xref: /illumos-gate/usr/src/lib/smbsrv/libmlsvc/common/mlsvc_util.c (revision 2506833e104b0230265b2060e907afe5b224df6c) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  * Utility functions to support the RPC interface library.
28  */
29 
30 #include <stdio.h>
31 #include <stdarg.h>
32 #include <strings.h>
33 #include <unistd.h>
34 #include <netdb.h>
35 #include <stdlib.h>
36 #include <sys/time.h>
37 #include <sys/systm.h>
38 #include <syslog.h>
39 
40 #include <smbsrv/libsmb.h>
41 #include <smbsrv/libsmbrdr.h>
42 #include <smbsrv/libsmbns.h>
43 #include <smbsrv/libmlsvc.h>
44 #include <smbsrv/smbinfo.h>
45 #include <lsalib.h>
46 #include <samlib.h>
47 #include <smbsrv/netrauth.h>
48 
49 /* Domain join support (using MS-RPC) */
50 static boolean_t mlsvc_ntjoin_support = B_FALSE;
51 
52 extern int netr_open(char *, char *, mlsvc_handle_t *);
53 extern int netr_close(mlsvc_handle_t *);
54 extern DWORD netlogon_auth(char *, mlsvc_handle_t *, DWORD);
55 extern int mlsvc_user_getauth(char *, char *, smb_auth_info_t *);
56 
57 /*
58  * mlsvc_lookup_name
59  *
60  * This is just a wrapper for lsa_lookup_name.
61  *
62  * The memory for the sid is allocated using malloc so the caller should
63  * call free when it is no longer required.
64  */
65 uint32_t
66 mlsvc_lookup_name(char *name, smb_sid_t **sid, uint16_t *sid_type)
67 {
68 	smb_account_t account;
69 	uint32_t status;
70 
71 	status = lsa_lookup_name(name, *sid_type, &account);
72 	if (status == NT_STATUS_SUCCESS) {
73 		*sid = account.a_sid;
74 		account.a_sid = NULL;
75 		*sid_type = account.a_type;
76 		smb_account_free(&account);
77 	}
78 
79 	return (status);
80 }
81 
82 /*
83  * mlsvc_lookup_sid
84  *
85  * This is just a wrapper for lsa_lookup_sid.
86  *
87  * The allocated memory for the returned name must be freed by caller upon
88  * successful return.
89  */
90 uint32_t
91 mlsvc_lookup_sid(smb_sid_t *sid, char **name)
92 {
93 	smb_account_t ainfo;
94 	uint32_t status;
95 	int namelen;
96 
97 	if ((status = lsa_lookup_sid(sid, &ainfo)) == NT_STATUS_SUCCESS) {
98 		namelen = strlen(ainfo.a_domain) + strlen(ainfo.a_name) + 2;
99 		if ((*name = malloc(namelen)) != NULL)
100 			(void) snprintf(*name, namelen, "%s\\%s",
101 			    ainfo.a_domain, ainfo.a_name);
102 		else
103 			status = NT_STATUS_NO_MEMORY;
104 
105 		smb_account_free(&ainfo);
106 	}
107 
108 	return (status);
109 }
110 
111 DWORD
112 mlsvc_netlogon(char *server, char *domain)
113 {
114 	mlsvc_handle_t netr_handle;
115 	DWORD status;
116 
117 	if (netr_open(server, domain, &netr_handle) == 0) {
118 		if ((status = netlogon_auth(server, &netr_handle,
119 		    NETR_FLG_INIT)) != NT_STATUS_SUCCESS)
120 			syslog(LOG_NOTICE, "Failed to establish NETLOGON "
121 			    "credential chain");
122 		(void) netr_close(&netr_handle);
123 	} else {
124 		status = NT_STATUS_OPEN_FAILED;
125 	}
126 
127 	return (status);
128 }
129 
130 /*
131  * mlsvc_join
132  *
133  * Returns NT status codes.
134  */
135 DWORD
136 mlsvc_join(smb_domain_t *dinfo, char *user, char *plain_text)
137 {
138 	smb_auth_info_t auth;
139 	int erc;
140 	DWORD status;
141 	char machine_passwd[NETR_MACHINE_ACCT_PASSWD_MAX];
142 	smb_adjoin_status_t err;
143 
144 	machine_passwd[0] = '\0';
145 
146 	/*
147 	 * Ensure that the domain name is uppercase.
148 	 */
149 	(void) utf8_strupr(dinfo->d_nbdomain);
150 
151 	erc = mlsvc_logon(dinfo->d_dc, dinfo->d_nbdomain, user);
152 
153 	if (erc == AUTH_USER_GRANT) {
154 		if (mlsvc_ntjoin_support == B_FALSE) {
155 
156 			if ((err = smb_ads_join(dinfo->d_fqdomain, user,
157 			    plain_text, machine_passwd,
158 			    sizeof (machine_passwd))) == SMB_ADJOIN_SUCCESS) {
159 				status = NT_STATUS_SUCCESS;
160 			} else {
161 				smb_ads_join_errmsg(err);
162 				status = NT_STATUS_UNSUCCESSFUL;
163 			}
164 		} else {
165 			if (mlsvc_user_getauth(dinfo->d_dc, user, &auth)
166 			    != 0) {
167 				status = NT_STATUS_INVALID_PARAMETER;
168 				return (status);
169 			}
170 
171 			status = sam_create_trust_account(dinfo->d_dc,
172 			    dinfo->d_nbdomain, &auth);
173 			if (status == NT_STATUS_SUCCESS) {
174 				(void) smb_getnetbiosname(machine_passwd,
175 				    sizeof (machine_passwd));
176 				(void) utf8_strlwr(machine_passwd);
177 			}
178 		}
179 
180 		if (status == NT_STATUS_SUCCESS) {
181 			erc = smb_setdomainprops(NULL, dinfo->d_dc,
182 			    machine_passwd);
183 			if (erc != 0) {
184 				syslog(LOG_NOTICE, "Failed to update CIFS "
185 				    "configuration");
186 				return (NT_STATUS_UNSUCCESSFUL);
187 			}
188 
189 			status = mlsvc_netlogon(dinfo->d_dc, dinfo->d_nbdomain);
190 		}
191 	} else {
192 		status = NT_STATUS_LOGON_FAILURE;
193 	}
194 
195 	return (status);
196 }
197