xref: /onnv-gate/usr/src/lib/smbsrv/libmlsvc/common/mlsvc_util.c (revision 10966:37e5dcdf36d3) 
15331Samw /*
25331Samw  * CDDL HEADER START
35331Samw  *
45331Samw  * The contents of this file are subject to the terms of the
55331Samw  * Common Development and Distribution License (the "License").
65331Samw  * You may not use this file except in compliance with the License.
75331Samw  *
85331Samw  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
95331Samw  * or http://www.opensolaris.org/os/licensing.
105331Samw  * See the License for the specific language governing permissions
115331Samw  * and limitations under the License.
125331Samw  *
135331Samw  * When distributing Covered Code, include this CDDL HEADER in each
145331Samw  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
155331Samw  * If applicable, add the following below this CDDL HEADER, with the
165331Samw  * fields enclosed by brackets "[]" replaced with your own identifying
175331Samw  * information: Portions Copyright [yyyy] [name of copyright owner]
185331Samw  *
195331Samw  * CDDL HEADER END
205331Samw  */
215331Samw /*
228474SJose.Borrego@Sun.COM  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
235331Samw  * Use is subject to license terms.
245331Samw  */
255331Samw 
265331Samw /*
275331Samw  * Utility functions to support the RPC interface library.
285331Samw  */
295331Samw 
305331Samw #include <stdio.h>
315331Samw #include <stdarg.h>
325331Samw #include <strings.h>
335331Samw #include <unistd.h>
345331Samw #include <netdb.h>
355331Samw #include <stdlib.h>
365331Samw #include <sys/time.h>
375331Samw #include <sys/systm.h>
389021Samw@Sun.COM #include <syslog.h>
395331Samw 
405331Samw #include <smbsrv/libsmb.h>
415331Samw #include <smbsrv/libsmbns.h>
425331Samw #include <smbsrv/libmlsvc.h>
4310717Samw@Sun.COM #include <smbsrv/libsmbrdr.h>
445331Samw #include <smbsrv/smbinfo.h>
458334SJose.Borrego@Sun.COM #include <lsalib.h>
468334SJose.Borrego@Sun.COM #include <samlib.h>
478334SJose.Borrego@Sun.COM #include <smbsrv/netrauth.h>
485331Samw 
495772Sas200622 /* Domain join support (using MS-RPC) */
505772Sas200622 static boolean_t mlsvc_ntjoin_support = B_FALSE;
515772Sas200622 
525331Samw extern int netr_open(char *, char *, mlsvc_handle_t *);
535331Samw extern int netr_close(mlsvc_handle_t *);
545331Samw extern DWORD netlogon_auth(char *, mlsvc_handle_t *, DWORD);
555331Samw 
565331Samw /*
575331Samw  * mlsvc_lookup_name
585331Samw  *
595772Sas200622  * This is just a wrapper for lsa_lookup_name.
605331Samw  *
615772Sas200622  * The memory for the sid is allocated using malloc so the caller should
625772Sas200622  * call free when it is no longer required.
635331Samw  */
645772Sas200622 uint32_t
658670SJose.Borrego@Sun.COM mlsvc_lookup_name(char *name, smb_sid_t **sid, uint16_t *sid_type)
665331Samw {
678670SJose.Borrego@Sun.COM 	smb_account_t account;
685772Sas200622 	uint32_t status;
695331Samw 
708670SJose.Borrego@Sun.COM 	status = lsa_lookup_name(name, *sid_type, &account);
715772Sas200622 	if (status == NT_STATUS_SUCCESS) {
728670SJose.Borrego@Sun.COM 		*sid = account.a_sid;
738670SJose.Borrego@Sun.COM 		account.a_sid = NULL;
748670SJose.Borrego@Sun.COM 		*sid_type = account.a_type;
758670SJose.Borrego@Sun.COM 		smb_account_free(&account);
765772Sas200622 	}
775331Samw 
785772Sas200622 	return (status);
795331Samw }
805331Samw 
815331Samw /*
825331Samw  * mlsvc_lookup_sid
835331Samw  *
845772Sas200622  * This is just a wrapper for lsa_lookup_sid.
855772Sas200622  *
865772Sas200622  * The allocated memory for the returned name must be freed by caller upon
875772Sas200622  * successful return.
885331Samw  */
895772Sas200622 uint32_t
906432Sas200622 mlsvc_lookup_sid(smb_sid_t *sid, char **name)
915331Samw {
928670SJose.Borrego@Sun.COM 	smb_account_t ainfo;
935772Sas200622 	uint32_t status;
945772Sas200622 	int namelen;
955331Samw 
968670SJose.Borrego@Sun.COM 	if ((status = lsa_lookup_sid(sid, &ainfo)) == NT_STATUS_SUCCESS) {
978670SJose.Borrego@Sun.COM 		namelen = strlen(ainfo.a_domain) + strlen(ainfo.a_name) + 2;
988670SJose.Borrego@Sun.COM 		if ((*name = malloc(namelen)) != NULL)
998670SJose.Borrego@Sun.COM 			(void) snprintf(*name, namelen, "%s\\%s",
1008670SJose.Borrego@Sun.COM 			    ainfo.a_domain, ainfo.a_name);
1018670SJose.Borrego@Sun.COM 		else
1028670SJose.Borrego@Sun.COM 			status = NT_STATUS_NO_MEMORY;
1035331Samw 
1048670SJose.Borrego@Sun.COM 		smb_account_free(&ainfo);
1055331Samw 	}
1065331Samw 
1075772Sas200622 	return (status);
1085331Samw }
1095331Samw 
1106139Sjb150015 DWORD
1116139Sjb150015 mlsvc_netlogon(char *server, char *domain)
1126139Sjb150015 {
1136139Sjb150015 	mlsvc_handle_t netr_handle;
1146139Sjb150015 	DWORD status;
1156139Sjb150015 
1166139Sjb150015 	if (netr_open(server, domain, &netr_handle) == 0) {
1179021Samw@Sun.COM 		if ((status = netlogon_auth(server, &netr_handle,
1189021Samw@Sun.COM 		    NETR_FLG_INIT)) != NT_STATUS_SUCCESS)
1199021Samw@Sun.COM 			syslog(LOG_NOTICE, "Failed to establish NETLOGON "
1209021Samw@Sun.COM 			    "credential chain");
1216139Sjb150015 		(void) netr_close(&netr_handle);
1226139Sjb150015 	} else {
1236139Sjb150015 		status = NT_STATUS_OPEN_FAILED;
1246139Sjb150015 	}
1256139Sjb150015 
1266139Sjb150015 	return (status);
1276139Sjb150015 }
1286139Sjb150015 
1295331Samw /*
1309343SAfshin.Ardakani@Sun.COM  * Joins the specified domain by creating a machine account on
1319343SAfshin.Ardakani@Sun.COM  * the selected domain controller.
1329343SAfshin.Ardakani@Sun.COM  *
1339343SAfshin.Ardakani@Sun.COM  * Disconnect any existing connection with the domain controller.
1349343SAfshin.Ardakani@Sun.COM  * This will ensure that no stale connection will be used, it will
1359343SAfshin.Ardakani@Sun.COM  * also pickup any configuration changes in either side by trying
1369343SAfshin.Ardakani@Sun.COM  * to establish a new connection.
1375331Samw  *
1385331Samw  * Returns NT status codes.
1395331Samw  */
1405331Samw DWORD
14110717Samw@Sun.COM mlsvc_join(smb_domainex_t *dxi, char *user, char *plain_text)
1425331Samw {
1435331Samw 	int erc;
1445331Samw 	DWORD status;
1458334SJose.Borrego@Sun.COM 	char machine_passwd[NETR_MACHINE_ACCT_PASSWD_MAX];
1469021Samw@Sun.COM 	smb_adjoin_status_t err;
14710717Samw@Sun.COM 	smb_domain_t *domain;
1485331Samw 
1495331Samw 	machine_passwd[0] = '\0';
1505331Samw 
15110717Samw@Sun.COM 	domain = &dxi->d_primary;
1525331Samw 
15310717Samw@Sun.COM 	mlsvc_disconnect(dxi->d_dc);
1549343SAfshin.Ardakani@Sun.COM 
15510717Samw@Sun.COM 	erc = smbrdr_logon(dxi->d_dc, domain->di_nbname, user);
1565331Samw 
1575331Samw 	if (erc == AUTH_USER_GRANT) {
1585772Sas200622 		if (mlsvc_ntjoin_support == B_FALSE) {
1595331Samw 
1609832Samw@Sun.COM 			if ((err = smb_ads_join(domain->di_fqname, user,
1619021Samw@Sun.COM 			    plain_text, machine_passwd,
1629021Samw@Sun.COM 			    sizeof (machine_passwd))) == SMB_ADJOIN_SUCCESS) {
1635331Samw 				status = NT_STATUS_SUCCESS;
1649021Samw@Sun.COM 			} else {
1659021Samw@Sun.COM 				smb_ads_join_errmsg(err);
1665331Samw 				status = NT_STATUS_UNSUCCESSFUL;
1679021Samw@Sun.COM 			}
1685331Samw 		} else {
1695331Samw 
17010717Samw@Sun.COM 			status = sam_create_trust_account(dxi->d_dc,
17110504SKeyur.Desai@Sun.COM 			    domain->di_nbname);
1725331Samw 			if (status == NT_STATUS_SUCCESS) {
1737961SNatalie.Li@Sun.COM 				(void) smb_getnetbiosname(machine_passwd,
1747961SNatalie.Li@Sun.COM 				    sizeof (machine_passwd));
175*10966SJordan.Brown@Sun.COM 				(void) smb_strlwr(machine_passwd);
1765331Samw 			}
1775331Samw 		}
1785331Samw 
1795331Samw 		if (status == NT_STATUS_SUCCESS) {
18010717Samw@Sun.COM 			erc = smb_setdomainprops(NULL, dxi->d_dc,
1815772Sas200622 			    machine_passwd);
1829021Samw@Sun.COM 			if (erc != 0) {
1839021Samw@Sun.COM 				syslog(LOG_NOTICE, "Failed to update CIFS "
1849021Samw@Sun.COM 				    "configuration");
1855331Samw 				return (NT_STATUS_UNSUCCESSFUL);
1869021Samw@Sun.COM 			}
1875331Samw 
18810717Samw@Sun.COM 			status = mlsvc_netlogon(dxi->d_dc, domain->di_nbname);
1895331Samw 		}
1905331Samw 	} else {
1915331Samw 		status = NT_STATUS_LOGON_FAILURE;
1925331Samw 	}
1935331Samw 
1945331Samw 	return (status);
1955331Samw }
19610717Samw@Sun.COM 
19710717Samw@Sun.COM int
19810717Samw@Sun.COM mlsvc_ping(const char *server)
19910717Samw@Sun.COM {
20010717Samw@Sun.COM 	return (smbrdr_echo(server));
20110717Samw@Sun.COM }
20210717Samw@Sun.COM 
20310717Samw@Sun.COM void
20410717Samw@Sun.COM mlsvc_disconnect(const char *server)
20510717Samw@Sun.COM {
20610717Samw@Sun.COM 	smbrdr_disconnect(server);
20710717Samw@Sun.COM }
208