DWORD
VMCAGetDSEServerName(
PVMCA_LDAP_CONTEXT pContext,
PSTR* ppServerName
)
{
DWORD dwError = 0;
PCHAR ServerNameAttr = "servername";
PSTR pszServerName = NULL;
if (ppServerName == NULL)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_ERROR(dwError);
}
dwError = VMCAGetDSERootAttribute(
pContext,
ServerNameAttr,
&pszServerName);
BAIL_ON_ERROR(dwError);
*ppServerName = pszServerName;
cleanup:
return dwError;
error :
if (ppServerName)
{
*ppServerName = NULL;
}
goto cleanup;
}
DWORD
VMCAGetDefaultDomainName2(
PVMCA_LDAP_CONTEXT pConnection,
PSTR* ppDomainName
)
{
DWORD dwError = 0;
PCHAR pszDomainNameAttr = "rootdomainnamingcontext";
PSTR pszDomainName = NULL;
if (ppDomainName == NULL)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_ERROR(dwError);
}
dwError = VMCAGetDSERootAttribute(
pConnection,
pszDomainNameAttr,
&pszDomainName);
BAIL_ON_ERROR(dwError);
*ppDomainName = pszDomainName;
cleanup:
return dwError;
error :
if (ppDomainName)
{
*ppDomainName = NULL;
}
goto cleanup;
}
static
DWORD
VMCASrvUpdateRootCerts(
PVMCA_DIR_SYNC_PARAMS pDirSyncParams,
PBOOLEAN pbSynced
)
{
DWORD dwError = 0;
PVMCA_X509_CA pCA = NULL;
PSTR pszAccount = NULL;
PSTR pszPassword = NULL;
PSTR pszDomainName = NULL;
PSTR pszCAContainerDN = NULL;
PSTR pszCertificate = NULL;
PSTR pszCRL = NULL;
X509_CRL* pCrl = NULL;
DWORD dwCount = 0;
DWORD dwIndex = 0;
PVMCA_LDAP_CONTEXT pContext = NULL;
PSTR pszUPN = NULL;
dwError = VMCASrvValidateCA();
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCASrvGetCA(&pCA);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCASrvGetMachineAccountInfoA(
&pszAccount,
&pszDomainName,
&pszPassword);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCAAllocateStringPrintfA(
&pszUPN,
"%s@%s",
pszAccount,
pszDomainName);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCALdapConnect(
"localhost",
0, /* use default port */
pszUPN,
pszPassword,
&pContext);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCAGetDSERootAttribute(
pContext,
"configurationNamingContext",
&pszCAContainerDN);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VmcaSrvReGenCRL(
&pCrl
);
BAIL_ON_VMCA_ERROR (dwError);
dwError = VMCACRLToPEM(
pCrl,
&pszCRL
);
BAIL_ON_VMCA_ERROR (dwError);
dwCount = sk_X509_num(pCA->skCAChain);
for (; dwIndex <dwCount; dwIndex++)
{
X509 *pCert = sk_X509_value(
pCA->skCAChain,
dwIndex
);
dwError = VMCAUpdatePkiCAAttribute(
pContext,
pszCAContainerDN,
pCert
);
BAIL_ON_VMCA_ERROR(dwError);
}
dwError = VMCAUpdateCrlCAAttribute(
pContext,
pszCAContainerDN,
pszCRL
);
BAIL_ON_VMCA_ERROR (dwError);
*pbSynced = TRUE;
cleanup:
VMCA_SAFE_FREE_STRINGA(pszUPN);
VMCA_SAFE_FREE_STRINGA(pszDomainName);
VMCA_SAFE_FREE_STRINGA(pszCertificate);
VMCA_SAFE_FREE_STRINGA(pszAccount);
VMCA_SAFE_FREE_STRINGA(pszPassword);
VMCA_SAFE_FREE_STRINGA(pszCRL);
if (pContext)
{
VMCALdapClose(pContext);
}
if (pCA)
{
VMCAReleaseCA(pCA);
}
return dwError;
error:
*pbSynced = FALSE;
VMCA_LOG_ERROR("Failed to update root certs due to error [%u]", dwError);
// TODO : Check specific errors
dwError = 0;
goto cleanup;
}
