1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <assert.h> 27 #include <sys/types.h> 28 #include <stdarg.h> 29 #include <unistd.h> 30 #include <stdlib.h> 31 #include <time.h> 32 #include <synch.h> 33 #include <syslog.h> 34 #include <string.h> 35 #include <strings.h> 36 #include <errno.h> 37 #include <net/if.h> 38 #include <netdb.h> 39 #include <netinet/in.h> 40 #include <arpa/nameser.h> 41 #include <resolv.h> 42 #include <sys/sockio.h> 43 #include <sys/socket.h> 44 #include <smbsrv/smbinfo.h> 45 #include <smbsrv/netbios.h> 46 #include <smbsrv/libsmb.h> 47 48 static mutex_t seqnum_mtx; 49 50 void 51 smb_load_kconfig(smb_kmod_cfg_t *kcfg) 52 { 53 int64_t citem; 54 55 bzero(kcfg, sizeof (smb_kmod_cfg_t)); 56 57 (void) smb_config_getnum(SMB_CI_MAX_WORKERS, &citem); 58 kcfg->skc_maxworkers = (uint32_t)citem; 59 (void) smb_config_getnum(SMB_CI_KEEPALIVE, &citem); 60 kcfg->skc_keepalive = (uint32_t)citem; 61 if ((kcfg->skc_keepalive != 0) && 62 (kcfg->skc_keepalive < SMB_PI_KEEP_ALIVE_MIN)) 63 kcfg->skc_keepalive = SMB_PI_KEEP_ALIVE_MIN; 64 65 (void) smb_config_getnum(SMB_CI_MAX_CONNECTIONS, &citem); 66 kcfg->skc_maxconnections = (uint32_t)citem; 67 kcfg->skc_restrict_anon = smb_config_getbool(SMB_CI_RESTRICT_ANON); 68 kcfg->skc_signing_enable = smb_config_getbool(SMB_CI_SIGNING_ENABLE); 69 kcfg->skc_signing_required = smb_config_getbool(SMB_CI_SIGNING_REQD); 70 kcfg->skc_ipv6_enable = smb_config_getbool(SMB_CI_IPV6_ENABLE); 71 kcfg->skc_oplock_enable = smb_config_getbool(SMB_CI_OPLOCK_ENABLE); 72 kcfg->skc_sync_enable = smb_config_getbool(SMB_CI_SYNC_ENABLE); 73 kcfg->skc_secmode = smb_config_get_secmode(); 74 (void) smb_getdomainname(kcfg->skc_nbdomain, 75 sizeof (kcfg->skc_nbdomain)); 76 (void) smb_getfqdomainname(kcfg->skc_fqdn, 77 sizeof (kcfg->skc_fqdn)); 78 (void) smb_getnetbiosname(kcfg->skc_hostname, 79 sizeof (kcfg->skc_hostname)); 80 (void) smb_config_getstr(SMB_CI_SYS_CMNT, kcfg->skc_system_comment, 81 sizeof (kcfg->skc_system_comment)); 82 } 83 84 /* 85 * Get the current system NetBIOS name. The hostname is truncated at 86 * the first `.` or 15 bytes, whichever occurs first, and converted 87 * to uppercase (by smb_gethostname). Text that appears after the 88 * first '.' is considered to be part of the NetBIOS scope. 89 * 90 * Returns 0 on success, otherwise -1 to indicate an error. 91 */ 92 int 93 smb_getnetbiosname(char *buf, size_t buflen) 94 { 95 if (smb_gethostname(buf, buflen, 1) != 0) 96 return (-1); 97 98 if (buflen >= NETBIOS_NAME_SZ) 99 buf[NETBIOS_NAME_SZ - 1] = '\0'; 100 101 return (0); 102 } 103 104 /* 105 * Get the SAM account of the current system. 106 * Returns 0 on success, otherwise, -1 to indicate an error. 107 */ 108 int 109 smb_getsamaccount(char *buf, size_t buflen) 110 { 111 if (smb_getnetbiosname(buf, buflen - 1) != 0) 112 return (-1); 113 114 (void) strlcat(buf, "$", buflen); 115 return (0); 116 } 117 118 /* 119 * Get the current system node name. The returned name is guaranteed 120 * to be null-terminated (gethostname may not null terminate the name). 121 * If the hostname has been fully-qualified for some reason, the domain 122 * part will be removed. If the caller would like the name in upper 123 * case, it is folded to uppercase. 124 * 125 * If gethostname fails, the returned buffer will contain an empty 126 * string. 