fs/smbsrv/smb_idmap.c

b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * CDDL HEADER START
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * The contents of this file are subject to the terms of the
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Common Development and Distribution License (the "License").
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * You may not use this file except in compliance with the License.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * or http://www.opensolaris.org/os/licensing.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * See the License for the specific language governing permissions
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * and limitations under the License.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * When distributing Covered Code, include this CDDL HEADER in each
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * If applicable, add the following below this CDDL HEADER, with the
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * fields enclosed by brackets "[]" replaced with your own identifying
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * information: Portions Copyright [yyyy] [name of copyright owner]
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * CDDL HEADER END
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Copyright 2013 Nexenta Systems, Inc.  All rights reserved.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * SMB server interface to idmap
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * (smb_idmap_get..., smb_idmap_batch_...)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * There are three implementations of this interface:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *  uts/common/fs/smbsrv/smb_idmap.c (smbsrv kmod)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *  lib/smbsrv/libfksmbsrv/common/fksmb_idmap.c (libfksmbsrv)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *  lib/smbsrv/libsmb/common/smb_idmap.c (libsmb)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * There are enough differences (relative to the code size)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * that it's more trouble than it's worth to merge them.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * This one differs from the others in that it:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *  calls kernel (kidmap_...) interfaces
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *  domain SIDs are shared, not strdup'ed
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * SMB ID mapping
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Solaris ID mapping service (aka Winchester) works with domain SIDs
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * and RIDs where domain SIDs are in string format. CIFS service works
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * with binary SIDs understandable by CIFS clients. A layer of SMB ID
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * mapping functions are implemeted to hide the SID conversion details
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * and also hide the handling of array of batch mapping requests.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <sys/param.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <sys/types.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <sys/tzfile.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <sys/atomic.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <sys/kidmap.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <sys/time.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <sys/spl.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <sys/random.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <smbsrv/smb_kproto.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <smbsrv/smb_fsops.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <smbsrv/smbinfo.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <smbsrv/smb_xdr.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <smbsrv/smb_vops.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <smbsrv/smb_idmap.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <sys/sid.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <sys/priv_names.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rossstatic int smb_idmap_batch_binsid(smb_idmap_batch_t *sib);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * smb_idmap_getsid
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Maps the given Solaris ID to a Windows SID using the
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * simple mapping API.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rossidmap_stat
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rosssmb_idmap_getsid(uid_t id, int idtype, smb_sid_t **sid)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross{
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    smb_idmap_t sim;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    switch (idtype) {
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    case SMB_IDMAP_USER:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        sim.sim_stat = kidmap_getsidbyuid(global_zone, id,
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            (const char **)&sim.sim_domsid, &sim.sim_rid);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        break;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    case SMB_IDMAP_GROUP:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        sim.sim_stat = kidmap_getsidbygid(global_zone, id,
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            (const char **)&sim.sim_domsid, &sim.sim_rid);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        break;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    case SMB_IDMAP_EVERYONE:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        /* Everyone S-1-1-0 */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        sim.sim_domsid = "S-1-1";
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        sim.sim_rid = 0;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        sim.sim_stat = IDMAP_SUCCESS;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        break;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    default:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        ASSERT(0);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        return (IDMAP_ERR_ARG);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    }
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    if (sim.sim_stat != IDMAP_SUCCESS)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        return (sim.sim_stat);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    if (sim.sim_domsid == NULL)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        return (IDMAP_ERR_NOMAPPING);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    sim.sim_sid = smb_sid_fromstr(sim.sim_domsid);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    if (sim.sim_sid == NULL)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        return (IDMAP_ERR_INTERNAL);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    *sid = smb_sid_splice(sim.sim_sid, sim.sim_rid);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    smb_sid_free(sim.sim_sid);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    if (*sid == NULL)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        sim.sim_stat = IDMAP_ERR_INTERNAL;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    return (sim.sim_stat);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross}
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * smb_idmap_getid
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Maps the given Windows SID to a Unix ID using the
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * simple mapping API.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rossidmap_stat
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rosssmb_idmap_getid(smb_sid_t *sid, uid_t *id, int *idtype)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross{
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    smb_idmap_t sim;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    char sidstr[SMB_SID_STRSZ];
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    smb_sid_tostr(sid, sidstr);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    if (smb_sid_splitstr(sidstr, &sim.sim_rid) != 0)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        return (IDMAP_ERR_SID);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    sim.sim_domsid = sidstr;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    sim.sim_id = id;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    switch (*idtype) {
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    case SMB_IDMAP_USER:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        sim.sim_stat = kidmap_getuidbysid(global_zone, sim.sim_domsid,
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            sim.sim_rid, sim.sim_id);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        break;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    case SMB_IDMAP_GROUP:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        sim.sim_stat = kidmap_getgidbysid(global_zone, sim.sim_domsid,
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            sim.sim_rid, sim.sim_id);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        break;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    case SMB_IDMAP_UNKNOWN:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        sim.sim_stat = kidmap_getpidbysid(global_zone, sim.sim_domsid,
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            sim.sim_rid, sim.sim_id, &sim.sim_idtype);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        break;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    default:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        ASSERT(0);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        return (IDMAP_ERR_ARG);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    }
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    *idtype = sim.sim_idtype;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    return (sim.sim_stat);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross}
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * smb_idmap_batch_create
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Creates and initializes the context for batch ID mapping.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rossidmap_stat
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rosssmb_idmap_batch_create(smb_idmap_batch_t *sib, uint16_t nmap, int flags)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross{
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    ASSERT(sib);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    bzero(sib, sizeof (smb_idmap_batch_t));
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    sib->sib_idmaph = kidmap_get_create(global_zone);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    sib->sib_flags = flags;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    sib->sib_nmap = nmap;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    sib->sib_size = nmap * sizeof (smb_idmap_t);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    sib->sib_maps = kmem_zalloc(sib->sib_size, KM_SLEEP);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    return (IDMAP_SUCCESS);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross}
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * smb_idmap_batch_destroy
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Frees the batch ID mapping context.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * If ID mapping is Solaris -> Windows it frees memories
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * allocated for binary SIDs.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rossvoid
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rosssmb_idmap_batch_destroy(smb_idmap_batch_t *sib)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross{
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    char *domsid;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    int i;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    ASSERT(sib);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    ASSERT(sib->sib_maps);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    if (sib->sib_idmaph)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        kidmap_get_destroy(sib->sib_idmaph);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    if (sib->sib_flags & SMB_IDMAP_ID2SID) {
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        /*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross         * SIDs are allocated only when mapping
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross         * UID/GID to SIDs
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross         */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        for (i = 0; i < sib->sib_nmap; i++)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            smb_sid_free(sib->sib_maps[i].sim_sid);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    } else if (sib->sib_flags & SMB_IDMAP_SID2ID) {
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        /*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross         * SID prefixes are allocated only when mapping
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross         * SIDs to UID/GID
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross         */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        for (i = 0; i < sib->sib_nmap; i++) {
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            domsid = sib->sib_maps[i].sim_domsid;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            if (domsid)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross                smb_mem_free(domsid);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        }
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    }
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    if (sib->sib_size && sib->sib_maps)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        kmem_free(sib->sib_maps, sib->sib_size);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross}
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * smb_idmap_batch_getid
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Queue a request to map the given SID to a UID or GID.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * sim->sim_id should point to variable that's supposed to
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * hold the returned UID/GID. This needs to be setup by caller
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * of this function.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * If requested ID type is known, it's passed as 'idtype',
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * if it's unknown it'll be returned in sim->sim_idtype.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rossidmap_stat
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rosssmb_idmap_batch_getid(idmap_get_handle_t *idmaph, smb_idmap_t *sim,
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    smb_sid_t *sid, int idtype)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross{
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    char strsid[SMB_SID_STRSZ];
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    idmap_stat idm_stat;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    ASSERT(idmaph);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    ASSERT(sim);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    ASSERT(sid);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    smb_sid_tostr(sid, strsid);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    if (smb_sid_splitstr(strsid, &sim->sim_rid) != 0)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        return (IDMAP_ERR_SID);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    sim->sim_domsid = smb_mem_strdup(strsid);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    switch (idtype) {
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    case SMB_IDMAP_USER:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        idm_stat = kidmap_batch_getuidbysid(idmaph, sim->sim_domsid,
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            sim->sim_rid, sim->sim_id, &sim->sim_stat);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        break;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    case SMB_IDMAP_GROUP:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        idm_stat = kidmap_batch_getgidbysid(idmaph, sim->sim_domsid,
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            sim->sim_rid, sim->sim_id, &sim->sim_stat);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        break;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    case SMB_IDMAP_UNKNOWN:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        idm_stat = kidmap_batch_getpidbysid(idmaph, sim->sim_domsid,
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            sim->sim_rid, sim->sim_id, &sim->sim_idtype,
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            &sim->sim_stat);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        break;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    default:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        ASSERT(0);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        return (IDMAP_ERR_ARG);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    }
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    return (idm_stat);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross}
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * smb_idmap_batch_getsid
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Queue a request to map the given UID/GID to a SID.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * sim->sim_domsid and sim->sim_rid will contain the mapping
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * result upon successful process of the batched request.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rossidmap_stat
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rosssmb_idmap_batch_getsid(idmap_get_handle_t *idmaph, smb_idmap_t *sim,
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    uid_t id, int idtype)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross{
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    idmap_stat idm_stat;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    switch (idtype) {
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    case SMB_IDMAP_USER:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        idm_stat = kidmap_batch_getsidbyuid(idmaph, id,
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            (const char **)&sim->sim_domsid, &sim->sim_rid,
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            &sim->sim_stat);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        break;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    case SMB_IDMAP_GROUP:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        idm_stat = kidmap_batch_getsidbygid(idmaph, id,
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            (const char **)&sim->sim_domsid, &sim->sim_rid,
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            &sim->sim_stat);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        break;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    case SMB_IDMAP_OWNERAT:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        /* Current Owner S-1-5-32-766 */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        sim->sim_domsid = NT_BUILTIN_DOMAIN_SIDSTR;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        sim->sim_rid = SECURITY_CURRENT_OWNER_RID;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        sim->sim_stat = IDMAP_SUCCESS;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        idm_stat = IDMAP_SUCCESS;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        break;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    case SMB_IDMAP_GROUPAT:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        /* Current Group S-1-5-32-767 */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        sim->sim_domsid = NT_BUILTIN_DOMAIN_SIDSTR;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        sim->sim_rid = SECURITY_CURRENT_GROUP_RID;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        sim->sim_stat = IDMAP_SUCCESS;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        idm_stat = IDMAP_SUCCESS;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        break;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    case SMB_IDMAP_EVERYONE:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        /* Everyone S-1-1-0 */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        sim->sim_domsid = NT_WORLD_AUTH_SIDSTR;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        sim->sim_rid = 0;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        sim->sim_stat = IDMAP_SUCCESS;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        idm_stat = IDMAP_SUCCESS;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        break;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    default:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        ASSERT(0);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        return (IDMAP_ERR_ARG);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    }
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    return (idm_stat);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross}
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * smb_idmap_batch_getmappings
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * trigger ID mapping service to get the mappings for queued
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * requests.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Checks the result of all the queued requests.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * If this is a Solaris -> Windows mapping it generates
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * binary SIDs from returned (domsid, rid) pairs.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rossidmap_stat
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rosssmb_idmap_batch_getmappings(smb_idmap_batch_t *sib)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross{
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    idmap_stat idm_stat = IDMAP_SUCCESS;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    int i;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    idm_stat = kidmap_get_mappings(sib->sib_idmaph);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    if (idm_stat != IDMAP_SUCCESS)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        return (idm_stat);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    /*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross     * Check the status for all the queued requests
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross     */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    for (i = 0; i < sib->sib_nmap; i++) {
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        if (sib->sib_maps[i].sim_stat != IDMAP_SUCCESS)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            return (sib->sib_maps[i].sim_stat);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    }
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    if (smb_idmap_batch_binsid(sib) != 0)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        idm_stat = IDMAP_ERR_OTHER;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    return (idm_stat);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross}
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * smb_idmap_batch_binsid
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Convert sidrids to binary sids
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Returns 0 if successful and non-zero upon failure.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rossstatic int
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rosssmb_idmap_batch_binsid(smb_idmap_batch_t *sib)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross{
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    smb_sid_t *sid;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    smb_idmap_t *sim;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    int i;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    if (sib->sib_flags & SMB_IDMAP_SID2ID)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        /* This operation is not required */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        return (0);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    sim = sib->sib_maps;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    for (i = 0; i < sib->sib_nmap; sim++, i++) {
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        ASSERT(sim->sim_domsid);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        if (sim->sim_domsid == NULL)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            return (1);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        if ((sid = smb_sid_fromstr(sim->sim_domsid)) == NULL)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            return (1);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        sim->sim_sid = smb_sid_splice(sid, sim->sim_rid);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        smb_sid_free(sid);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    }
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    return (0);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross}