DWORD VmAfdQueryCACertAndCrlAttributes( LDAP* pLotus, PVMAFD_CERT_ARRAY* ppCertificates, PVMAFD_CRL_FILE_CONTAINER* ppCrls ) { DWORD dwError = 0; PSTR pszFilter = "(objectClass=vmwCertificationAuthority)"; PSTR pszAttrCert = "cACertificate"; PSTR pszAttrCrl = "certificateRevocationList"; PSTR pszSearchBaseDN = NULL; PSTR pszDomainName = NULL; LDAPMessage* pSearchResult = NULL; LDAPMessage* pCAResult = NULL; PCHAR attrs[] = { pszAttrCert, pszAttrCrl, NULL}; int nCertCount = 0; int nCrlCount = 0; PVMAFD_CERT_ARRAY pCertArray = NULL; PVMAFD_CRL_FILE_CONTAINER pCrlContainer = NULL; struct berval** ppValues = NULL; if (!ppCertificates || !ppCrls) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); } dwError = VmAfdGetDefaultDomainName( pLotus, &pszDomainName); BAIL_ON_VMAFD_ERROR(dwError); dwError = VmAfdAllocateStringPrintf( &pszSearchBaseDN, "cn=Configuration,%s", pszDomainName); BAIL_ON_VMAFD_ERROR(dwError); dwError = ldap_search_ext_s( pLotus, pszSearchBaseDN, LDAP_SCOPE_SUBTREE, pszFilter, attrs, 0, /* get values and attrs */ NULL, NULL, NULL, 0, &pSearchResult); BAIL_ON_VMAFD_ERROR(dwError); for ( pCAResult = ldap_first_entry(pLotus, pSearchResult); pCAResult != NULL; pCAResult = ldap_next_entry(pLotus, pCAResult)) { nCertCount += VmAfdCountResultAttribute( pLotus, pCAResult, pszAttrCert); nCrlCount += VmAfdCountResultAttribute( pLotus, pCAResult, pszAttrCrl); } dwError = VmAfdAllocateMemory( sizeof(VMAFD_CERT_ARRAY), (PVOID*)&pCertArray); BAIL_ON_VMAFD_ERROR(dwError); pCertArray->dwCount = nCertCount; dwError = VmAfdAllocateMemory( sizeof(VMAFD_CRL_FILE_CONTAINER), (PVOID*)&pCrlContainer); BAIL_ON_VMAFD_ERROR(dwError); pCrlContainer->dwCount = nCrlCount; if (nCertCount || nCrlCount) { int certIndex = 0; int crlIndex = 0; if (nCertCount) { dwError = VmAfdAllocateMemory( sizeof(VMAFD_CERT_CONTAINER) * nCertCount, (PVOID*)&pCertArray->certificates); BAIL_ON_VMAFD_ERROR(dwError); } if (nCrlCount) { dwError = VmAfdAllocateMemory( sizeof(VMAFD_CRL_DATA) * nCrlCount, (PVOID*)&pCrlContainer->crls); BAIL_ON_VMAFD_ERROR(dwError); } for ( pCAResult = ldap_first_entry(pLotus, pSearchResult); pCAResult != NULL; pCAResult = ldap_next_entry(pLotus, pCAResult)) { // Copy certs ppValues = ldap_get_values_len( pLotus, pCAResult, pszAttrCert); if (ppValues) { int i = 0; while(ppValues[i]) { dwError = VmAfdAllocateMemory( sizeof(CHAR) * ppValues[i]->bv_len + 1, (PVOID)&pCertArray->certificates[certIndex].pCert); BAIL_ON_VMAFD_ERROR(dwError); memcpy( (PVOID) pCertArray->certificates[certIndex].pCert, (PVOID) ppValues[i]->bv_val, (size_t) ppValues[i]->bv_len); i++; certIndex++; } ldap_value_free_len(ppValues); ppValues = NULL; } // Copy CRLs ppValues = ldap_get_values_len( pLotus, pCAResult, pszAttrCrl); if (ppValues) { int i = 0; while(ppValues[i]) { dwError = VmAfdAllocateMemory( sizeof(CHAR) * ppValues[i]->bv_len + 1, (PVOID)&pCrlContainer->crls[crlIndex].buffer); BAIL_ON_VMAFD_ERROR(dwError); memcpy( (PVOID) pCrlContainer->crls[crlIndex].buffer, (PVOID) ppValues[i]->bv_val, (size_t) ppValues[i]->bv_len); i++; crlIndex++; } ldap_value_free_len(ppValues); ppValues = NULL; } } } *ppCertificates = pCertArray; *ppCrls = pCrlContainer; cleanup: VMAFD_SAFE_FREE_MEMORY(pszSearchBaseDN); VMAFD_SAFE_FREE_MEMORY(pszDomainName); if (ppValues != NULL) { ldap_value_free_len(ppValues); ppValues = NULL; } if(pSearchResult != NULL) { ldap_msgfree(pSearchResult); } return dwError; error: *ppCertificates = NULL; VMAFD_SAFE_FREE_MEMORY(pCrlContainer); if (ppCertificates) { *ppCertificates = NULL; } if(ppCrls) { *ppCrls = NULL; } if (pCertArray ) { VecsFreeCertArray(pCertArray); } goto cleanup; }
DWORD VmAfdGetDSERootAttribute( LDAP* pLotus, PSTR pszAttribute, PSTR* ppAttrValue ) { DWORD dwError = 0; // LDAP_SUCCESS PCHAR pDcFilter = "(objectClass=*)"; PCHAR pDcAttr[] = { pszAttribute, NULL }; PSTR pAttribute = NULL; BerElement* pBer = NULL; BerValue** ppValue = NULL; LDAPMessage* pSearchResult = NULL; LDAPMessage* pResults = NULL; dwError = ldap_search_ext_s( pLotus, "", LDAP_SCOPE_BASE, pDcFilter, pDcAttr, 0, NULL, NULL, NULL, 0, &pSearchResult); BAIL_ON_VMAFD_ERROR(dwError); if (ldap_count_entries(pLotus, pSearchResult) != 1) { dwError = ERROR_INVALID_STATE; BAIL_ON_VMAFD_ERROR(dwError); } pResults = ldap_first_entry(pLotus, pSearchResult); if (pResults == NULL) { ldap_get_option(pLotus, LDAP_OPT_ERROR_NUMBER, &dwError); BAIL_ON_VMAFD_ERROR(dwError); } pAttribute = ldap_first_attribute(pLotus,pResults,&pBer); if (pAttribute == NULL) { ldap_get_option(pLotus, LDAP_OPT_ERROR_NUMBER, &dwError); BAIL_ON_VMAFD_ERROR(dwError); } ppValue = ldap_get_values_len(pLotus, pResults, pAttribute); if (ppValue == NULL) { ldap_get_option(pLotus, LDAP_OPT_ERROR_NUMBER, &dwError); BAIL_ON_VMAFD_ERROR(dwError); } dwError = VmAfdAllocateStringA(ppValue[0]->bv_val, ppAttrValue); BAIL_ON_VMAFD_ERROR(dwError); cleanup: if (ppValue != NULL) { ldap_value_free_len(ppValue); } if (pAttribute != NULL) { ldap_memfree(pAttribute); } if (pBer != NULL) { ber_free(pBer,0); } if (pSearchResult != NULL) { ldap_msgfree(pSearchResult); } return dwError; error: *ppAttrValue = NULL; goto cleanup; }
DWORD VmAfdLDAPConnect( PSTR pszHostName, DWORD dwPort, PCSTR pszUpn, PCSTR pszPassword, LDAP** ppLotus ) { DWORD dwError = 0; LDAP* pDirectory = NULL; PSTR pszLdapURI = NULL; if (dwPort == 0) { dwPort = LDAP_PORT; } if (VmAfdIsIPV6AddrFormat(pszHostName)) { dwError = VmAfdAllocateStringPrintf( &pszLdapURI, "ldap://[%s]:%d", pszHostName, dwPort); } else { dwError = VmAfdAllocateStringPrintf( &pszLdapURI, "ldap://%s:%d", pszHostName, dwPort); } BAIL_ON_VMAFD_ERROR(dwError); dwError = VmDirSafeLDAPBind( &pDirectory, pszHostName, pszUpn, pszPassword); BAIL_ON_VMAFD_ERROR(dwError); *ppLotus = pDirectory; cleanup: VMAFD_SAFE_FREE_MEMORY(pszLdapURI); return dwError; error: *ppLotus = NULL; if (pDirectory != NULL) { ldap_unbind_ext(pDirectory, NULL, NULL); } goto cleanup; }
int _tmain(int argc, _TCHAR* targv[]) #endif { DWORD dwError = 0; int retCode = 0; PCSTR pszErrorMsg = NULL; PSTR pszErrorDesc = NULL; #ifdef _WIN32 char** allocArgv = NULL; PSTR* argv = NULL; #ifdef UNICODE dwError = VmAfdAllocateArgsAFromArgsW( argc, targv, &allocArgv ); BAIL_ON_VMAFD_ERROR(dwError); argv = allocArgv; #else /* ifndef UNICODE */ argv = targv; // non-unicode => targv is char #endif /* ifdef UNICODE */ #else /* ifndef _WIN32 */ setlocale(LC_ALL, ""); #endif /* ifdef _WIN32 */ dwError = ProcessArgs(argc, argv); BAIL_ON_VMAFD_ERROR(dwError); cleanup: VMAFD_SAFE_FREE_STRINGA(pszErrorDesc); return dwError; error: switch (dwError) { case ERROR_CANNOT_CONNECT_VMAFD: retCode = 20; pszErrorMsg = "Could not connect to the local service VMware AFD.\nVerify VMware AFD is running."; break; case VMDIR_ERROR_CANNOT_CONNECT_VMDIR: retCode = 21; pszErrorMsg = "Could not connect to the local service VMware Directory Service.\nVerify VMware Directory Service is running."; break; case ERROR_INVALID_CONFIGURATION: retCode = 22; pszErrorMsg = "Configuration is not correct.\nFirst boot scripts need to be executed."; break; case VMDIR_ERROR_SERVER_DOWN: retCode = 23; pszErrorMsg = "Could not connect to VMware Directory Service via LDAP.\nVerify VMware Directory Service is running on the appropriate system and is reachable from this host."; break; case VMDIR_ERROR_USER_INVALID_CREDENTIAL: retCode = 24; pszErrorMsg = "Authentication to VMware Directory Service failed.\nVerify the username and password."; break; case ERROR_ACCESS_DENIED: retCode = 25; pszErrorMsg = "Authorization failed.\nVerify account has proper administrative privileges."; break; case ERROR_INVALID_DOMAINNAME: retCode = 26; pszErrorMsg = "Failed to join the domain.\nThe domain name specified is invalid."; break; case ERROR_NO_SUCH_DOMAIN: retCode = 27; pszErrorMsg = "Failed to join the domain.\nA domain controller for the domain could not be located. Verify the DNS settings pertaining to this domain name."; break; case ERROR_PASSWORD_RESTRICTION: retCode = 28; pszErrorMsg = "Failed to join the domain.\nA required password was not specified or did not match complexity requirements."; break; case ERROR_HOST_DOWN: retCode = 29; pszErrorMsg = "Failed to join the domain.\nThe required service on the domain controller is unreachable."; break; default: retCode = 1; } if (retCode != 1) { fprintf( stderr, "domain-join failed, error= %s %u\n", pszErrorMsg, dwError); } else { if (!VmAfdGetErrorString(dwError, &pszErrorDesc)) { fprintf(stderr, "domain-join failed. Error %u: %s \n", dwError, pszErrorDesc); } else { fprintf(stderr, "domain-join failed with error: %u\n", dwError); } } goto cleanup; }
static DWORD ProcessLeave( int argc, char* argv[] ) { typedef enum { PARSE_MODE_OPEN = 0, PARSE_MODE_ACCOUNT, PARSE_MODE_PASSWORD } PARSE_MODE; DWORD dwError = 0; DWORD idx = 0; DWORD dwLeaveFlags = 0; PSTR pszLogin = NULL; PSTR pszPassword = NULL; PSTR pszPasswordNew = NULL; PARSE_MODE mode = PARSE_MODE_OPEN; for (; idx < argc; idx++) { PSTR pszArg = argv[idx]; switch (mode) { case PARSE_MODE_OPEN: if (!VmAfdStringCompareA(pszArg, "--username", TRUE)) { mode = PARSE_MODE_ACCOUNT; } else if (!VmAfdStringCompareA(pszArg, "--password", TRUE)) { mode = PARSE_MODE_PASSWORD; } else if (!VmAfdStringCompareA(pszArg, "--force", TRUE)) { dwLeaveFlags = dwLeaveFlags | VMAFD_DOMAIN_LEAVE_FLAGS_FORCE; mode = PARSE_MODE_OPEN; } else { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); } break; case PARSE_MODE_ACCOUNT: pszLogin = pszArg; mode = PARSE_MODE_OPEN; break; case PARSE_MODE_PASSWORD: pszPassword = pszArg; mode = PARSE_MODE_OPEN; break; default: dwError = ERROR_INVALID_STATE; BAIL_ON_VMAFD_ERROR(dwError); break; } } if (pszLogin && !pszPassword) { dwError = ReadPassword(&pszPasswordNew); BAIL_ON_VMAFD_ERROR(dwError); pszPassword = pszPasswordNew; } dwError = VmAfdLeaveDomain( pszLogin, pszPassword, dwLeaveFlags ); BAIL_ON_VMAFD_ERROR(dwError); cleanup: VMAFD_SAFE_FREE_MEMORY(pszPasswordNew); return dwError; error: goto cleanup; }
static DWORD ProcessJoin( int argc, char* argv[] ) { typedef enum { PARSE_MODE_OPEN = 0, PARSE_MODE_ACCOUNT, PARSE_MODE_PASSWORD, PARSE_MODE_ORGUNIT, PARSE_MODE_SITENAME } PARSE_MODE; DWORD dwError = 0; DWORD idx = 0; PSTR pszLogin = NULL; PSTR pszPassword = NULL; PSTR pszPasswordNew = NULL; PSTR pszDomain = NULL; PSTR pszOrgUnit = NULL; PSTR pszSiteName = NULL; PARSE_MODE mode = PARSE_MODE_OPEN; if (!argc) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); } for (; idx < argc; idx++) { PSTR pszArg = argv[idx]; switch (mode) { case PARSE_MODE_OPEN: if (!VmAfdStringCompareA(pszArg, "--username", TRUE)) { mode = PARSE_MODE_ACCOUNT; } else if (!VmAfdStringCompareA(pszArg, "--password", TRUE)) { mode = PARSE_MODE_PASSWORD; } else if (!VmAfdStringCompareA(pszArg, "--orgunit", TRUE)) { mode = PARSE_MODE_ORGUNIT; } else if (!VmAfdStringCompareA(pszArg, "--site", TRUE)) { mode = PARSE_MODE_SITENAME; } else { if (pszDomain) { dwError = ERROR_INVALID_COMMAND_LINE; BAIL_ON_VMAFD_ERROR(dwError); } pszDomain = pszArg; } break; case PARSE_MODE_ACCOUNT: pszLogin = pszArg; mode = PARSE_MODE_OPEN; break; case PARSE_MODE_PASSWORD: pszPassword = pszArg; mode = PARSE_MODE_OPEN; break; case PARSE_MODE_ORGUNIT: pszOrgUnit = pszArg; mode = PARSE_MODE_OPEN; break; case PARSE_MODE_SITENAME: pszSiteName = pszArg; mode = PARSE_MODE_OPEN; break; default: dwError = ERROR_INVALID_STATE; BAIL_ON_VMAFD_ERROR(dwError); break; } } if (!pszPassword) { dwError = ReadPassword(&pszPasswordNew); BAIL_ON_VMAFD_ERROR(dwError); pszPassword = pszPasswordNew; } if (!pszDomain) { dwError = ERROR_NO_SUCH_DOMAIN; BAIL_ON_VMAFD_ERROR(dwError); } if (!pszLogin) { pszLogin = "******"; } else if (strchr(pszLogin, (int)'@') != NULL) { fprintf(stderr, "Error: Username may not include domain\n"); dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); } dwError = VmAfdJoinDomainWithSite( pszDomain, pszLogin, pszPassword, pszOrgUnit, pszSiteName); BAIL_ON_VMAFD_ERROR(dwError); cleanup: VMAFD_SAFE_FREE_MEMORY(pszPasswordNew); return dwError; error: goto cleanup; }
static DWORD ProcessArgs( int argc, char* argv[] ) { DWORD dwError = 0; DWORD iArg = 0; DWORD dwArgsLeft = argc; PSTR pszArg = NULL; if (!argc || !argv) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); } iArg++; // skip first argument dwArgsLeft--; if (!dwArgsLeft) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); } pszArg = argv[iArg++]; dwArgsLeft--; if (!VmAfdStringCompareA(pszArg, "help", TRUE)) { ShowUsage(); } else if (!VmAfdStringCompareA(pszArg, "join", TRUE)) { dwError = ProcessJoin( dwArgsLeft, dwArgsLeft > 0 ? &argv[iArg] : NULL); } else if (!VmAfdStringCompareA(pszArg, "leave", TRUE)) { dwError = ProcessLeave( dwArgsLeft, dwArgsLeft > 0 ? &argv[iArg] : NULL); } else if (!VmAfdStringCompareA(pszArg, "info", TRUE)) { dwError = ProcessInfo( dwArgsLeft, dwArgsLeft > 0 ? &argv[iArg] : NULL); } else { dwError = ERROR_INVALID_PARAMETER; } BAIL_ON_VMAFD_ERROR(dwError); cleanup: return dwError; error: if (dwError == ERROR_INVALID_PARAMETER || dwError == ERROR_INVALID_COMMAND_LINE) { ShowUsage(); } goto cleanup; }