DWORD VmwDeployValidateSiteName( PCSTR pszSite ) { DWORD dwError = 0; BOOLEAN bHasSpecialChars = FALSE; VMW_DEPLOY_LOG_DEBUG( "Validating site name [%s]", VMW_DEPLOY_SAFE_LOG_STRING(pszSite)); if (!IsNullOrEmptyString(pszSite)) { PCSTR pszCursor = pszSite; while (*pszCursor && !bHasSpecialChars) { switch (*pszCursor) { case '!': case '@': case '#': case '$': case '%': case '^': case '&': case '*': case '[': case ']': bHasSpecialChars = TRUE; break; default: pszCursor++; break; } } } if (bHasSpecialChars) { VMW_DEPLOY_LOG_ERROR( "Site name [%s] has invalid characters", VMW_DEPLOY_SAFE_LOG_STRING(pszSite)); dwError = ERROR_INVALID_PARAMETER; BAIL_ON_DEPLOY_ERROR(dwError); } error: return dwError; }
DWORD VmwDeployValidateHostname( PCSTR pszHostname ) { DWORD dwError = 0; VMW_DEPLOY_LOG_DEBUG( "Validating hostname [%s]", VMW_DEPLOY_SAFE_LOG_STRING(pszHostname)); if (IsNullOrEmptyString(pszHostname) || !strcmp(pszHostname, "localhost") || !strcmp(pszHostname, "localhost.localdom")) { dwError = ERROR_INVALID_NETNAME; VMW_DEPLOY_LOG_ERROR( "Error : Invalid hostname [%s]", VMW_DEPLOY_SAFE_LOG_STRING(pszHostname)); } return dwError; }
static DWORD VmwDeploySetupClient( PVMW_IC_SETUP_PARAMS pParams ) { DWORD dwError = 0; PCSTR ppszServices[]= { VMW_DCERPC_SVC_NAME, VMW_VMAFD_SVC_NAME }; PCSTR pszHostname = "localhost"; PCSTR pszUsername = VMW_ADMIN_NAME; int iSvc = 0; PSTR pszPrivateKey = NULL; PSTR pszCACert = NULL; PSTR pszSSLCert = NULL; PSTR pszDC = NULL; VMW_DEPLOY_LOG_INFO( "Joining system to domain [%s]", VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszDomainName)); dwError = VmwDeployValidateHostname(pParams->pszHostname); BAIL_ON_DEPLOY_ERROR(dwError); if (pParams->pszMachineAccount) { dwError = VmwDeployValidateHostname(pParams->pszMachineAccount); BAIL_ON_DEPLOY_ERROR(dwError); } if (pParams->pszOrgUnit) { dwError = VmwDeployValidateOrgUnit(pParams->pszOrgUnit); BAIL_ON_DEPLOY_ERROR(dwError); } pszUsername = (pParams->bUseMachineAccount && pParams->pszMachineAccount) ? pParams->pszMachineAccount : VMW_ADMIN_NAME; VMW_DEPLOY_LOG_INFO( "Validating Domain credentials for user [%s@%s]", VMW_DEPLOY_SAFE_LOG_STRING(pszUsername), VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszDomainName)); dwError = VmAfdJoinValidateDomainCredentialsA( pParams->pszDomainName, pszUsername, pParams->pszPassword); BAIL_ON_DEPLOY_ERROR(dwError); if (pParams->bDisableAfdListener) { VMW_DEPLOY_LOG_INFO("Disabling AFD Listener"); dwError = VmwDeployDisableAfdListener(); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO("Stopping the VMAFD Service..."); dwError = VmwDeployStopService(VMW_VMAFD_SVC_NAME); BAIL_ON_DEPLOY_ERROR(dwError); } for (; iSvc < sizeof(ppszServices)/sizeof(ppszServices[0]); iSvc++) { PCSTR pszService = ppszServices[iSvc]; VMW_DEPLOY_LOG_INFO("Starting service [%s]", pszService); dwError = VmwDeployStartService(pszService); BAIL_ON_DEPLOY_ERROR(dwError); } VMW_DEPLOY_LOG_INFO("Setting configuration values"); dwError = VmAfdSetCAPathA(pszHostname, VMW_DEFAULT_CA_PATH); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO("Performing domain join operation"); dwError = VmAfdJoinVmDir2A( pParams->pszDomainName, pszUsername, pParams->pszPassword, pParams->pszMachineAccount ? pParams->pszMachineAccount : pParams->pszHostname, pParams->pszOrgUnit, pParams->bMachinePreJoined ? VMAFD_JOIN_FLAGS_CLIENT_PREJOINED : 0); BAIL_ON_DEPLOY_ERROR(dwError); dwError = VmAfdGetDCNameA(pszHostname, &pszDC); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO( "Get root certificate from VMware Certificate Authority"); dwError = VmwDeployGetRootCACert( pszDC, pParams->pszDomainName, pszUsername, pParams->pszPassword, &pszCACert); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO( "Adding VMCA's root certificate to VMware endpoint certificate store"); dwError = VmwDeployAddTrustedRoot(pszDC, pszCACert); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO("Generating Machine SSL cert"); dwError = VmwDeployCreateMachineSSLCert( pszDC, pParams->pszDomainName, pszUsername, pParams->pszPassword, pParams->pszHostname, pParams->pszSubjectAltName ? pParams->pszSubjectAltName : pParams->pszHostname, &pszPrivateKey, &pszSSLCert); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO("Setting Machine SSL certificate"); dwError = VmAfdSetSSLCertificate(pszHostname, pszSSLCert, pszPrivateKey); BAIL_ON_DEPLOY_ERROR(dwError); cleanup: if (pszPrivateKey) { VmwDeployFreeMemory(pszPrivateKey); } if (pszSSLCert) { VmwDeployFreeMemory(pszSSLCert); } if (pszCACert) { VmwDeployFreeMemory(pszCACert); } if (pszDC) { VmwDeployFreeMemory(pszDC); } return dwError; error: goto cleanup; }
static DWORD VmwDeploySetupClientWithDC( PVMW_IC_SETUP_PARAMS pParams ) { DWORD dwError = 0; PCSTR ppszServices[]= { VMW_DCERPC_SVC_NAME, VMW_VMAFD_SVC_NAME }; PCSTR pszHostname = "localhost"; PCSTR pszUsername = VMW_ADMIN_NAME; int iSvc = 0; PSTR pszPrivateKey = NULL; PSTR pszCACert = NULL; PSTR pszSSLCert = NULL; VMW_DEPLOY_LOG_INFO( "Joining system to domain [%s] using controller at [%s]", VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszDomainName), VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszServer)); if (IsNullOrEmptyString(pParams->pszServer)) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_DEPLOY_ERROR(dwError); } dwError = VmwDeployValidateHostname(pParams->pszHostname); BAIL_ON_DEPLOY_ERROR(dwError); if (pParams->pszMachineAccount) { dwError = VmwDeployValidateHostname(pParams->pszMachineAccount); BAIL_ON_DEPLOY_ERROR(dwError); } if (pParams->pszOrgUnit) { dwError = VmwDeployValidateOrgUnit(pParams->pszOrgUnit); BAIL_ON_DEPLOY_ERROR(dwError); } dwError = VmwDeployValidatePartnerCredentials( pParams->pszServer, pParams->pszPassword, pParams->pszDomainName); BAIL_ON_DEPLOY_ERROR(dwError); if (pParams->bDisableAfdListener) { VMW_DEPLOY_LOG_INFO("Disabling AFD Listener"); dwError = VmwDeployDisableAfdListener(); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO("Stopping the VMAFD Service..."); dwError = VmwDeployStopService(VMW_VMAFD_SVC_NAME); BAIL_ON_DEPLOY_ERROR(dwError); } for (; iSvc < sizeof(ppszServices)/sizeof(ppszServices[0]); iSvc++) { PCSTR pszService = ppszServices[iSvc]; VMW_DEPLOY_LOG_INFO("Starting service [%s]", pszService); dwError = VmwDeployStartService(pszService); BAIL_ON_DEPLOY_ERROR(dwError); } VMW_DEPLOY_LOG_INFO("Setting various configuration values"); dwError = VmAfdSetPNID(pszHostname, pParams->pszHostname); BAIL_ON_DEPLOY_ERROR(dwError); dwError = VmAfdSetCAPathA(pszHostname, VMW_DEFAULT_CA_PATH); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO( "Joining system to directory service at [%s]", VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszServer)); pszUsername = (pParams->bUseMachineAccount && pParams->pszMachineAccount) ? pParams->pszMachineAccount : VMW_ADMIN_NAME; dwError = VmAfdJoinVmDirA( pParams->pszServer, pszUsername, pParams->pszPassword, pParams->pszMachineAccount ? pParams->pszMachineAccount : pParams->pszHostname, pParams->pszDomainName, pParams->pszOrgUnit); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO( "Get root certificate from VMware Certificate Authority"); dwError = VmwDeployGetRootCACert( pParams->pszServer, pParams->pszDomainName, pszUsername, pParams->pszPassword, &pszCACert); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO( "Adding VMCA's root certificate to VMware endpoint certificate store"); dwError = VmwDeployAddTrustedRoot(pParams->pszServer, pszCACert); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO("Generating Machine SSL cert"); dwError = VmwDeployCreateMachineSSLCert( pParams->pszServer, pParams->pszDomainName, pszUsername, pParams->pszPassword, pParams->pszHostname, pParams->pszSubjectAltName ? pParams->pszSubjectAltName : pParams->pszHostname, &pszPrivateKey, &pszSSLCert); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO("Setting Machine SSL certificate"); dwError = VmAfdSetSSLCertificate(pszHostname, pszSSLCert, pszPrivateKey); BAIL_ON_DEPLOY_ERROR(dwError); cleanup: if (pszPrivateKey) { VmwDeployFreeMemory(pszPrivateKey); } if (pszSSLCert) { VmwDeployFreeMemory(pszSSLCert); } if (pszCACert) { VmwDeployFreeMemory(pszCACert); } return dwError; error: goto cleanup; }
static DWORD VmwDeploySetupServerCommon( PVMW_IC_SETUP_PARAMS pParams ) { DWORD dwError = 0; PSTR pszHostname = "localhost"; PSTR pszLdapURI = NULL; PSTR pszUsername = VMW_ADMIN_NAME; PSTR pszCACert = NULL; PSTR pszSSLCert = NULL; PSTR pszPrivateKey = NULL; PSTR pszVmdirCfgPath = NULL; VMW_DEPLOY_LOG_INFO("Setting various configuration values"); VMW_DEPLOY_LOG_VERBOSE( "Setting Domain Name to [%s]", VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszDomainName)); dwError = VmAfdSetDomainNameA(pszHostname, pParams->pszDomainName); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_VERBOSE( "Setting Domain Controller Name to [%s]", VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszHostname)); dwError = VmAfdSetDCNameA(pszHostname, pParams->pszHostname); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_VERBOSE( "Setting PNID to [%s]", VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszHostname)); dwError = VmAfdSetPNID(pszHostname, pParams->pszHostname); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_VERBOSE("Setting CA Path to [%s]", VMW_DEFAULT_CA_PATH); dwError = VmAfdSetCAPathA(pszHostname, VMW_DEFAULT_CA_PATH); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO("Promoting directory service to be domain