127 */ 128 int 129 smb_gethostname(char *buf, size_t buflen, int upcase) 130 { 131 char *p; 132 133 if (buf == NULL || buflen == 0) 134 return (-1); 135 136 if (gethostname(buf, buflen) != 0) { 137 *buf = '\0'; 138 return (-1); 139 } 140 141 buf[buflen - 1] = '\0'; 142 143 if ((p = strchr(buf, '.')) != NULL) 144 *p = '\0'; 145 146 if (upcase) 147 (void) utf8_strupr(buf); 148 149 return (0); 150 } 151 152 /* 153 * Obtain the fully-qualified name for this machine. If the 154 * hostname is fully-qualified, accept it. Otherwise, try to 155 * find an appropriate domain name to append to the hostname. 156 */ 157 int 158 smb_getfqhostname(char *buf, size_t buflen) 159 { 160 char hostname[MAXHOSTNAMELEN]; 161 char domain[MAXHOSTNAMELEN]; 162 163 hostname[0] = '\0'; 164 domain[0] = '\0'; 165 166 if (smb_gethostname(hostname, MAXHOSTNAMELEN, 0) != 0) 167 return (-1); 168 169 if (smb_getfqdomainname(domain, MAXHOSTNAMELEN) != 0) 170 return (-1); 171 172 if (hostname[0] == '\0') 173 return (-1); 174 175 if (domain[0] == '\0') { 176 (void) strlcpy(buf, hostname, buflen); 177 return (0); 178 } 179 180 (void) snprintf(buf, buflen, "%s.%s", hostname, domain); 181 return (0); 182 } 183 184 /* 185 * smb_getdomainname 186 * 187 * Returns NETBIOS name of the domain if the system is in domain 188 * mode. Or returns workgroup name if the system is in workgroup 189 * mode. 190 */ 191 int 192 smb_getdomainname(char *buf, size_t buflen) 193 { 194 int rc; 195 196 if (buf == NULL || buflen == 0) 197 return (-1); 198 199 *buf = '\0'; 200 rc = smb_config_getstr(SMB_CI_DOMAIN_NAME, buf, buflen); 201 202 if ((rc != SMBD_SMF_OK) || (*buf == '\0')) 203 return (-1); 204 205 return (0); 206 } 207 208 /* 209 * smb_getdomainsid 210 * 211 * Returns the domain SID if the system is in domain mode. 212 * Otherwise returns NULL. 213 * 214 * Note: Callers are responsible for freeing a returned SID. 215 */ 216 smb_sid_t * 217 smb_getdomainsid(void) 218 { 219 char buf[MAXHOSTNAMELEN]; 220 smb_sid_t *sid; 221 int security_mode; 222 int rc; 223 224 security_mode = smb_config_get_secmode(); 225 if (security_mode != SMB_SECMODE_DOMAIN) 226 return (NULL); 227 228 *buf = '\0'; 229 rc = smb_config_getstr(SMB_CI_DOMAIN_SID, buf, MAXHOSTNAMELEN); 230 if ((rc != SMBD_SMF_OK) || (*buf == '\0')) 231 return (NULL); 232 233 if ((sid = smb_sid_fromstr(buf)) == NULL) 234 return (NULL); 235 236 return (sid); 237 } 238 239 /* 240 * smb_getfqdomainname 241 * 242 * In the system is in domain mode, the dns_domain property value 243 * is returned. Otherwise, it returns the local domain obtained via 244 * resolver. 245 * 246 * Returns 0 upon success. Otherwise, returns -1. 247 */ 248 int 249 smb_getfqdomainname(char *buf, size_t buflen) 250 { 251 struct __res_state res_state; 252 int rc; 253 254 if (buf == NULL || buflen == 0) 255 return (-1); 256 257 *buf = '\0'; 258 if (smb_config_get_secmode() == SMB_SECMODE_DOMAIN) { 259 rc = smb_config_getstr(SMB_CI_DOMAIN_FQDN, buf, buflen); 260 261 if ((rc != SMBD_SMF_OK) || (*buf == '\0')) 262 return (-1); 263 } else { 264 bzero(&res_state, sizeof (struct __res_state)); 265 if (res_ninit(&res_state)) 266 return (-1); 267 268 if (*res_state.defdname == '\0') { 269 res_ndestroy(&res_state); 270 return (-1); 271 } 272 273 (void) strlcpy(buf, res_state.defdname, buflen); 274 res_ndestroy(&res_state); 275 rc = 0; 276 } 277 278 return (rc); 279 } 280 281 282 /* 283 * smb_set_machine_passwd 284 * 285 * This function should be used when setting the machine password property. 286 * The associated sequence number is incremented. 287 */ 288 static int 289 smb_set_machine_passwd(char *passwd) 290 { 291 int64_t num; 292 int rc = -1; 293 294 if (smb_config_set(SMB_CI_MACHINE_PASSWD, passwd) != SMBD_SMF_OK) 295 return (-1); 296 297 (void) mutex_lock(&seqnum_mtx); 298 (void) smb_config_getnum(SMB_CI_KPASSWD_SEQNUM, &num); 299 if (smb_config_setnum(SMB_CI_KPASSWD_SEQNUM, ++num) 300 == SMBD_SMF_OK) 301 rc = 0; 302 (void) mutex_unlock(&seqnum_mtx); 303 return (rc); 304 } 305 306 /* 307 * smb_match_netlogon_seqnum 308 * 309 * A sequence number is associated with each machine password property 310 * update and the netlogon credential chain setup. If the 311 * sequence numbers don't match, a NETLOGON credential chain 312 * establishment is required. 313 * 314 * Returns 0 if kpasswd_seqnum equals to netlogon_seqnum. Otherwise, 315 * returns -1. 316 */ 317 boolean_t 318 smb_match_netlogon_seqnum(void) 319 { 320 int64_t setpasswd_seqnum; 321 int64_t netlogon_seqnum; 322 323 (void) mutex_lock(&seqnum_mtx); 324 (void) smb_config_getnum(SMB_CI_KPASSWD_SEQNUM, &setpasswd_seqnum); 325 (void) smb_config_getnum(SMB_CI_NETLOGON_SEQNUM, &netlogon_seqnum); 326 (void) mutex_unlock(&seqnum_mtx); 327 return (setpasswd_seqnum == netlogon_seqnum); 328 } 329 330 /* 331 * smb_setdomainprops 332 * 333 * This function should be called after joining an AD to 334 * set all the domain related SMF properties. 335 * 336 * The kpasswd_domain property is the AD domain to which the system 337 * is joined via kclient. If this function is invoked by the SMB 338 * daemon, fqdn should be set to NULL. 339 */ 340 int 341 smb_setdomainprops(char *fqdn, char *server, char *passwd) 342 { 343 if (server == NULL || passwd == NULL) 344 return (-1); 345 346 if ((*server == '\0') || (*passwd == '\0')) 347 return (-1); 348 349 if (fqdn && (smb_config_set(SMB_CI_KPASSWD_DOMAIN, fqdn) != 0)) 350 return (-1); 351 352 if (smb_config_set(SMB_CI_KPASSWD_SRV, server) != 0) 353 return (-1); 354 355 if (smb_set_machine_passwd(passwd) != 0) { 356 syslog(LOG_ERR, "smb_setdomainprops: failed to set" 357 " machine account password"); 358 return (-1); 359 } 360 361 /* 362 * If we successfully create a trust account, we mark 363 * ourselves as a domain member in the environment so 364 * that we use the SAMLOGON version of the NETLOGON 365 * PDC location protocol. 366 */ 367 (void) smb_config_setbool(SMB_CI_DOMAIN_MEMB, B_TRUE); 368 369 return (0); 370 } 371 372 /* 373 * smb_update_netlogon_seqnum 374 * 375 * This function should only be called upon a successful netlogon 376 * credential chain establishment to set the sequence number of the 377 * netlogon to match with that of the kpasswd. 378 */ 379 void 380 smb_update_netlogon_seqnum(void) 381 { 382 int64_t num; 383 384 (void) mutex_lock(&seqnum_mtx); 385 (void) smb_config_getnum(SMB_CI_KPASSWD_SEQNUM, &num); 386 (void) smb_config_setnum(SMB_CI_NETLOGON_SEQNUM, num); 387 (void) mutex_unlock(&seqnum_mtx); 388 } 389 390 391 /* 392 * Temporary fbt for dtrace until user space sdt enabled. 393 */ 394 void 395 smb_tracef(const char *fmt, ...) 396 { 397 va_list ap; 398 char buf[128]; 399 400 va_start(ap, fmt); 401 (void) vsnprintf(buf, 128, fmt, ap); 402 va_end(ap); 403 404 smb_trace(buf); 405 } 406 407 /* 408 * Temporary fbt for dtrace until user space sdt enabled. 409 */ 410 void 411 smb_trace(const char *s) 412 { 413 syslog(LOG_DEBUG, "%s", s); 414 } 415 416 /* 417 * smb_tonetbiosname 418 * 419 * Creates a NetBIOS name based on the given name and suffix. 420 * NetBIOS name is 15 capital characters, padded with space if needed 421 * and the 16th byte is the suffix. 