xref: /titanic_51/usr/src/lib/smbsrv/libsmb/common/smb_info.c (revision bb8220ba212644c001e84164b32fc576a73ff8e0)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <assert.h>
27 #include <sys/types.h>
28 #include <stdarg.h>
29 #include <unistd.h>
30 #include <stdlib.h>
31 #include <time.h>
32 #include <synch.h>
33 #include <syslog.h>
34 #include <string.h>
35 #include <strings.h>
36 #include <errno.h>
37 #include <net/if.h>
38 #include <netdb.h>
39 #include <netinet/in.h>
40 #include <arpa/nameser.h>
41 #include <resolv.h>
42 #include <sys/sockio.h>
43 #include <sys/socket.h>
44 #include <smbsrv/smbinfo.h>
45 #include <smbsrv/netbios.h>
46 #include <smbsrv/libsmb.h>
47 
48 static mutex_t seqnum_mtx;
49 
50 void
51 smb_load_kconfig(smb_kmod_cfg_t *kcfg)
52 {
53 	int64_t citem;
54 
55 	bzero(kcfg, sizeof (smb_kmod_cfg_t));
56 
57 	(void) smb_config_getnum(SMB_CI_MAX_WORKERS, &citem);
58 	kcfg->skc_maxworkers = (uint32_t)citem;
59 	(void) smb_config_getnum(SMB_CI_KEEPALIVE, &citem);
60 	kcfg->skc_keepalive = (uint32_t)citem;
61 	if ((kcfg->skc_keepalive != 0) &&
62 	    (kcfg->skc_keepalive < SMB_PI_KEEP_ALIVE_MIN))
63 		kcfg->skc_keepalive = SMB_PI_KEEP_ALIVE_MIN;
64 
65 	(void) smb_config_getnum(SMB_CI_MAX_CONNECTIONS, &citem);
66 	kcfg->skc_maxconnections = (uint32_t)citem;
67 	kcfg->skc_restrict_anon = smb_config_getbool(SMB_CI_RESTRICT_ANON);
68 	kcfg->skc_signing_enable = smb_config_getbool(SMB_CI_SIGNING_ENABLE);
69 	kcfg->skc_signing_required = smb_config_getbool(SMB_CI_SIGNING_REQD);
70 	kcfg->skc_ipv6_enable = smb_config_getbool(SMB_CI_IPV6_ENABLE);
71 	kcfg->skc_oplock_enable = smb_config_getbool(SMB_CI_OPLOCK_ENABLE);
72 	kcfg->skc_sync_enable = smb_config_getbool(SMB_CI_SYNC_ENABLE);
73 	kcfg->skc_secmode = smb_config_get_secmode();
74 	(void) smb_getdomainname(kcfg->skc_nbdomain,
75 	    sizeof (kcfg->skc_nbdomain));
76 	(void) smb_getfqdomainname(kcfg->skc_fqdn,
77 	    sizeof (kcfg->skc_fqdn));
78 	(void) smb_getnetbiosname(kcfg->skc_hostname,
79 	    sizeof (kcfg->skc_hostname));
80 	(void) smb_config_getstr(SMB_CI_SYS_CMNT, kcfg->skc_system_comment,
81 	    sizeof (kcfg->skc_system_comment));
82 }
83 
84 /*
85  * Get the current system NetBIOS name.  The hostname is truncated at
86  * the first `.` or 15 bytes, whichever occurs first, and converted
87  * to uppercase (by smb_gethostname).  Text that appears after the
88  * first '.' is considered to be part of the NetBIOS scope.
89  *
90  * Returns 0 on success, otherwise -1 to indicate an error.
91  */
92 int
93 smb_getnetbiosname(char *buf, size_t buflen)
94 {
95 	if (smb_gethostname(buf, buflen, 1) != 0)
96 		return (-1);
97 
98 	if (buflen >= NETBIOS_NAME_SZ)
99 		buf[NETBIOS_NAME_SZ - 1] = '\0';
100 
101 	return (0);
102 }
103 
104 /*
105  * Get the SAM account of the current system.
106  * Returns 0 on success, otherwise, -1 to indicate an error.
107  */
108 int
109 smb_getsamaccount(char *buf, size_t buflen)
110 {
111 	if (smb_getnetbiosname(buf, buflen - 1) != 0)
112 		return (-1);
113 
114 	(void) strlcat(buf, "$", buflen);
115 	return (0);
116 }
117 
118 /*
119  * Get the current system node name.  The returned name is guaranteed
120  * to be null-terminated (gethostname may not null terminate the name).
121  * If the hostname has been fully-qualified for some reason, the domain
122  * part will be removed.  If the caller would like the name in upper
123  * case, it is folded to uppercase.
124  *
125  * If gethostname fails, the returned buffer will contain an empty
126  * string.
127  */
128 int
129 smb_gethostname(char *buf, size_t buflen, int upcase)
130 {
131 	char *p;
132 
133 	if (buf == NULL || buflen == 0)
134 		return (-1);
135 
136 	if (gethostname(buf, buflen) != 0) {
137 		*buf = '\0';
138 		return (-1);
139 	}
140 
141 	buf[buflen - 1] = '\0';
142 
143 	if ((p = strchr(buf, '.')) != NULL)
144 		*p = '\0';
145 
146 	if (upcase)
147 		(void) utf8_strupr(buf);
148 
149 	return (0);
150 }
151 
152 /*
153  * Obtain the fully-qualified name for this machine.  If the
154  * hostname is fully-qualified, accept it.  Otherwise, try to
155  * find an appropriate domain name to append to the hostname.
156  */
157 int
158 smb_getfqhostname(char *buf, size_t buflen)
159 {
160 	char hostname[MAXHOSTNAMELEN];
161 	char domain[MAXHOSTNAMELEN];
162 
163 	hostname[0] = '\0';
164 	domain[0] = '\0';
165 
166 	if (smb_gethostname(hostname, MAXHOSTNAMELEN, 0) != 0)
167 		return (-1);
168 
169 	if (smb_getfqdomainname(domain, MAXHOSTNAMELEN) != 0)
170 		return (-1);
171 
172 	if (hostname[0] == '\0')
173 		return (-1);
174 
175 	if (domain[0] == '\0') {
176 		(void) strlcpy(buf, hostname, buflen);
177 		return (0);
178 	}
179 
180 	(void) snprintf(buf, buflen, "%s.%s", hostname, domain);
181 	return (0);
182 }
183 
184 /*
185  * smb_getdomainname
186  *
187  * Returns NETBIOS name of the domain if the system is in domain
188  * mode. Or returns workgroup name if the system is in workgroup
189  * mode.
190  */
191 int
192 smb_getdomainname(char *buf, size_t buflen)
193 {
194 	int rc;
195 
196 	if (buf == NULL || buflen == 0)
197 		return (-1);
198 
199 	*buf = '\0';
200 	rc = smb_config_getstr(SMB_CI_DOMAIN_NAME, buf, buflen);
201 
202 	if ((rc != SMBD_SMF_OK) || (*buf == '\0'))
203 		return (-1);
204 
205 	return (0);
206 }
207 
208 /*
209  * smb_getdomainsid
210  *
211  * Returns the domain SID if the system is in domain mode.
212  * Otherwise returns NULL.
213  *
214  * Note: Callers are responsible for freeing a returned SID.
215  */
216 smb_sid_t *
217 smb_getdomainsid(void)
218 {
219 	char buf[MAXHOSTNAMELEN];
220 	smb_sid_t *sid;
221 	int security_mode;
222 	int rc;
223 
224 	security_mode = smb_config_get_secmode();
225 	if (security_mode != SMB_SECMODE_DOMAIN)
226 		return (NULL);
227 
228 	*buf = '\0';
229 	rc = smb_config_getstr(SMB_CI_DOMAIN_SID, buf, MAXHOSTNAMELEN);
230 	if ((rc != SMBD_SMF_OK) || (*buf == '\0'))
231 		return (NULL);
232 
233 	if ((sid = smb_sid_fromstr(buf)) == NULL)
234 		return (NULL);
235 
236 	return (sid);
237 }
238 
239 /*
240  * smb_getfqdomainname
241  *
242  * In the system is in domain mode, the dns_domain property value
243  * is returned. Otherwise, it returns the local domain obtained via
244  * resolver.
245  *
246  * Returns 0 upon success.  Otherwise, returns -1.
247  */
248 int
249 smb_getfqdomainname(char *buf, size_t buflen)
250 {
251 	struct __res_state res_state;
252 	int rc;
253 
254 	if (buf == NULL || buflen == 0)
255 		return (-1);
256 
257 	*buf = '\0';
258 	if (smb_config_get_secmode() == SMB_SECMODE_DOMAIN) {
259 		rc = smb_config_getstr(SMB_CI_DOMAIN_FQDN, buf, buflen);
260 
261 		if ((rc != SMBD_SMF_OK) || (*buf == '\0'))
262 			return (-1);
263 	} else {
264 		bzero(&res_state, sizeof (struct __res_state));
265 		if (res_ninit(&res_state))
266 			return (-1);
267 
268 		if (*res_state.defdname == '\0') {
269 			res_ndestroy(&res_state);
270 			return (-1);
271 		}
272 
273 		(void) strlcpy(buf, res_state.defdname, buflen);
274 		res_ndestroy(&res_state);
275 		rc = 0;
276 	}
277 
278 	return (rc);
279 }
280 
281 
282 /*
283  * smb_set_machine_passwd
284  *
285  * This function should be used when setting the machine password property.
286  * The associated sequence number is incremented.
287  */
288 static int
289 smb_set_machine_passwd(char *passwd)
290 {
291 	int64_t num;
292 	int rc = -1;
293 
294 	if (smb_config_set(SMB_CI_MACHINE_PASSWD, passwd) != SMBD_SMF_OK)
295 		return (-1);
296 
297 	(void) mutex_lock(&seqnum_mtx);
298 	(void) smb_config_getnum(SMB_CI_KPASSWD_SEQNUM, &num);
299 	if (smb_config_setnum(SMB_CI_KPASSWD_SEQNUM, ++num)
300 	    == SMBD_SMF_OK)
301 		rc = 0;
302 	(void) mutex_unlock(&seqnum_mtx);
303 	return (rc);
304 }
305 
306 /*
307  * smb_match_netlogon_seqnum
308  *
309  * A sequence number is associated with each machine password property
310  * update and the netlogon credential chain setup. If the
311  * sequence numbers don't match, a NETLOGON credential chain
312  * establishment is required.
313  *
314  * Returns 0 if kpasswd_seqnum equals to netlogon_seqnum. Otherwise,
315  * returns -1.
316  */
317 boolean_t
318 smb_match_netlogon_seqnum(void)
319 {
320 	int64_t setpasswd_seqnum;
321 	int64_t netlogon_seqnum;
322 
323 	(void) mutex_lock(&seqnum_mtx);
324 	(void) smb_config_getnum(SMB_CI_KPASSWD_SEQNUM, &setpasswd_seqnum);
325 	(void) smb_config_getnum(SMB_CI_NETLOGON_SEQNUM, &netlogon_seqnum);
326 	(void) mutex_unlock(&seqnum_mtx);
327 	return (setpasswd_seqnum == netlogon_seqnum);
328 }
329 
330 /*
331  * smb_setdomainprops
332  *
333  * This function should be called after joining an AD to
334  * set all the domain related SMF properties.
335  *
336  * The kpasswd_domain property is the AD domain to which the system
337  * is joined via kclient. If this function is invoked by the SMB
338  * daemon, fqdn should be set to NULL.
339  */
340 int
341 smb_setdomainprops(char *fqdn, char *server, char *passwd)
342 {
343 	if (server == NULL || passwd == NULL)
344 		return (-1);
345 
346 	if ((*server == '\0') || (*passwd == '\0'))
347 		return (-1);
348 
349 	if (fqdn && (smb_config_set(SMB_CI_KPASSWD_DOMAIN, fqdn) != 0))
350 		return (-1);
351 
352 	if (smb_config_set(SMB_CI_KPASSWD_SRV, server) != 0)
353 		return (-1);
354 
355 	if (smb_set_machine_passwd(passwd) != 0) {
356 		syslog(LOG_ERR, "smb_setdomainprops: failed to set"
357 		    " machine account password");
358 		return (-1);
359 	}
360 
361 	/*
362 	 * If we successfully create a trust account, we mark
363 	 * ourselves as a domain member in the environment so
364 	 * that we use the SAMLOGON version of the NETLOGON
365 	 * PDC location protocol.
366 	 */
367 	(void) smb_config_setbool(SMB_CI_DOMAIN_MEMB, B_TRUE);
368 
369 	return (0);
370 }
371 
372 /*
373  * smb_update_netlogon_seqnum
374  *
375  * This function should only be called upon a successful netlogon
376  * credential chain establishment to set the sequence number of the
377  * netlogon to match with that of the kpasswd.
378  */
379 void
380 smb_update_netlogon_seqnum(void)
381 {
382 	int64_t num;
383 
384 	(void) mutex_lock(&seqnum_mtx);
385 	(void) smb_config_getnum(SMB_CI_KPASSWD_SEQNUM, &num);
386 	(void) smb_config_setnum(SMB_CI_NETLOGON_SEQNUM, num);
387 	(void) mutex_unlock(&seqnum_mtx);
388 }
389 
390 
391 /*
392  * Temporary fbt for dtrace until user space sdt enabled.
393  */
394 void
395 smb_tracef(const char *fmt, ...)
396 {
397 	va_list ap;
398 	char buf[128];
399 
400 	va_start(ap, fmt);
401 	(void) vsnprintf(buf, 128, fmt, ap);
402 	va_end(ap);
403 
404 	smb_trace(buf);
405 }
406 
407 /*
408  * Temporary fbt for dtrace until user space sdt enabled.
409  */
410 void
411 smb_trace(const char *s)
412 {
413 	syslog(LOG_DEBUG, "%s", s);
414 }
415 
416 /*
417  * smb_tonetbiosname
418  *
419  * Creates a NetBIOS name based on the given name and suffix.
420  * NetBIOS name is 15 capital characters, padded with space if needed
421  * and the 16th byte is the suffix.
422  */
423 void
424 smb_tonetbiosname(char *name, char *nb_name, char suffix)
425 {
426 	char tmp_name[NETBIOS_NAME_SZ];
427 	mts_wchar_t wtmp_name[NETBIOS_NAME_SZ];
428 	unsigned int cpid;
429 	int len;
430 	size_t rc;
431 
432 	len = 0;
433 	rc = mts_mbstowcs(wtmp_name, (const char *)name, NETBIOS_NAME_SZ);
434 
435 	if (rc != (size_t)-1) {
436 		wtmp_name[NETBIOS_NAME_SZ - 1] = 0;
437 		cpid = oem_get_smb_cpid();
438 		rc = unicodestooems(tmp_name, wtmp_name, NETBIOS_NAME_SZ, cpid);
439 		if (rc > 0)
440 			len = strlen(tmp_name);
441 	}
442 
443 	(void) memset(nb_name, ' ', NETBIOS_NAME_SZ - 1);
444 	if (len) {
445 		(void) utf8_strupr(tmp_name);
446 		(void) memcpy(nb_name, tmp_name, len);
447 	}
448 	nb_name[NETBIOS_NAME_SZ - 1] = suffix;
449 }
450 
451 int
452 smb_get_nameservers(smb_inaddr_t *ips, int sz)
453 {
454 	union res_sockaddr_union set[MAXNS];
455 	int i, cnt;
456 	struct __res_state res_state;
457 	char ipstr[INET6_ADDRSTRLEN];
458 
459 	if (ips == NULL)
460 		return (0);
461 
462 	bzero(&res_state, sizeof (struct __res_state));
463 	if (res_ninit(&res_state) < 0)
464 		return (0);
465 
466 	cnt = res_getservers(&res_state, set, MAXNS);
467 	for (i = 0; i < cnt; i++) {
468 		if (i >= sz)
469 			break;
470 		ips[i].a_family = AF_INET;
471 		bcopy(&set[i].sin.sin_addr, &ips[i].a_ipv4, INADDRSZ);
472 		if (inet_ntop(AF_INET, &ips[i].a_ipv4, ipstr,
473 		    INET_ADDRSTRLEN)) {
474 			syslog(LOG_DEBUG, "Found %s name server\n", ipstr);
475 			continue;
476 		}
477 		ips[i].a_family = AF_INET6;
478 		bcopy(&set[i].sin.sin_addr, &ips[i].a_ipv6, IPV6_ADDR_LEN);
479 		if (inet_ntop(AF_INET6, &ips[i].a_ipv6, ipstr,
480 		    INET6_ADDRSTRLEN)) {
481 			syslog(LOG_DEBUG, "Found %s name server\n", ipstr);
482 		}
483 	}
484 	res_ndestroy(&res_state);
485 	return (i);
486 }
487 /*
488  * smb_gethostbyname
489  *
490  * Looks up a host by the given name. The host entry can come
491  * from any of the sources for hosts specified in the
492  * /etc/nsswitch.conf and the NetBIOS cache.
493  *
494  * XXX Invokes nbt_name_resolve API once the NBTD is integrated
495  * to look in the NetBIOS cache if getipnodebyname fails.
496  *
497  * Caller should invoke freehostent to free the returned hostent.
498  */
499 struct hostent *
500 smb_gethostbyname(const char *name, int *err_num)
501 {
502 	struct hostent *h;
503 
504 	h = getipnodebyname(name, AF_INET, 0, err_num);
505 	if ((h == NULL) || h->h_length != INADDRSZ)
506 		h = getipnodebyname(name, AF_INET6, AI_DEFAULT, err_num);
507 	return (h);
508 }
509 
510 /*
511  * smb_gethostbyaddr
512  *
513  * Looks up a host by the given IP address. The host entry can come
514  * from any of the sources for hosts specified in the
515  * /etc/nsswitch.conf and the NetBIOS cache.
516  *
517  * XXX Invokes nbt API to resolve name by IP once the NBTD is integrated
518  * to look in the NetBIOS cache if getipnodebyaddr fails.
519  *
520  * Caller should invoke freehostent to free the returned hostent.
521  */
522 struct hostent *
523 smb_gethostbyaddr(const char *addr, int len, int type, int *err_num)
524 {
525 	struct hostent *h;
526 
527 	h = getipnodebyaddr(addr, len, type, err_num);
528 
529 	return (h);
530 }
531 
532 /*
533  * Check to see if the given name is the hostname.
534  * It checks the hostname returned by OS and also both
535  * fully qualified and NetBIOS forms of the host name.
536  */
537 boolean_t
538 smb_ishostname(const char *name)
539 {
540 	char hostname[MAXHOSTNAMELEN];
541 	int rc;
542 
543 	if (strchr(name, '.') != NULL)
544 		rc = smb_getfqhostname(hostname, MAXHOSTNAMELEN);
545 	else {
546 		if (strlen(name) < NETBIOS_NAME_SZ)
547 			rc = smb_getnetbiosname(hostname, MAXHOSTNAMELEN);
548 		else
549 			rc = smb_gethostname(hostname, MAXHOSTNAMELEN, 1);
550 	}
551 
552 	if (rc != 0)
553 		return (B_FALSE);
554 
555 	return (utf8_strcasecmp(name, hostname) == 0);
556 }
557