xref: /titanic_44/usr/src/cmd/idmap/idmapd/idmap_lsa.c (revision 148c5f43199ca0b43fc8e3b643aab11cd66ea327) 
1*148c5f43SAlan Wright /*
2*148c5f43SAlan Wright  * CDDL HEADER START
3*148c5f43SAlan Wright  *
4*148c5f43SAlan Wright  * The contents of this file are subject to the terms of the
5*148c5f43SAlan Wright  * Common Development and Distribution License (the "License").
6*148c5f43SAlan Wright  * You may not use this file except in compliance with the License.
7*148c5f43SAlan Wright  *
8*148c5f43SAlan Wright  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9*148c5f43SAlan Wright  * or http://www.opensolaris.org/os/licensing.
10*148c5f43SAlan Wright  * See the License for the specific language governing permissions
11*148c5f43SAlan Wright  * and limitations under the License.
12*148c5f43SAlan Wright  *
13*148c5f43SAlan Wright  * When distributing Covered Code, include this CDDL HEADER in each
14*148c5f43SAlan Wright  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15*148c5f43SAlan Wright  * If applicable, add the following below this CDDL HEADER, with the
16*148c5f43SAlan Wright  * fields enclosed by brackets "[]" replaced with your own identifying
17*148c5f43SAlan Wright  * information: Portions Copyright [yyyy] [name of copyright owner]
18*148c5f43SAlan Wright  *
19*148c5f43SAlan Wright  * CDDL HEADER END
20*148c5f43SAlan Wright  */
21*148c5f43SAlan Wright 
22*148c5f43SAlan Wright /*
23*148c5f43SAlan Wright  * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
24*148c5f43SAlan Wright  */
25*148c5f43SAlan Wright 
26*148c5f43SAlan Wright /*
27*148c5f43SAlan Wright  * LSA lookups
28*148c5f43SAlan Wright  */
29*148c5f43SAlan Wright 
30*148c5f43SAlan Wright #include <stdio.h>
31*148c5f43SAlan Wright #include <note.h>
32*148c5f43SAlan Wright #include <assert.h>
33*148c5f43SAlan Wright 
34*148c5f43SAlan Wright #include "idmapd.h"
35*148c5f43SAlan Wright #include "libsmb.h"
36*148c5f43SAlan Wright 
37*148c5f43SAlan Wright idmap_retcode
idmap_lsa_xlate_sid_type(const lsa_account_t * acct,idmap_id_type * ret_type)38*148c5f43SAlan Wright idmap_lsa_xlate_sid_type(const lsa_account_t *acct, idmap_id_type *ret_type)
39*148c5f43SAlan Wright {
40*148c5f43SAlan Wright 	switch (acct->a_sidtype) {
41*148c5f43SAlan Wright 	case SidTypeUser:
42*148c5f43SAlan Wright 	case SidTypeComputer:
43*148c5f43SAlan Wright 	case SidTypeDomain:
44*148c5f43SAlan Wright 	case SidTypeDeletedAccount:
45*148c5f43SAlan Wright 	case SidTypeUnknown:
46*148c5f43SAlan Wright 	case SidTypeLabel:
47*148c5f43SAlan Wright 		*ret_type = IDMAP_USID;
48*148c5f43SAlan Wright 		return (IDMAP_SUCCESS);
49*148c5f43SAlan Wright 	case SidTypeGroup:
50*148c5f43SAlan Wright 	case SidTypeAlias:
51*148c5f43SAlan Wright 	case SidTypeWellKnownGroup:
52*148c5f43SAlan Wright 		*ret_type = IDMAP_GSID;
53*148c5f43SAlan Wright 		return (IDMAP_SUCCESS);
54*148c5f43SAlan Wright 	case SidTypeNull:
55*148c5f43SAlan Wright 	case SidTypeInvalid:
56*148c5f43SAlan Wright 	default:
57*148c5f43SAlan Wright 		idmapdlog(LOG_WARNING,
58*148c5f43SAlan Wright 		    "LSA lookup:  bad type %d for %s@%s",
59*148c5f43SAlan Wright 		    acct->a_sidtype, acct->a_name, acct->a_domain);
60*148c5f43SAlan Wright 		return (IDMAP_ERR_OTHER);
61*148c5f43SAlan Wright 	}
62*148c5f43SAlan Wright 	NOTE(NOTREACHED)
63*148c5f43SAlan Wright }
64*148c5f43SAlan Wright 
65*148c5f43SAlan Wright /* Given SID, look up name and type */
66*148c5f43SAlan Wright idmap_retcode
lookup_lsa_by_sid(const char * sidprefix,uint32_t rid,char ** ret_name,char ** ret_domain,idmap_id_type * ret_type)67*148c5f43SAlan Wright lookup_lsa_by_sid(
68*148c5f43SAlan Wright     const char *sidprefix,
69*148c5f43SAlan Wright     uint32_t rid,
70*148c5f43SAlan Wright     char **ret_name,
71*148c5f43SAlan Wright     char **ret_domain,
72*148c5f43SAlan Wright     idmap_id_type *ret_type)
73*148c5f43SAlan Wright {
74*148c5f43SAlan Wright 	lsa_account_t acct;
75*148c5f43SAlan Wright 	char sid[SMB_SID_STRSZ + 1];
76*148c5f43SAlan Wright 	idmap_retcode ret;
77*148c5f43SAlan Wright 	int rc;
78*148c5f43SAlan Wright 
79*148c5f43SAlan Wright 	(void) memset(&acct, 0, sizeof (acct));
80*148c5f43SAlan Wright 	*ret_name = NULL;
81*148c5f43SAlan Wright 	*ret_domain = NULL;
82*148c5f43SAlan Wright 
83*148c5f43SAlan Wright 	(void) snprintf(sid, sizeof (sid), "%s-%u", sidprefix, rid);
84*148c5f43SAlan Wright 
85*148c5f43SAlan Wright 	rc = smb_lookup_sid(sid, &acct);
86*148c5f43SAlan Wright 	if (rc != 0) {
87*148c5f43SAlan Wright 		idmapdlog(LOG_ERR, "Error:  smb_lookup_sid failed.");
88*148c5f43SAlan Wright 		idmapdlog(LOG_ERR,
89*148c5f43SAlan Wright 		    "Check SMB service (svc:/network/smb/server).");
90*148c5f43SAlan Wright 		idmapdlog(LOG_ERR,
91*148c5f43SAlan Wright 		    "Check connectivity to Active Directory.");
92*148c5f43SAlan Wright 
93*148c5f43SAlan Wright 		ret = IDMAP_ERR_OTHER;
94*148c5f43SAlan Wright 		goto out;
95*148c5f43SAlan Wright 	}
96*148c5f43SAlan Wright 	if (acct.a_status == NT_STATUS_NONE_MAPPED) {
97*148c5f43SAlan Wright 		ret = IDMAP_ERR_NOTFOUND;
98*148c5f43SAlan Wright 		goto out;
99*148c5f43SAlan Wright 	}
100*148c5f43SAlan Wright 	if (acct.a_status != NT_STATUS_SUCCESS) {
101*148c5f43SAlan Wright 		idmapdlog(LOG_WARNING,
102*148c5f43SAlan Wright 		    "Warning:  smb_lookup_sid(%s) failed (0x%x)",
103*148c5f43SAlan Wright 		    sid, acct.a_status);
104*148c5f43SAlan Wright 		/* Fail soft */
105*148c5f43SAlan Wright 		ret = IDMAP_ERR_NOTFOUND;
106*148c5f43SAlan Wright 		goto out;
107*148c5f43SAlan Wright 	}
108*148c5f43SAlan Wright 
109*148c5f43SAlan Wright 	ret = idmap_lsa_xlate_sid_type(&acct, ret_type);
110*148c5f43SAlan Wright 	if (ret != IDMAP_SUCCESS)
111*148c5f43SAlan Wright 		goto out;
112*148c5f43SAlan Wright 
113*148c5f43SAlan Wright 	*ret_name = strdup(acct.a_name);
114*148c5f43SAlan Wright 	if (*ret_name == NULL) {
115*148c5f43SAlan Wright 		ret = IDMAP_ERR_MEMORY;
116*148c5f43SAlan Wright 		goto out;
117*148c5f43SAlan Wright 	}
118*148c5f43SAlan Wright 
119*148c5f43SAlan Wright 	*ret_domain = strdup(acct.a_domain);
120*148c5f43SAlan Wright 	if (*ret_domain == NULL) {
121*148c5f43SAlan Wright 		ret = IDMAP_ERR_MEMORY;
122*148c5f43SAlan Wright 		goto out;
123*148c5f43SAlan Wright 	}
124*148c5f43SAlan Wright 
125*148c5f43SAlan Wright 	ret = IDMAP_SUCCESS;
126*148c5f43SAlan Wright 
127*148c5f43SAlan Wright out:
128*148c5f43SAlan Wright 	if (ret != IDMAP_SUCCESS) {
129*148c5f43SAlan Wright 		free(*ret_name);
130*148c5f43SAlan Wright 		*ret_name = NULL;
131*148c5f43SAlan Wright 		free(*ret_domain);
132*148c5f43SAlan Wright 		*ret_domain = NULL;
133*148c5f43SAlan Wright 	}
134*148c5f43SAlan Wright 	return (ret);
135*148c5f43SAlan Wright }
136*148c5f43SAlan Wright 
137*148c5f43SAlan Wright /* Given name and optional domain, look up SID, type, and canonical name */
138*148c5f43SAlan Wright idmap_retcode
lookup_lsa_by_name(const char * name,const char * domain,char ** ret_sidprefix,uint32_t * ret_rid,char ** ret_name,char ** ret_domain,idmap_id_type * ret_type)139*148c5f43SAlan Wright lookup_lsa_by_name(
140*148c5f43SAlan Wright     const char *name,
141*148c5f43SAlan Wright     const char *domain,
142*148c5f43SAlan Wright     char **ret_sidprefix,
143*148c5f43SAlan Wright     uint32_t *ret_rid,
144*148c5f43SAlan Wright     char **ret_name,
145*148c5f43SAlan Wright     char **ret_domain,
146*148c5f43SAlan Wright     idmap_id_type *ret_type)
147*148c5f43SAlan Wright {
148*148c5f43SAlan Wright 	lsa_account_t acct;
149*148c5f43SAlan Wright 	char *namedom = NULL;
150*148c5f43SAlan Wright 	idmap_retcode ret;
151*148c5f43SAlan Wright 	int rc;
152*148c5f43SAlan Wright 
153*148c5f43SAlan Wright 	(void) memset(&acct, 0, sizeof (acct));
154*148c5f43SAlan Wright 	*ret_sidprefix = NULL;
155*148c5f43SAlan Wright 	if (ret_name != NULL)
156*148c5f43SAlan Wright 		*ret_name = NULL;
157*148c5f43SAlan Wright 	if (ret_domain != NULL)
158*148c5f43SAlan Wright 		*ret_domain = NULL;
159*148c5f43SAlan Wright 
160*148c5f43SAlan Wright 	if (domain != NULL)
161*148c5f43SAlan Wright 		(void) asprintf(&namedom, "%s@%s", name, domain);
162*148c5f43SAlan Wright 	else
163*148c5f43SAlan Wright 		namedom = strdup(name);
164*148c5f43SAlan Wright 	if (namedom == NULL) {
165*148c5f43SAlan Wright 		ret = IDMAP_ERR_MEMORY;
166*148c5f43SAlan Wright 		goto out;
167*148c5f43SAlan Wright 	}
168*148c5f43SAlan Wright 
169*148c5f43SAlan Wright 	rc = smb_lookup_name(namedom, SidTypeUnknown, &acct);
170*148c5f43SAlan Wright 	if (rc != 0) {
171*148c5f43SAlan Wright 		idmapdlog(LOG_ERR, "Error:  smb_lookup_name failed.");
172*148c5f43SAlan Wright 		idmapdlog(LOG_ERR,
173*148c5f43SAlan Wright 		    "Check SMB service (svc:/network/smb/server).");
174*148c5f43SAlan Wright 		idmapdlog(LOG_ERR,
175*148c5f43SAlan Wright 		    "Check connectivity to Active Directory.");
176*148c5f43SAlan Wright 		ret = IDMAP_ERR_OTHER;
177*148c5f43SAlan Wright 		goto out;
178*148c5f43SAlan Wright 	}
179*148c5f43SAlan Wright 	if (acct.a_status == NT_STATUS_NONE_MAPPED) {
180*148c5f43SAlan Wright 		ret = IDMAP_ERR_NOTFOUND;
181*148c5f43SAlan Wright 		goto out;
182*148c5f43SAlan Wright 	}
183*148c5f43SAlan Wright 	if (acct.a_status != NT_STATUS_SUCCESS) {
184*148c5f43SAlan Wright 		idmapdlog(LOG_WARNING,
185*148c5f43SAlan Wright 		    "Warning:  smb_lookup_name(%s) failed (0x%x)",
186*148c5f43SAlan Wright 		    namedom, acct.a_status);
187*148c5f43SAlan Wright 		/* Fail soft */
188*148c5f43SAlan Wright 		ret = IDMAP_ERR_NOTFOUND;
189*148c5f43SAlan Wright 		goto out;
190*148c5f43SAlan Wright 	}
191*148c5f43SAlan Wright 
192*148c5f43SAlan Wright 	rc = smb_sid_splitstr(acct.a_sid, ret_rid);
193*148c5f43SAlan Wright 	assert(rc == 0);
194*148c5f43SAlan Wright 	*ret_sidprefix = strdup(acct.a_sid);
195*148c5f43SAlan Wright 	if (*ret_sidprefix == NULL) {
196*148c5f43SAlan Wright 		ret = IDMAP_ERR_MEMORY;
197*148c5f43SAlan Wright 		goto out;
198*148c5f43SAlan Wright 	}
199*148c5f43SAlan Wright 
200*148c5f43SAlan Wright 	ret = idmap_lsa_xlate_sid_type(&acct, ret_type);
201*148c5f43SAlan Wright 	if (ret != IDMAP_SUCCESS)
202*148c5f43SAlan Wright 		goto out;
203*148c5f43SAlan Wright 
204*148c5f43SAlan Wright 	if (ret_name != NULL) {
205*148c5f43SAlan Wright 		*ret_name = strdup(acct.a_name);
206*148c5f43SAlan Wright 		if (*ret_name == NULL) {
207*148c5f43SAlan Wright 			ret = IDMAP_ERR_MEMORY;
208*148c5f43SAlan Wright 			goto out;
209*148c5f43SAlan Wright 		}
210*148c5f43SAlan Wright 	}
211*148c5f43SAlan Wright 
212*148c5f43SAlan Wright 	if (ret_domain != NULL) {
213*148c5f43SAlan Wright 		*ret_domain = strdup(acct.a_domain);
214*148c5f43SAlan Wright 		if (*ret_domain == NULL) {
215*148c5f43SAlan Wright 			ret = IDMAP_ERR_MEMORY;
216*148c5f43SAlan Wright 			goto out;
217*148c5f43SAlan Wright 		}
218*148c5f43SAlan Wright 	}
219*148c5f43SAlan Wright 
220*148c5f43SAlan Wright 	ret = IDMAP_SUCCESS;
221*148c5f43SAlan Wright 
222*148c5f43SAlan Wright out:
223*148c5f43SAlan Wright 	free(namedom);
224*148c5f43SAlan Wright 	if (ret != IDMAP_SUCCESS) {
225*148c5f43SAlan Wright 		if (ret_name != NULL) {
226*148c5f43SAlan Wright 			free(*ret_name);
227*148c5f43SAlan Wright 			*ret_name = NULL;
228*148c5f43SAlan Wright 		}
229*148c5f43SAlan Wright 		if (ret_domain != NULL) {
230*148c5f43SAlan Wright 			free(*ret_domain);
231*148c5f43SAlan Wright 			*ret_domain = NULL;
232*148c5f43SAlan Wright 		}
233*148c5f43SAlan Wright 		free(*ret_sidprefix);
234*148c5f43SAlan Wright 		*ret_sidprefix = NULL;
235*148c5f43SAlan Wright 	}
236*148c5f43SAlan Wright 	return (ret);
237*148c5f43SAlan Wright }
238