DWORD
VmwDeployValidateSiteName(
PCSTR pszSite
)
{
DWORD dwError = 0;
BOOLEAN bHasSpecialChars = FALSE;
VMW_DEPLOY_LOG_DEBUG(
"Validating site name [%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pszSite));
if (!IsNullOrEmptyString(pszSite))
{
PCSTR pszCursor = pszSite;
while (*pszCursor && !bHasSpecialChars)
{
switch (*pszCursor)
{
case '!':
case '@':
case '#':
case '$':
case '%':
case '^':
case '&':
case '*':
case '[':
case ']':
bHasSpecialChars = TRUE;
break;
default:
pszCursor++;
break;
}
}
}
if (bHasSpecialChars)
{
VMW_DEPLOY_LOG_ERROR(
"Site name [%s] has invalid characters",
VMW_DEPLOY_SAFE_LOG_STRING(pszSite));
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_DEPLOY_ERROR(dwError);
}
error:
return dwError;
}
DWORD
VmwDeployValidateHostname(
PCSTR pszHostname
)
{
DWORD dwError = 0;
VMW_DEPLOY_LOG_DEBUG(
"Validating hostname [%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pszHostname));
if (IsNullOrEmptyString(pszHostname) ||
!strcmp(pszHostname, "localhost") ||
!strcmp(pszHostname, "localhost.localdom"))
{
dwError = ERROR_INVALID_NETNAME;
VMW_DEPLOY_LOG_ERROR(
"Error : Invalid hostname [%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pszHostname));
}
return dwError;
}
static
DWORD
VmwDeploySetupClient(
PVMW_IC_SETUP_PARAMS pParams
)
{
DWORD dwError = 0;
PCSTR ppszServices[]=
{
VMW_DCERPC_SVC_NAME,
VMW_VMAFD_SVC_NAME
};
PCSTR pszHostname = "localhost";
PCSTR pszUsername = VMW_ADMIN_NAME;
int iSvc = 0;
PSTR pszPrivateKey = NULL;
PSTR pszCACert = NULL;
PSTR pszSSLCert = NULL;
PSTR pszDC = NULL;
VMW_DEPLOY_LOG_INFO(
"Joining system to domain [%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszDomainName));
dwError = VmwDeployValidateHostname(pParams->pszHostname);
BAIL_ON_DEPLOY_ERROR(dwError);
if (pParams->pszMachineAccount)
{
dwError = VmwDeployValidateHostname(pParams->pszMachineAccount);
BAIL_ON_DEPLOY_ERROR(dwError);
}
if (pParams->pszOrgUnit)
{
dwError = VmwDeployValidateOrgUnit(pParams->pszOrgUnit);
BAIL_ON_DEPLOY_ERROR(dwError);
}
pszUsername = (pParams->bUseMachineAccount && pParams->pszMachineAccount)
? pParams->pszMachineAccount : VMW_ADMIN_NAME;
VMW_DEPLOY_LOG_INFO(
"Validating Domain credentials for user [%s@%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pszUsername),
VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszDomainName));
dwError = VmAfdJoinValidateDomainCredentialsA(
pParams->pszDomainName,
pszUsername,
pParams->pszPassword);
BAIL_ON_DEPLOY_ERROR(dwError);
if (pParams->bDisableAfdListener)
{
VMW_DEPLOY_LOG_INFO("Disabling AFD Listener");
dwError = VmwDeployDisableAfdListener();
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Stopping the VMAFD Service...");
dwError = VmwDeployStopService(VMW_VMAFD_SVC_NAME);
BAIL_ON_DEPLOY_ERROR(dwError);
}
for (; iSvc < sizeof(ppszServices)/sizeof(ppszServices[0]); iSvc++)
{
PCSTR pszService = ppszServices[iSvc];
VMW_DEPLOY_LOG_INFO("Starting service [%s]", pszService);
dwError = VmwDeployStartService(pszService);
BAIL_ON_DEPLOY_ERROR(dwError);
}
VMW_DEPLOY_LOG_INFO("Setting configuration values");
dwError = VmAfdSetCAPathA(pszHostname, VMW_DEFAULT_CA_PATH);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Performing domain join operation");
dwError = VmAfdJoinVmDir2A(
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
pParams->pszMachineAccount ?
pParams->pszMachineAccount : pParams->pszHostname,
pParams->pszOrgUnit,
pParams->bMachinePreJoined ?
VMAFD_JOIN_FLAGS_CLIENT_PREJOINED : 0);
BAIL_ON_DEPLOY_ERROR(dwError);
dwError = VmAfdGetDCNameA(pszHostname, &pszDC);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO(
"Get root certificate from VMware Certificate Authority");
dwError = VmwDeployGetRootCACert(
pszDC,
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
&pszCACert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO(
"Adding VMCA's root certificate to VMware endpoint certificate store");
dwError = VmwDeployAddTrustedRoot(pszDC, pszCACert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Generating Machine SSL cert");
dwError = VmwDeployCreateMachineSSLCert(
pszDC,
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
pParams->pszHostname,
pParams->pszSubjectAltName ?
pParams->pszSubjectAltName : pParams->pszHostname,
&pszPrivateKey,
&pszSSLCert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Setting Machine SSL certificate");
dwError = VmAfdSetSSLCertificate(pszHostname, pszSSLCert, pszPrivateKey);
BAIL_ON_DEPLOY_ERROR(dwError);
cleanup:
if (pszPrivateKey)
{
VmwDeployFreeMemory(pszPrivateKey);
}
if (pszSSLCert)
{
VmwDeployFreeMemory(pszSSLCert);
}
if (pszCACert)
{
VmwDeployFreeMemory(pszCACert);
}
if (pszDC)
{
VmwDeployFreeMemory(pszDC);
}
return dwError;
error:
goto cleanup;
}
static
DWORD
VmwDeploySetupClientWithDC(
PVMW_IC_SETUP_PARAMS pParams
)
{
DWORD dwError = 0;
PCSTR ppszServices[]=
{
VMW_DCERPC_SVC_NAME,
VMW_VMAFD_SVC_NAME
};
PCSTR pszHostname = "localhost";
PCSTR pszUsername = VMW_ADMIN_NAME;
int iSvc = 0;
PSTR pszPrivateKey = NULL;
PSTR pszCACert = NULL;
PSTR pszSSLCert = NULL;
VMW_DEPLOY_LOG_INFO(
"Joining system to domain [%s] using controller at [%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszDomainName),
VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszServer));
if (IsNullOrEmptyString(pParams->pszServer))
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_DEPLOY_ERROR(dwError);
}
dwError = VmwDeployValidateHostname(pParams->pszHostname);
BAIL_ON_DEPLOY_ERROR(dwError);
if (pParams->pszMachineAccount)
{
dwError = VmwDeployValidateHostname(pParams->pszMachineAccount);
BAIL_ON_DEPLOY_ERROR(dwError);
}
if (pParams->pszOrgUnit)
{
dwError = VmwDeployValidateOrgUnit(pParams->pszOrgUnit);
BAIL_ON_DEPLOY_ERROR(dwError);
}
dwError = VmwDeployValidatePartnerCredentials(
pParams->pszServer,
pParams->pszPassword,
pParams->pszDomainName);
BAIL_ON_DEPLOY_ERROR(dwError);
if (pParams->bDisableAfdListener)
{
VMW_DEPLOY_LOG_INFO("Disabling AFD Listener");
dwError = VmwDeployDisableAfdListener();
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Stopping the VMAFD Service...");
dwError = VmwDeployStopService(VMW_VMAFD_SVC_NAME);
BAIL_ON_DEPLOY_ERROR(dwError);
}
for (; iSvc < sizeof(ppszServices)/sizeof(ppszServices[0]); iSvc++)
{
PCSTR pszService = ppszServices[iSvc];
VMW_DEPLOY_LOG_INFO("Starting service [%s]", pszService);
dwError = VmwDeployStartService(pszService);
BAIL_ON_DEPLOY_ERROR(dwError);
}
VMW_DEPLOY_LOG_INFO("Setting various configuration values");
dwError = VmAfdSetPNID(pszHostname, pParams->pszHostname);
BAIL_ON_DEPLOY_ERROR(dwError);
dwError = VmAfdSetCAPathA(pszHostname, VMW_DEFAULT_CA_PATH);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO(
"Joining system to directory service at [%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszServer));
pszUsername = (pParams->bUseMachineAccount && pParams->pszMachineAccount)
? pParams->pszMachineAccount : VMW_ADMIN_NAME;
dwError = VmAfdJoinVmDirA(
pParams->pszServer,
pszUsername,
pParams->pszPassword,
pParams->pszMachineAccount ?
pParams->pszMachineAccount : pParams->pszHostname,
pParams->pszDomainName,
pParams->pszOrgUnit);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO(
"Get root certificate from VMware Certificate Authority");
dwError = VmwDeployGetRootCACert(
pParams->pszServer,
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
&pszCACert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO(
"Adding VMCA's root certificate to VMware endpoint certificate store");
dwError = VmwDeployAddTrustedRoot(pParams->pszServer, pszCACert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Generating Machine SSL cert");
dwError = VmwDeployCreateMachineSSLCert(
pParams->pszServer,
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
pParams->pszHostname,
pParams->pszSubjectAltName ?
pParams->pszSubjectAltName : pParams->pszHostname,
&pszPrivateKey,
&pszSSLCert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Setting Machine SSL certificate");
dwError = VmAfdSetSSLCertificate(pszHostname, pszSSLCert, pszPrivateKey);
BAIL_ON_DEPLOY_ERROR(dwError);
cleanup:
if (pszPrivateKey)
{
VmwDeployFreeMemory(pszPrivateKey);
}
if (pszSSLCert)
{
VmwDeployFreeMemory(pszSSLCert);
}
if (pszCACert)
{
VmwDeployFreeMemory(pszCACert);
}
return dwError;
error:
goto cleanup;
}
static
DWORD
VmwDeploySetupServerCommon(
PVMW_IC_SETUP_PARAMS pParams
)
{
DWORD dwError = 0;
PSTR pszHostname = "localhost";
PSTR pszLdapURI = NULL;
PSTR pszUsername = VMW_ADMIN_NAME;
PSTR pszCACert = NULL;
PSTR pszSSLCert = NULL;
PSTR pszPrivateKey = NULL;
PSTR pszVmdirCfgPath = NULL;
VMW_DEPLOY_LOG_INFO("Setting various configuration values");
VMW_DEPLOY_LOG_VERBOSE(
"Setting Domain Name to [%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszDomainName));
dwError = VmAfdSetDomainNameA(pszHostname, pParams->pszDomainName);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_VERBOSE(
"Setting Domain Controller Name to [%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszHostname));
dwError = VmAfdSetDCNameA(pszHostname, pParams->pszHostname);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_VERBOSE(
"Setting PNID to [%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszHostname));
dwError = VmAfdSetPNID(pszHostname, pParams->pszHostname);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_VERBOSE("Setting CA Path to [%s]", VMW_DEFAULT_CA_PATH);
dwError = VmAfdSetCAPathA(pszHostname, VMW_DEFAULT_CA_PATH);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Promoting directory service to be domain controller");
dwError = VmAfdPromoteVmDirA(
pszHostname,
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
pParams->pszSite,
pParams->pszServer);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Setting up the logical deployment unit");
dwError = VmwDeployAllocateStringPrintf(
&pszLdapURI,
"ldap://%s",
pszHostname);
BAIL_ON_DEPLOY_ERROR(dwError);
dwError = VmDirSetupLdu(
pszLdapURI,
pParams->pszDomainName,
pszUsername,
pParams->pszPassword);
BAIL_ON_DEPLOY_ERROR(dwError);
if (!IsNullOrEmptyString(pParams->pszDNSForwarders))
{
VMW_DEPLOY_LOG_INFO("Setting up DNS Forwarders [%s]",
pParams->pszDNSForwarders);
dwError = VmwDeploySetForwarders(
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
pParams->pszDNSForwarders);
BAIL_ON_DEPLOY_ERROR(dwError);
}
VMW_DEPLOY_LOG_INFO("Setting up VMware Certificate Authority");
dwError = VmwDeployMakeRootCACert(
pParams->pszHostname,
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
&pszCACert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO(
"Adding VMCA's root certificate to VMware endpoint certificate store");
dwError = VmwDeployAddTrustedRoot(pParams->pszHostname, pszCACert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Generating Machine SSL cert");
dwError = VmwDeployCreateMachineSSLCert(
pszHostname,
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
pParams->pszHostname,
pParams->pszSubjectAltName ?
pParams->pszSubjectAltName : pParams->pszHostname,
&pszPrivateKey,
&pszSSLCert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Setting Machine SSL certificate");
dwError = VmAfdSetSSLCertificate(pszHostname, pszSSLCert, pszPrivateKey);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO(
"Publishing Machine SSL certificate for directory service");
dwError = VmwDeployGetVmDirConfigPath(&pszVmdirCfgPath);
BAIL_ON_DEPLOY_ERROR(dwError);
dwError = VmwDeployWriteToFile(
pszSSLCert,
pszVmdirCfgPath,
VMW_VMDIR_SSL_CERT_FILE);
BAIL_ON_DEPLOY_ERROR(dwError);
dwError = VmwDeployWriteToFile(
pszPrivateKey,
pszVmdirCfgPath,
VMW_VMDIR_PRIV_KEY_FILE);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Restarting service [%s]", VMW_DIR_SVC_NAME);
dwError = VmwDeployRestartService(VMW_DIR_SVC_NAME);
BAIL_ON_DEPLOY_ERROR(dwError);
cleanup:
if (pszVmdirCfgPath)
{
VmwDeployFreeMemory(pszVmdirCfgPath);
