xref: /onnv-gate/usr/src/lib/smbsrv/libsmb/common/smb_wksids.c (revision 11963:061945695ce1) 
15331Samw /*
25331Samw  * CDDL HEADER START
35331Samw  *
45331Samw  * The contents of this file are subject to the terms of the
55331Samw  * Common Development and Distribution License (the "License").
65331Samw  * You may not use this file except in compliance with the License.
75331Samw  *
85331Samw  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
95331Samw  * or http://www.opensolaris.org/os/licensing.
105331Samw  * See the License for the specific language governing permissions
115331Samw  * and limitations under the License.
125331Samw  *
135331Samw  * When distributing Covered Code, include this CDDL HEADER in each
145331Samw  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
155331Samw  * If applicable, add the following below this CDDL HEADER, with the
165331Samw  * fields enclosed by brackets "[]" replaced with your own identifying
175331Samw  * information: Portions Copyright [yyyy] [name of copyright owner]
185331Samw  *
195331Samw  * CDDL HEADER END
205331Samw  */
215331Samw /*
2211447Samw@Sun.COM  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
235331Samw  * Use is subject to license terms.
245331Samw  */
255331Samw 
266432Sas200622 #include <stdlib.h>
275331Samw #include <string.h>
285331Samw #include <synch.h>
298474SJose.Borrego@Sun.COM #include <smbsrv/libsmb.h>
305331Samw 
318474SJose.Borrego@Sun.COM static char *wka_nbdomain[] = {
328474SJose.Borrego@Sun.COM 	"",
338474SJose.Borrego@Sun.COM 	"NT Pseudo Domain",
348474SJose.Borrego@Sun.COM 	"NT Authority",
358474SJose.Borrego@Sun.COM 	"Builtin",
369832Samw@Sun.COM 	"Internet$"
378474SJose.Borrego@Sun.COM };
388474SJose.Borrego@Sun.COM 
395331Samw /*
408474SJose.Borrego@Sun.COM  * Predefined well known accounts table
415331Samw  */
426432Sas200622 static smb_wka_t wka_tbl[] = {
438474SJose.Borrego@Sun.COM 	{ 0, "S-1-0-0",		"Null",
448474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
458474SJose.Borrego@Sun.COM 	{ 0, "S-1-1-0",		"Everyone",
468474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
478474SJose.Borrego@Sun.COM 	{ 0, "S-1-2-0",		"Local",
488474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
498474SJose.Borrego@Sun.COM 	{ 0, "S-1-3-0",		"Creator Owner",
508474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
518474SJose.Borrego@Sun.COM 	{ 0, "S-1-3-1",		"Creator Group",
528474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
538474SJose.Borrego@Sun.COM 	{ 0, "S-1-3-2",		"Creator Owner Server",
548474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
558474SJose.Borrego@Sun.COM 	{ 0, "S-1-3-3",		"Creator Group Server",
568474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
578474SJose.Borrego@Sun.COM 	{ 0, "S-1-3-4",		"Owner Rights",
588474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
5911447Samw@Sun.COM 	{ 0, "S-1-3-5",		"Group Rights",
6011447Samw@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
618474SJose.Borrego@Sun.COM 	{ 1, "S-1-5",		"NT Pseudo Domain",
628474SJose.Borrego@Sun.COM 		SidTypeDomain, 0, NULL, NULL },
638474SJose.Borrego@Sun.COM 	{ 2, "S-1-5-1",		"Dialup",
648474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
658474SJose.Borrego@Sun.COM 	{ 2, "S-1-5-2",		"Network",
668474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
678474SJose.Borrego@Sun.COM 	{ 2, "S-1-5-3",		"Batch",
688474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
698474SJose.Borrego@Sun.COM 	{ 2, "S-1-5-4",		"Interactive",
708474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
718474SJose.Borrego@Sun.COM 	{ 2, "S-1-5-6",		"Service",
728474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
738474SJose.Borrego@Sun.COM 	{ 2, "S-1-5-7",		"Anonymous",
748474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
758474SJose.Borrego@Sun.COM 	{ 2, "S-1-5-8",		"Proxy",
768474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
778474SJose.Borrego@Sun.COM 	{ 2, "S-1-5-9",		"Enterprise Domain Controllers",
788474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
798474SJose.Borrego@Sun.COM 	{ 2, "S-1-5-10",	"Self",
808474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
818474SJose.Borrego@Sun.COM 	{ 2, "S-1-5-11",	"Authenticated Users",
828474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
838474SJose.Borrego@Sun.COM 	{ 2, "S-1-5-12",	"Restricted",
848474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
858474SJose.Borrego@Sun.COM 	{ 2, "S-1-5-13",	"Terminal Server User",
868474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
878474SJose.Borrego@Sun.COM 	{ 2, "S-1-5-14",	"Remote Interactive Logon",
888474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
898474SJose.Borrego@Sun.COM 	{ 2, "S-1-5-15",	"This Organization",
908474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
918474SJose.Borrego@Sun.COM 	{ 2, "S-1-5-18",	"System",
928474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
938474SJose.Borrego@Sun.COM 	{ 2, "S-1-5-19",	"Local Service",
948474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
958474SJose.Borrego@Sun.COM 	{ 2, "S-1-5-20",	"Network Service",
968474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
978474SJose.Borrego@Sun.COM 	{ 2, "S-1-5-33",	"Write Restricted",
988474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
998474SJose.Borrego@Sun.COM 	{ 2, "S-1-5-1000",	"Other Organization",
1008474SJose.Borrego@Sun.COM 		SidTypeWellKnownGroup, 0, NULL, NULL },
1018474SJose.Borrego@Sun.COM 	{ 3, "S-1-5-32",	"Builtin",
1028474SJose.Borrego@Sun.COM 		SidTypeDomain, 0, NULL, NULL },
1038474SJose.Borrego@Sun.COM 	{ 4, "S-1-7",		"Internet$",
1048474SJose.Borrego@Sun.COM 		SidTypeDomain, 0, NULL, NULL },
1058474SJose.Borrego@Sun.COM 
1068474SJose.Borrego@Sun.COM 	{ 3, "S-1-5-32-544",	"Administrators", SidTypeAlias,
1076432Sas200622 	    SMB_WKAFLG_LGRP_ENABLE,
1086432Sas200622 	    "Members can fully administer the computer/domain", NULL },
1098474SJose.Borrego@Sun.COM 	{ 3, "S-1-5-32-545",	"Users",
1108474SJose.Borrego@Sun.COM 		SidTypeAlias, 0, NULL, NULL },
1118474SJose.Borrego@Sun.COM 	{ 3, "S-1-5-32-546",	"Guests",
1128474SJose.Borrego@Sun.COM 		SidTypeAlias, 0, NULL, NULL },
1138474SJose.Borrego@Sun.COM 	{ 3, "S-1-5-32-547",	"Power Users", SidTypeAlias,
1146432Sas200622 	    SMB_WKAFLG_LGRP_ENABLE, "Members can share directories", NULL },
1158474SJose.Borrego@Sun.COM 	{ 3, "S-1-5-32-548",	"Account Operators",
1168474SJose.Borrego@Sun.COM 		SidTypeAlias, 0, NULL, NULL },
1178474SJose.Borrego@Sun.COM 	{ 3, "S-1-5-32-549",	"Server Operators",
1188474SJose.Borrego@Sun.COM 		SidTypeAlias, 0, NULL, NULL },
1198474SJose.Borrego@Sun.COM 	{ 3, "S-1-5-32-550",	"Print Operators",
1208474SJose.Borrego@Sun.COM 		SidTypeAlias, 0, NULL, NULL },
1218474SJose.Borrego@Sun.COM 	{ 3, "S-1-5-32-551",	"Backup Operators", SidTypeAlias,
1226432Sas200622 	    SMB_WKAFLG_LGRP_ENABLE,
1236432Sas200622 	    "Members can bypass file security to back up files", NULL },
1248474SJose.Borrego@Sun.COM 	{ 3, "S-1-5-32-552",	"Replicator",
12511447Samw@Sun.COM 		SidTypeAlias, 0, NULL, NULL },
12611447Samw@Sun.COM 	{ 3, "S-1-5-32-766",	"Current Owner",
12711447Samw@Sun.COM 		SidTypeAlias, 0, NULL, NULL },
12811447Samw@Sun.COM 	{ 3, "S-1-5-32-767",	"Current Group",
12911447Samw@Sun.COM 		SidTypeAlias, 0, NULL, NULL },
1305331Samw };
1315331Samw 
1326432Sas200622 #define	SMB_WKA_NUM	(sizeof (wka_tbl)/sizeof (wka_tbl[0]))
1335331Samw 
134*11963SAfshin.Ardakani@Sun.COM static int smb_wka_init(void);
135*11963SAfshin.Ardakani@Sun.COM static void smb_wka_fini(void);
136*11963SAfshin.Ardakani@Sun.COM 
1375331Samw /*
1388670SJose.Borrego@Sun.COM  * Looks up well known accounts table for the given SID.
1398670SJose.Borrego@Sun.COM  * Upon success returns a pointer to the account entry in
1408670SJose.Borrego@Sun.COM  * the table, otherwise returns NULL.
1415331Samw  */
1426432Sas200622 smb_wka_t *
smb_wka_lookup_sid(smb_sid_t * sid)1438670SJose.Borrego@Sun.COM smb_wka_lookup_sid(smb_sid_t *sid)
1445331Samw {
1456432Sas200622 	smb_wka_t *entry;
1465331Samw 	int i;
1475331Samw 
148*11963SAfshin.Ardakani@Sun.COM 	if (!smb_wka_init())
149*11963SAfshin.Ardakani@Sun.COM 		return (NULL);
1508670SJose.Borrego@Sun.COM 
1516432Sas200622 	for (i = 0; i < SMB_WKA_NUM; ++i) {
1526432Sas200622 		entry = &wka_tbl[i];
153*11963SAfshin.Ardakani@Sun.COM 
154*11963SAfshin.Ardakani@Sun.COM 		if (entry->wka_binsid == NULL)
155*11963SAfshin.Ardakani@Sun.COM 			return (NULL);
156*11963SAfshin.Ardakani@Sun.COM 
157*11963SAfshin.Ardakani@Sun.COM 		if (smb_sid_cmp(sid, entry->wka_binsid))
1585331Samw 			return (entry);
1595331Samw 	}
1605331Samw 
1616432Sas200622 	return (NULL);
1625331Samw }
1635331Samw 
1645331Samw /*
1658670SJose.Borrego@Sun.COM  * Looks up well known accounts table for the given name.
1668670SJose.Borrego@Sun.COM  * Upon success returns a pointer to the binary SID of the
1678670SJose.Borrego@Sun.COM  * entry, otherwise returns NULL.
1685331Samw  */
1698670SJose.Borrego@Sun.COM smb_sid_t *
smb_wka_get_sid(const char * name)17011447Samw@Sun.COM smb_wka_get_sid(const char *name)
1715331Samw {
1728670SJose.Borrego@Sun.COM 	smb_wka_t *entry;
1738670SJose.Borrego@Sun.COM 	smb_sid_t *sid = NULL;
1745331Samw 
175*11963SAfshin.Ardakani@Sun.COM 	if (!smb_wka_init())
176*11963SAfshin.Ardakani@Sun.COM 		return (NULL);
177*11963SAfshin.Ardakani@Sun.COM 
1788670SJose.Borrego@Sun.COM 	if ((entry = smb_wka_lookup_name(name)) != NULL)
1798670SJose.Borrego@Sun.COM 		sid = entry->wka_binsid;
1805331Samw 
1818670SJose.Borrego@Sun.COM 	return (sid);
1825331Samw }
1835331Samw 
1845331Samw /*
1858670SJose.Borrego@Sun.COM  * Looks up well known accounts table for the given name.
1868670SJose.Borrego@Sun.COM  * Upon success returns a pointer to the account entry in
1878670SJose.Borrego@Sun.COM  * the table, otherwise returns NULL.
1885331Samw  */
1898670SJose.Borrego@Sun.COM smb_wka_t *
smb_wka_lookup_name(const char * name)19011447Samw@Sun.COM smb_wka_lookup_name(const char *name)
1915331Samw {
1926432Sas200622 	smb_wka_t *entry;
1935331Samw 	int i;
1945331Samw 
1956432Sas200622 	for (i = 0; i < SMB_WKA_NUM; ++i) {
1966432Sas200622 		entry = &wka_tbl[i];
197*11963SAfshin.Ardakani@Sun.COM 
198*11963SAfshin.Ardakani@Sun.COM 		if (!smb_strcasecmp(name, entry->wka_name, 0))
1998670SJose.Borrego@Sun.COM 			return (entry);
2005331Samw 	}
2015331Samw 
2026432Sas200622 	return (NULL);
2035331Samw }
2045331Samw 
2055331Samw /*
20611447Samw@Sun.COM  * Lookup a name in the BUILTIN domain.
20711447Samw@Sun.COM  */
20811447Samw@Sun.COM smb_wka_t *
smb_wka_lookup_builtin(const char * name)20911447Samw@Sun.COM smb_wka_lookup_builtin(const char *name)
21011447Samw@Sun.COM {
21111447Samw@Sun.COM 	smb_wka_t	*entry;
21211447Samw@Sun.COM 	int		i;
21311447Samw@Sun.COM 
21411447Samw@Sun.COM 	for (i = 0; i < SMB_WKA_NUM; ++i) {
21511447Samw@Sun.COM 		entry = &wka_tbl[i];
21611447Samw@Sun.COM 
21711447Samw@Sun.COM 		if (entry->wka_domidx != 3)
21811447Samw@Sun.COM 			continue;
21911447Samw@Sun.COM 
220*11963SAfshin.Ardakani@Sun.COM 		if (!smb_strcasecmp(name, entry->wka_name, 0))
22111447Samw@Sun.COM 			return (entry);
22211447Samw@Sun.COM 	}
22311447Samw@Sun.COM 
22411447Samw@Sun.COM 	return (NULL);
22511447Samw@Sun.COM }
22611447Samw@Sun.COM 
22711447Samw@Sun.COM /*
2288474SJose.Borrego@Sun.COM  * Returns the Netbios domain name for the given index
2298474SJose.Borrego@Sun.COM  */
2308474SJose.Borrego@Sun.COM char *
smb_wka_get_domain(int idx)2318474SJose.Borrego@Sun.COM smb_wka_get_domain(int idx)
2328474SJose.Borrego@Sun.COM {
2338474SJose.Borrego@Sun.COM 	if ((idx >= 0) && (idx < SMB_WKA_NUM))
2348474SJose.Borrego@Sun.COM 		return (wka_nbdomain[idx]);
2358474SJose.Borrego@Sun.COM 
2368474SJose.Borrego@Sun.COM 	return (NULL);
2378474SJose.Borrego@Sun.COM }
2388474SJose.Borrego@Sun.COM 
2399832Samw@Sun.COM /*
2409832Samw@Sun.COM  * This function adds well known groups to groups in a user's
2419832Samw@Sun.COM  * access token (gids).
2429832Samw@Sun.COM  *
2439832Samw@Sun.COM  * "Network" SID is added for all users connecting over CIFS.
2449832Samw@Sun.COM  *
2459832Samw@Sun.COM  * "Authenticated Users" SID is added for all users except Guest
2469832Samw@Sun.COM  * and Anonymous.
2479832Samw@Sun.COM  *
2489832Samw@Sun.COM  * "Guests" SID is added for guest users and Administrators SID
2499832Samw@Sun.COM  * is added for admin users.
2509832Samw@Sun.COM  */
2518670SJose.Borrego@Sun.COM uint32_t
smb_wka_token_groups(uint32_t flags,smb_ids_t * gids)2529832Samw@Sun.COM smb_wka_token_groups(uint32_t flags, smb_ids_t *gids)
2538670SJose.Borrego@Sun.COM {
2548670SJose.Borrego@Sun.COM 	smb_id_t *id;
2558670SJose.Borrego@Sun.COM 	int total_cnt;
2568670SJose.Borrego@Sun.COM 
2579832Samw@Sun.COM 	total_cnt = gids->i_cnt + 3;
2588670SJose.Borrego@Sun.COM 
2598670SJose.Borrego@Sun.COM 	gids->i_ids = realloc(gids->i_ids, total_cnt * sizeof (smb_id_t));
2608670SJose.Borrego@Sun.COM 	if (gids->i_ids == NULL)
2618670SJose.Borrego@Sun.COM 		return (NT_STATUS_NO_MEMORY);
2628670SJose.Borrego@Sun.COM 
2638670SJose.Borrego@Sun.COM 	id = gids->i_ids + gids->i_cnt;
2649832Samw@Sun.COM 	id->i_sid = smb_sid_dup(smb_wka_get_sid("Network"));
2659832Samw@Sun.COM 	id->i_attrs = 0x7;
2669832Samw@Sun.COM 	if (id->i_sid == NULL)
2679832Samw@Sun.COM 		return (NT_STATUS_NO_MEMORY);
2689832Samw@Sun.COM 	id++;
2699832Samw@Sun.COM 	gids->i_cnt++;
2709832Samw@Sun.COM 
2719832Samw@Sun.COM 	if ((flags & SMB_ATF_ANON) == 0) {
2729832Samw@Sun.COM 		if (flags & SMB_ATF_GUEST)
2739832Samw@Sun.COM 			id->i_sid = smb_sid_dup(smb_wka_get_sid("Guests"));
2749832Samw@Sun.COM 		else
2759832Samw@Sun.COM 			id->i_sid =
2769832Samw@Sun.COM 			    smb_sid_dup(smb_wka_get_sid("Authenticated Users"));
2778670SJose.Borrego@Sun.COM 		id->i_attrs = 0x7;
2788670SJose.Borrego@Sun.COM 		if (id->i_sid == NULL)
2798670SJose.Borrego@Sun.COM 			return (NT_STATUS_NO_MEMORY);
2809832Samw@Sun.COM 		id++;
2819832Samw@Sun.COM 		gids->i_cnt++;
2829832Samw@Sun.COM 	}
2839832Samw@Sun.COM 
2849832Samw@Sun.COM 	if (flags & SMB_ATF_ADMIN) {
2859832Samw@Sun.COM 		id->i_sid = smb_sid_dup(smb_wka_get_sid("Administrators"));
2869832Samw@Sun.COM 		id->i_attrs = 0x7;
2879832Samw@Sun.COM 		if (id->i_sid == NULL)
2889832Samw@Sun.COM 			return (NT_STATUS_NO_MEMORY);
2899832Samw@Sun.COM 		gids->i_cnt++;
2908670SJose.Borrego@Sun.COM 	}
2918670SJose.Borrego@Sun.COM 
2928670SJose.Borrego@Sun.COM 	return (NT_STATUS_SUCCESS);
2938670SJose.Borrego@Sun.COM }
2948670SJose.Borrego@Sun.COM 
2958474SJose.Borrego@Sun.COM /*
296*11963SAfshin.Ardakani@Sun.COM  * Generate binary SIDs from the string SIDs for the well-known
297*11963SAfshin.Ardakani@Sun.COM  * accounts table.  Callers MUST not free the binary SID pointer.
2985331Samw  */
299*11963SAfshin.Ardakani@Sun.COM static int
smb_wka_init(void)3006432Sas200622 smb_wka_init(void)
3015331Samw {
302*11963SAfshin.Ardakani@Sun.COM 	static boolean_t wka_init = B_FALSE;
303*11963SAfshin.Ardakani@Sun.COM 	static mutex_t	wka_mutex;
304*11963SAfshin.Ardakani@Sun.COM 	smb_wka_t	*entry;
305*11963SAfshin.Ardakani@Sun.COM 	int		i;
3065331Samw 
307*11963SAfshin.Ardakani@Sun.COM 	(void) mutex_lock(&wka_mutex);
308*11963SAfshin.Ardakani@Sun.COM 	if (wka_init) {
309*11963SAfshin.Ardakani@Sun.COM 		(void) mutex_unlock(&wka_mutex);
310*11963SAfshin.Ardakani@Sun.COM 		return (B_TRUE);
3115331Samw 	}
3125331Samw 
3136432Sas200622 	for (i = 0; i < SMB_WKA_NUM; ++i) {
3146432Sas200622 		entry = &wka_tbl[i];
315*11963SAfshin.Ardakani@Sun.COM 
3166432Sas200622 		entry->wka_binsid = smb_sid_fromstr(entry->wka_sid);
3176432Sas200622 		if (entry->wka_binsid == NULL) {
3186432Sas200622 			smb_wka_fini();
319*11963SAfshin.Ardakani@Sun.COM 			(void) mutex_unlock(&wka_mutex);
320*11963SAfshin.Ardakani@Sun.COM 			return (B_FALSE);
3215331Samw 		}
3225331Samw 	}
3235331Samw 
324*11963SAfshin.Ardakani@Sun.COM 	wka_init = B_TRUE;
325*11963SAfshin.Ardakani@Sun.COM 	(void) mutex_unlock(&wka_mutex);
326*11963SAfshin.Ardakani@Sun.COM 	return (B_TRUE);
3275331Samw }
3285331Samw 
329*11963SAfshin.Ardakani@Sun.COM /*
330*11963SAfshin.Ardakani@Sun.COM  * Private cleanup for smb_wka_init.
331*11963SAfshin.Ardakani@Sun.COM  */
332*11963SAfshin.Ardakani@Sun.COM static void
smb_wka_fini(void)3336432Sas200622 smb_wka_fini(void)
3345331Samw {
3355331Samw 	int i;
3365331Samw 
3376432Sas200622 	for (i = 0; i < SMB_WKA_NUM; ++i) {
3386432Sas200622 		if (wka_tbl[i].wka_binsid) {
3396432Sas200622 			free(wka_tbl[i].wka_binsid);
3406432Sas200622 			wka_tbl[i].wka_binsid = NULL;
3415331Samw 		}
3425331Samw 	}
3435331Samw }
344