libsmb/common/smb_wksids.c

	smb_wksids.c revision 29bd28862cfb8abbd3a0f0a4b17e08bbc3652836
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe/*
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe * CDDL HEADER START
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe *
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe * The contents of this file are subject to the terms of the
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe * Common Development and Distribution License (the "License").
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe * You may not use this file except in compliance with the License.
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe *
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe * or http://www.opensolaris.org/os/licensing.
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe * See the License for the specific language governing permissions
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe * and limitations under the License.
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe *
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe * When distributing Covered Code, include this CDDL HEADER in each
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe * If applicable, add the following below this CDDL HEADER, with the
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe * fields enclosed by brackets "[]" replaced with your own identifying
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe * information: Portions Copyright [yyyy] [name of copyright owner]
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe *
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe * CDDL HEADER END
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe */
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe/*
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe * Use is subject to license terms.
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe */
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe#include <stdlib.h>
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe#include <string.h>
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe#include <synch.h>
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe#include <smbsrv/libsmb.h>
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowestatic int wk_init = 0;
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowestatic rwlock_t wk_rwlock;
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowestatic char *wka_nbdomain[] = {
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    "",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    "NT Pseudo Domain",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    "NT Authority",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    "Builtin",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    "Internet$"
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe};
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe/*
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe * Predefined well known accounts table
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe */
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowestatic smb_wka_t wka_tbl[] = {
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe    { 0, "S-1-0-0",     "Null",
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 0, "S-1-1-0",     "Everyone",
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 0, "S-1-2-0",     "Local",
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 0, "S-1-3-0",     "Creator Owner",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe    { 0, "S-1-3-1",     "Creator Group",
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe    { 0, "S-1-3-2",     "Creator Owner Server",
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe    { 0, "S-1-3-3",     "Creator Group Server",
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe    { 0, "S-1-3-4",     "Owner Rights",
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe    { 1, "S-1-5",       "NT Pseudo Domain",
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe        SidTypeDomain, 0, NULL, NULL },
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe    { 2, "S-1-5-1",     "Dialup",
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe    { 2, "S-1-5-2",     "Network",
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe    { 2, "S-1-5-3",     "Batch",
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 2, "S-1-5-4",     "Interactive",
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe    { 2, "S-1-5-6",     "Service",
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe    { 2, "S-1-5-7",     "Anonymous",
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe    { 2, "S-1-5-8",     "Proxy",
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe    { 2, "S-1-5-9",     "Enterprise Domain Controllers",
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 2, "S-1-5-10",    "Self",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 2, "S-1-5-11",    "Authenticated Users",
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 2, "S-1-5-12",    "Restricted",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 2, "S-1-5-13",    "Terminal Server User",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 2, "S-1-5-14",    "Remote Interactive Logon",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe    { 2, "S-1-5-15",    "This Organization",
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 2, "S-1-5-18",    "System",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 2, "S-1-5-19",    "Local Service",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 2, "S-1-5-20",    "Network Service",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 2, "S-1-5-33",    "Write Restricted",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe    { 2, "S-1-5-1000",  "Other Organization",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        SidTypeWellKnownGroup, 0, NULL, NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 3, "S-1-5-32",    "Builtin",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        SidTypeDomain, 0, NULL, NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 4, "S-1-7",       "Internet$",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        SidTypeDomain, 0, NULL, NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 3, "S-1-5-32-544",    "Administrators", SidTypeAlias,
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        SMB_WKAFLG_LGRP_ENABLE,
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        "Members can fully administer the computer/domain", NULL },
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe    { 3, "S-1-5-32-545",    "Users",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        SidTypeAlias, 0, NULL, NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 3, "S-1-5-32-546",    "Guests",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        SidTypeAlias, 0, NULL, NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 3, "S-1-5-32-547",    "Power Users", SidTypeAlias,
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        SMB_WKAFLG_LGRP_ENABLE, "Members can share directories", NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 3, "S-1-5-32-548",    "Account Operators",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        SidTypeAlias, 0, NULL, NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 3, "S-1-5-32-549",    "Server Operators",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        SidTypeAlias, 0, NULL, NULL },
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe    { 3, "S-1-5-32-550",    "Print Operators",
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe        SidTypeAlias, 0, NULL, NULL },
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe    { 3, "S-1-5-32-551",    "Backup Operators", SidTypeAlias,
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        SMB_WKAFLG_LGRP_ENABLE,
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        "Members can bypass file security to back up files", NULL },
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe    { 3, "S-1-5-32-552",    "Replicator",
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe        SidTypeAlias, 0, NULL, NULL }
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe};
07dc1947c362e187fb955d283b692f8769dd5defRichard Lowe
49d3bc91e27cd871b950d56c01398fa2f2e12ab4Richard Lowe#define SMB_WKA_NUM (sizeof (wka_tbl)/sizeof (wka_tbl[0]))

/*
 * Looks up well known accounts table for the given SID.
 * Upon success returns a pointer to the account entry in
 * the table, otherwise returns NULL.
 */
smb_wka_t *
smb_wka_lookup_sid(smb_sid_t *sid)
{
    smb_wka_t *entry;
    int i;

    (void) rw_rdlock(&wk_rwlock);

    for (i = 0; i < SMB_WKA_NUM; ++i) {
        entry = &wka_tbl[i];
        if (smb_sid_cmp(sid, entry->wka_binsid)) {
            (void) rw_unlock(&wk_rwlock);
            return (entry);
        }
    }

    (void) rw_unlock(&wk_rwlock);
    return (NULL);
}


/*
 * Looks up well known accounts table for the given name.
 * Upon success returns a pointer to the binary SID of the
 * entry, otherwise returns NULL.
 */
smb_sid_t *
smb_wka_get_sid(char *name)
{
    smb_wka_t *entry;
    smb_sid_t *sid = NULL;

    if ((entry = smb_wka_lookup_name(name)) != NULL)
        sid = entry->wka_binsid;

    return (sid);
}

/*
 * Looks up well known accounts table for the given name.
 * Upon success returns a pointer to the account entry in
 * the table, otherwise returns NULL.
 */
smb_wka_t *
smb_wka_lookup_name(char *name)
{
    smb_wka_t *entry;
    int i;

    (void) rw_rdlock(&wk_rwlock);
    for (i = 0; i < SMB_WKA_NUM; ++i) {
        entry = &wka_tbl[i];
        if (!utf8_strcasecmp(name, entry->wka_name)) {
            (void) rw_unlock(&wk_rwlock);
            return (entry);
        }
    }

    (void) rw_unlock(&wk_rwlock);
    return (NULL);
}

/*
 * Returns the Netbios domain name for the given index
 */
char *
smb_wka_get_domain(int idx)
{
    if ((idx >= 0) && (idx < SMB_WKA_NUM))
        return (wka_nbdomain[idx]);

    return (NULL);
}

/*
 * This function adds well known groups to groups in a user's
 * access token (gids).
 *
 * "Network" SID is added for all users connecting over CIFS.
 *
 * "Authenticated Users" SID is added for all users except Guest
 * and Anonymous.
 *
 * "Guests" SID is added for guest users and Administrators SID
 * is added for admin users.
 */
uint32_t
smb_wka_token_groups(uint32_t flags, smb_ids_t *gids)
{
    smb_id_t *id;
    int total_cnt;

    total_cnt = gids->i_cnt + 3;

    gids->i_ids = realloc(gids->i_ids, total_cnt * sizeof (smb_id_t));
    if (gids->i_ids == NULL)
        return (NT_STATUS_NO_MEMORY);

    id = gids->i_ids + gids->i_cnt;
    id->i_sid = smb_sid_dup(smb_wka_get_sid("Network"));
    id->i_attrs = 0x7;
    if (id->i_sid == NULL)
        return (NT_STATUS_NO_MEMORY);
    id++;
    gids->i_cnt++;

    if ((flags & SMB_ATF_ANON) == 0) {
        if (flags & SMB_ATF_GUEST)
            id->i_sid = smb_sid_dup(smb_wka_get_sid("Guests"));
        else
            id->i_sid =
                smb_sid_dup(smb_wka_get_sid("Authenticated Users"));
        id->i_attrs = 0x7;
        if (id->i_sid == NULL)
            return (NT_STATUS_NO_MEMORY);
        id++;
        gids->i_cnt++;
    }

    if (flags & SMB_ATF_ADMIN) {
        id->i_sid = smb_sid_dup(smb_wka_get_sid("Administrators"));
        id->i_attrs = 0x7;
        if (id->i_sid == NULL)
            return (NT_STATUS_NO_MEMORY);
        gids->i_cnt++;
    }

    return (NT_STATUS_SUCCESS);
}

/*
 * smb_wka_init
 *
 * Generate binary SIDs from the string SIDs in the table
 * and set the proper field.
 *
 * Caller MUST not store the binary SID pointer anywhere that
 * could lead to freeing it.
 *
 * This function should only be called once.
 */
int
smb_wka_init(void)
{
    smb_wka_t *entry;
    int i;

    (void) rw_wrlock(&wk_rwlock);
    if (wk_init) {
        (void) rw_unlock(&wk_rwlock);
        return (1);
    }

    for (i = 0; i < SMB_WKA_NUM; ++i) {
        entry = &wka_tbl[i];
        entry->wka_binsid = smb_sid_fromstr(entry->wka_sid);
        if (entry->wka_binsid == NULL) {
            (void) rw_unlock(&wk_rwlock);
            smb_wka_fini();
            return (0);
        }
    }

    wk_init = 1;
    (void) rw_unlock(&wk_rwlock);
    return (1);
}

void
smb_wka_fini(void)
{
    int i;

    (void) rw_wrlock(&wk_rwlock);
    if (wk_init == 0) {
        (void) rw_unlock(&wk_rwlock);
        return;
    }

    for (i = 0; i < SMB_WKA_NUM; ++i) {
        if (wka_tbl[i].wka_binsid) {
            free(wka_tbl[i].wka_binsid);
            wka_tbl[i].wka_binsid = NULL;
        }
    }

    wk_init = 0;
    (void) rw_unlock(&wk_rwlock);
}