1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25 #include <assert.h> 26 #include <syslog.h> 27 #include <door.h> 28 #include <fcntl.h> 29 #include <string.h> 30 #include <strings.h> 31 #include <stdlib.h> 32 #include <unistd.h> 33 #include <errno.h> 34 #include <sys/mman.h> 35 #include <smbsrv/libsmb.h> 36 #include <smbsrv/wintypes.h> 37 #include <smbsrv/smb_door.h> 38 39 static int smb_door_call(uint32_t, void *, xdrproc_t, void *, xdrproc_t); 40 static int smb_door_call_private(int, smb_doorarg_t *); 41 static int smb_door_encode(smb_doorarg_t *, uint32_t); 42 static int smb_door_decode(smb_doorarg_t *); 43 static void smb_door_sethdr(smb_doorhdr_t *, uint32_t, uint32_t); 44 static boolean_t smb_door_chkhdr(smb_doorarg_t *, smb_doorhdr_t *); 45 static void smb_door_free(door_arg_t *arg); 46 47 /* 48 * Given a SID, make a door call to get the associated name. 49 * 50 * Returns 0 if the door call is successful, otherwise -1. 51 * 52 * If 0 is returned, the lookup result will be available in a_status. 53 * NT_STATUS_SUCCESS The SID was mapped to a name. 54 * NT_STATUS_NONE_MAPPED The SID could not be mapped to a name. 55 */ 56 int 57 smb_lookup_sid(const char *sid, lsa_account_t *acct) 58 { 59 int rc; 60 61 assert((sid != NULL) && (acct != NULL)); 62 63 bzero(acct, sizeof (lsa_account_t)); 64 (void) strlcpy(acct->a_sid, sid, SMB_SID_STRSZ); 65 66 rc = smb_door_call(SMB_DR_LOOKUP_SID, acct, lsa_account_xdr, 67 acct, lsa_account_xdr); 68 69 if (rc != 0) 70 syslog(LOG_DEBUG, "smb_lookup_sid: %m"); 71 return (rc); 72 } 73 74 /* 75 * Given a name, make a door call to get the associated SID. 76 * 77 * Returns 0 if the door call is successful, otherwise -1. 78 * 79 * If 0 is returned, the lookup result will be available in a_status. 80 * NT_STATUS_SUCCESS The name was mapped to a SID. 81 * NT_STATUS_NONE_MAPPED The name could not be mapped to a SID. 82 */ 83 int 84 smb_lookup_name(const char *name, sid_type_t sidtype, lsa_account_t *acct) 85 { 86 char tmp[MAXNAMELEN]; 87 char *dp = NULL; 88 char *np = NULL; 89 int rc; 90 91 assert((name != NULL) && (acct != NULL)); 92 93 (void) strlcpy(tmp, name, MAXNAMELEN); 94 smb_name_parse(tmp, &np, &dp); 95 96 bzero(acct, sizeof (lsa_account_t)); 97 acct->a_sidtype = sidtype; 98 99 if (dp != NULL && np != NULL) { 100 (void) strlcpy(acct->a_domain, dp, MAXNAMELEN); 101 (void) strlcpy(acct->a_name, np, MAXNAMELEN); 102 } else { 103 (void) strlcpy(acct->a_name, name, MAXNAMELEN); 104 } 105 106 rc = smb_door_call(SMB_DR_LOOKUP_NAME, acct, lsa_account_xdr, 107 acct, lsa_account_xdr); 108 109 if (rc != 0) 110 syslog(LOG_DEBUG, "smb_lookup_name: %m"); 111 return (rc); 112 } 113 114 uint32_t 115 smb_join(smb_joininfo_t *jdi) 116 { 117 uint32_t status; 118 int rc; 119 120 if (jdi == NULL) 121 return (NT_STATUS_INVALID_PARAMETER); 122 123 rc = smb_door_call(SMB_DR_JOIN, jdi, smb_joininfo_xdr, 124 &status, xdr_uint32_t); 125 126 if (rc != 0) { 127 syslog(LOG_DEBUG, "smb_join: %m"); 128 status = NT_STATUS_INTERNAL_ERROR; 129 } 130 131 return (status); 132 } 133 134 /* 135 * Get information about the Domain Controller in the joined resource domain. 136 * 137 * Returns NT status codes. 138 */ 139 uint32_t 140 smb_get_dcinfo(char *namebuf, uint32_t namebuflen, smb_inaddr_t *ipaddr) 141 { 142 smb_string_t dcname; 143 struct hostent *h; 144 int rc; 145 146 assert((namebuf != NULL) && (namebuflen != 0)); 147 *namebuf = '\0'; 148 bzero(&dcname, sizeof (smb_string_t)); 149 150 rc = smb_door_call(SMB_DR_GET_DCINFO, NULL, NULL, 151 &dcname, smb_string_xdr); 152 153 if (rc != 0) { 154 syslog(LOG_DEBUG, "smb_get_dcinfo: %m"); 155 if (dcname.buf) 156 xdr_free(smb_string_xdr, (char *)&dcname); 157 return (NT_STATUS_INTERNAL_ERROR); 158 } 159 160 if (dcname.buf) { 161 (void) strlcpy(namebuf, dcname.buf, namebuflen); 162 163 if ((h = smb_gethostbyname(dcname.buf, &rc)) == NULL) { 164 bzero(ipaddr, sizeof (smb_inaddr_t)); 165 } else { 166 (void) memcpy(ipaddr, h->h_addr, h->h_length); 167 ipaddr->a_family = h->h_addrtype; 168 freehostent(h); 169 } 170 xdr_free(smb_string_xdr, (char *)&dcname); 171 } 172 173 return (NT_STATUS_SUCCESS); 174 } 175 176 bool_t 177 smb_joininfo_xdr(XDR *xdrs, smb_joininfo_t *objp) 178 { 179 if (!xdr_vector(xdrs, (char *)objp->domain_name, MAXHOSTNAMELEN, 180 sizeof (char), (xdrproc_t)xdr_char)) 181 return (FALSE); 182 183 if (!xdr_vector(xdrs, (char *)objp->domain_username, 184 SMB_USERNAME_MAXLEN + 1, sizeof (char), (xdrproc_t)xdr_char)) 185 return (FALSE); 186 187 if (!xdr_vector(xdrs, (char *)objp->domain_passwd, 188 SMB_PASSWD_MAXLEN + 1, sizeof (char), (xdrproc_t)xdr_char)) 189 return (FALSE); 190 191 if (!xdr_uint32_t(xdrs, &objp->mode)) 192 return (FALSE); 193 194 return (TRUE); 195 } 196 197 /* 198 * Parameters: 199 * fqdn (input) - fully-qualified domain name 200 * buf (output) - fully-qualified hostname of the AD server found 201 * by this function. 202 * buflen (input) - length of the 'buf' 203 * 204 * Return: 205 * B_TRUE if an AD server is found. Otherwise, returns B_FALSE; 206 * 207 * The buffer passed in should be big enough to hold a fully-qualified 208 * hostname (MAXHOSTNAMELEN); otherwise, a truncated string will be 209 * returned. On error, an empty string will be returned. 210 */ 211 boolean_t 212 smb_find_ads_server(char *fqdn, char *buf, int buflen) 213 { 214 smb_string_t server; 215 smb_string_t domain; 216 boolean_t found = B_FALSE; 217 int rc; 218 219 if (fqdn == NULL || buf == NULL) { 220 if (buf) 221 *buf = '\0'; 222 return (B_FALSE); 223 } 224 225 bzero(&server, sizeof (smb_string_t)); 226 *buf = '\0'; 227 228 domain.buf = fqdn; 229 230 rc = smb_door_call(SMB_DR_ADS_FIND_HOST, &domain, smb_string_xdr, 231 &server, smb_string_xdr); 232 233 if (rc != 0) 234 syslog(LOG_DEBUG, "smb_find_ads_server: %m"); 235 236 if (server.buf != NULL) { 237 if (*server.buf != '\0') { 238 (void) strlcpy(buf, server.buf, buflen); 239 found = B_TRUE; 240 } 241 242 xdr_free(smb_string_xdr, (char *)&server); 243 } 244 245 return (found); 246 } 247 248 /* 249 * After a successful door call the local door_arg->data_ptr is assigned 250 * to the caller's arg->rbuf so that arg has references to both input and 251 * response buffers, which is required by smb_door_free. 252 * 253 * On success, the object referenced by rsp_data will have been populated 254 * by passing rbuf through the rsp_xdr function. 255 */ 256 static int 257 smb_door_call(uint32_t cmd, void *req_data, xdrproc_t req_xdr, 258 void *rsp_data, xdrproc_t rsp_xdr) 259 { 260 smb_doorarg_t da; 261 int fd; 262 int rc; 263 264 bzero(&da, sizeof (smb_doorarg_t)); 265 da.da_opcode = cmd; 266 da.da_opname = smb_doorhdr_opname(cmd); 267 da.da_req_xdr = req_xdr; 268 da.da_rsp_xdr = rsp_xdr; 269 da.da_req_data = req_data; 270 da.da_rsp_data = rsp_data; 271 272 if ((req_data == NULL && req_xdr != NULL) || 273 (rsp_data == NULL && rsp_xdr != NULL)) { 274 errno = EINVAL; 275 syslog(LOG_DEBUG, "smb_door_call[%s]: %m", da.da_opname); 276 return (-1); 277 } 278 279 if ((fd = open(SMBD_DOOR_NAME, O_RDONLY)) < 0) { 280 syslog(LOG_DEBUG, "smb_door_call[%s]: %m", da.da_opname); 281 return (-1); 282 } 283 284 if (smb_door_encode(&da, cmd) != 0) { 285 syslog(LOG_DEBUG, "smb_door_call[%s]: %m", da.da_opname); 286 (void) close(fd); 287 return (-1); 288 } 289 290 if (smb_door_call_private(fd, &da) != 0) { 291 syslog(LOG_DEBUG, "smb_door_call[%s]: %m", da.da_opname); 292 smb_door_free(&da.da_arg); 293 (void) close(fd); 294 return (-1); 295 } 296 297 if ((rc = smb_door_decode(&da)) != 0) 298 syslog(LOG_DEBUG, "smb_door_call[%s]: %m", da.da_opname); 299 smb_door_free(&da.da_arg); 300 (void) close(fd); 301 return (rc); 302 } 303 304 /* 305 * We use a copy of the door arg because doorfs may change data_ptr 306 * and we want to detect that when freeing the door buffers. After 307 * this call, response data must be referenced via rbuf and rsize. 308 */ 309 static int 310 smb_door_call_private(int fd, smb_doorarg_t *da) 311 { 312 door_arg_t door_arg; 313 int rc; 314 int i; 315 316 bcopy(&da->da_arg, &door_arg, sizeof (door_arg_t)); 317 318 for (i = 0; i < SMB_DOOR_CALL_RETRIES; ++i) { 319 errno = 0; 320 321 if ((rc = door_call(fd, &door_arg)) == 0) 322 break; 323 324 if (errno != EAGAIN && errno != EINTR) 325 return (-1); 326 } 327 328 if (rc != 0 || door_arg.data_size == 0 || door_arg.rsize == 0) { 329 if (errno == 0) 330 errno = EIO; 331 return (-1); 332 } 333 334 da->da_arg.rbuf = door_arg.data_ptr; 335 da->da_arg.rsize = door_arg.rsize; 336 return (rc); 337 } 338 339 static int 340 smb_door_encode(smb_doorarg_t *da, uint32_t cmd) 341 { 342 XDR xdrs; 343 char *buf; 344 uint32_t buflen; 345 346 buflen = xdr_sizeof(smb_doorhdr_xdr, &da->da_hdr); 347 if (da->da_req_xdr != NULL) 348 buflen += xdr_sizeof(da->da_req_xdr, da->da_req_data); 349 350 smb_door_sethdr(&da->da_hdr, cmd, buflen); 351 352 if ((buf = malloc(buflen)) == NULL) 353 return (-1); 354 355 xdrmem_create(&xdrs, buf, buflen, XDR_ENCODE); 356 357 if (!smb_doorhdr_xdr(&xdrs, &da->da_hdr)) { 358 errno = EPROTO; 359 free(buf); 360 xdr_destroy(&xdrs); 361 return (-1); 362 } 363 364 if (da->da_req_xdr != NULL) { 365 if (!da->da_req_xdr(&xdrs, da->da_req_data)) { 366 errno = EPROTO; 367 free(buf); 368 xdr_destroy(&xdrs); 369 return (-1); 370 } 371 } 372 373 da->da_arg.data_ptr = buf; 374 da->da_arg.data_size = buflen; 375 da->da_arg.desc_ptr = NULL; 376 da->da_arg.desc_num = 0; 377 da->da_arg.rbuf = buf; 378 da->da_arg.rsize = buflen; 379 380 xdr_destroy(&xdrs); 381 return (0); 382 } 383 384 /* 385 * Decode the response in rbuf and rsize. 386 */ 387 static int 388 smb_door_decode(smb_doorarg_t *da) 389 { 390 XDR xdrs; 391 smb_doorhdr_t hdr; 392 char *rbuf = da->da_arg.rbuf; 393 uint32_t rsize = da->da_arg.rsize; 394 395 if (rbuf == NULL || rsize == 0) { 396 errno = EINVAL; 397 return (-1); 398 } 399 400 xdrmem_create(&xdrs, rbuf, rsize, XDR_DECODE); 401 402 if (!smb_doorhdr_xdr(&xdrs, &hdr)) { 403 errno = EPROTO; 404 xdr_destroy(&xdrs); 405 return (-1); 406 } 407 408 if (!smb_door_chkhdr(da, &hdr)) { 409 errno = EPROTO; 410 xdr_destroy(&xdrs); 411 return (-1); 412 } 413 414 if (da->da_rsp_xdr != NULL) { 415 if (!da->da_rsp_xdr(&xdrs, da->da_rsp_data)) { 416 errno = EPROTO; 417 xdr_destroy(&xdrs); 418 return (-1); 419 } 420 } 421 422 xdr_destroy(&xdrs); 423 return (0); 424 } 425 426 static void 427 smb_door_sethdr(smb_doorhdr_t *hdr, uint32_t cmd, uint32_t datalen) 428 { 429 bzero(hdr, sizeof (smb_doorhdr_t)); 430 hdr->dh_magic = SMB_DOOR_HDR_MAGIC; 431 hdr->dh_flags = SMB_DF_USERSPACE; 432 hdr->dh_op = cmd; 433 hdr->dh_txid = smb_get_txid(); 434 hdr->dh_datalen = datalen; 435 hdr->dh_door_rc = SMB_DOP_NOT_CALLED; 436 } 437 438 static boolean_t 439 smb_door_chkhdr(smb_doorarg_t *da, smb_doorhdr_t *hdr) 440 { 441 if ((hdr->dh_magic != SMB_DOOR_HDR_MAGIC) || 442 (hdr->dh_op != da->da_hdr.dh_op) || 443 (hdr->dh_txid != da->da_hdr.dh_txid)) { 444 syslog(LOG_DEBUG, "smb_door_chkhdr[%s]: invalid header", 445 da->da_opname); 446 return (B_FALSE); 447 } 448 449 if (hdr->dh_door_rc != SMB_DOP_SUCCESS) { 450 syslog(LOG_DEBUG, "smb_door_chkhdr[%s]: call status=%d", 451 da->da_opname, hdr->dh_door_rc); 452 return (B_FALSE); 453 } 454 455 return (B_TRUE); 456 } 457 458 /* 459 * Free resources allocated for a door call. If the result buffer provided 460 * by the client is too small, doorfs will have allocated a new buffer, 461 * which must be unmapped here. 462 * 463 * This function must be called to free both the argument and result door 464 * buffers regardless of the status of the door call. 465 */ 466 static void 467 smb_door_free(door_arg_t *arg) 468 { 469 if (arg->rbuf && (arg->rbuf != arg->data_ptr)) 470 (void) munmap(arg->rbuf, arg->rsize); 471 472 free(arg->data_ptr); 473 } 474