1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 23 * Copyright 2022 Tintri by DDN, Inc. All rights reserved. 24 * Copyright 2022 RackTop Systems, Inc. 25 */ 26 27 /* 28 * CIFS configuration management library 29 */ 30 31 /* 32 * Checking for things like unsupportable parameter combinations are 33 * the responsibility of callers of these functions. Example include: 34 * trying to set min_protocol above max_protocol, or requiring encryption 35 * with an allowed protocol range that can't support it. 36 */ 37 38 #include <stdio.h> 39 #include <stdlib.h> 40 #include <unistd.h> 41 #include <synch.h> 42 #include <string.h> 43 #include <strings.h> 44 #include <syslog.h> 45 #include <netdb.h> 46 #include <ctype.h> 47 #include <sys/types.h> 48 #include <libscf.h> 49 #include <assert.h> 50 #include <uuid/uuid.h> 51 #include <smbsrv/libsmb.h> 52 53 typedef struct smb_cfg_param { 54 smb_cfg_id_t sc_id; 55 char *sc_name; 56 int sc_type; 57 uint32_t sc_flags; 58 } smb_cfg_param_t; 59 60 struct str_val { 61 char *str; 62 uint32_t val; 63 }; 64 65 /* 66 * config parameter flags 67 */ 68 #define SMB_CF_PROTECTED 0x01 69 #define SMB_CF_EXEC 0x02 70 71 /* idmap SMF fmri and Property Group */ 72 #define IDMAP_FMRI_PREFIX "system/idmap" 73 #define MACHINE_SID "machine_sid" 74 #define MACHINE_UUID "machine_uuid" 75 #define IDMAP_DOMAIN "domain_name" 76 #define IDMAP_PREF_DC "preferred_dc" 77 #define IDMAP_SITE_NAME "site_name" 78 #define IDMAP_PG_NAME "config" 79 80 #define SMB_SECMODE_WORKGRP_STR "workgroup" 81 #define SMB_SECMODE_DOMAIN_STR "domain" 82 83 #define SMB_ENC_LEN 1024 84 #define SMB_DEC_LEN 256 85 86 static char *b64_data = 87 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; 88 89 static smb_cfg_param_t smb_cfg_table[] = 90 { 91 {SMB_CI_VERSION, "sv_version", SCF_TYPE_ASTRING, 0}, 92 93 /* Oplock configuration, Kernel Only */ 94 {SMB_CI_OPLOCK_ENABLE, "oplock_enable", SCF_TYPE_BOOLEAN, 0}, 95 96 /* Autohome configuration */ 97 {SMB_CI_AUTOHOME_MAP, "autohome_map", SCF_TYPE_ASTRING, 0}, 98 99 /* Domain/PDC configuration */ 100 {SMB_CI_DOMAIN_SID, "domain_sid", SCF_TYPE_ASTRING, 0}, 101 {SMB_CI_DOMAIN_MEMB, "domain_member", SCF_TYPE_BOOLEAN, 0}, 102 {SMB_CI_DOMAIN_NAME, "domain_name", SCF_TYPE_ASTRING, 0}, 103 {SMB_CI_DOMAIN_FQDN, "fqdn", SCF_TYPE_ASTRING, 0}, 104 {SMB_CI_DOMAIN_FOREST, "forest", SCF_TYPE_ASTRING, 0}, 105 {SMB_CI_DOMAIN_GUID, "domain_guid", SCF_TYPE_ASTRING, 0}, 106 {SMB_CI_DOMAIN_SRV, "pdc", SCF_TYPE_ASTRING, 0}, 107 108 /* WINS configuration */ 109 {SMB_CI_WINS_SRV1, "wins_server_1", SCF_TYPE_ASTRING, 0}, 110 {SMB_CI_WINS_SRV2, "wins_server_2", SCF_TYPE_ASTRING, 0}, 111 {SMB_CI_WINS_EXCL, "wins_exclude", SCF_TYPE_ASTRING, 0}, 112 113 /* Kmod specific configuration */ 114 {SMB_CI_MAX_WORKERS, "max_workers", SCF_TYPE_INTEGER, 0}, 115 {SMB_CI_MAX_CONNECTIONS, "max_connections", SCF_TYPE_INTEGER, 0}, 116 {SMB_CI_KEEPALIVE, "keep_alive", SCF_TYPE_INTEGER, 0}, 117 {SMB_CI_RESTRICT_ANON, "restrict_anonymous", SCF_TYPE_BOOLEAN, 0}, 118 119 {SMB_CI_SIGNING_ENABLE, "signing_enabled", SCF_TYPE_BOOLEAN, 0}, 120 {SMB_CI_SIGNING_REQD, "signing_required", SCF_TYPE_BOOLEAN, 0}, 121 122 /* Kmod tuning configuration */ 123 {SMB_CI_SYNC_ENABLE, "sync_enable", SCF_TYPE_BOOLEAN, 0}, 124 125 /* SMBd configuration */ 126 {SMB_CI_SECURITY, "security", SCF_TYPE_ASTRING, 0}, 127 {SMB_CI_NETBIOS_ENABLE, "netbios_enable", SCF_TYPE_BOOLEAN, 0}, 128 {SMB_CI_NBSCOPE, "netbios_scope", SCF_TYPE_ASTRING, 0}, 129 {SMB_CI_SYS_CMNT, "system_comment", SCF_TYPE_ASTRING, 0}, 130 {SMB_CI_LM_LEVEL, "lmauth_level", SCF_TYPE_INTEGER, 0}, 131 132 /* ADS Configuration */ 133 {SMB_CI_ADS_SITE, "ads_site", SCF_TYPE_ASTRING, 0}, 134 135 /* Dynamic DNS */ 136 {SMB_CI_DYNDNS_ENABLE, "ddns_enable", SCF_TYPE_BOOLEAN, 0}, 137 138 {SMB_CI_MACHINE_PASSWD, "machine_passwd", SCF_TYPE_ASTRING, 139 SMB_CF_PROTECTED}, 140 141 {SMB_CI_MACHINE_UUID, "machine_uuid", SCF_TYPE_ASTRING, 0}, 142 {SMB_CI_KPASSWD_SRV, "kpasswd_server", SCF_TYPE_ASTRING, 0}, 143 {SMB_CI_KPASSWD_DOMAIN, "kpasswd_domain", SCF_TYPE_ASTRING, 0}, 144 {SMB_CI_KPASSWD_SEQNUM, "kpasswd_seqnum", SCF_TYPE_INTEGER, 0}, 145 {SMB_CI_NETLOGON_SEQNUM, "netlogon_seqnum", SCF_TYPE_INTEGER, 0}, 146 {SMB_CI_IPV6_ENABLE, "ipv6_enable", SCF_TYPE_BOOLEAN, 0}, 147 {SMB_CI_PRINT_ENABLE, "print_enable", SCF_TYPE_BOOLEAN, 0}, 148 {SMB_CI_MAP, "map", SCF_TYPE_ASTRING, SMB_CF_EXEC}, 149 {SMB_CI_UNMAP, "unmap", SCF_TYPE_ASTRING, SMB_CF_EXEC}, 150 {SMB_CI_DISPOSITION, "disposition", SCF_TYPE_ASTRING, SMB_CF_EXEC}, 151 {SMB_CI_DFS_STDROOT_NUM, "dfs_stdroot_num", SCF_TYPE_INTEGER, 0}, 152 {SMB_CI_TRAVERSE_MOUNTS, "traverse_mounts", SCF_TYPE_BOOLEAN, 0}, 153 {SMB_CI_SMB2_ENABLE_OLD, "smb2_enable", SCF_TYPE_BOOLEAN, 0}, 154 {SMB_CI_INITIAL_CREDITS, "initial_credits", SCF_TYPE_INTEGER, 0}, 155 {SMB_CI_MAXIMUM_CREDITS, "maximum_credits", SCF_TYPE_INTEGER, 0}, 156 {SMB_CI_MAX_PROTOCOL, "max_protocol", SCF_TYPE_ASTRING, 0}, 157 {SMB_CI_ENCRYPT, "encrypt", SCF_TYPE_ASTRING, 0}, 158 {SMB_CI_MIN_PROTOCOL, "min_protocol", SCF_TYPE_ASTRING, 0}, 159 {SMB_CI_BYPASS_TRAVERSE_CHECKING, 160 "bypass_traverse_checking", SCF_TYPE_BOOLEAN, 0}, 161 {SMB_CI_ENCRYPT_CIPHERS, "encrypt_ciphers", SCF_TYPE_ASTRING, 0}, 162 {SMB_CI_NETLOGON_FLAGS, "netlogon_flags", SCF_TYPE_INTEGER, 0}, 163 {SMB_CI_SHORT_NAMES, "short_names", SCF_TYPE_BOOLEAN, 0}, 164 {SMB_CI_MAX_OPENS, "max_opens", SCF_TYPE_INTEGER, 0}, 165 166 /* SMB_CI_MAX */ 167 }; 168 169 /* 170 * We store the max SMB protocol version in SMF as a string, 171 * (for convenience of svccfg etc) but the programmatic get/set 172 * interfaces use the numeric form. 173 * 174 * The numeric values are as defined in the [MS-SMB2] spec. 175 * except for how we represent "1" (for SMB1) which is an 176 * arbitrary value below SMB2_VERS_BASE. 177 */ 178 static struct str_val 179 smb_versions[] = { 180 { "3.11", SMB_VERS_3_11 }, 181 { "3.02", SMB_VERS_3_02 }, 182 { "3.0", SMB_VERS_3_0 }, 183 { "2.1", SMB_VERS_2_1 }, 184 { "2.002", SMB_VERS_2_002 }, 185 { "1", SMB_VERS_1 }, 186 { NULL, 0 } 187 }; 188 189 /* 190 * Supported encryption ciphers. 191 */ 192 static struct str_val 193 smb31_encrypt_ciphers[] = { 194 { "aes128-ccm", SMB3_CIPHER_FLAG_AES128_CCM }, /* SMB 3.x */ 195 { "aes128-gcm", SMB3_CIPHER_FLAG_AES128_GCM }, /* SMB 3.1.1 */ 196 { "aes256-ccm", SMB3_CIPHER_FLAG_AES256_CCM }, /* SMB 3.1.1 */ 197 { "aes256-gcm", SMB3_CIPHER_FLAG_AES256_GCM }, /* SMB 3.1.1 */ 198 { "all", SMB3_CIPHER_FLAGS_ALL }, 199 { NULL, 0 } 200 }; 201 /* Buffer large enough to hold all cipher names. */ 202 #define SMB_CIPHERS_MAXLEN 64 203 204 static smb_cfg_param_t *smb_config_getent(smb_cfg_id_t); 205 206 static boolean_t smb_is_base64(unsigned char c); 207 static char *smb_base64_encode(char *str_to_encode); 208 static char *smb_base64_decode(char *encoded_str); 209 static int smb_config_get_idmap_preferred_dc(char *, int); 210 static int smb_config_set_idmap_preferred_dc(char *); 211 static int smb_config_get_idmap_site_name(char *, int); 212 static int smb_config_set_idmap_site_name(char *); 213 214 uint32_t 215 smb_convert_version_str(const char *version) 216 { 217 uint32_t dialect = 0; 218 int i; 219 220 for (i = 0; smb_versions[i].str != NULL; i++) { 221 if (strcmp(version, smb_versions[i].str) == 0) 222 dialect = smb_versions[i].val; 223 } 224 225 return (dialect); 226 } 227 228 char * 229 smb_config_getname(smb_cfg_id_t id) 230 { 231 smb_cfg_param_t *cfg; 232 cfg = smb_config_getent(id); 233 return (cfg->sc_name); 234 } 235 236 static boolean_t 237 smb_is_base64(unsigned char c) 238 { 239 return (isalnum(c) || (c == '+') || (c == '/')); 240 } 241 242 /* 243 * smb_base64_encode 244 * 245 * Encode a string using base64 algorithm. 246 * Caller should free the returned buffer when done. 247 */ 248 static char * 249 smb_base64_encode(char *str_to_encode) 250 { 251 int ret_cnt = 0; 252 int i = 0, j = 0; 253 char arr_3[3], arr_4[4]; 254 int len = strlen(str_to_encode); 255 char *ret = malloc(SMB_ENC_LEN); 256 257 if (ret == NULL) { 258 return (NULL); 259 } 260 261 while (len--) { 262 arr_3[i++] = *(str_to_encode++); 263 if (i == 3) { 264 arr_4[0] = (arr_3[0] & 0xfc) >> 2; 265 arr_4[1] = ((arr_3[0] & 0x03) << 4) + 266 ((arr_3[1] & 0xf0) >> 4); 267 arr_4[2] = ((arr_3[1] & 0x0f) << 2) + 268 ((arr_3[2] & 0xc0) >> 6); 269 arr_4[3] = arr_3[2] & 0x3f; 270 271 for (i = 0; i < 4; i++) 272 ret[ret_cnt++] = b64_data[arr_4[i]]; 273 i = 0; 274 } 275 } 276 277 if (i) { 278 for (j = i; j < 3; j++) 279 arr_3[j] = '\0'; 280 281 arr_4[0] = (arr_3[0] & 0xfc) >> 2; 282 arr_4[1] = ((arr_3[0] & 0x03) << 4) + 283 ((arr_3[1] & 0xf0) >> 4); 284 arr_4[2] = ((arr_3[1] & 0x0f) << 2) + 285 ((arr_3[2] & 0xc0) >> 6); 286 arr_4[3] = arr_3[2] & 0x3f; 287 288 for (j = 0; j < (i + 1); j++) 289 ret[ret_cnt++] = b64_data[arr_4[j]]; 290 291 while (i++ < 3) 292 ret[ret_cnt++] = '='; 293 } 294 295 ret[ret_cnt++] = '\0'; 296 return (ret); 297 } 298 299 /* 300 * smb_base64_decode 301 * 302 * Decode using base64 algorithm. 