fksmb_idmap.c revision b819cea2f73f98c5662230cc9affc8cc84f77fcf
1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
24 */
25
26/*
27 * SMB server interface to idmap
28 * (smb_idmap_get..., smb_idmap_batch_...)
29 *
30 * There are three implementations of this interface:
31 *	uts/common/fs/smbsrv/smb_idmap.c (smbsrv kmod)
32 *	lib/smbsrv/libfksmbsrv/common/fksmb_idmap.c (libfksmbsrv)
33 *	lib/smbsrv/libsmb/common/smb_idmap.c (libsmb)
34 *
35 * There are enough differences (relative to the code size)
36 * that it's more trouble than it's worth to merge them.
37 *
38 * This one differs from the others in that it:
39 *	calls idmap interfaces (libidmap)
40 *	uses kmem_... interfaces (libfakekernel)
41 *	uses cmn_err instead of syslog, etc.
42 */
43
44#include <sys/param.h>
45#include <sys/types.h>
46
47#include <smbsrv/smb_kproto.h>
48#include <smbsrv/smb_idmap.h>
49
50static int smb_idmap_batch_binsid(smb_idmap_batch_t *sib);
51
52/*
53 * Report an idmap error.
54 */
55void
56smb_idmap_check(const char *s, idmap_stat stat)
57{
58	if (stat != IDMAP_SUCCESS) {
59		if (s == NULL)
60			s = "smb_idmap_check";
61
62		cmn_err(CE_NOTE, "%s: %d", s, (int)stat);
63	}
64}
65
66/*
67 * smb_idmap_getsid
68 *
69 * Tries to get a mapping for the given uid/gid
70 * Allocates ->sim_domsid
71 */
72idmap_stat
73smb_idmap_getsid(uid_t id, int idtype, smb_sid_t **sid)
74{
75	smb_idmap_batch_t sib;
76	idmap_stat stat;
77
78	stat = smb_idmap_batch_create(&sib, 1, SMB_IDMAP_ID2SID);
79	if (stat != IDMAP_SUCCESS)
80		return (stat);
81
82	stat = smb_idmap_batch_getsid(sib.sib_idmaph, &sib.sib_maps[0],
83	    id, idtype);
84
85	if (stat != IDMAP_SUCCESS) {
86		smb_idmap_batch_destroy(&sib);
87		return (stat);
88	}
89
90	stat = smb_idmap_batch_getmappings(&sib);
91
92	if (stat != IDMAP_SUCCESS) {
93		smb_idmap_batch_destroy(&sib);
94		return (stat);
95	}
96
97	*sid = smb_sid_dup(sib.sib_maps[0].sim_sid);
98
99	smb_idmap_batch_destroy(&sib);
100
101	return (IDMAP_SUCCESS);
102}
103
104/*
105 * smb_idmap_getid
106 *
107 * Tries to get a mapping for the given SID
108 */
109idmap_stat
110smb_idmap_getid(smb_sid_t *sid, uid_t *id, int *id_type)
111{
112	smb_idmap_batch_t sib;
113	smb_idmap_t *sim;
114	idmap_stat stat;
115
116	stat = smb_idmap_batch_create(&sib, 1, SMB_IDMAP_SID2ID);
117	if (stat != IDMAP_SUCCESS)
118		return (stat);
119
120	sim = &sib.sib_maps[0];
121	sim->sim_id = id;
122	stat = smb_idmap_batch_getid(sib.sib_idmaph, sim, sid, *id_type);
123	if (stat != IDMAP_SUCCESS) {
124		smb_idmap_batch_destroy(&sib);
125		return (stat);
126	}
127
128	stat = smb_idmap_batch_getmappings(&sib);
129
130	if (stat != IDMAP_SUCCESS) {
131		smb_idmap_batch_destroy(&sib);
132		return (stat);
133	}
134
135	*id_type = sim->sim_idtype;
136	smb_idmap_batch_destroy(&sib);
137
138	return (IDMAP_SUCCESS);
139}
140
141/*
142 * smb_idmap_batch_create
143 *
144 * Creates and initializes the context for batch ID mapping.
145 */
146idmap_stat
147smb_idmap_batch_create(smb_idmap_batch_t *sib, uint16_t nmap, int flags)
148{
149	idmap_stat	stat;
150
151	if (!sib)
152		return (IDMAP_ERR_ARG);
153
154	bzero(sib, sizeof (smb_idmap_batch_t));
155	stat = idmap_get_create(&sib->sib_idmaph);
156
157	if (stat != IDMAP_SUCCESS) {
158		smb_idmap_check("idmap_get_create", stat);
159		return (stat);
160	}
161
162	sib->sib_flags = flags;
163	sib->sib_nmap = nmap;
164	sib->sib_size = nmap * sizeof (smb_idmap_t);
165	sib->sib_maps = kmem_zalloc(sib->sib_size, KM_SLEEP);
166
167	return (IDMAP_SUCCESS);
168}
169
170/*
171 * smb_idmap_batch_destroy
172 *
173 * Frees the batch ID mapping context.
174 */
175void
176smb_idmap_batch_destroy(smb_idmap_batch_t *sib)
177{
178	int i;
179
180	if (sib == NULL)
181		return;
182
183	if (sib->sib_idmaph) {
184		idmap_get_destroy(sib->sib_idmaph);
185		sib->sib_idmaph = NULL;
186	}
187
188	if (sib->sib_maps == NULL)
189		return;
190
191	if (sib->sib_flags & SMB_IDMAP_ID2SID) {
192		/*
193		 * SIDs are allocated only when mapping
194		 * UID/GID to SIDs
195		 */
196		for (i = 0; i < sib->sib_nmap; i++) {
197			smb_sid_free(sib->sib_maps[i].sim_sid);
198			/* from strdup() in libidmap */
199			free(sib->sib_maps[i].sim_domsid);
200		}
201	}
202
203	if (sib->sib_size && sib->sib_maps) {
204		kmem_free(sib->sib_maps, sib->sib_size);
205		sib->sib_maps = NULL;
206	}
207}
208
209/*
210 * smb_idmap_batch_getid
211 *
212 * Queue a request to map the given SID to a UID or GID.
213 *
214 * sim->sim_id should point to variable that's supposed to
215 * hold the returned UID/GID. This needs to be setup by caller
216 * of this function.
217 * If requested ID type is known, it's passed as 'idtype',
218 * if it's unknown it'll be returned in sim->sim_idtype.
219 */
220idmap_stat
221smb_idmap_batch_getid(idmap_get_handle_t *idmaph, smb_idmap_t *sim,
222    smb_sid_t *sid, int idtype)
223{
224	char sidstr[SMB_SID_STRSZ];
225	idmap_stat stat;
226	int flag = 0;
227
228	if (idmaph == NULL || sim == NULL || sid == NULL)
229		return (IDMAP_ERR_ARG);
230
231	smb_sid_tostr(sid, sidstr);
232	if (smb_sid_splitstr(sidstr, &sim->sim_rid) != 0)
233		return (IDMAP_ERR_SID);
234	sim->sim_domsid = sidstr;
235	sim->sim_idtype = idtype;
236
237	switch (idtype) {
238	case SMB_IDMAP_USER:
239		stat = idmap_get_uidbysid(idmaph, sim->sim_domsid,
240		    sim->sim_rid, flag, sim->sim_id, &sim->sim_stat);
241		smb_idmap_check("idmap_get_uidbysid", stat);
242		break;
243
244	case SMB_IDMAP_GROUP:
245		stat = idmap_get_gidbysid(idmaph, sim->sim_domsid,
246		    sim->sim_rid, flag, sim->sim_id, &sim->sim_stat);
247		smb_idmap_check("idmap_get_gidbysid", stat);
248		break;
249
250	case SMB_IDMAP_UNKNOWN:
251		stat = idmap_get_pidbysid(idmaph, sim->sim_domsid,
252		    sim->sim_rid, flag, sim->sim_id, &sim->sim_idtype,
253		    &sim->sim_stat);
254		smb_idmap_check("idmap_get_pidbysid", stat);
255		break;
256
257	default:
258		stat = IDMAP_ERR_ARG;
259		break;
260	}
261
262	/* This was copied by idmap_get_Xbysid. */
263	sim->sim_domsid = NULL;
264
265	return (stat);
266}
267
268/*
269 * smb_idmap_batch_getsid
270 *
271 * Queue a request to map the given UID/GID to a SID.
272 *
273 * sim->sim_domsid and sim->sim_rid will contain the mapping
274 * result upon successful process of the batched request.
275 * NB: sim_domsid allocated by strdup, here or in libidmap
276 */
277idmap_stat
278smb_idmap_batch_getsid(idmap_get_handle_t *idmaph, smb_idmap_t *sim,
279    uid_t id, int idtype)
280{
281	idmap_stat stat;
282	int flag = 0;
283
284	if (!idmaph || !sim)
285		return (IDMAP_ERR_ARG);
286
287	switch (idtype) {
288	case SMB_IDMAP_USER:
289		stat = idmap_get_sidbyuid(idmaph, id, flag,
290		    &sim->sim_domsid, &sim->sim_rid, &sim->sim_stat);
291		smb_idmap_check("idmap_get_sidbyuid", stat);
292		break;
293
294	case SMB_IDMAP_GROUP:
295		stat = idmap_get_sidbygid(idmaph, id, flag,
296		    &sim->sim_domsid, &sim->sim_rid, &sim->sim_stat);
297		smb_idmap_check("idmap_get_sidbygid", stat);
298		break;
299
300	case SMB_IDMAP_OWNERAT:
301		/* Current Owner S-1-5-32-766 */
302		sim->sim_domsid = strdup(NT_BUILTIN_DOMAIN_SIDSTR);
303		sim->sim_rid = SECURITY_CURRENT_OWNER_RID;
304		sim->sim_stat = IDMAP_SUCCESS;
305		stat = IDMAP_SUCCESS;
306		break;
307
308	case SMB_IDMAP_GROUPAT:
309		/* Current Group S-1-5-32-767 */
310		sim->sim_domsid = strdup(NT_BUILTIN_DOMAIN_SIDSTR);
311		sim->sim_rid = SECURITY_CURRENT_GROUP_RID;
312		sim->sim_stat = IDMAP_SUCCESS;
313		stat = IDMAP_SUCCESS;
314		break;
315
316	case SMB_IDMAP_EVERYONE:
317		/* Everyone S-1-1-0 */
318		sim->sim_domsid = strdup(NT_WORLD_AUTH_SIDSTR);
319		sim->sim_rid = 0;
320		sim->sim_stat = IDMAP_SUCCESS;
321		stat = IDMAP_SUCCESS;
322		break;
323
324	default:
325		return (IDMAP_ERR_ARG);
326	}
327
328	return (stat);
329}
330
331/*
332 * smb_idmap_batch_getmappings
333 *
334 * trigger ID mapping service to get the mappings for queued
335 * requests.
336 *
337 * Checks the result of all the queued requests.
338 */
339idmap_stat
340smb_idmap_batch_getmappings(smb_idmap_batch_t *sib)
341{
342	idmap_stat stat = IDMAP_SUCCESS;
343	smb_idmap_t *sim;
344	int i;
345
346	if ((stat = idmap_get_mappings(sib->sib_idmaph)) != IDMAP_SUCCESS) {
347		smb_idmap_check("idmap_get_mappings", stat);
348		return (stat);
349	}
350
351	/*
352	 * Check the status for all the queued requests
353	 */
354	for (i = 0, sim = sib->sib_maps; i < sib->sib_nmap; i++, sim++) {
355		if (sim->sim_stat != IDMAP_SUCCESS) {
356			if (sib->sib_flags == SMB_IDMAP_SID2ID) {
357				cmn_err(CE_NOTE, "[%d] %d (%d)",
358				    sim->sim_idtype,
359				    sim->sim_rid,
360				    sim->sim_stat);
361			}
362			return (sim->sim_stat);
363		}
364	}
365
366	if (smb_idmap_batch_binsid(sib) != 0)
367		stat = IDMAP_ERR_OTHER;
368
369	return (stat);
370}
371
372/*
373 * smb_idmap_batch_binsid
374 *
375 * Convert sidrids to binary sids
376 *
377 * Returns 0 if successful and non-zero upon failure.
378 */
379static int
380smb_idmap_batch_binsid(smb_idmap_batch_t *sib)
381{
382	smb_sid_t *sid;
383	smb_idmap_t *sim;
384	int i;
385
386	if (sib->sib_flags & SMB_IDMAP_SID2ID)
387		/* This operation is not required */
388		return (0);
389
390	sim = sib->sib_maps;
391	for (i = 0; i < sib->sib_nmap; sim++, i++) {
392		if (sim->sim_domsid == NULL)
393			return (-1);
394
395		sid = smb_sid_fromstr(sim->sim_domsid);
396		if (sid == NULL)
397			return (-1);
398
399		sim->sim_sid = smb_sid_splice(sid, sim->sim_rid);
400		smb_sid_free(sid);
401	}
402
403	return (0);
404}
405