smbd_join.c revision 8d7e41661dc4633488e93b13363137523ce59977
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include <syslog.h>
#include <synch.h>
#include <pthread.h>
#include <unistd.h>
#include <string.h>
#include <strings.h>
#include <smbsrv/libsmbrdr.h>
#include <smbsrv/libsmbns.h>
#include <smbsrv/libmlsvc.h>
#include <smbsrv/ntstatus.h>
#include "smbd.h"
/*
* This is a short-lived thread that triggers the initial DC discovery
* at startup.
*/
static pthread_t smb_locate_dc_thr;
static void *smbd_locate_dc_thread(void *);
static int smbd_get_kpasswd_srv(char *, size_t);
/*
* smbd_join
*
*
* If the security mode or domain name is being changed,
* the caller must restart the service.
*/
{
else
return (status);
}
/*
* smbd_set_netlogon_cred
*
* If the system is joined to an AD domain via kclient, SMB daemon will need
* to establish the NETLOGON credential chain.
*
* Since the kclient has updated the machine password stored in SMF
* repository, the cached ipc_info must be updated accordingly by calling
* smbrdr_ipc_commit.
*
* Due to potential replication delays in a multiple DC environment, the
* NETLOGON rpc request must be sent to the DC, to which the KPASSWD request
* is sent. If the DC discovered by the SMB daemon is different than the
* kpasswd server, the current connection with the DC will be torn down
* and a DC discovery process will be triggered to locate the kpasswd
* server.
*
* If joining a new domain, the domain_name property must be set after a
* successful credential chain setup.
*/
smbd_set_netlogon_cred(void)
{
char kpasswd_srv[MAXHOSTNAMELEN];
char kpasswd_domain[MAXHOSTNAMELEN];
char sam_acct[SMB_SAMACCT_MAXLEN];
if (smb_config_get_secmode() != SMB_SECMODE_DOMAIN)
return (B_FALSE);
if (smb_match_netlogon_seqnum())
return (B_FALSE);
sizeof (kpasswd_srv));
if (*kpasswd_srv == '\0')
return (B_FALSE);
/*
* If the domain join initiated by smbadm join CLI is in
* progress, don't do anything.
*/
return (B_FALSE);
if (!smb_domain_getinfo(&dinfo))
sizeof (kpasswd_domain));
if (*kpasswd_domain != '\0' &&
new_domain = B_TRUE;
} else {
}
/*
* DC discovery will be triggered if the domain info is not
* currently cached or the SMB daemon has previously discovered a DC
* that is different than the kpasswd server.
*/
return (B_FALSE);
}
}
}
"failed to establish NETLOGON credential chain");
return (B_TRUE);
} else {
if (new_domain) {
}
}
return (new_domain);
}
/*
* smbd_locate_dc_start()
*
* Initialization of the thread that triggers the initial DC discovery
* when SMB daemon starts up.
* Returns 0 on success, an error number if thread creation fails.
*/
int
smbd_locate_dc_start(void)
{
int rc;
(void) pthread_attr_init(&tattr);
NULL);
(void) pthread_attr_destroy(&tattr);
return (rc);
}
/*
* smbd_locate_dc_thread()
*
* If necessary, set up Netlogon credential chain and locate a
* domain controller in the given resource domain.
*
* The domain configuration will be updated upon a successful DC discovery.
*/
/*ARGSUSED*/
static void *
smbd_locate_dc_thread(void *arg)
{
char domain[MAXHOSTNAMELEN];
if (!smb_match_netlogon_seqnum()) {
(void) smbd_set_netlogon_cred();
} else {
(void) utf8_strupr(domain);
}
}
return (NULL);
}
/*
* Retrieve the kpasswd server from krb5.conf.
*
* Initialization of the locate dc thread.
* Returns 0 on success, an error number if thread creation fails.
*/
static int
{
static char buf[512];
char *p;
*srv = '\0';
p = getenv("KRB5_CONFIG");
if (p == NULL || *p == '\0')
return (-1);
/* Weed out any comment text */
(void) trim_whitespace(buf);
if (*buf == '#')
continue;
(void) trim_whitespace(++p);
}
break;
}
}
}
static uint32_t
{
char nb_domain[SMB_PI_MAX_DOMAIN];
sizeof (nb_domain));
sizeof (dinfo.d_nbdomain));
return (NT_STATUS_SUCCESS);
}
static uint32_t
{
unsigned char passwd_hash[SMBAUTH_HASH_SZ];
char dc[MAXHOSTNAMELEN];
/*
* Ensure that any previous membership of this domain has
* been cleared from the environment before we start. This
* will ensure that we don't attempt a NETLOGON_SAMLOGON
* when attempting to find the PDC.
*/
!= SMBAUTH_SUCCESS) {
return (NT_STATUS_INTERNAL_ERROR);
}
/* info->domain_name could either be NetBIOS domain name or FQDN */
if (status == NT_STATUS_SUCCESS) {
return (status);
}
return (status);
}
info->domain_name);
return (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND);
}