xref: /titanic_41/usr/src/lib/smbsrv/libsmb/common/smb_info.c (revision 5203bc321053fb87d7073c7640548fab73634793)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23  */
24 
25 #include <assert.h>
26 #include <sys/types.h>
27 #include <stdarg.h>
28 #include <unistd.h>
29 #include <stdlib.h>
30 #include <time.h>
31 #include <synch.h>
32 #include <syslog.h>
33 #include <string.h>
34 #include <strings.h>
35 #include <errno.h>
36 #include <net/if.h>
37 #include <netdb.h>
38 #include <netinet/in.h>
39 #include <arpa/nameser.h>
40 #include <resolv.h>
41 #include <sys/sockio.h>
42 #include <sys/socket.h>
43 #include <smbsrv/smbinfo.h>
44 #include <smbsrv/netbios.h>
45 #include <smbsrv/libsmb.h>
46 
47 static mutex_t seqnum_mtx;
48 
49 /*
50  * IPC connection information that may be passed to the SMB Redirector.
51  */
52 typedef struct {
53 	char	user[SMB_USERNAME_MAXLEN];
54 	uint8_t	passwd[SMBAUTH_HASH_SZ];
55 } smb_ipc_t;
56 
57 static smb_ipc_t	ipc_info;
58 static smb_ipc_t	ipc_orig_info;
59 static rwlock_t		smb_ipc_lock;
60 
61 /*
62  * Some older clients (Windows 98) only handle the low byte
63  * of the max workers value. If the low byte is less than
64  * SMB_PI_MAX_WORKERS_MIN set it to SMB_PI_MAX_WORKERS_MIN.
65  */
66 void
67 smb_load_kconfig(smb_kmod_cfg_t *kcfg)
68 {
69 	int64_t citem;
70 
71 	bzero(kcfg, sizeof (smb_kmod_cfg_t));
72 
73 	(void) smb_config_getnum(SMB_CI_MAX_WORKERS, &citem);
74 	kcfg->skc_maxworkers = (uint32_t)citem;
75 	if ((kcfg->skc_maxworkers & 0xFF) < SMB_PI_MAX_WORKERS_MIN) {
76 		kcfg->skc_maxworkers &= ~0xFF;
77 		kcfg->skc_maxworkers += SMB_PI_MAX_WORKERS_MIN;
78 	}
79 
80 	(void) smb_config_getnum(SMB_CI_KEEPALIVE, &citem);
81 	kcfg->skc_keepalive = (uint32_t)citem;
82 	if ((kcfg->skc_keepalive != 0) &&
83 	    (kcfg->skc_keepalive < SMB_PI_KEEP_ALIVE_MIN))
84 		kcfg->skc_keepalive = SMB_PI_KEEP_ALIVE_MIN;
85 
86 	(void) smb_config_getnum(SMB_CI_MAX_CONNECTIONS, &citem);
87 	kcfg->skc_maxconnections = (uint32_t)citem;
88 	kcfg->skc_restrict_anon = smb_config_getbool(SMB_CI_RESTRICT_ANON);
89 	kcfg->skc_signing_enable = smb_config_getbool(SMB_CI_SIGNING_ENABLE);
90 	kcfg->skc_signing_required = smb_config_getbool(SMB_CI_SIGNING_REQD);
91 	kcfg->skc_ipv6_enable = smb_config_getbool(SMB_CI_IPV6_ENABLE);
92 	kcfg->skc_oplock_enable = smb_config_getbool(SMB_CI_OPLOCK_ENABLE);
93 	kcfg->skc_sync_enable = smb_config_getbool(SMB_CI_SYNC_ENABLE);
94 	kcfg->skc_secmode = smb_config_get_secmode();
95 	(void) smb_getdomainname(kcfg->skc_nbdomain,
96 	    sizeof (kcfg->skc_nbdomain));
97 	(void) smb_getfqdomainname(kcfg->skc_fqdn,
98 	    sizeof (kcfg->skc_fqdn));
99 	(void) smb_getnetbiosname(kcfg->skc_hostname,
100 	    sizeof (kcfg->skc_hostname));
101 	(void) smb_config_getstr(SMB_CI_SYS_CMNT, kcfg->skc_system_comment,
102 	    sizeof (kcfg->skc_system_comment));
103 	smb_config_get_version(&kcfg->skc_version);
104 	kcfg->skc_execflags = smb_config_get_execinfo(NULL, NULL, 0);
105 }
106 
107 /*
108  * Get the current system NetBIOS name.  The hostname is truncated at
109  * the first `.` or 15 bytes, whichever occurs first, and converted
110  * to uppercase (by smb_gethostname).  Text that appears after the
111  * first '.' is considered to be part of the NetBIOS scope.
112  *
113  * Returns 0 on success, otherwise -1 to indicate an error.
114  */
115 int
116 smb_getnetbiosname(char *buf, size_t buflen)
117 {
118 	if (smb_gethostname(buf, buflen, SMB_CASE_UPPER) != 0)
119 		return (-1);
120 
121 	if (buflen >= NETBIOS_NAME_SZ)
122 		buf[NETBIOS_NAME_SZ - 1] = '\0';
123 
124 	return (0);
125 }
126 
127 /*
128  * Get the SAM account of the current system.
129  * Returns 0 on success, otherwise, -1 to indicate an error.
130  */
131 int
132 smb_getsamaccount(char *buf, size_t buflen)
133 {
134 	if (smb_getnetbiosname(buf, buflen - 1) != 0)
135 		return (-1);
136 
137 	(void) strlcat(buf, "$", buflen);
138 	return (0);
139 }
140 
141 /*
142  * Get the current system node name.  The returned name is guaranteed
143  * to be null-terminated (gethostname may not null terminate the name).
144  * If the hostname has been fully-qualified for some reason, the domain
145  * part will be removed.  The returned hostname is converted to the
146  * specified case (lower, upper, or preserved).
147  *
148  * If gethostname fails, the returned buffer will contain an empty
149  * string.
150  */
151 int
152 smb_gethostname(char *buf, size_t buflen, smb_caseconv_t which)
153 {
154 	char *p;
155 
156 	if (buf == NULL || buflen == 0)
157 		return (-1);
158 
159 	if (gethostname(buf, buflen) != 0) {
160 		*buf = '\0';
161 		return (-1);
162 	}
163 
164 	buf[buflen - 1] = '\0';
165 
166 	if ((p = strchr(buf, '.')) != NULL)
167 		*p = '\0';
168 
169 	switch (which) {
170 	case SMB_CASE_LOWER:
171 		(void) smb_strlwr(buf);
172 		break;
173 
174 	case SMB_CASE_UPPER:
175 		(void) smb_strupr(buf);
176 		break;
177 
178 	case SMB_CASE_PRESERVE:
179 	default:
180 		break;
181 	}
182 
183 	return (0);
184 }
185 
186 /*
187  * Obtain the fully-qualified name for this machine in lower case.  If
188  * the hostname is fully-qualified, accept it.  Otherwise, try to find an
189  * appropriate domain name to append to the hostname.
190  */
191 int
192 smb_getfqhostname(char *buf, size_t buflen)
193 {
194 	char hostname[MAXHOSTNAMELEN];
195 	char domain[MAXHOSTNAMELEN];
196 
197 	hostname[0] = '\0';
198 	domain[0] = '\0';
199 
200 	if (smb_gethostname(hostname, MAXHOSTNAMELEN,
201 	    SMB_CASE_LOWER) != 0)
202 		return (-1);
203 
204 	if (smb_getfqdomainname(domain, MAXHOSTNAMELEN) != 0)
205 		return (-1);
206 
207 	if (hostname[0] == '\0')
208 		return (-1);
209 
210 	if (domain[0] == '\0') {
211 		(void) strlcpy(buf, hostname, buflen);
212 		return (0);
213 	}
214 
215 	(void) snprintf(buf, buflen, "%s.%s", hostname, domain);
216 	return (0);
217 }
218 
219 /*
220  * smb_getdomainname
221  *
222  * Returns NETBIOS name of the domain if the system is in domain
223  * mode. Or returns workgroup name if the system is in workgroup
224  * mode.
225  */
226 int
227 smb_getdomainname(char *buf, size_t buflen)
228 {
229 	int rc;
230 
231 	if (buf == NULL || buflen == 0)
232 		return (-1);
233 
234 	*buf = '\0';
235 	rc = smb_config_getstr(SMB_CI_DOMAIN_NAME, buf, buflen);
236 
237 	if ((rc != SMBD_SMF_OK) || (*buf == '\0'))
238 		return (-1);
239 
240 	return (0);
241 }
242 
243 /*
244  * smb_getfqdomainname
245  *
246  * In the system is in domain mode, the dns_domain property value
247  * is returned. Otherwise, it returns the local domain obtained via
248  * resolver.
249  *
250  * Returns 0 upon success.  Otherwise, returns -1.
251  */
252 int
253 smb_getfqdomainname(char *buf, size_t buflen)
254 {
255 	struct __res_state res_state;
256 	int rc;
257 
258 	if (buf == NULL || buflen == 0)
259 		return (-1);
260 
261 	*buf = '\0';
262 	if (smb_config_get_secmode() == SMB_SECMODE_DOMAIN) {
263 		rc = smb_config_getstr(SMB_CI_DOMAIN_FQDN, buf, buflen);
264 
265 		if ((rc != SMBD_SMF_OK) || (*buf == '\0'))
266 			return (-1);
267 	} else {
268 		bzero(&res_state, sizeof (struct __res_state));
269 		if (res_ninit(&res_state))
270 			return (-1);
271 
272 		if (*res_state.defdname == '\0') {
273 			res_ndestroy(&res_state);
274 			return (-1);
275 		}
276 
277 		(void) strlcpy(buf, res_state.defdname, buflen);
278 		res_ndestroy(&res_state);
279 		rc = 0;
280 	}
281 
282 	return (rc);
283 }
284 
285 
286 /*
287  * smb_set_machine_passwd
288  *
289  * This function should be used when setting the machine password property.
290  * The associated sequence number is incremented.
291  */
292 static int
293 smb_set_machine_passwd(char *passwd)
294 {
295 	int64_t num;
296 	int rc = -1;
297 
298 	if (smb_config_set(SMB_CI_MACHINE_PASSWD, passwd) != SMBD_SMF_OK)
299 		return (-1);
300 
301 	(void) mutex_lock(&seqnum_mtx);
302 	(void) smb_config_getnum(SMB_CI_KPASSWD_SEQNUM, &num);
303 	if (smb_config_setnum(SMB_CI_KPASSWD_SEQNUM, ++num)
304 	    == SMBD_SMF_OK)
305 		rc = 0;
306 	(void) mutex_unlock(&seqnum_mtx);
307 	return (rc);
308 }
309 
310 static int
311 smb_get_machine_passwd(uint8_t *buf, size_t buflen)
312 {
313 	char pwd[SMB_PASSWD_MAXLEN + 1];
314 	int rc;
315 
316 	if (buflen < SMBAUTH_HASH_SZ)
317 		return (-1);
318 
319 	rc = smb_config_getstr(SMB_CI_MACHINE_PASSWD, pwd, sizeof (pwd));
320 	if ((rc != SMBD_SMF_OK) || *pwd == '\0')
321 		return (-1);
322 
323 	if (smb_auth_ntlm_hash(pwd, buf) != 0)
324 		return (-1);
325 
326 	return (rc);
327 }
328 
329 /*
330  * Set up IPC connection credentials.
331  */
332 void
333 smb_ipc_init(void)
334 {
335 	int rc;
336 
337 	(void) rw_wrlock(&smb_ipc_lock);
338 	bzero(&ipc_info, sizeof (smb_ipc_t));
339 	bzero(&ipc_orig_info, sizeof (smb_ipc_t));
340 
341 	(void) smb_getsamaccount(ipc_info.user, SMB_USERNAME_MAXLEN);
342 	rc = smb_get_machine_passwd(ipc_info.passwd, SMBAUTH_HASH_SZ);
343 	if (rc != 0)
344 		*ipc_info.passwd = 0;
345 	(void) rw_unlock(&smb_ipc_lock);
346 
347 }
348 
349 /*
350  * Set the IPC username and password hash in memory.  If the domain
351  * join succeeds, the credentials will be committed for use with
352  * authenticated IPC.  Otherwise, they should be rolled back.
353  */
354 void
355 smb_ipc_set(char *plain_user, uint8_t *passwd_hash)
356 {
357 	(void) rw_wrlock(&smb_ipc_lock);
358 	(void) strlcpy(ipc_info.user, plain_user, sizeof (ipc_info.user));
359 	(void) memcpy(ipc_info.passwd, passwd_hash, SMBAUTH_HASH_SZ);
360 	(void) rw_unlock(&smb_ipc_lock);
361 
362 }
363 
364 /*
365  * Save the host credentials to be used for authenticated IPC.
366  * The credentials are also saved to the original IPC info as
367  * rollback data in case the join domain process fails later.
368  */
369 void
370 smb_ipc_commit(void)
371 {
372 	(void) rw_wrlock(&smb_ipc_lock);
373 	(void) smb_getsamaccount(ipc_info.user, SMB_USERNAME_MAXLEN);
374 	(void) smb_get_machine_passwd(ipc_info.passwd, SMBAUTH_HASH_SZ);
375 	(void) memcpy(&ipc_orig_info, &ipc_info, sizeof (smb_ipc_t));
376 	(void) rw_unlock(&smb_ipc_lock);
377 }
378 
379 /*
380  * Restore the original credentials
381  */
382 void
383 smb_ipc_rollback(void)
384 {
385 	(void) rw_wrlock(&smb_ipc_lock);
386 	(void) strlcpy(ipc_info.user, ipc_orig_info.user,
387 	    sizeof (ipc_info.user));
388 	(void) memcpy(ipc_info.passwd, ipc_orig_info.passwd,
389 	    sizeof (ipc_info.passwd));
390 	(void) rw_unlock(&smb_ipc_lock);
391 }
392 
393 void
394 smb_ipc_get_user(char *buf, size_t buflen)
395 {
396 	(void) rw_rdlock(&smb_ipc_lock);
397 	(void) strlcpy(buf, ipc_info.user, buflen);
398 	(void) rw_unlock(&smb_ipc_lock);
399 }
400 
401 void
402 smb_ipc_get_passwd(uint8_t *buf, size_t buflen)
403 {
404 	if (buflen < SMBAUTH_HASH_SZ)
405 		return;
406 
407 	(void) rw_rdlock(&smb_ipc_lock);
408 	(void) memcpy(buf, ipc_info.passwd, SMBAUTH_HASH_SZ);
409 	(void) rw_unlock(&smb_ipc_lock);
410 }
411 
412 /*
413  * smb_match_netlogon_seqnum
414  *
415  * A sequence number is associated with each machine password property
416  * update and the netlogon credential chain setup. If the
417  * sequence numbers don't match, a NETLOGON credential chain
418  * establishment is required.
419  *
420  * Returns 0 if kpasswd_seqnum equals to netlogon_seqnum. Otherwise,
421  * returns -1.
422  */
423 boolean_t
424 smb_match_netlogon_seqnum(void)
425 {
426 	int64_t setpasswd_seqnum;
427 	int64_t netlogon_seqnum;
428 
429 	(void) mutex_lock(&seqnum_mtx);
430 	(void) smb_config_getnum(SMB_CI_KPASSWD_SEQNUM, &setpasswd_seqnum);
431 	(void) smb_config_getnum(SMB_CI_NETLOGON_SEQNUM, &netlogon_seqnum);
432 	(void) mutex_unlock(&seqnum_mtx);
433 	return (setpasswd_seqnum == netlogon_seqnum);
434 }
435 
436 /*
437  * smb_setdomainprops
438  *
439  * This function should be called after joining an AD to
440  * set all the domain related SMF properties.
441  *
442  * The kpasswd_domain property is the AD domain to which the system
443  * is joined via kclient. If this function is invoked by the SMB
444  * daemon, fqdn should be set to NULL.
445  */
446 int
447 smb_setdomainprops(char *fqdn, char *server, char *passwd)
448 {
449 	if (server == NULL || passwd == NULL)
450 		return (-1);
451 
452 	if ((*server == '\0') || (*passwd == '\0'))
453 		return (-1);
454 
455 	if (fqdn && (smb_config_set(SMB_CI_KPASSWD_DOMAIN, fqdn) != 0))
456 		return (-1);
457 
458 	if (smb_config_set(SMB_CI_KPASSWD_SRV, server) != 0)
459 		return (-1);
460 
461 	if (smb_set_machine_passwd(passwd) != 0) {
462 		syslog(LOG_ERR, "smb_setdomainprops: failed to set"
463 		    " machine account password");
464 		return (-1);
465 	}
466 
467 	/*
468 	 * If we successfully create a trust account, we mark
469 	 * ourselves as a domain member in the environment so
470 	 * that we use the SAMLOGON version of the NETLOGON
471 	 * PDC location protocol.
472 	 */
473 	(void) smb_config_setbool(SMB_CI_DOMAIN_MEMB, B_TRUE);
474 
475 	return (0);
476 }
477 
478 /*
479  * smb_update_netlogon_seqnum
480  *
481  * This function should only be called upon a successful netlogon
482  * credential chain establishment to set the sequence number of the
483  * netlogon to match with that of the kpasswd.
484  */
485 void
486 smb_update_netlogon_seqnum(void)
487 {
488 	int64_t num;
489 
490 	(void) mutex_lock(&seqnum_mtx);
491 	(void) smb_config_getnum(SMB_CI_KPASSWD_SEQNUM, &num);
492 	(void) smb_config_setnum(SMB_CI_NETLOGON_SEQNUM, num);
493 	(void) mutex_unlock(&seqnum_mtx);
494 }
495 
496 
497 /*
498  * Temporary fbt for dtrace until user space sdt enabled.
499  */
500 void
501 smb_tracef(const char *fmt, ...)
502 {
503 	va_list ap;
504 	char buf[128];
505 
506 	va_start(ap, fmt);
507 	(void) vsnprintf(buf, 128, fmt, ap);
508 	va_end(ap);
509 
510 	smb_trace(buf);
511 }
512 
513 /*
514  * Temporary fbt for dtrace until user space sdt enabled.
515  */
516 void
517 smb_trace(const char *s)
518 {
519 	syslog(LOG_DEBUG, "%s", s);
520 }
521 
522 /*
523  * smb_tonetbiosname
524  *
525  * Creates a NetBIOS name based on the given name and suffix.
526  * NetBIOS name is 15 capital characters, padded with space if needed
527  * and the 16th byte is the suffix.
528  */
529 void
530 smb_tonetbiosname(char *name, char *nb_name, char suffix)
531 {
532 	char tmp_name[NETBIOS_NAME_SZ];
533 	smb_wchar_t wtmp_name[NETBIOS_NAME_SZ];
534 	int len;
535 	size_t rc;
536 
537 	len = 0;
538 	rc = smb_mbstowcs(wtmp_name, (const char *)name, NETBIOS_NAME_SZ);
539 
540 	if (rc != (size_t)-1) {
541 		wtmp_name[NETBIOS_NAME_SZ - 1] = 0;
542 		rc = ucstooem(tmp_name, wtmp_name, NETBIOS_NAME_SZ,
543 		    OEM_CPG_850);
544 		if (rc > 0)
545 			len = strlen(tmp_name);
546 	}
547 
548 	(void) memset(nb_name, ' ', NETBIOS_NAME_SZ - 1);
549 	if (len) {
550 		(void) smb_strupr(tmp_name);
551 		(void) memcpy(nb_name, tmp_name, len);
552 	}
553 	nb_name[NETBIOS_NAME_SZ - 1] = suffix;
554 }
555 
556 int
557 smb_get_nameservers(smb_inaddr_t *ips, int sz)
558 {
559 	union res_sockaddr_union set[MAXNS];
560 	int i, cnt;
561 	struct __res_state res_state;
562 	char ipstr[INET6_ADDRSTRLEN];
563 
564 	if (ips == NULL)
565 		return (0);
566 
567 	bzero(&res_state, sizeof (struct __res_state));
568 	if (res_ninit(&res_state) < 0)
569 		return (0);
570 
571 	cnt = res_getservers(&res_state, set, MAXNS);
572 	for (i = 0; i < cnt; i++) {
573 		if (i >= sz)
574 			break;
575 		ips[i].a_family = AF_INET;
576 		bcopy(&set[i].sin.sin_addr, &ips[i].a_ipv4, INADDRSZ);
577 		if (inet_ntop(AF_INET, &ips[i].a_ipv4, ipstr,
578 		    INET_ADDRSTRLEN)) {
579 			syslog(LOG_DEBUG, "Found %s name server\n", ipstr);
580 			continue;
581 		}
582 		ips[i].a_family = AF_INET6;
583 		bcopy(&set[i].sin.sin_addr, &ips[i].a_ipv6, IPV6_ADDR_LEN);
584 		if (inet_ntop(AF_INET6, &ips[i].a_ipv6, ipstr,
585 		    INET6_ADDRSTRLEN)) {
586 			syslog(LOG_DEBUG, "Found %s name server\n", ipstr);
587 		}
588 	}
589 	res_ndestroy(&res_state);
590 	return (i);
591 }
592 
593 /*
594  * smb_gethostbyname
595  *
596  * Looks up a host by the given name. The host entry can come
597  * from any of the sources for hosts specified in the
598  * /etc/nsswitch.conf and the NetBIOS cache.
599  *
600  * XXX Invokes nbt_name_resolve API once the NBTD is integrated
601  * to look in the NetBIOS cache if getipnodebyname fails.
602  *
603  * Caller should invoke freehostent to free the returned hostent.
604  */
605 struct hostent *
606 smb_gethostbyname(const char *name, int *err_num)
607 {
608 	struct hostent *h;
609 
610 	h = getipnodebyname(name, AF_INET, 0, err_num);
611 	if ((h == NULL) || h->h_length != INADDRSZ)
612 		h = getipnodebyname(name, AF_INET6, AI_DEFAULT, err_num);
613 	return (h);
614 }
615 
616 /*
617  * smb_gethostbyaddr
618  *
619  * Looks up a host by the given IP address. The host entry can come
620  * from any of the sources for hosts specified in the
621  * /etc/nsswitch.conf and the NetBIOS cache.
622  *
623  * XXX Invokes nbt API to resolve name by IP once the NBTD is integrated
624  * to look in the NetBIOS cache if getipnodebyaddr fails.
625  *
626  * Caller should invoke freehostent to free the returned hostent.
627  */
628 struct hostent *
629 smb_gethostbyaddr(const char *addr, int len, int type, int *err_num)
630 {
631 	struct hostent *h;
632 
633 	h = getipnodebyaddr(addr, len, type, err_num);
634 
635 	return (h);
636 }
637