1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23 */
24
25 #include <syslog.h>
26 #include <strings.h>
27 #include <smbsrv/libsmb.h>
28
29 static int smb_idmap_batch_binsid(smb_idmap_batch_t *sib);
30
31 /*
32 * Report an idmap error.
33 */
34 void
smb_idmap_check(const char * s,idmap_stat stat)35 smb_idmap_check(const char *s, idmap_stat stat)
36 {
37 if (stat != IDMAP_SUCCESS) {
38 if (s == NULL)
39 s = "smb_idmap_check";
40
41 syslog(LOG_ERR, "%s: %s", s, idmap_stat2string(stat));
42 }
43 }
44
45 /*
46 * smb_idmap_getsid
47 *
48 * Tries to get a mapping for the given uid/gid
49 */
50 idmap_stat
smb_idmap_getsid(uid_t id,int idtype,smb_sid_t ** sid)51 smb_idmap_getsid(uid_t id, int idtype, smb_sid_t **sid)
52 {
53 smb_idmap_batch_t sib;
54 idmap_stat stat;
55
56 stat = smb_idmap_batch_create(&sib, 1, SMB_IDMAP_ID2SID);
57 if (stat != IDMAP_SUCCESS)
58 return (stat);
59
60 stat = smb_idmap_batch_getsid(sib.sib_idmaph, &sib.sib_maps[0],
61 id, idtype);
62
63 if (stat != IDMAP_SUCCESS) {
64 smb_idmap_batch_destroy(&sib);
65 return (stat);
66 }
67
68 stat = smb_idmap_batch_getmappings(&sib);
69
70 if (stat != IDMAP_SUCCESS) {
71 smb_idmap_batch_destroy(&sib);
72 return (stat);
73 }
74
75 *sid = smb_sid_dup(sib.sib_maps[0].sim_sid);
76
77 smb_idmap_batch_destroy(&sib);
78
79 return (IDMAP_SUCCESS);
80 }
81
82 /*
83 * smb_idmap_getid
84 *
85 * Tries to get a mapping for the given SID
86 */
87 idmap_stat
smb_idmap_getid(smb_sid_t * sid,uid_t * id,int * id_type)88 smb_idmap_getid(smb_sid_t *sid, uid_t *id, int *id_type)
89 {
90 smb_idmap_batch_t sib;
91 smb_idmap_t *sim;
92 idmap_stat stat;
93
94 stat = smb_idmap_batch_create(&sib, 1, SMB_IDMAP_SID2ID);
95 if (stat != IDMAP_SUCCESS)
96 return (stat);
97
98 sim = &sib.sib_maps[0];
99 sim->sim_id = id;
100 stat = smb_idmap_batch_getid(sib.sib_idmaph, sim, sid, *id_type);
101 if (stat != IDMAP_SUCCESS) {
102 smb_idmap_batch_destroy(&sib);
103 return (stat);
104 }
105
106 stat = smb_idmap_batch_getmappings(&sib);
107
108 if (stat != IDMAP_SUCCESS) {
109 smb_idmap_batch_destroy(&sib);
110 return (stat);
111 }
112
113 *id_type = sim->sim_idtype;
114 smb_idmap_batch_destroy(&sib);
115
116 return (IDMAP_SUCCESS);
117 }
118
119 /*
120 * smb_idmap_batch_create
121 *
122 * Creates and initializes the context for batch ID mapping.
123 */
124 idmap_stat
smb_idmap_batch_create(smb_idmap_batch_t * sib,uint16_t nmap,int flags)125 smb_idmap_batch_create(smb_idmap_batch_t *sib, uint16_t nmap, int flags)
126 {
127 idmap_stat stat;
128
129 if (!sib)
130 return (IDMAP_ERR_ARG);
131
132 bzero(sib, sizeof (smb_idmap_batch_t));
133 stat = idmap_get_create(&sib->sib_idmaph);
134
135 if (stat != IDMAP_SUCCESS) {
136 smb_idmap_check("idmap_get_create", stat);
137 return (stat);
138 }
139
140 sib->sib_flags = flags;
141 sib->sib_nmap = nmap;
142 sib->sib_size = nmap * sizeof (smb_idmap_t);
143 sib->sib_maps = malloc(sib->sib_size);
144 if (!sib->sib_maps)
145 return (IDMAP_ERR_MEMORY);
146
147 bzero(sib->sib_maps, sib->sib_size);
148 return (IDMAP_SUCCESS);
149 }
150
151 /*
152 * smb_idmap_batch_destroy
153 *
154 * Frees the batch ID mapping context.
155 */
156 void
smb_idmap_batch_destroy(smb_idmap_batch_t * sib)157 smb_idmap_batch_destroy(smb_idmap_batch_t *sib)
158 {
159 int i;
160
161 if (sib == NULL)
162 return;
163
164 if (sib->sib_idmaph) {
165 idmap_get_destroy(sib->sib_idmaph);
166 sib->sib_idmaph = NULL;
167 }
168
169 if (sib->sib_maps == NULL)
170 return;
171
172 if (sib->sib_flags & SMB_IDMAP_ID2SID) {
173 /*
174 * SIDs are allocated only when mapping
175 * UID/GID to SIDs
176 */
177 for (i = 0; i < sib->sib_nmap; i++)
178 smb_sid_free(sib->sib_maps[i].sim_sid);
179 }
180
181 if (sib->sib_size && sib->sib_maps) {
182 free(sib->sib_maps);
183 sib->sib_maps = NULL;
184 }
185 }
186
187 /*
188 * smb_idmap_batch_getid
189 *
190 * Queue a request to map the given SID to a UID or GID.
191 *
192 * sim->sim_id should point to variable that's supposed to
193 * hold the returned UID/GID. This needs to be setup by caller
194 * of this function.
195 * If requested ID type is known, it's passed as 'idtype',
196 * if it's unknown it'll be returned in sim->sim_idtype.
197 */
198 idmap_stat
smb_idmap_batch_getid(idmap_get_handle_t * idmaph,smb_idmap_t * sim,smb_sid_t * sid,int idtype)199 smb_idmap_batch_getid(idmap_get_handle_t *idmaph, smb_idmap_t *sim,
200 smb_sid_t *sid, int idtype)
201 {
202 char sidstr[SMB_SID_STRSZ];
203 smb_sid_t *tmpsid;
204 idmap_stat stat;
205 int flag = 0;
206
207 if (idmaph == NULL || sim == NULL || sid == NULL)
208 return (IDMAP_ERR_ARG);
209
210 if ((tmpsid = smb_sid_split(sid, &sim->sim_rid)) == NULL)
211 return (IDMAP_ERR_MEMORY);
212
213 smb_sid_tostr(tmpsid, sidstr);
214 sim->sim_domsid = sidstr;
215 sim->sim_idtype = idtype;
216 smb_sid_free(tmpsid);
217
218 switch (idtype) {
219 case SMB_IDMAP_USER:
220 stat = idmap_get_uidbysid(idmaph, sim->sim_domsid,
221 sim->sim_rid, flag, sim->sim_id, &sim->sim_stat);
222 smb_idmap_check("idmap_get_uidbysid", stat);
223 break;
224
225 case SMB_IDMAP_GROUP:
226 stat = idmap_get_gidbysid(idmaph, sim->sim_domsid,
227 sim->sim_rid, flag, sim->sim_id, &sim->sim_stat);
228 smb_idmap_check("idmap_get_gidbysid", stat);
229 break;
230
231 case SMB_IDMAP_UNKNOWN:
232 stat = idmap_get_pidbysid(idmaph, sim->sim_domsid,
233 sim->sim_rid, flag, sim->sim_id, &sim->sim_idtype,
234 &sim->sim_stat);
235 smb_idmap_check("idmap_get_pidbysid", stat);
236 break;
237
238 default:
239 return (IDMAP_ERR_ARG);
240 }
241
242 return (stat);
243 }
244
245 /*
246 * smb_idmap_batch_getsid
247 *
248 * Queue a request to map the given UID/GID to a SID.
249 *
250 * sim->sim_domsid and sim->sim_rid will contain the mapping
251 * result upon successful process of the batched request.
252 */
253 idmap_stat
smb_idmap_batch_getsid(idmap_get_handle_t * idmaph,smb_idmap_t * sim,uid_t id,int idtype)254 smb_idmap_batch_getsid(idmap_get_handle_t *idmaph, smb_idmap_t *sim,
255 uid_t id, int idtype)
256 {
257 idmap_stat stat;
258 int flag = 0;
259
260 if (!idmaph || !sim)
261 return (IDMAP_ERR_ARG);
262
263 switch (idtype) {
264 case SMB_IDMAP_USER:
265 stat = idmap_get_sidbyuid(idmaph, id, flag,
266 &sim->sim_domsid, &sim->sim_rid, &sim->sim_stat);
267 smb_idmap_check("idmap_get_sidbyuid", stat);
268 break;
269
270 case SMB_IDMAP_GROUP:
271 stat = idmap_get_sidbygid(idmaph, id, flag,
272 &sim->sim_domsid, &sim->sim_rid, &sim->sim_stat);
273 smb_idmap_check("idmap_get_sidbygid", stat);
274 break;
275
276 case SMB_IDMAP_OWNERAT:
277 /* Current Owner S-1-5-32-766 */
278 sim->sim_domsid = strdup(NT_BUILTIN_DOMAIN_SIDSTR);
279 sim->sim_rid = SECURITY_CURRENT_OWNER_RID;
280 sim->sim_stat = IDMAP_SUCCESS;
281 stat = IDMAP_SUCCESS;
282 break;
283
284 case SMB_IDMAP_GROUPAT:
285 /* Current Group S-1-5-32-767 */
286 sim->sim_domsid = strdup(NT_BUILTIN_DOMAIN_SIDSTR);
287 sim->sim_rid = SECURITY_CURRENT_GROUP_RID;
288 sim->sim_stat = IDMAP_SUCCESS;
289 stat = IDMAP_SUCCESS;
290 break;
291
292 case SMB_IDMAP_EVERYONE:
293 /* Everyone S-1-1-0 */
294 sim->sim_domsid = strdup(NT_WORLD_AUTH_SIDSTR);
295 sim->sim_rid = 0;
296 sim->sim_stat = IDMAP_SUCCESS;
297 stat = IDMAP_SUCCESS;
298 break;
299
300 default:
301 return (IDMAP_ERR_ARG);
302 }
303
304 return (stat);
305 }
306
307 /*
308 * smb_idmap_batch_getmappings
309 *
310 * trigger ID mapping service to get the mappings for queued
311 * requests.
312 *
313 * Checks the result of all the queued requests.
314 */
315 idmap_stat
smb_idmap_batch_getmappings(smb_idmap_batch_t * sib)316 smb_idmap_batch_getmappings(smb_idmap_batch_t *sib)
317 {
318 idmap_stat stat = IDMAP_SUCCESS;
319 smb_idmap_t *sim;
320 int i;
321
322 if ((stat = idmap_get_mappings(sib->sib_idmaph)) != IDMAP_SUCCESS) {
323 smb_idmap_check("idmap_get_mappings", stat);
324 return (stat);
325 }
326
327 /*
328 * Check the status for all the queued requests
329 */
330 for (i = 0, sim = sib->sib_maps; i < sib->sib_nmap; i++, sim++) {
331 if (sim->sim_stat != IDMAP_SUCCESS) {
332 if (sib->sib_flags == SMB_IDMAP_SID2ID) {
333 smb_tracef("[%d] %d (%d)", sim->sim_idtype,
334 sim->sim_rid, sim->sim_stat);
335 }
336 return (sim->sim_stat);
337 }
338 }
339
340 if (smb_idmap_batch_binsid(sib) != 0)
341 stat = IDMAP_ERR_OTHER;
342
343 return (stat);
344 }
345
346 /*
347 * smb_idmap_batch_binsid
348 *
349 * Convert sidrids to binary sids
350 *
351 * Returns 0 if successful and non-zero upon failure.
352 */
353 static int
smb_idmap_batch_binsid(smb_idmap_batch_t * sib)354 smb_idmap_batch_binsid(smb_idmap_batch_t *sib)
355 {
356 smb_sid_t *sid;
357 smb_idmap_t *sim;
358 int i;
359
360 if (sib->sib_flags & SMB_IDMAP_SID2ID)
361 /* This operation is not required */
362 return (0);
363
364 sim = sib->sib_maps;
365 for (i = 0; i < sib->sib_nmap; sim++, i++) {
366 if (sim->sim_domsid == NULL)
367 return (-1);
368
369 sid = smb_sid_fromstr(sim->sim_domsid);
370 free(sim->sim_domsid);
371 if (sid == NULL)
372 return (-1);
373
374 sim->sim_sid = smb_sid_splice(sid, sim->sim_rid);
375 free(sid);
376 }
377
378 return (0);
379 }
380