smb_sam.c revision 9fb67ea305c66b6a297583b9b0db6796b0dfe497
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * CDDL HEADER START
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * The contents of this file are subject to the terms of the
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Common Development and Distribution License (the "License").
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * You may not use this file except in compliance with the License.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * See the License for the specific language governing permissions
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * and limitations under the License.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * When distributing Covered Code, include this CDDL HEADER in each
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If applicable, add the following below this CDDL HEADER, with the
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * fields enclosed by brackets "[]" replaced with your own identifying
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * information: Portions Copyright [yyyy] [name of copyright owner]
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * CDDL HEADER END
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Use is subject to license terms.
7f667e74610492ddbce8ce60f52ece95d2401949jose borregoextern int smb_pwd_num(void);
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United Statesextern int smb_lgrp_numbydomain(smb_domain_type_t, int *);
7f667e74610492ddbce8ce60f52ece95d2401949jose borregostatic uint32_t smb_sam_lookup_user(char *, smb_sid_t **);
7f667e74610492ddbce8ce60f52ece95d2401949jose borregostatic uint32_t smb_sam_lookup_group(char *, smb_sid_t **);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Local well-known accounts data structure table and prototypes
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrighttypedef struct smb_lwka {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright { 520, "Global Policy Creator Owners", SidTypeGroup },
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_LWKA_NUM (sizeof (lwka_tbl)/sizeof (lwka_tbl[0]))
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic smb_lwka_t *smb_lwka_lookup_sid(smb_sid_t *);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Looks up the given name in local account databases:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * SMB Local users are looked up in /var/smb/smbpasswd
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * SMB Local groups are looked up in /var/smb/smbgroup.db
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If the account is found, its information is populated
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * in the passed smb_account_t structure. Caller must free
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * allocated memories by calling smb_account_free() upon
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * successful return.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * The type of account is specified by 'type', which can be user,
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * alias (local group) or unknown. If the caller doesn't know
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * whether the name is a user or group name then SidTypeUnknown
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * should be passed.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If a local user and group have the same name, the user will
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * always be picked. Note that this situation cannot happen on
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Windows systems.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If a SMB local user/group is found but it turns out that
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * it'll be mapped to a domain user/group the lookup is considered
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * failed and NT_STATUS_NONE_MAPPED is returned.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Return status:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * NT_STATUS_NOT_FOUND This is not a local account
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * NT_STATUS_NONE_MAPPED It's a local account but cannot be
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * translated.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * other error status codes.
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_lookup_name(char *domain, char *name, uint16_t type,
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego /* Only Netbios hostname is accepted */
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown if (smb_strcasecmp(domain, di.di_nbname, 0) != 0)
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright if (!smb_domain_lookup_type(SMB_DOMAIN_LOCAL, &di))
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown if (smb_strcasecmp(name, di.di_nbname, 0) == 0) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright /* This is the local domain name */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright if ((lwka = smb_lwka_lookup_name(name)) != NULL) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright sid = smb_sid_splice(di.di_binsid, lwka->lwka_rid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego account->a_domsid = smb_sid_split(sid, &account->a_rid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Looks up the given SID in local account databases:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * SMB Local users are looked up in /var/smb/smbpasswd
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * SMB Local groups are looked up in /var/smb/smbgroup.db
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If the account is found, its information is populated
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * in the passed smb_account_t structure. Caller must free
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * allocated memories by calling smb_account_free() upon
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * successful return.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Return status:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * NT_STATUS_NOT_FOUND This is not a local account
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * NT_STATUS_NONE_MAPPED It's a local account but cannot be
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * translated.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * other error status codes.
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_lookup_sid(smb_sid_t *sid, smb_account_t *account)
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright if (!smb_domain_lookup_type(SMB_DOMAIN_LOCAL, &di))
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright /* This is the local domain SID */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright /* This is not a local SID */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright if ((lwka = smb_lwka_lookup_sid(sid)) != NULL) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright if (smb_idmap_getid(sid, &id, &id_type) != IDMAP_SUCCESS)
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States rc = smb_lgrp_getbyrid(rid, SMB_DOMAIN_LOCAL, &grp);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego if (smb_getnetbiosname(hostname, MAXHOSTNAMELEN) == 0)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego account->a_domsid = smb_sid_split(sid, &account->a_rid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Returns number of SMB users, i.e. users who have entry
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Returns a list of local groups which the given user is
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * their member. A pointer to an array of smb_ids_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * structure is returned which must be freed by caller.
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_usr_groups(smb_sid_t *user_sid, smb_ids_t *gids)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego if (smb_lgrp_iteropen(&gi) != SMB_LGRP_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego while (smb_lgrp_iterate(&gi, &lgrp) == SMB_LGRP_SUCCESS) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego gids->i_ids = realloc(gids->i_ids, total_cnt * sizeof (smb_id_t));
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego if (smb_lgrp_iteropen(&gi) != SMB_LGRP_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego while (smb_lgrp_iterate(&gi, &lgrp) == SMB_LGRP_SUCCESS) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Returns the number of built-in or local groups stored
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States rc = smb_lgrp_numbydomain(SMB_DOMAIN_BUILTIN, &grpcnt);
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States rc = smb_lgrp_numbydomain(SMB_DOMAIN_LOCAL, &grpcnt);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego return ((rc == SMB_LGRP_SUCCESS) ? grpcnt : 0);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Determines whether the given SID is a member of the group
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * specified by gname.
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_grp_ismember(const char *gname, smb_sid_t *sid)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego if (smb_lgrp_getbyname((char *)gname, &grp) == SMB_LGRP_SUCCESS) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Frees memories allocated for the passed account fields.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Validates the given account.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego return ((account->a_name != NULL) && (account->a_sid != NULL) &&
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego (account->a_domain != NULL) && (account->a_domsid != NULL));
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Lookup local SMB user account database (/var/smb/smbpasswd)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * if there's a match query its SID from idmap service and make
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * sure the SID is a local SID.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * The memory for the returned SID must be freed by the caller.
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_lookup_user(char *name, smb_sid_t **sid)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego if (smb_idmap_getsid(smbpw.pw_uid, SMB_IDMAP_USER, sid)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Lookup local SMB group account database (/var/smb/smbgroup.db)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * The memory for the returned SID must be freed by the caller.
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_sam_lookup_group(char *name, smb_sid_t **sid)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego if (smb_lgrp_getbyname(name, &grp) != SMB_LGRP_SUCCESS)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego return ((*sid == NULL) ? NT_STATUS_NO_MEMORY : NT_STATUS_SUCCESS);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright for (i = 0; i < SMB_LWKA_NUM; i++) {
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown if (smb_strcasecmp(name, lwka_tbl[i].lwka_name, 0) == 0)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright return (&lwka_tbl[i]);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright for (i = 0; i < SMB_LWKA_NUM; i++) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright return (&lwka_tbl[i]);