libsmb/common/smb_sam.c

	smb_sam.c revision 7f667e74610492ddbce8ce60f52ece95d2401949
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * CDDL HEADER START
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * The contents of this file are subject to the terms of the
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Common Development and Distribution License (the "License").
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * You may not use this file except in compliance with the License.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * or http://www.opensolaris.org/os/licensing.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * See the License for the specific language governing permissions
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * and limitations under the License.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * When distributing Covered Code, include this CDDL HEADER in each
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If applicable, add the following below this CDDL HEADER, with the
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * fields enclosed by brackets "[]" replaced with your own identifying
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * information: Portions Copyright [yyyy] [name of copyright owner]
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * CDDL HEADER END
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Use is subject to license terms.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego#include <strings.h>
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego#include <smbsrv/libsmb.h>
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borregoextern int smb_pwd_num(void);
7f667e74610492ddbce8ce60f52ece95d2401949jose borregoextern int smb_lgrp_numbydomain(smb_gdomain_t, int *);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borregostatic uint32_t smb_sam_lookup_user(char *, smb_sid_t **);
7f667e74610492ddbce8ce60f52ece95d2401949jose borregostatic uint32_t smb_sam_lookup_group(char *, smb_sid_t **);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Looks up the given name in local account databases:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * SMB Local users are looked up in /var/smb/smbpasswd
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * SMB Local groups are looked up in /var/smb/smbgroup.db
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If the account is found, its information is populated
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * in the passed smb_account_t structure. Caller must free
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * allocated memories by calling smb_account_free() upon
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * successful return.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * The type of account is specified by 'type', which can be user,
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * alias (local group) or unknown. If the caller doesn't know
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * whether the name is a user or group name then SidTypeUnknown
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * should be passed.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If a local user and group have the same name, the user will
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * always be picked. Note that this situation cannot happen on
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Windows systems.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If a SMB local user/group is found but it turns out that
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * it'll be mapped to a domain user/group the lookup is considered
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * failed and NT_STATUS_NONE_MAPPED is returned.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Return status:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *   NT_STATUS_NOT_FOUND    This is not a local account
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *   NT_STATUS_NONE_MAPPED  It's a local account but cannot be
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *                  translated.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *   other error status codes.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borregouint32_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_lookup_name(char *domain, char *name, uint16_t type,
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_account_t *account)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego{
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    char hostname[MAXHOSTNAMELEN];
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_sid_t *sid;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    uint32_t status;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    bzero(account, sizeof (smb_account_t));
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    (void) smb_getnetbiosname(hostname, sizeof (hostname));
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (domain != NULL) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        if (!smb_ishostname(domain))
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            return (NT_STATUS_NOT_FOUND);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        /* Only Netbios hostname is accepted */
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        if (utf8_strcasecmp(domain, hostname) != 0)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            return (NT_STATUS_NONE_MAPPED);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    switch (type) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    case SidTypeUser:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        status = smb_sam_lookup_user(name, &sid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        if (status != NT_STATUS_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            return (status);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        break;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    case SidTypeAlias:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        status = smb_sam_lookup_group(name, &sid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        if (status != NT_STATUS_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            return (status);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        break;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    case SidTypeUnknown:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        type = SidTypeUser;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        status = smb_sam_lookup_user(name, &sid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        if (status == NT_STATUS_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            break;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        if (status == NT_STATUS_NONE_MAPPED)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            return (status);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        type = SidTypeAlias;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        status = smb_sam_lookup_group(name, &sid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        if (status != NT_STATUS_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            return (status);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        break;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    default:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_INVALID_PARAMETER);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    account->a_name = strdup(name);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    account->a_sid = sid;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    account->a_domain = strdup(hostname);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    account->a_domsid = smb_sid_split(sid, &account->a_rid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    account->a_type = type;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (!smb_account_validate(account)) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        smb_account_free(account);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_NO_MEMORY);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    return (NT_STATUS_SUCCESS);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego}
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Looks up the given SID in local account databases:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * SMB Local users are looked up in /var/smb/smbpasswd
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * SMB Local groups are looked up in /var/smb/smbgroup.db
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If the account is found, its information is populated
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * in the passed smb_account_t structure. Caller must free
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * allocated memories by calling smb_account_free() upon
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * successful return.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Return status:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *   NT_STATUS_NOT_FOUND    This is not a local account
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *   NT_STATUS_NONE_MAPPED  It's a local account but cannot be
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *                  translated.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *   other error status codes.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borregouint32_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_lookup_sid(smb_sid_t *sid, smb_account_t *account)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego{
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    char hostname[MAXHOSTNAMELEN];
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_passwd_t smbpw;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_group_t grp;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    uint32_t rid;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    uid_t id;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    int id_type;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    int rc;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    bzero(account, sizeof (smb_account_t));
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (!smb_sid_islocal(sid))
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_NOT_FOUND);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    id_type = SMB_IDMAP_UNKNOWN;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (smb_idmap_getid(sid, &id, &id_type) != IDMAP_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_NONE_MAPPED);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    switch (id_type) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    case SMB_IDMAP_USER:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        account->a_type = SidTypeUser;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        if (smb_pwd_getpwuid(id, &smbpw) == NULL)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            return (NT_STATUS_NO_SUCH_USER);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        account->a_name = strdup(smbpw.pw_name);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        break;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    case SMB_IDMAP_GROUP:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        account->a_type = SidTypeAlias;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        (void) smb_sid_getrid(sid, &rid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        rc = smb_lgrp_getbyrid(rid, SMB_LGRP_LOCAL, &grp);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        if (rc != SMB_LGRP_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            return (NT_STATUS_NO_SUCH_ALIAS);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        account->a_name = strdup(grp.sg_name);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        smb_lgrp_free(&grp);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        break;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    default:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_NONE_MAPPED);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (smb_getnetbiosname(hostname, MAXHOSTNAMELEN) == 0)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        account->a_domain = strdup(hostname);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    account->a_sid = smb_sid_dup(sid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    account->a_domsid = smb_sid_split(sid, &account->a_rid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (!smb_account_validate(account)) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        smb_account_free(account);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_NO_MEMORY);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    return (NT_STATUS_SUCCESS);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego}
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Returns number of SMB users, i.e. users who have entry
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * in /var/smb/smbpasswd
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borregoint
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_usr_cnt(void)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego{
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    return (smb_pwd_num());
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego}
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Returns a list of local groups which the given user is
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * their member. A pointer to an array of smb_ids_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * structure is returned which must be freed by caller.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borregouint32_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_usr_groups(smb_sid_t *user_sid, smb_ids_t *gids)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego{
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_id_t *ids;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_giter_t gi;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_group_t lgrp;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    int total_cnt, gcnt;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    gcnt = 0;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (smb_lgrp_iteropen(&gi) != SMB_LGRP_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_INTERNAL_ERROR);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    while (smb_lgrp_iterate(&gi, &lgrp) == SMB_LGRP_SUCCESS) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        if (smb_lgrp_is_member(&lgrp, user_sid))
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            gcnt++;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        smb_lgrp_free(&lgrp);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_lgrp_iterclose(&gi);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (gcnt == 0)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_SUCCESS);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    total_cnt = gids->i_cnt + gcnt;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    gids->i_ids = realloc(gids->i_ids, total_cnt * sizeof (smb_id_t));
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (gids->i_ids == NULL)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_NO_MEMORY);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (smb_lgrp_iteropen(&gi) != SMB_LGRP_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_INTERNAL_ERROR);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    ids = gids->i_ids + gids->i_cnt;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    while (smb_lgrp_iterate(&gi, &lgrp) == SMB_LGRP_SUCCESS) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        if (gcnt == 0) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            smb_lgrp_free(&lgrp);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            break;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        if (smb_lgrp_is_member(&lgrp, user_sid)) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            ids->i_sid = smb_sid_dup(lgrp.sg_id.gs_sid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            if (ids->i_sid == NULL) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego                smb_lgrp_free(&lgrp);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego                return (NT_STATUS_NO_MEMORY);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            ids->i_attrs = lgrp.sg_attr;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            gids->i_cnt++;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            gcnt--;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            ids++;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        smb_lgrp_free(&lgrp);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_lgrp_iterclose(&gi);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    return (NT_STATUS_SUCCESS);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego}
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Returns the number of built-in or local groups stored
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * in /var/smb/smbgroup.db
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borregoint
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_grp_cnt(nt_domain_type_t dtype)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego{
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    int grpcnt;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    int rc;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    switch (dtype) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    case NT_DOMAIN_BUILTIN:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        rc = smb_lgrp_numbydomain(SMB_LGRP_BUILTIN, &grpcnt);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        break;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    case NT_DOMAIN_LOCAL:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        rc = smb_lgrp_numbydomain(SMB_LGRP_LOCAL, &grpcnt);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        break;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    default:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        rc = SMB_LGRP_INVALID_ARG;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    return ((rc == SMB_LGRP_SUCCESS) ? grpcnt : 0);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego}
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Determines whether the given SID is a member of the group
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * specified by gname.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borregoboolean_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_grp_ismember(const char *gname, smb_sid_t *sid)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego{
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_group_t grp;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    boolean_t ismember = B_FALSE;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (smb_lgrp_getbyname((char *)gname, &grp) == SMB_LGRP_SUCCESS) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        ismember = smb_lgrp_is_member(&grp, sid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        smb_lgrp_free(&grp);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    return (ismember);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego}
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Frees memories allocated for the passed account fields.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borregovoid
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_account_free(smb_account_t *account)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego{
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    free(account->a_name);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    free(account->a_domain);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_sid_free(account->a_sid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_sid_free(account->a_domsid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego}
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Validates the given account.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borregoboolean_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_account_validate(smb_account_t *account)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego{
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    return ((account->a_name != NULL) && (account->a_sid != NULL) &&
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        (account->a_domain != NULL) && (account->a_domsid != NULL));
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego}
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Lookup local SMB user account database (/var/smb/smbpasswd)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * if there's a match query its SID from idmap service and make
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * sure the SID is a local SID.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * The memory for the returned SID must be freed by the caller.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borregostatic uint32_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_lookup_user(char *name, smb_sid_t **sid)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego{
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_passwd_t smbpw;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (smb_pwd_getpwnam(name, &smbpw) == NULL)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_NO_SUCH_USER);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (smb_idmap_getsid(smbpw.pw_uid, SMB_IDMAP_USER, sid)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        != IDMAP_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_NONE_MAPPED);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (!smb_sid_islocal(*sid)) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        smb_sid_free(*sid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_NONE_MAPPED);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    return (NT_STATUS_SUCCESS);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego}
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Lookup local SMB group account database (/var/smb/smbgroup.db)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * The memory for the returned SID must be freed by the caller.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
7f667e74610492ddbce8ce60f52ece95d2401949jose borregostatic uint32_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_lookup_group(char *name, smb_sid_t **sid)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego{
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_group_t grp;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (smb_lgrp_getbyname(name, &grp) != SMB_LGRP_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_NO_SUCH_ALIAS);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    *sid = smb_sid_dup(grp.sg_id.gs_sid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_lgrp_free(&grp);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    return ((*sid == NULL) ? NT_STATUS_NO_MEMORY : NT_STATUS_SUCCESS);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego}