libsmb/common/smb_util.c

da6c28aaSamw/*
da6c28aaSamw * CDDL HEADER START
da6c28aaSamw *
da6c28aaSamw * The contents of this file are subject to the terms of the
da6c28aaSamw * Common Development and Distribution License (the "License").
da6c28aaSamw * You may not use this file except in compliance with the License.
da6c28aaSamw *
da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da6c28aaSamw * or http://www.opensolaris.org/os/licensing.
da6c28aaSamw * See the License for the specific language governing permissions
da6c28aaSamw * and limitations under the License.
da6c28aaSamw *
da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each
da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the
da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying
da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner]
da6c28aaSamw *
da6c28aaSamw * CDDL HEADER END
da6c28aaSamw */
da6c28aaSamw/*
148c5f43SAlan Wright * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
*b819cea2SGordon Ross * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
da6c28aaSamw */
da6c28aaSamw
da6c28aaSamw#include <ctype.h>
da6c28aaSamw#include <stdio.h>
148c5f43SAlan Wright#include <stdarg.h>
148c5f43SAlan Wright#include <unistd.h>
148c5f43SAlan Wright#include <sys/fcntl.h>
da6c28aaSamw#include <string.h>
1fcced4cSJordan Brown#include <strings.h>
da6c28aaSamw#include <stdlib.h>
da6c28aaSamw#include <pthread.h>
da6c28aaSamw#include <sys/varargs.h>
da6c28aaSamw#include <sys/types.h>
6d57f833SAlan Wright#include <sys/mnttab.h>
b89a8333Snatalie li - Sun Microsystems - Irvine United States#include <tiuser.h>
b89a8333Snatalie li - Sun Microsystems - Irvine United States#include <netconfig.h>
b89a8333Snatalie li - Sun Microsystems - Irvine United States#include <netdir.h>
b89a8333Snatalie li - Sun Microsystems - Irvine United States#include <sys/systeminfo.h>
b89a8333Snatalie li - Sun Microsystems - Irvine United States#include <sys/utsname.h>
6d57f833SAlan Wright#include <libzfs.h>
1fcced4cSJordan Brown#include <dlfcn.h>
148c5f43SAlan Wright#include <time.h>
148c5f43SAlan Wright#include <syslog.h>
6d57f833SAlan Wright#include <smbsrv/string.h>
6d57f833SAlan Wright#include <smbsrv/libsmb.h>
b89a8333Snatalie li - Sun Microsystems - Irvine United States
1fcced4cSJordan Brown#define	SMB_LIB_ALT	"/usr/lib/smbsrv/libsmbex.so"
1fcced4cSJordan Brown
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic boolean_t smb_netgroup_match(struct nd_hostservlist *, char *, int);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesextern int __multi_innetgr();
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesextern int __netdir_getbyaddr_nosrv(struct netconfig *,
b89a8333Snatalie li - Sun Microsystems - Irvine United States    struct nd_hostservlist **, struct netbuf *);
da6c28aaSamw
da6c28aaSamw#define	C2H(c)		"0123456789ABCDEF"[(c)]
da6c28aaSamw#define	H2C(c)    (((c) >= '0' && (c) <= '9') ? ((c) - '0') :     \
da6c28aaSamw	((c) >= 'a' && (c) <= 'f') ? ((c) - 'a' + 10) :         \
da6c28aaSamw	((c) >= 'A' && (c) <= 'F') ? ((c) - 'A' + 10) :         \
da6c28aaSamw	'\0')
da6c28aaSamw#define	DEFAULT_SBOX_SIZE		256
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw *
da6c28aaSamw * hexdump
da6c28aaSamw *
da6c28aaSamw * Simple hex dump display function. Displays nbytes of buffer in hex and
da6c28aaSamw * printable format. Non-printing characters are shown as '.'. It is safe
da6c28aaSamw * to pass a null pointer. Each line begins with the offset. If nbytes is
da6c28aaSamw * 0, the line will be blank except for the offset. Example output:
da6c28aaSamw *
da6c28aaSamw * 00000000  54 68 69 73 20 69 73 20 61 20 70 72 6F 67 72 61  This is a progra
da6c28aaSamw * 00000010  6D 20 74 65 73 74 2E 00                          m test..
da6c28aaSamw *
da6c28aaSamw */
da6c28aaSamwvoid
dc20a302Sas200622hexdump_offset(unsigned char *buffer, int nbytes, unsigned long *start)
da6c28aaSamw{
da6c28aaSamw	static char *hex = "0123456789ABCDEF";
da6c28aaSamw	int i, count;
da6c28aaSamw	int offset;
da6c28aaSamw	unsigned char *p;
da6c28aaSamw	char ascbuf[64];
da6c28aaSamw	char hexbuf[64];
da6c28aaSamw	char *ap = ascbuf;
da6c28aaSamw	char *hp = hexbuf;
da6c28aaSamw
dc20a302Sas200622	if ((p = buffer) == NULL)
da6c28aaSamw		return;
da6c28aaSamw
da6c28aaSamw	offset = *start;
da6c28aaSamw
da6c28aaSamw	*ap = '\0';
da6c28aaSamw	*hp = '\0';
da6c28aaSamw	count = 0;
da6c28aaSamw
da6c28aaSamw	for (i = 0; i < nbytes; ++i) {
da6c28aaSamw		if (i && (i % 16) == 0) {
dc20a302Sas200622			smb_tracef("%06X %s  %s", offset, hexbuf, ascbuf);
da6c28aaSamw			ap = ascbuf;
da6c28aaSamw			hp = hexbuf;
da6c28aaSamw			count = 0;
da6c28aaSamw			offset += 16;
da6c28aaSamw		}
da6c28aaSamw
da6c28aaSamw		ap += sprintf(ap, "%c",
da6c28aaSamw		    (*p >= 0x20 && *p < 0x7F) ? *p : '.');
da6c28aaSamw		hp += sprintf(hp, " %c%c",
da6c28aaSamw		    hex[(*p >> 4) & 0x0F], hex[(*p & 0x0F)]);
da6c28aaSamw		++p;
da6c28aaSamw		++count;
da6c28aaSamw	}
da6c28aaSamw
da6c28aaSamw	if (count) {
dc20a302Sas200622		smb_tracef("%06X %-48s  %s", offset, hexbuf, ascbuf);
da6c28aaSamw		offset += count;
da6c28aaSamw	}
da6c28aaSamw
da6c28aaSamw	*start = offset;
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamwvoid
da6c28aaSamwhexdump(unsigned char *buffer, int nbytes)
da6c28aaSamw{
da6c28aaSamw	unsigned long start = 0;
da6c28aaSamw
dc20a302Sas200622	hexdump_offset(buffer, nbytes, &start);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * bintohex
da6c28aaSamw *
da6c28aaSamw * Converts the given binary data (srcbuf) to
da6c28aaSamw * its equivalent hex chars (hexbuf).
da6c28aaSamw *
da6c28aaSamw * hexlen should be at least twice as srclen.
da6c28aaSamw * if hexbuf is not big enough returns 0.
da6c28aaSamw * otherwise returns number of valid chars in
da6c28aaSamw * hexbuf which is srclen * 2.