controller"); dwError = VmAfdPromoteVmDirA( pszHostname, pParams->pszDomainName, pszUsername, pParams->pszPassword, pParams->pszSite, pParams->pszServer); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO("Setting up the logical deployment unit"); dwError = VmwDeployAllocateStringPrintf( &pszLdapURI, "ldap://%s", pszHostname); BAIL_ON_DEPLOY_ERROR(dwError); dwError = VmDirSetupLdu( pszLdapURI, pParams->pszDomainName, pszUsername, pParams->pszPassword); BAIL_ON_DEPLOY_ERROR(dwError); if (!IsNullOrEmptyString(pParams->pszDNSForwarders)) { VMW_DEPLOY_LOG_INFO("Setting up DNS Forwarders [%s]", pParams->pszDNSForwarders); dwError = VmwDeploySetForwarders( pParams->pszDomainName, pszUsername, pParams->pszPassword, pParams->pszDNSForwarders); BAIL_ON_DEPLOY_ERROR(dwError); } VMW_DEPLOY_LOG_INFO("Setting up VMware Certificate Authority"); dwError = VmwDeployMakeRootCACert( pParams->pszHostname, pParams->pszDomainName, pszUsername, pParams->pszPassword, &pszCACert); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO( "Adding VMCA's root certificate to VMware endpoint certificate store"); dwError = VmwDeployAddTrustedRoot(pParams->pszHostname, pszCACert); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO("Generating Machine SSL cert"); dwError = VmwDeployCreateMachineSSLCert( pszHostname, pParams->pszDomainName, pszUsername, pParams->pszPassword, pParams->pszHostname, pParams->pszSubjectAltName ? pParams->pszSubjectAltName : pParams->pszHostname, &pszPrivateKey, &pszSSLCert); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO("Setting Machine SSL certificate"); dwError = VmAfdSetSSLCertificate(pszHostname, pszSSLCert, pszPrivateKey); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO( "Publishing Machine SSL certificate for directory service"); dwError = VmwDeployGetVmDirConfigPath(&pszVmdirCfgPath); BAIL_ON_DEPLOY_ERROR(dwError); dwError = VmwDeployWriteToFile( pszSSLCert, pszVmdirCfgPath, VMW_VMDIR_SSL_CERT_FILE); BAIL_ON_DEPLOY_ERROR(dwError); dwError = VmwDeployWriteToFile( pszPrivateKey, pszVmdirCfgPath, VMW_VMDIR_PRIV_KEY_FILE); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO("Restarting service [%s]", VMW_DIR_SVC_NAME); dwError = VmwDeployRestartService(VMW_DIR_SVC_NAME); BAIL_ON_DEPLOY_ERROR(dwError); cleanup: if (pszVmdirCfgPath) { VmwDeployFreeMemory(pszVmdirCfgPath); } if (pszLdapURI) { VmwDeployFreeMemory(pszLdapURI); } if (pszCACert) { VmwDeployFreeMemory(pszCACert); } if (pszPrivateKey) { VmwDeployFreeMemory(pszPrivateKey); } if (pszSSLCert) { VmwDeployFreeMemory(pszSSLCert); } return dwError; error: goto cleanup; }
static DWORD VmwDeploySetupClient( PVMW_IC_SETUP_PARAMS pParams ) { DWORD dwError = 0; PCSTR ppszServices[]= { VMW_DCERPC_SVC_NAME, VMW_VMAFD_SVC_NAME }; PCSTR pszHostname = "localhost"; PCSTR pszUsername = VMW_ADMIN_NAME; int iSvc = 0; PSTR pszPrivateKey = NULL; PSTR pszCACert = NULL; PSTR pszSSLCert = NULL; VMW_DEPLOY_LOG_INFO( "Setting up system as client to Infrastructure node at [%s]", VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszServer)); dwError = VmwDeployValidatePartnerCredentials( pParams->pszServer, pParams->pszPassword, pParams->pszDomainName); BAIL_ON_DEPLOY_ERROR(dwError); for (; iSvc < sizeof(ppszServices)/sizeof(ppszServices[0]); iSvc++) { PCSTR pszService = ppszServices[iSvc]; VMW_DEPLOY_LOG_INFO("Starting service [%s]", pszService); dwError = VmwDeployStartService(pszService); BAIL_ON_DEPLOY_ERROR(dwError); } VMW_DEPLOY_LOG_INFO("Setting various configuration values"); dwError = VmAfdSetDomainNameA(pszHostname, pParams->pszDomainName); BAIL_ON_DEPLOY_ERROR(dwError); dwError = VmAfdSetDCNameA(pszHostname, pParams->pszServer); BAIL_ON_DEPLOY_ERROR(dwError); dwError = VmAfdSetPNID(pszHostname, pParams->pszHostname); BAIL_ON_DEPLOY_ERROR(dwError); dwError = VmAfdSetCAPathA(pszHostname, VMW_DEFAULT_CA_PATH); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO( "Joining system to directory service at [%s]", VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszServer)); dwError = VmAfdJoinVmDirA( pParams->pszServer, pszUsername, pParams->pszPassword, pParams->pszHostname, pParams->pszDomainName, NULL /* Org Unit */); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO( "Get root certificate from VMware Certificate Authority"); dwError = VmwDeployGetRootCACert( pParams->pszServer, pParams->pszDomainName, pszUsername, pParams->pszPassword, &pszCACert); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO( "Adding VMCA's root certificate to VMware endpoint certificate store"); dwError = VmwDeployAddTrustedRoot(pParams->pszServer, pszCACert); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO("Generating Machine SSL cert"); dwError = VmwDeployCreateMachineSSLCert( pParams->pszServer, pParams->pszDomainName, pszUsername, pParams->pszPassword, pParams->pszHostname, &pszPrivateKey, &pszSSLCert); BAIL_ON_DEPLOY_ERROR(dwError); VMW_DEPLOY_LOG_INFO("Setting Machine SSL certificate"); dwError = VmAfdSetSSLCertificate(pszHostname, pszSSLCert, pszPrivateKey); BAIL_ON_DEPLOY_ERROR(dwError); cleanup: if (pszPrivateKey) { VmwDeployFreeMemory(pszPrivateKey); } if (pszSSLCert) { VmwDeployFreeMemory(pszSSLCert); } if (pszCACert) { VmwDeployFreeMemory(pszCACert); } return dwError; error: goto cleanup; }
DWORD VmwDeployValidatePartnerCredentials( PCSTR pszServer, PCSTR pszPassword, PCSTR pszDomain ) { DWORD dwError = 0; PCSTR pszUsername = VMW_ADMIN_NAME; PSTR pszLdapURI = NULL; PVMDIR_CONNECTION pConnection = NULL; VMW_DEPLOY_LOG_INFO( "Validating credentials to partner [%s] at domain [%s]", VMW_DEPLOY_SAFE_LOG_STRING(pszServer), VMW_DEPLOY_SAFE_LOG_STRING(pszDomain)); if (IsNullOrEmptyString(pszServer) || !pszPassword) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_DEPLOY_ERROR(dwError); } if (VmDeployIsIPV6Address(pszServer)) { dwError = VmwDeployAllocateStringPrintf( &pszLdapURI, "ldaps://[%s]:636", pszServer); BAIL_ON_DEPLOY_ERROR(dwError); } else { dwError = VmwDeployAllocateStringPrintf( &pszLdapURI, "ldaps://%s:636", pszServer); BAIL_ON_DEPLOY_ERROR(dwError); } dwError = VmDirConnectionOpen( pszLdapURI, pszDomain, pszUsername, pszPassword, &pConnection); BAIL_ON_DEPLOY_ERROR(dwError); cleanup: if (pConnection) { VmDirConnectionClose(pConnection); } if (pszLdapURI) { VmwDeployFreeMemory(pszLdapURI); } return dwError; error: goto cleanup; }