xref: /onnv-gate/usr/src/lib/smbsrv/libmlsvc/common/mlsvc_util.c (revision 8670:6da349c3f817) 
15331Samw /*
25331Samw  * CDDL HEADER START
35331Samw  *
45331Samw  * The contents of this file are subject to the terms of the
55331Samw  * Common Development and Distribution License (the "License").
65331Samw  * You may not use this file except in compliance with the License.
75331Samw  *
85331Samw  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
95331Samw  * or http://www.opensolaris.org/os/licensing.
105331Samw  * See the License for the specific language governing permissions
115331Samw  * and limitations under the License.
125331Samw  *
135331Samw  * When distributing Covered Code, include this CDDL HEADER in each
145331Samw  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
155331Samw  * If applicable, add the following below this CDDL HEADER, with the
165331Samw  * fields enclosed by brackets "[]" replaced with your own identifying
175331Samw  * information: Portions Copyright [yyyy] [name of copyright owner]
185331Samw  *
195331Samw  * CDDL HEADER END
205331Samw  */
215331Samw /*
228474SJose.Borrego@Sun.COM  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
235331Samw  * Use is subject to license terms.
245331Samw  */
255331Samw 
265331Samw /*
275331Samw  * Utility functions to support the RPC interface library.
285331Samw  */
295331Samw 
305331Samw #include <stdio.h>
315331Samw #include <stdarg.h>
325331Samw #include <strings.h>
335331Samw #include <unistd.h>
345331Samw #include <netdb.h>
355331Samw #include <stdlib.h>
365331Samw #include <sys/time.h>
375331Samw #include <sys/systm.h>
385331Samw 
395331Samw #include <smbsrv/libsmb.h>
405331Samw #include <smbsrv/libsmbrdr.h>
415331Samw #include <smbsrv/libsmbns.h>
425331Samw #include <smbsrv/libmlsvc.h>
435331Samw #include <smbsrv/smbinfo.h>
448334SJose.Borrego@Sun.COM #include <lsalib.h>
458334SJose.Borrego@Sun.COM #include <samlib.h>
468334SJose.Borrego@Sun.COM #include <smbsrv/netrauth.h>
475331Samw 
485772Sas200622 /* Domain join support (using MS-RPC) */
495772Sas200622 static boolean_t mlsvc_ntjoin_support = B_FALSE;
505772Sas200622 
515331Samw extern int netr_open(char *, char *, mlsvc_handle_t *);
525331Samw extern int netr_close(mlsvc_handle_t *);
535331Samw extern DWORD netlogon_auth(char *, mlsvc_handle_t *, DWORD);
545331Samw extern int mlsvc_user_getauth(char *, char *, smb_auth_info_t *);
555331Samw 
565331Samw /*
575331Samw  * mlsvc_lookup_name
585331Samw  *
595772Sas200622  * This is just a wrapper for lsa_lookup_name.
605331Samw  *
615772Sas200622  * The memory for the sid is allocated using malloc so the caller should
625772Sas200622  * call free when it is no longer required.
635331Samw  */
645772Sas200622 uint32_t
65*8670SJose.Borrego@Sun.COM mlsvc_lookup_name(char *name, smb_sid_t **sid, uint16_t *sid_type)
665331Samw {
67*8670SJose.Borrego@Sun.COM 	smb_account_t account;
685772Sas200622 	uint32_t status;
695331Samw 
70*8670SJose.Borrego@Sun.COM 	status = lsa_lookup_name(name, *sid_type, &account);
715772Sas200622 	if (status == NT_STATUS_SUCCESS) {
72*8670SJose.Borrego@Sun.COM 		*sid = account.a_sid;
73*8670SJose.Borrego@Sun.COM 		account.a_sid = NULL;
74*8670SJose.Borrego@Sun.COM 		*sid_type = account.a_type;
75*8670SJose.Borrego@Sun.COM 		smb_account_free(&account);
765772Sas200622 	}
775331Samw 
785772Sas200622 	return (status);
795331Samw }
805331Samw 
815331Samw /*
825331Samw  * mlsvc_lookup_sid
835331Samw  *
845772Sas200622  * This is just a wrapper for lsa_lookup_sid.
855772Sas200622  *
865772Sas200622  * The allocated memory for the returned name must be freed by caller upon
875772Sas200622  * successful return.
885331Samw  */
895772Sas200622 uint32_t
906432Sas200622 mlsvc_lookup_sid(smb_sid_t *sid, char **name)
915331Samw {
92*8670SJose.Borrego@Sun.COM 	smb_account_t ainfo;
935772Sas200622 	uint32_t status;
945772Sas200622 	int namelen;
955331Samw 
96*8670SJose.Borrego@Sun.COM 	if ((status = lsa_lookup_sid(sid, &ainfo)) == NT_STATUS_SUCCESS) {
97*8670SJose.Borrego@Sun.COM 		namelen = strlen(ainfo.a_domain) + strlen(ainfo.a_name) + 2;
98*8670SJose.Borrego@Sun.COM 		if ((*name = malloc(namelen)) != NULL)
99*8670SJose.Borrego@Sun.COM 			(void) snprintf(*name, namelen, "%s\\%s",
100*8670SJose.Borrego@Sun.COM 			    ainfo.a_domain, ainfo.a_name);
101*8670SJose.Borrego@Sun.COM 		else
102*8670SJose.Borrego@Sun.COM 			status = NT_STATUS_NO_MEMORY;
1035331Samw 
104*8670SJose.Borrego@Sun.COM 		smb_account_free(&ainfo);
1055331Samw 	}
1065331Samw 
1075772Sas200622 	return (status);
1085331Samw }
1095331Samw 
1106139Sjb150015 DWORD
1116139Sjb150015 mlsvc_netlogon(char *server, char *domain)
1126139Sjb150015 {
1136139Sjb150015 	mlsvc_handle_t netr_handle;
1146139Sjb150015 	DWORD status;
1156139Sjb150015 
1166139Sjb150015 	if (netr_open(server, domain, &netr_handle) == 0) {
1176139Sjb150015 		status = netlogon_auth(server, &netr_handle,
1186139Sjb150015 		    NETR_FLG_INIT);
1196139Sjb150015 		(void) netr_close(&netr_handle);
1206139Sjb150015 	} else {
1216139Sjb150015 		status = NT_STATUS_OPEN_FAILED;
1226139Sjb150015 	}
1236139Sjb150015 
1246139Sjb150015 	return (status);
1256139Sjb150015 }
1266139Sjb150015 
1275331Samw /*
1285521Sas200622  * mlsvc_join
1295331Samw  *
1305331Samw  * Returns NT status codes.
1315331Samw  */
1325331Samw DWORD
1338334SJose.Borrego@Sun.COM mlsvc_join(smb_domain_t *dinfo, char *user, char *plain_text)
1345331Samw {
1355331Samw 	smb_auth_info_t auth;
1365331Samw 	int erc;
1375331Samw 	DWORD status;
1388334SJose.Borrego@Sun.COM 	char machine_passwd[NETR_MACHINE_ACCT_PASSWD_MAX];
1395331Samw 
1405331Samw 	machine_passwd[0] = '\0';
1415331Samw 
1425331Samw 	/*
1435331Samw 	 * Ensure that the domain name is uppercase.
1445331Samw 	 */
1458334SJose.Borrego@Sun.COM 	(void) utf8_strupr(dinfo->d_nbdomain);
1465331Samw 
1478334SJose.Borrego@Sun.COM 	erc = mlsvc_logon(dinfo->d_dc, dinfo->d_nbdomain, user);
1485331Samw 
1495331Samw 	if (erc == AUTH_USER_GRANT) {
1505772Sas200622 		if (mlsvc_ntjoin_support == B_FALSE) {
1515331Samw 
1528334SJose.Borrego@Sun.COM 			if (smb_ads_join(dinfo->d_fqdomain, user, plain_text,
1535772Sas200622 			    machine_passwd, sizeof (machine_passwd))
1547052Samw 			    == SMB_ADJOIN_SUCCESS)
1555331Samw 				status = NT_STATUS_SUCCESS;
1565521Sas200622 			else
1575331Samw 				status = NT_STATUS_UNSUCCESSFUL;
1585331Samw 		} else {
1598334SJose.Borrego@Sun.COM 			if (mlsvc_user_getauth(dinfo->d_dc, user, &auth)
1605331Samw 			    != 0) {
1615331Samw 				status = NT_STATUS_INVALID_PARAMETER;
1625331Samw 				return (status);
1635331Samw 			}
1645331Samw 
1658334SJose.Borrego@Sun.COM 			status = sam_create_trust_account(dinfo->d_dc,
1668334SJose.Borrego@Sun.COM 			    dinfo->d_nbdomain, &auth);
1675331Samw 			if (status == NT_STATUS_SUCCESS) {
1687961SNatalie.Li@Sun.COM 				(void) smb_getnetbiosname(machine_passwd,
1697961SNatalie.Li@Sun.COM 				    sizeof (machine_passwd));
1705331Samw 				(void) utf8_strlwr(machine_passwd);
1715331Samw 			}
1725331Samw 		}
1735331Samw 
1745331Samw 		if (status == NT_STATUS_SUCCESS) {
1758334SJose.Borrego@Sun.COM 			erc = smb_setdomainprops(NULL, dinfo->d_dc,
1765772Sas200622 			    machine_passwd);
1776139Sjb150015 			if (erc != 0)
1785331Samw 				return (NT_STATUS_UNSUCCESSFUL);
1795331Samw 
1808334SJose.Borrego@Sun.COM 			status = mlsvc_netlogon(dinfo->d_dc, dinfo->d_nbdomain);
1815331Samw 		}
1825331Samw 	} else {
1835331Samw 		status = NT_STATUS_LOGON_FAILURE;
1845331Samw 	}
1855331Samw 
1865331Samw 	return (status);
1875331Samw }
188