DWORD
DJConfigureReapSyslog(
const char * testPrefix,
BOOLEAN enable
)
{
DWORD dwError = ERROR_SUCCESS;
if(enable)
{
DJ_LOG_INFO("Configuring Likewise Enterprise to run reapsysld daemon");
dwError = SetBooleanRegistryValue("Services\\reapsysl", "Autostart", TRUE);
BAIL_ON_ERROR(dwError);
dwError = DJStartService("reapsysl");
BAIL_ON_ERROR(dwError);
}
else
{
DJ_LOG_INFO("Deconfiguring Likewise Enterprise from running reapsysld daemon");
dwError = SetBooleanRegistryValue("Services\\reapsysl", "Autostart", FALSE);
BAIL_ON_ERROR(dwError);
dwError = DJStopService("reapsysl");
BAIL_ON_ERROR(dwError);
}
error:
return dwError;
}
//Does the platform-specific equivalent of this in nsswitch.conf:
// hosts: files dns
DWORD
DJConfigureHostsEntry(const char *testPrefix)
{
DWORD ceError = ERROR_SUCCESS;
NsswitchConf conf;
DistroInfo distro;
int line;
const char *hostsByFile;
const char *hostsByDns;
int moduleIndex;
if(testPrefix == NULL)
testPrefix = "";
memset(&distro, 0, sizeof(distro));
memset(&conf, 0, sizeof(conf));
GCE(ceError = DJGetDistroInfo(testPrefix, &distro));
ceError = ReadNsswitchConf(&conf, testPrefix, TRUE);
GCE(ceError);
hostsByFile = GetNameOfHostsByFile(&conf, &distro);
hostsByDns = GetNameOfHostsByDns(&conf, &distro);
line = FindEntry(&conf, 0, "hosts");
if(line == -1)
{
DJ_LOG_INFO("Adding hosts line");
GCE(ceError = AddEntry(&conf, &distro, &line, "hosts"));
GCE(ceError = InsertModule(&conf, &distro, line, 0, hostsByDns));
GCE(ceError = InsertModule(&conf, &distro, line, 0, hostsByFile));
}
moduleIndex = FindModuleOnLine(&conf, line, hostsByFile);
if(moduleIndex > 0)
{
/* The local module exists on the line, but it is not the first
* entry. */
GCE(ceError = RemoveModule(&conf, line, moduleIndex));
}
if(moduleIndex != 0)
{
GCE(ceError = InsertModule(&conf, &distro, line, 0, hostsByFile));
}
if(conf.modified)
WriteNsswitchConfiguration(testPrefix, &conf);
else
DJ_LOG_INFO("nsswitch not modified");
cleanup:
FreeNsswitchConfContents(&conf);
DJFreeDistroInfo(&distro);
return ceError;
}
static DWORD WriteNsswitchConfiguration(const char *rootPrefix, NsswitchConf *conf)
{
DWORD ceError = ERROR_SUCCESS;
DynamicArray printedLine;
int i;
char *tempName = NULL;
char *finalName = NULL;
char *prefixedPath = NULL;
FILE *file = NULL;
memset(&printedLine, 0, sizeof(printedLine));
GCE(ceError = CTAllocateStringPrintf(&prefixedPath, "%s%s", rootPrefix, conf->filename));
GCE(ceError = CTGetFileTempPath(
prefixedPath,
&finalName,
&tempName));
DJ_LOG_INFO("Writing nsswitch configuration for %s", finalName);
ceError = CTOpenFile(tempName, "w", &file);
if(ceError)
{
DJ_LOG_ERROR("Unable to open '%s' for writing", tempName);
GCE(ceError);
}
for(i = 0; i < conf->lines.size; i++)
{
GCE(ceError = GetPrintedLine(&printedLine, conf, i));
GCE(ceError = CTFilePrintf(file, "%s\n", printedLine.data));
}
GCE(ceError = CTCloseFile(file));
file = NULL;
GCE(ceError = CTSafeReplaceFile(
finalName,
tempName));
DJ_LOG_INFO("File moved into place");
cleanup:
if(file != NULL)
CTCloseFile(file);
CTArrayFree(&printedLine);
CT_SAFE_FREE_STRING(tempName);
CT_SAFE_FREE_STRING(finalName);
CT_SAFE_FREE_STRING(prefixedPath);
return ceError;
}
DWORD
DJIsAppleADPluginInUse(BOOLEAN* pExists)
{
DWORD ceError = ERROR_SUCCESS;
PPROCINFO pProcInfo = NULL;
PSTR* ppszArgs = NULL;
DWORD nArgs = 7;
LONG status = 0;
BOOLEAN bInUse = FALSE;
DJ_LOG_INFO("Testing to see if Apple AD plugin is already in use");
