smbsrv/smbd/smbd_join.c

	smbd_join.c revision fd9ee8b58485b20072eeef1310a88ff348d5e7fa
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER START
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The contents of this file are subject to the terms of the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Common Development and Distribution License (the "License").
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You may not use this file except in compliance with the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * or http://www.opensolaris.org/os/licensing.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * See the License for the specific language governing permissions
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and limitations under the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * When distributing Covered Code, include this CDDL HEADER in each
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If applicable, add the following below this CDDL HEADER, with the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * fields enclosed by brackets "[]" replaced with your own identifying
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * information: Portions Copyright [yyyy] [name of copyright owner]
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER END
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <syslog.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <synch.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <pthread.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <unistd.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <string.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <strings.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <sys/errno.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/libsmb.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/libsmbns.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/libmlsvc.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/smbinfo.h>
8d7e41661dc4633488e93b13363137523ce59977jose borrego#include "smbd.h"
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh#define SMBD_DC_MONITOR_ATTEMPTS        3
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh#define SMBD_DC_MONITOR_RETRY_INTERVAL      3   /* seconds */
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh#define SMBD_DC_MONITOR_INTERVAL        60  /* seconds */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintoshextern smbd_t smbd;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintoshstatic mutex_t smbd_dc_mutex;
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintoshstatic cond_t smbd_dc_cv;
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintoshstatic void *smbd_dc_monitor(void *);
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintoshstatic void smbd_dc_update(void);
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintoshstatic boolean_t smbd_set_netlogon_cred(void);
8d7e41661dc4633488e93b13363137523ce59977jose borregostatic int smbd_get_kpasswd_srv(char *, size_t);
8d7e41661dc4633488e93b13363137523ce59977jose borregostatic uint32_t smbd_join_workgroup(smb_joininfo_t *);
8d7e41661dc4633488e93b13363137523ce59977jose borregostatic uint32_t smbd_join_domain(smb_joininfo_t *);
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh/*
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh * Launch the DC discovery and monitor thread.
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh */
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintoshint
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintoshsmbd_dc_monitor_init(void)
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh{
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    pthread_attr_t  attr;
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    int     rc;
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh    (void) smb_config_getstr(SMB_CI_ADS_SITE, smbd.s_site,
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh        MAXHOSTNAMELEN);
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh    (void) smb_config_getip(SMB_CI_DOMAIN_SRV, &smbd.s_pdc);
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    smb_ads_init();
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    if (smbd.s_secmode != SMB_SECMODE_DOMAIN)
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh        return (0);
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    (void) pthread_attr_init(&attr);
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    (void) pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    rc = pthread_create(&smbd.s_dc_monitor_tid, &attr, smbd_dc_monitor,
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh        NULL);
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    (void) pthread_attr_destroy(&attr);
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    return (rc);
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh}
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintoshvoid
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintoshsmbd_dc_monitor_refresh(void)
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh{
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh    char        site[MAXHOSTNAMELEN];
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh    smb_inaddr_t    pdc;
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh    site[0] = '\0';
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh    bzero(&pdc, sizeof (smb_inaddr_t));
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh    (void) smb_config_getstr(SMB_CI_ADS_SITE, site, MAXHOSTNAMELEN);
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh    (void) smb_config_getip(SMB_CI_DOMAIN_SRV, &pdc);
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh    (void) mutex_lock(&smbd_dc_mutex);
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh    if ((bcmp(&smbd.s_pdc, &pdc, sizeof (smb_inaddr_t)) != 0) ||
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh        (smb_strcasecmp(smbd.s_site, site, 0) != 0)) {
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh        bcopy(&pdc, &smbd.s_pdc, sizeof (smb_inaddr_t));
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh        (void) strlcpy(smbd.s_site, site, MAXHOSTNAMELEN);
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh        smbd.s_pdc_changed = B_TRUE;
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh        (void) cond_signal(&smbd_dc_cv);
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh    }
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh    (void) mutex_unlock(&smbd_dc_mutex);
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh}
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh/*ARGSUSED*/
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintoshstatic void *
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintoshsmbd_dc_monitor(void *arg)
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh{
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    boolean_t   ds_not_responding = B_FALSE;
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh    boolean_t   ds_cfg_changed = B_FALSE;
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh    timestruc_t delay;
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    int     i;
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    smbd_dc_update();
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    smbd_online_wait("smbd_dc_monitor");
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    while (smbd_online()) {
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh        delay.tv_sec = SMBD_DC_MONITOR_INTERVAL;
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh        delay.tv_nsec = 0;
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh        (void) mutex_lock(&smbd_dc_mutex);
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh        (void) cond_reltimedwait(&smbd_dc_cv, &smbd_dc_mutex, &delay);
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh        if (smbd.s_pdc_changed) {
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh            smbd.s_pdc_changed = B_FALSE;
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh            ds_cfg_changed = B_TRUE;
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh        }
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh        (void) mutex_unlock(&smbd_dc_mutex);
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh        for (i = 0; i < SMBD_DC_MONITOR_ATTEMPTS; ++i) {
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh            if (dssetup_check_service() == 0) {
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh                ds_not_responding = B_FALSE;
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh                break;
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh            }
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh            ds_not_responding = B_TRUE;
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh            (void) sleep(SMBD_DC_MONITOR_RETRY_INTERVAL);
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh        }
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh        if (ds_not_responding)
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh            smb_log(smbd.s_loghd, LOG_NOTICE,
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh                "smbd_dc_monitor: domain service not responding");
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh        if (ds_not_responding || ds_cfg_changed) {
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh            ds_cfg_changed = B_FALSE;
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh            smb_ads_refresh();
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh            smbd_dc_update();
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh        }
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    }
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    smbd.s_dc_monitor_tid = 0;
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    return (NULL);
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh}
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh/*
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh * Locate a domain controller in the current resource domain and Update
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh * the Netlogon credential chain.
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh *
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh * The domain configuration will be updated upon successful DC discovery.
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh */
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintoshstatic void
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintoshsmbd_dc_update(void)
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh{
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    char        domain[MAXHOSTNAMELEN];
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    smb_domainex_t  info;
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    smb_domain_t    *primary;
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    if (smb_getfqdomainname(domain, MAXHOSTNAMELEN) != 0) {
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh        (void) smb_getdomainname(domain, MAXHOSTNAMELEN);
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh        (void) smb_strupr(domain);
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    }
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    if (!smb_locate_dc(domain, "", &info)) {
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh        smb_log(smbd.s_loghd, LOG_NOTICE,
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh            "smbd_dc_update: %s: locate failed", domain);
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    } else {
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh        primary = &info.d_primary;
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh        smb_config_setdomaininfo(primary->di_nbname,
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh            primary->di_fqname,
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh            primary->di_sid,
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh            primary->di_u.di_dns.ddi_forest,
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh            primary->di_u.di_dns.ddi_guid);
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh        smb_log(smbd.s_loghd, LOG_NOTICE,
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh            "smbd_dc_update: %s: located %s", domain, info.d_dc);
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    }
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    if (smbd_set_netlogon_cred()) {
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh        /*
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh         * Restart required because the domain changed
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh         * or the credential chain setup failed.
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh         */
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh        smb_log(smbd.s_loghd, LOG_NOTICE,
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh            "smbd_dc_update: %s: smb/server restart required");
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh        if (smb_smf_restart_service() != 0)
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh            smb_log(smbd.s_loghd, LOG_ERR,
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh                "restart failed: run 'svcs -xv smb/server'"
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh                " for more information");
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    }
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh}
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smbd_join
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Joins the specified domain/workgroup.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * If the security mode or domain name is being changed,
8d7e41661dc4633488e93b13363137523ce59977jose borrego * the caller must restart the service.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwuint32_t
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwsmbd_join(smb_joininfo_t *info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    uint32_t status;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego    dssetup_clear_domain_info();
8d7e41661dc4633488e93b13363137523ce59977jose borrego    if (info->mode == SMB_SECMODE_WORKGRP)
8d7e41661dc4633488e93b13363137523ce59977jose borrego        status = smbd_join_workgroup(info);
8d7e41661dc4633488e93b13363137523ce59977jose borrego    else
8d7e41661dc4633488e93b13363137523ce59977jose borrego        status = smbd_join_domain(info);
2c1b14e51525da2c09064641416fc4aed457c72fjose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb/*
8d7e41661dc4633488e93b13363137523ce59977jose borrego * smbd_set_netlogon_cred
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb *
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb * If the system is joined to an AD domain via kclient, SMB daemon will need
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb * to establish the NETLOGON credential chain.
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb *
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb * Since the kclient has updated the machine password stored in SMF
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb * repository, the cached ipc_info must be updated accordingly by calling
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright * smb_ipc_commit.
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb *
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb * Due to potential replication delays in a multiple DC environment, the
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb * NETLOGON rpc request must be sent to the DC, to which the KPASSWD request
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb * is sent. If the DC discovered by the SMB daemon is different than the
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb * kpasswd server, the current connection with the DC will be torn down
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb * and a DC discovery process will be triggered to locate the kpasswd
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb * server.
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb *
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb * If joining a new domain, the domain_name property must be set after a
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb * successful credential chain setup.
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb */
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintoshstatic boolean_t
8d7e41661dc4633488e93b13363137523ce59977jose borregosmbd_set_netlogon_cred(void)
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb{
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb    char kpasswd_srv[MAXHOSTNAMELEN];
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb    char kpasswd_domain[MAXHOSTNAMELEN];
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States    char sam_acct[SMB_SAMACCT_MAXLEN];
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    char ipc_usr[SMB_USERNAME_MAXLEN];
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    char *dom;
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb    boolean_t new_domain = B_FALSE;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_domainex_t dxi;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_domain_t *di;
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb    if (smb_match_netlogon_seqnum())
8d7e41661dc4633488e93b13363137523ce59977jose borrego        return (B_FALSE);
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb    (void) smb_config_getstr(SMB_CI_KPASSWD_SRV, kpasswd_srv,
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb        sizeof (kpasswd_srv));
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb    if (*kpasswd_srv == '\0')
8d7e41661dc4633488e93b13363137523ce59977jose borrego        return (B_FALSE);
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb    /*
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb     * If the domain join initiated by smbadm join CLI is in
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb     * progress, don't do anything.
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb     */
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States    (void) smb_getsamaccount(sam_acct, sizeof (sam_acct));
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_ipc_get_user(ipc_usr, SMB_USERNAME_MAXLEN);
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown    if (smb_strcasecmp(ipc_usr, sam_acct, 0))
8d7e41661dc4633488e93b13363137523ce59977jose borrego        return (B_FALSE);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    di = &dxi.d_primary;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    if (!smb_domain_getinfo(&dxi))
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        (void) smb_getfqdomainname(di->di_fqname, MAXHOSTNAMELEN);
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb    (void) smb_config_getstr(SMB_CI_KPASSWD_DOMAIN, kpasswd_domain,
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb        sizeof (kpasswd_domain));
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb    if (*kpasswd_domain != '\0' &&
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown        smb_strcasecmp(kpasswd_domain, di->di_fqname, 0)) {
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb        dom = kpasswd_domain;
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb        new_domain = B_TRUE;
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb    } else {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        dom = di->di_fqname;
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb    }
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb    /*
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb     * DC discovery will be triggered if the domain info is not
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb     * currently cached or the SMB daemon has previously discovered a DC
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb     * that is different than the kpasswd server.
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb     */
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown    if (new_domain || smb_strcasecmp(dxi.d_dc, kpasswd_srv, 0) != 0) {
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright        if (*dxi.d_dc != '\0')
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright            mlsvc_disconnect(dxi.d_dc);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright        if (!smb_locate_dc(dom, kpasswd_srv, &dxi)) {
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright            if (!smb_locate_dc(di->di_fqname, "", &dxi)) {
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright                smb_ipc_commit();
8d7e41661dc4633488e93b13363137523ce59977jose borrego                return (B_FALSE);
8d7e41661dc4633488e93b13363137523ce59977jose borrego            }
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb        }
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb    }
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_ipc_commit();
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    if (mlsvc_netlogon(dxi.d_dc, di->di_nbname)) {
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh        syslog(LOG_NOTICE,
8d7e41661dc4633488e93b13363137523ce59977jose borrego            "failed to establish NETLOGON credential chain");
8d7e41661dc4633488e93b13363137523ce59977jose borrego        return (B_TRUE);
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb    } else {
8c10a8659ac31335ed870a1711c0182623f72fd6as        if (new_domain) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            smb_config_setdomaininfo(di->di_nbname, di->di_fqname,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                di->di_sid,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                di->di_u.di_dns.ddi_forest,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                di->di_u.di_dns.ddi_guid);
8d7e41661dc4633488e93b13363137523ce59977jose borrego            (void) smb_config_setstr(SMB_CI_KPASSWD_DOMAIN, "");
8c10a8659ac31335ed870a1711c0182623f72fd6as        }
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb    }
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb
8d7e41661dc4633488e93b13363137523ce59977jose borrego    return (new_domain);
8d7e41661dc4633488e93b13363137523ce59977jose borrego}
8d7e41661dc4633488e93b13363137523ce59977jose borrego
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego/*
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Retrieve the kpasswd server from krb5.conf.
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego *
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * Initialization of the locate dc thread.
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * Returns 0 on success, an error number if thread creation fails.
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego */
8d7e41661dc4633488e93b13363137523ce59977jose borregostatic int
8d7e41661dc4633488e93b13363137523ce59977jose borregosmbd_get_kpasswd_srv(char *srv, size_t len)
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego{
8d7e41661dc4633488e93b13363137523ce59977jose borrego    FILE *fp;
8d7e41661dc4633488e93b13363137523ce59977jose borrego    static char buf[512];
8d7e41661dc4633488e93b13363137523ce59977jose borrego    char *p;
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    *srv = '\0';
8d7e41661dc4633488e93b13363137523ce59977jose borrego    p = getenv("KRB5_CONFIG");
8d7e41661dc4633488e93b13363137523ce59977jose borrego    if (p == NULL || *p == '\0')
8d7e41661dc4633488e93b13363137523ce59977jose borrego        p = "/etc/krb5/krb5.conf";
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    if ((fp = fopen(p, "r")) == NULL)
8d7e41661dc4633488e93b13363137523ce59977jose borrego        return (-1);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    while (fgets(buf, sizeof (buf), fp)) {
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego        /* Weed out any comment text */
8d7e41661dc4633488e93b13363137523ce59977jose borrego        (void) trim_whitespace(buf);
8d7e41661dc4633488e93b13363137523ce59977jose borrego        if (*buf == '#')
8d7e41661dc4633488e93b13363137523ce59977jose borrego            continue;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego        if ((p = strstr(buf, "kpasswd_server")) != NULL) {
8d7e41661dc4633488e93b13363137523ce59977jose borrego            if ((p = strchr(p, '=')) != NULL) {
8d7e41661dc4633488e93b13363137523ce59977jose borrego                (void) trim_whitespace(++p);
8d7e41661dc4633488e93b13363137523ce59977jose borrego                (void) strlcpy(srv, p, len);
8d7e41661dc4633488e93b13363137523ce59977jose borrego            }
8d7e41661dc4633488e93b13363137523ce59977jose borrego            break;
8d7e41661dc4633488e93b13363137523ce59977jose borrego        }
8d7e41661dc4633488e93b13363137523ce59977jose borrego    }
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    (void) fclose(fp);
8d7e41661dc4633488e93b13363137523ce59977jose borrego    return ((*srv == '\0') ? -1 : 0);
8d7e41661dc4633488e93b13363137523ce59977jose borrego}
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borregostatic uint32_t
8d7e41661dc4633488e93b13363137523ce59977jose borregosmbd_join_workgroup(smb_joininfo_t *info)
8d7e41661dc4633488e93b13363137523ce59977jose borrego{
8d7e41661dc4633488e93b13363137523ce59977jose borrego    char nb_domain[SMB_PI_MAX_DOMAIN];
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    (void) smb_config_getstr(SMB_CI_DOMAIN_NAME, nb_domain,
8d7e41661dc4633488e93b13363137523ce59977jose borrego        sizeof (nb_domain));
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    smbd_set_secmode(SMB_SECMODE_WORKGRP);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    smb_config_setdomaininfo(info->domain_name, "", "", "", "");
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    if (strcasecmp(nb_domain, info->domain_name))
8d7e41661dc4633488e93b13363137523ce59977jose borrego        smb_browser_reconfig();
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    return (NT_STATUS_SUCCESS);
8d7e41661dc4633488e93b13363137523ce59977jose borrego}
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borregostatic uint32_t
8d7e41661dc4633488e93b13363137523ce59977jose borregosmbd_join_domain(smb_joininfo_t *info)
8d7e41661dc4633488e93b13363137523ce59977jose borrego{
8d7e41661dc4633488e93b13363137523ce59977jose borrego    uint32_t status;
8d7e41661dc4633488e93b13363137523ce59977jose borrego    unsigned char passwd_hash[SMBAUTH_HASH_SZ];
8d7e41661dc4633488e93b13363137523ce59977jose borrego    char dc[MAXHOSTNAMELEN];
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_domainex_t dxi;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_domain_t *di;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    /*
8d7e41661dc4633488e93b13363137523ce59977jose borrego     * Ensure that any previous membership of this domain has
8d7e41661dc4633488e93b13363137523ce59977jose borrego     * been cleared from the environment before we start. This
8d7e41661dc4633488e93b13363137523ce59977jose borrego     * will ensure that we don't attempt a NETLOGON_SAMLOGON
8d7e41661dc4633488e93b13363137523ce59977jose borrego     * when attempting to find the PDC.
