dmake: do not set MAKEFLAGS=k
[unleashed/tickless.git] / usr / src / lib / smbsrv / libsmb / common / smb_wksids.c
blobfeeafd38f1db371376315fdcb9ac1a1e16e21fed
1 /*
2 * CDDL HEADER START
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
19 * CDDL HEADER END
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
26 #include <stdlib.h>
27 #include <string.h>
28 #include <synch.h>
29 #include <smbsrv/libsmb.h>
31 static char *wka_nbdomain[] = {
32 "",
33 "NT Pseudo Domain",
34 "NT Authority",
35 "Builtin",
36 "Internet$"
40 * Predefined well known accounts table
42 static smb_wka_t wka_tbl[] = {
43 { 0, "S-1-0-0", "Null",
44 SidTypeWellKnownGroup, 0, NULL, NULL },
45 { 0, "S-1-1-0", "Everyone",
46 SidTypeWellKnownGroup, 0, NULL, NULL },
47 { 0, "S-1-2-0", "Local",
48 SidTypeWellKnownGroup, 0, NULL, NULL },
49 { 0, "S-1-3-0", "Creator Owner",
50 SidTypeWellKnownGroup, 0, NULL, NULL },
51 { 0, "S-1-3-1", "Creator Group",
52 SidTypeWellKnownGroup, 0, NULL, NULL },
53 { 0, "S-1-3-2", "Creator Owner Server",
54 SidTypeWellKnownGroup, 0, NULL, NULL },
55 { 0, "S-1-3-3", "Creator Group Server",
56 SidTypeWellKnownGroup, 0, NULL, NULL },
57 { 0, "S-1-3-4", "Owner Rights",
58 SidTypeWellKnownGroup, 0, NULL, NULL },
59 { 0, "S-1-3-5", "Group Rights",
60 SidTypeWellKnownGroup, 0, NULL, NULL },
61 { 1, "S-1-5", "NT Pseudo Domain",
62 SidTypeDomain, 0, NULL, NULL },
63 { 2, "S-1-5-1", "Dialup",
64 SidTypeWellKnownGroup, 0, NULL, NULL },
65 { 2, "S-1-5-2", "Network",
66 SidTypeWellKnownGroup, 0, NULL, NULL },
67 { 2, "S-1-5-3", "Batch",
68 SidTypeWellKnownGroup, 0, NULL, NULL },
69 { 2, "S-1-5-4", "Interactive",
70 SidTypeWellKnownGroup, 0, NULL, NULL },
71 { 2, "S-1-5-6", "Service",
72 SidTypeWellKnownGroup, 0, NULL, NULL },
73 { 2, "S-1-5-7", "Anonymous",
74 SidTypeWellKnownGroup, 0, NULL, NULL },
75 { 2, "S-1-5-8", "Proxy",
76 SidTypeWellKnownGroup, 0, NULL, NULL },
77 { 2, "S-1-5-9", "Enterprise Domain Controllers",
78 SidTypeWellKnownGroup, 0, NULL, NULL },
79 { 2, "S-1-5-10", "Self",
80 SidTypeWellKnownGroup, 0, NULL, NULL },
81 { 2, "S-1-5-11", "Authenticated Users",
82 SidTypeWellKnownGroup, 0, NULL, NULL },
83 { 2, "S-1-5-12", "Restricted",
84 SidTypeWellKnownGroup, 0, NULL, NULL },
85 { 2, "S-1-5-13", "Terminal Server User",
86 SidTypeWellKnownGroup, 0, NULL, NULL },
87 { 2, "S-1-5-14", "Remote Interactive Logon",
88 SidTypeWellKnownGroup, 0, NULL, NULL },
89 { 2, "S-1-5-15", "This Organization",
90 SidTypeWellKnownGroup, 0, NULL, NULL },
91 { 2, "S-1-5-18", "System",
92 SidTypeWellKnownGroup, 0, NULL, NULL },
93 { 2, "S-1-5-19", "Local Service",
94 SidTypeWellKnownGroup, 0, NULL, NULL },
95 { 2, "S-1-5-20", "Network Service",
96 SidTypeWellKnownGroup, 0, NULL, NULL },
97 { 2, "S-1-5-33", "Write Restricted",
98 SidTypeWellKnownGroup, 0, NULL, NULL },
99 { 2, "S-1-5-1000", "Other Organization",
100 SidTypeWellKnownGroup, 0, NULL, NULL },
101 { 3, "S-1-5-32", "Builtin",
102 SidTypeDomain, 0, NULL, NULL },
103 { 4, "S-1-7", "Internet$",
104 SidTypeDomain, 0, NULL, NULL },
106 { 3, "S-1-5-32-544", "Administrators", SidTypeAlias,
107 SMB_WKAFLG_LGRP_ENABLE,
108 "Members can fully administer the computer/domain", NULL },
109 { 3, "S-1-5-32-545", "Users",
110 SidTypeAlias, 0, NULL, NULL },
111 { 3, "S-1-5-32-546", "Guests",
112 SidTypeAlias, 0, NULL, NULL },
113 { 3, "S-1-5-32-547", "Power Users", SidTypeAlias,
114 SMB_WKAFLG_LGRP_ENABLE, "Members can share directories", NULL },
115 { 3, "S-1-5-32-548", "Account Operators",
116 SidTypeAlias, 0, NULL, NULL },
117 { 3, "S-1-5-32-549", "Server Operators",
118 SidTypeAlias, 0, NULL, NULL },
119 { 3, "S-1-5-32-550", "Print Operators",
120 SidTypeAlias, 0, NULL, NULL },
121 { 3, "S-1-5-32-551", "Backup Operators", SidTypeAlias,
122 SMB_WKAFLG_LGRP_ENABLE,
123 "Members can bypass file security to back up files", NULL },
124 { 3, "S-1-5-32-552", "Replicator",
125 SidTypeAlias, 0, NULL, NULL },
126 { 3, "S-1-5-32-766", "Current Owner",
127 SidTypeAlias, 0, NULL, NULL },
128 { 3, "S-1-5-32-767", "Current Group",
129 SidTypeAlias, 0, NULL, NULL },
132 #define SMB_WKA_NUM (sizeof (wka_tbl)/sizeof (wka_tbl[0]))
134 static int smb_wka_init(void);
135 static void smb_wka_fini(void);
138 * Looks up well known accounts table for the given SID.
139 * Upon success returns a pointer to the account entry in
140 * the table, otherwise returns NULL.
142 smb_wka_t *
143 smb_wka_lookup_sid(smb_sid_t *sid)
145 smb_wka_t *entry;
146 int i;
148 if (!smb_wka_init())
149 return (NULL);
151 for (i = 0; i < SMB_WKA_NUM; ++i) {
152 entry = &wka_tbl[i];
154 if (entry->wka_binsid == NULL)
155 return (NULL);
157 if (smb_sid_cmp(sid, entry->wka_binsid))
158 return (entry);
161 return (NULL);
165 * Looks up well known accounts table for the given name.
166 * Upon success returns a pointer to the binary SID of the
167 * entry, otherwise returns NULL.
169 smb_sid_t *
170 smb_wka_get_sid(const char *name)
172 smb_wka_t *entry;
173 smb_sid_t *sid = NULL;
175 if (!smb_wka_init())
176 return (NULL);
178 if ((entry = smb_wka_lookup_name(name)) != NULL)
179 sid = entry->wka_binsid;
181 return (sid);
185 * Looks up well known accounts table for the given name.
186 * Upon success returns a pointer to the account entry in
187 * the table, otherwise returns NULL.
189 smb_wka_t *
190 smb_wka_lookup_name(const char *name)
192 smb_wka_t *entry;
193 int i;
195 for (i = 0; i < SMB_WKA_NUM; ++i) {
196 entry = &wka_tbl[i];
198 if (!smb_strcasecmp(name, entry->wka_name, 0))
199 return (entry);
202 return (NULL);
206 * Lookup a name in the BUILTIN domain.
208 smb_wka_t *
209 smb_wka_lookup_builtin(const char *name)
211 smb_wka_t *entry;
212 int i;
214 for (i = 0; i < SMB_WKA_NUM; ++i) {
215 entry = &wka_tbl[i];
217 if (entry->wka_domidx != 3)
218 continue;
220 if (!smb_strcasecmp(name, entry->wka_name, 0))
221 return (entry);
224 return (NULL);
228 * Returns the Netbios domain name for the given index
230 char *
231 smb_wka_get_domain(int idx)
233 if ((idx >= 0) && (idx < SMB_WKA_NUM))
234 return (wka_nbdomain[idx]);
236 return (NULL);
240 * This function adds well known groups to groups in a user's
241 * access token (gids).
243 * "Network" SID is added for all users connecting over CIFS.
245 * "Authenticated Users" SID is added for all users except Guest
246 * and Anonymous.
248 * "Guests" SID is added for guest users and Administrators SID
249 * is added for admin users.
251 uint32_t
252 smb_wka_token_groups(uint32_t flags, smb_ids_t *gids)
254 smb_id_t *id;
255 int total_cnt;
257 total_cnt = gids->i_cnt + 3;
259 gids->i_ids = reallocarray(gids->i_ids, total_cnt, sizeof (smb_id_t));
260 if (gids->i_ids == NULL)
261 return (NT_STATUS_NO_MEMORY);
263 id = gids->i_ids + gids->i_cnt;
264 id->i_sid = smb_sid_dup(smb_wka_get_sid("Network"));
265 id->i_attrs = 0x7;
266 if (id->i_sid == NULL)
267 return (NT_STATUS_NO_MEMORY);
268 id++;
269 gids->i_cnt++;
271 if ((flags & SMB_ATF_ANON) == 0) {
272 if (flags & SMB_ATF_GUEST)
273 id->i_sid = smb_sid_dup(smb_wka_get_sid("Guests"));
274 else
275 id->i_sid =
276 smb_sid_dup(smb_wka_get_sid("Authenticated Users"));
277 id->i_attrs = 0x7;
278 if (id->i_sid == NULL)
279 return (NT_STATUS_NO_MEMORY);
280 id++;
281 gids->i_cnt++;
284 if (flags & SMB_ATF_ADMIN) {
285 id->i_sid = smb_sid_dup(smb_wka_get_sid("Administrators"));
286 id->i_attrs = 0x7;
287 if (id->i_sid == NULL)
288 return (NT_STATUS_NO_MEMORY);
289 gids->i_cnt++;
292 return (NT_STATUS_SUCCESS);
296 * Generate binary SIDs from the string SIDs for the well-known
297 * accounts table. Callers MUST not free the binary SID pointer.
299 static int
300 smb_wka_init(void)
302 static boolean_t wka_init = B_FALSE;
303 static mutex_t wka_mutex;
304 smb_wka_t *entry;
305 int i;
307 (void) mutex_lock(&wka_mutex);
308 if (wka_init) {
309 (void) mutex_unlock(&wka_mutex);
310 return (B_TRUE);
313 for (i = 0; i < SMB_WKA_NUM; ++i) {
314 entry = &wka_tbl[i];
316 entry->wka_binsid = smb_sid_fromstr(entry->wka_sid);
317 if (entry->wka_binsid == NULL) {
318 smb_wka_fini();
319 (void) mutex_unlock(&wka_mutex);
320 return (B_FALSE);
324 wka_init = B_TRUE;
325 (void) mutex_unlock(&wka_mutex);
326 return (B_TRUE);
330 * Private cleanup for smb_wka_init.
332 static void
333 smb_wka_fini(void)
335 int i;
337 for (i = 0; i < SMB_WKA_NUM; ++i) {
338 if (wka_tbl[i].wka_binsid) {
339 free(wka_tbl[i].wka_binsid);
340 wka_tbl[i].wka_binsid = NULL;