ceError = CTAllocateMemory(sizeof(PSTR)*nArgs, (PVOID*)(PVOID)&ppszArgs);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = CTAllocateString("/usr/bin/dscl", ppszArgs);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = CTAllocateString("localhost", ppszArgs+1);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = CTAllocateString("-list", ppszArgs+2);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = CTAllocateString("|", ppszArgs+3);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = CTAllocateString("grep", ppszArgs+4);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = CTAllocateString(APPLEADDSPLUGIN_NAME, ppszArgs+5);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = DJSpawnProcess(ppszArgs[0], ppszArgs, &pProcInfo);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = DJGetProcessStatus(pProcInfo, &status);
BAIL_ON_CENTERIS_ERROR(ceError);
if (status == 0)
{
bInUse = TRUE;
}
error:
if (ppszArgs)
{
CTFreeStringArray(ppszArgs, nArgs);
}
if (pProcInfo)
{
FreeProcInfo(pProcInfo);
}
*pExists = bInUse;
return ceError;
}
DWORD
DJIsAppleADPluginInUse(BOOLEAN* pExists)
{
DWORD ceError = ERROR_SUCCESS;
PSTR value = NULL;
PSTR valueStart = NULL;
BOOLEAN bInUse = FALSE;
DJ_LOG_INFO("Testing to see if Apple AD plugin is already in use");
ceError = CTCaptureOutput("/usr/bin/dscl localhost -list / | grep \"^Active Directory\"", &value);
if (ceError)
{
ceError = ERROR_SUCCESS;
goto error;
}
CTStripWhitespace(value);
valueStart = strstr(value, "Active Directory");
if (valueStart != NULL)
{
bInUse = TRUE;
}
error:
CT_SAFE_FREE_STRING(value);
*pExists = bInUse;
return ceError;
}
static
DWORD
DJCheckIfDHCPHost(
PSTR pszPathifcfg,
PBOOLEAN pbDHCPHost
)
{
DWORD ceError = ERROR_SUCCESS;
PSTR pszFilter = "^[[:space:]]*BOOTPROTO.*dhcp.*$";
BOOLEAN bDHCPHost = FALSE;
DJ_LOG_INFO("Checking if DHCP Host...");
// now that we have a file, we need to check out our BOOTPROTO,
// if it's DHCP, we have to update the DHCP_HOSTNAME
// ps: the expression should be BOOTPROTO='?dhcp'? because RH uses dhcp and SuSE 'dhcp'
// sRun = "grep BOOTPROTO=\\'\\\\?dhcp\\'\\\\? " + sPathifcfg;
//sRun = "grep BOOTPROTO=\\'*dhcp\\'* " + sPathifcfg;
ceError = CTCheckFileHoldsPattern(pszPathifcfg, pszFilter, &bDHCPHost);
BAIL_ON_CENTERIS_ERROR(ceError);
*pbDHCPHost = bDHCPHost;
return ceError;
error:
*pbDHCPHost = FALSE;
return ceError;
}
DWORD
DJConfigureNameServiceSwitch(const char *testPrefix, BOOLEAN enable)
{
DWORD ceError = ERROR_SUCCESS;
NsswitchConf conf;
if(testPrefix == NULL)
testPrefix = "";
ceError = ReadNsswitchConf(&conf, testPrefix, TRUE);
if(ceError == ERROR_FILE_NOT_FOUND)
{
ceError = ERROR_SUCCESS;
DJ_LOG_WARNING("Warning: Could not find nsswitch file");
goto cleanup;
}
GCE(ceError);
ceError = UpdateNsswitchConf(&conf, enable);
if(conf.modified)
WriteNsswitchConfiguration(testPrefix, &conf);
else
DJ_LOG_INFO("nsswitch not modified");
cleanup:
FreeNsswitchConfContents(&conf);
return ceError;
}
static DWORD ReadNsswitchFile(NsswitchConf *conf, const char *rootPrefix, const char *filename)
{
DWORD ceError = ERROR_SUCCESS;
FILE *file = NULL;
PSTR buffer = NULL;
char *fullPath = NULL;
BOOLEAN endOfFile = FALSE;
BOOLEAN exists;
if(rootPrefix == NULL)
rootPrefix = "";
GCE(ceError = CTAllocateStringPrintf(
&fullPath, "%s%s", rootPrefix, filename));
DJ_LOG_INFO("Reading nsswitch file %s", fullPath);
