xref: /titanic_52/usr/src/lib/smbsrv/libsmb/common/smb_info.c (revision 9db67a327daf1243e630c20b81978ffd2a7baad7)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <sys/types.h>
29 #include <stdarg.h>
30 #include <unistd.h>
31 #include <stdlib.h>
32 #include <time.h>
33 #include <synch.h>
34 #include <syslog.h>
35 #include <string.h>
36 #include <strings.h>
37 #include <errno.h>
38 #include <net/if.h>
39 #include <netdb.h>
40 #include <netinet/in.h>
41 #include <arpa/nameser.h>
42 #include <resolv.h>
43 #include <sys/sockio.h>
44 #include <smbsrv/smbinfo.h>
45 #include <smbsrv/netbios.h>
46 #include <smbsrv/libsmb.h>
47 
48 static smb_ntdomain_t smbpdc_cache;
49 static mutex_t smbpdc_mtx;
50 static cond_t smbpdc_cv;
51 static mutex_t seqnum_mtx;
52 
53 extern int getdomainname(char *, int);
54 
55 /*
56  * smb_getdomaininfo
57  *
58  * Returns a pointer to the cached domain data. The caller can specify
59  * whether or not he is prepared to wait if the cache is not yet valid
60  * and for how long. The specified timeout is in seconds.
61  */
62 smb_ntdomain_t *
63 smb_getdomaininfo(uint32_t timeout)
64 {
65 	timestruc_t to;
66 	int err;
67 
68 	if (timeout != 0) {
69 		(void) mutex_lock(&smbpdc_mtx);
70 		while (smbpdc_cache.ipaddr == 0) {
71 			to.tv_sec = timeout;
72 			to.tv_nsec = 0;
73 			err = cond_reltimedwait(&smbpdc_cv, &smbpdc_mtx, &to);
74 			if (err == ETIME)
75 				break;
76 		}
77 		(void) mutex_unlock(&smbpdc_mtx);
78 	}
79 
80 	if (smbpdc_cache.ipaddr != 0)
81 		return (&smbpdc_cache);
82 	else
83 		return (0);
84 }
85 
86 void
87 smb_logdomaininfo(smb_ntdomain_t *di)
88 {
89 	char ipstr[16];
90 
91 	(void) inet_ntop(AF_INET, (const void *)&di->ipaddr, ipstr,
92 	    sizeof (ipstr));
93 	syslog(LOG_DEBUG, "smbd: %s (%s:%s)", di->domain, di->server, ipstr);
94 }
95 
96 /*
97  * smb_setdomaininfo
98  *
99  * Set the information for the specified domain. If the information is
100  * non-null, the notification event is raised to wakeup any threads
101  * blocking on the cache.
102  */
103 void
104 smb_setdomaininfo(char *domain, char *server, uint32_t ipaddr)
105 {
106 	char *p;
107 
108 	bzero(&smbpdc_cache, sizeof (smb_ntdomain_t));
109 
110 	if (domain && server && ipaddr) {
111 		(void) strlcpy(smbpdc_cache.domain, domain, SMB_PI_MAX_DOMAIN);
112 		(void) strlcpy(smbpdc_cache.server, server, SMB_PI_MAX_DOMAIN);
113 
114 		/*
115 		 * Remove DNS domain name extension
116 		 * to avoid confusing NetBIOS.
