1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
  24  */
  25 
  26 /*
  27  * Active Directory Setup RPC interface used by Windows 2000.
  28  */
  29 
  30 #include <synch.h>
  31 #include <strings.h>
  32 #include <stdlib.h>
  33 #include <netdb.h>
  34 
  35 #include <smbsrv/libsmb.h>
  36 #include <smbsrv/libmlrpc.h>
  37 #include <smbsrv/libmlsvc.h>
  38 #include <smbsrv/ndl/dssetup.ndl>
  39 #include <smbsrv/smbinfo.h>
  40 #include <smbsrv/nmpipes.h>
  41 
  42 int dssetup_get_domain_info(ds_primary_domain_info_t *);
  43 
  44 static int dssetup_DsRoleGetPrimaryDomainInfo(void *, ndr_xa_t *);
  45 static uint32_t dssetup_member_server(ds_primary_domain_info_t *, ndr_xa_t *);
  46 static uint32_t dssetup_standalone_server(ds_primary_domain_info_t *,
  47     ndr_xa_t *);
  48 
  49 static ndr_stub_table_t dssetup_stub_table[] = {
  50         { dssetup_DsRoleGetPrimaryDomainInfo,
  51             DSSETUP_OPNUM_DsRoleGetPrimaryDomainInfo },
  52         {0}
  53 };
  54 
  55 static ndr_service_t dssetup_service = {
  56         "DSSETUP",                      /* name */
  57         "Active Directory Setup",       /* desc */
  58         "\\lsarpc",                     /* endpoint */
  59         PIPE_LSASS,                     /* sec_addr_port */
  60         "3919286a-b10c-11d0-9ba8-00c04fd92ef5", 0,      /* abstract */
  61         NDR_TRANSFER_SYNTAX_UUID,               2,      /* transfer */
  62         0,                              /* no bind_instance_size */
  63         0,                              /* no bind_req() */
  64         0,                              /* no unbind_and_close() */
  65         0,                              /* use generic_call_stub() */
  66         &TYPEINFO(dssetup_interface),       /* interface ti */
  67         dssetup_stub_table              /* stub_table */
  68 };
  69 
  70 static ds_primary_domain_info_t ds_info;
  71 static mutex_t ds_info_mtx;
  72 
  73 /*
  74  * dssetup_initialize
  75  *
  76  * This function registers the DSSETUP interface with the RPC runtime
  77  * library. It must be called in order to use either the client side
  78  * or the server side functions.
  79  */
  80 void
  81 dssetup_initialize(void)
  82 {
  83         dssetup_clear_domain_info();
  84         (void) ndr_svc_register(&dssetup_service);
  85 }
  86 
  87 void
  88 dssetup_clear_domain_info(void)
  89 {
  90         (void) mutex_lock(&ds_info_mtx);
  91 
  92         free(ds_info.nt_domain);
  93         free(ds_info.dns_domain);
  94         free(ds_info.forest);
  95         bzero(&ds_info, sizeof (ds_primary_domain_info_t));
  96 
  97         (void) mutex_unlock(&ds_info_mtx);
  98 }
  99 
 100 /*
 101  * Request for machine role and primary domain information.
 102  */
 103 static int
 104 dssetup_DsRoleGetPrimaryDomainInfo(void *arg, ndr_xa_t *mxa)
 105 {
 106         dssetup_DsRoleGetPrimaryDomainInfo_t *param = arg;
 107         dssetup_GetPrimaryDomainInfo_t *info;
 108         ds_primary_domain_info_t *info1;
 109         uint32_t status;
 110         int security_mode;
 111 
 112         info = NDR_MALLOC(mxa, sizeof (dssetup_GetPrimaryDomainInfo_t));
 113         if (info == NULL) {
 114                 status = NT_STATUS_NO_MEMORY;
 115         } else if (param->level != DS_ROLE_BASIC_INFORMATION) {
 116                 status = NT_STATUS_INVALID_LEVEL;
 117         } else {
 118                 info->switch_value = param->level;
 119                 info1 = &info->ru.info1;
 120 
 121                 security_mode = smb_config_get_secmode();
 122 
 123                 if (security_mode == SMB_SECMODE_DOMAIN)
 124                         status = dssetup_member_server(info1, mxa);
 125                 else
 126                         status = dssetup_standalone_server(info1, mxa);
 127         }
 128 
 129         if (status != NT_STATUS_SUCCESS) {
 130                 bzero(param, sizeof (dssetup_DsRoleGetPrimaryDomainInfo_t));
 131                 param->status = NT_SC_ERROR(status);
 132         } else {
 133                 param->info = info;
 134                 param->status = NT_STATUS_SUCCESS;
 135         }
 136 
 137         return (NDR_DRC_OK);
 138 }
 139 
 140 /*
 141  * When the machine role is domain member:
 142  *      nt_domain must contain the NetBIOS domain name
 143  *      dns_domain must contain the DNS domain name (cannot be NULL)
 144  *      forest must contain the forest name (cannot be NULL)
 145  *
 146  * If DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT is set in flags, the domain_guid
 147  * must contain the domain UUID.  Otherwise domain_guid is ignored.
 148  */
 149 static uint32_t
 150 dssetup_member_server(ds_primary_domain_info_t *info, ndr_xa_t *mxa)
 151 {
 152         char dns_domain[MAXHOSTNAMELEN];
 153         char nt_domain[MAXHOSTNAMELEN];
 154 
 155         (void) mutex_lock(&ds_info_mtx);
 156 
 157         if ((ds_info.flags & DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT) == 0) {
 158                 /*
 159                  * If we don't have the domain GUID, try to get it from a
 160                  * domain controller. Otherwise, use local configuration.
 161                  */
 162                 free(ds_info.nt_domain);
 163                 free(ds_info.dns_domain);
 164                 free(ds_info.forest);
 165                 (void) dssetup_get_domain_info(&ds_info);
 166         }
 167 
 168         if (ds_info.flags & DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT) {
 169                 info->flags = DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT;
 170                 info->nt_domain = NDR_STRDUP(mxa, (char *)ds_info.nt_domain);
 171                 info->dns_domain = NDR_STRDUP(mxa, (char *)ds_info.dns_domain);
 172                 info->forest = NDR_STRDUP(mxa, (char *)ds_info.forest);
 173                 bcopy(&ds_info.domain_guid, &info->domain_guid,
 174                     sizeof (ndr_uuid_t));
 175         } else {
 176                 if (smb_getdomainname(nt_domain, MAXHOSTNAMELEN) != 0) {
 177                         (void) mutex_unlock(&ds_info_mtx);
 178                         return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
 179                 }
 180 
 181                 if (smb_getfqdomainname(dns_domain, MAXHOSTNAMELEN) != 0) {
 182                         (void) mutex_unlock(&ds_info_mtx);
 183                         return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
 184                 }
 185 
 186                 (void) smb_strlwr(dns_domain);
 187 
 188                 info->flags = 0;
 189                 info->nt_domain = NDR_STRDUP(mxa, nt_domain);
 190                 info->dns_domain = NDR_STRDUP(mxa, dns_domain);
 191                 info->forest = NDR_STRDUP(mxa, dns_domain);
 192                 bzero(&info->domain_guid, sizeof (ndr_uuid_t));
 193         }
 194 
 195         (void) mutex_unlock(&ds_info_mtx);
 196 
 197         if (info->nt_domain == NULL ||
 198             info->dns_domain == NULL ||
 199             info->forest == NULL)
 200                 return (NT_STATUS_NO_MEMORY);
 201 
 202         info->role = DS_ROLE_MEMBER_SERVER;
 203         return (NT_STATUS_SUCCESS);
 204 }
 205 
 206 /*
 207  * When the machine role is standalone:
 208  *      nt_domain must contain the NetBIOS workgroup name
 209  *      dns_domain must be NULL
 210  *      forest must be NULL
 211  *
 212  * We don't maintain a domain GUID.  When DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT
 213  * is not set in flags, domain_guid is ignored.
 214  */
 215 static uint32_t
 216 dssetup_standalone_server(ds_primary_domain_info_t *info, ndr_xa_t *mxa)
 217 {
 218         char nt_domain[MAXHOSTNAMELEN];
 219 
 220         if (smb_getdomainname(nt_domain, MAXHOSTNAMELEN) != 0)
 221                 return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
 222 
 223         info->nt_domain = NDR_STRDUP(mxa, nt_domain);
 224         if (info->nt_domain == NULL)
 225                 return (NT_STATUS_NO_MEMORY);
 226 
 227         info->role = DS_ROLE_STANDALONE_SERVER;
 228         info->flags = 0;
 229         info->dns_domain = NULL;
 230         info->forest = NULL;
 231         bzero(&info->domain_guid, sizeof (ndr_uuid_t));
 232         return (NT_STATUS_SUCCESS);
 233 }