GCE(ceError = CTCheckFileOrLinkExists(fullPath, &exists));
if(!exists)
{
DJ_LOG_INFO("File %s does not exist", fullPath);
ceError = ERROR_FILE_NOT_FOUND;
goto cleanup;
}
GCE(ceError = CTStrdup(filename,
&conf->filename));
GCE(ceError = CTOpenFile(fullPath, "r", &file));
CT_SAFE_FREE_STRING(fullPath);
while(TRUE)
{
CT_SAFE_FREE_STRING(buffer);
GCE(ceError = CTReadNextLine(file, &buffer, &endOfFile));
if(endOfFile)
break;
GCE(ceError = AddFormattedLine(conf, filename, buffer, NULL));
}
conf->modified = FALSE;
cleanup:
CT_SAFE_FREE_STRING(buffer);
if(file != NULL)
CTCloseFile(file);
CT_SAFE_FREE_STRING(fullPath);
if(ceError)
FreeNsswitchConfContents(conf);
return ceError;
}
static DWORD ReadSshFile(struct SshConf *conf, const char *rootPrefix, const char *filename)
{
DWORD ceError = ERROR_SUCCESS;
FILE *file = NULL;
PSTR buffer = NULL;
char *fullPath = NULL;
BOOLEAN endOfFile = FALSE;
BOOLEAN exists;
BAIL_ON_CENTERIS_ERROR(ceError = CTAllocateStringPrintf(
&fullPath, "%s%s", rootPrefix, filename));
DJ_LOG_INFO("Reading ssh file %s", fullPath);
BAIL_ON_CENTERIS_ERROR(ceError = CTCheckFileOrLinkExists(fullPath, &exists));
if(!exists)
{
DJ_LOG_INFO("File %s does not exist", fullPath);
ceError = ERROR_FILE_NOT_FOUND;
goto error;
}
BAIL_ON_CENTERIS_ERROR(ceError = CTStrdup(filename,
&conf->filename));
BAIL_ON_CENTERIS_ERROR(ceError = CTOpenFile(fullPath, "r", &file));
CT_SAFE_FREE_STRING(fullPath);
while(TRUE)
{
CT_SAFE_FREE_STRING(buffer);
BAIL_ON_CENTERIS_ERROR(ceError = CTReadNextLine(file, &buffer, &endOfFile));
if(endOfFile)
break;
BAIL_ON_CENTERIS_ERROR(ceError = AddFormattedLine(conf, filename, buffer, NULL));
}
CT_SAFE_FREE_STRING(buffer);
BAIL_ON_CENTERIS_ERROR(ceError = CTCloseFile(file));
file = NULL;
return ceError;
error:
if(file != NULL)
CTCloseFile(file);
CT_SAFE_FREE_STRING(fullPath);
FreeSshConfContents(conf);
CT_SAFE_FREE_STRING(buffer);
return ceError;
}
static
DWORD
SetAIXHostname(
PSTR pszComputerName
)
{
DWORD ceError = ERROR_SUCCESS;
PPROCINFO pProcInfo = NULL;
PSTR* ppszArgs = NULL;
DWORD nArgs = 6;
CHAR szBuf[512];
LONG status = 0;
DJ_LOG_INFO("Setting hostname to [%s]", pszComputerName);
ceError = CTAllocateMemory(sizeof(PSTR)*nArgs, PPCAST(&ppszArgs));
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = CTAllocateString("chdev", ppszArgs);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = CTAllocateString("-a", ppszArgs+1);
BAIL_ON_CENTERIS_ERROR(ceError);
sprintf(szBuf, "hostname=%s", pszComputerName);
ceError = CTAllocateString(szBuf, ppszArgs+2);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = CTAllocateString("-l", ppszArgs+3);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = CTAllocateString("inet0", ppszArgs+4);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = DJSpawnProcess(ppszArgs[0], ppszArgs, &pProcInfo);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = DJGetProcessStatus(pProcInfo, &status);
BAIL_ON_CENTERIS_ERROR(ceError);
if (status != 0) {
ceError = ERROR_BAD_COMMAND;
BAIL_ON_CENTERIS_ERROR(ceError);
}
error:
if (ppszArgs)
CTFreeStringArray(ppszArgs, nArgs);
if (pProcInfo)
FreeProcInfo(pProcInfo);
return ceError;
}
void DJRestartIfRunning(PCSTR daemon, LWException **exc)
{
BOOLEAN running;
LWException *inner = NULL;
DJGetDaemonStatus(daemon, &running, &inner);
if(!LW_IS_OK(inner) && inner->code == ERROR_SERVICE_NOT_FOUND)
{
//The daemon isn't installed
LW_HANDLE(&inner);
running = FALSE;
}
LW_CLEANUP(exc, inner);
if(!running)
goto cleanup;
DJ_LOG_INFO("Restarting '%s'", daemon);
LW_TRY(exc, DJStartStopDaemon(daemon, FALSE, &LW_EXC));
DJ_LOG_INFO("Starting '%s'", daemon);
LW_TRY(exc, DJStartStopDaemon(daemon, TRUE, &LW_EXC));
cleanup:
LW_HANDLE(&inner);
}
static
DWORD
DJFlushCache(
)
{
DWORD ceError = ERROR_SUCCESS;
int i;
const char* cacheUtils[] = {
"/usr/sbin/lookupd", /* Before Mac OS X 10.5 */
"/usr/bin/dscacheutil" /* On Mac OS X 10.5 */
};
DJ_LOG_INFO("Flushing dns cache");
for (i = 0; i < (sizeof(cacheUtils) / sizeof(cacheUtils[0])); i++)
{
const char* command = cacheUtils[i];
BOOLEAN exists;
/* Sanity check */
if (!command)
{
continue;
}
ceError = CTCheckFileExists(command, &exists);
BAIL_ON_CENTERIS_ERROR(ceError);
if (!exists)
{
continue;
}
ceError = CTShell("%command -flushcache",
CTSHELL_STRING(command, command));
/* Bail regardless */
goto error;
}
DJ_LOG_ERROR("Could not locate cache flush utility");
ceError = ERROR_FILE_NOT_FOUND;
error:
return ceError;
}
static
DWORD
WriteHostnameToSunFiles(
PCSTR pOldShortHostname,
PCSTR pNewShortHostname,
PCSTR pDnsDomainName,
PCSTR pOldFqdnHostname,
PCSTR pNewFqdnHostname
)
{
DWORD ceError = ERROR_SUCCESS;
FILE* fp = NULL;
PSTR* ppszHostfilePaths = NULL;
DWORD nPaths = 0;
DWORD iPath = 0;
PSTR pRealPath = NULL;
PSTR pTempPath = NULL;
PSTR pOldEscapedShortHostname = NULL;
PSTR pOldEscapedFqdnHostname = NULL;
PSTR pOldSedExpression = NULL;
PSTR pSedExpression = NULL;
BOOLEAN isSame = FALSE;
DJ_LOG_INFO("Setting hostname to [%s]", pNewShortHostname);
ceError = CTGetFileTempPath(
"/etc/nodename",
&pRealPath,
&pTempPath);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = CTOpenFile(
pTempPath,
"w",
&fp);
BAIL_ON_CENTERIS_ERROR(ceError);
if (fprintf(fp, "%s\n", pNewShortHostname) < 0)
{
ceError = LwMapErrnoToLwError(errno);
BAIL_ON_CENTERIS_ERROR(ceError);
}
ceError = CTSafeCloseFile(&fp);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = CTFileContentsSame(
pTempPath,
pRealPath,
&isSame);
BAIL_ON_CENTERIS_ERROR(ceError);
if (isSame)
{
BAIL_ON_CENTERIS_ERROR(ceError = CTRemoveFile(pTempPath));
}
else
{
ceError = CTSafeReplaceFile(pRealPath, pTempPath);
BAIL_ON_CENTERIS_ERROR(ceError);
}
CT_SAFE_FREE_STRING(pRealPath);
CT_SAFE_FREE_STRING(pTempPath);
ceError = CTGetFileTempPath(
"/etc/defaultdomain",
&pRealPath,
&pTempPath);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = CTOpenFile(
pTempPath,
"w",
&fp);
BAIL_ON_CENTERIS_ERROR(ceError);
fprintf(fp, "%s\n", pDnsDomainName);
ceError = CTSafeCloseFile(&fp);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = CTFileContentsSame(
pTempPath,
pRealPath,
&isSame);
BAIL_ON_CENTERIS_ERROR(ceError);
if (isSame)
{
BAIL_ON_CENTERIS_ERROR(ceError = CTRemoveFile(pTempPath));
}
else
{
ceError = CTSafeReplaceFile(pRealPath, pTempPath);
BAIL_ON_CENTERIS_ERROR(ceError);
}
/* The first column of the /etc/hostname.<interface> files is the IP
* address of the interface. It may either be specified directly in the
* file, or the file may refer to an entry in /etc/hosts. This program is
* editing /etc/hosts, any old entries in the hostname files need to be
* fixed. */
ceError = CTGetMatchingFilePathsInFolder("/etc",
"hostname.*",
&ppszHostfilePaths,
&nPaths);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = SedEscapeLiteral(
pOldShortHostname,
&pOldEscapedShortHostname);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = LwAllocateStringPrintf(
