DWORD ADUKrb5GetSystemCachePath( PSTR* ppszCachePath ) { DWORD dwError = 0; PSTR pszCachePath = NULL; BOOLEAN bDirExists = FALSE; dwError = LwCheckFileTypeExists(LWDS_ADMIN_CACHE_DIR, LWFILE_DIRECTORY, &bDirExists); BAIL_ON_MAC_ERROR(dwError); if (!bDirExists) { dwError = LwCreateDirectory(LWDS_ADMIN_CACHE_DIR, S_IRUSR|S_IRGRP|S_IROTH); BAIL_ON_MAC_ERROR(dwError); } dwError = LwAllocateString( "FILE:" MACADUTIL_KRB5_CACHEPATH, &pszCachePath); BAIL_ON_MAC_ERROR(dwError); *ppszCachePath = pszCachePath; cleanup: return dwError; error: *ppszCachePath = NULL; goto cleanup; }
DWORD ADUSMBGetFolder( PSTR pszDomainName, PSTR pszSourceFolder, PSTR pszDestFolder ) { DWORD dwError = MAC_AD_ERROR_SUCCESS; PSTR pszFQSrcPath = NULL; PSTR pszDCHostname = NULL; if (IsNullOrEmptyString(pszDomainName) || IsNullOrEmptyString(pszSourceFolder) || IsNullOrEmptyString(pszDestFolder)) { dwError = MAC_AD_ERROR_INVALID_PARAMETER; BAIL_ON_MAC_ERROR(dwError); } dwError = GetPreferredDCAddress( pszDomainName, &pszDCHostname); BAIL_ON_MAC_ERROR(dwError); dwError = LwCreateDirectory( pszDestFolder, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); BAIL_ON_MAC_ERROR(dwError); dwError = LwAllocateStringPrintf( &pszFQSrcPath, "//%s/sysvol/%s", pszDCHostname, *pszSourceFolder == '/' ? pszSourceFolder+1 : pszSourceFolder); BAIL_ON_MAC_ERROR(dwError); LOG("Calling ADUSMBGetFolder(Src:%s, Dest:%s)", pszFQSrcPath, pszDestFolder); dwError = ADUCopyDirFromRemote( pszFQSrcPath, pszDestFolder); BAIL_ON_MAC_ERROR(dwError); cleanup: LW_SAFE_FREE_STRING( pszFQSrcPath ); LW_SAFE_FREE_STRING(pszDCHostname); return dwError; error: goto cleanup; }
DWORD CacheUserLoginMessage( PSTR pszHomeDirPath, PSTR pszMessage ) { DWORD dwError = MAC_AD_ERROR_SUCCESS; PSTR pszFileDir = NULL; PSTR pszFilePath = NULL; BOOLEAN bDirExists = FALSE; FILE * fp = NULL; int len = 0; if (!pszMessage || strlen(pszMessage) == 0) { goto error; } if (!pszHomeDirPath || strlen(pszHomeDirPath) == 0) { goto error; } LOG("Saving user login message to [homedir: %s]", pszHomeDirPath); dwError = LwAllocateStringPrintf(&pszFileDir, "%s/Library/Preferences", pszHomeDirPath); BAIL_ON_MAC_ERROR(dwError); dwError = LwAllocateStringPrintf(&pszFilePath, "%s/login-message", pszFileDir); BAIL_ON_MAC_ERROR(dwError); dwError = LwCheckFileTypeExists(pszFileDir, LWFILE_DIRECTORY, &bDirExists); BAIL_ON_MAC_ERROR(dwError); if (bDirExists == FALSE) { dwError = LwCreateDirectory(pszFileDir, S_IRUSR|S_IRGRP|S_IROTH); BAIL_ON_MAC_ERROR(dwError); } fp = fopen(pszFilePath, "w"); if (fp) { len = fwrite(pszMessage, sizeof(char), strlen(pszMessage), fp); if (len < strlen(pszMessage)) { dwError = ENOMEM; BAIL_ON_MAC_ERROR(dwError); } } error: LW_SAFE_FREE_STRING(pszFilePath); LW_SAFE_FREE_STRING(pszFileDir); if (fp) { fclose(fp); } return dwError; }
DWORD CacheUserAttributes( uid_t uid, PGPUSER_AD_ATTRS pUserADAttrs ) { DWORD dwError = MAC_AD_ERROR_SUCCESS; PSTR pszFileDir = NULL; PSTR pszFilePath = NULL; PCFGSECTION pUserSettingsList = NULL; PCFGSECTION pADSection_Name = NULL; PCFGSECTION pADSection_EMail = NULL; PCFGSECTION pADSection_Phone = NULL; PCFGSECTION pADSection_Address = NULL; PCFGSECTION pADSection_Work = NULL; PCFGSECTION pADSection_Network = NULL; BOOLEAN bDirExists = FALSE; LOG("Saving user attributes to user logon cache [uid: %ld, display name: %s]", (long)uid, pUserADAttrs->pszDisplayName ? pUserADAttrs->pszDisplayName : "<null>"); dwError = LwAllocateStringPrintf(&pszFileDir, "/var/lib/pbis/lwedsplugin/user-cache/%ld", (long) uid); BAIL_ON_MAC_ERROR(dwError); dwError = LwAllocateStringPrintf(&pszFilePath, "/var/lib/pbis/lwedsplugin/user-cache/%ld/ad-user-attrs", (long) uid); BAIL_ON_MAC_ERROR(dwError); dwError = LwCheckFileTypeExists(pszFileDir, LWFILE_DIRECTORY, &bDirExists); BAIL_ON_MAC_ERROR(dwError); if (bDirExists == FALSE) { dwError = LwCreateDirectory(pszFileDir, S_IRUSR|S_IRGRP|S_IROTH); BAIL_ON_MAC_ERROR(dwError); } dwError = LWCreateConfigSection(&pUserSettingsList, &pADSection_Name, "User AD Name Attributes"); BAIL_ON_MAC_ERROR(dwError); dwError = LWCreateConfigSection(&pADSection_EMail, &pADSection_EMail, "User AD EMail Attributes"); BAIL_ON_MAC_ERROR(dwError); dwError = LWCreateConfigSection(&pADSection_Phone, &pADSection_Phone, "User AD Phone Attributes"); BAIL_ON_MAC_ERROR(dwError); dwError = LWCreateConfigSection(&pADSection_Address, &pADSection_Address, "User AD Address Attributes"); BAIL_ON_MAC_ERROR(dwError); dwError = LWCreateConfigSection(&pADSection_Work, &pADSection_Work, "User AD Work Attributes"); BAIL_ON_MAC_ERROR(dwError); dwError = LWCreateConfigSection(&pADSection_Network, &pADSection_Network, "User AD Network Settings Attributes"); BAIL_ON_MAC_ERROR(dwError); pADSection_Name->pNext = pADSection_EMail; pADSection_EMail->pNext = pADSection_Phone; pADSection_Phone->pNext = pADSection_Address; pADSection_Address->pNext = pADSection_Work; pADSection_Work->pNext = pADSection_Network; if (pUserADAttrs->pszDisplayName) { dwError = LWSetConfigValueBySection(pUserSettingsList, "displayName", pUserADAttrs->pszDisplayName); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszFirstName) { dwError = LWSetConfigValueBySection(pADSection_Name, "givenName", pUserADAttrs->pszFirstName); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszLastName) { dwError = LWSetConfigValueBySection(pADSection_Name, "sn", pUserADAttrs->pszLastName); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszADDomain) { dwError = LWSetConfigValueBySection(pADSection_Name, "userDomain", pUserADAttrs->pszADDomain); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszKerberosPrincipal) { dwError = LWSetConfigValueBySection(pADSection_Name, "userPrincipalName", pUserADAttrs->pszKerberosPrincipal); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszEMailAddress) { dwError = LWSetConfigValueBySection(pADSection_EMail, "mail", pUserADAttrs->pszEMailAddress); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszMSExchHomeServerName) { dwError = LWSetConfigValueBySection(pADSection_EMail, "msExchHomeServerName", pUserADAttrs->pszMSExchHomeServerName); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszMSExchHomeMDB) { dwError = LWSetConfigValueBySection(pADSection_EMail, "homeMDB", pUserADAttrs->pszMSExchHomeMDB); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszTelephoneNumber) { dwError = LWSetConfigValueBySection(pADSection_Phone, "telephoneNumber", pUserADAttrs->pszTelephoneNumber); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszFaxTelephoneNumber) { dwError = LWSetConfigValueBySection(pADSection_Phone, "facsimileTelephoneNumber", pUserADAttrs->pszFaxTelephoneNumber); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszMobileTelephoneNumber) { dwError = LWSetConfigValueBySection(pADSection_Phone, "mobile", pUserADAttrs->pszMobileTelephoneNumber); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszStreetAddress) { dwError = LWSetConfigValueBySection(pADSection_Address, "streetAddress", pUserADAttrs->pszStreetAddress); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszPostOfficeBox) { dwError = LWSetConfigValueBySection(pADSection_Address, "postOfficeBox", pUserADAttrs->pszPostOfficeBox); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszCity) { dwError = LWSetConfigValueBySection(pADSection_Address, "l", pUserADAttrs->pszCity); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszState) { dwError = LWSetConfigValueBySection(pADSection_Address, "st", pUserADAttrs->pszState); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszPostalCode) { dwError = LWSetConfigValueBySection(pADSection_Address, "postalCode", pUserADAttrs->pszPostalCode); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszCountry) { dwError = LWSetConfigValueBySection(pADSection_Address, "co", pUserADAttrs->pszCountry); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszTitle) { dwError = LWSetConfigValueBySection(pADSection_Work, "title", pUserADAttrs->pszTitle); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszCompany) { dwError = LWSetConfigValueBySection(pADSection_Work, "company", pUserADAttrs->pszCompany); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszDepartment) { dwError = LWSetConfigValueBySection(pADSection_Work, "department", pUserADAttrs->pszDepartment); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszHomeDirectory) { dwError = LWSetConfigValueBySection(pADSection_Network, "homeDirectory", pUserADAttrs->pszHomeDirectory); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszHomeDrive) { dwError = LWSetConfigValueBySection(pADSection_Network, "homeDrive", pUserADAttrs->pszHomeDrive); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszPasswordLastSet) { dwError = LWSetConfigValueBySection(pADSection_Network, "pwdLastSet", pUserADAttrs->pszPasswordLastSet); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszUserAccountControl) { dwError = LWSetConfigValueBySection(pADSection_Network, "userAccountControl", pUserADAttrs->pszUserAccountControl); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszMaxMinutesUntilChangePassword) { dwError = LWSetConfigValueBySection(pADSection_Network, "maxPwdAge", pUserADAttrs->pszMaxMinutesUntilChangePassword); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszMinMinutesUntilChangePassword) { dwError = LWSetConfigValueBySection(pADSection_Network, "minPwdAge", pUserADAttrs->pszMinMinutesUntilChangePassword); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszMaxFailedLoginAttempts) { dwError = LWSetConfigValueBySection(pADSection_Network, "lockoutThreshhold", pUserADAttrs->pszMaxFailedLoginAttempts); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszAllowedPasswordHistory) { dwError = LWSetConfigValueBySection(pADSection_Network, "pwdHistoryLength", pUserADAttrs->pszAllowedPasswordHistory); BAIL_ON_MAC_ERROR(dwError); } if (pUserADAttrs->pszMinCharsAllowedInPassword) { dwError = LWSetConfigValueBySection(pADSection_Network, "minPwdLength", pUserADAttrs->pszMinCharsAllowedInPassword); BAIL_ON_MAC_ERROR(dwError); } dwError = LWSaveConfigSectionList(pszFilePath, pUserSettingsList); BAIL_ON_MAC_ERROR(dwError); error: LW_SAFE_FREE_STRING(pszFilePath); LW_SAFE_FREE_STRING(pszFileDir); LWFreeConfigSectionList(pUserSettingsList); pUserSettingsList = NULL; return dwError; }
DWORD LWNetSrvStartListenThread( void ) { PSTR pszCachePath = NULL; PSTR pszCommPath = NULL; BOOLEAN bDirExists = FALSE; DWORD dwError = 0; dwError = LWNetSrvGetCachePath(&pszCachePath); BAIL_ON_LWNET_ERROR(dwError); dwError = LwCheckFileTypeExists( pszCachePath, LWFILE_DIRECTORY, &bDirExists); BAIL_ON_LWNET_ERROR(dwError); if (!bDirExists) { // Directory should be RWX for root and accessible to all // (so they can see the socket. mode_t mode = S_IRWXU | S_IRGRP| S_IXGRP | S_IROTH | S_IXOTH; dwError = LwCreateDirectory(pszCachePath, mode); BAIL_ON_LWNET_ERROR(dwError); } dwError = LwAllocateStringPrintf(&pszCommPath, "%s/%s", pszCachePath, LWNET_SERVER_FILENAME); BAIL_ON_LWNET_ERROR(dwError); dwError = MAP_LWMSG_ERROR(lwmsg_context_new(NULL, &gpContext)); BAIL_ON_LWNET_ERROR(dwError); lwmsg_context_set_log_function(gpContext, LWNetSrvLogIpc, NULL); /* Set up IPC protocol object */ dwError = MAP_LWMSG_ERROR(lwmsg_protocol_new(gpContext, &gpProtocol)); BAIL_ON_LWNET_ERROR(dwError); dwError = MAP_LWMSG_ERROR(lwmsg_protocol_add_protocol_spec( gpProtocol, LWNetIPCGetProtocolSpec())); BAIL_ON_LWNET_ERROR(dwError); /* Set up IPC server object */ dwError = MAP_LWMSG_ERROR(lwmsg_peer_new(gpContext, gpProtocol, &gpServer)); BAIL_ON_LWNET_ERROR(dwError); dwError = MAP_LWMSG_ERROR(lwmsg_peer_add_dispatch_spec( gpServer, LWNetSrvGetDispatchSpec())); BAIL_ON_LWNET_ERROR(dwError); dwError = MAP_LWMSG_ERROR(lwmsg_peer_add_listen_endpoint( gpServer, LWMSG_ENDPOINT_DIRECT, "netlogon", 0)); BAIL_ON_LWNET_ERROR(dwError); dwError = MAP_LWMSG_ERROR(lwmsg_peer_add_listen_endpoint( gpServer, LWMSG_ENDPOINT_LOCAL, pszCommPath, 0666)); BAIL_ON_LWNET_ERROR(dwError); dwError = MAP_LWMSG_ERROR(lwmsg_peer_start_listen(gpServer)); error: LWNET_SAFE_FREE_STRING(pszCachePath); LWNET_SAFE_FREE_STRING(pszCommPath); if (dwError) { if (gpServer) { lwmsg_peer_stop_listen(gpServer); lwmsg_peer_delete(gpServer); gpServer = NULL; } } return dwError; }
DWORD LwTaskRepositoryInit(VOID) { DWORD dwError = 0; PCSTR pszDbDirPath = LW_TASK_DB_DIR; PCSTR pszDbPath = LW_TASK_DB; BOOLEAN bExists = FALSE; BOOLEAN bCleanupDb = FALSE; PLW_TASK_DB_CONTEXT pDbContext = NULL; pthread_rwlock_init(&gLwTaskDbGlobals.mutex, NULL); gLwTaskDbGlobals.pMutex = &gLwTaskDbGlobals.mutex; dwError = LwCheckFileTypeExists( pszDbDirPath, LWFILE_DIRECTORY, &bExists); BAIL_ON_LW_TASK_ERROR(dwError); if (!bExists) { mode_t mode = S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH; /* Allow go+rx to the base folder */ dwError = LwCreateDirectory(pszDbDirPath, mode); BAIL_ON_LW_TASK_ERROR(dwError); } /* restrict access to u+rwx to the db folder */ dwError = LwChangeOwnerAndPermissions( pszDbDirPath, 0, /* uid: root */ 0, /* gid: root */ S_IRWXU); BAIL_ON_LW_TASK_ERROR(dwError); dwError = LwCheckFileTypeExists(pszDbPath, LWFILE_REGULAR, &bExists); BAIL_ON_LW_TASK_ERROR(dwError); if (!bExists) { dwError = LwTaskDbOpen(&pDbContext); BAIL_ON_LW_TASK_ERROR(dwError); bCleanupDb = TRUE; dwError = LwTaskDbCreateTables(pDbContext); BAIL_ON_LW_TASK_ERROR(dwError); dwError = LwTaskDbAddDefaultEntries(pDbContext); BAIL_ON_LW_TASK_ERROR(dwError); dwError = LwChangeOwnerAndPermissions( pszDbPath, 0, /* uid: root */ 0, /* gid: root */ S_IRWXU); BAIL_ON_LW_TASK_ERROR(dwError); } cleanup: if (pDbContext) { LwTaskDbClose(pDbContext); } return dwError; error: if (bCleanupDb) { LwRemoveFile(pszDbPath); } goto cleanup; }