117 		 */
118 		if ((p = strchr(smbpdc_cache.domain, '.')) != 0)
119 			*p = '\0';
120 
121 		if ((p = strchr(smbpdc_cache.server, '.')) != 0)
122 			*p = '\0';
123 
124 		(void) mutex_lock(&smbpdc_mtx);
125 		smbpdc_cache.ipaddr = ipaddr;
126 		(void) cond_broadcast(&smbpdc_cv);
127 		(void) mutex_unlock(&smbpdc_mtx);
128 	}
129 }
130 
131 void
132 smb_load_kconfig(smb_kmod_cfg_t *kcfg)
133 {
134 	int64_t citem;
135 
136 	bzero(kcfg, sizeof (smb_kmod_cfg_t));
137 
138 	(void) smb_config_getnum(SMB_CI_MAX_WORKERS, &citem);
139 	kcfg->skc_maxworkers = (uint32_t)citem;
140 	(void) smb_config_getnum(SMB_CI_KEEPALIVE, &citem);
141 	kcfg->skc_keepalive = (uint32_t)citem;
142 	if ((kcfg->skc_keepalive != 0) &&
143 	    (kcfg->skc_keepalive < SMB_PI_KEEP_ALIVE_MIN))
144 		kcfg->skc_keepalive = SMB_PI_KEEP_ALIVE_MIN;
145 
146 	(void) smb_config_getnum(SMB_CI_MAX_CONNECTIONS, &citem);
147 	kcfg->skc_maxconnections = (uint32_t)citem;
148 	kcfg->skc_restrict_anon = smb_config_getbool(SMB_CI_RESTRICT_ANON);
149 	kcfg->skc_signing_enable = smb_config_getbool(SMB_CI_SIGNING_ENABLE);
150 	kcfg->skc_signing_required = smb_config_getbool(SMB_CI_SIGNING_REQD);
151 	kcfg->skc_signing_check = smb_config_getbool(SMB_CI_SIGNING_CHECK);
152 	kcfg->skc_oplock_enable = smb_config_getbool(SMB_CI_OPLOCK_ENABLE);
153 	kcfg->skc_sync_enable = smb_config_getbool(SMB_CI_SYNC_ENABLE);
154 	kcfg->skc_secmode = smb_config_get_secmode();
155 	(void) smb_getdomainname(kcfg->skc_resource_domain,
156 	    sizeof (kcfg->skc_resource_domain));
157 	(void) smb_gethostname(kcfg->skc_hostname, sizeof (kcfg->skc_hostname),
158 	    1);
159 	(void) smb_config_getstr(SMB_CI_SYS_CMNT, kcfg->skc_system_comment,
160 	    sizeof (kcfg->skc_system_comment));
161 }
162 
163 /*
164  * Get the current system NetBIOS name.  The hostname is truncated at
165  * the first `.` or 15 bytes, whichever occurs first, and converted
166  * to uppercase (by smb_gethostname).  Text that appears after the
167  * first '.' is considered to be part of the NetBIOS scope.
168  *
169  * Returns 0 on success, otherwise -1 to indicate an error.
170  */
171 int
172 smb_getnetbiosname(char *buf, size_t buflen)
173 {
174 	if (smb_gethostname(buf, buflen, 1) != 0)
175 		return (-1);
176 
177 	if (buflen >= NETBIOS_NAME_SZ)
178 		buf[NETBIOS_NAME_SZ - 1] = '\0';
179 
180 	return (0);
181 }
182 
183 /*
184  * Get the current system node name.  The returned name is guaranteed
185  * to be null-terminated (gethostname may not null terminate the name).
186  * If the hostname has been fully-qualified for some reason, the domain
187  * part will be removed.  If the caller would like the name in upper
188  * case, it is folded to uppercase.
189  *
190  * If gethostname fails, the returned buffer will contain an empty
191  * string.
192  */
193 int
194 smb_gethostname(char *buf, size_t buflen, int upcase)
195 {
196 	char *p;
197 
198 	if (buf == NULL || buflen == 0)
199 		return (-1);
200 
201 	if (gethostname(buf, buflen) != 0) {
202 		*buf = '\0';
203 		return (-1);
204 	}
205 
206 	buf[buflen - 1] = '\0';
207 
208 	if ((p = strchr(buf, '.')) != NULL)
209 		*p = '\0';
210 
211 	if (upcase)
212 		(void) utf8_strupr(buf);
213 
214 	return (0);
215 }
216 
217 /*
218  * Obtain the fully-qualified name for this machine.  If the
219  * hostname is fully-qualified, accept it.  Otherwise, try to
220  * find an appropriate domain name to append to the hostname.
221  */
222 int
223 smb_getfqhostname(char *buf, size_t buflen)
224 {
225 	char hostname[MAXHOSTNAMELEN];
226 	char domain[MAXHOSTNAMELEN];
227 
228 	hostname[0] = '\0';
229 	domain[0] = '\0';
230 
231 	if (smb_gethostname(hostname, MAXHOSTNAMELEN, 0) != 0)
232 		return (-1);
233 
234 	if (smb_getfqdomainname(domain, MAXHOSTNAMELEN) != 0)
235 		return (-1);
236 
237 	if (hostname[0] == '\0')
238 		return (-1);
239 
240 	if (domain[0] == '\0') {
241 		(void) strlcpy(buf, hostname, buflen);
242 		return (0);
243 	}
244 
245 	(void) snprintf(buf, buflen, "%s.%s", hostname, domain);
246 	return (0);
247 }
248 
249 /*
250  * smb_resolve_netbiosname
251  *
252  * Convert the fully-qualified domain name (i.e. fqdn) to a NETBIOS name.
253  * Upon success, the NETBIOS name will be returned via buf parameter.
254  * Returns 0 upon success.  Otherwise, returns -1.
255  */
256 int
257 smb_resolve_netbiosname(char *fqdn, char *buf, size_t buflen)
258 {
259 	char *p;
260 
261 	if (!buf)
262 		return (-1);
263 
264 	*buf = '\0';
265 	if (!fqdn)
266 		return (-1);
267 
268 	(void) strlcpy(buf, fqdn, buflen);
269 	if ((p = strchr(buf, '.')) != NULL)
270 		*p = 0;
271 
272 	if (strlen(buf) >= NETBIOS_NAME_SZ)
273 		buf[NETBIOS_NAME_SZ - 1] = '\0';
274 
275 	return (0);
276 }
277 
278 /*
279  * smb_getdomainname
280  *
281  * Returns NETBIOS name of the domain if the system is in domain
282  * mode. Or returns workgroup name if the system is in workgroup
283  * mode.
284  */
285 int
286 smb_getdomainname(char *buf, size_t buflen)
287 {
288 	char domain[MAXHOSTNAMELEN];
289 	int rc;
290 
291 	if (buf == NULL || buflen == 0)
292 		return (-1);
293 
294 	*buf = '\0';
295 	rc = smb_config_getstr(SMB_CI_DOMAIN_NAME, domain,
296 	    sizeof (domain));
297 
298 	if ((rc != SMBD_SMF_OK) || (*domain == '\0'))
299 		return (-1);
300 
301 	(void) smb_resolve_netbiosname(domain, buf, buflen);
302 	return (0);
303 }
304 
305 /*
306  * smb_getdomainsid
307  *
308  * Returns the domain SID if the system is in domain mode.
309  * Otherwise returns NULL.
310  *
311  * Note: Callers are responsible for freeing a returned SID.
312  */
313 smb_sid_t *
314 smb_getdomainsid(void)
315 {
316 	char buf[MAXHOSTNAMELEN];
317 	smb_sid_t *sid;
318 	int security_mode;
319 	int rc;
320 
321 	security_mode = smb_config_get_secmode();
322 	if (security_mode != SMB_SECMODE_DOMAIN)
323 		return (NULL);
324 
325 	*buf = '\0';
326 	rc = smb_config_getstr(SMB_CI_DOMAIN_SID, buf, MAXHOSTNAMELEN);
327 	if ((rc != SMBD_SMF_OK) || (*buf == '\0'))
328 		return (NULL);
329 
330 	if ((sid = smb_sid_fromstr(buf)) == NULL)
331 		return (NULL);
332 
333 	return (sid);
334 }
335 
336 /*
337  * smb_resolve_fqdn
338  *
339  * Converts the NETBIOS name of the domain (i.e. nbt_domain) to a fully
340  * qualified domain name. The domain from either the domain field or
341  * search list field of the /etc/resolv.conf will be returned via the
342  * buf parameter if the first label of the domain matches the given
343  * NETBIOS name.
344  *
345  * Returns -1 upon error. If a match is found, returns 1. Otherwise,
346  * returns 0.
347  */
348 int
349 smb_resolve_fqdn(char *nbt_domain, char *buf, size_t buflen)
350 {
351 	struct __res_state res_state;
352 	int i, found = 0;
353 	char *p;
354 	int dlen;
355 
356 	if (!buf)
357 		return (-1);
358 
359 	*buf = '\0';
360 	if (!nbt_domain)
361 		return (-1);
362 
363 	bzero(&res_state, sizeof (struct __res_state));
364 	if (res_ninit(&res_state))
365 		return (-1);
366 
367 	if (*nbt_domain == '\0') {
368 		if (*res_state.defdname == '\0') {
369 			res_ndestroy(&res_state);
370 			return (0);
371 		}
372 
373 		(void) strlcpy(buf, res_state.defdname, buflen);
374 		res_ndestroy(&res_state);
375 		return (1);
376 	}
377 
378 	dlen = strlen(nbt_domain);
379 	if (!strncasecmp(nbt_domain, res_state.defdname, dlen)) {
380 		(void) strlcpy(buf, res_state.defdname, buflen);
381 		res_ndestroy(&res_state);
382 		return (1);
383 	}
384 
385 	for (i = 0; (p = res_state.dnsrch[i]) != NULL; i++) {
386 		if (!strncasecmp(nbt_domain, p, dlen)) {
387 			(void) strlcpy(buf, p, buflen);
388 			found = 1;
389 			break;
390 		}
391 
392 	}
393 
394 	res_ndestroy(&res_state);
395 	return (found);
396 }
397 
398 /*
399  * smb_getfqdomainname
400  *
401  * If the domain_name property value is FQDN, it will be returned.
402  * In domain mode, the domain from either the domain field or
403  * search list field of the /etc/resolv.conf will be returned via the
404  * buf parameter if the first label of the domain matches the
405  * domain_name property. In workgroup mode, it returns the local
406  * domain.
407  *
408  * Returns 0 upon success.  Otherwise, returns -1.
409  */
410 int
411 smb_getfqdomainname(char *buf, size_t buflen)
412 {
413 	char domain[MAXHOSTNAMELEN];
414 	int rc = 0;
415 
416 	if (buf == NULL || buflen == 0)
417 		return (-1);
418 
419 	*buf = '\0';
420 	if (smb_config_get_secmode() == SMB_SECMODE_DOMAIN) {
421 		rc = smb_config_getstr(SMB_CI_DOMAIN_NAME, domain,
422 		    sizeof (domain));
423 
424 		if ((rc != SMBD_SMF_OK) || (*domain == '\0'))
425 			return (-1);
426 
427 		if (strchr(domain, '.') == NULL) {
428 			if (smb_resolve_fqdn(domain, buf, buflen) != 1)
429 				rc = -1;
430 		} else {
431 			(void) strlcpy(buf, domain, buflen);
432 		}
433 	} else {
434 		if (smb_resolve_fqdn("", buf, buflen) != 1)
435 			rc = -1;
436 	}
437 
438 	return (rc);
439 }
440 
441 
442 /*
443  * smb_set_machine_passwd
444  *
445  * This function should be used when setting the machine password property.
446  * The associated sequence number is incremented.
447  */
448 static int
449 smb_set_machine_passwd(char *passwd)
450 {
451 	int64_t num;
452 	int rc = -1;
453 
454 	if (smb_config_set(SMB_CI_MACHINE_PASSWD, passwd) != SMBD_SMF_OK)
455 		return (-1);
456 
457 	(void) mutex_lock(&seqnum_mtx);
458 	(void) smb_config_getnum(SMB_CI_KPASSWD_SEQNUM, &num);
459 	if (smb_config_setnum(SMB_CI_KPASSWD_SEQNUM, ++num)
460 	    == SMBD_SMF_OK)
461 		rc = 0;
462 	(void) mutex_unlock(&seqnum_mtx);
463 	return (rc);
464 }
465 
466 /*
467  * smb_match_netlogon_seqnum
468  *
469  * A sequence number is associated with each machine password property
470  * update and the netlogon credential chain setup. If the
471  * sequence numbers don't match, a NETLOGON credential chain
472  * establishment is required.
473  *
474  * Returns 0 if kpasswd_seqnum equals to netlogon_seqnum. Otherwise,
475  * returns -1.
476  */
477 boolean_t
478 smb_match_netlogon_seqnum(void)
479 {
480 	int64_t setpasswd_seqnum;
481 	int64_t netlogon_seqnum;
482 
483 	(void) mutex_lock(&seqnum_mtx);
484 	(void) smb_config_getnum(SMB_CI_KPASSWD_SEQNUM, &setpasswd_seqnum);
485 	(void) smb_config_getnum(SMB_CI_NETLOGON_SEQNUM, &netlogon_seqnum);
486 	(void) mutex_unlock(&seqnum_mtx);
487 	return (setpasswd_seqnum == netlogon_seqnum);
488 }
489 
490 /*
491  * smb_setdomainprops
492  *
493  * This function should be called after joining an AD to
494  * set all the domain related SMF properties.
495  *
496  * The kpasswd_domain property is the AD domain to which the system
497  * is joined via kclient. If this function is invoked by the SMB
498  * daemon, fqdn should be set to NULL.