&pSedExpression,
"s/^%s\\([ ].*\\)\\{0,1\\}$/%s\\1/",
pOldEscapedShortHostname,
pNewShortHostname);
BAIL_ON_CENTERIS_ERROR(ceError);
if (pOldFqdnHostname != NULL)
{
ceError = SedEscapeLiteral(
pOldFqdnHostname,
&pOldEscapedFqdnHostname);
BAIL_ON_CENTERIS_ERROR(ceError);
pOldSedExpression = pSedExpression;
pSedExpression = NULL;
ceError = LwAllocateStringPrintf(
&pSedExpression,
"%s;s/^%s\\([ ].*\\)\\{0,1\\}$/%s\\1/",
pOldSedExpression,
pOldEscapedFqdnHostname,
pNewFqdnHostname);
BAIL_ON_CENTERIS_ERROR(ceError);
}
for (iPath = 0; iPath < nPaths; iPath++)
{
if (!CTStrEndsWith(ppszHostfilePaths[iPath], ".lwidentity.bak") &&
!CTStrEndsWith(ppszHostfilePaths[iPath], ".lwidentity.orig"))
{
ceError = CTRunSedOnFile(
ppszHostfilePaths[iPath],
ppszHostfilePaths[iPath],
FALSE,
pSedExpression);
BAIL_ON_CENTERIS_ERROR(ceError);
}
}
error:
if (ppszHostfilePaths)
CTFreeStringArray(ppszHostfilePaths, nPaths);
if (fp) {
fclose(fp);
}
CT_SAFE_FREE_STRING(pRealPath);
CT_SAFE_FREE_STRING(pTempPath);
CT_SAFE_FREE_STRING(pOldEscapedShortHostname);
CT_SAFE_FREE_STRING(pOldEscapedFqdnHostname);
CT_SAFE_FREE_STRING(pOldSedExpression);
CT_SAFE_FREE_STRING(pSedExpression);
return ceError;
}
static DWORD SetHPUXHostname(PSTR pszComputerName)
{
DWORD ceError = ERROR_SUCCESS;
PPROCINFO pProcInfo = NULL;
PSTR *ppszArgs = NULL;
DWORD nArgs = 6;
CHAR szBuf[512];
LONG status = 0;
DJ_LOG_INFO("Setting hostname to [%s]", pszComputerName);
ceError = CTAllocateMemory(sizeof(PSTR)*nArgs, PPCAST(&ppszArgs));
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = CTAllocateString("/bin/sh", ppszArgs);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = CTAllocateString("-c", ppszArgs+1);
BAIL_ON_CENTERIS_ERROR(ceError);
memset(szBuf, 0, sizeof(szBuf));
snprintf(szBuf, sizeof(szBuf), "/usr/bin/sed s/HOSTNAME=\\\"[a-zA-Z0-9].*\\\"/HOSTNAME=\\\"%s\\\"/ %s > %s.new", pszComputerName, NETCONF, NETCONF);
ceError = CTAllocateString(szBuf, ppszArgs+2);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = DJSpawnProcess(ppszArgs[0], ppszArgs, &pProcInfo);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = DJGetProcessStatus(pProcInfo, &status);
BAIL_ON_CENTERIS_ERROR(ceError);
if (status != 0) {
ceError = ERROR_BAD_COMMAND;
BAIL_ON_CENTERIS_ERROR(ceError);
}
memset(szBuf, 0, sizeof(szBuf));
snprintf(szBuf, sizeof(szBuf), "%s.new", NETCONF);
ceError = CTMoveFile(szBuf, NETCONF);
BAIL_ON_CENTERIS_ERROR(ceError);
CTFreeStringArray(ppszArgs, nArgs);
ppszArgs = NULL;
FreeProcInfo(pProcInfo);
pProcInfo = NULL;
/* After updating the file, HP-UX wants us to "start" the hostname */
ceError = CTAllocateMemory(sizeof(PSTR)*nArgs, PPCAST(&ppszArgs));
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = CTAllocateString("/sbin/init.d/hostname", ppszArgs);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = CTAllocateString("start", ppszArgs + 1);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = DJSpawnProcess(ppszArgs[0], ppszArgs, &pProcInfo);
BAIL_ON_CENTERIS_ERROR(ceError);
ceError = DJGetProcessStatus(pProcInfo, &status);
BAIL_ON_CENTERIS_ERROR(ceError);
if (status != 0) {
ceError = ERROR_BAD_COMMAND;
BAIL_ON_CENTERIS_ERROR(ceError);
}
error:
if(ppszArgs)
CTFreeStringArray(ppszArgs, nArgs);
if(pProcInfo)
FreeProcInfo(pProcInfo);
return ceError;
}
void DoJoin(int argc, char **argv, int columns, LWException **exc)
{
JoinProcessOptions options;
BOOLEAN advanced = FALSE;
BOOLEAN preview = FALSE;
DynamicArray enableModules, disableModules, ignoreModules;
DynamicArray detailModules;
size_t i;
int passwordIndex = -1;
PSTR moduleDetails = NULL;
PSTR wrapped = NULL;
DJZeroJoinProcessOptions(&options);
memset(&enableModules, 0, sizeof(enableModules));
memset(&disableModules, 0, sizeof(disableModules));
memset(&ignoreModules, 0, sizeof(ignoreModules));
memset(&detailModules, 0, sizeof(detailModules));
while(argc > 0 && CTStrStartsWith(argv[0], "--"))
{
if(!strcmp(argv[0], "--advanced"))
advanced = TRUE;
else if(!strcmp(argv[0], "--preview"))
preview = TRUE;
else if(!strcmp(argv[0], "--ignore-firewall-ntp"))
{
printf("Warning: --ignore-firewall-ntp is deprecated. This behavior is now default.\n");
}
else if(!strcmp(argv[0], "--ignore-pam"))
options.ignorePam = TRUE;
else if(!strcmp(argv[0], "--notimesync"))
options.disableTimeSync = TRUE;
else if(!strcmp(argv[0], "--multiple"))
options.enableMultipleJoins = TRUE;
else if(!strcmp(argv[0], "--nohosts"))
{
PCSTR module = "hostname";
LW_CLEANUP_CTERR(exc, CTArrayAppend(&disableModules, sizeof(PCSTR), &module, 1));
}
else if(argc < 2)
{
LW_RAISE(exc, LW_ERROR_SHOW_USAGE);
goto cleanup;
}
else if(!strcmp(argv[0], "--enable"))
{
LW_CLEANUP_CTERR(exc, CTArrayAppend(&enableModules, sizeof(PCSTR), &argv[1], 1));
argv++;
argc--;
}
else if(!strcmp(argv[0], "--disable"))
{
if(!strcmp(argv[1], "ssh")){
options.ignoreSsh = TRUE;
}
else {
options.ignoreSsh = FALSE;
LW_CLEANUP_CTERR(exc, CTArrayAppend(&disableModules, sizeof(PCSTR), &argv[1], 1));
}
argv++;
argc--;
}
else if(!strcmp(argv[0], "--ignore"))
{
LW_CLEANUP_CTERR(exc, CTArrayAppend(&ignoreModules, sizeof(PCSTR), &argv[1], 1));
argv++;
argc--;
}
else if(!strcmp(argv[0], "--details"))
{
LW_CLEANUP_CTERR(exc, CTArrayAppend(&detailModules, sizeof(PCSTR), &argv[1], 1));
argv++;
argc--;
}
else if(!strcmp(argv[0], "--ou"))
{
DJ_LOG_INFO("Domainjoin invoked with option --ou %s", argv[1]);
CT_SAFE_FREE_STRING(options.ouName);
LW_CLEANUP_CTERR(exc, CTStrdup(argv[1], &options.ouName));
argv++;
argc--;
}
else if(!strcmp(argv[0], "--uac-flags"))
{
DJ_LOG_INFO("Domainjoin invoked with option --uac-flags %s", argv[1]);
CT_SAFE_FREE_STRING(options.ouName);
options.uacFlags = strtoul(argv[1], NULL, 0);
argv++;
argc--;
}
else if(!strcmp(argv[0], "--assumeDefaultDomain"))
{
DJ_LOG_INFO("Domainjoin invoked with option --assumeDefaultDomain");
options.setAssumeDefaultDomain = TRUE;
if (!strcasecmp(argv[1], "yes") || !strcasecmp(argv[1], "true") ||
!strcasecmp(argv[1], "on"))
{
options.assumeDefaultDomain = TRUE;
}
else if (!strcasecmp(argv[1], "no") ||
!strcasecmp(argv[1], "false") ||
!strcasecmp(argv[1], "off"))
{
options.assumeDefaultDomain = FALSE;
}
else
{
LW_RAISE(exc, LW_ERROR_SHOW_USAGE);
goto cleanup;
}
argv++;
argc--;
}
else if(!strcmp(argv[0], "--userDomainPrefix"))
{
DJ_LOG_INFO("Domainjoin invoked with option --userDomainPrefix %s", argv[1]);
options.setAssumeDefaultDomain = TRUE;
options.assumeDefaultDomain = TRUE;
CT_SAFE_FREE_STRING(options.userDomainPrefix);
LW_CLEANUP_CTERR(exc, CTStrdup(argv[1], &options.userDomainPrefix));
CTStrToUpper(options.userDomainPrefix);
argv++;
argc--;
}
else
{
LW_RAISE(exc, LW_ERROR_SHOW_USAGE);
goto cleanup;
}
argv++;
argc--;
}
if(argc == 3)
{
LW_CLEANUP_CTERR(exc, CTStrdup(argv[2], &options.password));
passwordIndex = 2;
}
// The join username is not required in preview or details mode.
else if(argc == 1 && (preview || detailModules.size != 0) )
;
else if(argc != 2)
{
LW_RAISE(exc, LW_ERROR_SHOW_USAGE);
goto cleanup;
}
options.joiningDomain = TRUE;
DJ_LOG_INFO("Domainjoin invoked with %d arg(s) to the join command:", argc);
for(i = 0; i < argc; i++)
{
DJ_LOG_INFO(" [%s]", i == passwordIndex ? "<password>" : argv[i]);
}
LW_CLEANUP_CTERR(exc, CTStrdup(
argv[0], &options.domainName));
if(argc > 1)
{
LW_CLEANUP_CTERR(exc, CTStrdup(argv[1], &options.username));
}
options.warningCallback = PrintWarning;
options.showTraces = advanced;
LW_CLEANUP_CTERR(exc, DJGetComputerName(&options.computerName));
LW_TRY(exc, DJInitModuleStates(&options, &LW_EXC));
for(i = 0; i < enableModules.size; i++)
{
PCSTR module = *(PCSTR *)CTArrayGetItem(
&enableModules, i, sizeof(PCSTR));
if(CTArrayFindString(&disableModules, module) != -1)
{
LW_RAISE_EX(exc, ERROR_INVALID_PARAMETER, "Module already specified", "The module '%s' is listed as being disabled and enabled", module);
goto cleanup;
}
if(CTArrayFindString(&ignoreModules, module) != -1)
{
LW_RAISE_EX(exc, ERROR_INVALID_PARAMETER, "Module already specified", "The module '%s' is listed as being ignored and enabled", module);
goto cleanup;
}
LW_TRY(exc, DJSetModuleDisposition(&options, module, EnableModule, &LW_EXC));
}
for(i = 0; i < disableModules.size; i++)
{
PCSTR module = *(PCSTR *)CTArrayGetItem(
&disableModules, i, sizeof(PCSTR));
if(CTArrayFindString(&enableModules, module) != -1)
{
LW_RAISE_EX(exc, ERROR_INVALID_PARAMETER, "Module already specified", "The module '%s' is listed as being disabled and enabled", module);
goto cleanup;
}
if(CTArrayFindString(&ignoreModules, module) != -1)
{
LW_RAISE_EX(exc, ERROR_INVALID_PARAMETER, "Module already specified", "The module '%s' is listed as being ignored and enabled", module);
goto cleanup;
}
LW_TRY(exc, DJSetModuleDisposition(&options, module, DisableModule, &LW_EXC));
}
for(i = 0; i < ignoreModules.size; i++)
{
PCSTR module = *(PCSTR *)CTArrayGetItem(
&ignoreModules, i, sizeof(PCSTR));
if(CTArrayFindString(&enableModules, module) != -1)
{
LW_RAISE_EX(exc, ERROR_INVALID_PARAMETER, "Module already specified", "The module '%s' is listed as being enabled and ignored", module);
goto cleanup;
}
if(CTArrayFindString(&disableModules, module) != -1)
{
LW_RAISE_EX(exc, ERROR_INVALID_PARAMETER, "Module already specified", "The module '%s' is listed as being disabled and ignored", module);
goto cleanup;
}
LW_TRY(exc, DJSetModuleDisposition(&options, module, IgnoreModule, &LW_EXC));
}
for(i = 0; i < detailModules.size; i++)
{
PCSTR module = *(PCSTR *)CTArrayGetItem(
&detailModules, i, sizeof(PCSTR));
ModuleState *state = DJGetModuleStateByName(&options, module);
if(state == NULL)
{
LW_RAISE_EX(exc, ERROR_INVALID_PARAMETER, "Unable to find module.", "Please check the spelling of '%s'. This module cannot be found", module);
goto cleanup;
}
PrintModuleState(state);
}
if(detailModules.size > 0)
{
PrintStateKey();
}
for(i = 0; i < detailModules.size; i++)
{
PCSTR module = *(PCSTR *)CTArrayGetItem(
&detailModules, i, sizeof(PCSTR));
ModuleState *state = DJGetModuleStateByName(&options, module);
CT_SAFE_FREE_STRING(moduleDetails);
CT_SAFE_FREE_STRING(wrapped);
LW_TRY(exc, moduleDetails = state->module->GetChangeDescription(&options, &LW_EXC));
LW_CLEANUP_CTERR(exc, CTWordWrap(moduleDetails, &wrapped, 4, columns));
fprintf(stdout, "\nDetails for '%s':\n%s\n", state->module->longName, wrapped);
}
if(detailModules.size > 0)
goto cleanup;
LW_TRY(exc, PrintJoinHeader(&options, &LW_EXC));
if(preview)
{
PrintModuleStates(advanced, &options);
if(!advanced)
LW_TRY(exc, DJCheckRequiredEnabled(&options, &LW_EXC));
goto cleanup;
}
LW_TRY(exc, DJCheckRequiredEnabled(&options, &LW_EXC));
if (IsNullOrEmptyString(options.password))
{
CT_SAFE_FREE_STRING(options.password);
LW_CLEANUP_CTERR(exc, FillMissingPassword(options.username,
&options.password));
}
LW_TRY(exc, DJRunJoinProcess(&options, &LW_EXC));
fprintf(stdout, "SUCCESS\n");
cleanup:
DJFreeJoinProcessOptions(&options);
CTArrayFree(&enableModules);
CTArrayFree(&disableModules);
CTArrayFree(&ignoreModules);
CTArrayFree(&detailModules);
CT_SAFE_FREE_STRING(moduleDetails);
CT_SAFE_FREE_STRING(wrapped);
}
static BOOLEAN TestOption(PCSTR rootPrefix, struct SshConf *conf, PCSTR binary, PCSTR testFlag, PCSTR optionName, LWException **exc)
{
DWORD ceError = ERROR_SUCCESS;
BOOLEAN result = FALSE;
PSTR command = NULL;
PSTR commandOutput = NULL;
int existingLine;
if(rootPrefix == NULL)
rootPrefix = "";
DJ_LOG_INFO("Testing option %s", optionName);
existingLine = FindOption(conf, 0, optionName);
if(existingLine != -1)
{
if(!strcmp(conf->lines[existingLine].value.value, "yes"))
{
//The option is already enabled, so it must be supported
result = TRUE;
goto cleanup;
}
}
/* Most versions of sshd support the -t option which runs it in test
mode. Test mode is used to verify that a config file is correct, or
in our case that the passed options are valid.
