libsmb/common/smb_sam.c

7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * CDDL HEADER START
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * The contents of this file are subject to the terms of the
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Common Development and Distribution License (the "License").
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * You may not use this file except in compliance with the License.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * or http://www.opensolaris.org/os/licensing.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * See the License for the specific language governing permissions
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * and limitations under the License.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * When distributing Covered Code, include this CDDL HEADER in each
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If applicable, add the following below this CDDL HEADER, with the
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * fields enclosed by brackets "[]" replaced with your own identifying
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * information: Portions Copyright [yyyy] [name of copyright owner]
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * CDDL HEADER END
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Use is subject to license terms.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Copyright 2013 Nexenta Systems, Inc.  All rights reserved.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego#include <strings.h>
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego#include <smbsrv/libsmb.h>
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borregoextern int smb_pwd_num(void);
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United Statesextern int smb_lgrp_numbydomain(smb_domain_type_t, int *);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borregostatic uint32_t smb_sam_lookup_user(char *, smb_sid_t **);
7f667e74610492ddbce8ce60f52ece95d2401949jose borregostatic uint32_t smb_sam_lookup_group(char *, smb_sid_t **);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Local well-known accounts data structure table and prototypes
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrighttypedef struct smb_lwka {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    uint32_t    lwka_rid;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    char        *lwka_name;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    uint16_t    lwka_type;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright} smb_lwka_t;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic smb_lwka_t lwka_tbl[] = {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    { 500, "Administrator", SidTypeUser },
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    { 501, "Guest", SidTypeUser },
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    { 502, "KRBTGT", SidTypeUser },
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    { 512, "Domain Admins", SidTypeGroup },
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    { 513, "Domain Users", SidTypeGroup },
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    { 514, "Domain Guests", SidTypeGroup },
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    { 516, "Domain Controllers", SidTypeGroup },
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    { 517, "Cert Publishers", SidTypeGroup },
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    { 518, "Schema Admins", SidTypeGroup },
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    { 519, "Enterprise Admins", SidTypeGroup },
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    { 520, "Global Policy Creator Owners", SidTypeGroup },
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    { 533, "RAS and IAS Servers", SidTypeGroup }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright};
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_LWKA_NUM    (sizeof (lwka_tbl)/sizeof (lwka_tbl[0]))
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic smb_lwka_t *smb_lwka_lookup_name(char *);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic smb_lwka_t *smb_lwka_lookup_sid(smb_sid_t *);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Looks up the given name in local account databases:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * SMB Local users are looked up in /var/smb/smbpasswd
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * SMB Local groups are looked up in /var/smb/smbgroup.db
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If the account is found, its information is populated
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * in the passed smb_account_t structure. Caller must free
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * allocated memories by calling smb_account_free() upon
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * successful return.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * The type of account is specified by 'type', which can be user,
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * alias (local group) or unknown. If the caller doesn't know
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * whether the name is a user or group name then SidTypeUnknown
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * should be passed.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If a local user and group have the same name, the user will
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * always be picked. Note that this situation cannot happen on
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Windows systems.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If a SMB local user/group is found but it turns out that
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * it'll be mapped to a domain user/group the lookup is considered
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * failed and NT_STATUS_NONE_MAPPED is returned.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Return status:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *   NT_STATUS_NOT_FOUND    This is not a local account
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *   NT_STATUS_NONE_MAPPED  It's a local account but cannot be
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *                  translated.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *   other error status codes.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borregouint32_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_lookup_name(char *domain, char *name, uint16_t type,
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_account_t *account)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego{
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_domain_t di;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_sid_t *sid;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    uint32_t status;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    smb_lwka_t *lwka;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    bzero(account, sizeof (smb_account_t));
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (domain != NULL) {
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright        if (!smb_domain_lookup_name(domain, &di) ||
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright            (di.di_type != SMB_DOMAIN_LOCAL))
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            return (NT_STATUS_NOT_FOUND);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        /* Only Netbios hostname is accepted */
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown        if (smb_strcasecmp(domain, di.di_nbname, 0) != 0)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            return (NT_STATUS_NONE_MAPPED);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    } else {
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright        if (!smb_domain_lookup_type(SMB_DOMAIN_LOCAL, &di))
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown    if (smb_strcasecmp(name, di.di_nbname, 0) == 0) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        /* This is the local domain name */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        account->a_type = SidTypeDomain;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        account->a_name = strdup("");
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        account->a_domain = strdup(di.di_nbname);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        account->a_sid = smb_sid_dup(di.di_binsid);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        account->a_domsid = smb_sid_dup(di.di_binsid);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        account->a_rid = (uint32_t)-1;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        if (!smb_account_validate(account)) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            smb_account_free(account);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            return (NT_STATUS_NO_MEMORY);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        return (NT_STATUS_SUCCESS);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if ((lwka = smb_lwka_lookup_name(name)) != NULL) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        sid = smb_sid_splice(di.di_binsid, lwka->lwka_rid);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        type = lwka->lwka_type;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    } else {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        switch (type) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        case SidTypeUser:
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            status = smb_sam_lookup_user(name, &sid);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            if (status != NT_STATUS_SUCCESS)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                return (status);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            break;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        case SidTypeAlias:
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            status = smb_sam_lookup_group(name, &sid);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            if (status != NT_STATUS_SUCCESS)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                return (status);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            break;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        case SidTypeUnknown:
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            type = SidTypeUser;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            status = smb_sam_lookup_user(name, &sid);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            if (status == NT_STATUS_SUCCESS)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                break;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            if (status == NT_STATUS_NONE_MAPPED)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                return (status);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            type = SidTypeAlias;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            status = smb_sam_lookup_group(name, &sid);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            if (status != NT_STATUS_SUCCESS)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                return (status);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            break;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        default:
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            return (NT_STATUS_INVALID_PARAMETER);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    account->a_name = strdup(name);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    account->a_sid = sid;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    account->a_domain = strdup(di.di_nbname);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    account->a_domsid = smb_sid_split(sid, &account->a_rid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    account->a_type = type;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (!smb_account_validate(account)) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        smb_account_free(account);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_NO_MEMORY);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    return (NT_STATUS_SUCCESS);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego}
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Looks up the given SID in local account databases:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * SMB Local users are looked up in /var/smb/smbpasswd
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * SMB Local groups are looked up in /var/smb/smbgroup.db
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If the account is found, its information is populated
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * in the passed smb_account_t structure. Caller must free
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * allocated memories by calling smb_account_free() upon
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * successful return.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Return status:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *   NT_STATUS_NOT_FOUND    This is not a local account
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *   NT_STATUS_NONE_MAPPED  It's a local account but cannot be
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *                  translated.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *   other error status codes.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borregouint32_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_lookup_sid(smb_sid_t *sid, smb_account_t *account)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego{
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    char hostname[MAXHOSTNAMELEN];
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_passwd_t smbpw;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_group_t grp;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    smb_lwka_t *lwka;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_domain_t di;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    uint32_t rid;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    uid_t id;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    int id_type;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    int rc;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    bzero(account, sizeof (smb_account_t));
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    if (!smb_domain_lookup_type(SMB_DOMAIN_LOCAL, &di))
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (smb_sid_cmp(sid, di.di_binsid)) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        /* This is the local domain SID */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        account->a_type = SidTypeDomain;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        account->a_name = strdup("");
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        account->a_domain = strdup(di.di_nbname);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        account->a_sid = smb_sid_dup(sid);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        account->a_domsid = smb_sid_dup(sid);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        account->a_rid = (uint32_t)-1;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        if (!smb_account_validate(account)) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            smb_account_free(account);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            return (NT_STATUS_NO_MEMORY);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        return (NT_STATUS_SUCCESS);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (!smb_sid_indomain(di.di_binsid, sid)) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        /* This is not a local SID */
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_NOT_FOUND);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if ((lwka = smb_lwka_lookup_sid(sid)) != NULL) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        account->a_type = lwka->lwka_type;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        account->a_name = strdup(lwka->lwka_name);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    } else {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        id_type = SMB_IDMAP_UNKNOWN;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        if (smb_idmap_getid(sid, &id, &id_type) != IDMAP_SUCCESS)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            return (NT_STATUS_NONE_MAPPED);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        switch (id_type) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        case SMB_IDMAP_USER:
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            account->a_type = SidTypeUser;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            if (smb_pwd_getpwuid(id, &smbpw) == NULL)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                return (NT_STATUS_NO_SUCH_USER);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            account->a_name = strdup(smbpw.pw_name);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            break;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        case SMB_IDMAP_GROUP:
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            account->a_type = SidTypeAlias;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            (void) smb_sid_getrid(sid, &rid);
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States            rc = smb_lgrp_getbyrid(rid, SMB_DOMAIN_LOCAL, &grp);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            if (rc != SMB_LGRP_SUCCESS)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                return (NT_STATUS_NO_SUCH_ALIAS);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            account->a_name = strdup(grp.sg_name);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            smb_lgrp_free(&grp);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            break;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        default:
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            return (NT_STATUS_NONE_MAPPED);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (smb_getnetbiosname(hostname, MAXHOSTNAMELEN) == 0)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        account->a_domain = strdup(hostname);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    account->a_sid = smb_sid_dup(sid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    account->a_domsid = smb_sid_split(sid, &account->a_rid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (!smb_account_validate(account)) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        smb_account_free(account);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_NO_MEMORY);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    return (NT_STATUS_SUCCESS);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego}
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Returns number of SMB users, i.e. users who have entry
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * in /var/smb/smbpasswd
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borregoint
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_usr_cnt(void)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego{
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    return (smb_pwd_num());
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego}
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross * Updates a list of groups in which the given user is a member
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross * by adding any local (SAM) groups.
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross *
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross * We are a member of local groups where the local group
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross * contains either the user's primary SID, or any of their
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross * other SIDs such as from domain groups, SID history, etc.
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross * We can have indirect membership via domain groups.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borregouint32_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_usr_groups(smb_sid_t *user_sid, smb_ids_t *gids)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego{
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    smb_ids_t new_gids;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    smb_id_t *ids, *new_ids;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_giter_t gi;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_group_t lgrp;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    int i, gcnt, total_cnt;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    uint32_t ret;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    boolean_t member;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    /*
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross     * First pass: count groups to be added (gcnt)
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross     */
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    gcnt = 0;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (smb_lgrp_iteropen(&gi) != SMB_LGRP_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_INTERNAL_ERROR);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    while (smb_lgrp_iterate(&gi, &lgrp) == SMB_LGRP_SUCCESS) {
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross        member = B_FALSE;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        if (smb_lgrp_is_member(&lgrp, user_sid))
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross            member = B_TRUE;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross        else for (i = 0, ids = gids->i_ids;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross            i < gids->i_cnt; i++, ids++) {
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross            if (smb_lgrp_is_member(&lgrp, ids->i_sid)) {
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross                member = B_TRUE;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross                break;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross            }
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross        }
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross        /* Careful: only count lgrp once */
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross        if (member)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            gcnt++;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        smb_lgrp_free(&lgrp);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_lgrp_iterclose(&gi);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (gcnt == 0)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_SUCCESS);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    /*
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross     * Second pass: add to groups list.
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross     * Do not modify gcnt after here.
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross     */
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (smb_lgrp_iteropen(&gi) != SMB_LGRP_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_INTERNAL_ERROR);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    /*
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross     * Expand the list (copy to a new, larger one)
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross     * Note: were're copying pointers from the old
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross     * array to the new (larger) array, and then
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross     * adding new pointers after what we copied.
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross     */
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    ret = 0;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    new_gids.i_cnt = gids->i_cnt;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    total_cnt = gids->i_cnt + gcnt;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    new_gids.i_ids = malloc(total_cnt * sizeof (smb_id_t));
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    if (new_gids.i_ids == NULL) {
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross        ret = NT_STATUS_NO_MEMORY;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross        goto out;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    }
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    (void) memcpy(new_gids.i_ids, gids->i_ids,
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross        gids->i_cnt * sizeof (smb_id_t));
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    new_ids = new_gids.i_ids + gids->i_cnt;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    (void) memset(new_ids, 0, gcnt * sizeof (smb_id_t));
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    /*
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross     * Add group SIDs starting at the end of the
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross     * previous list.  (new_ids)
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross     */
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    while (smb_lgrp_iterate(&gi, &lgrp) == SMB_LGRP_SUCCESS) {
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross        member = B_FALSE;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross        if (smb_lgrp_is_member(&lgrp, user_sid))
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross            member = B_TRUE;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross        else for (i = 0, ids = gids->i_ids;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross            i < gids->i_cnt; i++, ids++) {
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross            if (smb_lgrp_is_member(&lgrp, ids->i_sid)) {
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross                member = B_TRUE;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross                break;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross            }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        }
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross        if (member && (new_gids.i_cnt < (gids->i_cnt + gcnt))) {
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross            new_ids->i_sid = smb_sid_dup(lgrp.sg_id.gs_sid);
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross            if (new_ids->i_sid == NULL) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego                smb_lgrp_free(&lgrp);
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross                ret = NT_STATUS_NO_MEMORY;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross                goto out;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            }
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross            new_ids->i_attrs = lgrp.sg_attr;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross            new_ids++;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross            new_gids.i_cnt++;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        smb_lgrp_free(&lgrp);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Rossout:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_lgrp_iterclose(&gi);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    if (ret != 0) {
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross        if (new_gids.i_ids != NULL) {
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross            /*
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross             * Free only the new sids we added.
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross             * The old ones were copied ptrs.
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross             */
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross            ids = new_gids.i_ids + gids->i_cnt;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross            for (i = 0; i < gcnt; i++, ids++) {
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross                smb_sid_free(ids->i_sid);
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross            }
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross            free(new_gids.i_ids);
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross        }
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross        return (ret);
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    }
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    /*
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross     * Success! Update passed gids and
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross     * free the old array.
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross     */
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    free(gids->i_ids);
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross    *gids = new_gids;
36a00406f380da1f3fd86e1a6af2de4d9f64633cGordon Ross
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    return (NT_STATUS_SUCCESS);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego}
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Returns the number of built-in or local groups stored
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * in /var/smb/smbgroup.db
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borregoint
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wrightsmb_sam_grp_cnt(smb_domain_type_t dtype)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego{
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    int grpcnt;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    int rc;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    switch (dtype) {
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    case SMB_DOMAIN_BUILTIN:
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States        rc = smb_lgrp_numbydomain(SMB_DOMAIN_BUILTIN, &grpcnt);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        break;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    case SMB_DOMAIN_LOCAL:
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States        rc = smb_lgrp_numbydomain(SMB_DOMAIN_LOCAL, &grpcnt);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        break;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    default:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        rc = SMB_LGRP_INVALID_ARG;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    return ((rc == SMB_LGRP_SUCCESS) ? grpcnt : 0);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego}
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Determines whether the given SID is a member of the group
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * specified by gname.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borregoboolean_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_grp_ismember(const char *gname, smb_sid_t *sid)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego{
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_group_t grp;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    boolean_t ismember = B_FALSE;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (smb_lgrp_getbyname((char *)gname, &grp) == SMB_LGRP_SUCCESS) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        ismember = smb_lgrp_is_member(&grp, sid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        smb_lgrp_free(&grp);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    return (ismember);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego}
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Frees memories allocated for the passed account fields.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borregovoid
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_account_free(smb_account_t *account)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego{
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    free(account->a_name);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    free(account->a_domain);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_sid_free(account->a_sid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_sid_free(account->a_domsid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego}
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Validates the given account.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borregoboolean_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_account_validate(smb_account_t *account)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego{
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    return ((account->a_name != NULL) && (account->a_sid != NULL) &&
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        (account->a_domain != NULL) && (account->a_domsid != NULL));
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego}
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Lookup local SMB user account database (/var/smb/smbpasswd)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * if there's a match query its SID from idmap service and make
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * sure the SID is a local SID.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * The memory for the returned SID must be freed by the caller.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borregostatic uint32_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_lookup_user(char *name, smb_sid_t **sid)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego{
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_passwd_t smbpw;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (smb_pwd_getpwnam(name, &smbpw) == NULL)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_NO_SUCH_USER);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (smb_idmap_getsid(smbpw.pw_uid, SMB_IDMAP_USER, sid)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        != IDMAP_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_NONE_MAPPED);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (!smb_sid_islocal(*sid)) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        smb_sid_free(*sid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_NONE_MAPPED);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    return (NT_STATUS_SUCCESS);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego}
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Lookup local SMB group account database (/var/smb/smbgroup.db)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * The memory for the returned SID must be freed by the caller.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borregostatic uint32_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_lookup_group(char *name, smb_sid_t **sid)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego{
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_group_t grp;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (smb_lgrp_getbyname(name, &grp) != SMB_LGRP_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_NO_SUCH_ALIAS);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    *sid = smb_sid_dup(grp.sg_id.gs_sid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_lgrp_free(&grp);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    return ((*sid == NULL) ? NT_STATUS_NO_MEMORY : NT_STATUS_SUCCESS);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego}
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic smb_lwka_t *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_lwka_lookup_name(char *name)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright{
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    int i;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    for (i = 0; i < SMB_LWKA_NUM; i++) {
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown        if (smb_strcasecmp(name, lwka_tbl[i].lwka_name, 0) == 0)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            return (&lwka_tbl[i]);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    return (NULL);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright}
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic smb_lwka_t *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_lwka_lookup_sid(smb_sid_t *sid)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright{
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    uint32_t rid;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    int i;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    (void) smb_sid_getrid(sid, &rid);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (rid > 999)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        return (NULL);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    for (i = 0; i < SMB_LWKA_NUM; i++) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        if (rid == lwka_tbl[i].lwka_rid)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            return (&lwka_tbl[i]);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    return (NULL);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright}
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * smb_sid_islocal
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Check a SID to see if it belongs to the local domain.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rossboolean_t
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rosssmb_sid_islocal(smb_sid_t *sid)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross{
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    smb_domain_t di;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    boolean_t islocal = B_FALSE;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    if (smb_domain_lookup_type(SMB_DOMAIN_LOCAL, &di))
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        islocal = smb_sid_indomain(di.di_binsid, sid);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    return (islocal);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross}
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rossvoid
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rosssmb_ids_free(smb_ids_t *ids)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross{
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    smb_id_t *id;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    int i;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    if ((ids != NULL) && (ids->i_ids != NULL)) {
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        id = ids->i_ids;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        for (i = 0; i < ids->i_cnt; i++, id++)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            smb_sid_free(id->i_sid);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        free(ids->i_ids);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    }
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross}