da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER START
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The contents of this file are subject to the terms of the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Common Development and Distribution License (the "License").
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You may not use this file except in compliance with the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * or http://www.opensolaris.org/os/licensing.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * See the License for the specific language governing permissions
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and limitations under the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * When distributing Covered Code, include this CDDL HEADER in each
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If applicable, add the following below this CDDL HEADER, with the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * fields enclosed by brackets "[]" replaced with your own identifying
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * information: Portions Copyright [yyyy] [name of copyright owner]
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER END
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
c586600796766c83eb9485c446886fd9ed2359a9Keyur Desai * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <sys/param.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <ldap.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <stdlib.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <sys/types.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <sys/socket.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <netinet/in.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <arpa/inet.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <sys/time.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <netdb.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <pthread.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <unistd.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <arpa/nameser.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <resolv.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <sys/synch.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <string.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <strings.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <fcntl.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <sys/types.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <sys/stat.h>
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States#include <assert.h>
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright#include <sasl/sasl.h>
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright#include <note.h>
77191e8775ec29406dec7210fc064d8fd759dd24Shawn Emery#include <errno.h>
77191e8775ec29406dec7210fc064d8fd759dd24Shawn Emery#include <cryptoutil.h>
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross#include <ads/dsgetdc.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/libsmbns.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbns_dyndns.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbns_krb.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
96a62ada8aa6cb19b04270da282e7e21ba74b808joyce mcintosh#define SMB_ADS_AF_UNKNOWN(x) (((x)->ipaddr.a_family != AF_INET) && \
96a62ada8aa6cb19b04270da282e7e21ba74b808joyce mcintosh ((x)->ipaddr.a_family != AF_INET6))
96a62ada8aa6cb19b04270da282e7e21ba74b808joyce mcintosh
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_MAXBUFLEN 100
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_DN_MAX 300
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_MAXMSGLEN 512
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_COMPUTERS_CN "Computers"
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_COMPUTER_NUM_ATTR 8
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_SHARE_NUM_ATTR 3
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_SITE_MAX MAXHOSTNAMELEN
3db3f65c6274eb042354801a308c8e9bc4994553amw
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_MSDCS_SRV_DC_RR "_ldap._tcp.dc._msdcs"
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_MSDCS_SRV_SITE_RR "_ldap._tcp.%s._sites.dc._msdcs"
3db3f65c6274eb042354801a308c8e9bc4994553amw
3db3f65c6274eb042354801a308c8e9bc4994553amw/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * domainControllerFunctionality
3db3f65c6274eb042354801a308c8e9bc4994553amw *
3db3f65c6274eb042354801a308c8e9bc4994553amw * This rootDSE attribute indicates the functional level of the DC.
3db3f65c6274eb042354801a308c8e9bc4994553amw */
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_ATTR_DCLEVEL "domainControllerFunctionality"
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_DCLEVEL_W2K 0
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_DCLEVEL_W2K3 2
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_DCLEVEL_W2K8 3
b1352070d318187b41b088da3533692976f3f225Alan Wright#define SMB_ADS_DCLEVEL_W2K8_R2 4
3db3f65c6274eb042354801a308c8e9bc4994553amw
3db3f65c6274eb042354801a308c8e9bc4994553amw/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * msDs-supportedEncryptionTypes (Windows Server 2008 only)
3db3f65c6274eb042354801a308c8e9bc4994553amw *
3db3f65c6274eb042354801a308c8e9bc4994553amw * This attribute defines the encryption types supported by the system.
3db3f65c6274eb042354801a308c8e9bc4994553amw * Encryption Types:
3db3f65c6274eb042354801a308c8e9bc4994553amw * - DES cbc mode with CRC-32
3db3f65c6274eb042354801a308c8e9bc4994553amw * - DES cbc mode with RSA-MD5
3db3f65c6274eb042354801a308c8e9bc4994553amw * - ArcFour with HMAC/md5
3db3f65c6274eb042354801a308c8e9bc4994553amw * - AES-128
3db3f65c6274eb042354801a308c8e9bc4994553amw * - AES-256
3db3f65c6274eb042354801a308c8e9bc4994553amw */
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_ATTR_ENCTYPES "msDs-supportedEncryptionTypes"
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_ENC_DES_CRC 1
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_ENC_DES_MD5 2
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_ENC_RC4 4
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_ENC_AES128 8
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_ENC_AES256 16
3db3f65c6274eb042354801a308c8e9bc4994553amw
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightstatic krb5_enctype w2k8enctypes[] = {
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright ENCTYPE_AES256_CTS_HMAC_SHA1_96,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright ENCTYPE_AES128_CTS_HMAC_SHA1_96,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright ENCTYPE_ARCFOUR_HMAC,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright ENCTYPE_DES_CBC_CRC,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright ENCTYPE_DES_CBC_MD5,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright};
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightstatic krb5_enctype pre_w2k8enctypes[] = {
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright ENCTYPE_ARCFOUR_HMAC,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright ENCTYPE_DES_CBC_CRC,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright ENCTYPE_DES_CBC_MD5,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright};
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_ATTR_SAMACCT "sAMAccountName"
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_ATTR_UPN "userPrincipalName"
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_ATTR_SPN "servicePrincipalName"
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_ATTR_CTL "userAccountControl"
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_ATTR_DNSHOST "dNSHostName"
3db3f65c6274eb042354801a308c8e9bc4994553amw#define SMB_ADS_ATTR_KVNO "msDS-KeyVersionNumber"
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego#define SMB_ADS_ATTR_DN "distinguishedName"
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * UserAccountControl flags: manipulate user account properties.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * The hexadecimal value of the following property flags are based on MSDN
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * article # 305144.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_SCRIPT 0x00000001
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_ACCOUNTDISABLE 0x00000002
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_HOMEDIR_REQUIRED 0x00000008
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_LOCKOUT 0x00000010
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_PASSWD_NOTREQD 0x00000020
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_PASSWD_CANT_CHANGE 0x00000040
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_ENCRYPTED_TEXT_PWD_ALLOWED 0x00000080
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_TMP_DUP_ACCT 0x00000100
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_NORMAL_ACCT 0x00000200
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_INTERDOMAIN_TRUST_ACCT 0x00000800
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_WKSTATION_TRUST_ACCT 0x00001000
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_SRV_TRUST_ACCT 0x00002000
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_DONT_EXPIRE_PASSWD 0x00010000
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_MNS_LOGON_ACCT 0x00020000
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_SMARTCARD_REQUIRED 0x00040000
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_TRUSTED_FOR_DELEGATION 0x00080000
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_NOT_DELEGATED 0x00100000
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_USE_DES_KEY_ONLY 0x00200000
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_DONT_REQ_PREAUTH 0x00400000
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_PASSWD_EXPIRED 0x00800000
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_ADS_USER_ACCT_CTL_TRUSTED_TO_AUTH_FOR_DELEGATION 0x01000000
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States/*
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * Length of "dc=" prefix.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States */
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States#define SMB_ADS_DN_PREFIX_LEN 3
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
7f667e74610492ddbce8ce60f52ece95d2401949jose borregostatic char *smb_ads_computer_objcls[] = {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego "top", "person", "organizationalPerson",
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego "user", "computer", NULL
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego};
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borregostatic char *smb_ads_share_objcls[] = {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego "top", "leaf", "connectionPoint", "volume", NULL
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego};
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States/* Cached ADS server to communicate with */
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statesstatic smb_ads_host_info_t *smb_ads_cached_host_info = NULL;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statesstatic mutex_t smb_ads_cached_host_mtx;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * SMB ADS config cache is maintained to facilitate the detection of
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * changes in configuration that is relevant to AD selection.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrighttypedef struct smb_ads_config {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright char c_site[SMB_ADS_SITE_MAX];
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright mutex_t c_mtx;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright} smb_ads_config_t;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic smb_ads_config_t smb_ads_cfg;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States/* attribute/value pair */
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statestypedef struct smb_ads_avpair {
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States char *avp_attr;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States char *avp_val;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States} smb_ads_avpair_t;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States/* query status */
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statestypedef enum smb_ads_qstat {
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States SMB_ADS_STAT_ERR = -2,
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States SMB_ADS_STAT_DUP,
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States SMB_ADS_STAT_NOT_FOUND,
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States SMB_ADS_STAT_FOUND
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States} smb_ads_qstat_t;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrighttypedef struct smb_ads_host_list {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright int ah_cnt;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright smb_ads_host_info_t *ah_list;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright} smb_ads_host_list_t;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossstatic int smb_ads_open_main(smb_ads_handle_t **, char *, char *, char *);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borregostatic int smb_ads_add_computer(smb_ads_handle_t *, int, char *);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borregostatic int smb_ads_modify_computer(smb_ads_handle_t *, int, char *);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borregostatic int smb_ads_computer_op(smb_ads_handle_t *, int, int, char *);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statesstatic smb_ads_qstat_t smb_ads_lookup_computer_n_attr(smb_ads_handle_t *,
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ads_avpair_t *, int, char *);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borregostatic int smb_ads_update_computer_cntrl_attr(smb_ads_handle_t *, int, char *);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borregostatic krb5_kvno smb_ads_lookup_computer_attr_kvno(smb_ads_handle_t *, char *);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statesstatic void smb_ads_free_cached_host(void);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borregostatic int smb_ads_alloc_attr(LDAPMod **, int);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borregostatic void smb_ads_free_attr(LDAPMod **);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borregostatic int smb_ads_get_dc_level(smb_ads_handle_t *);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statesstatic smb_ads_qstat_t smb_ads_find_computer(smb_ads_handle_t *, char *);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statesstatic smb_ads_qstat_t smb_ads_getattr(LDAP *, LDAPMessage *,
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ads_avpair_t *);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statesstatic smb_ads_qstat_t smb_ads_get_qstat(smb_ads_handle_t *, LDAPMessage *,
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ads_avpair_t *);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic boolean_t smb_ads_is_same_domain(char *, char *);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic smb_ads_host_info_t *smb_ads_dup_host_info(smb_ads_host_info_t *);
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krierstatic char *smb_ads_get_sharedn(const char *, const char *, const char *);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightstatic krb5_enctype *smb_ads_get_enctypes(int, int *);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_init
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Initializes the ADS config cache.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asvoid
3db3f65c6274eb042354801a308c8e9bc4994553amwsmb_ads_init(void)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright (void) mutex_lock(&smb_ads_cfg.c_mtx);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States (void) smb_config_getstr(SMB_CI_ADS_SITE,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright smb_ads_cfg.c_site, SMB_ADS_SITE_MAX);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright (void) mutex_unlock(&smb_ads_cfg.c_mtx);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross /* Force -lads to load, for dtrace. */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross DsFreeDcInfo(NULL);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright}
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightvoid
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_ads_fini(void)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright{
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright smb_ads_free_cached_host();
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_refresh
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * This function will be called when smb/server SMF service is refreshed.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * (See smbd_join.c)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Clearing the smb_ads_cached_host_info would allow the next DC
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * discovery process to pick up an AD based on the new AD configuration.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asvoid
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rosssmb_ads_refresh(boolean_t force_rediscovery)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
3db3f65c6274eb042354801a308c8e9bc4994553amw char new_site[SMB_ADS_SITE_MAX];
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright (void) smb_config_getstr(SMB_CI_ADS_SITE, new_site, SMB_ADS_SITE_MAX);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright (void) mutex_lock(&smb_ads_cfg.c_mtx);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross (void) strlcpy(smb_ads_cfg.c_site, new_site, SMB_ADS_SITE_MAX);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright (void) mutex_unlock(&smb_ads_cfg.c_mtx);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross smb_ads_free_cached_host();
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross if (force_rediscovery) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross (void) _DsForceRediscovery(NULL, 0);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright}
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_build_unc_name
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Construct the UNC name of the share object in the format of
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * \\hostname.domain\shareUNC
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns 0 on success, -1 on error.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
3db3f65c6274eb042354801a308c8e9bc4994553amwsmb_ads_build_unc_name(char *unc_name, int maxlen,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw const char *hostname, const char *shareUNC)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as char my_domain[MAXHOSTNAMELEN];
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as if (smb_getfqdomainname(my_domain, sizeof (my_domain)) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) snprintf(unc_name, maxlen, "\\\\%s.%s\\%s",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw hostname, my_domain, shareUNC);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
3db3f65c6274eb042354801a308c8e9bc4994553amw/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * The cached ADS host is no longer valid if one of the following criteria
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * is satisfied:
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * 1) not in the specified domain
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * 2) not the sought host (if specified)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * 3) not reachable
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * The caller is responsible for acquiring the smb_ads_cached_host_mtx lock
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * prior to calling this function.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Return B_TRUE if the cache host is still valid. Otherwise, return B_FALSE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic boolean_t
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rosssmb_ads_validate_cache_host(char *domain)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (!smb_ads_cached_host_info)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright return (B_FALSE);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright if (!smb_ads_is_same_domain(smb_ads_cached_host_info->name, domain))
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright return (B_FALSE);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (B_TRUE);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States}
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States/*
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * smb_ads_match_hosts_same_domain
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States *
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * Returns true, if the cached ADS host is in the same domain as the
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * current (given) domain.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States */
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statesstatic boolean_t
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statessmb_ads_is_same_domain(char *cached_host_name, char *current_domain)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States{
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States char *cached_host_domain;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if ((cached_host_name == NULL) || (current_domain == NULL))
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (B_FALSE);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States cached_host_domain = strchr(cached_host_name, '.');
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (cached_host_domain == NULL)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (B_FALSE);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States ++cached_host_domain;
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown if (smb_strcasecmp(cached_host_domain, current_domain, 0))
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (B_FALSE);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (B_TRUE);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States}
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States/*
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * smb_ads_dup_host_info
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States *
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * Duplicates the passed smb_ads_host_info_t structure.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * Caller must free memory allocated by this method.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States *
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * Returns a reference to the duplicated smb_ads_host_info_t structure.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * Returns NULL on error.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States */
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statesstatic smb_ads_host_info_t *
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statessmb_ads_dup_host_info(smb_ads_host_info_t *ads_host)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ads_host_info_t *dup_host;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (ads_host == NULL)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (NULL);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States dup_host = malloc(sizeof (smb_ads_host_info_t));
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (dup_host != NULL)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States bcopy(ads_host, dup_host, sizeof (smb_ads_host_info_t));
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (dup_host);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego}
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States/*
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * smb_ads_find_host
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Finds an ADS host in a given domain.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * If the cached host is valid, it will be used. Otherwise, a DC will
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * be selected based on the following criteria:
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * 1) pdc (aka preferred DC) configuration
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * 2) AD site configuration - the scope of the DNS lookup will be
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * restricted to the specified site.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * 3) DC on the same subnet
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * 4) DC with the lowest priority/highest weight
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * The above items are listed in decreasing preference order. The selected
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * DC must be online.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * If this function is called during domain join, the specified kpasswd server
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * takes precedence over preferred DC, AD site, and so on.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Parameters:
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * domain: fully-qualified domain name.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States *
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * Returns:
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * A copy of the cached host info is returned. The caller is responsible
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * for deallocating the memory returned by this function.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States */
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States/*ARGSUSED*/
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statessmb_ads_host_info_t *
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rosssmb_ads_find_host(char *domain)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States{
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross smb_ads_host_info_t *host = NULL;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross DOMAIN_CONTROLLER_INFO *dci = NULL;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross struct sockaddr_storage *ss;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross uint32_t flags = DS_DS_FLAG;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross uint32_t status;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross int tries;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright (void) mutex_lock(&smb_ads_cached_host_mtx);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross if (smb_ads_validate_cache_host(domain)) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright host = smb_ads_dup_host_info(smb_ads_cached_host_info);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright (void) mutex_unlock(&smb_ads_cached_host_mtx);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright return (host);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States }
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright (void) mutex_unlock(&smb_ads_cached_host_mtx);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright smb_ads_free_cached_host();
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States /*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * The _real_ DC Locator is over in idmapd.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Door call over there to get it.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross tries = 15;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossagain:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross status = _DsGetDcName(
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross NULL, /* ComputerName */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross domain,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross NULL, /* DomainGuid */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross NULL, /* SiteName */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross flags,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross &dci);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross switch (status) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross case 0:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross break;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright /*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * We can see these errors when joining a domain, if we race
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * asking idmap for the DC before it knows the new domain.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross case NT_STATUS_NO_SUCH_DOMAIN: /* Specified domain unknown */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross case NT_STATUS_INVALID_SERVER_STATE: /* not in domain mode. */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross if (--tries > 0) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross (void) sleep(1);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross goto again;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross /* FALLTHROUGH */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross case NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross case NT_STATUS_CANT_WAIT: /* timeout over in idmap */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross default:
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (NULL);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross host = calloc(1, sizeof (*host));
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross if (host == NULL)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross goto out;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross (void) strlcpy(host->name, dci->DomainControllerName, MAXHOSTNAMELEN);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross ss = (void *)dci->_sockaddr;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross switch (ss->ss_family) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross case AF_INET: {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross struct sockaddr_in *sin = (void *)ss;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross host->port = ntohs(sin->sin_port);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross host->ipaddr.a_family = AF_INET;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross (void) memcpy(&host->ipaddr.a_ipv4, &sin->sin_addr,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross sizeof (in_addr_t));
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross break;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross case AF_INET6: {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross struct sockaddr_in6 *sin6 = (void *)ss;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross host->port = ntohs(sin6->sin6_port);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross host->ipaddr.a_family = AF_INET6;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross (void) memcpy(&host->ipaddr.a_ipv6, &sin6->sin6_addr,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross sizeof (in6_addr_t));
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross break;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross default:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross syslog(LOG_ERR, "no addr for DC %s",
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross dci->DomainControllerName);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross free(host);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross host = NULL;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross goto out;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States }
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross (void) mutex_lock(&smb_ads_cached_host_mtx);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross if (!smb_ads_cached_host_info)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross smb_ads_cached_host_info = smb_ads_dup_host_info(host);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross host = smb_ads_dup_host_info(smb_ads_cached_host_info);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross (void) mutex_unlock(&smb_ads_cached_host_mtx);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossout:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross DsFreeDcInfo(dci);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright return (host);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * Return the number of dots in a string.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States */
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statesstatic int
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statessmb_ads_count_dots(const char *s)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States{
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States int ndots = 0;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States while (*s) {
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (*s++ == '.')
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States ndots++;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States }
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (ndots);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States}
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States/*
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * Convert a domain name in dot notation to distinguished name format,
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * for example: sun.com -> dc=sun,dc=com.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States *
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * Returns a pointer to an allocated buffer containing the distinguished
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * name.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic char *
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statessmb_ads_convert_domain(const char *domain_name)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States const char *s;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States char *dn_name;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States char buf[2];
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States int ndots;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States int len;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (domain_name == NULL || *domain_name == 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (NULL);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States ndots = smb_ads_count_dots(domain_name);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States ++ndots;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States len = strlen(domain_name) + (ndots * SMB_ADS_DN_PREFIX_LEN) + 1;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if ((dn_name = malloc(len)) == NULL)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (NULL);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States bzero(dn_name, len);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States (void) strlcpy(dn_name, "dc=", len);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States buf[1] = '\0';
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States s = domain_name;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw while (*s) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (*s == '.') {
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States (void) strlcat(dn_name, ",dc=", len);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw } else {
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States buf[0] = *s;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States (void) strlcat(dn_name, buf, len);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States ++s;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (dn_name);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * smb_ads_free_cached_host
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States *
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * Free the memory use by the global smb_ads_cached_host_info & set it to NULL.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic void
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statessmb_ads_free_cached_host(void)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States (void) mutex_lock(&smb_ads_cached_host_mtx);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (smb_ads_cached_host_info) {
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States free(smb_ads_cached_host_info);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ads_cached_host_info = NULL;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States (void) mutex_unlock(&smb_ads_cached_host_mtx);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_open
55bf511df53aad0fdb7eb3fa349f0308cc05234cas * Open a LDAP connection to an ADS server if the system is in domain mode.
55bf511df53aad0fdb7eb3fa349f0308cc05234cas * Acquire both Kerberos TGT and LDAP service tickets for the host principal.
55bf511df53aad0fdb7eb3fa349f0308cc05234cas *
55bf511df53aad0fdb7eb3fa349f0308cc05234cas * This function should only be called after the system is successfully joined
55bf511df53aad0fdb7eb3fa349f0308cc05234cas * to a domain.
55bf511df53aad0fdb7eb3fa349f0308cc05234cas */
3db3f65c6274eb042354801a308c8e9bc4994553amwsmb_ads_handle_t *
3db3f65c6274eb042354801a308c8e9bc4994553amwsmb_ads_open(void)
55bf511df53aad0fdb7eb3fa349f0308cc05234cas{
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as char domain[MAXHOSTNAMELEN];
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross smb_ads_handle_t *h;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross smb_ads_status_t err;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as if (smb_config_get_secmode() != SMB_SECMODE_DOMAIN)
55bf511df53aad0fdb7eb3fa349f0308cc05234cas return (NULL);
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as if (smb_getfqdomainname(domain, MAXHOSTNAMELEN) != 0)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NULL);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross err = smb_ads_open_main(&h, domain, NULL, NULL);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross if (err != 0) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross smb_ads_log_errmsg(err);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (NULL);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (h);
55bf511df53aad0fdb7eb3fa349f0308cc05234cas}
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wrightstatic int
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wrightsmb_ads_saslcallback(LDAP *ld, unsigned flags, void *defaults, void *prompts)
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright{
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright NOTE(ARGUNUSED(ld, defaults));
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright sasl_interact_t *interact;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright if (prompts == NULL || flags != LDAP_SASL_INTERACTIVE)
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright return (LDAP_PARAM_ERROR);
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright /* There should be no extra arguemnts for SASL/GSSAPI authentication */
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright for (interact = prompts; interact->id != SASL_CB_LIST_END;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright interact++) {
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright interact->result = NULL;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright interact->len = 0;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright }
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright return (LDAP_SUCCESS);
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright}
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright
55bf511df53aad0fdb7eb3fa349f0308cc05234cas/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_open_main
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Open a LDAP connection to an ADS server.
55bf511df53aad0fdb7eb3fa349f0308cc05234cas * If ADS is enabled and the administrative username, password, and
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ADS domain are defined then query DNS to find an ADS server if this is the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * very first call to this routine. After an ADS server is found then this
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * server will be used everytime this routine is called until the system is
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * rebooted or the ADS server becomes unavailable then an ADS server will
3db3f65c6274eb042354801a308c8e9bc4994553amw * be queried again. After the connection is made then an ADS handle
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * is created to be returned.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * After the LDAP connection, the LDAP version will be set to 3 using
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ldap_set_option().
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright * The LDAP connection is bound before the ADS handle is returned.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Parameters:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * domain - fully-qualified domain name
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * user - the user account for whom the Kerberos TGT ticket and ADS
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * service tickets are acquired.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * password - password of the specified user
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns:
3db3f65c6274eb042354801a308c8e9bc4994553amw * NULL : can't connect to ADS server or other errors
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_handle_t* : handle to ADS server
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossstatic int
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rosssmb_ads_open_main(smb_ads_handle_t **hp, char *domain, char *user,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross char *password)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
3db3f65c6274eb042354801a308c8e9bc4994553amw smb_ads_handle_t *ah;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw LDAP *ld;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States int version = 3;
3db3f65c6274eb042354801a308c8e9bc4994553amw smb_ads_host_info_t *ads_host = NULL;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross int err, rc;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross *hp = NULL;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright if (user != NULL) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross err = smb_kinit(domain, user, password);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross if (err != 0)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (err);
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright user = NULL;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright password = NULL;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross ads_host = smb_ads_find_host(domain);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (ads_host == NULL)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (SMB_ADS_CANT_LOCATE_DC);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
3db3f65c6274eb042354801a308c8e9bc4994553amw ah = (smb_ads_handle_t *)malloc(sizeof (smb_ads_handle_t));
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright if (ah == NULL) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright free(ads_host);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (ENOMEM);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
3db3f65c6274eb042354801a308c8e9bc4994553amw (void) memset(ah, 0, sizeof (smb_ads_handle_t));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego if ((ld = ldap_init(ads_host->name, ads_host->port)) == NULL) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross syslog(LOG_ERR, "smbns: ldap_init failed");
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ads_free_cached_host();
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw free(ah);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright free(ads_host);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (SMB_ADS_LDAP_INIT);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw != LDAP_SUCCESS) {
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ads_free_cached_host();
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw free(ah);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright free(ads_host);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) ldap_unbind(ld);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (SMB_ADS_LDAP_SETOPT);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ah->ld = ld;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ah->domain = strdup(domain);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
55bf511df53aad0fdb7eb3fa349f0308cc05234cas if (ah->domain == NULL) {
3db3f65c6274eb042354801a308c8e9bc4994553amw smb_ads_close(ah);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright free(ads_host);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (SMB_ADS_LDAP_SETOPT);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States /*
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * ah->domain is often used for generating service principal name.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * Convert it to lower case for RFC 4120 section 6.2.1 conformance.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States (void) smb_strlwr(ah->domain);
3db3f65c6274eb042354801a308c8e9bc4994553amw ah->domain_dn = smb_ads_convert_domain(domain);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (ah->domain_dn == NULL) {
3db3f65c6274eb042354801a308c8e9bc4994553amw smb_ads_close(ah);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright free(ads_host);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (SMB_ADS_LDAP_SET_DOM);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ah->hostname = strdup(ads_host->name);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (ah->hostname == NULL) {
3db3f65c6274eb042354801a308c8e9bc4994553amw smb_ads_close(ah);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright free(ads_host);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (ENOMEM);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright (void) mutex_lock(&smb_ads_cfg.c_mtx);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright if (*smb_ads_cfg.c_site != '\0') {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright if ((ah->site = strdup(smb_ads_cfg.c_site)) == NULL) {
3db3f65c6274eb042354801a308c8e9bc4994553amw smb_ads_close(ah);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright (void) mutex_unlock(&smb_ads_cfg.c_mtx);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright free(ads_host);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (ENOMEM);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw } else {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ah->site = NULL;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright (void) mutex_unlock(&smb_ads_cfg.c_mtx);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright rc = ldap_sasl_interactive_bind_s(ah->ld, "", "GSSAPI", NULL, NULL,
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright LDAP_SASL_INTERACTIVE, &smb_ads_saslcallback, NULL);
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright if (rc != LDAP_SUCCESS) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross syslog(LOG_ERR, "smbns: ldap_sasl_..._bind_s failed (%s)",
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright ldap_err2string(rc));
3db3f65c6274eb042354801a308c8e9bc4994553amw smb_ads_close(ah);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright free(ads_host);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (SMB_ADS_LDAP_SASL_BIND);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright free(ads_host);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross *hp = ah;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (SMB_ADS_SUCCESS);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_close
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Close connection to ADS server and free memory allocated for ADS handle.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * LDAP unbind is called here.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Parameters:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ah: handle to ADS server
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * void
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwvoid
3db3f65c6274eb042354801a308c8e9bc4994553amwsmb_ads_close(smb_ads_handle_t *ah)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (ah == NULL)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* close and free connection resources */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (ah->ld)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) ldap_unbind(ah->ld);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw free(ah->domain);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw free(ah->domain_dn);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw free(ah->hostname);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw free(ah->site);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw free(ah);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_alloc_attr
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas *
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas * Since the attrs is a null-terminated array, all elements
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas * in the array (except the last one) will point to allocated
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas * memory.
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas */
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easstatic int
3db3f65c6274eb042354801a308c8e9bc4994553amwsmb_ads_alloc_attr(LDAPMod *attrs[], int num)
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas{
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas int i;
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas bzero(attrs, num * sizeof (LDAPMod *));
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas for (i = 0; i < (num - 1); i++) {
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas attrs[i] = (LDAPMod *)malloc(sizeof (LDAPMod));
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas if (attrs[i] == NULL) {
3db3f65c6274eb042354801a308c8e9bc4994553amw smb_ads_free_attr(attrs);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas return (-1);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas }
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas }
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas return (0);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas}
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_free_attr
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Free memory allocated when publishing a share.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Parameters:
55bf511df53aad0fdb7eb3fa349f0308cc05234cas * attrs: an array of LDAPMod pointers
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * None
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic void
3db3f65c6274eb042354801a308c8e9bc4994553amwsmb_ads_free_attr(LDAPMod *attrs[])
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw int i;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas for (i = 0; attrs[i]; i++) {
55bf511df53aad0fdb7eb3fa349f0308cc05234cas free(attrs[i]);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier/*
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * Returns share DN in an allocated buffer. The format of the DN is
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * cn=<sharename>,<container RDNs>,<domain DN>
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier *
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * If the domain DN is not included in the container parameter,
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * then it will be appended to create the share DN.
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier *
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * The caller must free the allocated buffer.
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier */
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krierstatic char *
fe1c642d06e14b412cd83ae2179303186ab08972Bill Kriersmb_ads_get_sharedn(const char *sharename, const char *container,
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier const char *domain_dn)
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier{
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier char *share_dn;
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier int rc, offset, container_len, domain_len;
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier boolean_t append_domain = B_TRUE;
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier container_len = strlen(container);
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier domain_len = strlen(domain_dn);
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier if (container_len >= domain_len) {
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier /* offset to last domain_len characters */
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier offset = container_len - domain_len;
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier if (smb_strcasecmp(container + offset,
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier domain_dn, domain_len) == 0)
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier append_domain = B_FALSE;
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier }
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier if (append_domain)
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier rc = asprintf(&share_dn, "cn=%s,%s,%s", sharename,
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier container, domain_dn);
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier else
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier rc = asprintf(&share_dn, "cn=%s,%s", sharename,
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier container);
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier return ((rc == -1) ? NULL : share_dn);
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier}
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_add_share
3db3f65c6274eb042354801a308c8e9bc4994553amw * Call by smb_ads_publish_share to create share object in ADS.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This routine specifies the attributes of an ADS LDAP share object. The first
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * attribute and values define the type of ADS object, the share object. The
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * second attribute and value define the UNC of the share data for the share
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * object. The LDAP synchronous add command is used to add the object into ADS.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The container location to add the object needs to specified.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Parameters:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ah : handle to ADS server
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * adsShareName: name of share object to be created in ADS
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * shareUNC : share name on NetForce
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * adsContainer: location in ADS to create share object
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * -1 : error
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * 0 : success
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
3db3f65c6274eb042354801a308c8e9bc4994553amwsmb_ads_add_share(smb_ads_handle_t *ah, const char *adsShareName,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw const char *unc_name, const char *adsContainer)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
3db3f65c6274eb042354801a308c8e9bc4994553amw LDAPMod *attrs[SMB_ADS_SHARE_NUM_ATTR];
55bf511df53aad0fdb7eb3fa349f0308cc05234cas int j = 0;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw char *share_dn;
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier int ret;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego char *unc_names[] = {(char *)unc_name, NULL};
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier if ((share_dn = smb_ads_get_sharedn(adsShareName, adsContainer,
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier ah->domain_dn)) == NULL)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
3db3f65c6274eb042354801a308c8e9bc4994553amw if (smb_ads_alloc_attr(attrs, SMB_ADS_SHARE_NUM_ATTR) != 0) {
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas free(share_dn);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas return (-1);
55bf511df53aad0fdb7eb3fa349f0308cc05234cas }
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
55bf511df53aad0fdb7eb3fa349f0308cc05234cas attrs[j]->mod_op = LDAP_MOD_ADD;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas attrs[j]->mod_type = "objectClass";
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego attrs[j]->mod_values = smb_ads_share_objcls;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
55bf511df53aad0fdb7eb3fa349f0308cc05234cas attrs[++j]->mod_op = LDAP_MOD_ADD;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas attrs[j]->mod_type = "uNCName";
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego attrs[j]->mod_values = unc_names;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
55bf511df53aad0fdb7eb3fa349f0308cc05234cas if ((ret = ldap_add_s(ah->ld, share_dn, attrs)) != LDAP_SUCCESS) {
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States if (ret == LDAP_NO_SUCH_OBJECT) {
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States syslog(LOG_ERR, "Failed to publish share %s in" \
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States " AD. Container does not exist: %s.\n",
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States adsShareName, share_dn);
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States } else {
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States syslog(LOG_ERR, "Failed to publish share %s in" \
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States " AD: %s (%s).\n", adsShareName, share_dn,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States ldap_err2string(ret));
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States }
3db3f65c6274eb042354801a308c8e9bc4994553amw smb_ads_free_attr(attrs);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw free(share_dn);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (ret);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw free(share_dn);
3db3f65c6274eb042354801a308c8e9bc4994553amw smb_ads_free_attr(attrs);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_del_share
3db3f65c6274eb042354801a308c8e9bc4994553amw * Call by smb_ads_remove_share to remove share object from ADS. The container
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * location to remove the object needs to specified. The LDAP synchronous
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * delete command is used.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Parameters:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ah : handle to ADS server
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * adsShareName: name of share object in ADS to be removed
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * adsContainer: location of share object in ADS
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * -1 : error
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * 0 : success
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic int
3db3f65c6274eb042354801a308c8e9bc4994553amwsmb_ads_del_share(smb_ads_handle_t *ah, const char *adsShareName,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw const char *adsContainer)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States char *share_dn;
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier int ret;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier if ((share_dn = smb_ads_get_sharedn(adsShareName, adsContainer,
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier ah->domain_dn)) == NULL)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if ((ret = ldap_delete_s(ah->ld, share_dn)) != LDAP_SUCCESS) {
fc724630b14603e4c1147df68b7bf45f7de7431fAlan Wright smb_tracef("ldap_delete: %s", ldap_err2string(ret));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw free(share_dn);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw free(share_dn);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_escape_search_filter_chars
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This routine will escape the special characters found in a string
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * that will later be passed to the ldap search filter.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * RFC 1960 - A String Representation of LDAP Search Filters
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * 3. String Search Filter Definition
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If a value must contain one of the characters '*' OR '(' OR ')',
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * these characters
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * should be escaped by preceding them with the backslash '\' character.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * RFC 2252 - LDAP Attribute Syntax Definitions
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * a backslash quoting mechanism is used to escape
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the following separator symbol character (such as "'", "$" or "#") if
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * it should occur in that string.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic int
3db3f65c6274eb042354801a308c8e9bc4994553amwsmb_ads_escape_search_filter_chars(const char *src, char *dst)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
3db3f65c6274eb042354801a308c8e9bc4994553amw int avail = SMB_ADS_MAXBUFLEN - 1; /* reserve a space for NULL char */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (src == NULL || dst == NULL)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw while (*src) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (!avail) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *dst = 0;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw switch (*src) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw case '\\':
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw case '\'':
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw case '$':
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw case '#':
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw case '*':
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw case '(':
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw case ')':
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *dst++ = '\\';
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw avail--;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* fall through */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw default:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *dst++ = *src++;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw avail--;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *dst = 0;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_lookup_share
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The search filter is set to search for a specific share name in the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * specified ADS container. The LDSAP synchronous search command is used.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Parameters:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ah : handle to ADS server
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * adsShareName: name of share object in ADS to be searched
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * adsContainer: location of share object in ADS
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * -1 : error
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * 0 : not found
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * 1 : found
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
3db3f65c6274eb042354801a308c8e9bc4994553amwsmb_ads_lookup_share(smb_ads_handle_t *ah, const char *adsShareName,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw const char *adsContainer, char *unc_name)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
3db3f65c6274eb042354801a308c8e9bc4994553amw char *attrs[4], filter[SMB_ADS_MAXBUFLEN];
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw char *share_dn;
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier int ret;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw LDAPMessage *res;
3db3f65c6274eb042354801a308c8e9bc4994553amw char tmpbuf[SMB_ADS_MAXBUFLEN];
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (adsShareName == NULL || adsContainer == NULL)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier if ((share_dn = smb_ads_get_sharedn(adsShareName, adsContainer,
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier ah->domain_dn)) == NULL)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw res = NULL;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw attrs[0] = "cn";
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw attrs[1] = "objectClass";
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw attrs[2] = "uNCName";
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw attrs[3] = NULL;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
3db3f65c6274eb042354801a308c8e9bc4994553amw if (smb_ads_escape_search_filter_chars(unc_name, tmpbuf) != 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw free(share_dn);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) snprintf(filter, sizeof (filter),
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "(&(objectClass=volume)(uNCName=%s))", tmpbuf);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if ((ret = ldap_search_s(ah->ld, share_dn,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw LDAP_SCOPE_BASE, filter, attrs, 0, &res)) != LDAP_SUCCESS) {
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (ret != LDAP_NO_SUCH_OBJECT)
fc724630b14603e4c1147df68b7bf45f7de7431fAlan Wright smb_tracef("%s: ldap_search: %s", share_dn,
fc724630b14603e4c1147df68b7bf45f7de7431fAlan Wright ldap_err2string(ret));
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) ldap_msgfree(res);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw free(share_dn);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) free(share_dn);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* no match is found */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (ldap_count_entries(ah->ld, res) == 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) ldap_msgfree(res);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* free the search results */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) ldap_msgfree(res);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_publish_share
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Publish share into ADS. If a share name already exist in ADS in the same
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * container then the existing share object is removed before adding the new
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * share object.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Parameters:
3db3f65c6274eb042354801a308c8e9bc4994553amw * ah : handle return from smb_ads_open
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * adsShareName: name of share to be added to ADS directory
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * shareUNC : name of share on client, can be NULL to use the same name
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * as adsShareName
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * adsContainer: location for share to be added in ADS directory, ie
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ou=share_folder
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * uncType : use UNC_HOSTNAME to use hostname for UNC, use UNC_HOSTADDR
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * to use host ip addr for UNC.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * -1 : error
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * 0 : success
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
3db3f65c6274eb042354801a308c8e9bc4994553amwsmb_ads_publish_share(smb_ads_handle_t *ah, const char *adsShareName,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw const char *shareUNC, const char *adsContainer, const char *hostname)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw int ret;
3db3f65c6274eb042354801a308c8e9bc4994553amw char unc_name[SMB_ADS_MAXBUFLEN];
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (adsShareName == NULL || adsContainer == NULL)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (shareUNC == 0 || *shareUNC == 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw shareUNC = adsShareName;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
3db3f65c6274eb042354801a308c8e9bc4994553amw if (smb_ads_build_unc_name(unc_name, sizeof (unc_name),
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States hostname, shareUNC) < 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
3db3f65c6274eb042354801a308c8e9bc4994553amw ret = smb_ads_lookup_share(ah, adsShareName, adsContainer, unc_name);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw switch (ret) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw case 1:
3db3f65c6274eb042354801a308c8e9bc4994553amw (void) smb_ads_del_share(ah, adsShareName, adsContainer);
3db3f65c6274eb042354801a308c8e9bc4994553amw ret = smb_ads_add_share(ah, adsShareName, unc_name,
3db3f65c6274eb042354801a308c8e9bc4994553amw adsContainer);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw break;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw case 0:
3db3f65c6274eb042354801a308c8e9bc4994553amw ret = smb_ads_add_share(ah, adsShareName, unc_name,
3db3f65c6274eb042354801a308c8e9bc4994553amw adsContainer);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (ret == LDAP_ALREADY_EXISTS)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ret = -1;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw break;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw case -1:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw default:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* return with error code */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ret = -1;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (ret);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_remove_share
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Remove share from ADS. A search is done first before explicitly removing
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the share.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Parameters:
3db3f65c6274eb042354801a308c8e9bc4994553amw * ah : handle return from smb_ads_open
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * adsShareName: name of share to be removed from ADS directory
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * adsContainer: location for share to be removed from ADS directory, ie
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ou=share_folder
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * -1 : error
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * 0 : success
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
3db3f65c6274eb042354801a308c8e9bc4994553amwsmb_ads_remove_share(smb_ads_handle_t *ah, const char *adsShareName,
3db3f65c6274eb042354801a308c8e9bc4994553amw const char *shareUNC, const char *adsContainer, const char *hostname)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw int ret;
3db3f65c6274eb042354801a308c8e9bc4994553amw char unc_name[SMB_ADS_MAXBUFLEN];
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (adsShareName == NULL || adsContainer == NULL)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (shareUNC == 0 || *shareUNC == 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw shareUNC = adsShareName;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
3db3f65c6274eb042354801a308c8e9bc4994553amw if (smb_ads_build_unc_name(unc_name, sizeof (unc_name),
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States hostname, shareUNC) < 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
3db3f65c6274eb042354801a308c8e9bc4994553amw ret = smb_ads_lookup_share(ah, adsShareName, adsContainer, unc_name);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (ret == 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (ret == -1)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
3db3f65c6274eb042354801a308c8e9bc4994553amw return (smb_ads_del_share(ah, adsShareName, adsContainer));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * smb_ads_get_default_comp_container_dn
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * Build the distinguished name for the default computer conatiner (i.e. the
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * pre-defined Computers container).
