libmlsvc/common/mlsvc_domain.c

8d7e41661dc4633488e93b13363137523ce59977jose borrego/*
8d7e41661dc4633488e93b13363137523ce59977jose borrego * CDDL HEADER START
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * The contents of this file are subject to the terms of the
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Common Development and Distribution License (the "License").
8d7e41661dc4633488e93b13363137523ce59977jose borrego * You may not use this file except in compliance with the License.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
8d7e41661dc4633488e93b13363137523ce59977jose borrego * or http://www.opensolaris.org/os/licensing.
8d7e41661dc4633488e93b13363137523ce59977jose borrego * See the License for the specific language governing permissions
8d7e41661dc4633488e93b13363137523ce59977jose borrego * and limitations under the License.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * When distributing Covered Code, include this CDDL HEADER in each
8d7e41661dc4633488e93b13363137523ce59977jose borrego * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
8d7e41661dc4633488e93b13363137523ce59977jose borrego * If applicable, add the following below this CDDL HEADER, with the
8d7e41661dc4633488e93b13363137523ce59977jose borrego * fields enclosed by brackets "[]" replaced with your own identifying
8d7e41661dc4633488e93b13363137523ce59977jose borrego * information: Portions Copyright [yyyy] [name of copyright owner]
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * CDDL HEADER END
8d7e41661dc4633488e93b13363137523ce59977jose borrego */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright
8d7e41661dc4633488e93b13363137523ce59977jose borrego/*
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
8d7e41661dc4633488e93b13363137523ce59977jose borrego */
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego#include <syslog.h>
8d7e41661dc4633488e93b13363137523ce59977jose borrego#include <synch.h>
8d7e41661dc4633488e93b13363137523ce59977jose borrego#include <pthread.h>
8d7e41661dc4633488e93b13363137523ce59977jose borrego#include <unistd.h>
8d7e41661dc4633488e93b13363137523ce59977jose borrego#include <string.h>
8d7e41661dc4633488e93b13363137523ce59977jose borrego#include <strings.h>
8d7e41661dc4633488e93b13363137523ce59977jose borrego#include <sys/errno.h>
8d7e41661dc4633488e93b13363137523ce59977jose borrego#include <sys/types.h>
8d7e41661dc4633488e93b13363137523ce59977jose borrego#include <netinet/in.h>
8d7e41661dc4633488e93b13363137523ce59977jose borrego#include <arpa/nameser.h>
8d7e41661dc4633488e93b13363137523ce59977jose borrego#include <resolv.h>
8d7e41661dc4633488e93b13363137523ce59977jose borrego#include <netdb.h>
8d7e41661dc4633488e93b13363137523ce59977jose borrego#include <assert.h>
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego#include <smbsrv/libsmb.h>
8d7e41661dc4633488e93b13363137523ce59977jose borrego#include <smbsrv/libsmbns.h>
8d7e41661dc4633488e93b13363137523ce59977jose borrego#include <smbsrv/libmlsvc.h>
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego#include <smbsrv/smbinfo.h>
8d7e41661dc4633488e93b13363137523ce59977jose borrego#include <lsalib.h>
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross#include <mlsvc.h>
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego/*
8d7e41661dc4633488e93b13363137523ce59977jose borrego * DC Locator
8d7e41661dc4633488e93b13363137523ce59977jose borrego */
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright#define SMB_DCLOCATOR_TIMEOUT   45  /* seconds */
8d7e41661dc4633488e93b13363137523ce59977jose borrego#define SMB_IS_FQDN(domain) (strchr(domain, '.') != NULL)
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borregotypedef struct smb_dclocator {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    smb_dcinfo_t    sdl_dci; /* .dc_name .dc_addr */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    char        sdl_domain[SMB_PI_MAX_DOMAIN];
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    boolean_t   sdl_locate;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    boolean_t   sdl_bad_dc;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    boolean_t   sdl_cfg_chg;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    mutex_t     sdl_mtx;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    cond_t      sdl_cv;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    uint32_t    sdl_status;
8d7e41661dc4633488e93b13363137523ce59977jose borrego} smb_dclocator_t;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borregostatic smb_dclocator_t smb_dclocator;
8d7e41661dc4633488e93b13363137523ce59977jose borregostatic pthread_t smb_dclocator_thr;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wrightstatic void *smb_ddiscover_service(void *);
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wrightstatic uint32_t smb_ddiscover_qinfo(char *, char *, smb_domainex_t *);
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wrightstatic void smb_ddiscover_enum_trusted(char *, char *, smb_domainex_t *);
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wrightstatic uint32_t smb_ddiscover_use_config(char *, smb_domainex_t *);
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wrightstatic void smb_domainex_free(smb_domainex_t *);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossstatic void smb_set_krb5_realm(char *);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego/*
8d7e41661dc4633488e93b13363137523ce59977jose borrego * ===================================================================
8d7e41661dc4633488e93b13363137523ce59977jose borrego * API to initialize DC locator thread, trigger DC discovery, and
8d7e41661dc4633488e93b13363137523ce59977jose borrego * get the discovered DC and/or domain information.
8d7e41661dc4633488e93b13363137523ce59977jose borrego * ===================================================================
8d7e41661dc4633488e93b13363137523ce59977jose borrego */
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego/*
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Initialization of the DC locator thread.
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Returns 0 on success, an error number if thread creation fails.
8d7e41661dc4633488e93b13363137523ce59977jose borrego */
8d7e41661dc4633488e93b13363137523ce59977jose borregoint
8d7e41661dc4633488e93b13363137523ce59977jose borregosmb_dclocator_init(void)
8d7e41661dc4633488e93b13363137523ce59977jose borrego{
8d7e41661dc4633488e93b13363137523ce59977jose borrego    pthread_attr_t tattr;
8d7e41661dc4633488e93b13363137523ce59977jose borrego    int rc;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    (void) pthread_attr_init(&tattr);
8d7e41661dc4633488e93b13363137523ce59977jose borrego    (void) pthread_attr_setdetachstate(&tattr, PTHREAD_CREATE_DETACHED);
8d7e41661dc4633488e93b13363137523ce59977jose borrego    rc = pthread_create(&smb_dclocator_thr, &tattr,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        smb_ddiscover_service, &smb_dclocator);
8d7e41661dc4633488e93b13363137523ce59977jose borrego    (void) pthread_attr_destroy(&tattr);
8d7e41661dc4633488e93b13363137523ce59977jose borrego    return (rc);
8d7e41661dc4633488e93b13363137523ce59977jose borrego}
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego/*
8d7e41661dc4633488e93b13363137523ce59977jose borrego * This is the entry point for discovering a domain controller for the
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * specified domain.  Called during join domain, and then periodically
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * by smbd_dc_update (the "DC monitor" thread).
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * The actual work of discovering a DC is handled by DC locator thread.
8d7e41661dc4633488e93b13363137523ce59977jose borrego * All we do here is signal the request and wait for a DC or a timeout.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Input parameters:
8d7e41661dc4633488e93b13363137523ce59977jose borrego *  domain - domain to be discovered (can either be NetBIOS or DNS domain)
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Output parameter:
8d7e41661dc4633488e93b13363137523ce59977jose borrego *  dp - on success, dp will be filled with the discovered DC and domain
8d7e41661dc4633488e93b13363137523ce59977jose borrego *       information.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Returns B_TRUE if the DC/domain info is available.
8d7e41661dc4633488e93b13363137523ce59977jose borrego */
8d7e41661dc4633488e93b13363137523ce59977jose borregoboolean_t
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rosssmb_locate_dc(char *domain, smb_domainex_t *dp)
8d7e41661dc4633488e93b13363137523ce59977jose borrego{
8d7e41661dc4633488e93b13363137523ce59977jose borrego    int rc;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    boolean_t rv;
8d7e41661dc4633488e93b13363137523ce59977jose borrego    timestruc_t to;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_domainex_t domain_info;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (domain == NULL || *domain == '\0') {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        syslog(LOG_DEBUG, "smb_locate_dc NULL dom");
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        smb_set_krb5_realm(NULL);
8d7e41661dc4633488e93b13363137523ce59977jose borrego        return (B_FALSE);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    }
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    (void) mutex_lock(&smb_dclocator.sdl_mtx);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (strcmp(smb_dclocator.sdl_domain, domain)) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        (void) strlcpy(smb_dclocator.sdl_domain, domain,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            sizeof (smb_dclocator.sdl_domain));
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        smb_dclocator.sdl_cfg_chg = B_TRUE;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        syslog(LOG_DEBUG, "smb_locate_dc new dom=%s", domain);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        smb_set_krb5_realm(domain);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
8d7e41661dc4633488e93b13363137523ce59977jose borrego    if (!smb_dclocator.sdl_locate) {
8d7e41661dc4633488e93b13363137523ce59977jose borrego        smb_dclocator.sdl_locate = B_TRUE;
8d7e41661dc4633488e93b13363137523ce59977jose borrego        (void) cond_broadcast(&smb_dclocator.sdl_cv);
8d7e41661dc4633488e93b13363137523ce59977jose borrego    }
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    while (smb_dclocator.sdl_locate) {
8d7e41661dc4633488e93b13363137523ce59977jose borrego        to.tv_sec = SMB_DCLOCATOR_TIMEOUT;
8d7e41661dc4633488e93b13363137523ce59977jose borrego        to.tv_nsec = 0;
8d7e41661dc4633488e93b13363137523ce59977jose borrego        rc = cond_reltimedwait(&smb_dclocator.sdl_cv,
8d7e41661dc4633488e93b13363137523ce59977jose borrego            &smb_dclocator.sdl_mtx, &to);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        if (rc == ETIME) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            syslog(LOG_NOTICE, "smb_locate_dc timeout");
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            rv = B_FALSE;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            goto out;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (smb_dclocator.sdl_status != 0) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        syslog(LOG_NOTICE, "smb_locate_dc status 0x%x",
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            smb_dclocator.sdl_status);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        rv = B_FALSE;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        goto out;
8d7e41661dc4633488e93b13363137523ce59977jose borrego    }
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    if (dp == NULL)
8d7e41661dc4633488e93b13363137523ce59977jose borrego        dp = &domain_info;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    rv = smb_domain_getinfo(dp);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossout:
8d7e41661dc4633488e93b13363137523ce59977jose borrego    (void) mutex_unlock(&smb_dclocator.sdl_mtx);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    return (rv);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross}
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross/*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Tell the domain discovery service to run again now,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * and assume changed configuration (i.e. a new DC).
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Like the first part of smb_locate_dc().
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross *
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Note: This is called from the service refresh handler
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * and the door handler to tell the ddiscover thread to
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * request the new DC from idmap.  Therefore, we must not
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * trigger a new idmap discovery run from here, or that
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * would start a ping-pong match.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross/* ARGSUSED */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossvoid
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rosssmb_ddiscover_refresh()
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross{
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    (void) mutex_lock(&smb_dclocator.sdl_mtx);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (smb_dclocator.sdl_cfg_chg == B_FALSE) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        smb_dclocator.sdl_cfg_chg = B_TRUE;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        syslog(LOG_DEBUG, "smb_ddiscover_refresh set cfg changed");
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (!smb_dclocator.sdl_locate) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        smb_dclocator.sdl_locate = B_TRUE;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        (void) cond_broadcast(&smb_dclocator.sdl_cv);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    (void) mutex_unlock(&smb_dclocator.sdl_mtx);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross}
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross/*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Called by our client-side threads after they fail to connect to
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * the DC given to them by smb_locate_dc().  This is often called
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * after some delay, because the connection timeout delays these
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * threads for a while, so it's quite common that the DC locator
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * service has already started looking for a new DC.  These late
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * notifications should not continually restart the DC locator.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossvoid
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rosssmb_ddiscover_bad_dc(char *bad_dc)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross{
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    assert(bad_dc[0] != '\0');
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    (void) mutex_lock(&smb_dclocator.sdl_mtx);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    syslog(LOG_DEBUG, "smb_ddiscover_bad_dc, cur=%s, bad=%s",
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        smb_dclocator.sdl_dci.dc_name, bad_dc);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (strcmp(smb_dclocator.sdl_dci.dc_name, bad_dc)) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        /*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross         * The "bad" DC is no longer the current one.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross         * Probably a late "bad DC" report.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross         */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        goto out;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (smb_dclocator.sdl_bad_dc) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        /* Someone already marked the current DC as "bad". */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        syslog(LOG_DEBUG, "smb_ddiscover_bad_dc repeat");
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        goto out;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    /*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross     * Mark the current DC as "bad" and let the DC Locator
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross     * run again if it's not already.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross     */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    syslog(LOG_INFO, "smb_ddiscover, bad DC: %s", bad_dc);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    smb_dclocator.sdl_bad_dc = B_TRUE;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    /* In-line smb_ddiscover_kick */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (!smb_dclocator.sdl_locate) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        smb_dclocator.sdl_locate = B_TRUE;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        (void) cond_broadcast(&smb_dclocator.sdl_cv);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossout:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    (void) mutex_unlock(&smb_dclocator.sdl_mtx);
8d7e41661dc4633488e93b13363137523ce59977jose borrego}
8d7e41661dc4633488e93b13363137523ce59977jose borrego
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross/*
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross * If domain discovery is running, wait for it to finish.
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross */
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Rossint
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Rosssmb_ddiscover_wait(void)
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross{
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross    timestruc_t to;
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross    int rc = 0;
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross    (void) mutex_lock(&smb_dclocator.sdl_mtx);
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross    if (smb_dclocator.sdl_locate) {
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross        to.tv_sec = SMB_DCLOCATOR_TIMEOUT;
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross        to.tv_nsec = 0;
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross        rc = cond_reltimedwait(&smb_dclocator.sdl_cv,
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross            &smb_dclocator.sdl_mtx, &to);
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross    }
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross    (void) mutex_unlock(&smb_dclocator.sdl_mtx);
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross    return (rc);
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross}
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross
380acbbe9da7dc2cbab5b6db169ec6968dd927faGordon Ross
8d7e41661dc4633488e93b13363137523ce59977jose borrego/*
8d7e41661dc4633488e93b13363137523ce59977jose borrego * ==========================================================
8d7e41661dc4633488e93b13363137523ce59977jose borrego * DC discovery functions
8d7e41661dc4633488e93b13363137523ce59977jose borrego * ==========================================================
8d7e41661dc4633488e93b13363137523ce59977jose borrego */
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego/*
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright * This is the domain and DC discovery service: it gets woken up whenever
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright * there is need to locate a domain controller.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Upon success, the SMB domain cache will be populated with the discovered
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * DC and domain info.
8d7e41661dc4633488e93b13363137523ce59977jose borrego */
8d7e41661dc4633488e93b13363137523ce59977jose borrego/*ARGSUSED*/
8d7e41661dc4633488e93b13363137523ce59977jose borregostatic void *
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wrightsmb_ddiscover_service(void *arg)
8d7e41661dc4633488e93b13363137523ce59977jose borrego{
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    smb_domainex_t dxi;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    smb_dclocator_t *sdl = arg;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    uint32_t status;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    boolean_t bad_dc;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    boolean_t cfg_chg;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    for (;;) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        /*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross         * Wait to be signaled for work by one of:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross         * smb_locate_dc(), smb_ddiscover_refresh(),
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross         * smb_ddiscover_bad_dc()
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross         */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        syslog(LOG_DEBUG, "smb_ddiscover_service waiting");
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        (void) mutex_lock(&sdl->sdl_mtx);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        while (!sdl->sdl_locate)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            (void) cond_wait(&sdl->sdl_cv,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross                &sdl->sdl_mtx);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        if (!smb_config_getbool(SMB_CI_DOMAIN_MEMB)) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            sdl->sdl_status = NT_STATUS_INVALID_SERVER_STATE;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            syslog(LOG_DEBUG, "smb_ddiscover_service: "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross                "not a domain member");
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            goto wait_again;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        }
8d7e41661dc4633488e93b13363137523ce59977jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        /*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross         * Want to know if these change below.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross         * Note: mutex held here
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross         */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    find_again:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        bad_dc = sdl->sdl_bad_dc;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        sdl->sdl_bad_dc = B_FALSE;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        if (bad_dc) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            /*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross             * Need to clear the current DC name or
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross             * ddiscover_bad_dc will keep setting bad_dc
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross             */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            sdl->sdl_dci.dc_name[0] = '\0';
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        cfg_chg = sdl->sdl_cfg_chg;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        sdl->sdl_cfg_chg = B_FALSE;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        (void) mutex_unlock(&sdl->sdl_mtx);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        syslog(LOG_DEBUG, "smb_ddiscover_service running "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            "cfg_chg=%d bad_dc=%d", (int)cfg_chg, (int)bad_dc);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        /*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross         * Clear the cached DC now so that we'll ask idmap again.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross         * If our current DC gave us errors, force rediscovery.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross         */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        smb_ads_refresh(bad_dc);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        /*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross         * Search for the DC, save the result.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross         */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        bzero(&dxi, sizeof (dxi));
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        status = smb_ddiscover_main(sdl->sdl_domain, &dxi);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        if (status == 0)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            smb_domain_save();
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        (void) mutex_lock(&sdl->sdl_mtx);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        sdl->sdl_status = status;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        if (status == 0)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            sdl->sdl_dci = dxi.d_dci;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        /*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross         * Run again if either of cfg_chg or bad_dc
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross         * was turned on during smb_ddiscover_main().
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross         * Note: mutex held here.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross         */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        if (sdl->sdl_bad_dc) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            syslog(LOG_DEBUG, "smb_ddiscover_service "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross                "restart because bad_dc was set");
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            goto find_again;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        if (sdl->sdl_cfg_chg) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            syslog(LOG_DEBUG, "smb_ddiscover_service "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross                "restart because cfg_chg was set");
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            goto find_again;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        }
8d7e41661dc4633488e93b13363137523ce59977jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    wait_again:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        sdl->sdl_locate = B_FALSE;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        sdl->sdl_bad_dc = B_FALSE;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        sdl->sdl_cfg_chg = B_FALSE;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        (void) cond_broadcast(&sdl->sdl_cv);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        (void) mutex_unlock(&sdl->sdl_mtx);
8d7e41661dc4633488e93b13363137523ce59977jose borrego    }
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    /*NOTREACHED*/
8d7e41661dc4633488e93b13363137523ce59977jose borrego    return (NULL);
8d7e41661dc4633488e93b13363137523ce59977jose borrego}
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego/*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Discovers a domain controller for the specified domain via DNS.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * After the domain controller is discovered successfully primary and
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * trusted domain infromation will be queried using RPC queries.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Caller should zero out *dxi before calling, and after a
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * successful return should call:  smb_domain_save()
8d7e41661dc4633488e93b13363137523ce59977jose borrego */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossuint32_t
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rosssmb_ddiscover_main(char *domain, smb_domainex_t *dxi)
8d7e41661dc4633488e93b13363137523ce59977jose borrego{
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    uint32_t status;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (domain[0] == '\0') {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        syslog(LOG_DEBUG, "smb_ddiscover_main NULL domain");
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        return (NT_STATUS_INTERNAL_ERROR);
8d7e41661dc4633488e93b13363137523ce59977jose borrego    }
8d7e41661dc4633488e93b13363137523ce59977jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (smb_domain_start_update() != SMB_DOMAIN_SUCCESS) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        syslog(LOG_DEBUG, "smb_ddiscover_main can't get lock");
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        return (NT_STATUS_INTERNAL_ERROR);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    }
8d7e41661dc4633488e93b13363137523ce59977jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    status = smb_ads_lookup_msdcs(domain, &dxi->d_dci);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (status != 0) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        syslog(LOG_DEBUG, "smb_ddiscover_main can't find DC (%s)",
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            xlate_nt_status(status));
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        goto out;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    }
8d7e41661dc4633488e93b13363137523ce59977jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    status = smb_ddiscover_qinfo(domain, dxi->d_dci.dc_name, dxi);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (status != 0) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        syslog(LOG_DEBUG,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            "smb_ddiscover_main can't get domain info (%s)",
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            xlate_nt_status(status));
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        goto out;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    }
8d7e41661dc4633488e93b13363137523ce59977jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    smb_domain_update(dxi);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossout:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    smb_domain_end_update();
8d7e41661dc4633488e93b13363137523ce59977jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    /* Don't need the trusted domain list anymore. */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    smb_domainex_free(dxi);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    return (status);
8d7e41661dc4633488e93b13363137523ce59977jose borrego}
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Obtain primary and trusted domain information using LSA queries.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * domain - either NetBIOS or fully-qualified domain name
8d7e41661dc4633488e93b13363137523ce59977jose borrego */
8d7e41661dc4633488e93b13363137523ce59977jose borregostatic uint32_t
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wrightsmb_ddiscover_qinfo(char *domain, char *server, smb_domainex_t *dxi)
8d7e41661dc4633488e93b13363137523ce59977jose borrego{
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    uint32_t ret, tmp;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    /* If we must return failure, use this first one. */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    ret = lsa_query_dns_domain_info(server, domain, &dxi->d_primary);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (ret == NT_STATUS_SUCCESS)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        goto success;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    tmp = smb_ddiscover_use_config(domain, dxi);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (tmp == NT_STATUS_SUCCESS)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        goto success;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    tmp = lsa_query_primary_domain_info(server, domain, &dxi->d_primary);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (tmp == NT_STATUS_SUCCESS)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        goto success;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    /* All of the above failed. */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    return (ret);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rosssuccess:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    smb_ddiscover_enum_trusted(domain, server, dxi);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    return (NT_STATUS_SUCCESS);
8d7e41661dc4633488e93b13363137523ce59977jose borrego}
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Obtain trusted domains information using LSA queries.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * domain - either NetBIOS or fully-qualified domain name.
8d7e41661dc4633488e93b13363137523ce59977jose borrego */
8d7e41661dc4633488e93b13363137523ce59977jose borregostatic void
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wrightsmb_ddiscover_enum_trusted(char *domain, char *server, smb_domainex_t *dxi)
8d7e41661dc4633488e93b13363137523ce59977jose borrego{
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_trusted_domains_t *list;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    uint32_t status;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    list = &dxi->d_trusted;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    status = lsa_enum_trusted_domains_ex(server, domain, list);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (status != NT_STATUS_SUCCESS)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        (void) lsa_enum_trusted_domains(server, domain, list);
8d7e41661dc4633488e93b13363137523ce59977jose borrego}
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego/*
8d7e41661dc4633488e93b13363137523ce59977jose borrego * If the domain to be discovered matches the current domain (i.e the
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright * value of either domain or fqdn configuration), then get the primary
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright * domain information from SMF.
8d7e41661dc4633488e93b13363137523ce59977jose borrego */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic uint32_t
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wrightsmb_ddiscover_use_config(char *domain, smb_domainex_t *dxi)
8d7e41661dc4633488e93b13363137523ce59977jose borrego{
8d7e41661dc4633488e93b13363137523ce59977jose borrego    boolean_t use;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_domain_t *dinfo;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    dinfo = &dxi->d_primary;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    bzero(dinfo, sizeof (smb_domain_t));
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
8d7e41661dc4633488e93b13363137523ce59977jose borrego    if (smb_config_get_secmode() != SMB_SECMODE_DOMAIN)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        return (NT_STATUS_UNSUCCESSFUL);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    smb_config_getdomaininfo(dinfo->di_nbname, dinfo->di_fqname,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        NULL, NULL, NULL);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (SMB_IS_FQDN(domain))
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown        use = (smb_strcasecmp(dinfo->di_fqname, domain, 0) == 0);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    else
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown        use = (smb_strcasecmp(dinfo->di_nbname, domain, 0) == 0);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (use)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        smb_config_getdomaininfo(NULL, NULL, dinfo->di_sid,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            dinfo->di_u.di_dns.ddi_forest,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            dinfo->di_u.di_dns.ddi_guid);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    return ((use) ? NT_STATUS_SUCCESS : NT_STATUS_UNSUCCESSFUL);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright}
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic void
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wrightsmb_domainex_free(smb_domainex_t *dxi)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright{
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    free(dxi->d_trusted.td_domains);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    dxi->d_trusted.td_domains = NULL;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross}
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossstatic void
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rosssmb_set_krb5_realm(char *domain)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross{
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    static char realm[MAXHOSTNAMELEN];
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (domain == NULL || domain[0] == '\0') {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        (void) unsetenv("KRB5_DEFAULT_REALM");
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        return;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    /* In case krb5.conf is not configured, set the default realm. */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    (void) strlcpy(realm, domain, sizeof (realm));
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    (void) smb_strupr(realm);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    (void) setenv("KRB5_DEFAULT_REALM", realm, 1);
8d7e41661dc4633488e93b13363137523ce59977jose borrego}