1da6c28aaSamw /*
2da6c28aaSamw * CDDL HEADER START
3da6c28aaSamw *
4da6c28aaSamw * The contents of this file are subject to the terms of the
5da6c28aaSamw * Common Development and Distribution License (the "License").
6da6c28aaSamw * You may not use this file except in compliance with the License.
7da6c28aaSamw *
8da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9da6c28aaSamw * or http://www.opensolaris.org/os/licensing.
10da6c28aaSamw * See the License for the specific language governing permissions
11da6c28aaSamw * and limitations under the License.
12da6c28aaSamw *
13da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each
14da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the
16da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying
17da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner]
18da6c28aaSamw *
19da6c28aaSamw * CDDL HEADER END
20da6c28aaSamw */
21da6c28aaSamw /*
22f96bd5c8SAlan Wright * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23da6c28aaSamw * Use is subject to license terms.
24da6c28aaSamw */
25da6c28aaSamw
266537f381Sas200622 #include <stdlib.h>
27da6c28aaSamw #include <string.h>
28da6c28aaSamw #include <synch.h>
2989dc44ceSjose borrego #include <smbsrv/libsmb.h>
30da6c28aaSamw
3189dc44ceSjose borrego static char *wka_nbdomain[] = {
3289dc44ceSjose borrego "",
3389dc44ceSjose borrego "NT Pseudo Domain",
3489dc44ceSjose borrego "NT Authority",
3589dc44ceSjose borrego "Builtin",
3629bd2886SAlan Wright "Internet$"
3789dc44ceSjose borrego };
3889dc44ceSjose borrego
39da6c28aaSamw /*
4089dc44ceSjose borrego * Predefined well known accounts table
41da6c28aaSamw */
426537f381Sas200622 static smb_wka_t wka_tbl[] = {
4389dc44ceSjose borrego { 0, "S-1-0-0", "Null",
4489dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
4589dc44ceSjose borrego { 0, "S-1-1-0", "Everyone",
4689dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
4789dc44ceSjose borrego { 0, "S-1-2-0", "Local",
4889dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
4989dc44ceSjose borrego { 0, "S-1-3-0", "Creator Owner",
5089dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
5189dc44ceSjose borrego { 0, "S-1-3-1", "Creator Group",
5289dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
5389dc44ceSjose borrego { 0, "S-1-3-2", "Creator Owner Server",
5489dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
5589dc44ceSjose borrego { 0, "S-1-3-3", "Creator Group Server",
5689dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
5789dc44ceSjose borrego { 0, "S-1-3-4", "Owner Rights",
5889dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
59f96bd5c8SAlan Wright { 0, "S-1-3-5", "Group Rights",
60f96bd5c8SAlan Wright SidTypeWellKnownGroup, 0, NULL, NULL },
6189dc44ceSjose borrego { 1, "S-1-5", "NT Pseudo Domain",
6289dc44ceSjose borrego SidTypeDomain, 0, NULL, NULL },
6389dc44ceSjose borrego { 2, "S-1-5-1", "Dialup",
6489dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
6589dc44ceSjose borrego { 2, "S-1-5-2", "Network",
6689dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
6789dc44ceSjose borrego { 2, "S-1-5-3", "Batch",
6889dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
6989dc44ceSjose borrego { 2, "S-1-5-4", "Interactive",
7089dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
7189dc44ceSjose borrego { 2, "S-1-5-6", "Service",
7289dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
7389dc44ceSjose borrego { 2, "S-1-5-7", "Anonymous",
7489dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
7589dc44ceSjose borrego { 2, "S-1-5-8", "Proxy",
7689dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
7789dc44ceSjose borrego { 2, "S-1-5-9", "Enterprise Domain Controllers",
7889dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
7989dc44ceSjose borrego { 2, "S-1-5-10", "Self",
8089dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
8189dc44ceSjose borrego { 2, "S-1-5-11", "Authenticated Users",
8289dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
8389dc44ceSjose borrego { 2, "S-1-5-12", "Restricted",
8489dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
8589dc44ceSjose borrego { 2, "S-1-5-13", "Terminal Server User",
8689dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
8789dc44ceSjose borrego { 2, "S-1-5-14", "Remote Interactive Logon",
8889dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
8989dc44ceSjose borrego { 2, "S-1-5-15", "This Organization",
9089dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
9189dc44ceSjose borrego { 2, "S-1-5-18", "System",
9289dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
9389dc44ceSjose borrego { 2, "S-1-5-19", "Local Service",
9489dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
9589dc44ceSjose borrego { 2, "S-1-5-20", "Network Service",
9689dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
9789dc44ceSjose borrego { 2, "S-1-5-33", "Write Restricted",
9889dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
9989dc44ceSjose borrego { 2, "S-1-5-1000", "Other Organization",
10089dc44ceSjose borrego SidTypeWellKnownGroup, 0, NULL, NULL },
10189dc44ceSjose borrego { 3, "S-1-5-32", "Builtin",
10289dc44ceSjose borrego SidTypeDomain, 0, NULL, NULL },
10389dc44ceSjose borrego { 4, "S-1-7", "Internet$",
10489dc44ceSjose borrego SidTypeDomain, 0, NULL, NULL },
10589dc44ceSjose borrego
10689dc44ceSjose borrego { 3, "S-1-5-32-544", "Administrators", SidTypeAlias,
1076537f381Sas200622 SMB_WKAFLG_LGRP_ENABLE,
1086537f381Sas200622 "Members can fully administer the computer/domain", NULL },
10989dc44ceSjose borrego { 3, "S-1-5-32-545", "Users",
11089dc44ceSjose borrego SidTypeAlias, 0, NULL, NULL },
11189dc44ceSjose borrego { 3, "S-1-5-32-546", "Guests",
11289dc44ceSjose borrego SidTypeAlias, 0, NULL, NULL },
11389dc44ceSjose borrego { 3, "S-1-5-32-547", "Power Users", SidTypeAlias,
1146537f381Sas200622 SMB_WKAFLG_LGRP_ENABLE, "Members can share directories", NULL },
11589dc44ceSjose borrego { 3, "S-1-5-32-548", "Account Operators",
11689dc44ceSjose borrego SidTypeAlias, 0, NULL, NULL },
11789dc44ceSjose borrego { 3, "S-1-5-32-549", "Server Operators",
11889dc44ceSjose borrego SidTypeAlias, 0, NULL, NULL },
11989dc44ceSjose borrego { 3, "S-1-5-32-550", "Print Operators",
12089dc44ceSjose borrego SidTypeAlias, 0, NULL, NULL },
12189dc44ceSjose borrego { 3, "S-1-5-32-551", "Backup Operators", SidTypeAlias,
1226537f381Sas200622 SMB_WKAFLG_LGRP_ENABLE,
1236537f381Sas200622 "Members can bypass file security to back up files", NULL },
12489dc44ceSjose borrego { 3, "S-1-5-32-552", "Replicator",
125f96bd5c8SAlan Wright SidTypeAlias, 0, NULL, NULL },
126f96bd5c8SAlan Wright { 3, "S-1-5-32-766", "Current Owner",
127f96bd5c8SAlan Wright SidTypeAlias, 0, NULL, NULL },
128f96bd5c8SAlan Wright { 3, "S-1-5-32-767", "Current Group",
129f96bd5c8SAlan Wright SidTypeAlias, 0, NULL, NULL },
130da6c28aaSamw };
131da6c28aaSamw
1326537f381Sas200622 #define SMB_WKA_NUM (sizeof (wka_tbl)/sizeof (wka_tbl[0]))
133da6c28aaSamw
134*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States static int smb_wka_init(void);
135*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States static void smb_wka_fini(void);
136*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
137da6c28aaSamw /*
1387f667e74Sjose borrego * Looks up well known accounts table for the given SID.
1397f667e74Sjose borrego * Upon success returns a pointer to the account entry in
1407f667e74Sjose borrego * the table, otherwise returns NULL.
141da6c28aaSamw */
1426537f381Sas200622 smb_wka_t *
smb_wka_lookup_sid(smb_sid_t * sid)1437f667e74Sjose borrego smb_wka_lookup_sid(smb_sid_t *sid)
144da6c28aaSamw {
1456537f381Sas200622 smb_wka_t *entry;
146da6c28aaSamw int i;
147da6c28aaSamw
148*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (!smb_wka_init())
149*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (NULL);
1507f667e74Sjose borrego
1516537f381Sas200622 for (i = 0; i < SMB_WKA_NUM; ++i) {
1526537f381Sas200622 entry = &wka_tbl[i];
153*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
154*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (entry->wka_binsid == NULL)
155*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (NULL);
156*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
157*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (smb_sid_cmp(sid, entry->wka_binsid))
158da6c28aaSamw return (entry);
159da6c28aaSamw }
160da6c28aaSamw
1616537f381Sas200622 return (NULL);
162da6c28aaSamw }
163da6c28aaSamw
164da6c28aaSamw /*
1657f667e74Sjose borrego * Looks up well known accounts table for the given name.
1667f667e74Sjose borrego * Upon success returns a pointer to the binary SID of the
1677f667e74Sjose borrego * entry, otherwise returns NULL.
168da6c28aaSamw */
1697f667e74Sjose borrego smb_sid_t *
smb_wka_get_sid(const char * name)170f96bd5c8SAlan Wright smb_wka_get_sid(const char *name)
171da6c28aaSamw {
1727f667e74Sjose borrego smb_wka_t *entry;
1737f667e74Sjose borrego smb_sid_t *sid = NULL;
174da6c28aaSamw
175*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (!smb_wka_init())
176*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (NULL);
177*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
1787f667e74Sjose borrego if ((entry = smb_wka_lookup_name(name)) != NULL)
1797f667e74Sjose borrego sid = entry->wka_binsid;
180da6c28aaSamw
1817f667e74Sjose borrego return (sid);
182da6c28aaSamw }
183da6c28aaSamw
184da6c28aaSamw /*
1857f667e74Sjose borrego * Looks up well known accounts table for the given name.
1867f667e74Sjose borrego * Upon success returns a pointer to the account entry in
1877f667e74Sjose borrego * the table, otherwise returns NULL.
188da6c28aaSamw */
1897f667e74Sjose borrego smb_wka_t *
smb_wka_lookup_name(const char * name)190f96bd5c8SAlan Wright smb_wka_lookup_name(const char *name)
191da6c28aaSamw {
1926537f381Sas200622 smb_wka_t *entry;
193da6c28aaSamw int i;
194da6c28aaSamw
1956537f381Sas200622 for (i = 0; i < SMB_WKA_NUM; ++i) {
1966537f381Sas200622 entry = &wka_tbl[i];
197*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
198*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (!smb_strcasecmp(name, entry->wka_name, 0))
1997f667e74Sjose borrego return (entry);
2007f667e74Sjose borrego }
201da6c28aaSamw
2026537f381Sas200622 return (NULL);
203da6c28aaSamw }
204da6c28aaSamw
205da6c28aaSamw /*
206f96bd5c8SAlan Wright * Lookup a name in the BUILTIN domain.
207f96bd5c8SAlan Wright */
208f96bd5c8SAlan Wright smb_wka_t *
smb_wka_lookup_builtin(const char * name)209f96bd5c8SAlan Wright smb_wka_lookup_builtin(const char *name)
210f96bd5c8SAlan Wright {
211f96bd5c8SAlan Wright smb_wka_t *entry;
212f96bd5c8SAlan Wright int i;
213f96bd5c8SAlan Wright
214f96bd5c8SAlan Wright for (i = 0; i < SMB_WKA_NUM; ++i) {
215f96bd5c8SAlan Wright entry = &wka_tbl[i];
216f96bd5c8SAlan Wright
217f96bd5c8SAlan Wright if (entry->wka_domidx != 3)
218f96bd5c8SAlan Wright continue;
219f96bd5c8SAlan Wright
220*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (!smb_strcasecmp(name, entry->wka_name, 0))
221f96bd5c8SAlan Wright return (entry);
222f96bd5c8SAlan Wright }
223f96bd5c8SAlan Wright
224f96bd5c8SAlan Wright return (NULL);
225f96bd5c8SAlan Wright }
226f96bd5c8SAlan Wright
227f96bd5c8SAlan Wright /*
22889dc44ceSjose borrego * Returns the Netbios domain name for the given index
22989dc44ceSjose borrego */
23089dc44ceSjose borrego char *
smb_wka_get_domain(int idx)23189dc44ceSjose borrego smb_wka_get_domain(int idx)
23289dc44ceSjose borrego {
23389dc44ceSjose borrego if ((idx >= 0) && (idx < SMB_WKA_NUM))
23489dc44ceSjose borrego return (wka_nbdomain[idx]);
23589dc44ceSjose borrego
23689dc44ceSjose borrego return (NULL);
23789dc44ceSjose borrego }
23889dc44ceSjose borrego
23929bd2886SAlan Wright /*
24029bd2886SAlan Wright * This function adds well known groups to groups in a user's
24129bd2886SAlan Wright * access token (gids).
24229bd2886SAlan Wright *
24329bd2886SAlan Wright * "Network" SID is added for all users connecting over CIFS.
24429bd2886SAlan Wright *
24529bd2886SAlan Wright * "Authenticated Users" SID is added for all users except Guest
24629bd2886SAlan Wright * and Anonymous.
24729bd2886SAlan Wright *
24829bd2886SAlan Wright * "Guests" SID is added for guest users and Administrators SID
24929bd2886SAlan Wright * is added for admin users.
25029bd2886SAlan Wright */
2517f667e74Sjose borrego uint32_t
smb_wka_token_groups(uint32_t flags,smb_ids_t * gids)25229bd2886SAlan Wright smb_wka_token_groups(uint32_t flags, smb_ids_t *gids)
2537f667e74Sjose borrego {
2547f667e74Sjose borrego smb_id_t *id;
2557f667e74Sjose borrego int total_cnt;
2567f667e74Sjose borrego
25729bd2886SAlan Wright total_cnt = gids->i_cnt + 3;
2587f667e74Sjose borrego
2597f667e74Sjose borrego gids->i_ids = realloc(gids->i_ids, total_cnt * sizeof (smb_id_t));
2607f667e74Sjose borrego if (gids->i_ids == NULL)
2617f667e74Sjose borrego return (NT_STATUS_NO_MEMORY);
2627f667e74Sjose borrego
2637f667e74Sjose borrego id = gids->i_ids + gids->i_cnt;
26429bd2886SAlan Wright id->i_sid = smb_sid_dup(smb_wka_get_sid("Network"));
2657f667e74Sjose borrego id->i_attrs = 0x7;
2667f667e74Sjose borrego if (id->i_sid == NULL)
2677f667e74Sjose borrego return (NT_STATUS_NO_MEMORY);
26829bd2886SAlan Wright id++;
26929bd2886SAlan Wright gids->i_cnt++;
27029bd2886SAlan Wright
27129bd2886SAlan Wright if ((flags & SMB_ATF_ANON) == 0) {
27229bd2886SAlan Wright if (flags & SMB_ATF_GUEST)
27329bd2886SAlan Wright id->i_sid = smb_sid_dup(smb_wka_get_sid("Guests"));
27429bd2886SAlan Wright else
27529bd2886SAlan Wright id->i_sid =
27629bd2886SAlan Wright smb_sid_dup(smb_wka_get_sid("Authenticated Users"));
27729bd2886SAlan Wright id->i_attrs = 0x7;
27829bd2886SAlan Wright if (id->i_sid == NULL)
27929bd2886SAlan Wright return (NT_STATUS_NO_MEMORY);
28029bd2886SAlan Wright id++;
28129bd2886SAlan Wright gids->i_cnt++;
28229bd2886SAlan Wright }
28329bd2886SAlan Wright
28429bd2886SAlan Wright if (flags & SMB_ATF_ADMIN) {
28529bd2886SAlan Wright id->i_sid = smb_sid_dup(smb_wka_get_sid("Administrators"));
28629bd2886SAlan Wright id->i_attrs = 0x7;
28729bd2886SAlan Wright if (id->i_sid == NULL)
28829bd2886SAlan Wright return (NT_STATUS_NO_MEMORY);
28929bd2886SAlan Wright gids->i_cnt++;
2907f667e74Sjose borrego }
2917f667e74Sjose borrego
2927f667e74Sjose borrego return (NT_STATUS_SUCCESS);
2937f667e74Sjose borrego }
2947f667e74Sjose borrego
29589dc44ceSjose borrego /*
296*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * Generate binary SIDs from the string SIDs for the well-known
297*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * accounts table. Callers MUST not free the binary SID pointer.
298da6c28aaSamw */
299*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States static int
smb_wka_init(void)3006537f381Sas200622 smb_wka_init(void)
301da6c28aaSamw {
302*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States static boolean_t wka_init = B_FALSE;
303*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States static mutex_t wka_mutex;
3046537f381Sas200622 smb_wka_t *entry;
305da6c28aaSamw int i;
306da6c28aaSamw
307*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States (void) mutex_lock(&wka_mutex);
308*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (wka_init) {
309*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States (void) mutex_unlock(&wka_mutex);
310*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (B_TRUE);
311da6c28aaSamw }
312da6c28aaSamw
3136537f381Sas200622 for (i = 0; i < SMB_WKA_NUM; ++i) {
3146537f381Sas200622 entry = &wka_tbl[i];
315*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
3166537f381Sas200622 entry->wka_binsid = smb_sid_fromstr(entry->wka_sid);
3176537f381Sas200622 if (entry->wka_binsid == NULL) {
3186537f381Sas200622 smb_wka_fini();
319*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States (void) mutex_unlock(&wka_mutex);
320*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (B_FALSE);
321da6c28aaSamw }
322da6c28aaSamw }
323da6c28aaSamw
324*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States wka_init = B_TRUE;
325*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States (void) mutex_unlock(&wka_mutex);
326*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (B_TRUE);
327da6c28aaSamw }
328da6c28aaSamw
329*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States /*
330*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * Private cleanup for smb_wka_init.
331*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States */
332*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States static void
smb_wka_fini(void)3336537f381Sas200622 smb_wka_fini(void)
334da6c28aaSamw {
335da6c28aaSamw int i;
336da6c28aaSamw
3376537f381Sas200622 for (i = 0; i < SMB_WKA_NUM; ++i) {
3386537f381Sas200622 if (wka_tbl[i].wka_binsid) {
3396537f381Sas200622 free(wka_tbl[i].wka_binsid);
3406537f381Sas200622 wka_tbl[i].wka_binsid = NULL;
341da6c28aaSamw }
342da6c28aaSamw }
343da6c28aaSamw }
344