xref: /titanic_53/usr/src/lib/smbsrv/libmlsvc/common/dssetup_svc.c (revision 148c5f43199ca0b43fc8e3b643aab11cd66ea327) 
12c1b14e5Sjose borrego /*
22c1b14e5Sjose borrego  * CDDL HEADER START
32c1b14e5Sjose borrego  *
42c1b14e5Sjose borrego  * The contents of this file are subject to the terms of the
52c1b14e5Sjose borrego  * Common Development and Distribution License (the "License").
62c1b14e5Sjose borrego  * You may not use this file except in compliance with the License.
72c1b14e5Sjose borrego  *
82c1b14e5Sjose borrego  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
92c1b14e5Sjose borrego  * or http://www.opensolaris.org/os/licensing.
102c1b14e5Sjose borrego  * See the License for the specific language governing permissions
112c1b14e5Sjose borrego  * and limitations under the License.
122c1b14e5Sjose borrego  *
132c1b14e5Sjose borrego  * When distributing Covered Code, include this CDDL HEADER in each
142c1b14e5Sjose borrego  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
152c1b14e5Sjose borrego  * If applicable, add the following below this CDDL HEADER, with the
162c1b14e5Sjose borrego  * fields enclosed by brackets "[]" replaced with your own identifying
172c1b14e5Sjose borrego  * information: Portions Copyright [yyyy] [name of copyright owner]
182c1b14e5Sjose borrego  *
192c1b14e5Sjose borrego  * CDDL HEADER END
202c1b14e5Sjose borrego  */
21*148c5f43SAlan Wright 
222c1b14e5Sjose borrego /*
23*148c5f43SAlan Wright  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
242c1b14e5Sjose borrego  */
252c1b14e5Sjose borrego 
262c1b14e5Sjose borrego /*
272c1b14e5Sjose borrego  * Active Directory Setup RPC interface used by Windows 2000.
282c1b14e5Sjose borrego  */
292c1b14e5Sjose borrego 
302c1b14e5Sjose borrego #include <synch.h>
312c1b14e5Sjose borrego #include <strings.h>
322c1b14e5Sjose borrego #include <stdlib.h>
332c1b14e5Sjose borrego #include <netdb.h>
342c1b14e5Sjose borrego 
352c1b14e5Sjose borrego #include <smbsrv/libsmb.h>
362c1b14e5Sjose borrego #include <smbsrv/libmlrpc.h>
372c1b14e5Sjose borrego #include <smbsrv/libmlsvc.h>
382c1b14e5Sjose borrego #include <smbsrv/ndl/dssetup.ndl>
392c1b14e5Sjose borrego #include <smbsrv/smbinfo.h>
402c1b14e5Sjose borrego #include <smbsrv/nmpipes.h>
412c1b14e5Sjose borrego 
422c1b14e5Sjose borrego int dssetup_get_domain_info(ds_primary_domain_info_t *);
432c1b14e5Sjose borrego 
442c1b14e5Sjose borrego static int dssetup_DsRoleGetPrimaryDomainInfo(void *, ndr_xa_t *);
452c1b14e5Sjose borrego static uint32_t dssetup_member_server(ds_primary_domain_info_t *, ndr_xa_t *);
462c1b14e5Sjose borrego static uint32_t dssetup_standalone_server(ds_primary_domain_info_t *,
472c1b14e5Sjose borrego     ndr_xa_t *);
482c1b14e5Sjose borrego 
498d7e4166Sjose borrego static ndr_stub_table_t dssetup_stub_table[] = {
502c1b14e5Sjose borrego 	{ dssetup_DsRoleGetPrimaryDomainInfo,
512c1b14e5Sjose borrego 	    DSSETUP_OPNUM_DsRoleGetPrimaryDomainInfo },
522c1b14e5Sjose borrego 	{0}
532c1b14e5Sjose borrego };
542c1b14e5Sjose borrego 
558d7e4166Sjose borrego static ndr_service_t dssetup_service = {
562c1b14e5Sjose borrego 	"DSSETUP",			/* name */
572c1b14e5Sjose borrego 	"Active Directory Setup",	/* desc */
582c1b14e5Sjose borrego 	"\\lsarpc",			/* endpoint */
592c1b14e5Sjose borrego 	PIPE_LSASS,			/* sec_addr_port */
608d7e4166Sjose borrego 	"3919286a-b10c-11d0-9ba8-00c04fd92ef5",	0,	/* abstract */
618d7e4166Sjose borrego 	NDR_TRANSFER_SYNTAX_UUID,		2,	/* transfer */
622c1b14e5Sjose borrego 	0,				/* no bind_instance_size */
632c1b14e5Sjose borrego 	0,				/* no bind_req() */
642c1b14e5Sjose borrego 	0,				/* no unbind_and_close() */
652c1b14e5Sjose borrego 	0,				/* use generic_call_stub() */
662c1b14e5Sjose borrego 	&TYPEINFO(dssetup_interface),	/* interface ti */
672c1b14e5Sjose borrego 	dssetup_stub_table		/* stub_table */
682c1b14e5Sjose borrego };
692c1b14e5Sjose borrego 
702c1b14e5Sjose borrego static ds_primary_domain_info_t ds_info;
712c1b14e5Sjose borrego static mutex_t ds_info_mtx;
722c1b14e5Sjose borrego 
732c1b14e5Sjose borrego /*
742c1b14e5Sjose borrego  * dssetup_initialize
752c1b14e5Sjose borrego  *
762c1b14e5Sjose borrego  * This function registers the DSSETUP interface with the RPC runtime
772c1b14e5Sjose borrego  * library. It must be called in order to use either the client side
782c1b14e5Sjose borrego  * or the server side functions.
792c1b14e5Sjose borrego  */
802c1b14e5Sjose borrego void
dssetup_initialize(void)812c1b14e5Sjose borrego dssetup_initialize(void)
822c1b14e5Sjose borrego {
832c1b14e5Sjose borrego 	dssetup_clear_domain_info();
848d7e4166Sjose borrego 	(void) ndr_svc_register(&dssetup_service);
852c1b14e5Sjose borrego }
862c1b14e5Sjose borrego 
872c1b14e5Sjose borrego void
dssetup_clear_domain_info(void)882c1b14e5Sjose borrego dssetup_clear_domain_info(void)
892c1b14e5Sjose borrego {
902c1b14e5Sjose borrego 	(void) mutex_lock(&ds_info_mtx);
912c1b14e5Sjose borrego 
922c1b14e5Sjose borrego 	free(ds_info.nt_domain);
932c1b14e5Sjose borrego 	free(ds_info.dns_domain);
942c1b14e5Sjose borrego 	free(ds_info.forest);
952c1b14e5Sjose borrego 	bzero(&ds_info, sizeof (ds_primary_domain_info_t));
962c1b14e5Sjose borrego 
972c1b14e5Sjose borrego 	(void) mutex_unlock(&ds_info_mtx);
982c1b14e5Sjose borrego }
992c1b14e5Sjose borrego 
1002c1b14e5Sjose borrego /*
1012c1b14e5Sjose borrego  * Request for machine role and primary domain information.
1022c1b14e5Sjose borrego  */
1032c1b14e5Sjose borrego static int
dssetup_DsRoleGetPrimaryDomainInfo(void * arg,ndr_xa_t * mxa)1042c1b14e5Sjose borrego dssetup_DsRoleGetPrimaryDomainInfo(void *arg, ndr_xa_t *mxa)
1052c1b14e5Sjose borrego {
1062c1b14e5Sjose borrego 	dssetup_DsRoleGetPrimaryDomainInfo_t *param = arg;
1072c1b14e5Sjose borrego 	dssetup_GetPrimaryDomainInfo_t *info;
1082c1b14e5Sjose borrego 	ds_primary_domain_info_t *info1;
1092c1b14e5Sjose borrego 	uint32_t status;
1102c1b14e5Sjose borrego 	int security_mode;
1112c1b14e5Sjose borrego 
1128d7e4166Sjose borrego 	info = NDR_MALLOC(mxa, sizeof (dssetup_GetPrimaryDomainInfo_t));
1132c1b14e5Sjose borrego 	if (info == NULL) {
1142c1b14e5Sjose borrego 		status = NT_STATUS_NO_MEMORY;
1152c1b14e5Sjose borrego 	} else if (param->level != DS_ROLE_BASIC_INFORMATION) {
1162c1b14e5Sjose borrego 		status = NT_STATUS_INVALID_LEVEL;
1172c1b14e5Sjose borrego 	} else {
1182c1b14e5Sjose borrego 		info->switch_value = param->level;
1192c1b14e5Sjose borrego 		info1 = &info->ru.info1;
1202c1b14e5Sjose borrego 
1212c1b14e5Sjose borrego 		security_mode = smb_config_get_secmode();
1222c1b14e5Sjose borrego 
1232c1b14e5Sjose borrego 		if (security_mode == SMB_SECMODE_DOMAIN)
1242c1b14e5Sjose borrego 			status = dssetup_member_server(info1, mxa);
1252c1b14e5Sjose borrego 		else
1262c1b14e5Sjose borrego 			status = dssetup_standalone_server(info1, mxa);
1272c1b14e5Sjose borrego 	}
1282c1b14e5Sjose borrego 
1292c1b14e5Sjose borrego 	if (status != NT_STATUS_SUCCESS) {
1302c1b14e5Sjose borrego 		bzero(param, sizeof (dssetup_DsRoleGetPrimaryDomainInfo_t));
1312c1b14e5Sjose borrego 		param->status = NT_SC_ERROR(status);
1322c1b14e5Sjose borrego 	} else {
1332c1b14e5Sjose borrego 		param->info = info;
1342c1b14e5Sjose borrego 		param->status = NT_STATUS_SUCCESS;
1352c1b14e5Sjose borrego 	}
1362c1b14e5Sjose borrego 
1378d7e4166Sjose borrego 	return (NDR_DRC_OK);
1382c1b14e5Sjose borrego }
1392c1b14e5Sjose borrego 
1402c1b14e5Sjose borrego /*
1412c1b14e5Sjose borrego  * When the machine role is domain member:
1422c1b14e5Sjose borrego  * 	nt_domain must contain the NetBIOS domain name
1432c1b14e5Sjose borrego  * 	dns_domain must contain the DNS domain name (cannot be NULL)
1442c1b14e5Sjose borrego  * 	forest must contain the forest name (cannot be NULL)
1452c1b14e5Sjose borrego  *
1462c1b14e5Sjose borrego  * If DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT is set in flags, the domain_guid
1472c1b14e5Sjose borrego  * must contain the domain UUID.  Otherwise domain_guid is ignored.
1482c1b14e5Sjose borrego  */
1492c1b14e5Sjose borrego static uint32_t
dssetup_member_server(ds_primary_domain_info_t * info,ndr_xa_t * mxa)1502c1b14e5Sjose borrego dssetup_member_server(ds_primary_domain_info_t *info, ndr_xa_t *mxa)
1512c1b14e5Sjose borrego {
1522c1b14e5Sjose borrego 	char dns_domain[MAXHOSTNAMELEN];
1532c1b14e5Sjose borrego 	char nt_domain[MAXHOSTNAMELEN];
1542c1b14e5Sjose borrego 
1552c1b14e5Sjose borrego 	(void) mutex_lock(&ds_info_mtx);
1562c1b14e5Sjose borrego 
1572c1b14e5Sjose borrego 	if ((ds_info.flags & DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT) == 0) {
1582c1b14e5Sjose borrego 		/*
1592c1b14e5Sjose borrego 		 * If we don't have the domain GUID, try to get it from a
1602c1b14e5Sjose borrego 		 * domain controller. Otherwise, use local configuration.
1612c1b14e5Sjose borrego 		 */
1622c1b14e5Sjose borrego 		free(ds_info.nt_domain);
1632c1b14e5Sjose borrego 		free(ds_info.dns_domain);
1642c1b14e5Sjose borrego 		free(ds_info.forest);
1652c1b14e5Sjose borrego 		(void) dssetup_get_domain_info(&ds_info);
1662c1b14e5Sjose borrego 	}
1672c1b14e5Sjose borrego 
1682c1b14e5Sjose borrego 	if (ds_info.flags & DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT) {
1692c1b14e5Sjose borrego 		info->flags = DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT;
1708d7e4166Sjose borrego 		info->nt_domain = NDR_STRDUP(mxa, (char *)ds_info.nt_domain);
1718d7e4166Sjose borrego 		info->dns_domain = NDR_STRDUP(mxa, (char *)ds_info.dns_domain);
1728d7e4166Sjose borrego 		info->forest = NDR_STRDUP(mxa, (char *)ds_info.forest);
1732c1b14e5Sjose borrego 		bcopy(&ds_info.domain_guid, &info->domain_guid,
1742c1b14e5Sjose borrego 		    sizeof (ndr_uuid_t));
1752c1b14e5Sjose borrego 	} else {
1762c1b14e5Sjose borrego 		if (smb_getdomainname(nt_domain, MAXHOSTNAMELEN) != 0) {
1772c1b14e5Sjose borrego 			(void) mutex_unlock(&ds_info_mtx);
1782c1b14e5Sjose borrego 			return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
1792c1b14e5Sjose borrego 		}
1802c1b14e5Sjose borrego 
1812c1b14e5Sjose borrego 		if (smb_getfqdomainname(dns_domain, MAXHOSTNAMELEN) != 0) {
1822c1b14e5Sjose borrego 			(void) mutex_unlock(&ds_info_mtx);
1832c1b14e5Sjose borrego 			return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
1842c1b14e5Sjose borrego 		}
1852c1b14e5Sjose borrego 
186bbf6f00cSJordan Brown 		(void) smb_strlwr(dns_domain);
1872c1b14e5Sjose borrego 
1882c1b14e5Sjose borrego 		info->flags = 0;
1898d7e4166Sjose borrego 		info->nt_domain = NDR_STRDUP(mxa, nt_domain);
1908d7e4166Sjose borrego 		info->dns_domain = NDR_STRDUP(mxa, dns_domain);
1918d7e4166Sjose borrego 		info->forest = NDR_STRDUP(mxa, dns_domain);
1922c1b14e5Sjose borrego 		bzero(&info->domain_guid, sizeof (ndr_uuid_t));
1932c1b14e5Sjose borrego 	}
1942c1b14e5Sjose borrego 
1952c1b14e5Sjose borrego 	(void) mutex_unlock(&ds_info_mtx);
1962c1b14e5Sjose borrego 
1972c1b14e5Sjose borrego 	if (info->nt_domain == NULL ||
1982c1b14e5Sjose borrego 	    info->dns_domain == NULL ||
1992c1b14e5Sjose borrego 	    info->forest == NULL)
2002c1b14e5Sjose borrego 		return (NT_STATUS_NO_MEMORY);
2012c1b14e5Sjose borrego 
2022c1b14e5Sjose borrego 	info->role = DS_ROLE_MEMBER_SERVER;
2032c1b14e5Sjose borrego 	return (NT_STATUS_SUCCESS);
2042c1b14e5Sjose borrego }
2052c1b14e5Sjose borrego 
2062c1b14e5Sjose borrego /*
2072c1b14e5Sjose borrego  * When the machine role is standalone:
2082c1b14e5Sjose borrego  * 	nt_domain must contain the NetBIOS workgroup name
2092c1b14e5Sjose borrego  * 	dns_domain must be NULL
2102c1b14e5Sjose borrego  * 	forest must be NULL
2112c1b14e5Sjose borrego  *
2122c1b14e5Sjose borrego  * We don't maintain a domain GUID.  When DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT
2132c1b14e5Sjose borrego  * is not set in flags, domain_guid is ignored.
2142c1b14e5Sjose borrego  */
2152c1b14e5Sjose borrego static uint32_t
dssetup_standalone_server(ds_primary_domain_info_t * info,ndr_xa_t * mxa)2162c1b14e5Sjose borrego dssetup_standalone_server(ds_primary_domain_info_t *info, ndr_xa_t *mxa)
2172c1b14e5Sjose borrego {
2182c1b14e5Sjose borrego 	char nt_domain[MAXHOSTNAMELEN];
2192c1b14e5Sjose borrego 
2202c1b14e5Sjose borrego 	if (smb_getdomainname(nt_domain, MAXHOSTNAMELEN) != 0)
2212c1b14e5Sjose borrego 		return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
2222c1b14e5Sjose borrego 
2238d7e4166Sjose borrego 	info->nt_domain = NDR_STRDUP(mxa, nt_domain);
2242c1b14e5Sjose borrego 	if (info->nt_domain == NULL)
2252c1b14e5Sjose borrego 		return (NT_STATUS_NO_MEMORY);
2262c1b14e5Sjose borrego 
2272c1b14e5Sjose borrego 	info->role = DS_ROLE_STANDALONE_SERVER;
2282c1b14e5Sjose borrego 	info->flags = 0;
2292c1b14e5Sjose borrego 	info->dns_domain = NULL;
2302c1b14e5Sjose borrego 	info->forest = NULL;
2312c1b14e5Sjose borrego 	bzero(&info->domain_guid, sizeof (ndr_uuid_t));
2322c1b14e5Sjose borrego 	return (NT_STATUS_SUCCESS);
2332c1b14e5Sjose borrego }
234