422 */ 423 void 424 smb_tonetbiosname(char *name, char *nb_name, char suffix) 425 { 426 char tmp_name[NETBIOS_NAME_SZ]; 427 mts_wchar_t wtmp_name[NETBIOS_NAME_SZ]; 428 unsigned int cpid; 429 int len; 430 size_t rc; 431 432 len = 0; 433 rc = mts_mbstowcs(wtmp_name, (const char *)name, NETBIOS_NAME_SZ); 434 435 if (rc != (size_t)-1) { 436 wtmp_name[NETBIOS_NAME_SZ - 1] = 0; 437 cpid = oem_get_smb_cpid(); 438 rc = unicodestooems(tmp_name, wtmp_name, NETBIOS_NAME_SZ, cpid); 439 if (rc > 0) 440 len = strlen(tmp_name); 441 } 442 443 (void) memset(nb_name, ' ', NETBIOS_NAME_SZ - 1); 444 if (len) { 445 (void) utf8_strupr(tmp_name); 446 (void) memcpy(nb_name, tmp_name, len); 447 } 448 nb_name[NETBIOS_NAME_SZ - 1] = suffix; 449 } 450 451 int 452 smb_get_nameservers(smb_inaddr_t *ips, int sz) 453 { 454 union res_sockaddr_union set[MAXNS]; 455 int i, cnt; 456 struct __res_state res_state; 457 char ipstr[INET6_ADDRSTRLEN]; 458 459 if (ips == NULL) 460 return (0); 461 462 bzero(&res_state, sizeof (struct __res_state)); 463 if (res_ninit(&res_state) < 0) 464 return (0); 465 466 cnt = res_getservers(&res_state, set, MAXNS); 467 for (i = 0; i < cnt; i++) { 468 if (i >= sz) 469 break; 470 ips[i].a_family = AF_INET; 471 bcopy(&set[i].sin.sin_addr, &ips[i].a_ipv4, INADDRSZ); 472 if (inet_ntop(AF_INET, &ips[i].a_ipv4, ipstr, 473 INET_ADDRSTRLEN)) { 474 syslog(LOG_DEBUG, "Found %s name server\n", ipstr); 475 continue; 476 } 477 ips[i].a_family = AF_INET6; 478 bcopy(&set[i].sin.sin_addr, &ips[i].a_ipv6, IPV6_ADDR_LEN); 479 if (inet_ntop(AF_INET6, &ips[i].a_ipv6, ipstr, 480 INET6_ADDRSTRLEN)) { 481 syslog(LOG_DEBUG, "Found %s name server\n", ipstr); 482 } 483 } 484 res_ndestroy(&res_state); 485 return (i); 486 } 487 /* 488 * smb_gethostbyname 489 * 490 * Looks up a host by the given name. The host entry can come 491 * from any of the sources for hosts specified in the 492 * /etc/nsswitch.conf and the NetBIOS cache. 493 * 494 * XXX Invokes nbt_name_resolve API once the NBTD is integrated 495 * to look in the NetBIOS cache if getipnodebyname fails. 496 * 497 * Caller should invoke freehostent to free the returned hostent. 498 */ 499 struct hostent * 500 smb_gethostbyname(const char *name, int *err_num) 501 { 502 struct hostent *h; 503 504 h = getipnodebyname(name, AF_INET, 0, err_num); 505 if ((h == NULL) || h->h_length != INADDRSZ) 506 h = getipnodebyname(name, AF_INET6, AI_DEFAULT, err_num); 507 return (h); 508 } 509 510 /* 511 * smb_gethostbyaddr 512 * 513 * Looks up a host by the given IP address. The host entry can come 514 * from any of the sources for hosts specified in the 515 * /etc/nsswitch.conf and the NetBIOS cache. 516 * 517 * XXX Invokes nbt API to resolve name by IP once the NBTD is integrated 518 * to look in the NetBIOS cache if getipnodebyaddr fails. 519 * 520 * Caller should invoke freehostent to free the returned hostent. 521 */ 522 struct hostent * 523 smb_gethostbyaddr(const char *addr, int len, int type, int *err_num) 524 { 525 struct hostent *h; 526 527 h = getipnodebyaddr(addr, len, type, err_num); 528 529 return (h); 530 } 531 532 /* 533 * Check to see if the given name is the hostname. 534 * It checks the hostname returned by OS and also both 535 * fully qualified and NetBIOS forms of the host name. 536 */ 537 boolean_t 538 smb_ishostname(const char *name) 539 { 540 char hostname[MAXHOSTNAMELEN]; 541 int rc; 542 543 if (strchr(name, '.') != NULL) 544 rc = smb_getfqhostname(hostname, MAXHOSTNAMELEN); 545 else { 546 if (strlen(name) < NETBIOS_NAME_SZ) 547 rc = smb_getnetbiosname(hostname, MAXHOSTNAMELEN); 548 else 549 rc = smb_gethostname(hostname, MAXHOSTNAMELEN, 1); 550 } 551 552 if (rc != 0) 553 return (B_FALSE); 554 555 return (utf8_strcasecmp(name, hostname) == 0); 556 } 557