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic void
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statessmb_ads_get_default_comp_container_dn(smb_ads_handle_t *ah, char *buf,
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States size_t buflen)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States (void) snprintf(buf, buflen, "cn=%s,%s", SMB_ADS_COMPUTERS_CN,
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States ah->domain_dn);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States/*
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * smb_ads_get_default_comp_dn
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States *
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * Build the distinguished name for this system.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States */
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statesstatic void
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statessmb_ads_get_default_comp_dn(smb_ads_handle_t *ah, char *buf, size_t buflen)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States{
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States char nbname[NETBIOS_NAME_SZ];
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States char container_dn[SMB_ADS_DN_MAX];
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States (void) smb_getnetbiosname(nbname, sizeof (nbname));
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ads_get_default_comp_container_dn(ah, container_dn, SMB_ADS_DN_MAX);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States (void) snprintf(buf, buflen, "cn=%s,%s", nbname, container_dn);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_add_computer
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns 0 upon success. Otherwise, returns -1.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic int
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borregosmb_ads_add_computer(smb_ads_handle_t *ah, int dclevel, char *dn)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego return (smb_ads_computer_op(ah, LDAP_MOD_ADD, dclevel, dn));
55bf511df53aad0fdb7eb3fa349f0308cc05234cas}
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
55bf511df53aad0fdb7eb3fa349f0308cc05234cas/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_modify_computer
55bf511df53aad0fdb7eb3fa349f0308cc05234cas *
55bf511df53aad0fdb7eb3fa349f0308cc05234cas * Returns 0 upon success. Otherwise, returns -1.
55bf511df53aad0fdb7eb3fa349f0308cc05234cas */
55bf511df53aad0fdb7eb3fa349f0308cc05234casstatic int
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borregosmb_ads_modify_computer(smb_ads_handle_t *ah, int dclevel, char *dn)
55bf511df53aad0fdb7eb3fa349f0308cc05234cas{
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego return (smb_ads_computer_op(ah, LDAP_MOD_REPLACE, dclevel, dn));
55bf511df53aad0fdb7eb3fa349f0308cc05234cas}
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
3db3f65c6274eb042354801a308c8e9bc4994553amw/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_get_dc_level
3db3f65c6274eb042354801a308c8e9bc4994553amw *
3db3f65c6274eb042354801a308c8e9bc4994553amw * Returns the functional level of the DC upon success.
3db3f65c6274eb042354801a308c8e9bc4994553amw * Otherwise, -1 is returned.
3db3f65c6274eb042354801a308c8e9bc4994553amw */
55bf511df53aad0fdb7eb3fa349f0308cc05234casstatic int
3db3f65c6274eb042354801a308c8e9bc4994553amwsmb_ads_get_dc_level(smb_ads_handle_t *ah)
55bf511df53aad0fdb7eb3fa349f0308cc05234cas{
3db3f65c6274eb042354801a308c8e9bc4994553amw LDAPMessage *res, *entry;
3db3f65c6274eb042354801a308c8e9bc4994553amw char *attr[2];
3db3f65c6274eb042354801a308c8e9bc4994553amw char **vals;
3db3f65c6274eb042354801a308c8e9bc4994553amw int rc = -1;
3db3f65c6274eb042354801a308c8e9bc4994553amw
3db3f65c6274eb042354801a308c8e9bc4994553amw res = NULL;
3db3f65c6274eb042354801a308c8e9bc4994553amw attr[0] = SMB_ADS_ATTR_DCLEVEL;
3db3f65c6274eb042354801a308c8e9bc4994553amw attr[1] = NULL;
3db3f65c6274eb042354801a308c8e9bc4994553amw if (ldap_search_s(ah->ld, "", LDAP_SCOPE_BASE, NULL, attr,
3db3f65c6274eb042354801a308c8e9bc4994553amw 0, &res) != LDAP_SUCCESS) {
3db3f65c6274eb042354801a308c8e9bc4994553amw (void) ldap_msgfree(res);
3db3f65c6274eb042354801a308c8e9bc4994553amw return (-1);
3db3f65c6274eb042354801a308c8e9bc4994553amw }
3db3f65c6274eb042354801a308c8e9bc4994553amw
3db3f65c6274eb042354801a308c8e9bc4994553amw /* no match for the specified attribute is found */
3db3f65c6274eb042354801a308c8e9bc4994553amw if (ldap_count_entries(ah->ld, res) == 0) {
3db3f65c6274eb042354801a308c8e9bc4994553amw (void) ldap_msgfree(res);
3db3f65c6274eb042354801a308c8e9bc4994553amw return (-1);
3db3f65c6274eb042354801a308c8e9bc4994553amw }
3db3f65c6274eb042354801a308c8e9bc4994553amw
3db3f65c6274eb042354801a308c8e9bc4994553amw entry = ldap_first_entry(ah->ld, res);
3db3f65c6274eb042354801a308c8e9bc4994553amw if (entry) {
3db3f65c6274eb042354801a308c8e9bc4994553amw if ((vals = ldap_get_values(ah->ld, entry,
3db3f65c6274eb042354801a308c8e9bc4994553amw SMB_ADS_ATTR_DCLEVEL)) == NULL) {
3db3f65c6274eb042354801a308c8e9bc4994553amw /*
3db3f65c6274eb042354801a308c8e9bc4994553amw * Observed the values aren't populated
3db3f65c6274eb042354801a308c8e9bc4994553amw * by the Windows 2000 server.
3db3f65c6274eb042354801a308c8e9bc4994553amw */
3db3f65c6274eb042354801a308c8e9bc4994553amw (void) ldap_msgfree(res);
3db3f65c6274eb042354801a308c8e9bc4994553amw return (SMB_ADS_DCLEVEL_W2K);
3db3f65c6274eb042354801a308c8e9bc4994553amw }
3db3f65c6274eb042354801a308c8e9bc4994553amw
3db3f65c6274eb042354801a308c8e9bc4994553amw if (vals[0] != NULL)
3db3f65c6274eb042354801a308c8e9bc4994553amw rc = atoi(vals[0]);
3db3f65c6274eb042354801a308c8e9bc4994553amw
3db3f65c6274eb042354801a308c8e9bc4994553amw ldap_value_free(vals);
3db3f65c6274eb042354801a308c8e9bc4994553amw }
3db3f65c6274eb042354801a308c8e9bc4994553amw
3db3f65c6274eb042354801a308c8e9bc4994553amw (void) ldap_msgfree(res);
3db3f65c6274eb042354801a308c8e9bc4994553amw return (rc);
3db3f65c6274eb042354801a308c8e9bc4994553amw}
3db3f65c6274eb042354801a308c8e9bc4994553amw
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States/*
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * The fully-qualified hostname returned by this function is often used for
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * constructing service principal name. Return the fully-qualified hostname
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * in lower case for RFC 4120 section 6.2.1 conformance.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States */
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statesstatic int
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statessmb_ads_getfqhostname(smb_ads_handle_t *ah, char *fqhost, int len)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States{
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States if (smb_gethostname(fqhost, len, SMB_CASE_LOWER) != 0)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (-1);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States (void) snprintf(fqhost, len, "%s.%s", fqhost,
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States ah->domain);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (0);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States}
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
3db3f65c6274eb042354801a308c8e9bc4994553amwstatic int
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borregosmb_ads_computer_op(smb_ads_handle_t *ah, int op, int dclevel, char *dn)
3db3f65c6274eb042354801a308c8e9bc4994553amw{
3db3f65c6274eb042354801a308c8e9bc4994553amw LDAPMod *attrs[SMB_ADS_COMPUTER_NUM_ATTR];
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright char *sam_val[2];
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright char *ctl_val[2], *fqh_val[2];
3db3f65c6274eb042354801a308c8e9bc4994553amw char *encrypt_val[2];
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas int j = -1;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw int ret, usrctl_flags = 0;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States char sam_acct[SMB_SAMACCT_MAXLEN];
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw char fqhost[MAXHOSTNAMELEN];
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw char usrctl_buf[16];
3db3f65c6274eb042354801a308c8e9bc4994553amw char encrypt_buf[16];
55bf511df53aad0fdb7eb3fa349f0308cc05234cas int max;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright smb_krb5_pn_set_t spn, upn;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (smb_getsamaccount(sam_acct, sizeof (sam_acct)) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (smb_ads_getfqhostname(ah, fqhost, MAXHOSTNAMELEN))
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright /* The SPN attribute is multi-valued and must be 1 or greater */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if (smb_krb5_get_pn_set(&spn, SMB_PN_SPN_ATTR, ah->domain) == 0)
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas return (-1);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright /* The UPN attribute is single-valued and cannot be zero */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if (smb_krb5_get_pn_set(&upn, SMB_PN_UPN_ATTR, ah->domain) != 1) {
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright smb_krb5_free_pn_set(&spn);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright smb_krb5_free_pn_set(&upn);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
3db3f65c6274eb042354801a308c8e9bc4994553amw max = (SMB_ADS_COMPUTER_NUM_ATTR - ((op != LDAP_MOD_ADD) ? 1 : 0))
b1352070d318187b41b088da3533692976f3f225Alan Wright - (dclevel >= SMB_ADS_DCLEVEL_W2K8 ? 0 : 1);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas
3db3f65c6274eb042354801a308c8e9bc4994553amw if (smb_ads_alloc_attr(attrs, max) != 0) {
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright smb_krb5_free_pn_set(&spn);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright smb_krb5_free_pn_set(&upn);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas return (-1);
55bf511df53aad0fdb7eb3fa349f0308cc05234cas }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
55bf511df53aad0fdb7eb3fa349f0308cc05234cas /* objectClass attribute is not modifiable. */
55bf511df53aad0fdb7eb3fa349f0308cc05234cas if (op == LDAP_MOD_ADD) {
55bf511df53aad0fdb7eb3fa349f0308cc05234cas attrs[++j]->mod_op = op;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas attrs[j]->mod_type = "objectClass";
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego attrs[j]->mod_values = smb_ads_computer_objcls;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas }
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
55bf511df53aad0fdb7eb3fa349f0308cc05234cas attrs[++j]->mod_op = op;
3db3f65c6274eb042354801a308c8e9bc4994553amw attrs[j]->mod_type = SMB_ADS_ATTR_SAMACCT;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw sam_val[0] = sam_acct;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw sam_val[1] = 0;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas attrs[j]->mod_values = sam_val;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
55bf511df53aad0fdb7eb3fa349f0308cc05234cas attrs[++j]->mod_op = op;
3db3f65c6274eb042354801a308c8e9bc4994553amw attrs[j]->mod_type = SMB_ADS_ATTR_UPN;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright attrs[j]->mod_values = upn.s_pns;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
55bf511df53aad0fdb7eb3fa349f0308cc05234cas attrs[++j]->mod_op = op;
3db3f65c6274eb042354801a308c8e9bc4994553amw attrs[j]->mod_type = SMB_ADS_ATTR_SPN;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright attrs[j]->mod_values = spn.s_pns;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
55bf511df53aad0fdb7eb3fa349f0308cc05234cas attrs[++j]->mod_op = op;
3db3f65c6274eb042354801a308c8e9bc4994553amw attrs[j]->mod_type = SMB_ADS_ATTR_CTL;
3db3f65c6274eb042354801a308c8e9bc4994553amw usrctl_flags |= (SMB_ADS_USER_ACCT_CTL_WKSTATION_TRUST_ACCT |
3db3f65c6274eb042354801a308c8e9bc4994553amw SMB_ADS_USER_ACCT_CTL_PASSWD_NOTREQD |
3db3f65c6274eb042354801a308c8e9bc4994553amw SMB_ADS_USER_ACCT_CTL_ACCOUNTDISABLE);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) snprintf(usrctl_buf, sizeof (usrctl_buf), "%d", usrctl_flags);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ctl_val[0] = usrctl_buf;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ctl_val[1] = 0;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas attrs[j]->mod_values = ctl_val;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
55bf511df53aad0fdb7eb3fa349f0308cc05234cas attrs[++j]->mod_op = op;
3db3f65c6274eb042354801a308c8e9bc4994553amw attrs[j]->mod_type = SMB_ADS_ATTR_DNSHOST;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw fqh_val[0] = fqhost;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw fqh_val[1] = 0;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas attrs[j]->mod_values = fqh_val;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
3db3f65c6274eb042354801a308c8e9bc4994553amw /* enctypes support starting in Windows Server 2008 */
3db3f65c6274eb042354801a308c8e9bc4994553amw if (dclevel > SMB_ADS_DCLEVEL_W2K3) {
3db3f65c6274eb042354801a308c8e9bc4994553amw attrs[++j]->mod_op = op;
3db3f65c6274eb042354801a308c8e9bc4994553amw attrs[j]->mod_type = SMB_ADS_ATTR_ENCTYPES;
3db3f65c6274eb042354801a308c8e9bc4994553amw (void) snprintf(encrypt_buf, sizeof (encrypt_buf), "%d",
3db3f65c6274eb042354801a308c8e9bc4994553amw SMB_ADS_ENC_AES256 + SMB_ADS_ENC_AES128 + SMB_ADS_ENC_RC4 +
3db3f65c6274eb042354801a308c8e9bc4994553amw SMB_ADS_ENC_DES_MD5 + SMB_ADS_ENC_DES_CRC);
3db3f65c6274eb042354801a308c8e9bc4994553amw encrypt_val[0] = encrypt_buf;
3db3f65c6274eb042354801a308c8e9bc4994553amw encrypt_val[1] = 0;
3db3f65c6274eb042354801a308c8e9bc4994553amw attrs[j]->mod_values = encrypt_val;
3db3f65c6274eb042354801a308c8e9bc4994553amw }
3db3f65c6274eb042354801a308c8e9bc4994553amw
55bf511df53aad0fdb7eb3fa349f0308cc05234cas switch (op) {
55bf511df53aad0fdb7eb3fa349f0308cc05234cas case LDAP_MOD_ADD:
55bf511df53aad0fdb7eb3fa349f0308cc05234cas if ((ret = ldap_add_s(ah->ld, dn, attrs)) != LDAP_SUCCESS) {
fc724630b14603e4c1147df68b7bf45f7de7431fAlan Wright syslog(LOG_NOTICE, "ldap_add: %s",
55bf511df53aad0fdb7eb3fa349f0308cc05234cas ldap_err2string(ret));
55bf511df53aad0fdb7eb3fa349f0308cc05234cas ret = -1;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas }
55bf511df53aad0fdb7eb3fa349f0308cc05234cas break;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
55bf511df53aad0fdb7eb3fa349f0308cc05234cas case LDAP_MOD_REPLACE:
55bf511df53aad0fdb7eb3fa349f0308cc05234cas if ((ret = ldap_modify_s(ah->ld, dn, attrs)) != LDAP_SUCCESS) {
fc724630b14603e4c1147df68b7bf45f7de7431fAlan Wright syslog(LOG_NOTICE, "ldap_modify: %s",
55bf511df53aad0fdb7eb3fa349f0308cc05234cas ldap_err2string(ret));
55bf511df53aad0fdb7eb3fa349f0308cc05234cas ret = -1;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas }
55bf511df53aad0fdb7eb3fa349f0308cc05234cas break;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
55bf511df53aad0fdb7eb3fa349f0308cc05234cas default:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ret = -1;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
3db3f65c6274eb042354801a308c8e9bc4994553amw smb_ads_free_attr(attrs);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright smb_krb5_free_pn_set(&spn);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright smb_krb5_free_pn_set(&upn);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (ret);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Delete an ADS computer account.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic void
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borregosmb_ads_del_computer(smb_ads_handle_t *ah, char *dn)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw int rc;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
3db3f65c6274eb042354801a308c8e9bc4994553amw if ((rc = ldap_delete_s(ah->ld, dn)) != LDAP_SUCCESS)
fc724630b14603e4c1147df68b7bf45f7de7431fAlan Wright smb_tracef("ldap_delete: %s", ldap_err2string(rc));
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States}
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States/*
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * Gets the value of the given attribute.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States */
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statesstatic smb_ads_qstat_t
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statessmb_ads_getattr(LDAP *ld, LDAPMessage *entry, smb_ads_avpair_t *avpair)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States{
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States char **vals;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ads_qstat_t rc = SMB_ADS_STAT_FOUND;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States assert(avpair);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States avpair->avp_val = NULL;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States vals = ldap_get_values(ld, entry, avpair->avp_attr);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (!vals)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (SMB_ADS_STAT_NOT_FOUND);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (!vals[0]) {
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States ldap_value_free(vals);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (SMB_ADS_STAT_NOT_FOUND);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States }
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States avpair->avp_val = strdup(vals[0]);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (!avpair->avp_val)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States rc = SMB_ADS_STAT_ERR;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States ldap_value_free(vals);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (rc);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States}
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States/*
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * Process query's result.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States */
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statesstatic smb_ads_qstat_t
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statessmb_ads_get_qstat(smb_ads_handle_t *ah, LDAPMessage *res,
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ads_avpair_t *avpair)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States{
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States char fqhost[MAXHOSTNAMELEN];
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ads_avpair_t dnshost_avp;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ads_qstat_t rc = SMB_ADS_STAT_FOUND;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States LDAPMessage *entry;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (smb_ads_getfqhostname(ah, fqhost, MAXHOSTNAMELEN))
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (SMB_ADS_STAT_ERR);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (ldap_count_entries(ah->ld, res) == 0)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (SMB_ADS_STAT_NOT_FOUND);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if ((entry = ldap_first_entry(ah->ld, res)) == NULL)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (SMB_ADS_STAT_ERR);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States dnshost_avp.avp_attr = SMB_ADS_ATTR_DNSHOST;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States rc = smb_ads_getattr(ah->ld, entry, &dnshost_avp);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States switch (rc) {
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States case SMB_ADS_STAT_FOUND:
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States /*
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * Returns SMB_ADS_STAT_DUP to avoid overwriting
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * the computer account of another system whose
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * NetBIOS name collides with that of the current
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * system.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States */
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (strcasecmp(dnshost_avp.avp_val, fqhost))
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States rc = SMB_ADS_STAT_DUP;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States free(dnshost_avp.avp_val);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States break;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States case SMB_ADS_STAT_NOT_FOUND:
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States /*
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * Pre-created computer account doesn't have
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * the dNSHostname attribute. It's been observed
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * that the dNSHostname attribute is only set after
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * a successful domain join.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * Returns SMB_ADS_STAT_FOUND as the account is
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * pre-created for the current system.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States */
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States rc = SMB_ADS_STAT_FOUND;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States break;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States default:
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States break;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States }
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (rc != SMB_ADS_STAT_FOUND)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (rc);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (avpair)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States rc = smb_ads_getattr(ah->ld, entry, avpair);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (rc);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_lookup_computer_n_attr
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * If avpair is NULL, checks the status of the specified computer account.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * Otherwise, looks up the value of the specified computer account's attribute.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * If found, the value field of the avpair will be allocated and set. The
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * caller should free the allocated buffer.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Return:
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * SMB_ADS_STAT_FOUND - if both the computer and the specified attribute is
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * found.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * SMB_ADS_STAT_NOT_FOUND - if either the computer or the specified attribute
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * is not found.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * SMB_ADS_STAT_DUP - if the computer account is already used by other systems
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * in the AD. This could happen if the hostname of multiple
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * systems resolved to the same NetBIOS name.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * SMB_ADS_STAT_ERR - any failure.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statesstatic smb_ads_qstat_t
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statessmb_ads_lookup_computer_n_attr(smb_ads_handle_t *ah, smb_ads_avpair_t *avpair,
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego int scope, char *dn)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States char *attrs[3], filter[SMB_ADS_MAXBUFLEN];
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States LDAPMessage *res;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States char sam_acct[SMB_SAMACCT_MAXLEN], sam_acct2[SMB_SAMACCT_MAXLEN];
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ads_qstat_t rc;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (smb_getsamaccount(sam_acct, sizeof (sam_acct)) != 0)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (SMB_ADS_STAT_ERR);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw res = NULL;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States attrs[0] = SMB_ADS_ATTR_DNSHOST;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw attrs[1] = NULL;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States attrs[2] = NULL;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (avpair) {
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (!avpair->avp_attr)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (SMB_ADS_STAT_ERR);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States attrs[1] = avpair->avp_attr;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States }
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (smb_ads_escape_search_filter_chars(sam_acct, sam_acct2) != 0)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (SMB_ADS_STAT_ERR);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) snprintf(filter, sizeof (filter),
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States "(&(objectClass=computer)(%s=%s))", SMB_ADS_ATTR_SAMACCT,
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States sam_acct2);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego if (ldap_search_s(ah->ld, dn, scope, filter, attrs, 0,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw &res) != LDAP_SUCCESS) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) ldap_msgfree(res);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (SMB_ADS_STAT_NOT_FOUND);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States rc = smb_ads_get_qstat(ah, res, avpair);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* free the search results */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) ldap_msgfree(res);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (rc);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_find_computer
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * Starts by searching for the system's AD computer object in the default
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * container (i.e. cn=Computers). If not found, searches the entire directory.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * If found, 'dn' will be set to the distinguished name of the system's AD
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States * computer object.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statesstatic smb_ads_qstat_t
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borregosmb_ads_find_computer(smb_ads_handle_t *ah, char *dn)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ads_qstat_t stat;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ads_avpair_t avpair;
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States avpair.avp_attr = SMB_ADS_ATTR_DN;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ads_get_default_comp_container_dn(ah, dn, SMB_ADS_DN_MAX);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States stat = smb_ads_lookup_computer_n_attr(ah, &avpair, LDAP_SCOPE_ONELEVEL,
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States dn);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (stat == SMB_ADS_STAT_NOT_FOUND) {
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) strlcpy(dn, ah->domain_dn, SMB_ADS_DN_MAX);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States stat = smb_ads_lookup_computer_n_attr(ah, &avpair,
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States LDAP_SCOPE_SUBTREE, dn);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States }
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (stat == SMB_ADS_STAT_FOUND) {
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States (void) strlcpy(dn, avpair.avp_val, SMB_ADS_DN_MAX);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States free(avpair.avp_val);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego }
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (stat);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_update_computer_cntrl_attr
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Modify the user account control attribute of an existing computer
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * object on AD.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Returns LDAP error code.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic int
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_ads_update_computer_cntrl_attr(smb_ads_handle_t *ah, int flags, char *dn)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas LDAPMod *attrs[2];
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw char *ctl_val[2];
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego int ret = 0;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw char usrctl_buf[16];
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
3db3f65c6274eb042354801a308c8e9bc4994553amw if (smb_ads_alloc_attr(attrs, sizeof (attrs) / sizeof (LDAPMod *)) != 0)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego return (LDAP_NO_MEMORY);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas attrs[0]->mod_op = LDAP_MOD_REPLACE;
3db3f65c6274eb042354801a308c8e9bc4994553amw attrs[0]->mod_type = SMB_ADS_ATTR_CTL;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego (void) snprintf(usrctl_buf, sizeof (usrctl_buf), "%d", flags);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ctl_val[0] = usrctl_buf;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ctl_val[1] = 0;
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas attrs[0]->mod_values = ctl_val;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if ((ret = ldap_modify_s(ah->ld, dn, attrs)) != LDAP_SUCCESS) {
fc724630b14603e4c1147df68b7bf45f7de7431fAlan Wright syslog(LOG_NOTICE, "ldap_modify: %s", ldap_err2string(ret));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
3db3f65c6274eb042354801a308c8e9bc4994553amw smb_ads_free_attr(attrs);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (ret);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_lookup_computer_attr_kvno
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Lookup the value of the Kerberos version number attribute of the computer
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * account.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic krb5_kvno
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borregosmb_ads_lookup_computer_attr_kvno(smb_ads_handle_t *ah, char *dn)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ads_avpair_t avpair;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw int kvno = 1;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States avpair.avp_attr = SMB_ADS_ATTR_KVNO;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (smb_ads_lookup_computer_n_attr(ah, &avpair,
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States LDAP_SCOPE_BASE, dn) == SMB_ADS_STAT_FOUND) {
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States kvno = atoi(avpair.avp_val);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States free(avpair.avp_val);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (kvno);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
55bf511df53aad0fdb7eb3fa349f0308cc05234cas/*
3db3f65c6274eb042354801a308c8e9bc4994553amw * smb_ads_join
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Besides the NT-4 style domain join (using MS-RPC), CIFS server also
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * provides the domain join using Kerberos Authentication, Keberos
55bf511df53aad0fdb7eb3fa349f0308cc05234cas * Change & Set password, and LDAP protocols. Basically, AD join
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * operation would require the following tickets to be acquired for the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the user account that is provided for the domain join.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * 1) a Keberos TGT ticket,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * 2) a ldap service ticket, and
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * 3) kadmin/changpw service ticket
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The ADS client first sends a ldap search request to find out whether
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * or not the workstation trust account already exists in the Active Directory.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The existing computer object for this workstation will be removed and
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * a new one will be added. The machine account password is randomly
3db3f65c6274eb042354801a308c8e9bc4994553amw * generated and set for the newly created computer object using KPASSWD
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * protocol (See RFC 3244). Once the password is set, our ADS client
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * finalizes the machine account by modifying the user acount control
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * attribute of the computer object. Kerberos keys derived from the machine
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * account password will be stored locally in /etc/krb5/krb5.keytab file.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * That would be needed while acquiring Kerberos TGT ticket for the host
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * principal after the domain join operation.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rosssmb_ads_status_t
1ed6b69a5ca1ca3ee5e9a4931f74e2237c7e1c9fGordon Rosssmb_ads_join(char *domain, char *user, char *usr_passwd, char *machine_passwd)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
3db3f65c6274eb042354801a308c8e9bc4994553amw smb_ads_handle_t *ah = NULL;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw krb5_context ctx = NULL;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright krb5_principal *krb5princs = NULL;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw krb5_kvno kvno;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross boolean_t delete = B_TRUE;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross smb_ads_status_t rc;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas boolean_t new_acct;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego int dclevel, num, usrctl_flags = 0;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ads_qstat_t qstat;
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego char dn[SMB_ADS_DN_MAX];
c28afb19581b550bf02e148f953e3b239421e1eeYuri Pankov char tmpfile[] = SMBNS_KRB5_KEYTAB_TMP;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross int cnt, x;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright smb_krb5_pn_set_t spns;
3db3f65c6274eb042354801a308c8e9bc4994553amw krb5_enctype *encptr;
3db3f65c6274eb042354801a308c8e9bc4994553amw
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross rc = smb_ads_open_main(&ah, domain, user, usr_passwd);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross if (rc != 0) {
3db3f65c6274eb042354801a308c8e9bc4994553amw smb_ccache_remove(SMB_CCACHE_PATH);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (rc);
3db3f65c6274eb042354801a308c8e9bc4994553amw }
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
3db3f65c6274eb042354801a308c8e9bc4994553amw if ((dclevel = smb_ads_get_dc_level(ah)) == -1) {
3db3f65c6274eb042354801a308c8e9bc4994553amw smb_ads_close(ah);
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb smb_ccache_remove(SMB_CCACHE_PATH);
3db3f65c6274eb042354801a308c8e9bc4994553amw return (SMB_ADJOIN_ERR_GET_DCLEVEL);
55bf511df53aad0fdb7eb3fa349f0308cc05234cas }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States qstat = smb_ads_find_computer(ah, dn);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States switch (qstat) {
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States case SMB_ADS_STAT_FOUND:
55bf511df53aad0fdb7eb3fa349f0308cc05234cas new_acct = B_FALSE;
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego if (smb_ads_modify_computer(ah, dclevel, dn) != 0) {
3db3f65c6274eb042354801a308c8e9bc4994553amw smb_ads_close(ah);
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb smb_ccache_remove(SMB_CCACHE_PATH);
3db3f65c6274eb042354801a308c8e9bc4994553amw return (SMB_ADJOIN_ERR_MOD_TRUST_ACCT);
55bf511df53aad0fdb7eb3fa349f0308cc05234cas }
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States break;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States case SMB_ADS_STAT_NOT_FOUND:
55bf511df53aad0fdb7eb3fa349f0308cc05234cas new_acct = B_TRUE;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ads_get_default_comp_dn(ah, dn, SMB_ADS_DN_MAX);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego if (smb_ads_add_computer(ah, dclevel, dn) != 0) {
3db3f65c6274eb042354801a308c8e9bc4994553amw smb_ads_close(ah);
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb smb_ccache_remove(SMB_CCACHE_PATH);
3db3f65c6274eb042354801a308c8e9bc4994553amw return (SMB_ADJOIN_ERR_ADD_TRUST_ACCT);
55bf511df53aad0fdb7eb3fa349f0308cc05234cas }
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States break;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States default:
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if (qstat == SMB_ADS_STAT_DUP)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States rc = SMB_ADJOIN_ERR_DUP_TRUST_ACCT;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States else
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States rc = SMB_ADJOIN_ERR_TRUST_ACCT;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ads_close(ah);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_ccache_remove(SMB_CCACHE_PATH);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States return (rc);
55bf511df53aad0fdb7eb3fa349f0308cc05234cas }
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (smb_krb5_ctx_init(&ctx) != 0) {
3db3f65c6274eb042354801a308c8e9bc4994553amw rc = SMB_ADJOIN_ERR_INIT_KRB_CTX;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw goto adjoin_cleanup;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if (smb_krb5_get_pn_set(&spns, SMB_PN_KEYTAB_ENTRY, ah->domain) == 0) {
3db3f65c6274eb042354801a308c8e9bc4994553amw rc = SMB_ADJOIN_ERR_GET_SPNS;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw goto adjoin_cleanup;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if (smb_krb5_get_kprincs(ctx, spns.s_pns, spns.s_cnt, &krb5princs)
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright != 0) {
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright smb_krb5_free_pn_set(&spns);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright rc = SMB_ADJOIN_ERR_GET_SPNS;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright goto adjoin_cleanup;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright }
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright cnt = spns.s_cnt;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright smb_krb5_free_pn_set(&spns);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright
1ed6b69a5ca1ca3ee5e9a4931f74e2237c7e1c9fGordon Ross /* New machine_passwd was filled in by our caller. */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if (smb_krb5_setpwd(ctx, ah->domain, machine_passwd) != 0) {
3db3f65c6274eb042354801a308c8e9bc4994553amw rc = SMB_ADJOIN_ERR_KSETPWD;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw goto adjoin_cleanup;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego kvno = smb_ads_lookup_computer_attr_kvno(ah, dn);
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego /*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Only members of Domain Admins and Enterprise Admins can set
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * the TRUSTED_FOR_DELEGATION userAccountControl flag.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Try to set this, but don't fail the join if we can't.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Look into just removing this...
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross usrctl_flags = (
037cac007b685e7ea79f6ef7e8e62bfd342a4d56joyce mcintosh SMB_ADS_USER_ACCT_CTL_WKSTATION_TRUST_ACCT |
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross SMB_ADS_USER_ACCT_CTL_TRUSTED_FOR_DELEGATION |
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross SMB_ADS_USER_ACCT_CTL_DONT_EXPIRE_PASSWD);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossset_ctl_again:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross x = smb_ads_update_computer_cntrl_attr(ah, usrctl_flags, dn);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross if (x != LDAP_SUCCESS && (usrctl_flags &
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross SMB_ADS_USER_ACCT_CTL_TRUSTED_FOR_DELEGATION) != 0) {
fc724630b14603e4c1147df68b7bf45f7de7431fAlan Wright syslog(LOG_NOTICE, "Unable to set the "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross"TRUSTED_FOR_DELEGATION userAccountControl flag on the "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross"machine account in Active Directory. It may be necessary "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross"to set that via Active Directory administration.");
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross usrctl_flags &=
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross ~SMB_ADS_USER_ACCT_CTL_TRUSTED_FOR_DELEGATION;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross goto set_ctl_again;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross if (x != LDAP_SUCCESS) {
3db3f65c6274eb042354801a308c8e9bc4994553amw rc = SMB_ADJOIN_ERR_UPDATE_CNTRL_ATTR;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw goto adjoin_cleanup;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
c28afb19581b550bf02e148f953e3b239421e1eeYuri Pankov if (mktemp(tmpfile) == NULL) {
c28afb19581b550bf02e148f953e3b239421e1eeYuri Pankov rc = SMB_ADJOIN_ERR_WRITE_KEYTAB;
c28afb19581b550bf02e148f953e3b239421e1eeYuri Pankov goto adjoin_cleanup;
c28afb19581b550bf02e148f953e3b239421e1eeYuri Pankov }
8d7e41661dc4633488e93b13363137523ce59977jose borrego
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright encptr = smb_ads_get_enctypes(dclevel, &num);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if (smb_krb5_kt_populate(ctx, ah->domain, krb5princs, cnt,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright tmpfile, kvno, machine_passwd, encptr, num) != 0) {
3db3f65c6274eb042354801a308c8e9bc4994553amw rc = SMB_ADJOIN_ERR_WRITE_KEYTAB;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw goto adjoin_cleanup;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
55bf511df53aad0fdb7eb3fa349f0308cc05234cas delete = B_FALSE;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross rc = SMB_ADS_SUCCESS;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwadjoin_cleanup:
55bf511df53aad0fdb7eb3fa349f0308cc05234cas if (new_acct && delete)
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego smb_ads_del_computer(ah, dn);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
3db3f65c6274eb042354801a308c8e9bc4994553amw if (rc != SMB_ADJOIN_ERR_INIT_KRB_CTX) {
3db3f65c6274eb042354801a308c8e9bc4994553amw if (rc != SMB_ADJOIN_ERR_GET_SPNS)
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright smb_krb5_free_kprincs(ctx, krb5princs, cnt);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw smb_krb5_ctx_fini(ctx);
cbfb650a37bf2b1cd913645ee5ab0d1a13ef6246cp }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
8d7e41661dc4633488e93b13363137523ce59977jose borrego /* commit keytab file */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross if (rc == SMB_ADS_SUCCESS) {
8d7e41661dc4633488e93b13363137523ce59977jose borrego if (rename(tmpfile, SMBNS_KRB5_KEYTAB) != 0) {
8d7e41661dc4633488e93b13363137523ce59977jose borrego (void) unlink(tmpfile);
8d7e41661dc4633488e93b13363137523ce59977jose borrego rc = SMB_ADJOIN_ERR_COMMIT_KEYTAB;
8d7e41661dc4633488e93b13363137523ce59977jose borrego }
8d7e41661dc4633488e93b13363137523ce59977jose borrego } else {
8d7e41661dc4633488e93b13363137523ce59977jose borrego (void) unlink(tmpfile);
8d7e41661dc4633488e93b13363137523ce59977jose borrego }
8d7e41661dc4633488e93b13363137523ce59977jose borrego
3db3f65c6274eb042354801a308c8e9bc4994553amw smb_ads_close(ah);
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb smb_ccache_remove(SMB_CCACHE_PATH);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (rc);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossstruct xlate_table {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross int err;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross const char const *msg;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross};
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossstatic const struct xlate_table
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossadjoin_table[] = {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADS_SUCCESS, "Success" },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADS_KRB5_INIT_CTX,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "Failed creating a Kerberos context." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADS_KRB5_CC_DEFAULT,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "Failed to resolve default credential cache." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADS_KRB5_PARSE_PRINCIPAL,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "Failed parsing the user principal name." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADS_KRB5_GET_INIT_CREDS_PW,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "Failed getting initial credentials. (Wrong password?)" },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADS_KRB5_CC_INITIALIZE,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "Failed initializing the credential cache." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADS_KRB5_CC_STORE_CRED,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "Failed to update the credential cache." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADS_CANT_LOCATE_DC,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "Failed to locate a domain controller." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADS_LDAP_INIT,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "Failed to create an LDAP handle." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADS_LDAP_SETOPT,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "Failed to set an LDAP option." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADS_LDAP_SET_DOM,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "Failed to set the LDAP handle DN." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADS_LDAP_SASL_BIND,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "Failed to bind the LDAP handle. "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "Usually indicates an authentication problem." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADJOIN_ERR_GEN_PWD,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "Failed to generate machine password." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADJOIN_ERR_GET_DCLEVEL, "Unknown functional level of "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "the domain controller. The rootDSE attribute named "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "\"domainControllerFunctionality\" is missing from the "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "Active Directory." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADJOIN_ERR_ADD_TRUST_ACCT, "Failed to create the "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "workstation trust account." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADJOIN_ERR_MOD_TRUST_ACCT, "Failed to modify the "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "workstation trust account." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADJOIN_ERR_DUP_TRUST_ACCT, "Failed to create the "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "workstation trust account because its name is already "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "in use." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADJOIN_ERR_TRUST_ACCT, "Error in querying the "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "workstation trust account" },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADJOIN_ERR_INIT_KRB_CTX, "Failed to initialize Kerberos "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "context." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADJOIN_ERR_GET_SPNS, "Failed to get Kerberos "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "principals." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADJOIN_ERR_KSETPWD, "Failed to set machine password." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADJOIN_ERR_UPDATE_CNTRL_ATTR, "Failed to modify "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "userAccountControl attribute of the workstation trust "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "account." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADJOIN_ERR_WRITE_KEYTAB, "Error in writing to local "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "keytab file (i.e /etc/krb5/krb5.keytab)." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADJOIN_ERR_IDMAP_SET_DOMAIN, "Failed to update idmap "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "configuration." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADJOIN_ERR_IDMAP_REFRESH, "Failed to refresh idmap "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "service." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADJOIN_ERR_COMMIT_KEYTAB, "Failed to commit changes to "
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "local keytab file (i.e. /etc/krb5/krb5.keytab)." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADJOIN_ERR_AUTH_NETLOGON,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "Failed to authenticate using the new computer account." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { SMB_ADJOIN_ERR_STORE_PROPS,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross "Failed to store computer account information locally." },
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross { 0, NULL }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross};
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego/*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * smb_ads_strerror
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego *
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Lookup an error message for the specific adjoin error code.
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossconst char *
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rosssmb_ads_strerror(int err)
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego{
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross const struct xlate_table *xt;
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross if (err > 0 && err < SMB_ADS_ERRNO_GAP)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (strerror(err));
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross for (xt = adjoin_table; xt->msg; xt++)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross if (xt->err == err)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (xt->msg);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return ("Unknown error code.");
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego}
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossvoid
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rosssmb_ads_log_errmsg(smb_ads_status_t err)
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego{
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross const char *s = smb_ads_strerror(err);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross syslog(LOG_NOTICE, "%s", s);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego}
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego/*
8d7e41661dc4633488e93b13363137523ce59977jose borrego * smb_ads_lookup_msdcs
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * If server argument is set, try to locate the specified DC.
8d7e41661dc4633488e93b13363137523ce59977jose borrego * If it is set to empty string, locate any DCs in the specified domain.
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Returns the discovered DC via buf.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * fqdn - fully-qualified domain name
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * dci - the name and address of the found DC
8d7e41661dc4633488e93b13363137523ce59977jose borrego */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossuint32_t
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rosssmb_ads_lookup_msdcs(char *fqdn, smb_dcinfo_t *dci)
8d7e41661dc4633488e93b13363137523ce59977jose borrego{
8d7e41661dc4633488e93b13363137523ce59977jose borrego smb_ads_host_info_t *hinfo = NULL;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego char ipstr[INET6_ADDRSTRLEN];
8d7e41661dc4633488e93b13363137523ce59977jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross if (!fqdn || !dci)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (NT_STATUS_INTERNAL_ERROR);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
32b8d01a0d9b83fc9a4298502c1d2cab15ae3754Christopher Parker ipstr[0] = '\0';
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross if ((hinfo = smb_ads_find_host(fqdn)) == NULL)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
32b8d01a0d9b83fc9a4298502c1d2cab15ae3754Christopher Parker (void) smb_inet_ntop(&hinfo->ipaddr, ipstr,
32b8d01a0d9b83fc9a4298502c1d2cab15ae3754Christopher Parker SMB_IPSTRLEN(hinfo->ipaddr.a_family));
32b8d01a0d9b83fc9a4298502c1d2cab15ae3754Christopher Parker smb_tracef("msdcsLookupADS: %s [%s]", hinfo->name, ipstr);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross (void) strlcpy(dci->dc_name, hinfo->name, sizeof (dci->dc_name));
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross dci->dc_addr = hinfo->ipaddr;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright free(hinfo);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (NT_STATUS_SUCCESS);
8d7e41661dc4633488e93b13363137523ce59977jose borrego}
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightstatic krb5_enctype *
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightsmb_ads_get_enctypes(int dclevel, int *num)
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright{
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright krb5_enctype *encptr;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if (dclevel >= SMB_ADS_DCLEVEL_W2K8) {
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright *num = sizeof (w2k8enctypes) / sizeof (krb5_enctype);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright encptr = w2k8enctypes;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright } else {
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright *num = sizeof (pre_w2k8enctypes) / sizeof (krb5_enctype);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright encptr = pre_w2k8enctypes;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright }
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright return (encptr);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright}