
117437d9da7SMatt Barden buf = strdup(tmp_user.lg_e_username);
118*ba5ca684SMatt Barden if (buf == NULL) {
119*ba5ca684SMatt Barden user_info->lg_status = NT_STATUS_NO_MEMORY;
120*ba5ca684SMatt Barden return (NULL);
121*ba5ca684SMatt Barden }
122437d9da7SMatt Barden p = buf + (p - tmp_user.lg_e_username);
123437d9da7SMatt Barden *p = '\0';
124437d9da7SMatt Barden tmp_user.lg_e_domain = p + 1;
125437d9da7SMatt Barden tmp_user.lg_e_username = buf;
126437d9da7SMatt Barden } else {
12712b65585SGordon Ross tmp_user.lg_e_domain = tmp_user.lg_domain;
128437d9da7SMatt Barden }
12912b65585SGordon Ross
130975041ddSGordon Ross token = smb_logon(&tmp_user);
131*ba5ca684SMatt Barden
132*ba5ca684SMatt Barden if (token == NULL && tmp_user.lg_status == 0) /* should not happen */
133*ba5ca684SMatt Barden user_info->lg_status = NT_STATUS_INTERNAL_ERROR;
134*ba5ca684SMatt Barden else
135975041ddSGordon Ross user_info->lg_status = tmp_user.lg_status;
136975041ddSGordon Ross
137*ba5ca684SMatt Barden user_info->lg_status = smbd_logon_final(token,
138*ba5ca684SMatt Barden &user_info->lg_clnt_ipaddr, tmp_user.lg_e_username,
139*ba5ca684SMatt Barden tmp_user.lg_e_domain, user_info->lg_status);
140*ba5ca684SMatt Barden
141*ba5ca684SMatt Barden free(buf);
142*ba5ca684SMatt Barden
143*ba5ca684SMatt Barden if (user_info->lg_status != 0) {
144*ba5ca684SMatt Barden smb_token_destroy(token);
145*ba5ca684SMatt Barden token = NULL;
146*ba5ca684SMatt Barden }
147*ba5ca684SMatt Barden return (token);
148*ba5ca684SMatt Barden }
149*ba5ca684SMatt Barden
150*ba5ca684SMatt Barden /* Start an audit session and audit the event. */
151*ba5ca684SMatt Barden static boolean_t
smbd_logon_audit(smb_token_t * token,smb_inaddr_t * ipaddr,char * username,char * domain)152*ba5ca684SMatt Barden smbd_logon_audit(smb_token_t *token, smb_inaddr_t *ipaddr, char *username,
153*ba5ca684SMatt Barden char *domain)
154*ba5ca684SMatt Barden {
155*ba5ca684SMatt Barden smb_audit_t *entry;
156*ba5ca684SMatt Barden adt_session_data_t *ah = NULL;
157*ba5ca684SMatt Barden adt_event_data_t *event;
158*ba5ca684SMatt Barden au_tid_addr_t termid;
159*ba5ca684SMatt Barden char sidbuf[SMB_SID_STRSZ];
160*ba5ca684SMatt Barden uid_t uid;
161*ba5ca684SMatt Barden gid_t gid;
162*ba5ca684SMatt Barden char *sid;
163*ba5ca684SMatt Barden int status;
164*ba5ca684SMatt Barden int retval;
165*ba5ca684SMatt Barden
166*ba5ca684SMatt Barden assert(username != NULL);
167*ba5ca684SMatt Barden assert(domain != NULL);
168*ba5ca684SMatt Barden
169975041ddSGordon Ross if (token == NULL) {
170da6c28aaSamw uid = ADT_NO_ATTRIB;
171da6c28aaSamw gid = ADT_NO_ATTRIB;
1726537f381Sas200622 sid = NT_NULL_SIDSTR;
173*ba5ca684SMatt Barden /* use the 'default' username and domain we were given */
174da6c28aaSamw status = ADT_FAILURE;
175da6c28aaSamw retval = ADT_FAIL_VALUE_AUTH;
176da6c28aaSamw } else {
1777f667e74Sjose borrego uid = token->tkn_user.i_id;
1787f667e74Sjose borrego gid = token->tkn_primary_grp.i_id;
1797f667e74Sjose borrego smb_sid_tostr(token->tkn_user.i_sid, sidbuf);
1806537f381Sas200622 sid = sidbuf;
1817f667e74Sjose borrego username = token->tkn_account_name;
1827f667e74Sjose borrego domain = token->tkn_domain_name;
183da6c28aaSamw status = ADT_SUCCESS;
184da6c28aaSamw retval = ADT_SUCCESS;
185da6c28aaSamw }
186da6c28aaSamw
187da6c28aaSamw if (adt_start_session(&ah, NULL, 0)) {
188da6c28aaSamw syslog(LOG_AUTH | LOG_ALERT, "adt_start_session: %m");
189437d9da7SMatt Barden goto errout;
190da6c28aaSamw }
191da6c28aaSamw
192da6c28aaSamw if ((event = adt_alloc_event(ah, ADT_smbd_session)) == NULL) {
193da6c28aaSamw syslog(LOG_AUTH | LOG_ALERT,
194da6c28aaSamw "adt_alloc_event(ADT_smbd_session): %m");
195437d9da7SMatt Barden goto errout;
196da6c28aaSamw }
197da6c28aaSamw
198da6c28aaSamw (void) memset(&termid, 0, sizeof (au_tid_addr_t));
199*ba5ca684SMatt Barden termid.at_port = IPPORT_SMB;
2007f667e74Sjose borrego
201*ba5ca684SMatt Barden if (ipaddr->a_family == AF_INET) {
202*ba5ca684SMatt Barden termid.at_addr[0] = ipaddr->a_ipv4;
203da6c28aaSamw termid.at_type = AU_IPv4;
2047f667e74Sjose borrego } else {
205*ba5ca684SMatt Barden bcopy(&ipaddr->a_ip, termid.at_addr,
206b819cea2SGordon Ross sizeof (in6_addr_t));
2077f667e74Sjose borrego termid.at_type = AU_IPv6;
2087f667e74Sjose borrego }
209da6c28aaSamw adt_set_termid(ah, &termid);
210da6c28aaSamw
211da6c28aaSamw if (adt_set_user(ah, uid, gid, uid, gid, NULL, ADT_NEW)) {
212da6c28aaSamw syslog(LOG_AUTH | LOG_ALERT, "adt_set_user: %m");
213da6c28aaSamw adt_free_event(event);
214437d9da7SMatt Barden goto errout;
215da6c28aaSamw }
216da6c28aaSamw
2177f667e74Sjose borrego event->adt_smbd_session.domain = domain;
2187f667e74Sjose borrego event->adt_smbd_session.username = username;
219da6c28aaSamw event->adt_smbd_session.sid = sid;
220da6c28aaSamw
221da6c28aaSamw if (adt_put_event(event, status, retval))
222da6c28aaSamw syslog(LOG_AUTH | LOG_ALERT, "adt_put_event: %m");
223da6c28aaSamw
224da6c28aaSamw adt_free_event(event);
225da6c28aaSamw
226da6c28aaSamw if (token) {
227da6c28aaSamw if ((entry = malloc(sizeof (smb_audit_t))) == NULL) {
228da6c28aaSamw syslog(LOG_ERR, "smbd_user_auth_logon: %m");
229437d9da7SMatt Barden goto errout;
230da6c28aaSamw }
231da6c28aaSamw
232da6c28aaSamw entry->sa_handle = ah;
233da6c28aaSamw entry->sa_uid = uid;
234da6c28aaSamw entry->sa_gid = gid;
2357f667e74Sjose borrego entry->sa_username = strdup(username);
2367f667e74Sjose borrego entry->sa_domain = strdup(domain);
237da6c28aaSamw
238da6c28aaSamw smbd_audit_link(entry);
239da6c28aaSamw token->tkn_audit_sid = entry->sa_audit_sid;
240da6c28aaSamw }
241da6c28aaSamw
242*ba5ca684SMatt Barden return (B_TRUE);
243437d9da7SMatt Barden errout:
244437d9da7SMatt Barden (void) adt_end_session(ah);
245*ba5ca684SMatt Barden return (B_FALSE);
246*ba5ca684SMatt Barden }
247*ba5ca684SMatt Barden
248*ba5ca684SMatt Barden /*
249*ba5ca684SMatt Barden * Handles all of the work needed to be done after SMB authentication,
250*ba5ca684SMatt Barden * regardless of the auth flavor (Kerberos or NTLM).
251*ba5ca684SMatt Barden *
252*ba5ca684SMatt Barden * This should return the original status to the caller, unless something
253*ba5ca684SMatt Barden * here causes us to turn what would be a success into a failure
254*ba5ca684SMatt Barden * (or we decide we should override the original error for some reason).
255*ba5ca684SMatt Barden */
256*ba5ca684SMatt Barden uint32_t
smbd_logon_final(smb_token_t * token,smb_inaddr_t * ipaddr,char * username,char * domain,uint32_t status)257*ba5ca684SMatt Barden smbd_logon_final(smb_token_t *token, smb_inaddr_t *ipaddr, char *username,
258*ba5ca684SMatt Barden char *domain, uint32_t status)
259*ba5ca684SMatt Barden {
260*ba5ca684SMatt Barden assert(token != NULL || status != 0);
261*ba5ca684SMatt Barden
262*ba5ca684SMatt Barden if (!smbd_logon_audit(token, ipaddr, username, domain) && status == 0)
263*ba5ca684SMatt Barden return (NT_STATUS_AUDIT_FAILED);
264*ba5ca684SMatt Barden
265*ba5ca684SMatt Barden if (status == 0)
266*ba5ca684SMatt Barden smb_autohome_add(token);
267*ba5ca684SMatt Barden
268*ba5ca684SMatt Barden return (status);
269da6c28aaSamw }
270da6c28aaSamw
271da6c28aaSamw /*
272da6c28aaSamw * Logon due to a subsequent SmbSessionSetupX on an existing session.
273da6c28aaSamw * The user was authenticated during the initial session setup.
274da6c28aaSamw */
275da6c28aaSamw void
smbd_user_nonauth_logon(uint32_t audit_sid)276da6c28aaSamw smbd_user_nonauth_logon(uint32_t audit_sid)
277da6c28aaSamw {
278da6c28aaSamw smb_audit_t *entry;
279da6c28aaSamw
280da6c28aaSamw (void) mutex_lock(&smbd_audit_lock);
281da6c28aaSamw entry = smbd_audit_list;
282da6c28aaSamw
283da6c28aaSamw while (entry) {
284da6c28aaSamw if (entry->sa_audit_sid == audit_sid) {
285da6c28aaSamw ++entry->sa_refcnt;
286da6c28aaSamw break;
287da6c28aaSamw }
288da6c28aaSamw
289da6c28aaSamw entry = entry->sa_next;
290da6c28aaSamw }
291da6c28aaSamw
292da6c28aaSamw (void) mutex_unlock(&smbd_audit_lock);
293da6c28aaSamw }
294da6c28aaSamw
295da6c28aaSamw /*
296*ba5ca684SMatt Barden * Invoked at user logoff due to SMB Logoff. If this is the final
297da6c28aaSamw * logoff for this user on the session, audit the event and terminate
298da6c28aaSamw * the audit session.
299*ba5ca684SMatt Barden *
300*ba5ca684SMatt Barden * This is called to logoff both NTLMSSP and KRB5SSP authentications.
301da6c28aaSamw */
302da6c28aaSamw void
smbd_user_auth_logoff(uint32_t audit_sid)303da6c28aaSamw smbd_user_auth_logoff(uint32_t audit_sid)
304da6c28aaSamw {
305da6c28aaSamw smb_audit_t *entry;
306da6c28aaSamw adt_session_data_t *ah;
307da6c28aaSamw adt_event_data_t *event;
308c5866007SKeyur Desai struct passwd pw;
309c5866007SKeyur Desai char buf[NSS_LINELEN_PASSWD];
310da6c28aaSamw
311da6c28aaSamw if ((entry = smbd_audit_unlink(audit_sid)) == NULL)
312da6c28aaSamw return;
313da6c28aaSamw
314c5866007SKeyur Desai if (IDMAP_ID_IS_EPHEMERAL(entry->sa_uid)) {
3153ad684d6Sjb150015 smb_autohome_remove(entry->sa_username);
316c5866007SKeyur Desai } else {
317c5866007SKeyur Desai if (getpwuid_r(entry->sa_uid, &pw, buf, sizeof (buf)) == NULL)
318c5866007SKeyur Desai return;
319c5866007SKeyur Desai
320c5866007SKeyur Desai smb_autohome_remove(pw.pw_name);
321c5866007SKeyur Desai }
322da6c28aaSamw
323da6c28aaSamw ah = entry->sa_handle;
324da6c28aaSamw
325da6c28aaSamw if ((event = adt_alloc_event(ah, ADT_smbd_logoff)) == NULL) {
326da6c28aaSamw syslog(LOG_AUTH | LOG_ALERT,
327da6c28aaSamw "adt_alloc_event(ADT_smbd_logoff): %m");
328da6c28aaSamw } else {
329da6c28aaSamw event->adt_smbd_logoff.domain = entry->sa_domain;
330da6c28aaSamw event->adt_smbd_logoff.username = entry->sa_username;
331da6c28aaSamw
332da6c28aaSamw if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS))
333da6c28aaSamw syslog(LOG_AUTH | LOG_ALERT, "adt_put_event: %m");
334da6c28aaSamw
335da6c28aaSamw adt_free_event(event);
336da6c28aaSamw }
337da6c28aaSamw
338da6c28aaSamw (void) adt_end_session(ah);
339da6c28aaSamw
340da6c28aaSamw free(entry->sa_username);
341da6c28aaSamw free(entry->sa_domain);
342da6c28aaSamw free(entry);
343da6c28aaSamw }
344da6c28aaSamw
345da6c28aaSamw /*
346da6c28aaSamw * Allocate an id and link an audit handle onto the global list.
347da6c28aaSamw */
348da6c28aaSamw static void
smbd_audit_link(smb_audit_t * entry)349da6c28aaSamw smbd_audit_link(smb_audit_t *entry)
350da6c28aaSamw {
351da6c28aaSamw (void) mutex_lock(&smbd_audit_lock);
352da6c28aaSamw
353da6c28aaSamw do {
354da6c28aaSamw ++smbd_audit_sid;
355da6c28aaSamw } while ((smbd_audit_sid == 0) || (smbd_audit_sid == (uint32_t)-1));
356da6c28aaSamw
357da6c28aaSamw entry->sa_audit_sid = smbd_audit_sid;
358da6c28aaSamw entry->sa_refcnt = 1;
359da6c28aaSamw entry->sa_next = smbd_audit_list;
360da6c28aaSamw smbd_audit_list = entry;
361da6c28aaSamw
362da6c28aaSamw (void) mutex_unlock(&smbd_audit_lock);
363da6c28aaSamw }
364da6c28aaSamw
365da6c28aaSamw /*
366da6c28aaSamw * Unlink an audit handle. If the reference count reaches 0, the entry
367da6c28aaSamw * is removed from the list and returned. Otherwise the entry remains
368da6c28aaSamw * on the list and a null pointer is returned.
369da6c28aaSamw */
370da6c28aaSamw static smb_audit_t *
smbd_audit_unlink(uint32_t audit_sid)371da6c28aaSamw smbd_audit_unlink(uint32_t audit_sid)
372da6c28aaSamw {
373da6c28aaSamw smb_audit_t *entry;
374da6c28aaSamw smb_audit_t **ppe;
375da6c28aaSamw
376da6c28aaSamw (void) mutex_lock(&smbd_audit_lock);
377da6c28aaSamw ppe = &smbd_audit_list;
378da6c28aaSamw
379da6c28aaSamw while (*ppe) {
380da6c28aaSamw entry = *ppe;
381da6c28aaSamw
382da6c28aaSamw if (entry->sa_audit_sid == audit_sid) {
383da6c28aaSamw if (entry->sa_refcnt == 0)
384da6c28aaSamw break;
385da6c28aaSamw
386da6c28aaSamw if ((--entry->sa_refcnt) != 0)
387da6c28aaSamw break;
388da6c28aaSamw
389da6c28aaSamw *ppe = entry->sa_next;
390da6c28aaSamw (void) mutex_unlock(&smbd_audit_lock);
391da6c28aaSamw return (entry);
392da6c28aaSamw }
393da6c28aaSamw
394da6c28aaSamw ppe = &(*ppe)->sa_next;
395da6c28aaSamw }
396da6c28aaSamw
397da6c28aaSamw (void) mutex_unlock(&smbd_audit_lock);
398da6c28aaSamw return (NULL);
399da6c28aaSamw }
400