499  */
500 int
501 smb_setdomainprops(char *fqdn, char *server, char *passwd)
502 {
503 	if (server == NULL || passwd == NULL)
504 		return (-1);
505 
506 	if ((*server == '\0') || (*passwd == '\0'))
507 		return (-1);
508 
509 	if (fqdn && (smb_config_set(SMB_CI_KPASSWD_DOMAIN, fqdn) != 0))
510 		return (-1);
511 
512 	if (smb_config_set(SMB_CI_KPASSWD_SRV, server) != 0)
513 		return (-1);
514 
515 	if (smb_set_machine_passwd(passwd) != 0) {
516 		syslog(LOG_ERR, "smb_setdomainprops: failed to set"
517 		    " machine account password");
518 		return (-1);
519 	}
520 
521 	/*
522 	 * If we successfully create a trust account, we mark
523 	 * ourselves as a domain member in the environment so
524 	 * that we use the SAMLOGON version of the NETLOGON
525 	 * PDC location protocol.
526 	 */
527 	(void) smb_config_setbool(SMB_CI_DOMAIN_MEMB, B_TRUE);
528 
529 	return (0);
530 }
531 
532 /*
533  * smb_update_netlogon_seqnum
534  *
535  * This function should only be called upon a successful netlogon
536  * credential chain establishment to set the sequence number of the
537  * netlogon to match with that of the kpasswd.
538  */
539 void
540 smb_update_netlogon_seqnum(void)
541 {
542 	int64_t num;
543 
544 	(void) mutex_lock(&seqnum_mtx);
545 	(void) smb_config_getnum(SMB_CI_KPASSWD_SEQNUM, &num);
546 	(void) smb_config_setnum(SMB_CI_NETLOGON_SEQNUM, num);
547 	(void) mutex_unlock(&seqnum_mtx);
548 }
549 
550 
551 /*
552  * Temporary fbt for dtrace until user space sdt enabled.
553  */
554 void
555 smb_tracef(const char *fmt, ...)
556 {
557 	va_list ap;
558 	char buf[128];
559 
560 	va_start(ap, fmt);
561 	(void) vsnprintf(buf, 128, fmt, ap);
562 	va_end(ap);
563 
564 	smb_trace(buf);
565 }
566 
567 /*
568  * Temporary fbt for dtrace until user space sdt enabled.
569  */
570 void
571 smb_trace(const char *s)
572 {
573 	syslog(LOG_DEBUG, "%s", s);
574 }
575 
576 /*
577  * smb_tonetbiosname
578  *
579  * Creates a NetBIOS name based on the given name and suffix.
580  * NetBIOS name is 15 capital characters, padded with space if needed
581  * and the 16th byte is the suffix.
582  */
583 void
584 smb_tonetbiosname(char *name, char *nb_name, char suffix)
585 {
586 	char tmp_name[NETBIOS_NAME_SZ];
587 	mts_wchar_t wtmp_name[NETBIOS_NAME_SZ];
588 	unsigned int cpid;
589 	int len;
590 	size_t rc;
591 
592 	len = 0;
593 	rc = mts_mbstowcs(wtmp_name, (const char *)name, NETBIOS_NAME_SZ);
594 
595 	if (rc != (size_t)-1) {
596 		wtmp_name[NETBIOS_NAME_SZ - 1] = 0;
597 		cpid = oem_get_smb_cpid();
598 		rc = unicodestooems(tmp_name, wtmp_name, NETBIOS_NAME_SZ, cpid);
599 		if (rc > 0)
600 			len = strlen(tmp_name);
601 	}
602 
603 	(void) memset(nb_name, ' ', NETBIOS_NAME_SZ - 1);
604 	if (len) {
605 		(void) utf8_strupr(tmp_name);
606 		(void) memcpy(nb_name, tmp_name, len);
607 	}
608 	nb_name[NETBIOS_NAME_SZ - 1] = suffix;
609 }
610 
611 int
612 smb_get_nameservers(struct in_addr *ips, int sz)
613 {
614 	union res_sockaddr_union set[MAXNS];
615 	int i, cnt;
616 	struct __res_state res_state;
617 
618 	if (ips == NULL)
619 		return (0);
620 
621 	bzero(&res_state, sizeof (struct __res_state));
622 	if (res_ninit(&res_state) < 0)
623 		return (0);
624 
625 	cnt = res_getservers(&res_state, set, MAXNS);
626 	for (i = 0; i < cnt; i++) {
627 		if (i >= sz)
628 			break;
629 		ips[i] = set[i].sin.sin_addr;
630 		syslog(LOG_DEBUG, "NS Found %s name server\n",
631 		    inet_ntoa(ips[i]));
632 	}
633 	syslog(LOG_DEBUG, "NS Found %d name servers\n", i);
634 	res_ndestroy(&res_state);
635 	return (i);
636 }
637