da6c28aaSamw */
da6c28aaSamwsize_t
da6c28aaSamwbintohex(const char *srcbuf, size_t srclen,
da6c28aaSamw    char *hexbuf, size_t hexlen)
da6c28aaSamw{
da6c28aaSamw	size_t outlen;
da6c28aaSamw	char c;
da6c28aaSamw
da6c28aaSamw	outlen = srclen << 1;
da6c28aaSamw
da6c28aaSamw	if (hexlen < outlen)
da6c28aaSamw		return (0);
da6c28aaSamw
da6c28aaSamw	while (srclen-- > 0) {
da6c28aaSamw		c = *srcbuf++;
da6c28aaSamw		*hexbuf++ = C2H(c & 0xF);
da6c28aaSamw		*hexbuf++ = C2H((c >> 4) & 0xF);
da6c28aaSamw	}
da6c28aaSamw
da6c28aaSamw	return (outlen);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * hextobin
da6c28aaSamw *
da6c28aaSamw * Converts hex to binary.
da6c28aaSamw *
da6c28aaSamw * Assuming hexbuf only contains hex digits (chars)
da6c28aaSamw * this function convert every two bytes of hexbuf
da6c28aaSamw * to one byte and put it in dstbuf.
da6c28aaSamw *
da6c28aaSamw * hexlen should be an even number.
da6c28aaSamw * dstlen should be at least half of hexlen.
da6c28aaSamw *
da6c28aaSamw * Returns 0 if sizes are not correct, otherwise
da6c28aaSamw * returns the number of converted bytes in dstbuf
da6c28aaSamw * which is half of hexlen.
da6c28aaSamw */
da6c28aaSamwsize_t
da6c28aaSamwhextobin(const char *hexbuf, size_t hexlen,
da6c28aaSamw    char *dstbuf, size_t dstlen)
da6c28aaSamw{
da6c28aaSamw	size_t outlen;
da6c28aaSamw
da6c28aaSamw	if ((hexlen % 2) != 0)
da6c28aaSamw		return (0);
da6c28aaSamw
da6c28aaSamw	outlen = hexlen >> 1;
da6c28aaSamw	if (dstlen < outlen)
da6c28aaSamw		return (0);
da6c28aaSamw
da6c28aaSamw	while (hexlen > 0) {
da6c28aaSamw		*dstbuf = H2C(*hexbuf) & 0x0F;
da6c28aaSamw		hexbuf++;
da6c28aaSamw		*dstbuf++ |= (H2C(*hexbuf) << 4) & 0xF0;
da6c28aaSamw		hexbuf++;
da6c28aaSamw
da6c28aaSamw		hexlen -= 2;
da6c28aaSamw	}
da6c28aaSamw
da6c28aaSamw	return (outlen);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
8d7e4166Sjose borrego * Trim leading and trailing characters in the set defined by class
8d7e4166Sjose borrego * from a buffer containing a null-terminated string.
8d7e4166Sjose borrego * For example, if the input buffer contained "ABtext23" and class
8d7e4166Sjose borrego * contains "ABC123", the buffer will contain "text" on return.
8d7e4166Sjose borrego *
8d7e4166Sjose borrego * This function modifies the contents of buf in place and returns
8d7e4166Sjose borrego * a pointer to buf.
8d7e4166Sjose borrego */
8d7e4166Sjose borregochar *
8d7e4166Sjose borregostrtrim(char *buf, const char *class)
8d7e4166Sjose borrego{
8d7e4166Sjose borrego	char *p = buf;
8d7e4166Sjose borrego	char *q = buf;
8d7e4166Sjose borrego
8d7e4166Sjose borrego	if (buf == NULL)
8d7e4166Sjose borrego		return (NULL);
8d7e4166Sjose borrego
8d7e4166Sjose borrego	p += strspn(p, class);
8d7e4166Sjose borrego
8d7e4166Sjose borrego	if (p != buf) {
8d7e4166Sjose borrego		while ((*q = *p++) != '\0')
8d7e4166Sjose borrego			++q;
8d7e4166Sjose borrego	}
8d7e4166Sjose borrego
8d7e4166Sjose borrego	while (q != buf) {
8d7e4166Sjose borrego		--q;
8d7e4166Sjose borrego		if (strspn(q, class) == 0)
8d7e4166Sjose borrego			return (buf);
8d7e4166Sjose borrego		*q = '\0';
8d7e4166Sjose borrego	}
8d7e4166Sjose borrego
8d7e4166Sjose borrego	return (buf);
8d7e4166Sjose borrego}
8d7e4166Sjose borrego
8d7e4166Sjose borrego/*
8d7e4166Sjose borrego * Strip the characters in the set defined by class from a buffer
8d7e4166Sjose borrego * containing a null-terminated string.
8d7e4166Sjose borrego * For example, if the input buffer contained "XYA 1textZ string3"
8d7e4166Sjose borrego * and class contains "123XYZ", the buffer will contain "A text string"
8d7e4166Sjose borrego * on return.
8d7e4166Sjose borrego *
8d7e4166Sjose borrego * This function modifies the contents of buf in place and returns
8d7e4166Sjose borrego * a pointer to buf.
8d7e4166Sjose borrego */
8d7e4166Sjose borregochar *
8d7e4166Sjose borregostrstrip(char *buf, const char *class)
8d7e4166Sjose borrego{
8d7e4166Sjose borrego	char *p = buf;
8d7e4166Sjose borrego	char *q = buf;
8d7e4166Sjose borrego
8d7e4166Sjose borrego	if (buf == NULL)
8d7e4166Sjose borrego		return (NULL);
8d7e4166Sjose borrego
8d7e4166Sjose borrego	while (*p) {
8d7e4166Sjose borrego		p += strspn(p, class);
8d7e4166Sjose borrego		*q++ = *p++;
8d7e4166Sjose borrego	}
8d7e4166Sjose borrego
8d7e4166Sjose borrego	*q = '\0';
8d7e4166Sjose borrego	return (buf);
8d7e4166Sjose borrego}
8d7e4166Sjose borrego
8d7e4166Sjose borrego/*
da6c28aaSamw * trim_whitespace
da6c28aaSamw *
da6c28aaSamw * Trim leading and trailing whitespace chars (as defined by isspace)
da6c28aaSamw * from a buffer. Example; if the input buffer contained "  text  ",
da6c28aaSamw * it will contain "text", when we return. We assume that the buffer
da6c28aaSamw * contains a null terminated string. A pointer to the buffer is
da6c28aaSamw * returned.
da6c28aaSamw */
da6c28aaSamwchar *
da6c28aaSamwtrim_whitespace(char *buf)
da6c28aaSamw{
da6c28aaSamw	char *p = buf;
da6c28aaSamw	char *q = buf;
da6c28aaSamw
dc20a302Sas200622	if (buf == NULL)
dc20a302Sas200622		return (NULL);
da6c28aaSamw
da6c28aaSamw	while (*p && isspace(*p))
da6c28aaSamw		++p;
da6c28aaSamw
da6c28aaSamw	while ((*q = *p++) != 0)
da6c28aaSamw		++q;
da6c28aaSamw
da6c28aaSamw	if (q != buf) {
da6c28aaSamw		while ((--q, isspace(*q)) != 0)
da6c28aaSamw			*q = '\0';
da6c28aaSamw	}
da6c28aaSamw
da6c28aaSamw	return (buf);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * This is the hash mechanism used to encrypt passwords for commands like
da6c28aaSamw * SamrSetUserInformation. It uses a 256 byte s-box.
da6c28aaSamw */
da6c28aaSamwvoid
da6c28aaSamwrand_hash(
da6c28aaSamw    unsigned char *data,
da6c28aaSamw    size_t datalen,
da6c28aaSamw    unsigned char *key,
da6c28aaSamw    size_t keylen)
da6c28aaSamw{
da6c28aaSamw	unsigned char sbox[DEFAULT_SBOX_SIZE];
da6c28aaSamw	unsigned char tmp;
da6c28aaSamw	unsigned char index_i = 0;
da6c28aaSamw	unsigned char index_j = 0;
da6c28aaSamw	unsigned char j = 0;
da6c28aaSamw	int i;
da6c28aaSamw
da6c28aaSamw	for (i = 0; i < DEFAULT_SBOX_SIZE; ++i)
da6c28aaSamw		sbox[i] = (unsigned char)i;
da6c28aaSamw
da6c28aaSamw	for (i = 0; i < DEFAULT_SBOX_SIZE; ++i) {
da6c28aaSamw		j += (sbox[i] + key[i % keylen]);
da6c28aaSamw
da6c28aaSamw		tmp = sbox[i];
da6c28aaSamw		sbox[i] = sbox[j];
da6c28aaSamw		sbox[j] = tmp;
da6c28aaSamw	}
da6c28aaSamw
da6c28aaSamw	for (i = 0; i < datalen; ++i) {
da6c28aaSamw		index_i++;
da6c28aaSamw		index_j += sbox[index_i];
da6c28aaSamw
da6c28aaSamw		tmp = sbox[index_i];
da6c28aaSamw		sbox[index_i] = sbox[index_j];
da6c28aaSamw		sbox[index_j] = tmp;
da6c28aaSamw
da6c28aaSamw		tmp = sbox[index_i] + sbox[index_j];
da6c28aaSamw		data[i] = data[i] ^ sbox[tmp];
da6c28aaSamw	}
da6c28aaSamw}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * smb_chk_hostaccess
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
148c5f43SAlan Wright * Determines whether the specified host is in the given access list.
148c5f43SAlan Wright *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * We match on aliases of the hostname as well as on the canonical name.
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Names in the access list may be either hosts or netgroups;  they're
b89a8333Snatalie li - Sun Microsystems - Irvine United States * not distinguished syntactically.  We check for hosts first because
b89a8333Snatalie li - Sun Microsystems - Irvine United States * it's cheaper (just M*N strcmp()s), then try netgroups.
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Function returns:
148c5f43SAlan Wright *	-1 for "all" (list is empty "" or "*")
148c5f43SAlan Wright *	0 not found  (host is not in the list or list is NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States *	1 found
7f667e74Sjose borrego *
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesint
7f667e74Sjose borregosmb_chk_hostaccess(smb_inaddr_t *ipaddr, char *access_list)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
9b241b4eSYuri Pankov	char addr[INET_ADDRSTRLEN];
9b241b4eSYuri Pankov	char buff[256];
9b241b4eSYuri Pankov	char *cstr = access_list, *gr = access_list;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	char *host;
2807a6ecSYuri Pankov	int clres;
9b241b4eSYuri Pankov	int i;
9b241b4eSYuri Pankov	int nentries = 0;
9b241b4eSYuri Pankov	int off;
9b241b4eSYuri Pankov	int response;
9b241b4eSYuri Pankov	int sbr = 0;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	struct nd_hostservlist *clnames;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	struct in_addr inaddr;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	struct sockaddr_in sa;
9b241b4eSYuri Pankov	struct sockaddr_in6 sa6;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	struct netbuf buf;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	struct netconfig *config;
9b241b4eSYuri Pankov	struct netent n, *np;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
148c5f43SAlan Wright	if (access_list == NULL)
148c5f43SAlan Wright		return (0);
7f667e74Sjose borrego
9b241b4eSYuri Pankov	/* If access list is empty or "*" - then it's "all" */
148c5f43SAlan Wright	if (*access_list == '\0' || strcmp(access_list, "*") == 0)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (-1);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
9b241b4eSYuri Pankov	switch (ipaddr->a_family) {
9b241b4eSYuri Pankov	case AF_INET:
9b241b4eSYuri Pankov		inaddr.s_addr = ipaddr->a_ipv4;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		sa.sin_family = AF_INET;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		sa.sin_port = 0;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		sa.sin_addr = inaddr;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		buf.len = buf.maxlen = sizeof (sa);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		buf.buf = (char *)&sa;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		config = getnetconfigent("tcp");
9b241b4eSYuri Pankov		break;
9b241b4eSYuri Pankov	case AF_INET6:
9b241b4eSYuri Pankov		sa6.sin6_family = AF_INET6;
9b241b4eSYuri Pankov		sa6.sin6_port = 0;
9b241b4eSYuri Pankov		sa6.sin6_addr = ipaddr->a_ipv6;
9b241b4eSYuri Pankov		buf.len = buf.maxlen = sizeof (sa6);
9b241b4eSYuri Pankov		buf.buf = (char *)&sa6;
9b241b4eSYuri Pankov		config = getnetconfigent("tcp6");
9b241b4eSYuri Pankov		break;
9b241b4eSYuri Pankov	default:
9b241b4eSYuri Pankov		return (1);
9b241b4eSYuri Pankov	}
9b241b4eSYuri Pankov
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (config == NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (1);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
9b241b4eSYuri Pankov	/* Try to lookup client hostname */
2807a6ecSYuri Pankov	clres = __netdir_getbyaddr_nosrv(config, &clnames, &buf);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	freenetconfigent(config);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
9b241b4eSYuri Pankov	for (;;) {
9b241b4eSYuri Pankov		if ((cstr = strpbrk(cstr, "[]:")) != NULL) {
9b241b4eSYuri Pankov			switch (*cstr) {
9b241b4eSYuri Pankov			case '[':
9b241b4eSYuri Pankov			case ']':
9b241b4eSYuri Pankov				sbr = !sbr;
9b241b4eSYuri Pankov				cstr++;
9b241b4eSYuri Pankov				continue;
9b241b4eSYuri Pankov			case ':':
9b241b4eSYuri Pankov				if (sbr) {
9b241b4eSYuri Pankov					cstr++;
9b241b4eSYuri Pankov					continue;
9b241b4eSYuri Pankov				}
9b241b4eSYuri Pankov				*cstr = '\0';
9b241b4eSYuri Pankov			}
9b241b4eSYuri Pankov		}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		/*
9b241b4eSYuri Pankov		 * If the list name has a '-' prepended then a match of
9b241b4eSYuri Pankov		 * the following name implies failure instead of success.
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 */
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (*gr == '-') {
b89a8333Snatalie li - Sun Microsystems - Irvine United States			response = 0;
b89a8333Snatalie li - Sun Microsystems - Irvine United States			gr++;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		} else {
b89a8333Snatalie li - Sun Microsystems - Irvine United States			response = 1;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		/*
9b241b4eSYuri Pankov		 * First check if we have '@' entry, as it doesn't
9b241b4eSYuri Pankov		 * require client hostname.
2807a6ecSYuri Pankov		 */
9b241b4eSYuri Pankov		if (*gr == '@') {
9b241b4eSYuri Pankov			gr++;
9b241b4eSYuri Pankov
9b241b4eSYuri Pankov			if (!isdigit(*gr) && *gr != '[') {
9b241b4eSYuri Pankov				/* Netname support */
9b241b4eSYuri Pankov				if ((np = getnetbyname_r(gr, &n, buff,
9b241b4eSYuri Pankov				    sizeof (buff))) != NULL &&
9b241b4eSYuri Pankov				    np->n_net != 0) {
9b241b4eSYuri Pankov					while ((np->n_net & 0xFF000000u) == 0)
9b241b4eSYuri Pankov						np->n_net <<= 8;
9b241b4eSYuri Pankov					np->n_net = htonl(np->n_net);
9b241b4eSYuri Pankov					if (inet_ntop(AF_INET, &np->n_net, addr,
9b241b4eSYuri Pankov					    INET_ADDRSTRLEN) == NULL)
9b241b4eSYuri Pankov						break;
9b241b4eSYuri Pankov					if (inet_matchaddr(buf.buf, addr))
2807a6ecSYuri Pankov						return (response);
9b241b4eSYuri Pankov				}
9b241b4eSYuri Pankov			} else {
9b241b4eSYuri Pankov				if (inet_matchaddr(buf.buf, gr))
9b241b4eSYuri Pankov					return (response);
9b241b4eSYuri Pankov			}
9b241b4eSYuri Pankov
9b241b4eSYuri Pankov			if (cstr == NULL)
9b241b4eSYuri Pankov				break;
9b241b4eSYuri Pankov
9b241b4eSYuri Pankov			gr = ++cstr;
9b241b4eSYuri Pankov
9b241b4eSYuri Pankov			continue;
9b241b4eSYuri Pankov		}
9b241b4eSYuri Pankov
2807a6ecSYuri Pankov		/*
2807a6ecSYuri Pankov		 * No other checks can be performed if client address
2807a6ecSYuri Pankov		 * can't be resolved.
2807a6ecSYuri Pankov		 */
9b241b4eSYuri Pankov		if (clres) {
9b241b4eSYuri Pankov			if (cstr == NULL)
9b241b4eSYuri Pankov				break;
9b241b4eSYuri Pankov
9b241b4eSYuri Pankov			gr = ++cstr;
9b241b4eSYuri Pankov
2807a6ecSYuri Pankov			continue;
9b241b4eSYuri Pankov		}
9b241b4eSYuri Pankov
9b241b4eSYuri Pankov		/* Otherwise loop through all client hostname aliases */
b89a8333Snatalie li - Sun Microsystems - Irvine United States		for (i = 0; i < clnames->h_cnt; i++) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States			host = clnames->h_hostservs[i].h_host;
b89a8333Snatalie li - Sun Microsystems - Irvine United States			/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States			 * If the list name begins with a dot then
b89a8333Snatalie li - Sun Microsystems - Irvine United States			 * do a domain name suffix comparison.
b89a8333Snatalie li - Sun Microsystems - Irvine United States			 * A single dot matches any name with no
b89a8333Snatalie li - Sun Microsystems - Irvine United States			 * suffix.
b89a8333Snatalie li - Sun Microsystems - Irvine United States			 */
b89a8333Snatalie li - Sun Microsystems - Irvine United States			if (*gr == '.') {
9b241b4eSYuri Pankov				if (*(gr + 1) == '\0') {
b89a8333Snatalie li - Sun Microsystems - Irvine United States					if (strchr(host, '.') == NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States						return (response);
b89a8333Snatalie li - Sun Microsystems - Irvine United States				} else {
b89a8333Snatalie li - Sun Microsystems - Irvine United States					off = strlen(host) - strlen(gr);
b89a8333Snatalie li - Sun Microsystems - Irvine United States					if (off > 0 &&
b89a8333Snatalie li - Sun Microsystems - Irvine United States					    strcasecmp(host + off, gr) == 0) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States						return (response);
b89a8333Snatalie li - Sun Microsystems - Irvine United States					}
b89a8333Snatalie li - Sun Microsystems - Irvine United States				}
b89a8333Snatalie li - Sun Microsystems - Irvine United States			} else {
9b241b4eSYuri Pankov				/* Just do a hostname match */
b89a8333Snatalie li - Sun Microsystems - Irvine United States				if (strcasecmp(gr, host) == 0)
b89a8333Snatalie li - Sun Microsystems - Irvine United States					return (response);
b89a8333Snatalie li - Sun Microsystems - Irvine United States				}
b89a8333Snatalie li - Sun Microsystems - Irvine United States			}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		nentries++;
9b241b4eSYuri Pankov
9b241b4eSYuri Pankov		if (cstr == NULL)
9b241b4eSYuri Pankov			break;
9b241b4eSYuri Pankov
9b241b4eSYuri Pankov		gr = ++cstr;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
2807a6ecSYuri Pankov	if (clres)
2807a6ecSYuri Pankov		return (0);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
2807a6ecSYuri Pankov	return (smb_netgroup_match(clnames, access_list, nentries));
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States * smb_netgroup_match
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Check whether any of the hostnames in clnames are
b89a8333Snatalie li - Sun Microsystems - Irvine United States * members (or non-members) of the netgroups in glist.
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Since the innetgr lookup is rather expensive, the
b89a8333Snatalie li - Sun Microsystems - Irvine United States * result is cached. The cached entry is valid only
b89a8333Snatalie li - Sun Microsystems - Irvine United States * for VALID_TIME seconds.  This works well because
b89a8333Snatalie li - Sun Microsystems - Irvine United States * typically these lookups occur in clusters when
b89a8333Snatalie li - Sun Microsystems - Irvine United States * a client is mounting.
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * Note that this routine establishes a host membership
b89a8333Snatalie li - Sun Microsystems - Irvine United States * in a list of netgroups - we've no idea just which
b89a8333Snatalie li - Sun Microsystems - Irvine United States * netgroup in the list it is a member of.
b89a8333Snatalie li - Sun Microsystems - Irvine United States *
b89a8333Snatalie li - Sun Microsystems - Irvine United States * glist is a character array containing grc strings
b89a8333Snatalie li - Sun Microsystems - Irvine United States * representing netgroup names (optionally prefixed
b89a8333Snatalie li - Sun Microsystems - Irvine United States * with '-'). Each string is ended with '\0'  and
b89a8333Snatalie li - Sun Microsystems - Irvine United States * followed immediately by the next string.
b89a8333Snatalie li - Sun Microsystems - Irvine United States */
b89a8333Snatalie li - Sun Microsystems - Irvine United Statesstatic boolean_t
b89a8333Snatalie li - Sun Microsystems - Irvine United Statessmb_netgroup_match(struct nd_hostservlist *clnames, char  *glist, int grc)
b89a8333Snatalie li - Sun Microsystems - Irvine United States{
b89a8333Snatalie li - Sun Microsystems - Irvine United States	char **grl;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	char *gr;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	int nhosts = clnames->h_cnt;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	char *host;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	int i, j, n;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	boolean_t response;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	boolean_t belong = B_FALSE;
b89a8333Snatalie li - Sun Microsystems - Irvine United States	static char *domain = NULL;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (domain == NULL) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		int	ssize;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		domain = malloc(SYS_NMLN);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (domain == NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States			return (B_FALSE);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		ssize = sysinfo(SI_SRPC_DOMAIN, domain, SYS_NMLN);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (ssize > SYS_NMLN) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States			free(domain);
b89a8333Snatalie li - Sun Microsystems - Irvine United States			domain = malloc(ssize);
b89a8333Snatalie li - Sun Microsystems - Irvine United States			if (domain == NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States				return (B_FALSE);
b89a8333Snatalie li - Sun Microsystems - Irvine United States			ssize = sysinfo(SI_SRPC_DOMAIN, domain, ssize);
b89a8333Snatalie li - Sun Microsystems - Irvine United States		}
b89a8333Snatalie li - Sun Microsystems - Irvine United States		/* Check for error in syscall or NULL domain name */
b89a8333Snatalie li - Sun Microsystems - Irvine United States		if (ssize <= 1)
b89a8333Snatalie li - Sun Microsystems - Irvine United States			return (B_FALSE);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	grl = calloc(grc, sizeof (char *));
b89a8333Snatalie li - Sun Microsystems - Irvine United States	if (grl == NULL)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		return (B_FALSE);
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	for (i = 0, gr = glist; i < grc && !belong; ) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States		/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 * If the netgroup name has a '-' prepended
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 * then a match of this name implies a failure
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 * instead of success.
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 */
b89a8333Snatalie li - Sun Microsystems - Irvine United States		response = (*gr != '-') ? B_TRUE : B_FALSE;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 * Subsequent names with or without a '-' (but no mix)
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 * can be grouped together for a single check.
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 */
b89a8333Snatalie li - Sun Microsystems - Irvine United States		for (n = 0; i < grc; i++, n++, gr += strlen(gr) + 1) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States			if ((response && *gr == '-') ||
b89a8333Snatalie li - Sun Microsystems - Irvine United States			    (!response && *gr != '-'))
b89a8333Snatalie li - Sun Microsystems - Irvine United States				break;
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States			grl[n] = response ? gr : gr + 1;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States		/*
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 * Check the netgroup for each
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 * of the hosts names (usually just one).
b89a8333Snatalie li - Sun Microsystems - Irvine United States		 */
b89a8333Snatalie li - Sun Microsystems - Irvine United States		for (j = 0; j < nhosts && !belong; j++) {
b89a8333Snatalie li - Sun Microsystems - Irvine United States			host = clnames->h_hostservs[j].h_host;
b89a8333Snatalie li - Sun Microsystems - Irvine United States			if (__multi_innetgr(n, grl, 1, &host, 0, NULL,
b89a8333Snatalie li - Sun Microsystems - Irvine United States			    1, &domain))
b89a8333Snatalie li - Sun Microsystems - Irvine United States				belong = B_TRUE;
b89a8333Snatalie li - Sun Microsystems - Irvine United States		}
b89a8333Snatalie li - Sun Microsystems - Irvine United States	}
b89a8333Snatalie li - Sun Microsystems - Irvine United States
b89a8333Snatalie li - Sun Microsystems - Irvine United States	free(grl);
b89a8333Snatalie li - Sun Microsystems - Irvine United States	return (belong ? response : B_FALSE);
b89a8333Snatalie li - Sun Microsystems - Irvine United States}
6d57f833SAlan Wright
6d57f833SAlan Wright/*
6d57f833SAlan Wright * Resolve the ZFS dataset from a path.
29bd2886SAlan Wright * Returns,
29bd2886SAlan Wright *	0  = On success.
29bd2886SAlan Wright *	-1 = Failure to open /etc/mnttab file or to get ZFS dataset.
6d57f833SAlan Wright */
6d57f833SAlan Wrightint
6d57f833SAlan Wrightsmb_getdataset(const char *path, char *dataset, size_t len)
6d57f833SAlan Wright{
6d57f833SAlan Wright	char tmppath[MAXPATHLEN];
6d57f833SAlan Wright	char *cp;
6d57f833SAlan Wright	FILE *fp;
6d57f833SAlan Wright	struct mnttab mnttab;
6d57f833SAlan Wright	struct mnttab mntpref;
6d57f833SAlan Wright	int rc = -1;
6d57f833SAlan Wright
6d57f833SAlan Wright	if ((fp = fopen(MNTTAB, "r")) == NULL)
6d57f833SAlan Wright		return (-1);
6d57f833SAlan Wright
6d57f833SAlan Wright	(void) memset(&mnttab, '\0', sizeof (mnttab));
6d57f833SAlan Wright	(void) strlcpy(tmppath, path, MAXPATHLEN);
6d57f833SAlan Wright	cp = tmppath;
6d57f833SAlan Wright
6d57f833SAlan Wright	while (*cp != '\0') {
6d57f833SAlan Wright		resetmnttab(fp);
6d57f833SAlan Wright		(void) memset(&mntpref, '\0', sizeof (mntpref));
6d57f833SAlan Wright		mntpref.mnt_mountp = tmppath;
6d57f833SAlan Wright
6d57f833SAlan Wright		if (getmntany(fp, &mnttab, &mntpref) == 0) {
29bd2886SAlan Wright			if (mnttab.mnt_fstype == NULL)
29bd2886SAlan Wright				break;
29bd2886SAlan Wright
29bd2886SAlan Wright			if (strcmp(mnttab.mnt_fstype, "zfs") != 0)
29bd2886SAlan Wright				break;
6d57f833SAlan Wright			/*
6d57f833SAlan Wright			 * Ensure that there are no leading slashes
6d57f833SAlan Wright			 * (required for zfs_open).
6d57f833SAlan Wright			 */
6d57f833SAlan Wright			cp = mnttab.mnt_special;
6d57f833SAlan Wright			cp += strspn(cp, "/");
6d57f833SAlan Wright			(void) strlcpy(dataset, cp, len);
6d57f833SAlan Wright			rc = 0;
6d57f833SAlan Wright			break;
6d57f833SAlan Wright		}
6d57f833SAlan Wright
fc724630SAlan Wright		if (strcmp(tmppath, "/") == 0)
fc724630SAlan Wright			break;
fc724630SAlan Wright
fc724630SAlan Wright		if ((cp = strrchr(tmppath, '/')) == NULL)
fc724630SAlan Wright			break;
fc724630SAlan Wright
fc724630SAlan Wright		/*
fc724630SAlan Wright		 * The path has multiple components.
fc724630SAlan Wright		 * Remove the last component and try again.
fc724630SAlan Wright		 */
6d57f833SAlan Wright		*cp = '\0';
6d57f833SAlan Wright		if (tmppath[0] == '\0')
6d57f833SAlan Wright			(void) strcpy(tmppath, "/");
6d57f833SAlan Wright
6d57f833SAlan Wright		cp = tmppath;
6d57f833SAlan Wright	}
6d57f833SAlan Wright
6d57f833SAlan Wright	(void) fclose(fp);
6d57f833SAlan Wright	return (rc);
6d57f833SAlan Wright}
29bd2886SAlan Wright
29bd2886SAlan Wright/*
1fcced4cSJordan Brown * smb_dlopen
1fcced4cSJordan Brown *
1fcced4cSJordan Brown * Check to see if an interposer library exists.  If it exists
1fcced4cSJordan Brown * and reports a valid version number and key (UUID), return
1fcced4cSJordan Brown * a handle to the library.  Otherwise, return NULL.
1fcced4cSJordan Brown */
1fcced4cSJordan Brownvoid *
1fcced4cSJordan Brownsmb_dlopen(void)
1fcced4cSJordan Brown{
1fcced4cSJordan Brown	uuid_t uuid;
1fcced4cSJordan Brown	void *interposer_hdl;
1fcced4cSJordan Brown	typedef int (*smbex_versionfn_t)(smbex_version_t *);
1fcced4cSJordan Brown	smbex_versionfn_t getversion;
1fcced4cSJordan Brown	smbex_version_t *version;
1fcced4cSJordan Brown
1fcced4cSJordan Brown	bzero(&uuid, sizeof (uuid_t));
1fcced4cSJordan Brown	if (uuid_parse(SMBEX_KEY, uuid) < 0)
1fcced4cSJordan Brown		return (NULL);
1fcced4cSJordan Brown
1fcced4cSJordan Brown	interposer_hdl = dlopen(SMB_LIB_ALT, RTLD_NOW | RTLD_LOCAL);
1fcced4cSJordan Brown	if (interposer_hdl == NULL)
1fcced4cSJordan Brown		return (NULL);
1fcced4cSJordan Brown
1fcced4cSJordan Brown	bzero(&getversion, sizeof (smbex_versionfn_t));
1fcced4cSJordan Brown	getversion = (smbex_versionfn_t)dlsym(interposer_hdl,
1fcced4cSJordan Brown	    "smbex_get_version");
1fcced4cSJordan Brown	if ((getversion == NULL) ||
1fcced4cSJordan Brown	    (version = malloc(sizeof (smbex_version_t))) == NULL) {
1fcced4cSJordan Brown		(void) dlclose(interposer_hdl);
1fcced4cSJordan Brown		return (NULL);
1fcced4cSJordan Brown	}
1fcced4cSJordan Brown	bzero(version, sizeof (smbex_version_t));
1fcced4cSJordan Brown
1fcced4cSJordan Brown	if ((getversion(version) != 0) ||
1fcced4cSJordan Brown	    (version->v_version != SMBEX_VERSION) ||
1fcced4cSJordan Brown	    (uuid_compare(version->v_uuid, uuid) != 0)) {
1fcced4cSJordan Brown		free(version);
1fcced4cSJordan Brown		(void) dlclose(interposer_hdl);
1fcced4cSJordan Brown		return (NULL);
1fcced4cSJordan Brown	}
1fcced4cSJordan Brown
1fcced4cSJordan Brown	free(version);
1fcced4cSJordan Brown	return (interposer_hdl);
1fcced4cSJordan Brown}
1fcced4cSJordan Brown
1fcced4cSJordan Brown/*
1fcced4cSJordan Brown * smb_dlclose
1fcced4cSJordan Brown *
1fcced4cSJordan Brown * Closes handle to the interposed library.
1fcced4cSJordan Brown */
1fcced4cSJordan Brownvoid
1fcced4cSJordan Brownsmb_dlclose(void *handle)
1fcced4cSJordan Brown{
1fcced4cSJordan Brown	if (handle)
1fcced4cSJordan Brown		(void) dlclose(handle);
1fcced4cSJordan Brown}
1fcced4cSJordan Brown
1fcced4cSJordan Brown/*
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * This function is a wrapper for getnameinfo() to look up a hostname given an
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * IP address. The hostname returned by this function is used for constructing
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * the service principal name field of KRB AP-REQs. Hence, it should be
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * converted to lowercase for RFC 4120 section 6.2.1 conformance.
29bd2886SAlan Wright */
29bd2886SAlan Wrightint
29bd2886SAlan Wrightsmb_getnameinfo(smb_inaddr_t *ip, char *hostname, int hostlen, int flags)
29bd2886SAlan Wright{
29bd2886SAlan Wright	socklen_t salen;
29bd2886SAlan Wright	struct sockaddr_in6 sin6;
29bd2886SAlan Wright	struct sockaddr_in sin;
29bd2886SAlan Wright	void *sp;
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States	int rc;
29bd2886SAlan Wright
29bd2886SAlan Wright	if (ip->a_family == AF_INET) {
29bd2886SAlan Wright		salen = sizeof (struct sockaddr_in);
29bd2886SAlan Wright		sin.sin_family = ip->a_family;
29bd2886SAlan Wright		sin.sin_port = 0;
29bd2886SAlan Wright		sin.sin_addr.s_addr = ip->a_ipv4;
29bd2886SAlan Wright		sp = &sin;
29bd2886SAlan Wright	} else {
29bd2886SAlan Wright		salen = sizeof (struct sockaddr_in6);
29bd2886SAlan Wright		sin6.sin6_family = ip->a_family;
29bd2886SAlan Wright		sin6.sin6_port = 0;
29bd2886SAlan Wright		(void) memcpy(&sin6.sin6_addr.s6_addr, &ip->a_ipv6,
29bd2886SAlan Wright		    sizeof (sin6.sin6_addr.s6_addr));
29bd2886SAlan Wright		sp = &sin6;
29bd2886SAlan Wright	}
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States	if ((rc = (getnameinfo((struct sockaddr *)sp, salen,
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States	    hostname, hostlen, NULL, 0, flags))) == 0)
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States		(void) smb_strlwr(hostname);
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States	return (rc);
29bd2886SAlan Wright}
fe1c642dSBill Krier
fe1c642dSBill Krier/*
fe1c642dSBill Krier * A share name is considered invalid if it contains control
fe1c642dSBill Krier * characters or any of the following characters (MSDN 236388).
fe1c642dSBill Krier *
fe1c642dSBill Krier *	" / \ [ ] : | < > + ; , ? * =
fe1c642dSBill Krier */
fe1c642dSBill Krieruint32_t
fe1c642dSBill Kriersmb_name_validate_share(const char *sharename)
fe1c642dSBill Krier{
fe1c642dSBill Krier	const char *invalid = "\"/\\[]:|<>+;,?*=";
fe1c642dSBill Krier	const char *p;
fe1c642dSBill Krier
fe1c642dSBill Krier	if (sharename == NULL)
fe1c642dSBill Krier		return (ERROR_INVALID_PARAMETER);
fe1c642dSBill Krier
fe1c642dSBill Krier	if (strpbrk(sharename, invalid) != NULL)
fe1c642dSBill Krier		return (ERROR_INVALID_NAME);
fe1c642dSBill Krier
fe1c642dSBill Krier	for (p = sharename; *p != '\0'; p++) {
fe1c642dSBill Krier		if (iscntrl(*p))
fe1c642dSBill Krier			return (ERROR_INVALID_NAME);
fe1c642dSBill Krier	}
fe1c642dSBill Krier
fe1c642dSBill Krier	return (ERROR_SUCCESS);
fe1c642dSBill Krier}
fe1c642dSBill Krier
fe1c642dSBill Krier/*
fe1c642dSBill Krier * User and group names are limited to 256 characters, cannot be terminated
fe1c642dSBill Krier * by '.' and must not contain control characters or any of the following
fe1c642dSBill Krier * characters.
fe1c642dSBill Krier *
fe1c642dSBill Krier *	" / \ [ ] < > + ; , ? * = @
fe1c642dSBill Krier */
fe1c642dSBill Krieruint32_t
fe1c642dSBill Kriersmb_name_validate_account(const char *name)
fe1c642dSBill Krier{
fe1c642dSBill Krier	const char	*invalid = "\"/\\[]<>+;,?*=@";
fe1c642dSBill Krier	const char	*p;
fe1c642dSBill Krier	int		len;
fe1c642dSBill Krier
fe1c642dSBill Krier	if ((name == NULL) || (*name == '\0'))
fe1c642dSBill Krier		return (ERROR_INVALID_PARAMETER);
fe1c642dSBill Krier
fe1c642dSBill Krier	len = strlen(name);
fe1c642dSBill Krier	if ((len > MAXNAMELEN) || (name[len - 1] == '.'))
fe1c642dSBill Krier		return (ERROR_INVALID_NAME);
fe1c642dSBill Krier
fe1c642dSBill Krier	if (strpbrk(name, invalid) != NULL)
fe1c642dSBill Krier		return (ERROR_INVALID_NAME);
fe1c642dSBill Krier
fe1c642dSBill Krier	for (p = name; *p != '\0'; p++) {
fe1c642dSBill Krier		if (iscntrl(*p))
fe1c642dSBill Krier			return (ERROR_INVALID_NAME);
fe1c642dSBill Krier	}
fe1c642dSBill Krier
fe1c642dSBill Krier	return (ERROR_SUCCESS);
fe1c642dSBill Krier}
fe1c642dSBill Krier
fe1c642dSBill Krier/*
fe1c642dSBill Krier * Check a domain name for RFC 1035 and 1123 compliance.  Domain names may
fe1c642dSBill Krier * contain alphanumeric characters, hyphens and dots.  The first and last
fe1c642dSBill Krier * character of a label must be alphanumeric.  Interior characters may be
fe1c642dSBill Krier * alphanumeric or hypens.
fe1c642dSBill Krier *
fe1c642dSBill Krier * Domain names should not contain underscores but we allow them because
fe1c642dSBill Krier * Windows names are often in non-compliance with this rule.
fe1c642dSBill Krier */
fe1c642dSBill Krieruint32_t
fe1c642dSBill Kriersmb_name_validate_domain(const char *domain)
fe1c642dSBill Krier{
fe1c642dSBill Krier	boolean_t new_label = B_TRUE;
fe1c642dSBill Krier	const char *p;
fe1c642dSBill Krier	char label_terminator;
fe1c642dSBill Krier
fe1c642dSBill Krier	if (domain == NULL)
fe1c642dSBill Krier		return (ERROR_INVALID_PARAMETER);
fe1c642dSBill Krier
fe1c642dSBill Krier	if (*domain == '\0')
fe1c642dSBill Krier		return (ERROR_INVALID_NAME);
fe1c642dSBill Krier
fe1c642dSBill Krier	label_terminator = *domain;
fe1c642dSBill Krier
fe1c642dSBill Krier	for (p = domain; *p != '\0'; ++p) {
fe1c642dSBill Krier		if (new_label) {
fe1c642dSBill Krier			if (!isalnum(*p))
fe1c642dSBill Krier				return (ERROR_INVALID_NAME);
fe1c642dSBill Krier			new_label = B_FALSE;
fe1c642dSBill Krier			label_terminator = *p;
fe1c642dSBill Krier			continue;
fe1c642dSBill Krier		}
fe1c642dSBill Krier
fe1c642dSBill Krier		if (*p == '.') {
fe1c642dSBill Krier			if (!isalnum(label_terminator))
fe1c642dSBill Krier				return (ERROR_INVALID_NAME);
fe1c642dSBill Krier			new_label = B_TRUE;
fe1c642dSBill Krier			label_terminator = *p;
fe1c642dSBill Krier			continue;
fe1c642dSBill Krier		}
fe1c642dSBill Krier
fe1c642dSBill Krier		label_terminator = *p;
fe1c642dSBill Krier
fe1c642dSBill Krier		if (isalnum(*p) || *p == '-' || *p == '_')
fe1c642dSBill Krier			continue;
fe1c642dSBill Krier
fe1c642dSBill Krier		return (ERROR_INVALID_NAME);
fe1c642dSBill Krier	}
fe1c642dSBill Krier
fe1c642dSBill Krier	if (!isalnum(label_terminator))
fe1c642dSBill Krier		return (ERROR_INVALID_NAME);
fe1c642dSBill Krier
fe1c642dSBill Krier	return (ERROR_SUCCESS);
fe1c642dSBill Krier}
fe1c642dSBill Krier
fe1c642dSBill Krier/*
fe1c642dSBill Krier * A NetBIOS domain name can contain letters (a-zA-Z), numbers (0-9) and
fe1c642dSBill Krier * hyphens.
fe1c642dSBill Krier *
fe1c642dSBill Krier * It cannot:
fe1c642dSBill Krier * 	- be blank or longer than 15 chracters
fe1c642dSBill Krier * 	- contain all numbers
fe1c642dSBill Krier * 	- be the same as the computer name
fe1c642dSBill Krier */
fe1c642dSBill Krieruint32_t
fe1c642dSBill Kriersmb_name_validate_nbdomain(const char *name)
fe1c642dSBill Krier{
fe1c642dSBill Krier	char		netbiosname[NETBIOS_NAME_SZ];
fe1c642dSBill Krier	const char	*p;
fe1c642dSBill Krier	int		len;
fe1c642dSBill Krier
fe1c642dSBill Krier	if (name == NULL)
fe1c642dSBill Krier		return (ERROR_INVALID_PARAMETER);
fe1c642dSBill Krier
fe1c642dSBill Krier	len = strlen(name);
fe1c642dSBill Krier	if (len == 0 || len >= NETBIOS_NAME_SZ)
fe1c642dSBill Krier		return (ERROR_INVALID_NAME);
fe1c642dSBill Krier
fe1c642dSBill Krier	if (strspn(name, "0123456789") == len)
fe1c642dSBill Krier		return (ERROR_INVALID_NAME);
fe1c642dSBill Krier
fe1c642dSBill Krier	if (smb_getnetbiosname(netbiosname, NETBIOS_NAME_SZ) == 0) {
fe1c642dSBill Krier		if (smb_strcasecmp(name, netbiosname, 0) == 0)
fe1c642dSBill Krier			return (ERROR_INVALID_NAME);
fe1c642dSBill Krier	}
fe1c642dSBill Krier
fe1c642dSBill Krier	for (p = name; *p != '\0'; ++p) {
fe1c642dSBill Krier		if (isalnum(*p) || *p == '-' || *p == '_')
fe1c642dSBill Krier			continue;
fe1c642dSBill Krier
fe1c642dSBill Krier		return (ERROR_INVALID_NAME);
fe1c642dSBill Krier	}
fe1c642dSBill Krier
fe1c642dSBill Krier	return (ERROR_SUCCESS);
fe1c642dSBill Krier}
fe1c642dSBill Krier
fe1c642dSBill Krier/*
fe1c642dSBill Krier * A workgroup name can contain 1 to 15 characters but cannot be the same
fe1c642dSBill Krier * as the NetBIOS name.  The name must begin with a letter or number.
fe1c642dSBill Krier *
fe1c642dSBill Krier * The name cannot consist entirely of spaces or dots, which is covered
fe1c642dSBill Krier * by the requirement that the name must begin with an alphanumeric
fe1c642dSBill Krier * character.
fe1c642dSBill Krier *
fe1c642dSBill Krier * The name must not contain control characters or any of the following
fe1c642dSBill Krier * characters.
fe1c642dSBill Krier *
fe1c642dSBill Krier *	" / \ [ ] : | < > + = ; , ?
fe1c642dSBill Krier */
fe1c642dSBill Krieruint32_t
fe1c642dSBill Kriersmb_name_validate_workgroup(const char *workgroup)
fe1c642dSBill Krier{
fe1c642dSBill Krier	char netbiosname[NETBIOS_NAME_SZ];
fe1c642dSBill Krier	const char *invalid = "\"/\\[]:|<>+=;,?";
fe1c642dSBill Krier	const char *p;
fe1c642dSBill Krier
fe1c642dSBill Krier	if (workgroup == NULL)
fe1c642dSBill Krier		return (ERROR_INVALID_PARAMETER);
fe1c642dSBill Krier
fe1c642dSBill Krier	if (*workgroup == '\0' || (!isalnum(*workgroup)))
fe1c642dSBill Krier		return (ERROR_INVALID_NAME);
fe1c642dSBill Krier
fe1c642dSBill Krier	if (strlen(workgroup) >= NETBIOS_NAME_SZ)
fe1c642dSBill Krier		return (ERROR_INVALID_NAME);
fe1c642dSBill Krier
fe1c642dSBill Krier	if (smb_getnetbiosname(netbiosname, NETBIOS_NAME_SZ) == 0) {
fe1c642dSBill Krier		if (smb_strcasecmp(workgroup, netbiosname, 0) == 0)
fe1c642dSBill Krier			return (ERROR_INVALID_NAME);
fe1c642dSBill Krier	}
fe1c642dSBill Krier
fe1c642dSBill Krier	if (strpbrk(workgroup, invalid) != NULL)
fe1c642dSBill Krier		return (ERROR_INVALID_NAME);
fe1c642dSBill Krier
fe1c642dSBill Krier	for (p = workgroup; *p != '\0'; p++) {
fe1c642dSBill Krier		if (iscntrl(*p))
fe1c642dSBill Krier			return (ERROR_INVALID_NAME);
fe1c642dSBill Krier	}
fe1c642dSBill Krier
fe1c642dSBill Krier	return (ERROR_SUCCESS);
fe1c642dSBill Krier}
fe1c642dSBill Krier
fe1c642dSBill Krier/*
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * Check for invalid characters in the given path.  The list of invalid
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * characters includes control characters and the following:
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States *
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * " / \ [ ] : | < > + ; , ? * =
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States *
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * Since this is checking a path not each component, '/' is accepted
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * as separator not an invalid character, except as the first character
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * since this is supposed to be a relative path.
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States */
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United Statesuint32_t
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United Statessmb_name_validate_rpath(const char *relpath)
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States{
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States	char *invalid = "\"\\[]:|<>+;,?*=";
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States	char *cp;
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States	if ((relpath == NULL) || (*relpath == '\0') || (*relpath == '/'))
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States		return (ERROR_INVALID_NAME);
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States	if (strpbrk(relpath, invalid))
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States		return (ERROR_INVALID_NAME);
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States	for (cp = (char *)relpath; *cp != '\0'; cp++) {
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States		if (iscntrl(*cp))
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States			return (ERROR_INVALID_NAME);
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States	}
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States	return (ERROR_SUCCESS);
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States}
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States/*
fe1c642dSBill Krier * Parse a string to obtain the account and domain names as separate strings.
fe1c642dSBill Krier *
fe1c642dSBill Krier * Names containing a backslash ('\') are known as qualified or composite
fe1c642dSBill Krier * names.  The string preceding the backslash should be the domain name
fe1c642dSBill Krier * and the string following the slash should be a name within that domain.
fe1c642dSBill Krier *
fe1c642dSBill Krier * Names that do not contain a backslash are known as isolated names.
fe1c642dSBill Krier * An isolated name may be a single label, such as john, or may be in
fe1c642dSBill Krier * user principal name (UPN) form, such as john@example.com.
fe1c642dSBill Krier *
fe1c642dSBill Krier *	domain\name
fe1c642dSBill Krier *	domain/name
fe1c642dSBill Krier *	name
fe1c642dSBill Krier *	name@domain
fe1c642dSBill Krier *
fe1c642dSBill Krier * If we encounter any of the forms above in arg, the @, / or \ separator
fe1c642dSBill Krier * is replaced by \0 and the name and domain pointers are set to point to
fe1c642dSBill Krier * the appropriate components in arg.  Otherwise, name and domain pointers
fe1c642dSBill Krier * will be set to NULL.
fe1c642dSBill Krier */
fe1c642dSBill Kriervoid
fe1c642dSBill Kriersmb_name_parse(char *arg, char **account, char **domain)
fe1c642dSBill Krier{
fe1c642dSBill Krier	char *p;
fe1c642dSBill Krier
fe1c642dSBill Krier	*account = NULL;
fe1c642dSBill Krier	*domain = NULL;
fe1c642dSBill Krier
fe1c642dSBill Krier	if ((p = strpbrk(arg, "/\\@")) != NULL) {
fe1c642dSBill Krier		if (*p == '@') {
fe1c642dSBill Krier			*p = '\0';
fe1c642dSBill Krier			++p;
fe1c642dSBill Krier			*domain = p;
fe1c642dSBill Krier			*account = arg;
fe1c642dSBill Krier		} else {
fe1c642dSBill Krier			*p = '\0';
fe1c642dSBill Krier			++p;
fe1c642dSBill Krier			*account = p;
fe1c642dSBill Krier			*domain = arg;
fe1c642dSBill Krier		}
fe1c642dSBill Krier	}
fe1c642dSBill Krier}
148c5f43SAlan Wright
148c5f43SAlan Wright/*
148c5f43SAlan Wright * The txid is an arbitrary transaction.  A new txid is returned on each call.
148c5f43SAlan Wright *
148c5f43SAlan Wright * 0 or -1 are not assigned so that they can be used to detect
148c5f43SAlan Wright * invalid conditions.
148c5f43SAlan Wright */
148c5f43SAlan Wrightuint32_t
148c5f43SAlan Wrightsmb_get_txid(void)
148c5f43SAlan Wright{
148c5f43SAlan Wright	static mutex_t	txmutex;
148c5f43SAlan Wright	static uint32_t	txid;
148c5f43SAlan Wright	uint32_t	txid_ret;
148c5f43SAlan Wright
148c5f43SAlan Wright	(void) mutex_lock(&txmutex);
148c5f43SAlan Wright
148c5f43SAlan Wright	if (txid == 0)
148c5f43SAlan Wright		txid = time(NULL);
148c5f43SAlan Wright
148c5f43SAlan Wright	do {
148c5f43SAlan Wright		++txid;
148c5f43SAlan Wright	} while (txid == 0 || txid == (uint32_t)-1);
148c5f43SAlan Wright
148c5f43SAlan Wright	txid_ret = txid;
148c5f43SAlan Wright	(void) mutex_unlock(&txmutex);
148c5f43SAlan Wright
148c5f43SAlan Wright	return (txid_ret);
148c5f43SAlan Wright}