8d7e41661dc4633488e93b13363137523ce59977jose borrego     */
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    (void) smb_config_setbool(SMB_CI_DOMAIN_MEMB, B_FALSE);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    if (smb_auth_ntlm_hash(info->domain_passwd, passwd_hash)
8d7e41661dc4633488e93b13363137523ce59977jose borrego        != SMBAUTH_SUCCESS) {
8d7e41661dc4633488e93b13363137523ce59977jose borrego        syslog(LOG_ERR, "smbd: could not compute ntlm hash for '%s'",
8d7e41661dc4633488e93b13363137523ce59977jose borrego            info->domain_username);
8d7e41661dc4633488e93b13363137523ce59977jose borrego        return (NT_STATUS_INTERNAL_ERROR);
8d7e41661dc4633488e93b13363137523ce59977jose borrego    }
8d7e41661dc4633488e93b13363137523ce59977jose borrego
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_ipc_set(info->domain_username, passwd_hash);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    (void) smbd_get_kpasswd_srv(dc, sizeof (dc));
8d7e41661dc4633488e93b13363137523ce59977jose borrego    /* info->domain_name could either be NetBIOS domain name or FQDN */
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    if (smb_locate_dc(info->domain_name, dc, &dxi)) {
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright        status = mlsvc_join(&dxi, info->domain_username,
8d7e41661dc4633488e93b13363137523ce59977jose borrego            info->domain_passwd);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego        if (status == NT_STATUS_SUCCESS) {
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright            di = &dxi.d_primary;
8d7e41661dc4633488e93b13363137523ce59977jose borrego            smbd_set_secmode(SMB_SECMODE_DOMAIN);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            smb_config_setdomaininfo(di->di_nbname, di->di_fqname,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                di->di_sid,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                di->di_u.di_dns.ddi_forest,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                di->di_u.di_dns.ddi_guid);
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright            smb_ipc_commit();
8d7e41661dc4633488e93b13363137523ce59977jose borrego            return (status);
8d7e41661dc4633488e93b13363137523ce59977jose borrego        }
8d7e41661dc4633488e93b13363137523ce59977jose borrego
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright        smb_ipc_rollback();
8d7e41661dc4633488e93b13363137523ce59977jose borrego        syslog(LOG_ERR, "smbd: failed joining %s (%s)",
8d7e41661dc4633488e93b13363137523ce59977jose borrego            info->domain_name, xlate_nt_status(status));
8d7e41661dc4633488e93b13363137523ce59977jose borrego        return (status);
8d7e41661dc4633488e93b13363137523ce59977jose borrego    }
8d7e41661dc4633488e93b13363137523ce59977jose borrego
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_ipc_rollback();
8d7e41661dc4633488e93b13363137523ce59977jose borrego    syslog(LOG_ERR, "smbd: failed locating domain controller for %s",
8d7e41661dc4633488e93b13363137523ce59977jose borrego        info->domain_name);
8d7e41661dc4633488e93b13363137523ce59977jose borrego    return (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego}