smb_util.c revision 148c5f43199ca0b43fc8e3b643aab11cd66ea327
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
*/
#include <ctype.h>
#include <stdio.h>
#include <stdarg.h>
#include <unistd.h>
#include <string.h>
#include <strings.h>
#include <stdlib.h>
#include <pthread.h>
#include <tiuser.h>
#include <netconfig.h>
#include <netdir.h>
#include <sys/systeminfo.h>
#include <libzfs.h>
#include <dlfcn.h>
#include <time.h>
#include <syslog.h>
#define SMB_LIB_ALT "/usr/lib/smbsrv/libsmbex.so"
#define SMB_TIMEBUF_SZ 16
#define SMB_TRACEBUF_SZ 200
#define SMB_LOG_FILE_FMT "/var/smb/%s_log.txt"
typedef struct smb_log_pri {
char *lp_name;
int lp_value;
static smb_log_pri_t smb_log_pri[] = {
"panic", LOG_EMERG,
"emerg", LOG_EMERG,
"alert", LOG_ALERT,
"crit", LOG_CRIT,
"error", LOG_ERR,
"err", LOG_ERR,
"warn", LOG_WARNING,
"warning", LOG_WARNING,
"notice", LOG_NOTICE,
"info", LOG_INFO,
"debug", LOG_DEBUG
};
static void smb_log_trace(int, const char *);
static void smb_log_dump(smb_log_t *);
extern int __multi_innetgr();
extern int __netdir_getbyaddr_nosrv(struct netconfig *,
struct nd_hostservlist **, struct netbuf *);
static smb_loglist_t smb_loglist;
#define C2H(c) "0123456789ABCDEF"[(c)]
((c) >= 'a' && (c) <= 'f') ? ((c) - 'a' + 10) : \
((c) >= 'A' && (c) <= 'F') ? ((c) - 'A' + 10) : \
'\0')
#define DEFAULT_SBOX_SIZE 256
/*
*
* hexdump
*
* Simple hex dump display function. Displays nbytes of buffer in hex and
* printable format. Non-printing characters are shown as '.'. It is safe
* to pass a null pointer. Each line begins with the offset. If nbytes is
* 0, the line will be blank except for the offset. Example output:
*
* 00000000 54 68 69 73 20 69 73 20 61 20 70 72 6F 67 72 61 This is a progra
* 00000010 6D 20 74 65 73 74 2E 00 m test..
*
*/
void
{
static char *hex = "0123456789ABCDEF";
int i, count;
int offset;
unsigned char *p;
char ascbuf[64];
char hexbuf[64];
return;
*ap = '\0';
*hp = '\0';
count = 0;
for (i = 0; i < nbytes; ++i) {
if (i && (i % 16) == 0) {
count = 0;
offset += 16;
}
(*p >= 0x20 && *p < 0x7F) ? *p : '.');
++p;
++count;
}
if (count) {
}
}
void
{
unsigned long start = 0;
}
/*
* bintohex
*
* Converts the given binary data (srcbuf) to
* its equivalent hex chars (hexbuf).
*
* hexlen should be at least twice as srclen.
* if hexbuf is not big enough returns 0.
* otherwise returns number of valid chars in
* hexbuf which is srclen * 2.
*/
{
char c;
return (0);
while (srclen-- > 0) {
c = *srcbuf++;
}
return (outlen);
}
/*
* hextobin
*
* Converts hex to binary.
*
* Assuming hexbuf only contains hex digits (chars)
* this function convert every two bytes of hexbuf
* to one byte and put it in dstbuf.
*
* hexlen should be an even number.
* dstlen should be at least half of hexlen.
*
* Returns 0 if sizes are not correct, otherwise
* returns the number of converted bytes in dstbuf
* which is half of hexlen.
*/
{
if ((hexlen % 2) != 0)
return (0);
return (0);
while (hexlen > 0) {
hexbuf++;
hexbuf++;
hexlen -= 2;
}
return (outlen);
}
/*
* Trim leading and trailing characters in the set defined by class
* from a buffer containing a null-terminated string.
* For example, if the input buffer contained "ABtext23" and class
* contains "ABC123", the buffer will contain "text" on return.
*
* This function modifies the contents of buf in place and returns
* a pointer to buf.
*/
char *
{
char *p = buf;
char *q = buf;
return (NULL);
if (p != buf) {
while ((*q = *p++) != '\0')
++q;
}
while (q != buf) {
--q;
return (buf);
*q = '\0';
}
return (buf);
}
/*
* Strip the characters in the set defined by class from a buffer
* containing a null-terminated string.
* For example, if the input buffer contained "XYA 1textZ string3"
* and class contains "123XYZ", the buffer will contain "A text string"
* on return.
*
* This function modifies the contents of buf in place and returns
* a pointer to buf.
*/
char *
{
char *p = buf;
char *q = buf;
return (NULL);
while (*p) {
*q++ = *p++;
}
*q = '\0';
return (buf);
}
/*
* trim_whitespace
*
* Trim leading and trailing whitespace chars (as defined by isspace)
* from a buffer. Example; if the input buffer contained " text ",
* it will contain "text", when we return. We assume that the buffer
* contains a null terminated string. A pointer to the buffer is
* returned.
*/
char *
trim_whitespace(char *buf)
{
char *p = buf;
char *q = buf;
return (NULL);
while (*p && isspace(*p))
++p;
while ((*q = *p++) != 0)
++q;
if (q != buf) {
while ((--q, isspace(*q)) != 0)
*q = '\0';
}
return (buf);
}
/*
* randomize
*
* Randomize the contents of the specified buffer.
*/
void
{
unsigned tmp;
unsigned i; /*LINTED E_BAD_PTR_CAST_ALIGN*/
unsigned *p = (unsigned *)data;
for (i = 0; i < dwlen; ++i)
*p++ = random();
if (remlen) {
}
}
/*
* This is the hash mechanism used to encrypt passwords for commands like
* SamrSetUserInformation. It uses a 256 byte s-box.
*/
void
unsigned char *data,
unsigned char *key,
{
unsigned char sbox[DEFAULT_SBOX_SIZE];
unsigned char tmp;
unsigned char index_i = 0;
unsigned char index_j = 0;
unsigned char j = 0;
int i;
for (i = 0; i < DEFAULT_SBOX_SIZE; ++i)
sbox[i] = (unsigned char)i;
for (i = 0; i < DEFAULT_SBOX_SIZE; ++i) {
}
for (i = 0; i < datalen; ++i) {
index_i++;
}
}
/*
* smb_chk_hostaccess
*
* Determines whether the specified host is in the given access list.
*
* We match on aliases of the hostname as well as on the canonical name.
* Names in the access list may be either hosts or netgroups; they're
* not distinguished syntactically. We check for hosts first because
* it's cheaper (just M*N strcmp()s), then try netgroups.
*
* Function returns:
* -1 for "all" (list is empty "" or "*")
* 0 not found (host is not in the list or list is NULL)
* 1 found
*
*/
int
{
int nentries;
char *gr;
char *lasts;
char *host;
int off;
int i;
int netgroup_match;
int response;
struct nd_hostservlist *clnames;
struct sockaddr_in sa;
if (access_list == NULL)
return (0);
/*
* If access list is empty or "*" - then it's "all"
*/
return (-1);
nentries = 0;
return (1);
return (0);
}
/*
* If the list name has a '-' prepended
* then a match of the following name
* implies failure instead of success.
*/
if (*gr == '-') {
response = 0;
gr++;
} else {
response = 1;
}
/*
* The following loops through all the
* client's aliases. Usually it's just one name.
*/
/*
* If the list name begins with a dot then
* do a domain name suffix comparison.
* A single dot matches any name with no
* suffix.
*/
if (*gr == '.') {
return (response);
} else {
if (off > 0 &&
return (response);
}
}
} else {
/*
* If the list name begins with an at
* sign then do a network comparison.
*/
if (*gr == '@') {
return (response);
} else {
/*
* Just do a hostname match
*/
return (response);
}
}
}
nentries++;
}
return (netgroup_match);
}
/*
* smb_make_mask
*
* Construct a mask for an IPv4 address using the @<dotted-ip>/<len>
* syntax or use the default mask for the IP address.
*/
static uint_t
{
/*
* If the mask is specified explicitly then
* use that value, e.g.
*
* @109.104.56/28
*
* otherwise assume a mask from the zero octets
* in the least significant bits of the address, e.g.
*
* @109.104 or @109.104.0.0
*/
if (maskstr) {
: 0;
} else {
if ((addr & IN_CLASSA_HOST) == 0)
else if ((addr & IN_CLASSB_HOST) == 0)
else if ((addr & IN_CLASSC_HOST) == 0)
else
}
return (mask);
}
/*
* smb_netmatch
*
* Check to see if the address in the netbuf matches the "net"
* specified by name. The format of "name" can be:
* fully qualified domain name
* dotted IP address
* dotted IP address followed by '/<len>'
* See sharen_nfs(1M) for details.
*/
static boolean_t
{
char *mp, *p;
int i;
char buff[256];
/*
* Check if it's an IPv4 addr
*/
return (B_FALSE);
/* LINTED pointer alignment */
sizeof (struct in_addr));
if (mp)
*mp++ = '\0';
/*
* Convert a dotted IP address
* to an IP address. The conversion
* is not the same as that in inet_addr().
*/
p = name;
addr = 0;
for (i = 0; i < 4; i++) {
p = strchr(p, '.');
if (p == NULL)
break;
p++;
}
} else {
/*
* Turn the netname into
* an IP address.
*/
return (B_FALSE);
}
}
}
/*
* smb_netgroup_match
*
* Check whether any of the hostnames in clnames are
* members (or non-members) of the netgroups in glist.
* Since the innetgr lookup is rather expensive, the
* result is cached. The cached entry is valid only
* for VALID_TIME seconds. This works well because
* typically these lookups occur in clusters when
* a client is mounting.
*
* Note that this routine establishes a host membership
* in a list of netgroups - we've no idea just which
* netgroup in the list it is a member of.
*
* glist is a character array containing grc strings
* representing netgroup names (optionally prefixed
* with '-'). Each string is ended with '\0' and
* followed immediately by the next string.
*/
static boolean_t
{
char **grl;
char *gr;
char *host;
int i, j, n;
int ssize;
return (B_FALSE);
return (B_FALSE);
}
/* Check for error in syscall or NULL domain name */
if (ssize <= 1)
return (B_FALSE);
}
return (B_FALSE);
/*
* If the netgroup name has a '-' prepended
* then a match of this name implies a failure
* instead of success.
*/
/*
* Subsequent names with or without a '-' (but no mix)
* can be grouped together for a single check.
*/
break;
}
/*
* Check the netgroup for each
* of the hosts names (usually just one).
*/
1, &domain))
}
}
}
/*
* Resolve the ZFS dataset from a path.
* Returns,
* 0 = On success.
*/
int
{
char tmppath[MAXPATHLEN];
char *cp;
int rc = -1;
return (-1);
while (*cp != '\0') {
break;
break;
/*
* Ensure that there are no leading slashes
* (required for zfs_open).
*/
rc = 0;
break;
}
break;
break;
/*
* The path has multiple components.
* Remove the last component and try again.
*/
*cp = '\0';
if (tmppath[0] == '\0')
}
return (rc);
}
/*
* smb_dlopen
*
* Check to see if an interposer library exists. If it exists
* and reports a valid version number and key (UUID), return
* a handle to the library. Otherwise, return NULL.
*/
void *
smb_dlopen(void)
{
void *interposer_hdl;
typedef int (*smbex_versionfn_t)(smbex_version_t *);
return (NULL);
if (interposer_hdl == NULL)
return (NULL);
"smbex_get_version");
if ((getversion == NULL) ||
(void) dlclose(interposer_hdl);
return (NULL);
}
if ((getversion(version) != 0) ||
(void) dlclose(interposer_hdl);
return (NULL);
}
return (interposer_hdl);
}
/*
* smb_dlclose
*
* Closes handle to the interposed library.
*/
void
smb_dlclose(void *handle)
{
if (handle)
}
/*
* This function is a wrapper for getnameinfo() to look up a hostname given an
* IP address. The hostname returned by this function is used for constructing
* the service principal name field of KRB AP-REQs. Hence, it should be
* converted to lowercase for RFC 4120 section 6.2.1 conformance.
*/
int
{
struct sockaddr_in6 sin6;
struct sockaddr_in sin;
void *sp;
int rc;
salen = sizeof (struct sockaddr_in);
} else {
salen = sizeof (struct sockaddr_in6);
}
(void) smb_strlwr(hostname);
return (rc);
}
/*
* A share name is considered invalid if it contains control
* characters or any of the following characters (MSDN 236388).
*
* " / \ [ ] : | < > + ; , ? * =
*/
smb_name_validate_share(const char *sharename)
{
const char *invalid = "\"/\\[]:|<>+;,?*=";
const char *p;
return (ERROR_INVALID_PARAMETER);
return (ERROR_INVALID_NAME);
for (p = sharename; *p != '\0'; p++) {
if (iscntrl(*p))
return (ERROR_INVALID_NAME);
}
return (ERROR_SUCCESS);
}
/*
* User and group names are limited to 256 characters, cannot be terminated
* by '.' and must not contain control characters or any of the following
* characters.
*
* " / \ [ ] < > + ; , ? * = @
*/
smb_name_validate_account(const char *name)
{
const char *invalid = "\"/\\[]<>+;,?*=@";
const char *p;
int len;
return (ERROR_INVALID_PARAMETER);
return (ERROR_INVALID_NAME);
return (ERROR_INVALID_NAME);
for (p = name; *p != '\0'; p++) {
if (iscntrl(*p))
return (ERROR_INVALID_NAME);
}
return (ERROR_SUCCESS);
}
/*
* Check a domain name for RFC 1035 and 1123 compliance. Domain names may
* contain alphanumeric characters, hyphens and dots. The first and last
* character of a label must be alphanumeric. Interior characters may be
* alphanumeric or hypens.
*
* Domain names should not contain underscores but we allow them because
* Windows names are often in non-compliance with this rule.
*/
smb_name_validate_domain(const char *domain)
{
const char *p;
char label_terminator;
return (ERROR_INVALID_PARAMETER);
if (*domain == '\0')
return (ERROR_INVALID_NAME);
for (p = domain; *p != '\0'; ++p) {
if (new_label) {
if (!isalnum(*p))
return (ERROR_INVALID_NAME);
label_terminator = *p;
continue;
}
if (*p == '.') {
if (!isalnum(label_terminator))
return (ERROR_INVALID_NAME);
label_terminator = *p;
continue;
}
label_terminator = *p;
continue;
return (ERROR_INVALID_NAME);
}
if (!isalnum(label_terminator))
return (ERROR_INVALID_NAME);
return (ERROR_SUCCESS);
}
/*
* A NetBIOS domain name can contain letters (a-zA-Z), numbers (0-9) and
* hyphens.
*
* It cannot:
* - be blank or longer than 15 chracters
* - contain all numbers
* - be the same as the computer name
*/
smb_name_validate_nbdomain(const char *name)
{
char netbiosname[NETBIOS_NAME_SZ];
const char *p;
int len;
return (ERROR_INVALID_PARAMETER);
return (ERROR_INVALID_NAME);
return (ERROR_INVALID_NAME);
return (ERROR_INVALID_NAME);
}
for (p = name; *p != '\0'; ++p) {
continue;
return (ERROR_INVALID_NAME);
}
return (ERROR_SUCCESS);
}
/*
* A workgroup name can contain 1 to 15 characters but cannot be the same
* as the NetBIOS name. The name must begin with a letter or number.
*
* The name cannot consist entirely of spaces or dots, which is covered
* by the requirement that the name must begin with an alphanumeric
* character.
*
* The name must not contain control characters or any of the following
* characters.
*
* " / \ [ ] : | < > + = ; , ?
*/
smb_name_validate_workgroup(const char *workgroup)
{
char netbiosname[NETBIOS_NAME_SZ];
const char *invalid = "\"/\\[]:|<>+=;,?";
const char *p;
return (ERROR_INVALID_PARAMETER);
return (ERROR_INVALID_NAME);
return (ERROR_INVALID_NAME);
return (ERROR_INVALID_NAME);
}
return (ERROR_INVALID_NAME);
for (p = workgroup; *p != '\0'; p++) {
if (iscntrl(*p))
return (ERROR_INVALID_NAME);
}
return (ERROR_SUCCESS);
}
/*
* Check for invalid characters in the given path. The list of invalid
* characters includes control characters and the following:
*
* " / \ [ ] : | < > + ; , ? * =
*
* Since this is checking a path not each component, '/' is accepted
* as separator not an invalid character, except as the first character
* since this is supposed to be a relative path.
*/
smb_name_validate_rpath(const char *relpath)
{
char *invalid = "\"\\[]:|<>+;,?*=";
char *cp;
return (ERROR_INVALID_NAME);
return (ERROR_INVALID_NAME);
return (ERROR_INVALID_NAME);
}
return (ERROR_SUCCESS);
}
/*
* Parse a string to obtain the account and domain names as separate strings.
*
* Names containing a backslash ('\') are known as qualified or composite
* names. The string preceding the backslash should be the domain name
* and the string following the slash should be a name within that domain.
*
* Names that do not contain a backslash are known as isolated names.
* An isolated name may be a single label, such as john, or may be in
* user principal name (UPN) form, such as john@example.com.
*
* domain\name
* name
* name@domain
*
* If we encounter any of the forms above in arg, the @, / or \ separator
* is replaced by \0 and the name and domain pointers are set to point to
* the appropriate components in arg. Otherwise, name and domain pointers
* will be set to NULL.
*/
void
{
char *p;
if (*p == '@') {
*p = '\0';
++p;
*domain = p;
} else {
*p = '\0';
++p;
*account = p;
}
}
}
/*
* The txid is an arbitrary transaction. A new txid is returned on each call.
*
* 0 or -1 are not assigned so that they can be used to detect
* invalid conditions.
*/
smb_get_txid(void)
{
(void) mutex_lock(&txmutex);
if (txid == 0)
do {
++txid;
(void) mutex_unlock(&txmutex);
return (txid_ret);
}
/*
* Creates a log object and inserts it into a list of logs.
*/
{
smb_log_hdl_t handle = 0;
return (0);
sizeof (smb_loglist_item_t),
}
return (handle);
}
/*
* Keep the most recent log entries, based on max count.
* If the priority is LOG_ERR or higher then the entire log is
* dumped to a file.
*
* The date format for each message is the same as a syslog entry.
*
* The log is also added to syslog via smb_log_trace().
*/
void
{
char timebuf[SMB_TIMEBUF_SZ];
char buf[SMB_TRACEBUF_SZ];
char netbiosname[NETBIOS_NAME_SZ];
char *pri_name;
int i;
priority &= LOG_PRIMASK;
return;
} else {
return;
}
}
pri_name = "info";
for (i = 0; i < sizeof (smb_log_pri) / sizeof (smb_log_pri[0]); i++) {
break;
}
}
"%s %s smb[%d]: [ID 0 daemon.%s] %s",
}
/*
* Dumps all the logs in the log list.
*/
void
{
}
}
static void
smb_log_trace(int priority, const char *s)
{
}
static smb_log_t *
{
return (log);
}
}
return (NULL);
}
/*
* Dumps the log to a file.
*/
static void
{
return;
}
}