root/usr/src/cmd/smbsrv/smbd/smbd_join.c 
/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
 * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
 * Copyright 2023-2024 RackTop Systems, Inc.
 */

#include <syslog.h>
#include <synch.h>
#include <pthread.h>
#include <unistd.h>
#include <string.h>
#include <strings.h>
#include <errno.h>
#include <netinet/in.h>
#include <netinet/tcp.h>

#include <smbsrv/libsmb.h>
#include <smbsrv/libsmbns.h>
#include <smbsrv/libmlsvc.h>
#include <smbsrv/smbinfo.h>
#include "smbd.h"

#define SMBD_DC_MONITOR_ATTEMPTS                3
#define SMBD_DC_MONITOR_RETRY_INTERVAL          3       /* seconds */
#define SMBD_DC_MONITOR_INTERVAL                60      /* seconds */

extern smbd_t smbd;

static mutex_t smbd_dc_mutex;
static cond_t smbd_dc_cv;

static void *smbd_dc_monitor(void *);
static void smbd_dc_update(void);
static int smbd_dc_check(smb_domainex_t *);
/* Todo: static boolean_t smbd_set_netlogon_cred(void); */
static void smbd_join_workgroup(smb_joininfo_t *, smb_joinres_t *);
static void smbd_join_domain(smb_joininfo_t *, smb_joinres_t *);

/*
 * Launch the DC discovery and monitor thread.
 */
int
smbd_dc_monitor_init(void)
{
        pthread_attr_t  attr;
        int             rc;

        smb_ads_init();

        if (smbd.s_secmode != SMB_SECMODE_DOMAIN)
                return (0);

        (void) pthread_attr_init(&attr);
        (void) pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
        rc = pthread_create(&smbd.s_dc_monitor_tid, &attr, smbd_dc_monitor,
            NULL);
        (void) pthread_attr_destroy(&attr);
        return (rc);
}

/*
 * Refresh the DC monitor.  Called from SMF refresh and when idmap
 * finds a different DC from what we were using previously.
 * Update our domain (and current DC) information.
 */
void
smbd_dc_monitor_refresh(void)
{

        syslog(LOG_INFO, "smbd_dc_monitor_refresh");

        smb_ddiscover_refresh();

        (void) mutex_lock(&smbd_dc_mutex);

        smbd.s_dc_changed = B_TRUE;
        (void) cond_signal(&smbd_dc_cv);

        (void) mutex_unlock(&smbd_dc_mutex);
}

/*ARGSUSED*/
static void *
smbd_dc_monitor(void *arg)
{
        smb_domainex_t  di;
        boolean_t       ds_not_responding;
        boolean_t       ds_cfg_changed;
        timestruc_t     delay;
        int             i;

        /* Wait for smb_dclocator_init() to complete. */
        smbd_online_wait("smbd_dc_monitor");
        smbd_dc_update();

        while (smbd_online()) {
                ds_not_responding = B_FALSE;
                ds_cfg_changed = B_FALSE;
                delay.tv_sec = SMBD_DC_MONITOR_INTERVAL;
                delay.tv_nsec = 0;

                (void) mutex_lock(&smbd_dc_mutex);
                (void) cond_reltimedwait(&smbd_dc_cv, &smbd_dc_mutex, &delay);

                if (smbd.s_dc_changed) {
                        smbd.s_dc_changed = B_FALSE;
                        ds_cfg_changed = B_TRUE;
                        /* NB: smb_ddiscover_refresh was called. */
                }

                (void) mutex_unlock(&smbd_dc_mutex);

                if (ds_cfg_changed) {
                        syslog(LOG_DEBUG, "smbd_dc_monitor: config changed");
                        goto rediscover;
                }

                if (!smb_domain_getinfo(&di)) {
                        syslog(LOG_DEBUG, "smbd_dc_monitor: no domain info");
                        goto rediscover;
                }

                if (di.d_dci.dc_name[0] == '\0') {
                        syslog(LOG_DEBUG, "smbd_dc_monitor: no DC name");
                        goto rediscover;
                }

                for (i = 0; i < SMBD_DC_MONITOR_ATTEMPTS; ++i) {
                        if (smbd_dc_check(&di) == 0) {
                                ds_not_responding = B_FALSE;
                                break;
                        }

                        ds_not_responding = B_TRUE;
                        (void) sleep(SMBD_DC_MONITOR_RETRY_INTERVAL);
                }

                if (ds_not_responding) {
                        syslog(LOG_NOTICE,
                            "smbd_dc_monitor: DC not responding: %s",
                            di.d_dci.dc_name);
                        smb_ddiscover_bad_dc(di.d_dci.dc_name);
                }

                if (ds_not_responding || ds_cfg_changed) {
                rediscover:
                        /*
                         * An smb_ads_refresh will be done by the
                         * smb_ddiscover_service when necessary.
                         * Note: smbd_dc_monitor_refresh was already
                         * called if appropriate.
                         */
                        smbd_dc_update();
                }
        }

        smbd.s_dc_monitor_tid = 0;
        return (NULL);
}

/*
 * Simply attempt a connection to the DC.
 */
static int
smbd_dc_check(smb_domainex_t *di)
{
        struct sockaddr_storage sa;
        int salen = 0;
        int sock = -1;
        int tmo = 5 * 1000;     /* 5 sec. */
        int rc;

        bzero(&sa, sizeof (sa));
        switch (di->d_dci.dc_addr.a_family) {
        case AF_INET: {
                struct sockaddr_in *sin = (void *)&sa;
                sin->sin_family = AF_INET;
                sin->sin_port = htons(IPPORT_SMB);
                sin->sin_addr.s_addr = di->d_dci.dc_addr.a_ipv4;
                salen = sizeof (*sin);
                break;
        }
        case AF_INET6: {
                struct sockaddr_in6 *sin6 = (void *)&sa;
                sin6->sin6_family = AF_INET6;
                sin6->sin6_port = htons(IPPORT_SMB);
                (void) memcpy(&sin6->sin6_addr,
                    &di->d_dci.dc_addr.a_ipv6,
                    sizeof (in6_addr_t));
                salen = sizeof (*sin6);
                break;
        }
        default:
                return (-1);
        }

        sock = socket(di->d_dci.dc_addr.a_family, SOCK_STREAM, 0);
        if (sock < 0)
                return (errno);
        (void) setsockopt(sock, IPPROTO_TCP,
            TCP_CONN_ABORT_THRESHOLD, &tmo, sizeof (tmo));

        rc = connect(sock, (const struct sockaddr *)&sa, salen);
        if (rc < 0)
                rc = errno;

        (void) close(sock);
        return (rc);
}

/*
 * Locate a domain controller in the current resource domain and Update
 * the Netlogon credential chain.
 *
 * The domain configuration will be updated upon successful DC discovery.
 */
static void
smbd_dc_update(void)
{
        char            domain[MAXHOSTNAMELEN];
        smb_domainex_t  info;
        smb_domain_t    *di;
        DWORD           status;

        /*
         * Don't want this active until we're a domain member.
         */
        if (smb_config_get_secmode() != SMB_SECMODE_DOMAIN)
                return;

        if (smb_getfqdomainname(domain, MAXHOSTNAMELEN) != 0)
                return;

        if (domain[0] == '\0') {
                syslog(LOG_NOTICE,
                    "smbd_dc_update: no domain name set");
                return;
        }

        if (!smb_locate_dc(domain, &info)) {
                syslog(LOG_NOTICE,
                    "smbd_dc_update: %s: locate failed", domain);
                return;
        }

        di = &info.d_primary;
        syslog(LOG_INFO,
            "smbd_dc_update: %s: located %s", domain, info.d_dci.dc_name);

        status = mlsvc_netlogon(info.d_dci.dc_name, di->di_nbname);
        if (status != NT_STATUS_SUCCESS) {
                syslog(LOG_NOTICE,
                    "failed to establish NETLOGON credential chain");
                syslog(LOG_NOTICE, " with server %s for domain %s (%s)",
                    info.d_dci.dc_name, domain,
                    xlate_nt_status(status));
        }
}

/*
 * smbd_join
 *
 * Joins the specified domain/workgroup.
 *
 * If the security mode or domain name is being changed,
 * the caller must restart the service.
 */
void
smbd_join(smb_joininfo_t *info, smb_joinres_t *res)
{
        dssetup_clear_domain_info();
        if (info->mode == SMB_SECMODE_WORKGRP)
                smbd_join_workgroup(info, res);
        else
                smbd_join_domain(info, res);
}

static void
smbd_join_workgroup(smb_joininfo_t *info, smb_joinres_t *res)
{
        char nb_domain[SMB_PI_MAX_DOMAIN];

        syslog(LOG_DEBUG, "smbd: join workgroup: %s", info->domain_name);

        (void) smb_config_getstr(SMB_CI_DOMAIN_NAME, nb_domain,
            sizeof (nb_domain));

        (void) smb_config_setbool(SMB_CI_DOMAIN_MEMB, B_FALSE);
        smbd_set_secmode(SMB_SECMODE_WORKGRP);
        smb_config_setdomaininfo(info->domain_name, "", "", "", "");
        (void) smb_config_set_idmap_domain("");
        (void) smb_config_refresh_idmap();

        if (strcasecmp(nb_domain, info->domain_name))
                smb_browser_reconfig();

        res->status = NT_STATUS_SUCCESS;
}

static void
smbd_join_domain(smb_joininfo_t *info, smb_joinres_t *res)
{

        syslog(LOG_DEBUG, "smbd: join domain: %s", info->domain_name);

        /* info->domain_name could either be NetBIOS domain name or FQDN */
        mlsvc_join(info, res);
        if (res->status == 0) {
                smbd_set_secmode(SMB_SECMODE_DOMAIN);
        } else {
                syslog(LOG_ERR, "smbd: failed joining %s (%s)",
                    info->domain_name, xlate_nt_status(res->status));
        }
}