}
if (pszLdapURI)
{
VmwDeployFreeMemory(pszLdapURI);
}
if (pszCACert)
{
VmwDeployFreeMemory(pszCACert);
}
if (pszPrivateKey)
{
VmwDeployFreeMemory(pszPrivateKey);
}
if (pszSSLCert)
{
VmwDeployFreeMemory(pszSSLCert);
}
return dwError;
error:
goto cleanup;
}
static
DWORD
VmwDeploySetupClient(
PVMW_IC_SETUP_PARAMS pParams
)
{
DWORD dwError = 0;
PCSTR ppszServices[]=
{
VMW_DCERPC_SVC_NAME,
VMW_VMAFD_SVC_NAME
};
PCSTR pszHostname = "localhost";
PCSTR pszUsername = VMW_ADMIN_NAME;
int iSvc = 0;
PSTR pszPrivateKey = NULL;
PSTR pszCACert = NULL;
PSTR pszSSLCert = NULL;
VMW_DEPLOY_LOG_INFO(
"Setting up system as client to Infrastructure node at [%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszServer));
dwError = VmwDeployValidatePartnerCredentials(
pParams->pszServer,
pParams->pszPassword,
pParams->pszDomainName);
BAIL_ON_DEPLOY_ERROR(dwError);
for (; iSvc < sizeof(ppszServices)/sizeof(ppszServices[0]); iSvc++)
{
PCSTR pszService = ppszServices[iSvc];
VMW_DEPLOY_LOG_INFO("Starting service [%s]", pszService);
dwError = VmwDeployStartService(pszService);
BAIL_ON_DEPLOY_ERROR(dwError);
}
VMW_DEPLOY_LOG_INFO("Setting various configuration values");
dwError = VmAfdSetDomainNameA(pszHostname, pParams->pszDomainName);
BAIL_ON_DEPLOY_ERROR(dwError);
dwError = VmAfdSetDCNameA(pszHostname, pParams->pszServer);
BAIL_ON_DEPLOY_ERROR(dwError);
dwError = VmAfdSetPNID(pszHostname, pParams->pszHostname);
BAIL_ON_DEPLOY_ERROR(dwError);
dwError = VmAfdSetCAPathA(pszHostname, VMW_DEFAULT_CA_PATH);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO(
"Joining system to directory service at [%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszServer));
dwError = VmAfdJoinVmDirA(
pParams->pszServer,
pszUsername,
pParams->pszPassword,
pParams->pszHostname,
pParams->pszDomainName,
NULL /* Org Unit */);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO(
"Get root certificate from VMware Certificate Authority");
dwError = VmwDeployGetRootCACert(
pParams->pszServer,
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
&pszCACert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO(
"Adding VMCA's root certificate to VMware endpoint certificate store");
dwError = VmwDeployAddTrustedRoot(pParams->pszServer, pszCACert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Generating Machine SSL cert");
dwError = VmwDeployCreateMachineSSLCert(
pParams->pszServer,
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
pParams->pszHostname,
&pszPrivateKey,
&pszSSLCert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Setting Machine SSL certificate");
dwError = VmAfdSetSSLCertificate(pszHostname, pszSSLCert, pszPrivateKey);
BAIL_ON_DEPLOY_ERROR(dwError);
cleanup:
if (pszPrivateKey)
{
VmwDeployFreeMemory(pszPrivateKey);
}
if (pszSSLCert)
{
VmwDeployFreeMemory(pszSSLCert);
}
if (pszCACert)
{
VmwDeployFreeMemory(pszCACert);
}
return dwError;
error:
goto cleanup;
}
DWORD
VmwDeployValidatePartnerCredentials(
PCSTR pszServer,
PCSTR pszPassword,
PCSTR pszDomain
)
{
DWORD dwError = 0;
PCSTR pszUsername = VMW_ADMIN_NAME;
PSTR pszLdapURI = NULL;
PVMDIR_CONNECTION pConnection = NULL;
VMW_DEPLOY_LOG_INFO(
"Validating credentials to partner [%s] at domain [%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pszServer),
VMW_DEPLOY_SAFE_LOG_STRING(pszDomain));
if (IsNullOrEmptyString(pszServer) || !pszPassword)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_DEPLOY_ERROR(dwError);
}
if (VmDeployIsIPV6Address(pszServer))
{
dwError = VmwDeployAllocateStringPrintf(
&pszLdapURI,
"ldaps://[%s]:636",
pszServer);
BAIL_ON_DEPLOY_ERROR(dwError);
}
else
{
dwError = VmwDeployAllocateStringPrintf(
&pszLdapURI,
"ldaps://%s:636",
pszServer);
BAIL_ON_DEPLOY_ERROR(dwError);
}
dwError = VmDirConnectionOpen(
pszLdapURI,
pszDomain,
pszUsername,
pszPassword,
&pConnection);
BAIL_ON_DEPLOY_ERROR(dwError);
cleanup:
if (pConnection)
{
VmDirConnectionClose(pConnection);
}
if (pszLdapURI)
{
VmwDeployFreeMemory(pszLdapURI);
}
return dwError;
error:
goto cleanup;
}
