[illumos-gate merge]

commit a5d83f5b2c771c419ad216ce0358fbeee032fc32
    9886 libresolv2: fix fallthrough in ns_sprintrrf()
commit 3f8dd771c0f9c6553982e4dbcc5c221b5dcf2489
    9887 pkinit_crypto_openssl.c: warnings from newer gcc
commit fdfb62c8fbf6e03ca943243b626360bede206f18
    9877 Want t_koptmgmt in kTLI
commit 437d9da7e4e3aac261d43f722ef702469f5550ce
    9872 SMB server does not accept username@hostname

6 files changed, 203 insertions, 32 deletions

diff --git a/usr/src/cmd/smbsrv/smbd/smbd_logon.c b/usr/src/cmd/smbsrv/smbd/smbd_logon.c
index fa7dae801b..ab6d4c2f7e 100644
--- a/usr/src/cmd/smbsrv/smbd/smbd_logon.c
+++ b/usr/src/cmd/smbsrv/smbd/smbd_logon.c
@@ -20,7 +20,7 @@
  */
 /*
  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
+ * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
  */
 
 #include <sys/types.h>
@@ -81,9 +81,9 @@ static smb_audit_t *smbd_audit_unlink(uint32_t);
 smb_token_t *
 smbd_user_auth_logon(smb_logon_t *user_info)
 {
-	smb_token_t *token;
+	smb_token_t *token = NULL;
 	smb_audit_t *entry;
-	adt_session_data_t *ah;
+	adt_session_data_t *ah = NULL;
 	adt_event_data_t *event;
 	smb_logon_t tmp_user;
 	au_tid_addr_t termid;
@@ -95,6 +95,8 @@ smbd_user_auth_logon(smb_logon_t *user_info)
 	char *sid;
 	int status;
 	int retval;
+	char *p;
+	char *buf = NULL;
 
 	if (user_info->lg_username == NULL ||
 	    user_info->lg_domain == NULL ||
@@ -109,7 +111,20 @@ smbd_user_auth_logon(smb_logon_t *user_info)
 	} else {
 		tmp_user.lg_e_username = tmp_user.lg_username;
 	}
-	tmp_user.lg_e_domain = tmp_user.lg_domain;
+
+	/* Handle user@domain format. */
+	if (tmp_user.lg_domain[0] == '\0' &&
+	    (p = strchr(tmp_user.lg_e_username, '@')) != NULL) {
+		buf = strdup(tmp_user.lg_e_username);
+		if (buf == NULL)
+			goto errout;
+		p = buf + (p - tmp_user.lg_e_username);
+		*p = '\0';
+		tmp_user.lg_e_domain = p + 1;
+		tmp_user.lg_e_username = buf;
+	} else {
+		tmp_user.lg_e_domain = tmp_user.lg_domain;
+	}
 
 	if ((token = smb_logon(&tmp_user)) == NULL) {
 		uid = ADT_NO_ATTRIB;
@@ -132,16 +147,13 @@ smbd_user_auth_logon(smb_logon_t *user_info)
 
 	if (adt_start_session(&ah, NULL, 0)) {
 		syslog(LOG_AUTH | LOG_ALERT, "adt_start_session: %m");
-		smb_token_destroy(token);
-		return (NULL);
+		goto errout;
 	}
 
 	if ((event = adt_alloc_event(ah, ADT_smbd_session)) == NULL) {
 		syslog(LOG_AUTH | LOG_ALERT,
 		    "adt_alloc_event(ADT_smbd_session): %m");
-		(void) adt_end_session(ah);
-		smb_token_destroy(token);
-		return (NULL);
+		goto errout;
 	}
 
 	(void) memset(&termid, 0, sizeof (au_tid_addr_t));
@@ -160,9 +172,7 @@ smbd_user_auth_logon(smb_logon_t *user_info)
 	if (adt_set_user(ah, uid, gid, uid, gid, NULL, ADT_NEW)) {
 		syslog(LOG_AUTH | LOG_ALERT, "adt_set_user: %m");
 		adt_free_event(event);
-		(void) adt_end_session(ah);
-		smb_token_destroy(token);
-		return (NULL);
+		goto errout;
 	}
 
 	event->adt_smbd_session.domain = domain;
@@ -177,9 +187,7 @@ smbd_user_auth_logon(smb_logon_t *user_info)
 	if (token) {
 		if ((entry = malloc(sizeof (smb_audit_t))) == NULL) {
 			syslog(LOG_ERR, "smbd_user_auth_logon: %m");
-			(void) adt_end_session(ah);
-			smb_token_destroy(token);
-			return (NULL);
+			goto errout;
 		}
 
 		entry->sa_handle = ah;
@@ -193,7 +201,15 @@ smbd_user_auth_logon(smb_logon_t *user_info)
 		token->tkn_audit_sid = entry->sa_audit_sid;
 	}
 
+	free(buf);
+
 	return (token);
+
+errout:
+	free(buf);
+	(void) adt_end_session(ah);
+	smb_token_destroy(token);
+	return (NULL);
 }
 
 /*
diff --git a/usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 3ae2f2a362..1dc79baa0a 100644
--- a/usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -1765,7 +1765,7 @@ cleanup:
 	free(enc_data);
     if (encerts != NULL)
 	sk_X509_free(encerts);
-	
+
     return retval;
 }
 
@@ -1911,7 +1911,7 @@ cms_envelopeddata_verify(krb5_context context,
 
     if (!retval)
 	pkiDebug("PKCS7 Verification Success\n");
-    else { 	
+    else {
 	pkiDebug("PKCS7 Verification Failure\n");
 	goto cleanup;
     }
@@ -2842,7 +2842,7 @@ pkinit_create_sequence_of_principal_identifiers(
 	    if (retval) {
 		pkiDebug("create_krb5_trustedCertifiers failed\n");
 		goto cleanup;
-    	    }
+	    }
 	    break;
 	case TD_INVALID_CERTIFICATES:
 	    retval = create_krb5_invalidCertificates(context, plg_cryptoctx,
@@ -2850,7 +2850,7 @@ pkinit_create_sequence_of_principal_identifiers(
 	    if (retval) {
 		pkiDebug("create_krb5_invalidCertificates failed\n");
 		goto cleanup;
-    	    }
+	    }
 	    break;
 	default:
 	    retval = -1;
@@ -3862,7 +3862,7 @@ pkinit_choose_tokens(krb5_context context,
 	} else {
             char *cp = reply.data;
             /* reply better be digits */
-            while (*cp != NULL) {
+            while (*cp != '\0') {
                 if (!isdigit(*cp++))
                     return (EINVAL);
             }
@@ -4106,7 +4106,7 @@ pkinit_open_session(krb5_context context,
     CK_SLOT_ID_PTR slotlist = NULL, tmpslotlist = NULL;
     CK_TOKEN_INFO tinfo;
     krb5_boolean tokenmatch = FALSE;
-    CK_SESSION_HANDLE tmpsession = NULL;
+    CK_SESSION_HANDLE tmpsession = CK_INVALID_HANDLE;
     struct _token_choices token_choices;
     int choice = 0;
 
@@ -4610,7 +4610,7 @@ pkinit_find_private_key(pkinit_identity_crypto_context id_cryptoctx,
 	cert = sk_X509_value(id_cryptoctx->my_certs, 0);
 	priv = X509_get_pubkey(cert);
 	if (priv == NULL) {
-    		pkiDebug("Failed to extract pub key from cert\n");
+		pkiDebug("Failed to extract pub key from cert\n");
 		return KRB5KDC_ERR_PREAUTH_FAILED;
 	}
 
@@ -5915,7 +5915,7 @@ crypto_cert_select(krb5_context context,
     if (cd->idctx->my_certs != NULL) {
 	sk_X509_pop_free(cd->idctx->my_certs, X509_free);
     }
-    cd->idctx->my_certs = sk_X509_new_null();	
+    cd->idctx->my_certs = sk_X509_new_null();
     sk_X509_push(cd->idctx->my_certs, cd->cred->cert);
     cd->idctx->creds[cd->index]->cert = NULL;	    /* Don't free it twice */
     cd->idctx->cert_index = 0;
@@ -5969,7 +5969,7 @@ crypto_cert_select_default(krb5_context context,
     if (id_cryptoctx->my_certs != NULL) {
 	sk_X509_pop_free(id_cryptoctx->my_certs, X509_free);
     }
-    id_cryptoctx->my_certs = sk_X509_new_null();	
+    id_cryptoctx->my_certs = sk_X509_new_null();
     sk_X509_push(id_cryptoctx->my_certs, id_cryptoctx->creds[0]->cert);
     id_cryptoctx->creds[0]->cert = NULL;	/* Don't free it twice */
     id_cryptoctx->cert_index = 0;
@@ -6311,7 +6311,7 @@ if (longhorn == 0) {	/* XXX Longhorn doesn't like this */
 		if ((p = krb5_cas[i]->subjectKeyIdentifier.data =
 			(unsigned char *)malloc((size_t) len)) == NULL)
 		    goto cleanup;
-		i2d_ASN1_OCTET_STRING(ikeyid, &p);		
+		i2d_ASN1_OCTET_STRING(ikeyid, &p);
 		krb5_cas[i]->subjectKeyIdentifier.length = len;
 	    }
 	    if (ikeyid != NULL)
@@ -6626,7 +6626,7 @@ pkinit_process_td_trusted_certifiers(
 		pkiDebug("#%d cert = %s is trusted by kdc\n", i, buf);
 	    else
 		pkiDebug("#%d cert = %s is invalid\n", i, buf);
-		sk_X509_NAME_push(sk_xn, xn);
+	    sk_X509_NAME_push(sk_xn, xn);
 	}
 
 	if (krb5_trusted_certifiers[i]->issuerAndSerialNumber.data != NULL) {
@@ -6736,7 +6736,6 @@ pkcs7_dataDecode(krb5_context context,
 		     PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
 	    goto cleanup;
 	}
-	
     }
 
     /* If we haven't got a certificate try each ri in turn */
diff --git a/usr/src/uts/common/Makefile.files b/usr/src/uts/common/Makefile.files
index c963c34ce4..942a28069b 100644
--- a/usr/src/uts/common/Makefile.files
+++ b/usr/src/uts/common/Makefile.files
@@ -838,7 +838,7 @@ SCSI_VHCI_F_TPGS_OBJS +=	tpgs.o
 
 SCSI_VHCI_F_ASYM_SUN_OBJS +=	asym_sun.o
 
-SCSI_VHCI_F_SYM_HDS_OBJS += 	sym_hds.o
+SCSI_VHCI_F_SYM_HDS_OBJS +=	sym_hds.o
 
 SCSI_VHCI_F_TAPE_OBJS +=	tape.o
 
@@ -1120,7 +1120,7 @@ NFS_OBJS +=	nfs_client.o	nfs_common.o	nfs_dump.o \
 		nfs_xdr.o	nfs_sys.o	nfs_strerror.o \
 		nfs3_vfsops.o	nfs3_vnops.o	nfs3_xdr.o \
 		nfs_acl_vnops.o	nfs_acl_xdr.o	nfs4_vfsops.o \
-		nfs4_vnops.o	nfs4_xdr.o 	nfs4_idmap.o \
+		nfs4_vnops.o	nfs4_xdr.o	nfs4_idmap.o \
 		nfs4_shadow.o	nfs4_subr.o \
 		nfs4_attr.o	nfs4_rnode.o	nfs4_client.o \
 		nfs4_acache.o	nfs4_common.o	nfs4_client_state.o \
@@ -1288,7 +1288,7 @@ UDFS_OBJS +=	udf_alloc.o	udf_bmap.o	udf_dir.o	\
 		udf_inode.o	udf_subr.o	udf_vfsops.o	\
 		udf_vnops.o
 
-UFS_OBJS +=	ufs_alloc.o	ufs_bmap.o	ufs_dir.o 	ufs_xattr.o \
+UFS_OBJS +=	ufs_alloc.o	ufs_bmap.o	ufs_dir.o	ufs_xattr.o \
 		ufs_inode.o	ufs_subr.o	ufs_tables.o	ufs_vfsops.o \
 		ufs_vnops.o	quota.o		quotacalls.o	quota_ufs.o \
 		ufs_filio.o	ufs_lockfs.o	ufs_thread.o	ufs_trans.o \
@@ -1524,8 +1524,8 @@ KLMOPS_OBJS +=	klmops.o
 
 TLIMOD_OBJS +=	tlimod.o	t_kalloc.o	t_kbind.o	t_kclose.o \
 		t_kconnect.o	t_kfree.o	t_kgtstate.o	t_kopen.o \
-		t_krcvudat.o	t_ksndudat.o	t_kspoll.o	t_kunbind.o \
-		t_kutil.o
+		t_koptmgmt.o	t_krcvudat.o	t_ksndudat.o	t_kspoll.o \
+		t_kunbind.o	t_kutil.o
 
 RLMOD_OBJS += rlmod.o
 
diff --git a/usr/src/uts/common/ktli/t_koptmgmt.c b/usr/src/uts/common/ktli/t_koptmgmt.c
new file mode 100644
index 0000000000..e217c4dfcb
--- /dev/null
+++ b/usr/src/uts/common/ktli/t_koptmgmt.c
@@ -0,0 +1,154 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License, Version 1.0 only
+ * (the "License").  You may not use this file except in compliance
+ * with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+
+/*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
+/*	  All Rights Reserved	*/
+
+/*
+ * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+/*
+ * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
+ */
+
+/*
+ * kTLI variant of t_optmgmt(3NSL)
+ * Returns 0 on success or an errno value.
+ * Similar to libnsl t_optmgmt.c
+ *
+ * Note: This expects the caller's struct t_optmgmt to contain the
+ * XTI version of struct T_opthdr (used with T_OPTMGMT_REQ == 27)
+ * not the old "struct opthdr" (used with T_SVR4_OPTMGMT_REQ == 9)
+ */
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/proc.h>
+#include <sys/file.h>
+#include <sys/user.h>
+#include <sys/vnode.h>
+#include <sys/errno.h>
+#include <sys/stream.h>
+#include <sys/ioctl.h>
+#include <sys/stropts.h>
+#include <sys/strsubr.h>
+#define	_SUN_TPI_VERSION 2
+#include <sys/tihdr.h>
+#include <sys/timod.h>
+#include <sys/tiuser.h>
+#include <sys/t_kuser.h>
+#include <sys/kmem.h>
+
+int
+t_koptmgmt(TIUSER *tiptr, struct t_optmgmt *req, struct t_optmgmt *ret)
+{
+	struct strioctl		strioc;
+	struct T_optmgmt_req	*opt_req;
+	struct T_optmgmt_ack	*opt_ack;
+	file_t			*fp;
+	vnode_t			*vp;
+	char			*ctlbuf = NULL;
+	char			*opt_data;
+	t_scalar_t		optlen;
+	int			ctlsize;
+	int			retval;
+	int			error;
+
+	fp = tiptr->fp;
+	vp = fp->f_vnode;
+
+	optlen = req->opt.len;
+	if (optlen > 0) {
+		if (req->opt.buf == NULL)
+			return (EINVAL);
+		if (optlen < (t_scalar_t)sizeof (struct T_opthdr)) {
+			/* option buffer should atleast have an t_opthdr */
+			return (EINVAL);
+		}
+		/* sanity limit */
+		if (optlen > 4096) {
+			return (EINVAL);
+		}
+	}
+
+	ctlsize = sizeof (*opt_req) + optlen;
+	ctlbuf = kmem_alloc(ctlsize, KM_SLEEP);
+
+	/* LINTED E_BAD_PTR_CAST_ALIGN */
+	opt_req = (struct T_optmgmt_req *)ctlbuf;
+	opt_req->PRIM_type = T_OPTMGMT_REQ;
+	opt_req->MGMT_flags = req->flags;
+	opt_req->OPT_length = optlen;
+	opt_req->OPT_offset = sizeof (*opt_req);
+	if (optlen > 0) {
+		opt_data = ctlbuf + sizeof (*opt_req);
+		bcopy(req->opt.buf, opt_data, optlen);
+	}
+
+	strioc.ic_cmd = TI_OPTMGMT;
+	strioc.ic_timout = 0;
+	strioc.ic_dp = ctlbuf;
+	strioc.ic_len = ctlsize;
+
+	error = strdoioctl(vp->v_stream, &strioc, FNATIVE, K_TO_K,
+	    fp->f_cred, &retval);
+	if (error)
+		goto errout;
+
+	if (retval) {
+		if ((retval & 0xff) == TSYSERR)
+			error = (retval >> 8) & 0xff;
+		else
+			error = t_tlitosyserr(retval & 0xff);
+		goto errout;
+	}
+
+	if (strioc.ic_len < sizeof (struct T_optmgmt_ack)) {
+		error = EPROTO;
+		goto errout;
+	}
+
+	/* LINTED pointer cast */
+	opt_ack = (struct T_optmgmt_ack *)ctlbuf;
+	if (opt_ack->PRIM_type != T_OPTMGMT_ACK) {
+		error = EPROTO;
+		goto errout;
+	}
+
+	if (ret->opt.maxlen > 0) {
+		if (opt_ack->OPT_length > ret->opt.maxlen) {
+			error = EMSGSIZE;
+			goto errout;
+		}
+		ret->opt.len = opt_ack->OPT_offset;
+		opt_data = ctlbuf + opt_ack->OPT_offset;
+		bcopy(opt_data, ret->opt.buf, ret->opt.len);
+	}
+	ret->flags = opt_ack->MGMT_flags;
+
+errout:
+	if (ctlbuf != NULL)
+		kmem_free(ctlbuf, ctlsize);
+	return (error);
+}
diff --git a/usr/src/uts/intel/ia32/ml/modstubs.s b/usr/src/uts/intel/ia32/ml/modstubs.s
index 040c5f0ea5..9ee2ba6908 100644
--- a/usr/src/uts/intel/ia32/ml/modstubs.s
+++ b/usr/src/uts/intel/ia32/ml/modstubs.s
@@ -642,6 +642,7 @@ fcnname/**/_info:							\
 	NO_UNLOAD_STUB(tlimod,	t_kclose,		nomod_zero);
 	NO_UNLOAD_STUB(tlimod,	t_kspoll,		nomod_zero);
 	NO_UNLOAD_STUB(tlimod,	t_kfree,		nomod_zero);
+	NO_UNLOAD_STUB(tlimod,	t_koptmgmt,		nomod_zero);
 	END_MODULE(tlimod);
 #endif
 
diff --git a/usr/src/uts/sparc/ml/modstubs.s b/usr/src/uts/sparc/ml/modstubs.s
index 1641c734da..e3db778fed 100644
--- a/usr/src/uts/sparc/ml/modstubs.s
+++ b/usr/src/uts/sparc/ml/modstubs.s
@@ -527,6 +527,7 @@ stubs_base:
 	NO_UNLOAD_STUB(tlimod, t_kclose,  	nomod_zero);
 	NO_UNLOAD_STUB(tlimod, t_kspoll,  	nomod_zero);
 	NO_UNLOAD_STUB(tlimod, t_kfree,  	nomod_zero);
+	NO_UNLOAD_STUB(tlimod, t_koptmgmt,	nomod_zero);
 	END_MODULE(tlimod);
 #endif