xref: /titanic_50/usr/src/lib/smbsrv/libmlsvc/common/mlsvc_util.c (revision f275d02f08c70e13825071e2577d1481e8bba78e)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  * Utility functions to support the RPC interface library.
28  */
29 
30 #include <stdio.h>
31 #include <stdarg.h>
32 #include <strings.h>
33 #include <unistd.h>
34 #include <netdb.h>
35 #include <stdlib.h>
36 #include <sys/time.h>
37 #include <sys/systm.h>
38 #include <syslog.h>
39 
40 #include <smbsrv/libsmb.h>
41 #include <smbsrv/libsmbrdr.h>
42 #include <smbsrv/libsmbns.h>
43 #include <smbsrv/libmlsvc.h>
44 #include <smbsrv/smbinfo.h>
45 #include <lsalib.h>
46 #include <samlib.h>
47 #include <smbsrv/netrauth.h>
48 
49 /* Domain join support (using MS-RPC) */
50 static boolean_t mlsvc_ntjoin_support = B_FALSE;
51 
52 extern int netr_open(char *, char *, mlsvc_handle_t *);
53 extern int netr_close(mlsvc_handle_t *);
54 extern DWORD netlogon_auth(char *, mlsvc_handle_t *, DWORD);
55 extern int mlsvc_user_getauth(char *, char *, smb_auth_info_t *);
56 
57 /*
58  * mlsvc_lookup_name
59  *
60  * This is just a wrapper for lsa_lookup_name.
61  *
62  * The memory for the sid is allocated using malloc so the caller should
63  * call free when it is no longer required.
64  */
65 uint32_t
66 mlsvc_lookup_name(char *name, smb_sid_t **sid, uint16_t *sid_type)
67 {
68 	smb_account_t account;
69 	uint32_t status;
70 
71 	status = lsa_lookup_name(name, *sid_type, &account);
72 	if (status == NT_STATUS_SUCCESS) {
73 		*sid = account.a_sid;
74 		account.a_sid = NULL;
75 		*sid_type = account.a_type;
76 		smb_account_free(&account);
77 	}
78 
79 	return (status);
80 }
81 
82 /*
83  * mlsvc_lookup_sid
84  *
85  * This is just a wrapper for lsa_lookup_sid.
86  *
87  * The allocated memory for the returned name must be freed by caller upon
88  * successful return.
89  */
90 uint32_t
91 mlsvc_lookup_sid(smb_sid_t *sid, char **name)
92 {
93 	smb_account_t ainfo;
94 	uint32_t status;
95 	int namelen;
96 
97 	if ((status = lsa_lookup_sid(sid, &ainfo)) == NT_STATUS_SUCCESS) {
98 		namelen = strlen(ainfo.a_domain) + strlen(ainfo.a_name) + 2;
99 		if ((*name = malloc(namelen)) != NULL)
100 			(void) snprintf(*name, namelen, "%s\\%s",
101 			    ainfo.a_domain, ainfo.a_name);
102 		else
103 			status = NT_STATUS_NO_MEMORY;
104 
105 		smb_account_free(&ainfo);
106 	}
107 
108 	return (status);
109 }
110 
111 DWORD
112 mlsvc_netlogon(char *server, char *domain)
113 {
114 	mlsvc_handle_t netr_handle;
115 	DWORD status;
116 
117 	if (netr_open(server, domain, &netr_handle) == 0) {
118 		if ((status = netlogon_auth(server, &netr_handle,
119 		    NETR_FLG_INIT)) != NT_STATUS_SUCCESS)
120 			syslog(LOG_NOTICE, "Failed to establish NETLOGON "
121 			    "credential chain");
122 		(void) netr_close(&netr_handle);
123 	} else {
124 		status = NT_STATUS_OPEN_FAILED;
125 	}
126 
127 	return (status);
128 }
129 
130 /*
131  * Joins the specified domain by creating a machine account on
132  * the selected domain controller.
133  *
134  * Disconnect any existing connection with the domain controller.
135  * This will ensure that no stale connection will be used, it will
136  * also pickup any configuration changes in either side by trying
137  * to establish a new connection.
138  *
139  * Returns NT status codes.
140  */
141 DWORD
142 mlsvc_join(smb_domain_t *dinfo, char *user, char *plain_text)
143 {
144 	smb_auth_info_t auth;
145 	int erc;
146 	DWORD status;
147 	char machine_passwd[NETR_MACHINE_ACCT_PASSWD_MAX];
148 	smb_adjoin_status_t err;
149 	nt_domain_t *domain;
150 
151 	machine_passwd[0] = '\0';
152 
153 	domain = &dinfo->d_info;
154 
155 	mlsvc_disconnect(dinfo->d_dc);
156 
157 	erc = mlsvc_logon(dinfo->d_dc, domain->di_nbname, user);
158 
159 	if (erc == AUTH_USER_GRANT) {
160 		if (mlsvc_ntjoin_support == B_FALSE) {
161 
162 			if ((err = smb_ads_join(domain->di_fqname, user,
163 			    plain_text, machine_passwd,
164 			    sizeof (machine_passwd))) == SMB_ADJOIN_SUCCESS) {
165 				status = NT_STATUS_SUCCESS;
166 			} else {
167 				smb_ads_join_errmsg(err);
168 				status = NT_STATUS_UNSUCCESSFUL;
169 			}
170 		} else {
171 			if (mlsvc_user_getauth(dinfo->d_dc, user, &auth)
172 			    != 0) {
173 				status = NT_STATUS_INVALID_PARAMETER;
174 				return (status);
175 			}
176 
177 			status = sam_create_trust_account(dinfo->d_dc,
178 			    domain->di_nbname, &auth);
179 			if (status == NT_STATUS_SUCCESS) {
180 				(void) smb_getnetbiosname(machine_passwd,
181 				    sizeof (machine_passwd));
182 				(void) utf8_strlwr(machine_passwd);
183 			}
184 		}
185 
186 		if (status == NT_STATUS_SUCCESS) {
187 			erc = smb_setdomainprops(NULL, dinfo->d_dc,
188 			    machine_passwd);
189 			if (erc != 0) {
190 				syslog(LOG_NOTICE, "Failed to update CIFS "
191 				    "configuration");
192 				return (NT_STATUS_UNSUCCESSFUL);
193 			}
194 
195 			status = mlsvc_netlogon(dinfo->d_dc, domain->di_nbname);
196 		}
197 	} else {
198 		status = NT_STATUS_LOGON_FAILURE;
199 	}
200 
201 	return (status);
202 }
203