303 * Caller should free the returned buffer when done. 304 */ 305 static char * 306 smb_base64_decode(char *encoded_str) 307 { 308 int len = strlen(encoded_str); 309 int i = 0, j = 0; 310 int en_ind = 0; 311 char arr_4[4], arr_3[3]; 312 int ret_cnt = 0; 313 char *ret = malloc(SMB_DEC_LEN); 314 char *p; 315 316 if (ret == NULL) { 317 return (NULL); 318 } 319 320 while (len-- && (encoded_str[en_ind] != '=') && 321 smb_is_base64(encoded_str[en_ind])) { 322 arr_4[i++] = encoded_str[en_ind]; 323 en_ind++; 324 if (i == 4) { 325 for (i = 0; i < 4; i++) { 326 if ((p = strchr(b64_data, arr_4[i])) == NULL) 327 return (NULL); 328 329 arr_4[i] = (int)(p - b64_data); 330 } 331 332 arr_3[0] = (arr_4[0] << 2) + 333 ((arr_4[1] & 0x30) >> 4); 334 arr_3[1] = ((arr_4[1] & 0xf) << 4) + 335 ((arr_4[2] & 0x3c) >> 2); 336 arr_3[2] = ((arr_4[2] & 0x3) << 6) + 337 arr_4[3]; 338 339 for (i = 0; i < 3; i++) 340 ret[ret_cnt++] = arr_3[i]; 341 342 i = 0; 343 } 344 } 345 346 if (i) { 347 for (j = i; j < 4; j++) 348 arr_4[j] = 0; 349 350 for (j = 0; j < 4; j++) { 351 if ((p = strchr(b64_data, arr_4[j])) == NULL) 352 return (NULL); 353 354 arr_4[j] = (int)(p - b64_data); 355 } 356 arr_3[0] = (arr_4[0] << 2) + 357 ((arr_4[1] & 0x30) >> 4); 358 arr_3[1] = ((arr_4[1] & 0xf) << 4) + 359 ((arr_4[2] & 0x3c) >> 2); 360 arr_3[2] = ((arr_4[2] & 0x3) << 6) + 361 arr_4[3]; 362 for (j = 0; j < (i - 1); j++) 363 ret[ret_cnt++] = arr_3[j]; 364 } 365 366 ret[ret_cnt++] = '\0'; 367 return (ret); 368 } 369 370 static char * 371 smb_config_getenv_generic(char *name, char *svc_fmri_prefix, char *svc_propgrp) 372 { 373 smb_scfhandle_t *handle; 374 char *value; 375 376 if ((value = malloc(MAX_VALUE_BUFLEN * sizeof (char))) == NULL) 377 return (NULL); 378 379 handle = smb_smf_scf_init(svc_fmri_prefix); 380 if (handle == NULL) { 381 free(value); 382 return (NULL); 383 } 384 385 (void) smb_smf_create_service_pgroup(handle, svc_propgrp); 386 387 if (smb_smf_get_string_property(handle, name, value, 388 sizeof (char) * MAX_VALUE_BUFLEN) != 0) { 389 smb_smf_scf_fini(handle); 390 free(value); 391 return (NULL); 392 } 393 394 smb_smf_scf_fini(handle); 395 return (value); 396 397 } 398 399 static int 400 smb_config_setenv_generic(char *svc_fmri_prefix, char *svc_propgrp, 401 char *name, char *value) 402 { 403 smb_scfhandle_t *handle = NULL; 404 int rc = 0; 405 406 407 handle = smb_smf_scf_init(svc_fmri_prefix); 408 if (handle == NULL) { 409 return (1); 410 } 411 412 (void) smb_smf_create_service_pgroup(handle, svc_propgrp); 413 414 if (smb_smf_start_transaction(handle) != SMBD_SMF_OK) { 415 smb_smf_scf_fini(handle); 416 return (1); 417 } 418 419 if (smb_smf_set_string_property(handle, name, value) != SMBD_SMF_OK) 420 rc = 1; 421 422 if (smb_smf_end_transaction(handle) != SMBD_SMF_OK) 423 rc = 1; 424 425 smb_smf_scf_fini(handle); 426 return (rc); 427 } 428 429 /* 430 * smb_config_getstr 431 * 432 * Fetch the specified string configuration item from SMF 433 */ 434 int 435 smb_config_getstr(smb_cfg_id_t id, char *cbuf, int bufsz) 436 { 437 smb_scfhandle_t *handle; 438 smb_cfg_param_t *cfg; 439 int rc = SMBD_SMF_OK; 440 char *pg; 441 char protbuf[SMB_ENC_LEN]; 442 char *tmp; 443 444 *cbuf = '\0'; 445 cfg = smb_config_getent(id); 446 assert(cfg->sc_type == SCF_TYPE_ASTRING); 447 448 if (id == SMB_CI_ADS_SITE) 449 return (smb_config_get_idmap_site_name(cbuf, bufsz)); 450 if (id == SMB_CI_DOMAIN_SRV) 451 return (smb_config_get_idmap_preferred_dc(cbuf, bufsz)); 452 453 handle = smb_smf_scf_init(SMBD_FMRI_PREFIX); 454 if (handle == NULL) 455 return (SMBD_SMF_SYSTEM_ERR); 456 457 if (cfg->sc_flags & SMB_CF_PROTECTED) { 458 if ((rc = smb_smf_create_service_pgroup(handle, 459 SMBD_PROTECTED_PG_NAME)) != SMBD_SMF_OK) 460 goto error; 461 462 if ((rc = smb_smf_get_string_property(handle, cfg->sc_name, 463 protbuf, sizeof (protbuf))) != SMBD_SMF_OK) 464 goto error; 465 466 if (*protbuf != '\0') { 467 tmp = smb_base64_decode(protbuf); 468 (void) strlcpy(cbuf, tmp, bufsz); 469 free(tmp); 470 } 471 } else { 472 pg = (cfg->sc_flags & SMB_CF_EXEC) ? SMBD_EXEC_PG_NAME : 473 SMBD_PG_NAME; 474 rc = smb_smf_create_service_pgroup(handle, pg); 475 if (rc == SMBD_SMF_OK) 476 rc = smb_smf_get_string_property(handle, cfg->sc_name, 477 cbuf, bufsz); 478 } 479 480 error: 481 smb_smf_scf_fini(handle); 482 return (rc); 483 } 484 485 /* 486 * Translate the value of an astring SMF property into a binary 487 * IP address. If the value is neither a valid IPv4 nor IPv6 488 * address, attempt to look it up as a hostname using the 489 * configured address type. 490 */ 491 int 492 smb_config_getip(smb_cfg_id_t sc_id, smb_inaddr_t *ipaddr) 493 { 494 int rc, error; 495 int a_family; 496 char ipstr[MAXHOSTNAMELEN]; 497 struct hostent *h; 498 smb_cfg_param_t *cfg; 499 500 if (ipaddr == NULL) 501 return (SMBD_SMF_INVALID_ARG); 502 503 bzero(ipaddr, sizeof (smb_inaddr_t)); 504 rc = smb_config_getstr(sc_id, ipstr, sizeof (ipstr)); 505 if (rc == SMBD_SMF_OK) { 506 if (*ipstr == '\0') 507 return (SMBD_SMF_INVALID_ARG); 508 509 if (inet_pton(AF_INET, ipstr, &ipaddr->a_ipv4) == 1) { 510 ipaddr->a_family = AF_INET; 511 return (SMBD_SMF_OK); 512 } 513 514 if (inet_pton(AF_INET6, ipstr, &ipaddr->a_ipv6) == 1) { 515 ipaddr->a_family = AF_INET6; 516 return (SMBD_SMF_OK); 517 } 518 519 /* 520 * The value is neither an IPv4 nor IPv6 address; 521 * so check if it's a hostname. 522 */ 523 a_family = smb_config_getbool(SMB_CI_IPV6_ENABLE) ? 524 AF_INET6 : AF_INET; 525 h = getipnodebyname(ipstr, a_family, AI_DEFAULT, 526 &error); 527 if (h != NULL) { 528 bcopy(*(h->h_addr_list), &ipaddr->a_ip, 529 h->h_length); 530 ipaddr->a_family = a_family; 531 freehostent(h); 532 rc = SMBD_SMF_OK; 533 } else { 534 cfg = smb_config_getent(sc_id); 535 syslog(LOG_ERR, "smbd/%s: %s unable to get %s " 536 "address: %d", cfg->sc_name, ipstr, 537 a_family == AF_INET ? "IPv4" : "IPv6", error); 538 rc = SMBD_SMF_INVALID_ARG; 539 } 540 } 541 542 return (rc); 543 } 544 545 /* 546 * smb_config_getnum 547 * 548 * Returns the value of a numeric config param. 549 */ 550 int 551 smb_config_getnum(smb_cfg_id_t id, int64_t *cint) 552 { 553 smb_scfhandle_t *handle; 554 smb_cfg_param_t *cfg; 555 int rc = SMBD_SMF_OK; 556 557 *cint = 0; 558 cfg = smb_config_getent(id); 559 assert(cfg->sc_type == SCF_TYPE_INTEGER); 560 561 handle = smb_smf_scf_init(SMBD_FMRI_PREFIX); 562 if (handle == NULL) 563 return (SMBD_SMF_SYSTEM_ERR); 564 565 rc = smb_smf_create_service_pgroup(handle, SMBD_PG_NAME); 566 if (rc == SMBD_SMF_OK) 567 rc = smb_smf_get_integer_property(handle, cfg->sc_name, cint); 568 smb_smf_scf_fini(handle); 569 570 return (rc); 571 } 572 573 /* 574 * smb_config_getbool 575 * 576 * Returns the value of a boolean config param. 577 */ 578 boolean_t 579 smb_config_getbool(smb_cfg_id_t id) 580 { 581 smb_scfhandle_t *handle; 582 smb_cfg_param_t *cfg; 583 int rc = SMBD_SMF_OK; 584 uint8_t vbool; 585 586 cfg = smb_config_getent(id); 587 assert(cfg->sc_type == SCF_TYPE_BOOLEAN); 588 589 handle = smb_smf_scf_init(SMBD_FMRI_PREFIX); 590 if (handle == NULL) 591 return (B_FALSE); 592 593 rc = smb_smf_create_service_pgroup(handle, SMBD_PG_NAME); 594 if (rc == SMBD_SMF_OK) 595 rc = smb_smf_get_boolean_property(handle, cfg->sc_name, &vbool); 596 smb_smf_scf_fini(handle); 597 598 return ((rc == SMBD_SMF_OK) ? (vbool == 1) : B_FALSE); 599 } 600 601 /* 602 * smb_config_get 603 * 604 * This function returns the value of the requested config 605 * iterm regardless of its type in string format. This should 606 * be used when the config item type is not known by the caller. 607 */ 608 int 609 smb_config_get(smb_cfg_id_t id, char *cbuf, int bufsz) 610 { 611 smb_cfg_param_t *cfg; 612 int64_t cint; 613 int rc; 614 615 cfg = smb_config_getent(id); 616 switch (cfg->sc_type) { 617 case SCF_TYPE_ASTRING: 618 return (smb_config_getstr(id, cbuf, bufsz)); 619 620 case SCF_TYPE_INTEGER: 621 rc = smb_config_getnum(id, &cint); 622 if (rc == SMBD_SMF_OK) 623 (void) snprintf(cbuf, bufsz, "%lld", cint); 624 return (rc); 625 626 case SCF_TYPE_BOOLEAN: 627 if (smb_config_getbool(id)) 628 (void) strlcpy(cbuf, "true", bufsz); 629 else 630 (void) strlcpy(cbuf, "false", bufsz); 631 return (SMBD_SMF_OK); 632 } 633 634 return (SMBD_SMF_INVALID_ARG); 635 } 636 637 /* 638 * smb_config_setstr 639 * 640 * Set the specified config param with the given 641 * value. 642 */ 643 int 644 smb_config_setstr(smb_cfg_id_t id, char *value) 645 { 646 smb_scfhandle_t *handle; 647 smb_cfg_param_t *cfg; 648 int rc = SMBD_SMF_OK; 649 boolean_t protected; 650 char *tmp = NULL; 651 char *pg; 652 653 cfg = smb_config_getent(id); 654 assert(cfg->sc_type == SCF_TYPE_ASTRING); 655 656 if (id == SMB_CI_ADS_SITE) 657 return (smb_config_set_idmap_site_name(value)); 658 if (id == SMB_CI_DOMAIN_SRV) 659 return (smb_config_set_idmap_preferred_dc(value)); 660 661 protected = B_FALSE; 662 663 switch (cfg->sc_flags) { 664 case SMB_CF_PROTECTED: 665 protected = B_TRUE; 666 pg = SMBD_PROTECTED_PG_NAME; 667 break; 668 case SMB_CF_EXEC: 669 pg = SMBD_EXEC_PG_NAME; 670 break; 671 default: 672 pg = SMBD_PG_NAME; 673 break; 674 } 675 676 handle = smb_smf_scf_init(SMBD_FMRI_PREFIX); 677 if (handle == NULL) 678 return (SMBD_SMF_SYSTEM_ERR); 679 680 rc = smb_smf_create_service_pgroup(handle, pg); 681 if (rc == SMBD_SMF_OK) 682 rc = smb_smf_start_transaction(handle); 683 684 if (rc != SMBD_SMF_OK) { 685 smb_smf_scf_fini(handle); 686 return (rc); 687 } 688 689 if (protected && value && (*value != '\0')) { 690 if ((tmp = smb_base64_encode(value)) == NULL) { 691 (void) smb_smf_end_transaction(handle); 692 smb_smf_scf_fini(handle); 693 return (SMBD_SMF_NO_MEMORY); 694 } 695 696 value = tmp; 697 } 698 699 rc = smb_smf_set_string_property(handle, cfg->sc_name, value); 700 701 free(tmp); 702 (void) smb_smf_end_transaction(handle); 703 smb_smf_scf_fini(handle); 704 return (rc); 705 } 706 707 /* 708 * smb_config_setnum 709 * 710 * Sets a numeric configuration iterm 711 */ 712 int 713 smb_config_setnum(smb_cfg_id_t id, int64_t value) 714 { 715 smb_scfhandle_t *handle; 716 smb_cfg_param_t *cfg; 717 int rc = SMBD_SMF_OK; 718 719 cfg = smb_config_getent(id); 720 assert(cfg->sc_type == SCF_TYPE_INTEGER); 721 722 handle = smb_smf_scf_init(SMBD_FMRI_PREFIX); 723 if (handle == NULL) 724 return (SMBD_SMF_SYSTEM_ERR); 725 726 rc = smb_smf_create_service_pgroup(handle, SMBD_PG_NAME); 727 if (rc == SMBD_SMF_OK) 728 rc = smb_smf_start_transaction(handle); 729 730 if (rc != SMBD_SMF_OK) { 731 smb_smf_scf_fini(handle); 732 return (rc); 733 } 734 735 rc = smb_smf_set_integer_property(handle, cfg->sc_name, value); 736 737 (void) smb_smf_end_transaction(handle); 738 smb_smf_scf_fini(handle); 739 return (rc); 740 } 741 742 /* 743 * smb_config_setbool 744 * 745 * Sets a boolean configuration iterm 746 */ 747 int 748 smb_config_setbool(smb_cfg_id_t id, boolean_t value) 749 { 750 smb_scfhandle_t *handle; 751 smb_cfg_param_t *cfg; 752 int rc = SMBD_SMF_OK; 753 754 cfg = smb_config_getent(id); 755 assert(cfg->sc_type == SCF_TYPE_BOOLEAN); 756 757 handle = smb_smf_scf_init(SMBD_FMRI_PREFIX); 758 if (handle == NULL) 759 return (SMBD_SMF_SYSTEM_ERR); 760 761 rc = smb_smf_create_service_pgroup(handle, SMBD_PG_NAME); 762 if (rc == SMBD_SMF_OK) 763 rc = smb_smf_start_transaction(handle); 764 765 if (rc != SMBD_SMF_OK) { 766 smb_smf_scf_fini(handle); 767 return (rc); 768 } 769 770 rc = smb_smf_set_boolean_property(handle, cfg->sc_name, value); 771 772 (void) smb_smf_end_transaction(handle); 773 smb_smf_scf_fini(handle); 774 return (rc); 775 } 776 777 /* 778 * smb_config_set 779 * 780 * This function sets the value of the specified config 781 * iterm regardless of its type in string format. This should 782 * be used when the config item type is not known by the caller. 783 */ 784 int 785 smb_config_set(smb_cfg_id_t id, char *value) 786 { 787 smb_cfg_param_t *cfg; 788 int64_t cint; 789 790 cfg = smb_config_getent(id); 791 switch (cfg->sc_type) { 792 case SCF_TYPE_ASTRING: 793 return (smb_config_setstr(id, value)); 794 795 case SCF_TYPE_INTEGER: 796 cint = atoi(value); 797 return (smb_config_setnum(id, cint)); 798 799 case SCF_TYPE_BOOLEAN: 800 return (smb_config_setbool(id, strcasecmp(value, "true") == 0)); 801 } 802 803 return (SMBD_SMF_INVALID_ARG); 804 } 805 806 int 807 smb_config_get_debug() 808 { 809 int64_t val64; 810 int val = 0; /* default */ 811 smb_scfhandle_t *handle = NULL; 812 813 handle = smb_smf_scf_init(SMBD_FMRI_PREFIX); 814 if (handle == NULL) { 815 return (val); 816 } 817 818 if (smb_smf_create_service_pgroup(handle, 819 SMBD_PG_NAME) != SMBD_SMF_OK) { 820 smb_smf_scf_fini(handle); 821 return (val); 822 } 823 824 if (smb_smf_get_integer_property(handle, "debug", &val64) != 0) { 825 smb_smf_scf_fini(handle); 826 return (val); 827 } 828 val = (int)val64; 829 830 smb_smf_scf_fini(handle); 831 832 return (val); 833 } 834 835 uint8_t 836 smb_config_get_fg_flag() 837 { 838 uint8_t run_fg = 0; /* Default is to run in daemon mode */ 839 smb_scfhandle_t *handle = NULL; 840 841 handle = smb_smf_scf_init(SMBD_FMRI_PREFIX); 842 if (handle == NULL) { 843 return (run_fg); 844 } 845 846 if (smb_smf_create_service_pgroup(handle, 847 SMBD_PG_NAME) != SMBD_SMF_OK) { 848 smb_smf_scf_fini(handle); 849 return (run_fg); 850 } 851 852 if (smb_smf_get_boolean_property(handle, "run_fg", &run_fg) != 0) { 853 smb_smf_scf_fini(handle); 854 return (run_fg); 855 } 856 857 smb_smf_scf_fini(handle); 858 859 return (run_fg); 860 } 861 862 /* 863 * smb_config_get_ads_enable 864 * 865 * Returns value of the "config/use_ads" parameter 866 * from the IDMAP SMF configuration repository. 867 * 868 */ 869 boolean_t 870 smb_config_get_ads_enable(void) 871 { 872 smb_scfhandle_t *handle = NULL; 873 uint8_t vbool; 874 int rc = 0; 875 876 handle = smb_smf_scf_init(IDMAP_FMRI_PREFIX); 877 if (handle == NULL) 878 return (B_FALSE); 879 880 rc = smb_smf_create_service_pgroup(handle, IDMAP_PG_NAME); 881 if (rc == SMBD_SMF_OK) 882 rc = smb_smf_get_boolean_property(handle, "use_ads", &vbool); 883 smb_smf_scf_fini(handle); 884 885 return ((rc == SMBD_SMF_OK) ? (vbool == 1) : B_TRUE); 886 } 887 888 /* 889 * smb_config_get_localsid 890 * 891 * Returns value of the "config/machine_sid" parameter 892 * from the IDMAP SMF configuration repository. 893 * Result is allocated; caller should free. 894 */ 895 char * 896 smb_config_get_localsid(void) 897 { 898 return (smb_config_getenv_generic(MACHINE_SID, IDMAP_FMRI_PREFIX, 899 IDMAP_PG_NAME)); 900 } 901 902 /* 903 * smb_config_get_localuuid 904 * 905 * Returns value of the "config/machine_uuid" parameter 906 * from the IDMAP SMF configuration repository. 907 * 908 */ 909 int 910 smb_config_get_localuuid(uuid_t uu) 911 { 912 char *s; 913 int rc = 0; 914 915 uuid_clear(uu); 916 s = smb_config_getenv_generic(MACHINE_UUID, IDMAP_FMRI_PREFIX, 917 IDMAP_PG_NAME); 918 if (s == NULL) 919 return (-1); 920 921 if (uuid_parse(s, uu) < 0) 922 rc = -1; 923 924 free(s); 925 return (rc); 926 } 927 928 static int 929 smb_config_get_idmap_preferred_dc(char *cbuf, int bufsz) 930 { 931 char *s; 932 int len, rc = -1; 933 934 s = smb_config_getenv_generic(IDMAP_PREF_DC, 935 IDMAP_FMRI_PREFIX, IDMAP_PG_NAME); 936 if (s != NULL) { 937 len = strlcpy(cbuf, s, bufsz); 938 if (len < bufsz) 939 rc = 0; 940 free(s); 941 } 942 return (rc); 943 } 944 945 static int 946 smb_config_set_idmap_preferred_dc(char *value) 947 { 948 return (smb_config_setenv_generic(IDMAP_FMRI_PREFIX, IDMAP_PG_NAME, 949 IDMAP_PREF_DC, value)); 950 } 951 952 static int 953 smb_config_get_idmap_site_name(char *cbuf, int bufsz) 954 { 955 char *s; 956 int len, rc = -1; 957 958 s = smb_config_getenv_generic(IDMAP_SITE_NAME, 959 IDMAP_FMRI_PREFIX, IDMAP_PG_NAME); 960 if (s != NULL) { 961 len = strlcpy(cbuf, s, bufsz); 962 if (len < bufsz) 963 rc = 0; 964 free(s); 965 } 966 return (rc); 967 } 968 969 static int 970 smb_config_set_idmap_site_name(char *value) 971 { 972 return (smb_config_setenv_generic(IDMAP_FMRI_PREFIX, IDMAP_PG_NAME, 973 IDMAP_SITE_NAME, value)); 974 } 975 976 /* 977 * smb_config_set_idmap_domain 978 * 979 * Set the "config/domain_name" parameter from IDMAP SMF repository. 980 */ 981 int 982 smb_config_set_idmap_domain(char *value) 983 { 984 return (smb_config_setenv_generic(IDMAP_FMRI_PREFIX, IDMAP_PG_NAME, 985 IDMAP_DOMAIN, value)); 986 } 987 988 /* 989 * smb_config_refresh_idmap 990 * 991 * Refresh IDMAP SMF service after making changes to its configuration. 992 */ 993 int 994 smb_config_refresh_idmap(void) 995 { 996 char instance[32]; 997 998 (void) snprintf(instance, sizeof (instance), "%s:default", 999 IDMAP_FMRI_PREFIX); 1000 return (smf_refresh_instance(instance)); 1001 } 1002 1003 int 1004 smb_config_secmode_fromstr(char *secmode) 1005 { 1006 if (secmode == NULL) 1007 return (SMB_SECMODE_WORKGRP); 1008 1009 if (strcasecmp(secmode, SMB_SECMODE_DOMAIN_STR) == 0) 1010 return (SMB_SECMODE_DOMAIN); 1011 1012 return (SMB_SECMODE_WORKGRP); 1013 } 1014 1015 char * 1016 smb_config_secmode_tostr(int secmode) 1017 { 1018 if (secmode == SMB_SECMODE_DOMAIN) 1019 return (SMB_SECMODE_DOMAIN_STR); 1020 1021 return (SMB_SECMODE_WORKGRP_STR); 1022 } 1023 1024 int 1025 smb_config_get_secmode() 1026 { 1027 char p[16]; 1028 1029 (void) smb_config_getstr(SMB_CI_SECURITY, p, sizeof (p)); 1030 return (smb_config_secmode_fromstr(p)); 1031 } 1032 1033 int 1034 smb_config_set_secmode(int secmode) 1035 { 1036 char *p; 1037 1038 p = smb_config_secmode_tostr(secmode); 1039 return (smb_config_setstr(SMB_CI_SECURITY, p)); 1040 } 1041 1042 void 1043 smb_config_getdomaininfo(char *domain, char *fqdn, char *sid, char *forest, 1044 char *guid) 1045 { 1046 if (domain) 1047 (void) smb_config_getstr(SMB_CI_DOMAIN_NAME, domain, 1048 NETBIOS_NAME_SZ); 1049 1050 if (fqdn) 1051 (void) smb_config_getstr(SMB_CI_DOMAIN_FQDN, fqdn, 1052 MAXHOSTNAMELEN); 1053 1054 if (sid) 1055 (void) smb_config_getstr(SMB_CI_DOMAIN_SID, sid, 1056 SMB_SID_STRSZ); 1057 1058 if (forest) 1059 (void) smb_config_getstr(SMB_CI_DOMAIN_FOREST, forest, 1060 MAXHOSTNAMELEN); 1061 1062 if (guid) 1063 (void) smb_config_getstr(SMB_CI_DOMAIN_GUID, guid, 1064 UUID_PRINTABLE_STRING_LENGTH); 1065 } 1066 1067 void 1068 smb_config_setdomaininfo(char *domain, char *fqdn, char *sid, char *forest, 1069 char *guid) 1070 { 1071 if (domain) 1072 (void) smb_config_setstr(SMB_CI_DOMAIN_NAME, domain); 1073 if (fqdn) 1074 (void) smb_config_setstr(SMB_CI_DOMAIN_FQDN, fqdn); 1075 if (sid) 1076 (void) smb_config_setstr(SMB_CI_DOMAIN_SID, sid); 1077 if (forest) 1078 (void) smb_config_setstr(SMB_CI_DOMAIN_FOREST, forest); 1079 if (guid) 1080 (void) smb_config_setstr(SMB_CI_DOMAIN_GUID, guid); 1081 } 1082 1083 /* 1084 * The version stored in SMF in string format as N.N where 1085 * N is a number defined by Microsoft. The first number represents 1086 * the major version and the second number is the minor version. 1087 * Current defined values can be found here in 'ver_table'. 1088 * 1089 * This function reads the SMF string value and converts it to 1090 * two numbers returned in the given 'version' structure. 1091 * Current default version number is 5.0 which is for Windows 2000. 1092 */ 1093 void 1094 smb_config_get_version(smb_version_t *version) 1095 { 1096 smb_version_t tmpver; 1097 char verstr[SMB_VERSTR_LEN]; 1098 char *p; 1099 int rc, i; 1100 static smb_version_t ver_table [] = { 1101 { 0, SMB_MAJOR_NT, SMB_MINOR_NT, 1381, 0 }, 1102 { 0, SMB_MAJOR_2000, SMB_MINOR_2000, 2195, 0 }, 1103 { 0, SMB_MAJOR_XP, SMB_MINOR_XP, 2196, 0 }, 1104 { 0, SMB_MAJOR_2003, SMB_MINOR_2003, 2196, 0 }, 1105 { 0, SMB_MAJOR_VISTA, SMB_MINOR_VISTA, 6000, 0 }, 1106 { 0, SMB_MAJOR_2008, SMB_MINOR_2008, 6000, 0 }, 1107 { 0, SMB_MAJOR_2008R2, SMB_MINOR_2008R2, 7007, 0 }, 1108 { 0, SMB_MAJOR_7, SMB_MINOR_7, 7007, 0 } 1109 }; 1110 1111 *version = ver_table[1]; 1112 version->sv_size = sizeof (smb_version_t); 1113 1114 rc = smb_config_getstr(SMB_CI_VERSION, verstr, sizeof (verstr)); 1115 if (rc != SMBD_SMF_OK) 1116 return; 1117 1118 if ((p = strchr(verstr, '.')) == NULL) 1119 return; 1120 1121 *p = '\0'; 1122 tmpver.sv_major = (uint8_t)atoi(verstr); 1123 tmpver.sv_minor = (uint8_t)atoi(p + 1); 1124 1125 for (i = 0; i < sizeof (ver_table)/sizeof (ver_table[0]); ++i) { 1126 if ((tmpver.sv_major == ver_table[i].sv_major) && 1127 (tmpver.sv_minor == ver_table[i].sv_minor)) { 1128 *version = ver_table[i]; 1129 version->sv_size = sizeof (smb_version_t); 1130 break; 1131 } 1132 } 1133 } 1134 1135 /* 1136 * Reads share exec script properties 1137 */ 1138 uint32_t 1139 smb_config_get_execinfo(char *map, char *unmap, size_t bufsz) 1140 { 1141 char buf[MAXPATHLEN]; 1142 uint32_t flags = 0; 1143 1144 if (map == NULL) { 1145 map = buf; 1146 bufsz = MAXPATHLEN; 1147 } 1148 1149 *map = '\0'; 1150 (void) smb_config_getstr(SMB_CI_MAP, map, bufsz); 1151 if (*map != '\0') 1152 flags |= SMB_EXEC_MAP; 1153 1154 if (unmap == NULL) { 1155 unmap = buf; 1156 bufsz = MAXPATHLEN; 1157 } 1158 1159 *unmap = '\0'; 1160 (void) smb_config_getstr(SMB_CI_UNMAP, unmap, bufsz); 1161 if (*unmap != '\0') 1162 flags |= SMB_EXEC_UNMAP; 1163 1164 *buf = '\0'; 1165 (void) smb_config_getstr(SMB_CI_DISPOSITION, buf, sizeof (buf)); 1166 if (*buf != '\0') 1167 if (strcasecmp(buf, SMB_EXEC_DISP_TERMINATE) == 0) 1168 flags |= SMB_EXEC_TERM; 1169 1170 return (flags); 1171 } 1172 1173 static smb_cfg_param_t * 1174 smb_config_getent(smb_cfg_id_t id) 1175 { 1176 int i; 1177 1178 for (i = 0; i < SMB_CI_MAX; i++) 1179 if (smb_cfg_table[i].sc_id == id) 1180 return (&smb_cfg_table[id]); 1181 1182 assert(0); 1183 return (NULL); 1184 } 1185 1186 static uint32_t 1187 smb_config_get_protocol(smb_cfg_id_t id, char *name, uint32_t default_val) 1188 { 1189 char str[SMB_VERSTR_LEN]; 1190 int rc; 1191 uint32_t val; 1192 1193 rc = smb_config_getstr(id, str, sizeof (str)); 1194 if (rc == SMBD_SMF_OK) { 1195 val = smb_convert_version_str(str); 1196 if (val != 0) 1197 return (val); 1198 if (str[0] != '\0') { 1199 syslog(LOG_ERR, "smbd/%s value invalid: %s", name, str); 1200 } 1201 } 1202 1203 return (default_val); 1204 } 1205 1206 /* 1207 * The service manifest has empty values by default for min_protocol and 1208 * max_protocol. The expectation is that when those values are empty, we don't 1209 * constrain the range of supported protocol versions (and allow use of the 1210 * whole range that we implement). For that reason, this should usually be the 1211 * highest protocol version we implement. 1212 */ 1213 uint32_t max_protocol_default = SMB_VERS_3_11; 1214 1215 uint32_t 1216 smb_config_get_max_protocol(void) 1217 { 1218 uint32_t max; 1219 1220 max = smb_config_get_protocol(SMB_CI_MAX_PROTOCOL, "max_protocol", 1221 max_protocol_default); 1222 1223 return (max); 1224 } 1225 1226 /* 1227 * This should eventually be SMB_VERS_2_BASE 1228 */ 1229 uint32_t min_protocol_default = SMB_VERS_1; 1230 1231 uint32_t 1232 smb_config_get_min_protocol(void) 1233 { 1234 uint32_t min; 1235 1236 min = smb_config_get_protocol(SMB_CI_MIN_PROTOCOL, "min_protocol", 1237 min_protocol_default); 1238 1239 return (min); 1240 } 1241 1242 /* 1243 * Convert a list of ciphers to a bitmask. 1244 * Returns mask or -1 for errors. 1245 * 1246 * Note this is used both below and in libshare_smb 1247 * for validation of new setting. 1248 */ 1249 int 1250 smb_convert_encrypt_ciphers(char *value) 1251 { 1252 const char *sep = ",:"; 1253 char buf[SMB_CIPHERS_MAXLEN]; 1254 char *last; 1255 char *cn; 1256 struct str_val *sv; 1257 int ciphers = 0; 1258 1259 if (value == NULL) 1260 return (-1); 1261 1262 if (strlen(value) >= SMB_CIPHERS_MAXLEN) 1263 return (-1); 1264 1265 strlcpy(buf, value, sizeof (buf)); 1266 1267 cn = strtok_r(buf, sep, &last); 1268 while (cn != NULL) { 1269 boolean_t valid = B_FALSE; 1270 /* # of ciphers is small - don't care about O(n2) */ 1271 for (sv = smb31_encrypt_ciphers; sv->str != NULL; sv++) { 1272 if (strcmp(cn, sv->str) == 0) { 1273 ciphers |= sv->val; 1274 valid = B_TRUE; 1275 } 1276 } 1277 if (!valid) 1278 return (-1); 1279 cn = strtok_r(NULL, sep, &last); 1280 } 1281 return (ciphers); 1282 } 1283 1284 /* 1285 * Return a bitmask indicating enabled cipher algorithms. 1286 * If the config does not have at least one known cipher, 1287 * that's a configuration error, so just enable all. 1288 */ 1289 uint32_t 1290 smb_config_get_encrypt_ciphers(void) 1291 { 1292 char buf[SMB_CIPHERS_MAXLEN]; 1293 int ciphers = 0; 1294 1295 if (smb_config_getstr(SMB_CI_ENCRYPT_CIPHERS, buf, sizeof (buf)) 1296 != SMBD_SMF_OK) 1297 buf[0] = '\0'; 1298 1299 ciphers = smb_convert_encrypt_ciphers(buf); 1300 1301 if (ciphers <= 0) 1302 ciphers = SMB3_CIPHER_FLAGS_ALL; 1303 1304 return ((uint32_t)ciphers); 1305 } 1306 1307 /* 1308 * Run once at startup convert old SMF settings to current. 1309 */ 1310 void 1311 smb_config_upgrade(void) 1312 { 1313 } 1314 1315 smb_cfg_val_t 1316 smb_config_get_require(smb_cfg_id_t id) 1317 { 1318 int rc; 1319 char str[sizeof ("required")]; 1320 1321 rc = smb_config_getstr(id, str, sizeof (str)); 1322 if (rc != SMBD_SMF_OK) 1323 return (SMB_CONFIG_DISABLED); 1324 1325 if (strncmp(str, "required", sizeof (str)) == 0) 1326 return (SMB_CONFIG_REQUIRED); 1327 if (strncmp(str, "enabled", sizeof (str)) == 0) 1328 return (SMB_CONFIG_ENABLED); 1329 1330 return (SMB_CONFIG_DISABLED); 1331 } 1332