static
DWORD
VmAfdCliGetDCList(
PVM_AFD_CLI_CONTEXT pContext
)
{
DWORD dwError = 0;
DWORD dwServerCount = 0;
DWORD dwIndex = 0;
PSTR pszHostname = NULL;
PSTR pszAddress = NULL;
PVMAFD_DC_INFO_W pVmAfdDCInfoList = NULL;
if (!pContext)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR(dwError);
}
dwError = VmAfdGetDCList(
pContext->pszServerName,
pContext->pszDomainName,
&dwServerCount,
&pVmAfdDCInfoList
);
BAIL_ON_VMAFD_ERROR(dwError);
printf("Number of Server in the Domain = %d\n",dwServerCount);
for (; dwIndex < dwServerCount ; dwIndex++)
{
PVMAFD_DC_INFO_W pDCInfo = &pVmAfdDCInfoList[dwIndex];
dwError = VmAfdAllocateStringAFromW(pDCInfo->pwszHostName,&pszHostname);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringAFromW(pDCInfo->pwszAddress,&pszAddress);
BAIL_ON_VMAFD_ERROR(dwError);
printf("Hostname = %s, Address = %s\n",pszHostname,pszAddress);
VMAFD_SAFE_FREE_MEMORY(pszHostname);
VMAFD_SAFE_FREE_MEMORY(pszAddress);
}
cleanup:
VMAFD_SAFE_FREE_MEMORY(pVmAfdDCInfoList);
return dwError;
error:
goto cleanup;
}
int
main(void)
{
DWORD dwError = 0;
PSTR certString = NULL;
PSTR aliasString = NULL;
PVMAFD_CERT_ARRAY ppCerts = NULL;
int x = 0;
dwError = VmAfdEnumCertificates(
"localhost",
CERTIFICATE_STORE_TYPE_PRIVATE,
0,
100,
&ppCerts);
printf("error Code : %d dwCount= %d\n", dwError,(int) ppCerts->dwCount);
size_t certlen = 0; //strlen(certString);
//int y = ppCerts->dwCount;
for ( x = 0; x < ppCerts->dwCount ; x++)
{
VMAFD_CERT_CONTAINER Cert = ppCerts->certificates[x];
printf("Counter : %d \t dwCount = %d \n ",
x, (int) ppCerts->dwCount);
sleep(1);
if (Cert.pCert != NULL ) {
VmAfdAllocateStringAFromW(Cert.pCert,
&certString);
certlen = strlen(certString);
}
if (Cert.pAlias != NULL ) {
VmAfdAllocateStringAFromW(Cert.pAlias,
&aliasString);
}
printf("Len %d, Cert -> %s \t", (int)certlen, certString);
printf("Alias -> %s \n", aliasString);
VmAfdFreeStringA(certString);
VmAfdFreeStringA(aliasString);
certString = NULL;
aliasString = NULL;
}
return 0;
}
DWORD
VmAfSrvConfigureDNSW(
PCWSTR pwszServerName,
PCWSTR pwszDomainName,
PCWSTR pwszUserName,
PCWSTR pwszPassword
)
{
DWORD dwError = 0;
PSTR pszServerName = NULL;
PSTR pszDomainName = NULL;
PSTR pszUserName = NULL;
PSTR pszPassword = NULL;
dwError = VmAfdAllocateStringAFromW(
pwszServerName,
&pszServerName);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringAFromW(
pwszDomainName,
&pszDomainName);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringAFromW(
pwszUserName,
&pszUserName);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringAFromW(
pwszPassword,
&pszPassword);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfSrvConfigureDNSA(
pszServerName,
pszDomainName,
pszUserName,
pszPassword);
BAIL_ON_VMAFD_ERROR(dwError);
error:
VMAFD_SAFE_FREE_MEMORY(pszServerName);
VMAFD_SAFE_FREE_MEMORY(pszDomainName);
VMAFD_SAFE_FREE_MEMORY(pszUserName);
VMAFD_SAFE_FREE_MEMORY(pszPassword);
return dwError;
}
BOOLEAN
VmAfdSrvIsValidGUID(
PCWSTR pwszGUID
)
{
DWORD dwError = 0;
BOOLEAN bResult = FALSE;
PSTR pszGUID = NULL;
if (!IsNullOrEmptyString(pwszGUID))
{
unsigned32 status = 0;
dce_uuid_t uuid;
dwError = VmAfdAllocateStringAFromW(pwszGUID, &pszGUID);
BAIL_ON_VMAFD_ERROR(dwError);
dce_uuid_from_string(pszGUID, &uuid, &status);
bResult = (status == uuid_s_ok);
}
error:
VMAFD_SAFE_FREE_STRINGA(pszGUID);
return bResult;
}
DWORD
VmAfdConnectLdapWithMachineAccount(
LDAP** ppLotus
)
{
DWORD dwError = 0;
LDAP* pLotus = NULL;
PSTR pszUpn = NULL;
PVMAFD_REG_ARG pArgs = NULL;
PWSTR pwszDCName = NULL;
PSTR pszDCName = NULL;
dwError = VmAfdGetMachineInfo(&pArgs);
BAIL_ON_VMAFD_ERROR_NO_LOG(dwError);
dwError = VmAfSrvGetAffinitizedDC(&pwszDCName);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringAFromW(pwszDCName, &pszDCName);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringPrintf(
&pszUpn,
"%s@%s",
pArgs->pszAccount,
pArgs->pszDomain);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdLDAPConnect(
pszDCName,
LDAP_PORT,
pszUpn,
pArgs->pszPassword,
&pLotus);
BAIL_ON_VMAFD_ERROR_NO_LOG(dwError);
*ppLotus = pLotus;
cleanup:
VMAFD_SAFE_FREE_STRINGA(pszUpn);
VMAFD_SAFE_FREE_STRINGA(pszDCName);
VMAFD_SAFE_FREE_STRINGW(pwszDCName);
VmAfdFreeRegArgs(pArgs);
return dwError;
error:
if (pLotus)
{
VmAfdLdapClose(pLotus);
}
goto cleanup;
}
DWORD
VmAfdAllocateContextFromNameImpl (
PCWSTR pszAccountName,
PVM_AFD_SECURITY_CONTEXT *ppSecurityContext
)
{
DWORD dwError = 0;
struct passwd *pd = NULL;
PSTR psazAccountName = NULL;
PVM_AFD_SECURITY_CONTEXT pSecurityContext = NULL;
dwError = VmAfdAllocateStringAFromW (
pszAccountName,
&psazAccountName
);
BAIL_ON_VMAFD_ERROR (dwError);
pd = getpwnam (psazAccountName);
if (pd == NULL)
{
dwError = ERROR_NONE_MAPPED;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VmAfdAllocateMemory (
sizeof (VM_AFD_SECURITY_CONTEXT),
(PVOID *)&pSecurityContext
);
BAIL_ON_VMAFD_ERROR (dwError);
pSecurityContext->uid = pd->pw_uid;
*ppSecurityContext = pSecurityContext;
cleanup:
VMAFD_SAFE_FREE_MEMORY (psazAccountName);
return dwError;
error:
if (ppSecurityContext)
{
*ppSecurityContext = NULL;
}
if (pSecurityContext)
{
VmAfdFreeSecurityContext(pSecurityContext);
}
goto cleanup;
}
static
DWORD
VmAfdSrvFlushRoot(
PVMAFD_CERT_CONTAINER pCert,
PCSTR pszCAPath
)
{
DWORD dwError = 0;
PSTR pszCertificate = NULL;
if (!pCert ||
IsNullOrEmptyString(pCert->pCert) ||
IsNullOrEmptyString(pszCAPath))
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR(dwError);
}
dwError = VmAfdAllocateStringAFromW(pCert->pCert, &pszCertificate);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdSrvFlushRoot_SHA_1(pszCertificate, pszCAPath);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdSrvFlushRoot_MD5(pszCertificate, pszCAPath);
BAIL_ON_VMAFD_ERROR(dwError);
cleanup:
VMAFD_SAFE_FREE_MEMORY(pszCertificate);
return dwError;
error:
goto cleanup;
}
DWORD
VecsSrvRevokePermission (
PVECS_SRV_STORE_HANDLE pStore,
PCWSTR pszUserName,
UINT32 accessMask,
VMAFD_ACE_TYPE aceType,
PVM_AFD_CONNECTION_CONTEXT pConnectionContext
)
{
DWORD dwError = 0;
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
PVECS_SERV_STORE pStoreInstance = NULL;
BOOL bIsHoldingLock = FALSE;
PWSTR pwszAccountName = NULL;
DWORD dwLogError = 0;
dwError = VmAfdCheckOwnerShipWithHandle (
pStore,
pConnectionContext
);
BAIL_ON_VMAFD_ERROR (dwError);
pthread_mutex_lock (&gVmafdGlobals.mutexStoreState);
bIsHoldingLock = TRUE;
dwError = VmAfdGetSecurityDescriptorFromHandle (
pStore,
&pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdGetStoreFromHandle (
pStore,
pConnectionContext->pSecurityContext,
&pStoreInstance
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdModifyPermissions (
pStoreInstance,
pszUserName,
accessMask,
aceType,
pSecurityDescriptor,
VMW_IPC_MODIFY_PERMISSIONS_REVOKE
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdSetSecurityDescriptorForHandle (
pStore,
pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
pthread_mutex_unlock (&gVmafdGlobals.mutexStoreState);
bIsHoldingLock = FALSE;
dwLogError = VmAfdAllocateNameFromContext (
pConnectionContext->pSecurityContext,
&pwszAccountName
);
if (!IsNullOrEmptyString(pwszAccountName))
{
PSTR pszAccountName = NULL;
PSTR paszUserName = NULL;
dwLogError = VmAfdAllocateStringAFromW(
pwszAccountName,
&pszAccountName
);
dwLogError = VmAfdAllocateStringAFromW (
pszUserName,
&paszUserName
);
if (pszAccountName)
{
VmAfdLog (VMAFD_DEBUG_ANY,
"User %s changed permission of Store with ID: %d \n "
"Permission %s %s was revoked from user %s",
pszAccountName,
pStoreInstance->dwStoreId,
accessMask & READ_STORE ? "read" : "",
accessMask & WRITE_STORE ? "write": "",
!IsNullOrEmptyString(paszUserName)? paszUserName: ""
);
}
VMAFD_SAFE_FREE_MEMORY (pszAccountName);
VMAFD_SAFE_FREE_MEMORY (paszUserName);
}
cleanup:
if (pSecurityDescriptor)
{
VmAfdFreeSecurityDescriptor (pSecurityDescriptor);
}
if (bIsHoldingLock)
{
pthread_mutex_unlock(&gVmafdGlobals.mutexStoreState);
}
VMAFD_SAFE_FREE_MEMORY (pStoreInstance);
VMAFD_SAFE_FREE_MEMORY (pwszAccountName);
return dwError;
error:
goto cleanup;
}
DWORD
VmAfdGetMachineInfo(
PVMAFD_REG_ARG *ppArgs
)
{
DWORD dwError = 0;
PWSTR pwszAccountName = NULL;
PWSTR pwszPassword = NULL;
PWSTR pwszAccountDN = NULL;
PWSTR pwszDomain = NULL;
PWSTR pwszAccount = NULL;
PVMAFD_REG_ARG pArgs = NULL;
VMAFD_DOMAIN_STATE domainState = VMAFD_DOMAIN_STATE_NONE ;
dwError = VmAfSrvGetDomainState(&domainState);
BAIL_ON_VMAFD_ERROR(dwError);
if (domainState == VMAFD_DOMAIN_STATE_NONE)
{
dwError = ERROR_NOT_JOINED;
BAIL_ON_VMAFD_ERROR_NO_LOG(dwError);
}
dwError = VmAfSrvGetMachineAccountInfo(
&pwszAccount,
&pwszPassword,
&pwszAccountDN,
NULL);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateMemory(
sizeof(VMAFD_REG_ARG),
(PVOID*)&pArgs);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringAFromW(
pwszAccountDN,
&pArgs->pszAccountDN);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringAFromW(
pwszPassword,
&pArgs->pszPassword);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringAFromW(
pwszAccount,
&pArgs->pszAccount);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfSrvGetDomainName(&pwszDomain);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringAFromW(
pwszDomain,
&pArgs->pszDomain);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringPrintf( &(pArgs->pszAccountUPN), "%s@%s",
pArgs->pszAccount, pArgs->pszDomain);
BAIL_ON_VMAFD_ERROR(dwError);
if (IsNullOrEmptyString(pArgs->pszAccountDN) ||
IsNullOrEmptyString(pArgs->pszPassword))
{
dwError = VECS_MISSING_CREDS;
BAIL_ON_VMAFD_ERROR(dwError);
}
*ppArgs = pArgs;
cleanup:
VMAFD_SAFE_FREE_MEMORY(pwszAccountName);
VMAFD_SAFE_FREE_MEMORY(pwszPassword);
VMAFD_SAFE_FREE_MEMORY(pwszAccountDN);
VMAFD_SAFE_FREE_MEMORY(pwszDomain);
VMAFD_SAFE_FREE_MEMORY(pwszAccount);
return dwError;
error :
*ppArgs = NULL;
if (pArgs)
{
VmAfdFreeRegArgs(pArgs);
}
switch (dwError)
{
case VECS_MISSING_CREDS:
VmAfdLog(VMAFD_DEBUG_ANY, "Account DN / Password missing");
break;
case VECS_MISSING_DC_NAME:
VmAfdLog(VMAFD_DEBUG_ANY, "Invalid domain controller name");
break;
default:
VmAfdLog(
VMAFD_DEBUG_ANY,
"Error [%d] getting machine Info",
dwError);
break;
}
goto cleanup;
}
static
DWORD
VmAfdFlushRoots(
VOID
)
{
DWORD dwError = 0;
WCHAR wszStoreName[] = TRUSTED_ROOTS_STORE_NAME_W;
PVECS_SERV_STORE pCertStore = NULL;
PVECS_SRV_ENUM_CONTEXT pEnumContext = NULL;
PVMAFD_CERT_ARRAY pCertContainer = NULL;
PWSTR pwszCAPath = NULL;
PSTR pszCAPath = NULL;
dwError = VmAfSrvGetCAPath(&pwszCAPath);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringAFromW(pwszCAPath, &pszCAPath);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VecsSrvOpenCertStore(wszStoreName, NULL, &pCertStore);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VecsSrvAllocateCertEnumContext(
pCertStore,
0, /* default */
ENTRY_INFO_LEVEL_2,
&pEnumContext);
BAIL_ON_VMAFD_ERROR(dwError);
do
{
DWORD idx = 0;
if (pCertContainer)
{
VmAfdFreeCertArray(pCertContainer);
pCertContainer = NULL;
}
dwError = VecsSrvEnumCertsInternal(pEnumContext, &pCertContainer);
BAIL_ON_VMAFD_ERROR(dwError);
for (; idx < pCertContainer->dwCount; idx++)
{
PVMAFD_CERT_CONTAINER pCert = &pCertContainer->certificates[idx];
dwError = VmAfdSrvFlushRoot(pCert, pszCAPath);
BAIL_ON_VMAFD_ERROR(dwError);
}
} while (pCertContainer && pCertContainer->dwCount > 0);
cleanup:
if (pEnumContext)
{
VecsSrvReleaseEnumContext(pEnumContext);
}
if (pCertContainer)
{
VmAfdFreeCertArray(pCertContainer);
}
if (pCertStore)
{
VecsSrvReleaseCertStore(pCertStore);
}
VMAFD_SAFE_FREE_MEMORY(pwszCAPath);
VMAFD_SAFE_FREE_MEMORY(pszCAPath);
return dwError;
error:
goto cleanup;
}
DWORD
VmAfdRegSetString(
PCSTR pszSubKeyParam, /* IN */
PCSTR pszValueName, /* IN */
PCWSTR pwszValue /* IN */
)
{
DWORD dwError = 0;
PVMAF_CFG_CONNECTION pConnection = NULL;
PVMAF_CFG_KEY pRootKey = NULL;
PVMAF_CFG_KEY pParamsKey = NULL;
PCSTR pszSubKey = pszSubKeyParam ? pszSubKeyParam : VMAFD_CONFIG_PARAMETER_KEY_PATH;
PSTR pszValue = NULL;
if (IsNullOrEmptyString(pszValueName) ||
IsNullOrEmptyString(pwszValue))
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR(dwError);
}
dwError = VmAfConfigOpenConnection(&pConnection);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfConfigOpenRootKey(
pConnection,
"HKEY_LOCAL_MACHINE",
0,
KEY_READ,
&pRootKey);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfConfigOpenKey(
pConnection,
pRootKey,
pszSubKey,
0,
KEY_SET_VALUE,
&pParamsKey);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringAFromW(pwszValue, &pszValue);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfConfigSetValue(
pParamsKey,
pszValueName,
REG_SZ,
(PBYTE)pszValue,
(DWORD)strlen(pszValue) + 1);
BAIL_ON_VMAFD_ERROR(dwError);
cleanup:
if (pParamsKey)
{
VmAfConfigCloseKey(pParamsKey);
}
if (pRootKey)
{
VmAfConfigCloseKey(pRootKey);
}
if (pConnection)
{
VmAfConfigCloseConnection(pConnection);
}
VMAFD_SAFE_FREE_STRINGA(pszValue);
return dwError;
error:
goto cleanup;
}
DWORD
VmAfdRestPasswordRefresh(
PCSTR pszServer,
PCSTR pszDomain,
PCSTR pszUser,
PCSTR pszPass,
BOOLEAN bForce,
BOOLEAN bInsecure,
PSTR *ppszNewPass
)
{
DWORD dwError = 0;
PSTR pszToken = NULL;
PSTR pszNewPass = NULL;
PSTR pszUrl = NULL;
PVM_HTTP_CLIENT pHttpClient = NULL;
PSTR pszParamString = NULL;
PCSTR pszResult = NULL;
PWSTR pwszCAPath = NULL;
PSTR pszCAPath = NULL;
if (IsNullOrEmptyString(pszServer) ||
IsNullOrEmptyString(pszDomain) ||
IsNullOrEmptyString(pszUser) ||
IsNullOrEmptyString(pszPass) ||
!ppszNewPass)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR(dwError);
}
if (bInsecure)
{
pszCAPath = NULL;
}
else
{
dwError = VmAfSrvGetCAPath(&pwszCAPath);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringAFromW(pwszCAPath, &pszCAPath);
BAIL_ON_VMAFD_ERROR(dwError);
}
/* acquire token */
dwError = VmAfdAcquireOIDCToken(
pszServer,
pszDomain,
pszUser,
pszPass,
pszCAPath,
VMAFD_OIDC_VMDIR_SCOPE,
&pszToken);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringPrintf(
&pszParamString,
"?force=%s",
bForce?"true":"false");
BAIL_ON_VMAFD_ERROR(dwError);
/* make rest url */
dwError = VmFormatUrl(
"https",
pszServer,
VMDIR_REST_API_HTTPS_PORT,
VMDIR_REST_API_BASE"/"VMDIR_REST_API_PASSWORD_REFRESH_CMD,
pszParamString,
&pszUrl);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmHttpClientInit(&pHttpClient, pszCAPath);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmHttpClientSetToken(pHttpClient,
VMHTTP_TOKEN_TYPE_BEARER,
pszToken);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmHttpClientPerform(pHttpClient, VMHTTP_METHOD_POST, pszUrl);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmHttpClientGetResult(pHttpClient, &pszResult);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = _VmAfdGetHttpResultPassword(pszResult, &pszNewPass);
BAIL_ON_VMAFD_ERROR(dwError);
/* pszPassword could be NULL if force is not set or not aged */
/* caller handles this scenario */
*ppszNewPass = pszNewPass;
cleanup:
VmHttpClientFreeHandle(pHttpClient);
VMAFD_SAFE_FREE_MEMORY(pszCAPath);
VMAFD_SAFE_FREE_MEMORY(pwszCAPath);
VMAFD_SAFE_FREE_STRINGA(pszParamString);
VMAFD_SAFE_FREE_STRINGA(pszUrl);
VMAFD_SAFE_FREE_STRINGA(pszToken);
return dwError;
error:
VMAFD_SAFE_FREE_STRINGA(pszNewPass);
goto cleanup;
}
static
DWORD
CdcGetDomainControllers(
PWSTR** ppszDomainControllers,
PDWORD pdwCount
)
{
DWORD dwError = 0;
DWORD dwIndex = 0;
PWSTR pwszDomain = NULL;
PSTR pszDomain = NULL;
PSTR pszDCName = NULL;
PWSTR pwszAccount = NULL;
PSTR pszAccount = NULL;
PWSTR pwszPassword = NULL;
PSTR pszPassword = NULL;
PWSTR pwszAccountDN = NULL;
PSTR pszAccountDN = NULL;
PVMDNS_SERVER_CONTEXT pConnection = NULL;
PVMDNS_RECORD_ARRAY pRecordArray = NULL;
PWSTR* pszDomainControllers = NULL;
PCDC_DC_INFO_W pAffinitizedDC = NULL;
if (!ppszDomainControllers || !pdwCount)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR(dwError);
}
dwError = VmAfSrvGetMachineAccountInfo(
&pwszAccount,
&pwszPassword,
&pwszAccountDN,
NULL
);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringAFromW(
pwszAccount,
&pszAccount
);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringAFromW(
pwszPassword,
&pszPassword
);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfSrvGetDomainName(&pwszDomain);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringAFromW(
pwszDomain,
&pszDomain
);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = CdcSrvGetDCName(pwszDomain,&pAffinitizedDC);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringAFromW(
pAffinitizedDC->pszDCName,
&pszDCName
);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmDnsOpenServerA(
pszDCName,
pszAccount,
pszDomain,
pszPassword,
0,
NULL,
&pConnection);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmDnsQueryRecordsA(
pConnection,
pszDomain,
"_ldap._tcp",
VMDNS_RR_TYPE_SRV,
0,
&pRecordArray);
BAIL_ON_VMAFD_ERROR(dwError);
if (pRecordArray->dwCount)
{
dwError = VmAfdAllocateMemory(
sizeof(PWSTR)*pRecordArray->dwCount,
(PVOID *)&pszDomainControllers
);
BAIL_ON_VMAFD_ERROR(dwError);
}
for (; dwIndex < pRecordArray->dwCount; dwIndex++)
{
dwError = VmAfdAllocateStringWFromA(
pRecordArray->Records[dwIndex].Data.SRV.pNameTarget,
&pszDomainControllers[dwIndex]
);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdTrimFQDNTrailingDot(pszDomainControllers[dwIndex]);
BAIL_ON_VMAFD_ERROR(dwError);
}
dwIndex = 0;
*ppszDomainControllers = pszDomainControllers;
*pdwCount = pRecordArray->dwCount;
cleanup:
VMAFD_SAFE_FREE_MEMORY(pwszDomain);
VMAFD_SAFE_FREE_MEMORY(pszDomain);
VMAFD_SAFE_FREE_MEMORY(pszDCName);
VMAFD_SAFE_FREE_MEMORY(pwszAccount);
VMAFD_SAFE_FREE_MEMORY(pszAccount);
VMAFD_SAFE_FREE_MEMORY(pwszPassword);
VMAFD_SAFE_FREE_MEMORY(pszPassword);
VMAFD_SAFE_FREE_MEMORY(pwszAccountDN);
VMAFD_SAFE_FREE_MEMORY(pszAccountDN);
if (pAffinitizedDC)
{
VmAfdFreeDomainControllerInfoW(pAffinitizedDC);
}
if (pRecordArray)
{
VmDnsFreeRecordArray(pRecordArray);
}
if (pConnection)
{
VmDnsCloseServer(pConnection);
}
return dwError;
error:
if (ppszDomainControllers)
{
*ppszDomainControllers = NULL;
}
if (pszDomainControllers)
{
VmAfdFreeStringArrayW(pszDomainControllers,pRecordArray->dwCount);
}
goto cleanup;
}
DWORD
VmAfdAccessCheckWithHandle (
PVECS_SRV_STORE_HANDLE pStore,
PVM_AFD_CONNECTION_CONTEXT pConnectionContext,
DWORD dwDesiredAccess
)
{
DWORD dwError = 0;
DWORD dwLogError = 0;
PVECS_SERV_STORE pStoreInfo = NULL;
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
PWSTR pszAccountName = NULL;
if (!pStore ||
!pConnectionContext ||
!pConnectionContext->pSecurityContext
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
if ((dwDesiredAccess | VECS_MAXIMUM_ALLOWED_MASK) !=
VECS_MAXIMUM_ALLOWED_MASK
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
/*
* We don't care about dwLogError errors because they are
* used solely for logging purpose. Even if some call fails,
* the function should not fail
*/
dwLogError = VmAfdAllocateNameFromContext (
pConnectionContext->pSecurityContext,
&pszAccountName
);
dwLogError = VmAfdGetStoreFromHandle (
pStore,
pConnectionContext->pSecurityContext,
&pStoreInfo
);
if (
!IsNullOrEmptyString(pszAccountName) &&
pStoreInfo
)
{
PSTR paszAccountName = NULL;
dwLogError = VmAfdAllocateStringAFromW(
pszAccountName,
&paszAccountName
);
if (paszAccountName)
{
switch (dwDesiredAccess)
{
case READ_STORE:
VmAfdLog (VMAFD_DEBUG_DEBUG,
"User %s requested READ operation on Store with ID: %d",
paszAccountName,
pStoreInfo->dwStoreId
);
break;
case WRITE_STORE:
VmAfdLog (VMAFD_DEBUG_DEBUG,
"User %s requested WRITE operation on Store with ID:%d",
paszAccountName,
pStoreInfo->dwStoreId
);
break;
default:
break;
}
}
else
{
VmAfdLog(VMAFD_DEBUG_ANY, "%s log failed. error(%u)", __FUNCTION__, dwLogError);
}
VMAFD_SAFE_FREE_MEMORY (paszAccountName);
}
dwError = VmAfdGetSecurityDescriptorFromHandle (
pStore,
&pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
if (!(VmAfdIsRootSecurityContext (pConnectionContext)))
{
if (!(VmAfdEqualsSecurityContext(
pConnectionContext->pSecurityContext,
pSecurityDescriptor->pOwnerSecurityContext
)
))
{
dwError = VmAfdCheckAcl (
pSecurityDescriptor,
pConnectionContext->pSecurityContext,
dwDesiredAccess
);
BAIL_ON_VMAFD_ERROR (dwError);
}
}
cleanup:
VMAFD_SAFE_FREE_MEMORY (pszAccountName);
VMAFD_SAFE_FREE_MEMORY (pStoreInfo);
if (pSecurityDescriptor)
{
VmAfdFreeSecurityDescriptor (pSecurityDescriptor);
}
return dwError;
error:
goto cleanup;
}
/**
* To add log entry for PCDC_DC_INFO_W
**/
DWORD
VmAfdAddCDCSuperLogEntry(
PVMSUPERLOGGING pLogger,
UINT64 iStartTime,
UINT64 iEndTime,
PCDC_DC_INFO_W pDCEntry,
CDC_DC_STATE dwState,
DWORD dwErrorCode
)
{
PVMAFD_SUPERLOG_ENTRY pLogEntry = NULL;
DWORD dwError = 0;
PSTR pszDCName = NULL;
PSTR pszDomainName = NULL;
PSTR pszSiteName = NULL;
PSTR pszDCAddress = NULL;
// AFD should not fail if super logging is disabled. This is why returning 0 here
if (!VmAfdIsSuperLoggingEnabled(pLogger))
{
dwError = ERROR_NOT_READY;
BAIL_ON_VMAFD_ERROR_NO_LOG(dwError);
}
if(!pDCEntry)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR(dwError);
}
pLogEntry = (PVMAFD_SUPERLOG_ENTRY)VmAfdCircularBufferGetNextEntry(pLogger->pCircularBuffer);
if(!pLogEntry)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR(dwError);
}
memset(pLogEntry, 0, sizeof(*pLogEntry));
pLogEntry->iStartTime = iStartTime;
pLogEntry->iEndTime = iEndTime;
pLogEntry->dwErrorCode = dwErrorCode;
pLogEntry->dwState = dwState;
if(pDCEntry && pDCEntry->pszDCName)
{
dwError = VmAfdAllocateStringAFromW(pDCEntry->pszDCName, &pszDCName);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdStringCpyA((PSTR)pLogEntry->pszDCName, VMAFD_MAX_DN_LEN, pszDCName);
BAIL_ON_VMAFD_ERROR(dwError);
}
if(pDCEntry && pDCEntry->pszDomainName)
{
dwError = VmAfdAllocateStringAFromW(pDCEntry->pszDomainName, &pszDomainName);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdStringCpyA((PSTR)pLogEntry->pszDomainName, VMAFD_MAX_DN_LEN, pszDomainName);
BAIL_ON_VMAFD_ERROR(dwError);
}
if(pDCEntry && pDCEntry->pszDcSiteName)
{
dwError = VmAfdAllocateStringAFromW(pDCEntry->pszDcSiteName, &pszSiteName);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdStringCpyA((PSTR)pLogEntry->pszSiteName, VMAFD_MAX_DN_LEN, pszSiteName);
BAIL_ON_VMAFD_ERROR(dwError);
}
if(pDCEntry && pDCEntry->pszDCAddress)
{
dwError = VmAfdAllocateStringAFromW(pDCEntry->pszDCAddress, &pszDCAddress);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdStringCpyA((PSTR)pLogEntry->pszDCAddress, VMAFD_MAX_DN_LEN, pszDCAddress);
BAIL_ON_VMAFD_ERROR(dwError);
}
cleanup:
VMAFD_SAFE_FREE_STRINGA(pszDCName);
VMAFD_SAFE_FREE_STRINGA(pszDomainName);
VMAFD_SAFE_FREE_STRINGA(pszSiteName);
VMAFD_SAFE_FREE_STRINGA(pszDCAddress);
return dwError;
error:
goto cleanup;
}
static
DWORD
VmAfSrvDirOpenConnection(
PCWSTR pwszDCName,
PCWSTR pwszDomain,
PCWSTR pwszAccount,
PCWSTR pwszPassword,
PVMDIR_CONNECTION*ppConnection
)
{
DWORD dwError = 0;
PSTR pszDCName = NULL;
PSTR pszDomain = NULL;
PSTR pszAccount = NULL;
PSTR pszPassword = NULL;
PSTR pszURI = NULL;
PVMDIR_CONNECTION pConnection = NULL;
dwError = VmAfdAllocateStringAFromW(pwszDCName, &pszDCName);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringAFromW(pwszDomain, &pszDomain);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringAFromW(pwszAccount, &pszAccount);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringAFromW(pwszPassword, &pszPassword);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringPrintf(
&pszURI,
"ldap://%s:%d",
pszDCName,
LDAP_PORT);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmDirConnectionOpen(
pszURI,
pszDomain,
pszAccount,
pszPassword,
&pConnection);
BAIL_ON_VMAFD_ERROR(dwError);
*ppConnection = pConnection;
cleanup:
VMAFD_SAFE_FREE_MEMORY(pszURI);
VMAFD_SAFE_FREE_MEMORY(pszDCName);
VMAFD_SAFE_FREE_MEMORY(pszDomain);
VMAFD_SAFE_FREE_MEMORY(pszAccount);
VMAFD_SAFE_FREE_MEMORY(pszPassword);
return dwError;
error:
if (ppConnection)
{
*ppConnection = NULL;
}
if (pConnection)
{
VmDirConnectionClose(pConnection);
}
goto cleanup;
}
static
DWORD
CdcVmafdHeartbeatPing(
PWSTR pwszDCName,
PWSTR pwszAccount,
PWSTR pwszPassword,
PWSTR pwszDomainName,
PBOOL pbIsAlive
)
{
DWORD dwError = 0;
PSTR pszUPN = NULL;
PSTR pszAccount = NULL;
PSTR pszDomainName = NULL;
PWSTR pwszUPN = NULL;
BOOL bIsAlive = FALSE;
PVMAFD_SERVER pServer = NULL;
PVMAFD_HB_STATUS_W pHeartbeatStatus = NULL;
if (IsNullOrEmptyString(pwszDCName) ||
IsNullOrEmptyString(pwszAccount) ||
IsNullOrEmptyString(pwszPassword) ||
IsNullOrEmptyString(pwszDomainName) ||
!pbIsAlive
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR(dwError);
}
dwError = VmAfdAllocateStringAFromW(
pwszAccount,
&pszAccount
);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringAFromW(
pwszDomainName,
&pszDomainName
);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringPrintf(
&pszUPN,
"%s@%s",
pszAccount,
pszDomainName
);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdAllocateStringWFromA(
pszUPN,
&pwszUPN
);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdOpenServerW(
pwszDCName,
pwszUPN,
pwszPassword,
&pServer
);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdGetHeartbeatStatusW(
pServer,
&pHeartbeatStatus
);
BAIL_ON_VMAFD_ERROR(dwError);
bIsAlive = pHeartbeatStatus->bIsAlive? TRUE: FALSE;
*pbIsAlive = bIsAlive;
cleanup:
if (pServer)
{
VmAfdCloseServer(pServer);
}
if (pHeartbeatStatus)
{
VmAfdFreeHeartbeatStatusW(pHeartbeatStatus);
}
VMAFD_SAFE_FREE_MEMORY(pszUPN);
VMAFD_SAFE_FREE_MEMORY(pwszUPN);
VMAFD_SAFE_FREE_MEMORY(pszAccount);
VMAFD_SAFE_FREE_MEMORY(pszDomainName);
return dwError;
error:
if (pbIsAlive)
{
*pbIsAlive = FALSE;
}
VmAfdLog(VMAFD_DEBUG_ANY,
"Failed to get heartbeat Status due to Error: %d",
dwError
);
goto cleanup;
}