1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 23 * Copyright 2014 Nexenta Systems, Inc. All rights reserved. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/sockio.h> 28 #include <sys/socket.h> 29 #include <sys/utsname.h> 30 31 #include <stdarg.h> 32 #include <unistd.h> 33 #include <stdlib.h> 34 #include <time.h> 35 #include <synch.h> 36 #include <syslog.h> 37 #include <string.h> 38 #include <strings.h> 39 #include <errno.h> 40 #include <net/if.h> 41 #include <netdb.h> 42 #include <netinet/in.h> 43 #include <arpa/nameser.h> 44 #include <resolv.h> 45 46 #include <smbsrv/smbinfo.h> 47 #include <smbsrv/netbios.h> 48 #include <smbsrv/libsmb.h> 49 #include <assert.h> 50 51 static mutex_t seqnum_mtx; 52 53 /* 54 * IPC connection information that may be passed to the SMB Redirector. 55 */ 56 typedef struct { 57 char user[SMB_USERNAME_MAXLEN]; 58 uint8_t passwd[SMBAUTH_HASH_SZ]; 59 } smb_ipc_t; 60 61 static smb_ipc_t ipc_info; 62 static smb_ipc_t ipc_orig_info; 63 static rwlock_t smb_ipc_lock; 64 65 /* 66 * Some older clients (Windows 98) only handle the low byte 67 * of the max workers value. If the low byte is less than 68 * SMB_PI_MAX_WORKERS_MIN set it to SMB_PI_MAX_WORKERS_MIN. 69 */ 70 void 71 smb_load_kconfig(smb_kmod_cfg_t *kcfg) 72 { 73 struct utsname uts; 74 int64_t citem; 75 76 bzero(kcfg, sizeof (smb_kmod_cfg_t)); 77 78 (void) smb_config_getnum(SMB_CI_MAX_WORKERS, &citem); 79 kcfg->skc_maxworkers = (uint32_t)citem; 80 if ((kcfg->skc_maxworkers & 0xFF) < SMB_PI_MAX_WORKERS_MIN) { 81 kcfg->skc_maxworkers &= ~0xFF; 82 kcfg->skc_maxworkers += SMB_PI_MAX_WORKERS_MIN; 83 } 84 85 (void) smb_config_getnum(SMB_CI_KEEPALIVE, &citem); 86 kcfg->skc_keepalive = (uint32_t)citem; 87 if ((kcfg->skc_keepalive != 0) && 88 (kcfg->skc_keepalive < SMB_PI_KEEP_ALIVE_MIN)) 89 kcfg->skc_keepalive = SMB_PI_KEEP_ALIVE_MIN; 90 91 (void) smb_config_getnum(SMB_CI_MAX_CONNECTIONS, &citem); 92 kcfg->skc_maxconnections = (uint32_t)citem; 93 kcfg->skc_restrict_anon = smb_config_getbool(SMB_CI_RESTRICT_ANON); 94 kcfg->skc_signing_enable = smb_config_getbool(SMB_CI_SIGNING_ENABLE); 95 kcfg->skc_signing_required = smb_config_getbool(SMB_CI_SIGNING_REQD); 96 kcfg->skc_netbios_enable = smb_config_getbool(SMB_CI_NETBIOS_ENABLE); 97 kcfg->skc_ipv6_enable = smb_config_getbool(SMB_CI_IPV6_ENABLE); 98 kcfg->skc_print_enable = smb_config_getbool(SMB_CI_PRINT_ENABLE); 99 kcfg->skc_oplock_enable = smb_config_getbool(SMB_CI_OPLOCK_ENABLE); 100 kcfg->skc_sync_enable = smb_config_getbool(SMB_CI_SYNC_ENABLE); 101 kcfg->skc_traverse_mounts = smb_config_getbool(SMB_CI_TRAVERSE_MOUNTS); 102 kcfg->skc_secmode = smb_config_get_secmode(); 103 (void) smb_getdomainname(kcfg->skc_nbdomain, 104 sizeof (kcfg->skc_nbdomain)); 105 (void) smb_getfqdomainname(kcfg->skc_fqdn, 106 sizeof (kcfg->skc_fqdn)); 107 (void) smb_getnetbiosname(kcfg->skc_hostname, 108 sizeof (kcfg->skc_hostname)); 109 (void) smb_config_getstr(SMB_CI_SYS_CMNT, kcfg->skc_system_comment, 110 sizeof (kcfg->skc_system_comment)); 111 smb_config_get_version(&kcfg->skc_version); 112 kcfg->skc_execflags = smb_config_get_execinfo(NULL, NULL, 0); 113 if (smb_config_get_localuuid(kcfg->skc_machine_uuid) < 0) { 114 syslog(LOG_ERR, "smb_load_kconfig: no machine_uuid"); 115 uuid_generate_time(kcfg->skc_machine_uuid); 116 } 117 /* skc_negtok, skc_negtok_len: see smbd_authsvc.c */ 118 119 (void) uname(&uts); 120 (void) snprintf(kcfg->skc_native_os, sizeof (kcfg->skc_native_os), 121 "%s %s %s", uts.sysname, uts.release, uts.version); 122 123 (void) strlcpy(kcfg->skc_native_lm, "Native SMB service", 124 sizeof (kcfg->skc_native_lm)); 125 } 126 127 /* 128 * Get the current system NetBIOS name. The hostname is truncated at 129 * the first `.` or 15 bytes, whichever occurs first, and converted 130 * to uppercase (by smb_gethostname). Text that appears after the 131 * first '.' is considered to be part of the NetBIOS scope. 132 * 133 * Returns 0 on success, otherwise -1 to indicate an error. 134 */ 135 int 136 smb_getnetbiosname(char *buf, size_t buflen) 137 { 138 if (smb_gethostname(buf, buflen, SMB_CASE_UPPER) != 0) 139 return (-1); 140 141 if (buflen >= NETBIOS_NAME_SZ) 142 buf[NETBIOS_NAME_SZ - 1] = '\0'; 143 144 return (0); 145 } 146 147 /* 148 * Get the SAM account of the current system. 149 * Returns 0 on success, otherwise, -1 to indicate an error. 150 */ 151 int 152 smb_getsamaccount(char *buf, size_t buflen) 153 { 154 if (smb_getnetbiosname(buf, buflen - 1) != 0) 155 return (-1); 156 157 (void) strlcat(buf, "$", buflen); 158 return (0); 159 } 160 161 /* 162 * Get the current system node name. The returned name is guaranteed 163 * to be null-terminated (gethostname may not null terminate the name). 164 * If the hostname has been fully-qualified for some reason, the domain 165 * part will be removed. The returned hostname is converted to the 166 * specified case (lower, upper, or preserved). 167 * 168 * If gethostname fails, the returned buffer will contain an empty 169 * string. 170 */ 171 int 172 smb_gethostname(char *buf, size_t buflen, smb_caseconv_t which) 173 { 174 char *p; 175 176 if (buf == NULL || buflen == 0) 177 return (-1); 178 179 if (gethostname(buf, buflen) != 0) { 180 *buf = '\0'; 181 return (-1); 182 } 183 184 buf[buflen - 1] = '\0'; 185 186 if ((p = strchr(buf, '.')) != NULL) 187 *p = '\0'; 188 189 switch (which) { 190 case SMB_CASE_LOWER: 191 (void) smb_strlwr(buf); 192 break; 193 194 case SMB_CASE_UPPER: 195 (void) smb_strupr(buf); 196 break; 197 198 case SMB_CASE_PRESERVE: 199 default: 200 break; 201 } 202 203 return (0); 204 } 205 206 /* 207 * Obtain the fully-qualified name for this machine in lower case. If 208 * the hostname is fully-qualified, accept it. Otherwise, try to find an 209 * appropriate domain name to append to the hostname. 210 */ 211 int 212 smb_getfqhostname(char *buf, size_t buflen) 213 { 214 char hostname[MAXHOSTNAMELEN]; 215 char domain[MAXHOSTNAMELEN]; 216 217 hostname[0] = '\0'; 218 domain[0] = '\0'; 219 220 if (smb_gethostname(hostname, MAXHOSTNAMELEN, 221 SMB_CASE_LOWER) != 0) 222 return (-1); 223 224 if (smb_getfqdomainname(domain, MAXHOSTNAMELEN) != 0) 225 return (-1); 226 227 if (hostname[0] == '\0') 228 return (-1); 229 230 if (domain[0] == '\0') { 231 (void) strlcpy(buf, hostname, buflen); 232 return (0); 233 } 234 235 (void) snprintf(buf, buflen, "%s.%s", hostname, domain); 236 return (0); 237 } 238 239 /* 240 * smb_getdomainname 241 * 242 * Returns NETBIOS name of the domain if the system is in domain 243 * mode. Or returns workgroup name if the system is in workgroup 244 * mode. 245 */ 246 int 247 smb_getdomainname(char *buf, size_t buflen) 248 { 249 int rc; 250 251 if (buf == NULL || buflen == 0) 252 return (-1); 253 254 *buf = '\0'; 255 rc = smb_config_getstr(SMB_CI_DOMAIN_NAME, buf, buflen); 256 257 if ((rc != SMBD_SMF_OK) || (*buf == '\0')) 258 return (-1); 259 260 return (0); 261 } 262 263 /* 264 * smb_getfqdomainname 265 * 266 * In the system is in domain mode, the dns_domain property value 267 * is returned. Otherwise, it returns the local domain obtained via 268 * resolver. 269 * 270 * Returns 0 upon success. Otherwise, returns -1. 271 */ 272 int 273 smb_getfqdomainname(char *buf, size_t buflen) 274 { 275 struct __res_state res_state; 276 int rc; 277 278 if (buf == NULL || buflen == 0) 279 return (-1); 280 281 *buf = '\0'; 282 if (smb_config_get_secmode() == SMB_SECMODE_DOMAIN) { 283 rc = smb_config_getstr(SMB_CI_DOMAIN_FQDN, buf, buflen); 284 285 if ((rc != SMBD_SMF_OK) || (*buf == '\0')) 286 return (-1); 287 } else { 288 bzero(&res_state, sizeof (struct __res_state)); 289 if (res_ninit(&res_state)) 290 return (-1); 291 292 if (*res_state.defdname == '\0') { 293 res_ndestroy(&res_state); 294 return (-1); 295 } 296 297 (void) strlcpy(buf, res_state.defdname, buflen); 298 res_ndestroy(&res_state); 299 rc = 0; 300 } 301 302 return (rc); 303 } 304 305 306 /* 307 * smb_set_machine_passwd 308 * 309 * This function should be used when setting the machine password property. 310 * The associated sequence number is incremented. 311 */ 312 static int 313 smb_set_machine_passwd(char *passwd) 314 { 315 int64_t num; 316 int rc = -1; 317 318 if (smb_config_set(SMB_CI_MACHINE_PASSWD, passwd) != SMBD_SMF_OK) 319 return (-1); 320 321 (void) mutex_lock(&seqnum_mtx); 322 (void) smb_config_getnum(SMB_CI_KPASSWD_SEQNUM, &num); 323 if (smb_config_setnum(SMB_CI_KPASSWD_SEQNUM, ++num) 324 == SMBD_SMF_OK) 325 rc = 0; 326 (void) mutex_unlock(&seqnum_mtx); 327 return (rc); 328 } 329 330 static int 331 smb_get_machine_passwd(uint8_t *buf, size_t buflen) 332 { 333 char pwd[SMB_PASSWD_MAXLEN + 1]; 334 int rc; 335 336 if (buflen < SMBAUTH_HASH_SZ) 337 return (-1); 338 339 rc = smb_config_getstr(SMB_CI_MACHINE_PASSWD, pwd, sizeof (pwd)); 340 if ((rc != SMBD_SMF_OK) || *pwd == '\0') 341 return (-1); 342 343 if (smb_auth_ntlm_hash(pwd, buf) != 0) 344 return (-1); 345 346 return (rc); 347 } 348 349 /* 350 * Set up IPC connection credentials. 351 */ 352 void 353 smb_ipc_init(void) 354 { 355 int rc; 356 357 (void) rw_wrlock(&smb_ipc_lock); 358 bzero(&ipc_info, sizeof (smb_ipc_t)); 359 bzero(&ipc_orig_info, sizeof (smb_ipc_t)); 360 361 (void) smb_getsamaccount(ipc_info.user, SMB_USERNAME_MAXLEN); 362 rc = smb_get_machine_passwd(ipc_info.passwd, SMBAUTH_HASH_SZ); 363 if (rc != 0) 364 *ipc_info.passwd = 0; 365 (void) rw_unlock(&smb_ipc_lock); 366 367 } 368 369 /* 370 * Set the IPC username and password hash in memory. If the domain 371 * join succeeds, the credentials will be committed for use with 372 * authenticated IPC. Otherwise, they should be rolled back. 373 */ 374 void 375 smb_ipc_set(char *plain_user, uint8_t *passwd_hash) 376 { 377 (void) rw_wrlock(&smb_ipc_lock); 378 (void) strlcpy(ipc_info.user, plain_user, sizeof (ipc_info.user)); 379 (void) memcpy(ipc_info.passwd, passwd_hash, SMBAUTH_HASH_SZ); 380 (void) rw_unlock(&smb_ipc_lock); 381 382 } 383 384 /* 385 * Save the host credentials to be used for authenticated IPC. 386 * The credentials are also saved to the original IPC info as 387 * rollback data in case the join domain process fails later. 388 */ 389 void 390 smb_ipc_commit(void) 391 { 392 (void) rw_wrlock(&smb_ipc_lock); 393 (void) smb_getsamaccount(ipc_info.user, SMB_USERNAME_MAXLEN); 394 (void) smb_get_machine_passwd(ipc_info.passwd, SMBAUTH_HASH_SZ); 395 (void) memcpy(&ipc_orig_info, &ipc_info, sizeof (smb_ipc_t)); 396 (void) rw_unlock(&smb_ipc_lock); 397 } 398 399 /* 400 * Restore the original credentials 401 */ 402 void 403 smb_ipc_rollback(void) 404 { 405 (void) rw_wrlock(&smb_ipc_lock); 406 (void) strlcpy(ipc_info.user, ipc_orig_info.user, 407 sizeof (ipc_info.user)); 408 (void) memcpy(ipc_info.passwd, ipc_orig_info.passwd, 409 sizeof (ipc_info.passwd)); 410 (void) rw_unlock(&smb_ipc_lock); 411 } 412 413 void 414 smb_ipc_get_user(char *buf, size_t buflen) 415 { 416 (void) rw_rdlock(&smb_ipc_lock); 417 (void) strlcpy(buf, ipc_info.user, buflen); 418 (void) rw_unlock(&smb_ipc_lock); 419 } 420 421 void 422 smb_ipc_get_passwd(uint8_t *buf, size_t buflen) 423 { 424 if (buflen < SMBAUTH_HASH_SZ) 425 return; 426 427 (void) rw_rdlock(&smb_ipc_lock); 428 (void) memcpy(buf, ipc_info.passwd, SMBAUTH_HASH_SZ); 429 (void) rw_unlock(&smb_ipc_lock); 430 } 431 432 /* 433 * smb_match_netlogon_seqnum 434 * 435 * A sequence number is associated with each machine password property 436 * update and the netlogon credential chain setup. If the 437 * sequence numbers don't match, a NETLOGON credential chain 438 * establishment is required. 439 * 440 * Returns 0 if kpasswd_seqnum equals to netlogon_seqnum. Otherwise, 441 * returns -1. 