smbd_join.c revision b819cea2f73f98c5662230cc9affc8cc84f77fcf
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright 2014 Nexenta Systems, Inc. All rights reserved.
*/
#include <syslog.h>
#include <synch.h>
#include <pthread.h>
#include <unistd.h>
#include <string.h>
#include <strings.h>
#include <sys/errno.h>
#include <smbsrv/libsmb.h>
#include <smbsrv/libsmbns.h>
#include <smbsrv/libmlsvc.h>
#include <smbsrv/smbinfo.h>
#include "smbd.h"
#define SMBD_DC_MONITOR_ATTEMPTS 3
#define SMBD_DC_MONITOR_RETRY_INTERVAL 3 /* seconds */
#define SMBD_DC_MONITOR_INTERVAL 60 /* seconds */
extern smbd_t smbd;
static mutex_t smbd_dc_mutex;
static cond_t smbd_dc_cv;
static void *smbd_dc_monitor(void *);
static void smbd_dc_update(void);
/* Todo: static boolean_t smbd_set_netlogon_cred(void); */
static uint32_t smbd_join_workgroup(smb_joininfo_t *);
static uint32_t smbd_join_domain(smb_joininfo_t *);
/*
* Launch the DC discovery and monitor thread.
*/
int
smbd_dc_monitor_init(void)
{
pthread_attr_t attr;
int rc;
(void) smb_config_getstr(SMB_CI_ADS_SITE, smbd.s_site,
MAXHOSTNAMELEN);
(void) smb_config_getip(SMB_CI_DOMAIN_SRV, &smbd.s_pdc);
smb_ads_init();
if (smbd.s_secmode != SMB_SECMODE_DOMAIN)
return (0);
(void) pthread_attr_init(&attr);
(void) pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
rc = pthread_create(&smbd.s_dc_monitor_tid, &attr, smbd_dc_monitor,
NULL);
(void) pthread_attr_destroy(&attr);
return (rc);
}
void
smbd_dc_monitor_refresh(void)
{
char site[MAXHOSTNAMELEN];
smb_inaddr_t pdc;
site[0] = '\0';
bzero(&pdc, sizeof (smb_inaddr_t));
(void) smb_config_getstr(SMB_CI_ADS_SITE, site, MAXHOSTNAMELEN);
(void) smb_config_getip(SMB_CI_DOMAIN_SRV, &pdc);
(void) mutex_lock(&smbd_dc_mutex);
if ((bcmp(&smbd.s_pdc, &pdc, sizeof (smb_inaddr_t)) != 0) ||
(smb_strcasecmp(smbd.s_site, site, 0) != 0)) {
bcopy(&pdc, &smbd.s_pdc, sizeof (smb_inaddr_t));
(void) strlcpy(smbd.s_site, site, MAXHOSTNAMELEN);
smbd.s_pdc_changed = B_TRUE;
(void) cond_signal(&smbd_dc_cv);
}
(void) mutex_unlock(&smbd_dc_mutex);
}
/*ARGSUSED*/
static void *
smbd_dc_monitor(void *arg)
{
boolean_t ds_not_responding = B_FALSE;
boolean_t ds_cfg_changed = B_FALSE;
timestruc_t delay;
int i;
smbd_dc_update();
smbd_online_wait("smbd_dc_monitor");
while (smbd_online()) {
delay.tv_sec = SMBD_DC_MONITOR_INTERVAL;
delay.tv_nsec = 0;
(void) mutex_lock(&smbd_dc_mutex);
(void) cond_reltimedwait(&smbd_dc_cv, &smbd_dc_mutex, &delay);
if (smbd.s_pdc_changed) {
smbd.s_pdc_changed = B_FALSE;
ds_cfg_changed = B_TRUE;
}
(void) mutex_unlock(&smbd_dc_mutex);
for (i = 0; i < SMBD_DC_MONITOR_ATTEMPTS; ++i) {
if (dssetup_check_service() == 0) {
ds_not_responding = B_FALSE;
break;
}
ds_not_responding = B_TRUE;
(void) sleep(SMBD_DC_MONITOR_RETRY_INTERVAL);
}
if (ds_not_responding)
syslog(LOG_NOTICE,
"smbd_dc_monitor: domain service not responding");
if (ds_not_responding || ds_cfg_changed) {
ds_cfg_changed = B_FALSE;
smb_ads_refresh();
smbd_dc_update();
}
}
smbd.s_dc_monitor_tid = 0;
return (NULL);
}
/*
* Locate a domain controller in the current resource domain and Update
* the Netlogon credential chain.
*
* The domain configuration will be updated upon successful DC discovery.
*/
static void
smbd_dc_update(void)
{
char domain[MAXHOSTNAMELEN];
smb_domainex_t info;
smb_domain_t *di;
DWORD status;
if (smb_getfqdomainname(domain, MAXHOSTNAMELEN) != 0) {
(void) smb_getdomainname(domain, MAXHOSTNAMELEN);
(void) smb_strupr(domain);
}
if (!smb_locate_dc(domain, "", &info)) {
syslog(LOG_NOTICE,
"smbd_dc_update: %s: locate failed", domain);
return;
}
di = &info.d_primary;
syslog(LOG_INFO,
"smbd_dc_update: %s: located %s", domain, info.d_dc);
status = mlsvc_netlogon(info.d_dc, di->di_nbname);
if (status != NT_STATUS_SUCCESS) {
syslog(LOG_NOTICE,
"failed to establish NETLOGON credential chain");
/*
* Restart required because the domain changed
* or the credential chain setup failed.
*/
syslog(LOG_NOTICE,
"smbd_dc_update: smb/server restart required");
if (smb_smf_restart_service() != 0)
syslog(LOG_ERR,
"restart failed: run 'svcs -xv smb/server'"
" for more information");
}
}
/*
* smbd_join
*
* Joins the specified domain/workgroup.
*
* If the security mode or domain name is being changed,
* the caller must restart the service.
*/
uint32_t
smbd_join(smb_joininfo_t *info)
{
uint32_t status;
dssetup_clear_domain_info();
if (info->mode == SMB_SECMODE_WORKGRP)
status = smbd_join_workgroup(info);
else
status = smbd_join_domain(info);
return (status);
}
static uint32_t
smbd_join_workgroup(smb_joininfo_t *info)
{
char nb_domain[SMB_PI_MAX_DOMAIN];
(void) smb_config_getstr(SMB_CI_DOMAIN_NAME, nb_domain,
sizeof (nb_domain));
smbd_set_secmode(SMB_SECMODE_WORKGRP);
smb_config_setdomaininfo(info->domain_name, "", "", "", "");
if (strcasecmp(nb_domain, info->domain_name))
smb_browser_reconfig();
return (NT_STATUS_SUCCESS);
}
static uint32_t
smbd_join_domain(smb_joininfo_t *info)
{
static unsigned char zero_hash[SMBAUTH_HASH_SZ];
smb_domainex_t dxi;
smb_domain_t *di;
uint32_t status;
/*
* Ensure that any previous membership of this domain has
* been cleared from the environment before we start. This
* will ensure that we don't attempt a NETLOGON_SAMLOGON
* when attempting to find the PDC.
*/
(void) smb_config_setbool(SMB_CI_DOMAIN_MEMB, B_FALSE);
/* Clear DNS local (ADS) lookup cache too. */
smb_ads_refresh();
/*
* Use a NULL session while searching for a DC, and
* while getting information about the domain.
*/
smb_ipc_set(MLSVC_ANON_USER, zero_hash);
if (!smb_locate_dc(info->domain_name, "", &dxi)) {
syslog(LOG_ERR, "smbd: failed locating "
"domain controller for %s",
info->domain_name);
status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
goto errout;
}
/* info->domain_name could either be NetBIOS domain name or FQDN */
status = mlsvc_join(&dxi, info->domain_username, info->domain_passwd);
if (status != NT_STATUS_SUCCESS) {
syslog(LOG_ERR, "smbd: failed joining %s (%s)",
info->domain_name, xlate_nt_status(status));
goto errout;
}
/*
* Success!
*
* Strange, mlsvc_join does some of the work to
* save the config, then the rest happens here.
* Todo: Do the config update all in one place.
*/
di = &dxi.d_primary;
smbd_set_secmode(SMB_SECMODE_DOMAIN);
smb_config_setdomaininfo(di->di_nbname, di->di_fqname,
di->di_sid,
di->di_u.di_dns.ddi_forest,
di->di_u.di_dns.ddi_guid);
smb_ipc_commit();
return (status);
errout:
smb_ipc_rollback();
return (status);
}