xref: /illumos-gate/usr/src/cmd/smbsrv/smbd/smbd_join.c (revision 5f10ef697f250374b7b917e10961c4e02d4e3112) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24  * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
25  */
26 
27 #include <syslog.h>
28 #include <synch.h>
29 #include <pthread.h>
30 #include <unistd.h>
31 #include <string.h>
32 #include <strings.h>
33 #include <errno.h>
34 #include <netinet/in.h>
35 #include <netinet/tcp.h>
36 
37 #include <smbsrv/libsmb.h>
38 #include <smbsrv/libsmbns.h>
39 #include <smbsrv/libmlsvc.h>
40 #include <smbsrv/smbinfo.h>
41 #include "smbd.h"
42 
43 #define	SMBD_DC_MONITOR_ATTEMPTS		3
44 #define	SMBD_DC_MONITOR_RETRY_INTERVAL		3	/* seconds */
45 #define	SMBD_DC_MONITOR_INTERVAL		60	/* seconds */
46 
47 extern smbd_t smbd;
48 
49 static mutex_t smbd_dc_mutex;
50 static cond_t smbd_dc_cv;
51 
52 static void *smbd_dc_monitor(void *);
53 static void smbd_dc_update(void);
54 static int smbd_dc_check(smb_domainex_t *);
55 /* Todo: static boolean_t smbd_set_netlogon_cred(void); */
56 static void smbd_join_workgroup(smb_joininfo_t *, smb_joinres_t *);
57 static void smbd_join_domain(smb_joininfo_t *, smb_joinres_t *);
58 
59 /*
60  * Launch the DC discovery and monitor thread.
61  */
62 int
63 smbd_dc_monitor_init(void)
64 {
65 	pthread_attr_t	attr;
66 	int		rc;
67 
68 	(void) smb_config_getstr(SMB_CI_ADS_SITE, smbd.s_site,
69 	    MAXHOSTNAMELEN);
70 	(void) smb_config_getip(SMB_CI_DOMAIN_SRV, &smbd.s_pdc);
71 	smb_ads_init();
72 
73 	if (smbd.s_secmode != SMB_SECMODE_DOMAIN)
74 		return (0);
75 
76 	(void) pthread_attr_init(&attr);
77 	(void) pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
78 	rc = pthread_create(&smbd.s_dc_monitor_tid, &attr, smbd_dc_monitor,
79 	    NULL);
80 	(void) pthread_attr_destroy(&attr);
81 	return (rc);
82 }
83 
84 /*
85  * Refresh the DC monitor.  Called from SMF refresh and when idmap
86  * finds a different DC from what we were using previously.
87  * Update our domain (and current DC) information.
88  */
89 void
90 smbd_dc_monitor_refresh(void)
91 {
92 
93 	syslog(LOG_INFO, "smbd_dc_monitor_refresh");
94 
95 	smb_ddiscover_refresh();
96 
97 	(void) mutex_lock(&smbd_dc_mutex);
98 
99 	smbd.s_pdc_changed = B_TRUE;
100 	(void) cond_signal(&smbd_dc_cv);
101 
102 	(void) mutex_unlock(&smbd_dc_mutex);
103 }
104 
105 /*ARGSUSED*/
106 static void *
107 smbd_dc_monitor(void *arg)
108 {
109 	smb_domainex_t	di;
110 	boolean_t	ds_not_responding;
111 	boolean_t	ds_cfg_changed;
112 	timestruc_t	delay;
113 	int		i;
114 
115 	/* Wait for smb_dclocator_init() to complete. */
116 	smbd_online_wait("smbd_dc_monitor");
117 	smbd_dc_update();
118 
119 	while (smbd_online()) {
120 		ds_not_responding = B_FALSE;
121 		ds_cfg_changed = B_FALSE;
122 		delay.tv_sec = SMBD_DC_MONITOR_INTERVAL;
123 		delay.tv_nsec = 0;
124 
125 		(void) mutex_lock(&smbd_dc_mutex);
126 		(void) cond_reltimedwait(&smbd_dc_cv, &smbd_dc_mutex, &delay);
127 
128 		if (smbd.s_pdc_changed) {
129 			smbd.s_pdc_changed = B_FALSE;
130 			ds_cfg_changed = B_TRUE;
131 			/* NB: smb_ddiscover_refresh was called. */
132 		}
133 
134 		(void) mutex_unlock(&smbd_dc_mutex);
135 
136 		if (ds_cfg_changed) {
137 			syslog(LOG_DEBUG, "smbd_dc_monitor: config changed");
138 			goto rediscover;
139 		}
140 
141 		if (!smb_domain_getinfo(&di)) {
142 			syslog(LOG_DEBUG, "smbd_dc_monitor: no domain info");
143 			goto rediscover;
144 		}
145 
146 		if (di.d_dci.dc_name[0] == '\0') {
147 			syslog(LOG_DEBUG, "smbd_dc_monitor: no DC name");
148 			goto rediscover;
149 		}
150 
151 		for (i = 0; i < SMBD_DC_MONITOR_ATTEMPTS; ++i) {
152 			if (smbd_dc_check(&di) == 0) {
153 				ds_not_responding = B_FALSE;
154 				break;
155 			}
156 
157 			ds_not_responding = B_TRUE;
158 			(void) sleep(SMBD_DC_MONITOR_RETRY_INTERVAL);
159 		}
160 
161 		if (ds_not_responding) {
162 			syslog(LOG_NOTICE,
163 			    "smbd_dc_monitor: DC not responding: %s",
164 			    di.d_dci.dc_name);
165 			smb_ddiscover_bad_dc(di.d_dci.dc_name);
166 		}
167 
168 		if (ds_not_responding || ds_cfg_changed) {
169 		rediscover:
170 			/*
171 			 * An smb_ads_refresh will be done by the
172 			 * smb_ddiscover_service when necessary.
173 			 * Note: smbd_dc_monitor_refresh was already
174 			 * called if appropriate.
175 			 */
176 			smbd_dc_update();
177 		}
178 	}
179 
180 	smbd.s_dc_monitor_tid = 0;
181 	return (NULL);
182 }
183 
184 /*
185  * Simply attempt a connection to the DC.
186  */
187 static int
188 smbd_dc_check(smb_domainex_t *di)
189 {
190 	struct sockaddr sa;
191 	int salen = 0;
192 	int sock = -1;
193 	int tmo = 5 * 1000;	/* 5 sec. */
194 	int rc;
195 
196 	bzero(&sa, sizeof (sa));
197 	switch (di->d_dci.dc_addr.a_family) {
198 	case AF_INET: {
199 		struct sockaddr_in *sin = (void *)&sa;
200 		sin->sin_family = AF_INET;
201 		sin->sin_port = htons(IPPORT_SMB);
202 		sin->sin_addr.s_addr = di->d_dci.dc_addr.a_ipv4;
203 		salen = sizeof (*sin);
204 		break;
205 	}
206 	case AF_INET6: {
207 		struct sockaddr_in6 *sin6 = (void *)&sa;
208 		sin6->sin6_family = AF_INET6;
209 		sin6->sin6_port = htons(IPPORT_SMB);
210 		(void) memcpy(&sin6->sin6_addr,
211 		    &di->d_dci.dc_addr.a_ipv6,
212 		    sizeof (in6_addr_t));
213 		salen = sizeof (*sin6);
214 		break;
215 	}
216 	default:
217 		return (-1);
218 	}
219 
220 	sock = socket(di->d_dci.dc_addr.a_family, SOCK_STREAM, 0);
221 	if (sock < 0)
222 		return (errno);
223 	(void) setsockopt(sock, IPPROTO_TCP,
224 	    TCP_CONN_ABORT_THRESHOLD, &tmo, sizeof (tmo));
225 
226 	rc = connect(sock, &sa, salen);
227 	if (rc < 0)
228 		rc = errno;
229 
230 	(void) close(sock);
231 	return (rc);
232 }
233 
234 /*
235  * Locate a domain controller in the current resource domain and Update
236  * the Netlogon credential chain.
237  *
238  * The domain configuration will be updated upon successful DC discovery.
239  */
240 static void
241 smbd_dc_update(void)
242 {
243 	char		domain[MAXHOSTNAMELEN];
244 	smb_domainex_t	info;
245 	smb_domain_t	*di;
246 	DWORD		status;
247 
248 	/*
249 	 * Don't want this active until we're a domain member.
250 	 */
251 	if (smb_config_get_secmode() != SMB_SECMODE_DOMAIN)
252 		return;
253 
254 	if (smb_getfqdomainname(domain, MAXHOSTNAMELEN) != 0)
255 		return;
256 
257 	if (domain[0] == '\0') {
258 		syslog(LOG_NOTICE,
259 		    "smbd_dc_update: no domain name set");
260 		return;
261 	}
262 
263 	if (!smb_locate_dc(domain, &info)) {
264 		syslog(LOG_NOTICE,
265 		    "smbd_dc_update: %s: locate failed", domain);
266 		return;
267 	}
268 
269 	di = &info.d_primary;
270 	syslog(LOG_INFO,
271 	    "smbd_dc_update: %s: located %s", domain, info.d_dci.dc_name);
272 
273 	status = mlsvc_netlogon(info.d_dci.dc_name, di->di_nbname);
274 	if (status != NT_STATUS_SUCCESS) {
275 		syslog(LOG_NOTICE,
276 		    "failed to establish NETLOGON credential chain");
277 		syslog(LOG_NOTICE, " with server %s for domain %s (%s)",
278 		    info.d_dci.dc_name, domain,
279 		    xlate_nt_status(status));
280 	}
281 }
282 
283 /*
284  * smbd_join
285  *
286  * Joins the specified domain/workgroup.
287  *
288  * If the security mode or domain name is being changed,
289  * the caller must restart the service.
290  */
291 void
292 smbd_join(smb_joininfo_t *info, smb_joinres_t *res)
293 {
294 	dssetup_clear_domain_info();
295 	if (info->mode == SMB_SECMODE_WORKGRP)
296 		smbd_join_workgroup(info, res);
297 	else
298 		smbd_join_domain(info, res);
299 }
300 
301 static void
302 smbd_join_workgroup(smb_joininfo_t *info, smb_joinres_t *res)
303 {
304 	char nb_domain[SMB_PI_MAX_DOMAIN];
305 
306 	syslog(LOG_DEBUG, "smbd: join workgroup: %s", info->domain_name);
307 
308 	(void) smb_config_getstr(SMB_CI_DOMAIN_NAME, nb_domain,
309 	    sizeof (nb_domain));
310 
311 	smbd_set_secmode(SMB_SECMODE_WORKGRP);
312 	smb_config_setdomaininfo(info->domain_name, "", "", "", "");
313 	(void) smb_config_set_idmap_domain("");
314 	(void) smb_config_refresh_idmap();
315 
316 	if (strcasecmp(nb_domain, info->domain_name))
317 		smb_browser_reconfig();
318 
319 	res->status = NT_STATUS_SUCCESS;
320 }
321 
322 static void
323 smbd_join_domain(smb_joininfo_t *info, smb_joinres_t *res)
324 {
325 
326 	syslog(LOG_DEBUG, "smbd: join domain: %s", info->domain_name);
327 
328 	/* info->domain_name could either be NetBIOS domain name or FQDN */
329 	mlsvc_join(info, res);
330 	if (res->status == 0) {
331 		smbd_set_secmode(SMB_SECMODE_DOMAIN);
332 	} else {
333 		syslog(LOG_ERR, "smbd: failed joining %s (%s)",
334 		    info->domain_name, xlate_nt_status(res->status));
335 	}
336 }
337