DWORD
ADUKrb5GetSystemCachePath(
PSTR* ppszCachePath
)
{
DWORD dwError = 0;
PSTR pszCachePath = NULL;
BOOLEAN bDirExists = FALSE;
dwError = LwCheckFileTypeExists(LWDS_ADMIN_CACHE_DIR, LWFILE_DIRECTORY, &bDirExists);
BAIL_ON_MAC_ERROR(dwError);
if (!bDirExists)
{
dwError = LwCreateDirectory(LWDS_ADMIN_CACHE_DIR, S_IRUSR|S_IRGRP|S_IROTH);
BAIL_ON_MAC_ERROR(dwError);
}
dwError = LwAllocateString(
"FILE:" MACADUTIL_KRB5_CACHEPATH,
&pszCachePath);
BAIL_ON_MAC_ERROR(dwError);
*ppszCachePath = pszCachePath;
cleanup:
return dwError;
error:
*ppszCachePath = NULL;
goto cleanup;
}
DWORD
ADUSMBGetFolder(
PSTR pszDomainName,
PSTR pszSourceFolder,
PSTR pszDestFolder
)
{
DWORD dwError = MAC_AD_ERROR_SUCCESS;
PSTR pszFQSrcPath = NULL;
PSTR pszDCHostname = NULL;
if (IsNullOrEmptyString(pszDomainName) ||
IsNullOrEmptyString(pszSourceFolder) ||
IsNullOrEmptyString(pszDestFolder))
{
dwError = MAC_AD_ERROR_INVALID_PARAMETER;
BAIL_ON_MAC_ERROR(dwError);
}
dwError = GetPreferredDCAddress(
pszDomainName,
&pszDCHostname);
BAIL_ON_MAC_ERROR(dwError);
dwError = LwCreateDirectory(
pszDestFolder,
S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
BAIL_ON_MAC_ERROR(dwError);
dwError = LwAllocateStringPrintf(
&pszFQSrcPath,
"//%s/sysvol/%s",
pszDCHostname,
*pszSourceFolder == '/' ? pszSourceFolder+1 : pszSourceFolder);
BAIL_ON_MAC_ERROR(dwError);
LOG("Calling ADUSMBGetFolder(Src:%s, Dest:%s)", pszFQSrcPath, pszDestFolder);
dwError = ADUCopyDirFromRemote(
pszFQSrcPath,
pszDestFolder);
BAIL_ON_MAC_ERROR(dwError);
cleanup:
LW_SAFE_FREE_STRING( pszFQSrcPath );
LW_SAFE_FREE_STRING(pszDCHostname);
return dwError;
error:
goto cleanup;
}
DWORD
CacheUserLoginMessage(
PSTR pszHomeDirPath,
PSTR pszMessage
)
{
DWORD dwError = MAC_AD_ERROR_SUCCESS;
PSTR pszFileDir = NULL;
PSTR pszFilePath = NULL;
BOOLEAN bDirExists = FALSE;
FILE * fp = NULL;
int len = 0;
if (!pszMessage || strlen(pszMessage) == 0)
{
goto error;
}
if (!pszHomeDirPath || strlen(pszHomeDirPath) == 0)
{
goto error;
}
LOG("Saving user login message to [homedir: %s]", pszHomeDirPath);
dwError = LwAllocateStringPrintf(&pszFileDir, "%s/Library/Preferences", pszHomeDirPath);
BAIL_ON_MAC_ERROR(dwError);
dwError = LwAllocateStringPrintf(&pszFilePath, "%s/login-message", pszFileDir);
BAIL_ON_MAC_ERROR(dwError);
dwError = LwCheckFileTypeExists(pszFileDir, LWFILE_DIRECTORY, &bDirExists);
BAIL_ON_MAC_ERROR(dwError);
if (bDirExists == FALSE)
{
dwError = LwCreateDirectory(pszFileDir, S_IRUSR|S_IRGRP|S_IROTH);
BAIL_ON_MAC_ERROR(dwError);
}
fp = fopen(pszFilePath, "w");
if (fp)
{
len = fwrite(pszMessage, sizeof(char), strlen(pszMessage), fp);
if (len < strlen(pszMessage))
{
dwError = ENOMEM;
BAIL_ON_MAC_ERROR(dwError);
}
}
error:
LW_SAFE_FREE_STRING(pszFilePath);
LW_SAFE_FREE_STRING(pszFileDir);
if (fp)
{
fclose(fp);
}
return dwError;
}
DWORD
CacheUserAttributes(
uid_t uid,
PGPUSER_AD_ATTRS pUserADAttrs
)
{
DWORD dwError = MAC_AD_ERROR_SUCCESS;
PSTR pszFileDir = NULL;
PSTR pszFilePath = NULL;
PCFGSECTION pUserSettingsList = NULL;
PCFGSECTION pADSection_Name = NULL;
PCFGSECTION pADSection_EMail = NULL;
PCFGSECTION pADSection_Phone = NULL;
PCFGSECTION pADSection_Address = NULL;
PCFGSECTION pADSection_Work = NULL;
PCFGSECTION pADSection_Network = NULL;
BOOLEAN bDirExists = FALSE;
LOG("Saving user attributes to user logon cache [uid: %ld, display name: %s]",
(long)uid,
pUserADAttrs->pszDisplayName ? pUserADAttrs->pszDisplayName : "<null>");
dwError = LwAllocateStringPrintf(&pszFileDir, "/var/lib/pbis/lwedsplugin/user-cache/%ld", (long) uid);
BAIL_ON_MAC_ERROR(dwError);
dwError = LwAllocateStringPrintf(&pszFilePath, "/var/lib/pbis/lwedsplugin/user-cache/%ld/ad-user-attrs", (long) uid);
BAIL_ON_MAC_ERROR(dwError);
dwError = LwCheckFileTypeExists(pszFileDir, LWFILE_DIRECTORY, &bDirExists);
BAIL_ON_MAC_ERROR(dwError);
if (bDirExists == FALSE)
{
dwError = LwCreateDirectory(pszFileDir, S_IRUSR|S_IRGRP|S_IROTH);
BAIL_ON_MAC_ERROR(dwError);
}
dwError = LWCreateConfigSection(&pUserSettingsList,
&pADSection_Name,
"User AD Name Attributes");
BAIL_ON_MAC_ERROR(dwError);
dwError = LWCreateConfigSection(&pADSection_EMail,
&pADSection_EMail,
"User AD EMail Attributes");
BAIL_ON_MAC_ERROR(dwError);
dwError = LWCreateConfigSection(&pADSection_Phone,
&pADSection_Phone,
"User AD Phone Attributes");
BAIL_ON_MAC_ERROR(dwError);
dwError = LWCreateConfigSection(&pADSection_Address,
&pADSection_Address,
"User AD Address Attributes");
BAIL_ON_MAC_ERROR(dwError);
dwError = LWCreateConfigSection(&pADSection_Work,
&pADSection_Work,
"User AD Work Attributes");
BAIL_ON_MAC_ERROR(dwError);
dwError = LWCreateConfigSection(&pADSection_Network,
&pADSection_Network,
"User AD Network Settings Attributes");
BAIL_ON_MAC_ERROR(dwError);
pADSection_Name->pNext = pADSection_EMail;
pADSection_EMail->pNext = pADSection_Phone;
pADSection_Phone->pNext = pADSection_Address;
pADSection_Address->pNext = pADSection_Work;
pADSection_Work->pNext = pADSection_Network;
if (pUserADAttrs->pszDisplayName)
{
dwError = LWSetConfigValueBySection(pUserSettingsList,
"displayName",
pUserADAttrs->pszDisplayName);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszFirstName)
{
dwError = LWSetConfigValueBySection(pADSection_Name,
"givenName",
pUserADAttrs->pszFirstName);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszLastName)
{
dwError = LWSetConfigValueBySection(pADSection_Name,
"sn",
pUserADAttrs->pszLastName);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszADDomain)
{
dwError = LWSetConfigValueBySection(pADSection_Name,
"userDomain",
pUserADAttrs->pszADDomain);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszKerberosPrincipal)
{
dwError = LWSetConfigValueBySection(pADSection_Name,
"userPrincipalName",
pUserADAttrs->pszKerberosPrincipal);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszEMailAddress)
{
dwError = LWSetConfigValueBySection(pADSection_EMail,
"mail",
pUserADAttrs->pszEMailAddress);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszMSExchHomeServerName)
{
dwError = LWSetConfigValueBySection(pADSection_EMail,
"msExchHomeServerName",
pUserADAttrs->pszMSExchHomeServerName);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszMSExchHomeMDB)
{
dwError = LWSetConfigValueBySection(pADSection_EMail,
"homeMDB",
pUserADAttrs->pszMSExchHomeMDB);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszTelephoneNumber)
{
dwError = LWSetConfigValueBySection(pADSection_Phone,
"telephoneNumber",
pUserADAttrs->pszTelephoneNumber);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszFaxTelephoneNumber)
{
dwError = LWSetConfigValueBySection(pADSection_Phone,
"facsimileTelephoneNumber",
pUserADAttrs->pszFaxTelephoneNumber);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszMobileTelephoneNumber)
{
dwError = LWSetConfigValueBySection(pADSection_Phone,
"mobile",
pUserADAttrs->pszMobileTelephoneNumber);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszStreetAddress)
{
dwError = LWSetConfigValueBySection(pADSection_Address,
"streetAddress",
pUserADAttrs->pszStreetAddress);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszPostOfficeBox)
{
dwError = LWSetConfigValueBySection(pADSection_Address,
"postOfficeBox",
pUserADAttrs->pszPostOfficeBox);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszCity)
{
dwError = LWSetConfigValueBySection(pADSection_Address,
"l",
pUserADAttrs->pszCity);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszState)
{
dwError = LWSetConfigValueBySection(pADSection_Address,
"st",
pUserADAttrs->pszState);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszPostalCode)
{
dwError = LWSetConfigValueBySection(pADSection_Address,
"postalCode",
pUserADAttrs->pszPostalCode);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszCountry)
{
dwError = LWSetConfigValueBySection(pADSection_Address,
"co",
pUserADAttrs->pszCountry);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszTitle)
{
dwError = LWSetConfigValueBySection(pADSection_Work,
"title",
pUserADAttrs->pszTitle);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszCompany)
{
dwError = LWSetConfigValueBySection(pADSection_Work,
"company",
pUserADAttrs->pszCompany);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszDepartment)
{
dwError = LWSetConfigValueBySection(pADSection_Work,
"department",
pUserADAttrs->pszDepartment);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszHomeDirectory)
{
dwError = LWSetConfigValueBySection(pADSection_Network,
"homeDirectory",
pUserADAttrs->pszHomeDirectory);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszHomeDrive)
{
dwError = LWSetConfigValueBySection(pADSection_Network,
"homeDrive",
pUserADAttrs->pszHomeDrive);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszPasswordLastSet)
{
dwError = LWSetConfigValueBySection(pADSection_Network,
"pwdLastSet",
pUserADAttrs->pszPasswordLastSet);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszUserAccountControl)
{
dwError = LWSetConfigValueBySection(pADSection_Network,
"userAccountControl",
pUserADAttrs->pszUserAccountControl);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszMaxMinutesUntilChangePassword)
{
dwError = LWSetConfigValueBySection(pADSection_Network,
"maxPwdAge",
pUserADAttrs->pszMaxMinutesUntilChangePassword);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszMinMinutesUntilChangePassword)
{
dwError = LWSetConfigValueBySection(pADSection_Network,
"minPwdAge",
pUserADAttrs->pszMinMinutesUntilChangePassword);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszMaxFailedLoginAttempts)
{
dwError = LWSetConfigValueBySection(pADSection_Network,
"lockoutThreshhold",
pUserADAttrs->pszMaxFailedLoginAttempts);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszAllowedPasswordHistory)
{
dwError = LWSetConfigValueBySection(pADSection_Network,
"pwdHistoryLength",
pUserADAttrs->pszAllowedPasswordHistory);
BAIL_ON_MAC_ERROR(dwError);
}
if (pUserADAttrs->pszMinCharsAllowedInPassword)
{
dwError = LWSetConfigValueBySection(pADSection_Network,
"minPwdLength",
pUserADAttrs->pszMinCharsAllowedInPassword);
BAIL_ON_MAC_ERROR(dwError);
}
dwError = LWSaveConfigSectionList(pszFilePath, pUserSettingsList);
BAIL_ON_MAC_ERROR(dwError);
error:
LW_SAFE_FREE_STRING(pszFilePath);
LW_SAFE_FREE_STRING(pszFileDir);
LWFreeConfigSectionList(pUserSettingsList);
pUserSettingsList = NULL;
return dwError;
}
DWORD
LWNetSrvStartListenThread(
void
)
{
PSTR pszCachePath = NULL;
PSTR pszCommPath = NULL;
BOOLEAN bDirExists = FALSE;
DWORD dwError = 0;
dwError = LWNetSrvGetCachePath(&pszCachePath);
BAIL_ON_LWNET_ERROR(dwError);
dwError = LwCheckFileTypeExists(
pszCachePath,
LWFILE_DIRECTORY,
&bDirExists);
BAIL_ON_LWNET_ERROR(dwError);
if (!bDirExists)
{
// Directory should be RWX for root and accessible to all
// (so they can see the socket.
mode_t mode = S_IRWXU | S_IRGRP| S_IXGRP | S_IROTH | S_IXOTH;
dwError = LwCreateDirectory(pszCachePath, mode);
BAIL_ON_LWNET_ERROR(dwError);
}
dwError = LwAllocateStringPrintf(&pszCommPath, "%s/%s",
pszCachePath, LWNET_SERVER_FILENAME);
BAIL_ON_LWNET_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_context_new(NULL, &gpContext));
BAIL_ON_LWNET_ERROR(dwError);
lwmsg_context_set_log_function(gpContext, LWNetSrvLogIpc, NULL);
/* Set up IPC protocol object */
dwError = MAP_LWMSG_ERROR(lwmsg_protocol_new(gpContext, &gpProtocol));
BAIL_ON_LWNET_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_protocol_add_protocol_spec(
gpProtocol,
LWNetIPCGetProtocolSpec()));
BAIL_ON_LWNET_ERROR(dwError);
/* Set up IPC server object */
dwError = MAP_LWMSG_ERROR(lwmsg_peer_new(gpContext, gpProtocol, &gpServer));
BAIL_ON_LWNET_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_peer_add_dispatch_spec(
gpServer,
LWNetSrvGetDispatchSpec()));
BAIL_ON_LWNET_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_peer_add_listen_endpoint(
gpServer,
LWMSG_ENDPOINT_DIRECT,
"netlogon",
0));
BAIL_ON_LWNET_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_peer_add_listen_endpoint(
gpServer,
LWMSG_ENDPOINT_LOCAL,
pszCommPath,
0666));
BAIL_ON_LWNET_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_peer_start_listen(gpServer));
error:
LWNET_SAFE_FREE_STRING(pszCachePath);
LWNET_SAFE_FREE_STRING(pszCommPath);
if (dwError)
{
if (gpServer)
{
lwmsg_peer_stop_listen(gpServer);
lwmsg_peer_delete(gpServer);
gpServer = NULL;
}
}
return dwError;
}
DWORD LwTaskRepositoryInit(VOID)
{
DWORD dwError = 0;
PCSTR pszDbDirPath = LW_TASK_DB_DIR;
PCSTR pszDbPath = LW_TASK_DB;
BOOLEAN bExists = FALSE;
BOOLEAN bCleanupDb = FALSE;
PLW_TASK_DB_CONTEXT pDbContext = NULL;
pthread_rwlock_init(&gLwTaskDbGlobals.mutex, NULL);
gLwTaskDbGlobals.pMutex = &gLwTaskDbGlobals.mutex;
dwError = LwCheckFileTypeExists(
pszDbDirPath,
LWFILE_DIRECTORY,
&bExists);
BAIL_ON_LW_TASK_ERROR(dwError);
if (!bExists)
{
mode_t mode = S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH;
/* Allow go+rx to the base folder */
dwError = LwCreateDirectory(pszDbDirPath, mode);
BAIL_ON_LW_TASK_ERROR(dwError);
}
/* restrict access to u+rwx to the db folder */
dwError = LwChangeOwnerAndPermissions(
pszDbDirPath,
0, /* uid: root */
0, /* gid: root */
S_IRWXU);
BAIL_ON_LW_TASK_ERROR(dwError);
dwError = LwCheckFileTypeExists(pszDbPath, LWFILE_REGULAR, &bExists);
BAIL_ON_LW_TASK_ERROR(dwError);
if (!bExists)
{
dwError = LwTaskDbOpen(&pDbContext);
BAIL_ON_LW_TASK_ERROR(dwError);
bCleanupDb = TRUE;
dwError = LwTaskDbCreateTables(pDbContext);
BAIL_ON_LW_TASK_ERROR(dwError);
dwError = LwTaskDbAddDefaultEntries(pDbContext);
BAIL_ON_LW_TASK_ERROR(dwError);
dwError = LwChangeOwnerAndPermissions(
pszDbPath,
0, /* uid: root */
0, /* gid: root */
S_IRWXU);
BAIL_ON_LW_TASK_ERROR(dwError);
}
cleanup:
if (pDbContext)
{
LwTaskDbClose(pDbContext);
}
return dwError;
error:
if (bCleanupDb)
{
LwRemoveFile(pszDbPath);
}
goto cleanup;
}
