xref: /illumos-gate/usr/src/lib/smbsrv/libfksmbsrv/common/fksmb_idmap.c (revision 4c28a617e3922d92a58e813a5b955eb526b9c386)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23  * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
24  */
25 
26 /*
27  * SMB server interface to idmap
28  * (smb_idmap_get..., smb_idmap_batch_...)
29  *
30  * There are three implementations of this interface:
31  *	uts/common/fs/smbsrv/smb_idmap.c (smbsrv kmod)
32  *	lib/smbsrv/libfksmbsrv/common/fksmb_idmap.c (libfksmbsrv)
33  *	lib/smbsrv/libsmb/common/smb_idmap.c (libsmb)
34  *
35  * There are enough differences (relative to the code size)
36  * that it's more trouble than it's worth to merge them.
37  *
38  * This one differs from the others in that it:
39  *	calls idmap interfaces (libidmap)
40  *	uses kmem_... interfaces (libfakekernel)
41  *	uses cmn_err instead of syslog, etc.
42  */
43 
44 #include <sys/param.h>
45 #include <sys/types.h>
46 
47 #include <smbsrv/smb_kproto.h>
48 #include <smbsrv/smb_idmap.h>
49 
50 static int smb_idmap_batch_binsid(smb_idmap_batch_t *sib);
51 
52 /*
53  * Report an idmap error.
54  */
55 void
56 smb_idmap_check(const char *s, idmap_stat stat)
57 {
58 	if (stat != IDMAP_SUCCESS) {
59 		if (s == NULL)
60 			s = "smb_idmap_check";
61 
62 		cmn_err(CE_NOTE, "%s: %d", s, (int)stat);
63 	}
64 }
65 
66 /*
67  * smb_idmap_getsid
68  *
69  * Tries to get a mapping for the given uid/gid
70  * Allocates ->sim_domsid
71  */
72 idmap_stat
73 smb_idmap_getsid(uid_t id, int idtype, smb_sid_t **sid)
74 {
75 	smb_idmap_batch_t sib;
76 	idmap_stat stat;
77 
78 	stat = smb_idmap_batch_create(&sib, 1, SMB_IDMAP_ID2SID);
79 	if (stat != IDMAP_SUCCESS)
80 		return (stat);
81 
82 	stat = smb_idmap_batch_getsid(sib.sib_idmaph, &sib.sib_maps[0],
83 	    id, idtype);
84 
85 	if (stat != IDMAP_SUCCESS) {
86 		smb_idmap_batch_destroy(&sib);
87 		return (stat);
88 	}
89 
90 	stat = smb_idmap_batch_getmappings(&sib);
91 
92 	if (stat != IDMAP_SUCCESS) {
93 		smb_idmap_batch_destroy(&sib);
94 		return (stat);
95 	}
96 
97 	*sid = smb_sid_dup(sib.sib_maps[0].sim_sid);
98 
99 	smb_idmap_batch_destroy(&sib);
100 
101 	return (IDMAP_SUCCESS);
102 }
103 
104 /*
105  * smb_idmap_getid
106  *
107  * Tries to get a mapping for the given SID
108  */
109 idmap_stat
110 smb_idmap_getid(smb_sid_t *sid, uid_t *id, int *id_type)
111 {
112 	smb_idmap_batch_t sib;
113 	smb_idmap_t *sim;
114 	idmap_stat stat;
115 
116 	stat = smb_idmap_batch_create(&sib, 1, SMB_IDMAP_SID2ID);
117 	if (stat != IDMAP_SUCCESS)
118 		return (stat);
119 
120 	sim = &sib.sib_maps[0];
121 	sim->sim_id = id;
122 	stat = smb_idmap_batch_getid(sib.sib_idmaph, sim, sid, *id_type);
123 	if (stat != IDMAP_SUCCESS) {
124 		smb_idmap_batch_destroy(&sib);
125 		return (stat);
126 	}
127 
128 	stat = smb_idmap_batch_getmappings(&sib);
129 
130 	if (stat != IDMAP_SUCCESS) {
131 		smb_idmap_batch_destroy(&sib);
132 		return (stat);
133 	}
134 
135 	*id_type = sim->sim_idtype;
136 	smb_idmap_batch_destroy(&sib);
137 
138 	return (IDMAP_SUCCESS);
139 }
140 
141 /*
142  * smb_idmap_batch_create
143  *
144  * Creates and initializes the context for batch ID mapping.
145  */
146 idmap_stat
147 smb_idmap_batch_create(smb_idmap_batch_t *sib, uint16_t nmap, int flags)
148 {
149 	idmap_stat	stat;
150 
151 	if (!sib)
152 		return (IDMAP_ERR_ARG);
153 
154 	bzero(sib, sizeof (smb_idmap_batch_t));
155 	stat = idmap_get_create(&sib->sib_idmaph);
156 
157 	if (stat != IDMAP_SUCCESS) {
158 		smb_idmap_check("idmap_get_create", stat);
159 		return (stat);
160 	}
161 
162 	sib->sib_flags = flags;
163 	sib->sib_nmap = nmap;
164 	sib->sib_size = nmap * sizeof (smb_idmap_t);
165 	sib->sib_maps = kmem_zalloc(sib->sib_size, KM_SLEEP);
166 
167 	return (IDMAP_SUCCESS);
168 }
169 
170 /*
171  * smb_idmap_batch_destroy
172  *
173  * Frees the batch ID mapping context.
174  */
175 void
176 smb_idmap_batch_destroy(smb_idmap_batch_t *sib)
177 {
178 	int i;
179 
180 	if (sib == NULL)
181 		return;
182 
183 	if (sib->sib_idmaph) {
184 		idmap_get_destroy(sib->sib_idmaph);
185 		sib->sib_idmaph = NULL;
186 	}
187 
188 	if (sib->sib_maps == NULL)
189 		return;
190 
191 	if (sib->sib_flags & SMB_IDMAP_ID2SID) {
192 		/*
193 		 * SIDs are allocated only when mapping
194 		 * UID/GID to SIDs
195 		 */
196 		for (i = 0; i < sib->sib_nmap; i++) {
197 			smb_sid_free(sib->sib_maps[i].sim_sid);
198 			/* from strdup() in libidmap */
199 			free(sib->sib_maps[i].sim_domsid);
200 		}
201 	}
202 
203 	if (sib->sib_size && sib->sib_maps) {
204 		kmem_free(sib->sib_maps, sib->sib_size);
205 		sib->sib_maps = NULL;
206 	}
207 }
208 
209 /*
210  * smb_idmap_batch_getid
211  *
212  * Queue a request to map the given SID to a UID or GID.
213  *
214  * sim->sim_id should point to variable that's supposed to
215  * hold the returned UID/GID. This needs to be setup by caller
216  * of this function.
217  * If requested ID type is known, it's passed as 'idtype',
218  * if it's unknown it'll be returned in sim->sim_idtype.
219  */
220 idmap_stat
221 smb_idmap_batch_getid(idmap_get_handle_t *idmaph, smb_idmap_t *sim,
222     smb_sid_t *sid, int idtype)
223 {
224 	char sidstr[SMB_SID_STRSZ];
225 	idmap_stat stat;
226 	int flag = 0;
227 
228 	if (idmaph == NULL || sim == NULL || sid == NULL)
229 		return (IDMAP_ERR_ARG);
230 
231 	smb_sid_tostr(sid, sidstr);
232 	if (smb_sid_splitstr(sidstr, &sim->sim_rid) != 0)
233 		return (IDMAP_ERR_SID);
234 	sim->sim_domsid = sidstr;
235 	sim->sim_idtype = idtype;
236 
237 	switch (idtype) {
238 	case SMB_IDMAP_USER:
239 		stat = idmap_get_uidbysid(idmaph, sim->sim_domsid,
240 		    sim->sim_rid, flag, sim->sim_id, &sim->sim_stat);
241 		smb_idmap_check("idmap_get_uidbysid", stat);
242 		break;
243 
244 	case SMB_IDMAP_GROUP:
245 		stat = idmap_get_gidbysid(idmaph, sim->sim_domsid,
246 		    sim->sim_rid, flag, sim->sim_id, &sim->sim_stat);
247 		smb_idmap_check("idmap_get_gidbysid", stat);
248 		break;
249 
250 	case SMB_IDMAP_UNKNOWN:
251 		stat = idmap_get_pidbysid(idmaph, sim->sim_domsid,
252 		    sim->sim_rid, flag, sim->sim_id, &sim->sim_idtype,
253 		    &sim->sim_stat);
254 		smb_idmap_check("idmap_get_pidbysid", stat);
255 		break;
256 
257 	default:
258 		stat = IDMAP_ERR_ARG;
259 		break;
260 	}
261 
262 	/* This was copied by idmap_get_Xbysid. */
263 	sim->sim_domsid = NULL;
264 
265 	return (stat);
266 }
267 
268 /*
269  * smb_idmap_batch_getsid
270  *
271  * Queue a request to map the given UID/GID to a SID.
272  *
273  * sim->sim_domsid and sim->sim_rid will contain the mapping
274  * result upon successful process of the batched request.
275  * NB: sim_domsid allocated by strdup, here or in libidmap
276  */
277 idmap_stat
278 smb_idmap_batch_getsid(idmap_get_handle_t *idmaph, smb_idmap_t *sim,
279     uid_t id, int idtype)
280 {
281 	idmap_stat stat;
282 	int flag = 0;
283 
284 	if (!idmaph || !sim)
285 		return (IDMAP_ERR_ARG);
286 
287 	switch (idtype) {
288 	case SMB_IDMAP_USER:
289 		stat = idmap_get_sidbyuid(idmaph, id, flag,
290 		    &sim->sim_domsid, &sim->sim_rid, &sim->sim_stat);
291 		smb_idmap_check("idmap_get_sidbyuid", stat);
292 		break;
293 
294 	case SMB_IDMAP_GROUP:
295 		stat = idmap_get_sidbygid(idmaph, id, flag,
296 		    &sim->sim_domsid, &sim->sim_rid, &sim->sim_stat);
297 		smb_idmap_check("idmap_get_sidbygid", stat);
298 		break;
299 
300 	case SMB_IDMAP_OWNERAT:
301 		/* Current Owner S-1-5-32-766 */
302 		sim->sim_domsid = strdup(NT_BUILTIN_DOMAIN_SIDSTR);
303 		sim->sim_rid = SECURITY_CURRENT_OWNER_RID;
304 		sim->sim_stat = IDMAP_SUCCESS;
305 		stat = IDMAP_SUCCESS;
306 		break;
307 
308 	case SMB_IDMAP_GROUPAT:
309 		/* Current Group S-1-5-32-767 */
310 		sim->sim_domsid = strdup(NT_BUILTIN_DOMAIN_SIDSTR);
311 		sim->sim_rid = SECURITY_CURRENT_GROUP_RID;
312 		sim->sim_stat = IDMAP_SUCCESS;
313 		stat = IDMAP_SUCCESS;
314 		break;
315 
316 	case SMB_IDMAP_EVERYONE:
317 		/* Everyone S-1-1-0 */
318 		sim->sim_domsid = strdup(NT_WORLD_AUTH_SIDSTR);
319 		sim->sim_rid = 0;
320 		sim->sim_stat = IDMAP_SUCCESS;
321 		stat = IDMAP_SUCCESS;
322 		break;
323 
324 	default:
325 		return (IDMAP_ERR_ARG);
326 	}
327 
328 	return (stat);
329 }
330 
331 /*
332  * smb_idmap_batch_getmappings
333  *
334  * trigger ID mapping service to get the mappings for queued
335  * requests.
336  *
337  * Checks the result of all the queued requests.
338  */
339 idmap_stat
340 smb_idmap_batch_getmappings(smb_idmap_batch_t *sib)
341 {
342 	idmap_stat stat = IDMAP_SUCCESS;
343 	smb_idmap_t *sim;
344 	int i;
345 
346 	if ((stat = idmap_get_mappings(sib->sib_idmaph)) != IDMAP_SUCCESS) {
347 		smb_idmap_check("idmap_get_mappings", stat);
348 		return (stat);
349 	}
350 
351 	/*
352 	 * Check the status for all the queued requests
353 	 */
354 	for (i = 0, sim = sib->sib_maps; i < sib->sib_nmap; i++, sim++) {
355 		if (sim->sim_stat != IDMAP_SUCCESS) {
356 			if (sib->sib_flags == SMB_IDMAP_SID2ID) {
357 				cmn_err(CE_NOTE, "[%d] %d (%d)",
358 				    sim->sim_idtype,
359 				    sim->sim_rid,
360 				    sim->sim_stat);
361 			}
362 			return (sim->sim_stat);
363 		}
364 	}
365 
366 	if (smb_idmap_batch_binsid(sib) != 0)
367 		stat = IDMAP_ERR_OTHER;
368 
369 	return (stat);
370 }
371 
372 /*
373  * smb_idmap_batch_binsid
374  *
375  * Convert sidrids to binary sids
376  *
377  * Returns 0 if successful and non-zero upon failure.
378  */
379 static int
380 smb_idmap_batch_binsid(smb_idmap_batch_t *sib)
381 {
382 	smb_sid_t *sid;
383 	smb_idmap_t *sim;
384 	int i;
385 
386 	if (sib->sib_flags & SMB_IDMAP_SID2ID)
387 		/* This operation is not required */
388 		return (0);
389 
390 	sim = sib->sib_maps;
391 	for (i = 0; i < sib->sib_nmap; sim++, i++) {
392 		if (sim->sim_domsid == NULL)
393 			return (-1);
394 
395 		sid = smb_sid_fromstr(sim->sim_domsid);
396 		if (sid == NULL)
397 			return (-1);
398 
399 		sim->sim_sid = smb_sid_splice(sid, sim->sim_rid);
400 		smb_sid_free(sid);
401 	}
402 
403 	return (0);
404 }
405