442 */ 443 boolean_t 444 smb_match_netlogon_seqnum(void) 445 { 446 int64_t setpasswd_seqnum; 447 int64_t netlogon_seqnum; 448 449 (void) mutex_lock(&seqnum_mtx); 450 (void) smb_config_getnum(SMB_CI_KPASSWD_SEQNUM, &setpasswd_seqnum); 451 (void) smb_config_getnum(SMB_CI_NETLOGON_SEQNUM, &netlogon_seqnum); 452 (void) mutex_unlock(&seqnum_mtx); 453 return (setpasswd_seqnum == netlogon_seqnum); 454 } 455 456 /* 457 * smb_setdomainprops 458 * 459 * This function should be called after joining an AD to 460 * set all the domain related SMF properties. 461 * 462 * The kpasswd_domain property is the AD domain to which the system 463 * is joined via kclient. If this function is invoked by the SMB 464 * daemon, fqdn should be set to NULL. 465 */ 466 int 467 smb_setdomainprops(char *fqdn, char *server, char *passwd) 468 { 469 if (server == NULL || passwd == NULL) 470 return (-1); 471 472 if ((*server == '\0') || (*passwd == '\0')) 473 return (-1); 474 475 if (fqdn && (smb_config_set(SMB_CI_KPASSWD_DOMAIN, fqdn) != 0)) 476 return (-1); 477 478 if (smb_config_set(SMB_CI_KPASSWD_SRV, server) != 0) 479 return (-1); 480 481 if (smb_set_machine_passwd(passwd) != 0) { 482 syslog(LOG_ERR, "smb_setdomainprops: failed to set" 483 " machine account password"); 484 return (-1); 485 } 486 487 /* 488 * If we successfully create a trust account, we mark 489 * ourselves as a domain member in the environment so 490 * that we use the SAMLOGON version of the NETLOGON 491 * PDC location protocol. 492 */ 493 (void) smb_config_setbool(SMB_CI_DOMAIN_MEMB, B_TRUE); 494 495 return (0); 496 } 497 498 /* 499 * smb_update_netlogon_seqnum 500 * 501 * This function should only be called upon a successful netlogon 502 * credential chain establishment to set the sequence number of the 503 * netlogon to match with that of the kpasswd. 504 */ 505 void 506 smb_update_netlogon_seqnum(void) 507 { 508 int64_t num; 509 510 (void) mutex_lock(&seqnum_mtx); 511 (void) smb_config_getnum(SMB_CI_KPASSWD_SEQNUM, &num); 512 (void) smb_config_setnum(SMB_CI_NETLOGON_SEQNUM, num); 513 (void) mutex_unlock(&seqnum_mtx); 514 } 515 516 517 /* 518 * Temporary fbt for dtrace until user space sdt enabled. 519 */ 520 void 521 smb_tracef(const char *fmt, ...) 522 { 523 va_list ap; 524 char buf[128]; 525 526 va_start(ap, fmt); 527 (void) vsnprintf(buf, 128, fmt, ap); 528 va_end(ap); 529 530 smb_trace(buf); 531 } 532 533 /* 534 * Temporary fbt for dtrace until user space sdt enabled. 535 * 536 * This function is designed to be used with dtrace, i.e. see: 537 * usr/src/cmd/smbsrv/dtrace/smbd-all.d 538 * 539 * Outside of dtrace, the messages passed to this function usually 540 * lack sufficient context to be useful, so we don't log them. 541 */ 542 /* ARGSUSED */ 543 void 544 smb_trace(const char *s) 545 { 546 } 547 548 /* 549 * smb_tonetbiosname 550 * 551 * Creates a NetBIOS name based on the given name and suffix. 552 * NetBIOS name is 15 capital characters, padded with space if needed 553 * and the 16th byte is the suffix. 554 */ 555 void 556 smb_tonetbiosname(char *name, char *nb_name, char suffix) 557 { 558 char tmp_name[NETBIOS_NAME_SZ]; 559 smb_wchar_t wtmp_name[NETBIOS_NAME_SZ]; 560 int len; 561 size_t rc; 562 563 len = 0; 564 rc = smb_mbstowcs(wtmp_name, (const char *)name, NETBIOS_NAME_SZ); 565 566 if (rc != (size_t)-1) { 567 wtmp_name[NETBIOS_NAME_SZ - 1] = 0; 568 rc = ucstooem(tmp_name, wtmp_name, NETBIOS_NAME_SZ, 569 OEM_CPG_850); 570 if (rc > 0) 571 len = strlen(tmp_name); 572 } 573 574 (void) memset(nb_name, ' ', NETBIOS_NAME_SZ - 1); 575 if (len) { 576 (void) smb_strupr(tmp_name); 577 (void) memcpy(nb_name, tmp_name, len); 578 } 579 nb_name[NETBIOS_NAME_SZ - 1] = suffix; 580 } 581 582 int 583 smb_get_nameservers(smb_inaddr_t *ips, int sz) 584 { 585 union res_sockaddr_union set[MAXNS]; 586 int i, cnt; 587 struct __res_state res_state; 588 char ipstr[INET6_ADDRSTRLEN]; 589 590 if (ips == NULL) 591 return (0); 592 593 bzero(&res_state, sizeof (struct __res_state)); 594 if (res_ninit(&res_state) < 0) 595 return (0); 596 597 cnt = res_getservers(&res_state, set, MAXNS); 598 for (i = 0; i < cnt; i++) { 599 if (i >= sz) 600 break; 601 ips[i].a_family = AF_INET; 602 bcopy(&set[i].sin.sin_addr, &ips[i].a_ipv4, NS_INADDRSZ); 603 if (inet_ntop(AF_INET, &ips[i].a_ipv4, ipstr, 604 INET_ADDRSTRLEN)) { 605 syslog(LOG_DEBUG, "Found %s name server\n", ipstr); 606 continue; 607 } 608 ips[i].a_family = AF_INET6; 609 bcopy(&set[i].sin.sin_addr, &ips[i].a_ipv6, NS_IN6ADDRSZ); 610 if (inet_ntop(AF_INET6, &ips[i].a_ipv6, ipstr, 611 INET6_ADDRSTRLEN)) { 612 syslog(LOG_DEBUG, "Found %s name server\n", ipstr); 613 } 614 } 615 res_ndestroy(&res_state); 616 return (i); 617 } 618 619 /* 620 * smb_gethostbyname 621 * 622 * Looks up a host by the given name. The host entry can come 623 * from any of the sources for hosts specified in the 624 * /etc/nsswitch.conf and the NetBIOS cache. 625 * 626 * XXX Invokes nbt_name_resolve API once the NBTD is integrated 627 * to look in the NetBIOS cache if getipnodebyname fails. 628 * 629 * Caller should invoke freehostent to free the returned hostent. 630 */ 631 struct hostent * 632 smb_gethostbyname(const char *name, int *err_num) 633 { 634 struct hostent *h; 635 636 h = getipnodebyname(name, AF_INET, 0, err_num); 637 if ((h == NULL) || h->h_length != INADDRSZ) 638 h = getipnodebyname(name, AF_INET6, AI_DEFAULT, err_num); 639 return (h); 640 } 641 642 /* 643 * smb_gethostbyaddr 644 * 645 * Looks up a host by the given IP address. The host entry can come 646 * from any of the sources for hosts specified in the 647 * /etc/nsswitch.conf and the NetBIOS cache. 648 * 649 * XXX Invokes nbt API to resolve name by IP once the NBTD is integrated 650 * to look in the NetBIOS cache if getipnodebyaddr fails. 651 * 652 * Caller should invoke freehostent to free the returned hostent. 653 */ 654 struct hostent * 655 smb_gethostbyaddr(const char *addr, int len, int type, int *err_num) 656 { 657 struct hostent *h; 658 659 h = getipnodebyaddr(addr, len, type, err_num); 660 661 return (h); 662 } 663