1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <syslog.h>
27 #include <synch.h>
28 #include <pthread.h>
29 #include <unistd.h>
30 #include <string.h>
31 #include <strings.h>
32 #include <sys/errno.h>
33 #include <sys/types.h>
34 #include <netinet/in.h>
35 #include <arpa/nameser.h>
36 #include <resolv.h>
37 #include <netdb.h>
38 #include <assert.h>
39 
40 #include <smbsrv/libsmb.h>
41 #include <smbsrv/libsmbns.h>
42 #include <smbsrv/libmlsvc.h>
43 
44 #include <smbsrv/smbinfo.h>
45 #include <smbsrv/ntstatus.h>
46 #include <lsalib.h>
47 
48 /*
49  * DC Locator
50  */
51 #define	SMB_DCLOCATOR_TIMEOUT	45	/* seconds */
52 #define	SMB_IS_FQDN(domain)	(strchr(domain, '.') != NULL)
53 
54 typedef struct smb_dclocator {
55 	char		sdl_domain[SMB_PI_MAX_DOMAIN];
56 	char		sdl_dc[MAXHOSTNAMELEN];
57 	boolean_t	sdl_locate;
58 	mutex_t		sdl_mtx;
59 	cond_t		sdl_cv;
60 	uint32_t	sdl_status;
61 } smb_dclocator_t;
62 
63 static smb_dclocator_t smb_dclocator;
64 static pthread_t smb_dclocator_thr;
65 
66 static void *smb_ddiscover_service(void *);
67 static void smb_ddiscover_main(char *, char *);
68 static boolean_t smb_ddiscover_dns(char *, char *, smb_domainex_t *);
69 static boolean_t smb_ddiscover_nbt(char *, char *, smb_domainex_t *);
70 static boolean_t smb_ddiscover_domain_match(char *, char *, uint32_t);
71 static uint32_t smb_ddiscover_qinfo(char *, char *, smb_domainex_t *);
72 static void smb_ddiscover_enum_trusted(char *, char *, smb_domainex_t *);
73 static uint32_t smb_ddiscover_use_config(char *, smb_domainex_t *);
74 static void smb_domainex_free(smb_domainex_t *);
75 
76 /*
77  * ===================================================================
78  * API to initialize DC locator thread, trigger DC discovery, and
79  * get the discovered DC and/or domain information.
80  * ===================================================================
81  */
82 
83 /*
84  * Initialization of the DC locator thread.
85  * Returns 0 on success, an error number if thread creation fails.
86  */
87 int
88 smb_dclocator_init(void)
89 {
90 	pthread_attr_t tattr;
91 	int rc;
92 
93 	(void) pthread_attr_init(&tattr);
94 	(void) pthread_attr_setdetachstate(&tattr, PTHREAD_CREATE_DETACHED);
95 	rc = pthread_create(&smb_dclocator_thr, &tattr,
96 	    smb_ddiscover_service, 0);
97 	(void) pthread_attr_destroy(&tattr);
98 	return (rc);
99 }
100 
101 /*
102  * This is the entry point for discovering a domain controller for the
103  * specified domain.
104  *
105  * The actual work of discovering a DC is handled by DC locator thread.
106  * All we do here is signal the request and wait for a DC or a timeout.
107  *
108  * Input parameters:
109  *  domain - domain to be discovered (can either be NetBIOS or DNS domain)
110  *  dc - preferred DC. If the preferred DC is set to empty string, it
111  *       will attempt to discover any DC in the specified domain.
112  *
113  * Output parameter:
114  *  dp - on success, dp will be filled with the discovered DC and domain
115  *       information.
116  * Returns B_TRUE if the DC/domain info is available.
117  */
118 boolean_t
119 smb_locate_dc(char *domain, char *dc, smb_domainex_t *dp)
120 {
121 	int rc;
122 	timestruc_t to;
123 	smb_domainex_t domain_info;
124 
125 	if (domain == NULL || *domain == '\0')
126 		return (B_FALSE);
127 
128 	(void) mutex_lock(&smb_dclocator.sdl_mtx);
129 
130 	if (!smb_dclocator.sdl_locate) {
131 		smb_dclocator.sdl_locate = B_TRUE;
132 		(void) strlcpy(smb_dclocator.sdl_domain, domain,
133 		    SMB_PI_MAX_DOMAIN);
134 		(void) strlcpy(smb_dclocator.sdl_dc, dc, MAXHOSTNAMELEN);
135 		(void) cond_broadcast(&smb_dclocator.sdl_cv);
136 	}
137 
138 	while (smb_dclocator.sdl_locate) {
139 		to.tv_sec = SMB_DCLOCATOR_TIMEOUT;
140 		to.tv_nsec = 0;
141 		rc = cond_reltimedwait(&smb_dclocator.sdl_cv,
142 		    &smb_dclocator.sdl_mtx, &to);
143 
144 		if (rc == ETIME)
145 			break;
146 	}
147 
148 	if (dp == NULL)
149 		dp = &domain_info;
150 	rc = smb_domain_getinfo(dp);
151 
152 	(void) mutex_unlock(&smb_dclocator.sdl_mtx);
153 
154 	return (rc);
155 }
156 
157 /*
158  * ==========================================================
159  * DC discovery functions
160  * ==========================================================
161  */
162 
163 /*
164  * This is the domain and DC discovery service: it gets woken up whenever
165  * there is need to locate a domain controller.
166  *
167  * Upon success, the SMB domain cache will be populated with the discovered
168  * DC and domain info.
169  */
170 /*ARGSUSED*/
171 static void *
172 smb_ddiscover_service(void *arg)
173 {
174 	char domain[SMB_PI_MAX_DOMAIN];
175 	char sought_dc[MAXHOSTNAMELEN];
176 
177 	for (;;) {
178 		(void) mutex_lock(&smb_dclocator.sdl_mtx);
179 
180 		while (!smb_dclocator.sdl_locate)
181 			(void) cond_wait(&smb_dclocator.sdl_cv,
182 			    &smb_dclocator.sdl_mtx);
183 
184 		(void) strlcpy(domain, smb_dclocator.sdl_domain,
185 		    SMB_PI_MAX_DOMAIN);
186 		(void) strlcpy(sought_dc, smb_dclocator.sdl_dc, MAXHOSTNAMELEN);
187 		(void) mutex_unlock(&smb_dclocator.sdl_mtx);
188 
189 		smb_ddiscover_main(domain, sought_dc);
190 
191 		(void) mutex_lock(&smb_dclocator.sdl_mtx);
192 		smb_dclocator.sdl_locate = B_FALSE;
193 		(void) cond_broadcast(&smb_dclocator.sdl_cv);
194 		(void) mutex_unlock(&smb_dclocator.sdl_mtx);
195 	}
196 
197 	/*NOTREACHED*/
198 	return (NULL);
199 }
200 
201 /*
202  * Discovers a domain controller for the specified domain either via
203  * DNS or NetBIOS. After the domain controller is discovered successfully
204  * primary and trusted domain infromation will be queried using RPC queries.
205  * If the RPC queries fail, the domain information stored in SMF might be used
206  * if the the discovered domain is the same as the previously joined domain.
207  * If everything is successful domain cache will be updated with all the
208  * obtained information.
209  */
210 static void
211 smb_ddiscover_main(char *domain, char *server)
212 {
213 	smb_domainex_t dxi;
214 	boolean_t discovered;
215 
216 	bzero(&dxi, sizeof (smb_domainex_t));
217 
218 	if (smb_domain_start_update() != SMB_DOMAIN_SUCCESS)
219 		return;
220 
221 	if (SMB_IS_FQDN(domain))
222 		discovered = smb_ddiscover_dns(domain, server, &dxi);
223 	else
224 		discovered = smb_ddiscover_nbt(domain, server, &dxi);
225 
226 	if (discovered)
227 		smb_domain_update(&dxi);
228 
229 	smb_domain_end_update();
230 
231 	smb_domainex_free(&dxi);
232 
233 	if (discovered)
234 		smb_domain_save();
235 }
236 
237 /*
238  * Discovers a DC for the specified domain via DNS. If a DC is found
239  * primary and trusted domains information will be queried.
240  */
241 static boolean_t
242 smb_ddiscover_dns(char *domain, char *server, smb_domainex_t *dxi)
243 {
244 	uint32_t status;
245 
246 	if (!smb_ads_lookup_msdcs(domain, server, dxi->d_dc, MAXHOSTNAMELEN))
247 		return (B_FALSE);
248 
249 	status = smb_ddiscover_qinfo(domain, dxi->d_dc, dxi);
250 	return (status == NT_STATUS_SUCCESS);
251 }
252 
253 /*
254  * Discovers a DC for the specified domain using NETLOGON protocol.
255  * If a DC cannot be found using NETLOGON then it will
256  * try to resolve it via DNS, i.e. find out if it is the first label
257  * of a DNS domain name. If the corresponding DNS name is found, DC
258  * discovery will be done via DNS query.
259  *
260  * If the fully-qualified domain name is derived from the DNS config
261  * file, the NetBIOS domain name specified by the user will be compared
262  * against the NetBIOS domain name obtained via LSA query.  If there is
263  * a mismatch, the DC discovery will fail since the discovered DC is
264  * actually for another domain, whose first label of its FQDN somehow
265  * matches with the NetBIOS name of the domain we're interested in.
266  */
267 static boolean_t
268 smb_ddiscover_nbt(char *domain, char *server, smb_domainex_t *dxi)
269 {
270 	char dnsdomain[MAXHOSTNAMELEN];
271 	uint32_t status;
272 
273 	*dnsdomain = '\0';
274 
275 	if (!smb_browser_netlogon(domain, dxi->d_dc, MAXHOSTNAMELEN)) {
276 		if (!smb_ddiscover_domain_match(domain, dnsdomain,
277 		    MAXHOSTNAMELEN))
278 			return (B_FALSE);
279 
280 		if (!smb_ads_lookup_msdcs(dnsdomain, server, dxi->d_dc,
281 		    MAXHOSTNAMELEN))
282 			return (B_FALSE);
283 	}
284 
285 	status = smb_ddiscover_qinfo(domain, dxi->d_dc, dxi);
286 	if (status != NT_STATUS_SUCCESS)
287 		return (B_FALSE);
288 
289 	if ((*dnsdomain != '\0') &&
290 	    smb_strcasecmp(domain, dxi->d_primary.di_nbname, 0))
291 		return (B_FALSE);
292 
293 	/*
294 	 * Now that we get the fully-qualified DNS name of the
295 	 * domain via LSA query. Verifies ADS configuration
296 	 * if we previously locate a DC via NetBIOS. On success,
297 	 * ADS cache will be populated.
298 	 */
299 	if (smb_ads_lookup_msdcs(dxi->d_primary.di_fqname, server,
300 	    dxi->d_dc, MAXHOSTNAMELEN) == 0)
301 		return (B_FALSE);
302 
303 	return (B_TRUE);
304 }
305 
306 /*
307  * Tries to find a matching DNS domain for the given NetBIOS domain
308  * name by checking the first label of system's configured DNS domains.
309  * If a match is found, it'll be returned in the passed buffer.
310  */
311 static boolean_t
312 smb_ddiscover_domain_match(char *nb_domain, char *buf, uint32_t len)
313 {
314 	struct __res_state res_state;
315 	int i;
316 	char *entry, *p;
317 	char first_label[MAXHOSTNAMELEN];
318 	boolean_t found;
319 
320 	if (!nb_domain || !buf)
321 		return (B_FALSE);
322 
323 	*buf = '\0';
324 	bzero(&res_state, sizeof (struct __res_state));
325 	if (res_ninit(&res_state))
326 		return (B_FALSE);
327 
328 	found = B_FALSE;
329 	entry = res_state.defdname;
330 	for (i = 0; entry != NULL; i++) {
331 		(void) strlcpy(first_label, entry, MAXHOSTNAMELEN);
332 		if ((p = strchr(first_label, '.')) != NULL) {
333 			*p = '\0';
334 			if (strlen(first_label) > 15)
335 				first_label[15] = '\0';
336 		}
337 
338 		if (smb_strcasecmp(nb_domain, first_label, 0) == 0) {
339 			found = B_TRUE;
340 			(void) strlcpy(buf, entry, len);
341 			break;
342 		}
343 
344 		entry = res_state.dnsrch[i];
345 	}
346 
347 
348 	res_ndestroy(&res_state);
349 	return (found);
350 }
351 
352 /*
353  * Obtain primary and trusted domain information using LSA queries.
354  *
355  * Disconnect any existing connection with the domain controller.
356  * This will ensure that no stale connection will be used, it will
357  * also pickup any configuration changes in either side by trying
358  * to establish a new connection.
359  *
360  * domain - either NetBIOS or fully-qualified domain name
361  */
362 static uint32_t
363 smb_ddiscover_qinfo(char *domain, char *server, smb_domainex_t *dxi)
364 {
365 	uint32_t status;
366 
367 	mlsvc_disconnect(server);
368 
369 	status = lsa_query_dns_domain_info(server, domain, &dxi->d_primary);
370 	if (status != NT_STATUS_SUCCESS) {
371 		status = smb_ddiscover_use_config(domain, dxi);
372 		if (status != NT_STATUS_SUCCESS)
373 			status = lsa_query_primary_domain_info(server, domain,
374 			    &dxi->d_primary);
375 	}
376 
377 	if (status == NT_STATUS_SUCCESS)
378 		smb_ddiscover_enum_trusted(domain, server, dxi);
379 
380 	return (status);
381 }
382 
383 /*
384  * Obtain trusted domains information using LSA queries.
385  *
386  * domain - either NetBIOS or fully-qualified domain name.
387  */
388 static void
389 smb_ddiscover_enum_trusted(char *domain, char *server, smb_domainex_t *dxi)
390 {
391 	smb_trusted_domains_t *list;
392 	uint32_t status;
393 
394 	list = &dxi->d_trusted;
395 	status = lsa_enum_trusted_domains_ex(server, domain, list);
396 	if (status != NT_STATUS_SUCCESS)
397 		(void) lsa_enum_trusted_domains(server, domain, list);
398 }
399 
400 /*
401  * If the domain to be discovered matches the current domain (i.e the
402  * value of either domain or fqdn configuration), then get the primary
403  * domain information from SMF.
404  */
405 static uint32_t
406 smb_ddiscover_use_config(char *domain, smb_domainex_t *dxi)
407 {
408 	boolean_t use;
409 	smb_domain_t *dinfo;
410 
411 	dinfo = &dxi->d_primary;
412 	bzero(dinfo, sizeof (smb_domain_t));
413 
414 	if (smb_config_get_secmode() != SMB_SECMODE_DOMAIN)
415 		return (NT_STATUS_UNSUCCESSFUL);
416 
417 	smb_config_getdomaininfo(dinfo->di_nbname, dinfo->di_fqname,
418 	    NULL, NULL, NULL);
419 
420 	if (SMB_IS_FQDN(domain))
421 		use = (smb_strcasecmp(dinfo->di_fqname, domain, 0) == 0);
422 	else
423 		use = (smb_strcasecmp(dinfo->di_nbname, domain, 0) == 0);
424 
425 	if (use)
426 		smb_config_getdomaininfo(NULL, NULL, dinfo->di_sid,
427 		    dinfo->di_u.di_dns.ddi_forest,
428 		    dinfo->di_u.di_dns.ddi_guid);
429 
430 	return ((use) ? NT_STATUS_SUCCESS : NT_STATUS_UNSUCCESSFUL);
431 }
432 
433 static void
434 smb_domainex_free(smb_domainex_t *dxi)
435 {
436 	free(dxi->d_trusted.td_domains);
437 }
438