libmlsvc/common/mlsvc_util.c

5331Samw/*
5331Samw * CDDL HEADER START
5331Samw *
5331Samw * The contents of this file are subject to the terms of the
5331Samw * Common Development and Distribution License (the "License").
5331Samw * You may not use this file except in compliance with the License.
5331Samw *
5331Samw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
5331Samw * or http://www.opensolaris.org/os/licensing.
5331Samw * See the License for the specific language governing permissions
5331Samw * and limitations under the License.
5331Samw *
5331Samw * When distributing Covered Code, include this CDDL HEADER in each
5331Samw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
5331Samw * If applicable, add the following below this CDDL HEADER, with the
5331Samw * fields enclosed by brackets "[]" replaced with your own identifying
5331Samw * information: Portions Copyright [yyyy] [name of copyright owner]
5331Samw *
5331Samw * CDDL HEADER END
5331Samw */
5331Samw/*
8474SJose.Borrego@Sun.COM * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
5331Samw * Use is subject to license terms.
5331Samw */
5331Samw
5331Samw/*
5331Samw * Utility functions to support the RPC interface library.
5331Samw */
5331Samw
5331Samw#include <stdio.h>
5331Samw#include <stdarg.h>
5331Samw#include <strings.h>
5331Samw#include <unistd.h>
5331Samw#include <netdb.h>
5331Samw#include <stdlib.h>
5331Samw#include <sys/time.h>
5331Samw#include <sys/systm.h>
9021Samw@Sun.COM#include <syslog.h>
5331Samw
5331Samw#include <smbsrv/libsmb.h>
5331Samw#include <smbsrv/libsmbrdr.h>
5331Samw#include <smbsrv/libsmbns.h>
5331Samw#include <smbsrv/libmlsvc.h>
5331Samw#include <smbsrv/smbinfo.h>
8334SJose.Borrego@Sun.COM#include <lsalib.h>
8334SJose.Borrego@Sun.COM#include <samlib.h>
8334SJose.Borrego@Sun.COM#include <smbsrv/netrauth.h>
5331Samw
5772Sas200622/* Domain join support (using MS-RPC) */
5772Sas200622static boolean_t mlsvc_ntjoin_support = B_FALSE;
5772Sas200622
5331Samwextern int netr_open(char *, char *, mlsvc_handle_t *);
5331Samwextern int netr_close(mlsvc_handle_t *);
5331Samwextern DWORD netlogon_auth(char *, mlsvc_handle_t *, DWORD);
5331Samwextern int mlsvc_user_getauth(char *, char *, smb_auth_info_t *);
5331Samw
5331Samw/*
5331Samw * mlsvc_lookup_name
5331Samw *
5772Sas200622 * This is just a wrapper for lsa_lookup_name.
5331Samw *
5772Sas200622 * The memory for the sid is allocated using malloc so the caller should
5772Sas200622 * call free when it is no longer required.
5331Samw */
5772Sas200622uint32_t
8670SJose.Borrego@Sun.COMmlsvc_lookup_name(char *name, smb_sid_t **sid, uint16_t *sid_type)
5331Samw{
8670SJose.Borrego@Sun.COM	smb_account_t account;
5772Sas200622	uint32_t status;
5331Samw
8670SJose.Borrego@Sun.COM	status = lsa_lookup_name(name, *sid_type, &account);
5772Sas200622	if (status == NT_STATUS_SUCCESS) {
8670SJose.Borrego@Sun.COM		*sid = account.a_sid;
8670SJose.Borrego@Sun.COM		account.a_sid = NULL;
8670SJose.Borrego@Sun.COM		*sid_type = account.a_type;
8670SJose.Borrego@Sun.COM		smb_account_free(&account);
5772Sas200622	}
5331Samw
5772Sas200622	return (status);
5331Samw}
5331Samw
5331Samw/*
5331Samw * mlsvc_lookup_sid
5331Samw *
5772Sas200622 * This is just a wrapper for lsa_lookup_sid.
5772Sas200622 *
5772Sas200622 * The allocated memory for the returned name must be freed by caller upon
5772Sas200622 * successful return.
5331Samw */
5772Sas200622uint32_t
6432Sas200622mlsvc_lookup_sid(smb_sid_t *sid, char **name)
5331Samw{
8670SJose.Borrego@Sun.COM	smb_account_t ainfo;
5772Sas200622	uint32_t status;
5772Sas200622	int namelen;
5331Samw
8670SJose.Borrego@Sun.COM	if ((status = lsa_lookup_sid(sid, &ainfo)) == NT_STATUS_SUCCESS) {
8670SJose.Borrego@Sun.COM		namelen = strlen(ainfo.a_domain) + strlen(ainfo.a_name) + 2;
8670SJose.Borrego@Sun.COM		if ((*name = malloc(namelen)) != NULL)
8670SJose.Borrego@Sun.COM			(void) snprintf(*name, namelen, "%s\\%s",
8670SJose.Borrego@Sun.COM			    ainfo.a_domain, ainfo.a_name);
8670SJose.Borrego@Sun.COM		else
8670SJose.Borrego@Sun.COM			status = NT_STATUS_NO_MEMORY;
5331Samw
8670SJose.Borrego@Sun.COM		smb_account_free(&ainfo);
5331Samw	}
5331Samw
5772Sas200622	return (status);
5331Samw}
5331Samw
6139Sjb150015DWORD
6139Sjb150015mlsvc_netlogon(char *server, char *domain)
6139Sjb150015{
6139Sjb150015	mlsvc_handle_t netr_handle;
6139Sjb150015	DWORD status;
6139Sjb150015
6139Sjb150015	if (netr_open(server, domain, &netr_handle) == 0) {
9021Samw@Sun.COM		if ((status = netlogon_auth(server, &netr_handle,
9021Samw@Sun.COM		    NETR_FLG_INIT)) != NT_STATUS_SUCCESS)
9021Samw@Sun.COM			syslog(LOG_NOTICE, "Failed to establish NETLOGON "
9021Samw@Sun.COM			    "credential chain");
6139Sjb150015		(void) netr_close(&netr_handle);
6139Sjb150015	} else {
6139Sjb150015		status = NT_STATUS_OPEN_FAILED;
6139Sjb150015	}
6139Sjb150015
6139Sjb150015	return (status);
6139Sjb150015}
6139Sjb150015
5331Samw/*
*9343SAfshin.Ardakani@Sun.COM * Joins the specified domain by creating a machine account on
*9343SAfshin.Ardakani@Sun.COM * the selected domain controller.
*9343SAfshin.Ardakani@Sun.COM *
*9343SAfshin.Ardakani@Sun.COM * Disconnect any existing connection with the domain controller.
*9343SAfshin.Ardakani@Sun.COM * This will ensure that no stale connection will be used, it will
*9343SAfshin.Ardakani@Sun.COM * also pickup any configuration changes in either side by trying
*9343SAfshin.Ardakani@Sun.COM * to establish a new connection.
5331Samw *
5331Samw * Returns NT status codes.
5331Samw */
5331SamwDWORD
8334SJose.Borrego@Sun.COMmlsvc_join(smb_domain_t *dinfo, char *user, char *plain_text)
5331Samw{
5331Samw	smb_auth_info_t auth;
5331Samw	int erc;
5331Samw	DWORD status;
8334SJose.Borrego@Sun.COM	char machine_passwd[NETR_MACHINE_ACCT_PASSWD_MAX];
9021Samw@Sun.COM	smb_adjoin_status_t err;
5331Samw
5331Samw	machine_passwd[0] = '\0';
5331Samw
8334SJose.Borrego@Sun.COM	(void) utf8_strupr(dinfo->d_nbdomain);
5331Samw
*9343SAfshin.Ardakani@Sun.COM	mlsvc_disconnect(dinfo->d_dc);
*9343SAfshin.Ardakani@Sun.COM
8334SJose.Borrego@Sun.COM	erc = mlsvc_logon(dinfo->d_dc, dinfo->d_nbdomain, user);
5331Samw
5331Samw	if (erc == AUTH_USER_GRANT) {
5772Sas200622		if (mlsvc_ntjoin_support == B_FALSE) {
5331Samw
9021Samw@Sun.COM			if ((err = smb_ads_join(dinfo->d_fqdomain, user,
9021Samw@Sun.COM			    plain_text, machine_passwd,
9021Samw@Sun.COM			    sizeof (machine_passwd))) == SMB_ADJOIN_SUCCESS) {
5331Samw				status = NT_STATUS_SUCCESS;
9021Samw@Sun.COM			} else {
9021Samw@Sun.COM				smb_ads_join_errmsg(err);
5331Samw				status = NT_STATUS_UNSUCCESSFUL;
9021Samw@Sun.COM			}
5331Samw		} else {
8334SJose.Borrego@Sun.COM			if (mlsvc_user_getauth(dinfo->d_dc, user, &auth)
5331Samw			    != 0) {
5331Samw				status = NT_STATUS_INVALID_PARAMETER;
5331Samw				return (status);
5331Samw			}
5331Samw
8334SJose.Borrego@Sun.COM			status = sam_create_trust_account(dinfo->d_dc,
8334SJose.Borrego@Sun.COM			    dinfo->d_nbdomain, &auth);
5331Samw			if (status == NT_STATUS_SUCCESS) {
7961SNatalie.Li@Sun.COM				(void) smb_getnetbiosname(machine_passwd,
7961SNatalie.Li@Sun.COM				    sizeof (machine_passwd));
5331Samw				(void) utf8_strlwr(machine_passwd);
5331Samw			}
5331Samw		}
5331Samw
5331Samw		if (status == NT_STATUS_SUCCESS) {
8334SJose.Borrego@Sun.COM			erc = smb_setdomainprops(NULL, dinfo->d_dc,
5772Sas200622			    machine_passwd);
9021Samw@Sun.COM			if (erc != 0) {
9021Samw@Sun.COM				syslog(LOG_NOTICE, "Failed to update CIFS "
9021Samw@Sun.COM				    "configuration");
5331Samw				return (NT_STATUS_UNSUCCESSFUL);
9021Samw@Sun.COM			}
5331Samw
8334SJose.Borrego@Sun.COM			status = mlsvc_netlogon(dinfo->d_dc, dinfo->d_nbdomain);
5331Samw		}
5331Samw	} else {
5331Samw		status = NT_STATUS_LOGON_FAILURE;
5331Samw	}
5331Samw
5331Samw	return (status);
5331Samw}