smb_sam.c revision 7f667e74610492ddbce8ce60f52ece95d2401949
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * CDDL HEADER START
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * The contents of this file are subject to the terms of the
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Common Development and Distribution License (the "License").
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * You may not use this file except in compliance with the License.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * See the License for the specific language governing permissions
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * and limitations under the License.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * When distributing Covered Code, include this CDDL HEADER in each
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If applicable, add the following below this CDDL HEADER, with the
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * fields enclosed by brackets "[]" replaced with your own identifying
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * information: Portions Copyright [yyyy] [name of copyright owner]
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * CDDL HEADER END
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Use is subject to license terms.
7f667e74610492ddbce8ce60f52ece95d2401949jose borregoextern int smb_pwd_num(void);
7f667e74610492ddbce8ce60f52ece95d2401949jose borregoextern int smb_lgrp_numbydomain(smb_gdomain_t, int *);
7f667e74610492ddbce8ce60f52ece95d2401949jose borregostatic uint32_t smb_sam_lookup_user(char *, smb_sid_t **);
7f667e74610492ddbce8ce60f52ece95d2401949jose borregostatic uint32_t smb_sam_lookup_group(char *, smb_sid_t **);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Looks up the given name in local account databases:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * SMB Local users are looked up in /var/smb/smbpasswd
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * SMB Local groups are looked up in /var/smb/smbgroup.db
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If the account is found, its information is populated
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * in the passed smb_account_t structure. Caller must free
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * allocated memories by calling smb_account_free() upon
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * successful return.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * The type of account is specified by 'type', which can be user,
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * alias (local group) or unknown. If the caller doesn't know
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * whether the name is a user or group name then SidTypeUnknown
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * should be passed.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If a local user and group have the same name, the user will
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * always be picked. Note that this situation cannot happen on
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Windows systems.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If a SMB local user/group is found but it turns out that
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * it'll be mapped to a domain user/group the lookup is considered
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * failed and NT_STATUS_NONE_MAPPED is returned.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Return status:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * NT_STATUS_NOT_FOUND This is not a local account
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * NT_STATUS_NONE_MAPPED It's a local account but cannot be
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * translated.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * other error status codes.
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_lookup_name(char *domain, char *name, uint16_t type,
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego (void) smb_getnetbiosname(hostname, sizeof (hostname));
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego /* Only Netbios hostname is accepted */
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego account->a_domsid = smb_sid_split(sid, &account->a_rid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Looks up the given SID in local account databases:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * SMB Local users are looked up in /var/smb/smbpasswd
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * SMB Local groups are looked up in /var/smb/smbgroup.db
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If the account is found, its information is populated
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * in the passed smb_account_t structure. Caller must free
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * allocated memories by calling smb_account_free() upon
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * successful return.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Return status:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * NT_STATUS_NOT_FOUND This is not a local account
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * NT_STATUS_NONE_MAPPED It's a local account but cannot be
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * translated.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * other error status codes.
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_lookup_sid(smb_sid_t *sid, smb_account_t *account)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego if (smb_idmap_getid(sid, &id, &id_type) != IDMAP_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego rc = smb_lgrp_getbyrid(rid, SMB_LGRP_LOCAL, &grp);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego if (smb_getnetbiosname(hostname, MAXHOSTNAMELEN) == 0)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego account->a_domsid = smb_sid_split(sid, &account->a_rid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Returns number of SMB users, i.e. users who have entry
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Returns a list of local groups which the given user is
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * their member. A pointer to an array of smb_ids_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * structure is returned which must be freed by caller.
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_usr_groups(smb_sid_t *user_sid, smb_ids_t *gids)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego if (smb_lgrp_iteropen(&gi) != SMB_LGRP_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego while (smb_lgrp_iterate(&gi, &lgrp) == SMB_LGRP_SUCCESS) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego gids->i_ids = realloc(gids->i_ids, total_cnt * sizeof (smb_id_t));
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego if (smb_lgrp_iteropen(&gi) != SMB_LGRP_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego while (smb_lgrp_iterate(&gi, &lgrp) == SMB_LGRP_SUCCESS) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Returns the number of built-in or local groups stored
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego rc = smb_lgrp_numbydomain(SMB_LGRP_BUILTIN, &grpcnt);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego rc = smb_lgrp_numbydomain(SMB_LGRP_LOCAL, &grpcnt);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego return ((rc == SMB_LGRP_SUCCESS) ? grpcnt : 0);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Determines whether the given SID is a member of the group
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * specified by gname.
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_grp_ismember(const char *gname, smb_sid_t *sid)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego if (smb_lgrp_getbyname((char *)gname, &grp) == SMB_LGRP_SUCCESS) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Frees memories allocated for the passed account fields.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Validates the given account.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego return ((account->a_name != NULL) && (account->a_sid != NULL) &&
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego (account->a_domain != NULL) && (account->a_domsid != NULL));
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Lookup local SMB user account database (/var/smb/smbpasswd)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * if there's a match query its SID from idmap service and make
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * sure the SID is a local SID.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * The memory for the returned SID must be freed by the caller.
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_lookup_user(char *name, smb_sid_t **sid)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego if (smb_idmap_getsid(smbpw.pw_uid, SMB_IDMAP_USER, sid)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Lookup local SMB group account database (/var/smb/smbgroup.db)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * The memory for the returned SID must be freed by the caller.
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_lookup_group(char *name, smb_sid_t **sid)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego if (smb_lgrp_getbyname(name, &grp) != SMB_LGRP_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego return ((*sid == NULL) ? NT_STATUS_NO_MEMORY : NT_STATUS_SUCCESS);