xref: /illumos-gate/usr/src/lib/smbsrv/libsmb/common/smb_cfg.c (revision e00bdde3c6d406f40f53f3025defadc22f7ec31a)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23  * Copyright 2022 Tintri by DDN, Inc. All rights reserved.
24  * Copyright 2022 RackTop Systems, Inc.
25  */
26 
27 /*
28  * CIFS configuration management library
29  */
30 
31 /*
32  * Checking for things like unsupportable parameter combinations are
33  * the responsibility of callers of these functions.  Example include:
34  * trying to set min_protocol above max_protocol, or requiring encryption
35  * with an allowed protocol range that can't support it.
36  */
37 
38 #include <stdio.h>
39 #include <stdlib.h>
40 #include <unistd.h>
41 #include <synch.h>
42 #include <string.h>
43 #include <strings.h>
44 #include <syslog.h>
45 #include <netdb.h>
46 #include <ctype.h>
47 #include <sys/types.h>
48 #include <libscf.h>
49 #include <assert.h>
50 #include <uuid/uuid.h>
51 #include <smbsrv/libsmb.h>
52 
53 typedef struct smb_cfg_param {
54 	smb_cfg_id_t sc_id;
55 	char *sc_name;
56 	int sc_type;
57 	uint32_t sc_flags;
58 } smb_cfg_param_t;
59 
60 struct str_val {
61 	char *str;
62 	uint32_t val;
63 };
64 
65 /*
66  * config parameter flags
67  */
68 #define	SMB_CF_PROTECTED	0x01
69 #define	SMB_CF_EXEC		0x02
70 
71 /* idmap SMF fmri and Property Group */
72 #define	IDMAP_FMRI_PREFIX		"system/idmap"
73 #define	MACHINE_SID			"machine_sid"
74 #define	MACHINE_UUID			"machine_uuid"
75 #define	IDMAP_DOMAIN			"domain_name"
76 #define	IDMAP_PREF_DC			"preferred_dc"
77 #define	IDMAP_SITE_NAME			"site_name"
78 #define	IDMAP_PG_NAME			"config"
79 
80 #define	SMB_SECMODE_WORKGRP_STR		"workgroup"
81 #define	SMB_SECMODE_DOMAIN_STR		"domain"
82 
83 #define	SMB_ENC_LEN	1024
84 #define	SMB_DEC_LEN	256
85 
86 static char *b64_data =
87 	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
88 
89 static smb_cfg_param_t smb_cfg_table[] =
90 {
91 	{SMB_CI_VERSION, "sv_version", SCF_TYPE_ASTRING, 0},
92 
93 	/* Oplock configuration, Kernel Only */
94 	{SMB_CI_OPLOCK_ENABLE, "oplock_enable", SCF_TYPE_BOOLEAN, 0},
95 
96 	/* Autohome configuration */
97 	{SMB_CI_AUTOHOME_MAP, "autohome_map", SCF_TYPE_ASTRING, 0},
98 
99 	/* Domain/PDC configuration */
100 	{SMB_CI_DOMAIN_SID, "domain_sid", SCF_TYPE_ASTRING, 0},
101 	{SMB_CI_DOMAIN_MEMB, "domain_member", SCF_TYPE_BOOLEAN, 0},
102 	{SMB_CI_DOMAIN_NAME, "domain_name", SCF_TYPE_ASTRING, 0},
103 	{SMB_CI_DOMAIN_FQDN, "fqdn", SCF_TYPE_ASTRING, 0},
104 	{SMB_CI_DOMAIN_FOREST, "forest", SCF_TYPE_ASTRING, 0},
105 	{SMB_CI_DOMAIN_GUID, "domain_guid", SCF_TYPE_ASTRING, 0},
106 	{SMB_CI_DOMAIN_SRV, "pdc", SCF_TYPE_ASTRING, 0},
107 
108 	/* WINS configuration */
109 	{SMB_CI_WINS_SRV1, "wins_server_1", SCF_TYPE_ASTRING, 0},
110 	{SMB_CI_WINS_SRV2, "wins_server_2", SCF_TYPE_ASTRING, 0},
111 	{SMB_CI_WINS_EXCL, "wins_exclude", SCF_TYPE_ASTRING, 0},
112 
113 	/* Kmod specific configuration */
114 	{SMB_CI_MAX_WORKERS, "max_workers", SCF_TYPE_INTEGER, 0},
115 	{SMB_CI_MAX_CONNECTIONS, "max_connections", SCF_TYPE_INTEGER, 0},
116 	{SMB_CI_KEEPALIVE, "keep_alive", SCF_TYPE_INTEGER, 0},
117 	{SMB_CI_RESTRICT_ANON, "restrict_anonymous", SCF_TYPE_BOOLEAN, 0},
118 
119 	{SMB_CI_SIGNING_ENABLE, "signing_enabled", SCF_TYPE_BOOLEAN, 0},
120 	{SMB_CI_SIGNING_REQD, "signing_required", SCF_TYPE_BOOLEAN, 0},
121 
122 	/* Kmod tuning configuration */
123 	{SMB_CI_SYNC_ENABLE, "sync_enable", SCF_TYPE_BOOLEAN, 0},
124 
125 	/* SMBd configuration */
126 	{SMB_CI_SECURITY, "security", SCF_TYPE_ASTRING, 0},
127 	{SMB_CI_NETBIOS_ENABLE, "netbios_enable", SCF_TYPE_BOOLEAN, 0},
128 	{SMB_CI_NBSCOPE, "netbios_scope", SCF_TYPE_ASTRING, 0},
129 	{SMB_CI_SYS_CMNT, "system_comment", SCF_TYPE_ASTRING, 0},
130 	{SMB_CI_LM_LEVEL, "lmauth_level", SCF_TYPE_INTEGER, 0},
131 
132 	/* ADS Configuration */
133 	{SMB_CI_ADS_SITE, "ads_site", SCF_TYPE_ASTRING, 0},
134 
135 	/* Dynamic DNS */
136 	{SMB_CI_DYNDNS_ENABLE, "ddns_enable", SCF_TYPE_BOOLEAN, 0},
137 
138 	{SMB_CI_MACHINE_PASSWD, "machine_passwd", SCF_TYPE_ASTRING,
139 	    SMB_CF_PROTECTED},
140 
141 	{SMB_CI_MACHINE_UUID, "machine_uuid", SCF_TYPE_ASTRING, 0},
142 	{SMB_CI_KPASSWD_SRV, "kpasswd_server", SCF_TYPE_ASTRING, 0},
143 	{SMB_CI_KPASSWD_DOMAIN, "kpasswd_domain", SCF_TYPE_ASTRING, 0},
144 	{SMB_CI_KPASSWD_SEQNUM, "kpasswd_seqnum", SCF_TYPE_INTEGER, 0},
145 	{SMB_CI_NETLOGON_SEQNUM, "netlogon_seqnum", SCF_TYPE_INTEGER, 0},
146 	{SMB_CI_IPV6_ENABLE, "ipv6_enable", SCF_TYPE_BOOLEAN, 0},
147 	{SMB_CI_PRINT_ENABLE, "print_enable", SCF_TYPE_BOOLEAN, 0},
148 	{SMB_CI_MAP, "map", SCF_TYPE_ASTRING, SMB_CF_EXEC},
149 	{SMB_CI_UNMAP, "unmap", SCF_TYPE_ASTRING, SMB_CF_EXEC},
150 	{SMB_CI_DISPOSITION, "disposition", SCF_TYPE_ASTRING, SMB_CF_EXEC},
151 	{SMB_CI_DFS_STDROOT_NUM, "dfs_stdroot_num", SCF_TYPE_INTEGER, 0},
152 	{SMB_CI_TRAVERSE_MOUNTS, "traverse_mounts", SCF_TYPE_BOOLEAN, 0},
153 	{SMB_CI_SMB2_ENABLE_OLD, "smb2_enable", SCF_TYPE_BOOLEAN, 0},
154 	{SMB_CI_INITIAL_CREDITS, "initial_credits", SCF_TYPE_INTEGER, 0},
155 	{SMB_CI_MAXIMUM_CREDITS, "maximum_credits", SCF_TYPE_INTEGER, 0},
156 	{SMB_CI_MAX_PROTOCOL, "max_protocol", SCF_TYPE_ASTRING, 0},
157 	{SMB_CI_ENCRYPT, "encrypt", SCF_TYPE_ASTRING, 0},
158 	{SMB_CI_MIN_PROTOCOL, "min_protocol", SCF_TYPE_ASTRING, 0},
159 	{SMB_CI_BYPASS_TRAVERSE_CHECKING,
160 	    "bypass_traverse_checking", SCF_TYPE_BOOLEAN, 0},
161 	{SMB_CI_ENCRYPT_CIPHERS, "encrypt_ciphers", SCF_TYPE_ASTRING, 0},
162 	{SMB_CI_NETLOGON_FLAGS, "netlogon_flags", SCF_TYPE_INTEGER, 0},
163 	{SMB_CI_SHORT_NAMES, "short_names", SCF_TYPE_BOOLEAN, 0},
164 	{SMB_CI_MAX_OPENS, "max_opens", SCF_TYPE_INTEGER, 0},
165 
166 	/* SMB_CI_MAX */
167 };
168 
169 /*
170  * We store the max SMB protocol version in SMF as a string,
171  * (for convenience of svccfg etc) but the programmatic get/set
172  * interfaces use the numeric form.
173  *
174  * The numeric values are as defined in the [MS-SMB2] spec.
175  * except for how we represent "1" (for SMB1) which is an
176  * arbitrary value below SMB2_VERS_BASE.
177  */
178 static struct str_val
179 smb_versions[] = {
180 	{ "3.11",	SMB_VERS_3_11 },
181 	{ "3.02",	SMB_VERS_3_02 },
182 	{ "3.0",	SMB_VERS_3_0 },
183 	{ "2.1",	SMB_VERS_2_1 },
184 	{ "2.002",	SMB_VERS_2_002 },
185 	{ "1",		SMB_VERS_1 },
186 	{ NULL,		0 }
187 };
188 
189 /*
190  * Supported encryption ciphers.
191  */
192 static struct str_val
193 smb31_encrypt_ciphers[] = {
194 	{ "aes128-ccm",	SMB3_CIPHER_FLAG_AES128_CCM },	/* SMB 3.x */
195 	{ "aes128-gcm",	SMB3_CIPHER_FLAG_AES128_GCM },	/* SMB 3.1.1 */
196 	{ "aes256-ccm",	SMB3_CIPHER_FLAG_AES256_CCM },	/* SMB 3.1.1 */
197 	{ "aes256-gcm",	SMB3_CIPHER_FLAG_AES256_GCM },	/* SMB 3.1.1 */
198 	{ "all",	SMB3_CIPHER_FLAGS_ALL },
199 	{ NULL,		0 }
200 };
201 /* Buffer large enough to hold all cipher names. */
202 #define	SMB_CIPHERS_MAXLEN	64
203 
204 static smb_cfg_param_t *smb_config_getent(smb_cfg_id_t);
205 
206 static boolean_t smb_is_base64(unsigned char c);
207 static char *smb_base64_encode(char *str_to_encode);
208 static char *smb_base64_decode(char *encoded_str);
209 static int smb_config_get_idmap_preferred_dc(char *, int);
210 static int smb_config_set_idmap_preferred_dc(char *);
211 static int smb_config_get_idmap_site_name(char *, int);
212 static int smb_config_set_idmap_site_name(char *);
213 
214 uint32_t
215 smb_convert_version_str(const char *version)
216 {
217 	uint32_t dialect = 0;
218 	int i;
219 
220 	for (i = 0; smb_versions[i].str != NULL; i++) {
221 		if (strcmp(version, smb_versions[i].str) == 0)
222 			dialect = smb_versions[i].val;
223 	}
224 
225 	return (dialect);
226 }
227 
228 char *
229 smb_config_getname(smb_cfg_id_t id)
230 {
231 	smb_cfg_param_t *cfg;
232 	cfg = smb_config_getent(id);
233 	return (cfg->sc_name);
234 }
235 
236 static boolean_t
237 smb_is_base64(unsigned char c)
238 {
239 	return (isalnum(c) || (c == '+') || (c == '/'));
240 }
241 
242 /*
243  * smb_base64_encode
244  *
245  * Encode a string using base64 algorithm.
246  * Caller should free the returned buffer when done.
247  */
248 static char *
249 smb_base64_encode(char *str_to_encode)
250 {
251 	int ret_cnt = 0;
252 	int i = 0, j = 0;
253 	char arr_3[3], arr_4[4];
254 	int len = strlen(str_to_encode);
255 	char *ret = malloc(SMB_ENC_LEN);
256 
257 	if (ret == NULL) {
258 		return (NULL);
259 	}
260 
261 	while (len--) {
262 		arr_3[i++] = *(str_to_encode++);
263 		if (i == 3) {
264 			arr_4[0] = (arr_3[0] & 0xfc) >> 2;
265 			arr_4[1] = ((arr_3[0] & 0x03) << 4) +
266 			    ((arr_3[1] & 0xf0) >> 4);
267 			arr_4[2] = ((arr_3[1] & 0x0f) << 2) +
268 			    ((arr_3[2] & 0xc0) >> 6);
269 			arr_4[3] = arr_3[2] & 0x3f;
270 
271 			for (i = 0; i < 4; i++)
272 				ret[ret_cnt++] = b64_data[(int)arr_4[i]];
273 			i = 0;
274 		}
275 	}
276 
277 	if (i) {
278 		for (j = i; j < 3; j++)
279 			arr_3[j] = '\0';
280 
281 		arr_4[0] = (arr_3[0] & 0xfc) >> 2;
282 		arr_4[1] = ((arr_3[0] & 0x03) << 4) +
283 		    ((arr_3[1] & 0xf0) >> 4);
284 		arr_4[2] = ((arr_3[1] & 0x0f) << 2) +
285 		    ((arr_3[2] & 0xc0) >> 6);
286 		arr_4[3] = arr_3[2] & 0x3f;
287 
288 		for (j = 0; j < (i + 1); j++)
289 			ret[ret_cnt++] = b64_data[(int)arr_4[j]];
290 
291 		while (i++ < 3)
292 			ret[ret_cnt++] = '=';
293 	}
294 
295 	ret[ret_cnt++] = '\0';
296 	return (ret);
297 }
298 
299 /*
300  * smb_base64_decode
301  *
302  * Decode using base64 algorithm.
303  * Caller should free the returned buffer when done.
304  */
305 static char *
306 smb_base64_decode(char *encoded_str)
307 {
308 	int len = strlen(encoded_str);
309 	int i = 0, j = 0;
310 	int en_ind = 0;
311 	char arr_4[4], arr_3[3];
312 	int ret_cnt = 0;
313 	char *ret = malloc(SMB_DEC_LEN);
314 	char *p;
315 
316 	if (ret == NULL) {
317 		return (NULL);
318 	}
319 
320 	while (len-- && (encoded_str[en_ind] != '=') &&
321 	    smb_is_base64(encoded_str[en_ind])) {
322 		arr_4[i++] = encoded_str[en_ind];
323 		en_ind++;
324 		if (i == 4) {
325 			for (i = 0; i < 4; i++) {
326 				if ((p = strchr(b64_data, arr_4[i])) == NULL) {
327 					free(ret);
328 					return (NULL);
329 				}
330 
331 				arr_4[i] = (int)(p - b64_data);
332 			}
333 
334 			arr_3[0] = (arr_4[0] << 2) +
335 			    ((arr_4[1] & 0x30) >> 4);
336 			arr_3[1] = ((arr_4[1] & 0xf) << 4) +
337 			    ((arr_4[2] & 0x3c) >> 2);
338 			arr_3[2] = ((arr_4[2] & 0x3) << 6) +
339 			    arr_4[3];
340 
341 			for (i = 0; i < 3; i++)
342 				ret[ret_cnt++] = arr_3[i];
343 
344 			i = 0;
345 		}
346 	}
347 
348 	if (i) {
349 		for (j = i; j < 4; j++)
350 			arr_4[j] = 0;
351 
352 		for (j = 0; j < 4; j++) {
353 			if ((p = strchr(b64_data, arr_4[j])) == NULL) {
354 				free(ret);
355 				return (NULL);
356 			}
357 
358 			arr_4[j] = (int)(p - b64_data);
359 		}
360 		arr_3[0] = (arr_4[0] << 2) +
361 		    ((arr_4[1] & 0x30) >> 4);
362 		arr_3[1] = ((arr_4[1] & 0xf) << 4) +
363 		    ((arr_4[2] & 0x3c) >> 2);
364 		arr_3[2] = ((arr_4[2] & 0x3) << 6) +
365 		    arr_4[3];
366 		for (j = 0; j < (i - 1); j++)
367 			ret[ret_cnt++] = arr_3[j];
368 	}
369 
370 	ret[ret_cnt++] = '\0';
371 	return (ret);
372 }
373 
374 static char *
375 smb_config_getenv_generic(char *name, char *svc_fmri_prefix, char *svc_propgrp)
376 {
377 	smb_scfhandle_t *handle;
378 	char *value;
379 
380 	if ((value = malloc(MAX_VALUE_BUFLEN * sizeof (char))) == NULL)
381 		return (NULL);
382 
383 	handle = smb_smf_scf_init(svc_fmri_prefix);
384 	if (handle == NULL) {
385 		free(value);
386 		return (NULL);
387 	}
388 
389 	(void) smb_smf_create_service_pgroup(handle, svc_propgrp);
390 
391 	if (smb_smf_get_string_property(handle, name, value,
392 	    sizeof (char) * MAX_VALUE_BUFLEN) != 0) {
393 		smb_smf_scf_fini(handle);
394 		free(value);
395 		return (NULL);
396 	}
397 
398 	smb_smf_scf_fini(handle);
399 	return (value);
400 
401 }
402 
403 static int
404 smb_config_setenv_generic(char *svc_fmri_prefix, char *svc_propgrp,
405     char *name, char *value)
406 {
407 	smb_scfhandle_t *handle = NULL;
408 	int rc = 0;
409 
410 
411 	handle = smb_smf_scf_init(svc_fmri_prefix);
412 	if (handle == NULL) {
413 		return (1);
414 	}
415 
416 	(void) smb_smf_create_service_pgroup(handle, svc_propgrp);
417 
418 	if (smb_smf_start_transaction(handle) != SMBD_SMF_OK) {
419 		smb_smf_scf_fini(handle);
420 		return (1);
421 	}
422 
423 	if (smb_smf_set_string_property(handle, name, value) != SMBD_SMF_OK)
424 		rc = 1;
425 
426 	if (smb_smf_end_transaction(handle) != SMBD_SMF_OK)
427 		rc = 1;
428 
429 	smb_smf_scf_fini(handle);
430 	return (rc);
431 }
432 
433 /*
434  * smb_config_getstr
435  *
436  * Fetch the specified string configuration item from SMF
437  */
438 int
439 smb_config_getstr(smb_cfg_id_t id, char *cbuf, int bufsz)
440 {
441 	smb_scfhandle_t *handle;
442 	smb_cfg_param_t *cfg;
443 	int rc = SMBD_SMF_OK;
444 	char *pg;
445 	char protbuf[SMB_ENC_LEN];
446 	char *tmp;
447 
448 	*cbuf = '\0';
449 	cfg = smb_config_getent(id);
450 	assert(cfg->sc_type == SCF_TYPE_ASTRING);
451 
452 	if (id == SMB_CI_ADS_SITE)
453 		return (smb_config_get_idmap_site_name(cbuf, bufsz));
454 	if (id == SMB_CI_DOMAIN_SRV)
455 		return (smb_config_get_idmap_preferred_dc(cbuf, bufsz));
456 
457 	handle = smb_smf_scf_init(SMBD_FMRI_PREFIX);
458 	if (handle == NULL)
459 		return (SMBD_SMF_SYSTEM_ERR);
460 
461 	if (cfg->sc_flags & SMB_CF_PROTECTED) {
462 		if ((rc = smb_smf_create_service_pgroup(handle,
463 		    SMBD_PROTECTED_PG_NAME)) != SMBD_SMF_OK)
464 			goto error;
465 
466 		if ((rc = smb_smf_get_string_property(handle, cfg->sc_name,
467 		    protbuf, sizeof (protbuf))) != SMBD_SMF_OK)
468 			goto error;
469 
470 		if (*protbuf != '\0') {
471 			tmp = smb_base64_decode(protbuf);
472 			(void) strlcpy(cbuf, tmp, bufsz);
473 			free(tmp);
474 		}
475 	} else {
476 		pg = (cfg->sc_flags & SMB_CF_EXEC) ? SMBD_EXEC_PG_NAME :
477 		    SMBD_PG_NAME;
478 		rc = smb_smf_create_service_pgroup(handle, pg);
479 		if (rc == SMBD_SMF_OK)
480 			rc = smb_smf_get_string_property(handle, cfg->sc_name,
481 			    cbuf, bufsz);
482 	}
483 
484 error:
485 	smb_smf_scf_fini(handle);
486 	return (rc);
487 }
488 
489 /*
490  * Translate the value of an astring SMF property into a binary
491  * IP address. If the value is neither a valid IPv4 nor IPv6
492  * address, attempt to look it up as a hostname using the
493  * configured address type.
494  */
495 int
496 smb_config_getip(smb_cfg_id_t sc_id, smb_inaddr_t *ipaddr)
497 {
498 	int rc, error;
499 	int a_family;
500 	char ipstr[MAXHOSTNAMELEN];
501 	struct hostent *h;
502 	smb_cfg_param_t *cfg;
503 
504 	if (ipaddr == NULL)
505 		return (SMBD_SMF_INVALID_ARG);
506 
507 	bzero(ipaddr, sizeof (smb_inaddr_t));
508 	rc = smb_config_getstr(sc_id, ipstr, sizeof (ipstr));
509 	if (rc == SMBD_SMF_OK) {
510 		if (*ipstr == '\0')
511 			return (SMBD_SMF_INVALID_ARG);
512 
513 		if (inet_pton(AF_INET, ipstr, &ipaddr->a_ipv4) == 1) {
514 			ipaddr->a_family = AF_INET;
515 			return (SMBD_SMF_OK);
516 		}
517 
518 		if (inet_pton(AF_INET6, ipstr, &ipaddr->a_ipv6) == 1) {
519 			ipaddr->a_family = AF_INET6;
520 			return (SMBD_SMF_OK);
521 		}
522 
523 		/*
524 		 * The value is neither an IPv4 nor IPv6 address;
525 		 * so check if it's a hostname.
526 		 */
527 		a_family = smb_config_getbool(SMB_CI_IPV6_ENABLE) ?
528 		    AF_INET6 : AF_INET;
529 		h = getipnodebyname(ipstr, a_family, AI_DEFAULT,
530 		    &error);
531 		if (h != NULL) {
532 			bcopy(*(h->h_addr_list), &ipaddr->a_ip,
533 			    h->h_length);
534 			ipaddr->a_family = a_family;
535 			freehostent(h);
536 			rc = SMBD_SMF_OK;
537 		} else {
538 			cfg = smb_config_getent(sc_id);
539 			syslog(LOG_ERR, "smbd/%s: %s unable to get %s "
540 			    "address: %d", cfg->sc_name, ipstr,
541 			    a_family == AF_INET ?  "IPv4" : "IPv6", error);
542 			rc = SMBD_SMF_INVALID_ARG;
543 		}
544 	}
545 
546 	return (rc);
547 }
548 
549 /*
550  * smb_config_getnum
551  *
552  * Returns the value of a numeric config param.
553  */
554 int
555 smb_config_getnum(smb_cfg_id_t id, int64_t *cint)
556 {
557 	smb_scfhandle_t *handle;
558 	smb_cfg_param_t *cfg;
559 	int rc = SMBD_SMF_OK;
560 
561 	*cint = 0;
562 	cfg = smb_config_getent(id);
563 	assert(cfg->sc_type == SCF_TYPE_INTEGER);
564 
565 	handle = smb_smf_scf_init(SMBD_FMRI_PREFIX);
566 	if (handle == NULL)
567 		return (SMBD_SMF_SYSTEM_ERR);
568 
569 	rc = smb_smf_create_service_pgroup(handle, SMBD_PG_NAME);
570 	if (rc == SMBD_SMF_OK)
571 		rc = smb_smf_get_integer_property(handle, cfg->sc_name, cint);
572 	smb_smf_scf_fini(handle);
573 
574 	return (rc);
575 }
576 
577 /*
578  * smb_config_getbool
579  *
580  * Returns the value of a boolean config param.
581  */
582 boolean_t
583 smb_config_getbool(smb_cfg_id_t id)
584 {
585 	smb_scfhandle_t *handle;
586 	smb_cfg_param_t *cfg;
587 	int rc = SMBD_SMF_OK;
588 	uint8_t vbool;
589 
590 	cfg = smb_config_getent(id);
591 	assert(cfg->sc_type == SCF_TYPE_BOOLEAN);
592 
593 	handle = smb_smf_scf_init(SMBD_FMRI_PREFIX);
594 	if (handle == NULL)
595 		return (B_FALSE);
596 
597 	rc = smb_smf_create_service_pgroup(handle, SMBD_PG_NAME);
598 	if (rc == SMBD_SMF_OK)
599 		rc = smb_smf_get_boolean_property(handle, cfg->sc_name, &vbool);
600 	smb_smf_scf_fini(handle);
601 
602 	return ((rc == SMBD_SMF_OK) ? (vbool == 1) : B_FALSE);
603 }
604 
605 /*
606  * smb_config_get
607  *
608  * This function returns the value of the requested config
609  * iterm regardless of its type in string format. This should
610  * be used when the config item type is not known by the caller.
611  */
612 int
613 smb_config_get(smb_cfg_id_t id, char *cbuf, int bufsz)
614 {
615 	smb_cfg_param_t *cfg;
616 	int64_t cint;
617 	int rc;
618 
619 	cfg = smb_config_getent(id);
620 	switch (cfg->sc_type) {
621 	case SCF_TYPE_ASTRING:
622 		return (smb_config_getstr(id, cbuf, bufsz));
623 
624 	case SCF_TYPE_INTEGER:
625 		rc = smb_config_getnum(id, &cint);
626 		if (rc == SMBD_SMF_OK)
627 			(void) snprintf(cbuf, bufsz, "%lld", cint);
628 		return (rc);
629 
630 	case SCF_TYPE_BOOLEAN:
631 		if (smb_config_getbool(id))
632 			(void) strlcpy(cbuf, "true", bufsz);
633 		else
634 			(void) strlcpy(cbuf, "false", bufsz);
635 		return (SMBD_SMF_OK);
636 	}
637 
638 	return (SMBD_SMF_INVALID_ARG);
639 }
640 
641 /*
642  * smb_config_setstr
643  *
644  * Set the specified config param with the given
645  * value.
646  */
647 int
648 smb_config_setstr(smb_cfg_id_t id, char *value)
649 {
650 	smb_scfhandle_t *handle;
651 	smb_cfg_param_t *cfg;
652 	int rc = SMBD_SMF_OK;
653 	boolean_t protected;
654 	char *tmp = NULL;
655 	char *pg;
656 
657 	cfg = smb_config_getent(id);
658 	assert(cfg->sc_type == SCF_TYPE_ASTRING);
659 
660 	if (id == SMB_CI_ADS_SITE)
661 		return (smb_config_set_idmap_site_name(value));
662 	if (id == SMB_CI_DOMAIN_SRV)
663 		return (smb_config_set_idmap_preferred_dc(value));
664 
665 	protected = B_FALSE;
666 
667 	switch (cfg->sc_flags) {
668 	case SMB_CF_PROTECTED:
669 		protected = B_TRUE;
670 		pg = SMBD_PROTECTED_PG_NAME;
671 		break;
672 	case SMB_CF_EXEC:
673 		pg = SMBD_EXEC_PG_NAME;
674 		break;
675 	default:
676 		pg = SMBD_PG_NAME;
677 		break;
678 	}
679 
680 	handle = smb_smf_scf_init(SMBD_FMRI_PREFIX);
681 	if (handle == NULL)
682 		return (SMBD_SMF_SYSTEM_ERR);
683 
684 	rc = smb_smf_create_service_pgroup(handle, pg);
685 	if (rc == SMBD_SMF_OK)
686 		rc = smb_smf_start_transaction(handle);
687 
688 	if (rc != SMBD_SMF_OK) {
689 		smb_smf_scf_fini(handle);
690 		return (rc);
691 	}
692 
693 	if (protected && value && (*value != '\0')) {
694 		if ((tmp = smb_base64_encode(value)) == NULL) {
695 			(void) smb_smf_end_transaction(handle);
696 			smb_smf_scf_fini(handle);
697 			return (SMBD_SMF_NO_MEMORY);
698 		}
699 
700 		value = tmp;
701 	}
702 
703 	rc = smb_smf_set_string_property(handle, cfg->sc_name, value);
704 
705 	free(tmp);
706 	(void) smb_smf_end_transaction(handle);
707 	smb_smf_scf_fini(handle);
708 	return (rc);
709 }
710 
711 /*
712  * smb_config_setnum
713  *
714  * Sets a numeric configuration iterm
715  */
716 int
717 smb_config_setnum(smb_cfg_id_t id, int64_t value)
718 {
719 	smb_scfhandle_t *handle;
720 	smb_cfg_param_t *cfg;
721 	int rc = SMBD_SMF_OK;
722 
723 	cfg = smb_config_getent(id);
724 	assert(cfg->sc_type == SCF_TYPE_INTEGER);
725 
726 	handle = smb_smf_scf_init(SMBD_FMRI_PREFIX);
727 	if (handle == NULL)
728 		return (SMBD_SMF_SYSTEM_ERR);
729 
730 	rc = smb_smf_create_service_pgroup(handle, SMBD_PG_NAME);
731 	if (rc == SMBD_SMF_OK)
732 		rc = smb_smf_start_transaction(handle);
733 
734 	if (rc != SMBD_SMF_OK) {
735 		smb_smf_scf_fini(handle);
736 		return (rc);
737 	}
738 
739 	rc = smb_smf_set_integer_property(handle, cfg->sc_name, value);
740 
741 	(void) smb_smf_end_transaction(handle);
742 	smb_smf_scf_fini(handle);
743 	return (rc);
744 }
745 
746 /*
747  * smb_config_setbool
748  *
749  * Sets a boolean configuration iterm
750  */
751 int
752 smb_config_setbool(smb_cfg_id_t id, boolean_t value)
753 {
754 	smb_scfhandle_t *handle;
755 	smb_cfg_param_t *cfg;
756 	int rc = SMBD_SMF_OK;
757 
758 	cfg = smb_config_getent(id);
759 	assert(cfg->sc_type == SCF_TYPE_BOOLEAN);
760 
761 	handle = smb_smf_scf_init(SMBD_FMRI_PREFIX);
762 	if (handle == NULL)
763 		return (SMBD_SMF_SYSTEM_ERR);
764 
765 	rc = smb_smf_create_service_pgroup(handle, SMBD_PG_NAME);
766 	if (rc == SMBD_SMF_OK)
767 		rc = smb_smf_start_transaction(handle);
768 
769 	if (rc != SMBD_SMF_OK) {
770 		smb_smf_scf_fini(handle);
771 		return (rc);
772 	}
773 
774 	rc = smb_smf_set_boolean_property(handle, cfg->sc_name, value);
775 
776 	(void) smb_smf_end_transaction(handle);
777 	smb_smf_scf_fini(handle);
778 	return (rc);
779 }
780 
781 /*
782  * smb_config_set
783  *
784  * This function sets the value of the specified config
785  * iterm regardless of its type in string format. This should
786  * be used when the config item type is not known by the caller.
787  */
788 int
789 smb_config_set(smb_cfg_id_t id, char *value)
790 {
791 	smb_cfg_param_t *cfg;
792 	int64_t cint;
793 
794 	cfg = smb_config_getent(id);
795 	switch (cfg->sc_type) {
796 	case SCF_TYPE_ASTRING:
797 		return (smb_config_setstr(id, value));
798 
799 	case SCF_TYPE_INTEGER:
800 		cint = atoi(value);
801 		return (smb_config_setnum(id, cint));
802 
803 	case SCF_TYPE_BOOLEAN:
804 		return (smb_config_setbool(id, strcasecmp(value, "true") == 0));
805 	}
806 
807 	return (SMBD_SMF_INVALID_ARG);
808 }
809 
810 int
811 smb_config_get_debug()
812 {
813 	int64_t val64;
814 	int val = 0;	/* default */
815 	smb_scfhandle_t *handle = NULL;
816 
817 	handle = smb_smf_scf_init(SMBD_FMRI_PREFIX);
818 	if (handle == NULL) {
819 		return (val);
820 	}
821 
822 	if (smb_smf_create_service_pgroup(handle,
823 	    SMBD_PG_NAME) != SMBD_SMF_OK) {
824 		smb_smf_scf_fini(handle);
825 		return (val);
826 	}
827 
828 	if (smb_smf_get_integer_property(handle, "debug", &val64) != 0) {
829 		smb_smf_scf_fini(handle);
830 		return (val);
831 	}
832 	val = (int)val64;
833 
834 	smb_smf_scf_fini(handle);
835 
836 	return (val);
837 }
838 
839 uint8_t
840 smb_config_get_fg_flag()
841 {
842 	uint8_t run_fg = 0; /* Default is to run in daemon mode */
843 	smb_scfhandle_t *handle = NULL;
844 
845 	handle = smb_smf_scf_init(SMBD_FMRI_PREFIX);
846 	if (handle == NULL) {
847 		return (run_fg);
848 	}
849 
850 	if (smb_smf_create_service_pgroup(handle,
851 	    SMBD_PG_NAME) != SMBD_SMF_OK) {
852 		smb_smf_scf_fini(handle);
853 		return (run_fg);
854 	}
855 
856 	if (smb_smf_get_boolean_property(handle, "run_fg", &run_fg) != 0) {
857 		smb_smf_scf_fini(handle);
858 		return (run_fg);
859 	}
860 
861 	smb_smf_scf_fini(handle);
862 
863 	return (run_fg);
864 }
865 
866 /*
867  * smb_config_get_ads_enable
868  *
869  * Returns value of the "config/use_ads" parameter
870  * from the IDMAP SMF configuration repository.
871  *
872  */
873 boolean_t
874 smb_config_get_ads_enable(void)
875 {
876 	smb_scfhandle_t *handle = NULL;
877 	uint8_t vbool;
878 	int rc = 0;
879 
880 	handle = smb_smf_scf_init(IDMAP_FMRI_PREFIX);
881 	if (handle == NULL)
882 		return (B_FALSE);
883 
884 	rc = smb_smf_create_service_pgroup(handle, IDMAP_PG_NAME);
885 	if (rc == SMBD_SMF_OK)
886 		rc = smb_smf_get_boolean_property(handle, "use_ads", &vbool);
887 	smb_smf_scf_fini(handle);
888 
889 	return ((rc == SMBD_SMF_OK) ? (vbool == 1) : B_TRUE);
890 }
891 
892 /*
893  * smb_config_get_localsid
894  *
895  * Returns value of the "config/machine_sid" parameter
896  * from the IDMAP SMF configuration repository.
897  * Result is allocated; caller should free.
898  */
899 char *
900 smb_config_get_localsid(void)
901 {
902 	return (smb_config_getenv_generic(MACHINE_SID, IDMAP_FMRI_PREFIX,
903 	    IDMAP_PG_NAME));
904 }
905 
906 /*
907  * smb_config_get_localuuid
908  *
909  * Returns value of the "config/machine_uuid" parameter
910  * from the IDMAP SMF configuration repository.
911  *
912  */
913 int
914 smb_config_get_localuuid(uuid_t uu)
915 {
916 	char *s;
917 	int rc = 0;
918 
919 	uuid_clear(uu);
920 	s = smb_config_getenv_generic(MACHINE_UUID, IDMAP_FMRI_PREFIX,
921 	    IDMAP_PG_NAME);
922 	if (s == NULL)
923 		return (-1);
924 
925 	if (uuid_parse(s, uu) < 0)
926 		rc = -1;
927 
928 	free(s);
929 	return (rc);
930 }
931 
932 static int
933 smb_config_get_idmap_preferred_dc(char *cbuf, int bufsz)
934 {
935 	char *s;
936 	int len, rc = -1;
937 
938 	s = smb_config_getenv_generic(IDMAP_PREF_DC,
939 	    IDMAP_FMRI_PREFIX, IDMAP_PG_NAME);
940 	if (s != NULL) {
941 		len = strlcpy(cbuf, s, bufsz);
942 		if (len < bufsz)
943 			rc = 0;
944 		free(s);
945 	}
946 	return (rc);
947 }
948 
949 static int
950 smb_config_set_idmap_preferred_dc(char *value)
951 {
952 	return (smb_config_setenv_generic(IDMAP_FMRI_PREFIX, IDMAP_PG_NAME,
953 	    IDMAP_PREF_DC, value));
954 }
955 
956 static int
957 smb_config_get_idmap_site_name(char *cbuf, int bufsz)
958 {
959 	char *s;
960 	int len, rc = -1;
961 
962 	s = smb_config_getenv_generic(IDMAP_SITE_NAME,
963 	    IDMAP_FMRI_PREFIX, IDMAP_PG_NAME);
964 	if (s != NULL) {
965 		len = strlcpy(cbuf, s, bufsz);
966 		if (len < bufsz)
967 			rc = 0;
968 		free(s);
969 	}
970 	return (rc);
971 }
972 
973 static int
974 smb_config_set_idmap_site_name(char *value)
975 {
976 	return (smb_config_setenv_generic(IDMAP_FMRI_PREFIX, IDMAP_PG_NAME,
977 	    IDMAP_SITE_NAME, value));
978 }
979 
980 /*
981  * smb_config_set_idmap_domain
982  *
983  * Set the "config/domain_name" parameter from IDMAP SMF repository.
984  */
985 int
986 smb_config_set_idmap_domain(char *value)
987 {
988 	return (smb_config_setenv_generic(IDMAP_FMRI_PREFIX, IDMAP_PG_NAME,
989 	    IDMAP_DOMAIN, value));
990 }
991 
992 /*
993  * smb_config_refresh_idmap
994  *
995  * Refresh IDMAP SMF service after making changes to its configuration.
996  */
997 int
998 smb_config_refresh_idmap(void)
999 {
1000 	char instance[32];
1001 
1002 	(void) snprintf(instance, sizeof (instance), "%s:default",
1003 	    IDMAP_FMRI_PREFIX);
1004 	return (smf_refresh_instance(instance));
1005 }
1006 
1007 int
1008 smb_config_secmode_fromstr(char *secmode)
1009 {
1010 	if (secmode == NULL)
1011 		return (SMB_SECMODE_WORKGRP);
1012 
1013 	if (strcasecmp(secmode, SMB_SECMODE_DOMAIN_STR) == 0)
1014 		return (SMB_SECMODE_DOMAIN);
1015 
1016 	return (SMB_SECMODE_WORKGRP);
1017 }
1018 
1019 char *
1020 smb_config_secmode_tostr(int secmode)
1021 {
1022 	if (secmode == SMB_SECMODE_DOMAIN)
1023 		return (SMB_SECMODE_DOMAIN_STR);
1024 
1025 	return (SMB_SECMODE_WORKGRP_STR);
1026 }
1027 
1028 int
1029 smb_config_get_secmode()
1030 {
1031 	char p[16];
1032 
1033 	(void) smb_config_getstr(SMB_CI_SECURITY, p, sizeof (p));
1034 	return (smb_config_secmode_fromstr(p));
1035 }
1036 
1037 int
1038 smb_config_set_secmode(int secmode)
1039 {
1040 	char *p;
1041 
1042 	p = smb_config_secmode_tostr(secmode);
1043 	return (smb_config_setstr(SMB_CI_SECURITY, p));
1044 }
1045 
1046 void
1047 smb_config_getdomaininfo(char *domain, char *fqdn, char *sid, char *forest,
1048     char *guid)
1049 {
1050 	if (domain)
1051 		(void) smb_config_getstr(SMB_CI_DOMAIN_NAME, domain,
1052 		    NETBIOS_NAME_SZ);
1053 
1054 	if (fqdn)
1055 		(void) smb_config_getstr(SMB_CI_DOMAIN_FQDN, fqdn,
1056 		    MAXHOSTNAMELEN);
1057 
1058 	if (sid)
1059 		(void) smb_config_getstr(SMB_CI_DOMAIN_SID, sid,
1060 		    SMB_SID_STRSZ);
1061 
1062 	if (forest)
1063 		(void) smb_config_getstr(SMB_CI_DOMAIN_FOREST, forest,
1064 		    MAXHOSTNAMELEN);
1065 
1066 	if (guid)
1067 		(void) smb_config_getstr(SMB_CI_DOMAIN_GUID, guid,
1068 		    UUID_PRINTABLE_STRING_LENGTH);
1069 }
1070 
1071 void
1072 smb_config_setdomaininfo(char *domain, char *fqdn, char *sid, char *forest,
1073     char *guid)
1074 {
1075 	if (domain)
1076 		(void) smb_config_setstr(SMB_CI_DOMAIN_NAME, domain);
1077 	if (fqdn)
1078 		(void) smb_config_setstr(SMB_CI_DOMAIN_FQDN, fqdn);
1079 	if (sid)
1080 		(void) smb_config_setstr(SMB_CI_DOMAIN_SID, sid);
1081 	if (forest)
1082 		(void) smb_config_setstr(SMB_CI_DOMAIN_FOREST, forest);
1083 	if (guid)
1084 		(void) smb_config_setstr(SMB_CI_DOMAIN_GUID, guid);
1085 }
1086 
1087 /*
1088  * The version stored in SMF in string format as N.N where
1089  * N is a number defined by Microsoft. The first number represents
1090  * the major version and the second number is the minor version.
1091  * Current defined values can be found here in 'ver_table'.
1092  *
1093  * This function reads the SMF string value and converts it to
1094  * two numbers returned in the given 'version' structure.
1095  * Current default version number is 5.0 which is for Windows 2000.
1096  */
1097 void
1098 smb_config_get_version(smb_version_t *version)
1099 {
1100 	smb_version_t tmpver;
1101 	char verstr[SMB_VERSTR_LEN];
1102 	char *p;
1103 	int rc, i;
1104 	static smb_version_t ver_table [] = {
1105 		{ 0, SMB_MAJOR_NT,	SMB_MINOR_NT,		1381,	0 },
1106 		{ 0, SMB_MAJOR_2000,	SMB_MINOR_2000,		2195,	0 },
1107 		{ 0, SMB_MAJOR_XP,	SMB_MINOR_XP,		2196,	0 },
1108 		{ 0, SMB_MAJOR_2003,	SMB_MINOR_2003,		2196,	0 },
1109 		{ 0, SMB_MAJOR_VISTA,	SMB_MINOR_VISTA,	6000,	0 },
1110 		{ 0, SMB_MAJOR_2008,	SMB_MINOR_2008,		6000,	0 },
1111 		{ 0, SMB_MAJOR_2008R2,	SMB_MINOR_2008R2,	7007,	0 },
1112 		{ 0, SMB_MAJOR_7,	SMB_MINOR_7,		7007,	0 }
1113 	};
1114 
1115 	*version = ver_table[1];
1116 	version->sv_size = sizeof (smb_version_t);
1117 
1118 	rc = smb_config_getstr(SMB_CI_VERSION, verstr, sizeof (verstr));
1119 	if (rc != SMBD_SMF_OK)
1120 		return;
1121 
1122 	if ((p = strchr(verstr, '.')) == NULL)
1123 		return;
1124 
1125 	*p = '\0';
1126 	tmpver.sv_major = (uint8_t)atoi(verstr);
1127 	tmpver.sv_minor = (uint8_t)atoi(p + 1);
1128 
1129 	for (i = 0; i < sizeof (ver_table)/sizeof (ver_table[0]); ++i) {
1130 		if ((tmpver.sv_major == ver_table[i].sv_major) &&
1131 		    (tmpver.sv_minor == ver_table[i].sv_minor)) {
1132 			*version = ver_table[i];
1133 			version->sv_size = sizeof (smb_version_t);
1134 			break;
1135 		}
1136 	}
1137 }
1138 
1139 /*
1140  * Reads share exec script properties
1141  */
1142 uint32_t
1143 smb_config_get_execinfo(char *map, char *unmap, size_t bufsz)
1144 {
1145 	char buf[MAXPATHLEN];
1146 	uint32_t flags = 0;
1147 
1148 	if (map == NULL) {
1149 		map = buf;
1150 		bufsz = MAXPATHLEN;
1151 	}
1152 
1153 	*map = '\0';
1154 	(void) smb_config_getstr(SMB_CI_MAP, map, bufsz);
1155 	if (*map != '\0')
1156 		flags |= SMB_EXEC_MAP;
1157 
1158 	if (unmap == NULL) {
1159 		unmap = buf;
1160 		bufsz = MAXPATHLEN;
1161 	}
1162 
1163 	*unmap = '\0';
1164 	(void) smb_config_getstr(SMB_CI_UNMAP, unmap, bufsz);
1165 	if (*unmap != '\0')
1166 		flags |= SMB_EXEC_UNMAP;
1167 
1168 	*buf = '\0';
1169 	(void) smb_config_getstr(SMB_CI_DISPOSITION, buf, sizeof (buf));
1170 	if (*buf != '\0')
1171 		if (strcasecmp(buf, SMB_EXEC_DISP_TERMINATE) == 0)
1172 			flags |= SMB_EXEC_TERM;
1173 
1174 	return (flags);
1175 }
1176 
1177 static smb_cfg_param_t *
1178 smb_config_getent(smb_cfg_id_t id)
1179 {
1180 	int i;
1181 
1182 	for (i = 0; i < SMB_CI_MAX; i++)
1183 		if (smb_cfg_table[i].sc_id == id)
1184 			return (&smb_cfg_table[id]);
1185 
1186 	assert(0);
1187 	return (NULL);
1188 }
1189 
1190 static uint32_t
1191 smb_config_get_protocol(smb_cfg_id_t id, char *name, uint32_t default_val)
1192 {
1193 	char str[SMB_VERSTR_LEN];
1194 	int rc;
1195 	uint32_t val;
1196 
1197 	rc = smb_config_getstr(id, str, sizeof (str));
1198 	if (rc == SMBD_SMF_OK) {
1199 		val = smb_convert_version_str(str);
1200 		if (val != 0)
1201 			return (val);
1202 		if (str[0] != '\0') {
1203 			syslog(LOG_ERR, "smbd/%s value invalid: %s", name, str);
1204 		}
1205 	}
1206 
1207 	return (default_val);
1208 }
1209 
1210 /*
1211  * The service manifest has empty values by default for min_protocol and
1212  * max_protocol. The expectation is that when those values are empty, we don't
1213  * constrain the range of supported protocol versions (and allow use of the
1214  * whole range that we implement). For that reason, this should usually be the
1215  * highest protocol version we implement.
1216  */
1217 uint32_t max_protocol_default = SMB_VERS_3_11;
1218 
1219 uint32_t
1220 smb_config_get_max_protocol(void)
1221 {
1222 	uint32_t max;
1223 
1224 	max = smb_config_get_protocol(SMB_CI_MAX_PROTOCOL, "max_protocol",
1225 	    max_protocol_default);
1226 
1227 	return (max);
1228 }
1229 
1230 /*
1231  * This should eventually be SMB_VERS_2_BASE
1232  */
1233 uint32_t min_protocol_default = SMB_VERS_1;
1234 
1235 uint32_t
1236 smb_config_get_min_protocol(void)
1237 {
1238 	uint32_t min;
1239 
1240 	min = smb_config_get_protocol(SMB_CI_MIN_PROTOCOL, "min_protocol",
1241 	    min_protocol_default);
1242 
1243 	return (min);
1244 }
1245 
1246 /*
1247  * Convert a list of ciphers to a bitmask.
1248  * Returns mask or -1 for errors.
1249  *
1250  * Note this is used both below and in libshare_smb
1251  * for validation of new setting.
1252  */
1253 int
1254 smb_convert_encrypt_ciphers(char *value)
1255 {
1256 	const char *sep = ",:";
1257 	char buf[SMB_CIPHERS_MAXLEN];
1258 	char *last;
1259 	char *cn;
1260 	struct str_val *sv;
1261 	int ciphers = 0;
1262 
1263 	if (value == NULL)
1264 		return (-1);
1265 
1266 	if (strlen(value) >= SMB_CIPHERS_MAXLEN)
1267 		return (-1);
1268 
1269 	(void) strlcpy(buf, value, sizeof (buf));
1270 
1271 	cn = strtok_r(buf, sep, &last);
1272 	while (cn != NULL) {
1273 		boolean_t valid = B_FALSE;
1274 		/* # of ciphers is small - don't care about O(n2) */
1275 		for (sv = smb31_encrypt_ciphers; sv->str != NULL; sv++) {
1276 			if (strcmp(cn, sv->str) == 0) {
1277 				ciphers |= sv->val;
1278 				valid = B_TRUE;
1279 			}
1280 		}
1281 		if (!valid)
1282 			return (-1);
1283 		cn = strtok_r(NULL, sep, &last);
1284 	}
1285 	return (ciphers);
1286 }
1287 
1288 /*
1289  * Return a bitmask indicating enabled cipher algorithms.
1290  * If the config does not have at least one known cipher,
1291  * that's a configuration error, so just enable all.
1292  */
1293 uint32_t
1294 smb_config_get_encrypt_ciphers(void)
1295 {
1296 	char buf[SMB_CIPHERS_MAXLEN];
1297 	int ciphers = 0;
1298 
1299 	if (smb_config_getstr(SMB_CI_ENCRYPT_CIPHERS, buf, sizeof (buf))
1300 	    != SMBD_SMF_OK)
1301 		buf[0] = '\0';
1302 
1303 	ciphers = smb_convert_encrypt_ciphers(buf);
1304 
1305 	if (ciphers <= 0)
1306 		ciphers = SMB3_CIPHER_FLAGS_ALL;
1307 
1308 	return ((uint32_t)ciphers);
1309 }
1310 
1311 /*
1312  * Run once at startup convert old SMF settings to current.
1313  */
1314 void
1315 smb_config_upgrade(void)
1316 {
1317 }
1318 
1319 smb_cfg_val_t
1320 smb_config_get_require(smb_cfg_id_t id)
1321 {
1322 	int rc;
1323 	char str[sizeof ("required")];
1324 
1325 	rc = smb_config_getstr(id, str, sizeof (str));
1326 	if (rc != SMBD_SMF_OK)
1327 		return (SMB_CONFIG_DISABLED);
1328 
1329 	if (strncmp(str, "required", sizeof (str)) == 0)
1330 		return (SMB_CONFIG_REQUIRED);
1331 	if (strncmp(str, "enabled", sizeof (str)) == 0)
1332 		return (SMB_CONFIG_ENABLED);
1333 
1334 	return (SMB_CONFIG_DISABLED);
1335 }
1336