The only version of sshd known to not support -t is the version that
comes with Solaris 9. However, this version does not support the -o
option, and it will error out if the -o option is used. The Solaris
9 version of sshd does not support any of the options we'd like to
enable, so it will correctly fail all of the option tests.
Sshd will either complain about the first invalid option that is
passed with -o, or it will complain about all invalid options. -o
BadOption=yes is passed to verify that sshd understands -o, and to
make doubly sure that it will not start listening on a port.
The -v option can be used to test whether ssh (the client) supports
given options. Passing -v to ssh will cause it to print out its
version number and not attempt to connect to a machine. All versions of
ssh seem to parse the options passed with -o even when -v is passed.
Ssh will either complain about the first invalid option that is
passed with -o, or it will complain about all invalid options. -o
BadOption=yes is passed to verify that ssh understands -o.
*/
LW_CLEANUP_CTERR(exc, CTAllocateStringPrintf(
&command, "%s%s %s -o %s=yes -o BadOption=yes 2>&1",
rootPrefix, binary, testFlag, optionName));
ceError = CTCaptureOutput(command, &commandOutput);
/* Some versions of sshd will return an error code because an invalid
option was passed, but not all will. */
if(ceError == ERROR_BAD_COMMAND)
ceError = ERROR_SUCCESS;
LW_CLEANUP_CTERR(exc, ceError);
if(strstr(commandOutput, optionName) != NULL)
{
DJ_LOG_INFO("Option %s not supported", optionName);
goto cleanup;
}
if(strstr(commandOutput, "BadOption") == NULL)
{
DJ_LOG_INFO("Sshd does not support -o");
goto cleanup;
}
DJ_LOG_INFO("Option %s supported", optionName);
result = TRUE;
cleanup:
CT_SAFE_FREE_STRING(command);
CT_SAFE_FREE_STRING(commandOutput);
return result;
}
int main(
int argc,
char* argv[]
)
{
LWException *exc = NULL;
int columns;
PSTR pszLogFilePath = NULL;
BOOLEAN bNoLog = FALSE;
PSTR logLevel = "warning";
DWORD dwLogLevel;
BOOLEAN showHelp = FALSE;
BOOLEAN showInternalHelp = FALSE;
int remainingArgs = argc;
char **argPos = argv;
int i;
BOOLEAN directoryExists = FALSE;
if(CTGetTerminalWidth(fileno(stdout), &columns))
columns = -1;
/* Skip the program name */
argPos++;
remainingArgs--;
setlocale(LC_ALL, "");
while(remainingArgs > 0 && CTStrStartsWith(argPos[0], "--"))
{
if(!strcmp(argPos[0], "--help"))
showHelp = TRUE;
else if(!strcmp(argPos[0], "--help-internal"))
showInternalHelp = TRUE;
else if(!strcmp(argPos[0], "--nolog"))
bNoLog = TRUE;
//All options after this point take an argument
else if(remainingArgs < 2)
showHelp = TRUE;
else if(!strcmp(argPos[0], "--logfile"))
{
pszLogFilePath = (++argPos)[0];
remainingArgs--;
}
else if(!strcmp(argPos[0], "--loglevel"))
{
logLevel = (++argPos)[0];
remainingArgs--;
}
else
break;
remainingArgs--;
argPos++;
}
if(remainingArgs < 1)
showHelp = TRUE;
if (showInternalHelp) {
ShowUsageInternal();
goto cleanup;
}
if (showHelp) {
ShowUsage();
goto cleanup;
}
if (!strcasecmp(logLevel, "error"))
{
dwLogLevel = LOG_LEVEL_ERROR;
LwRtlLogSetLevel(LW_RTL_LOG_LEVEL_ERROR);
}
else if (!strcasecmp(logLevel, "warning"))
{
dwLogLevel = LOG_LEVEL_WARNING;
LwRtlLogSetLevel(LW_RTL_LOG_LEVEL_WARNING);
}
else if (!strcasecmp(logLevel, "info"))
{
dwLogLevel = LOG_LEVEL_INFO;
LwRtlLogSetLevel(LW_RTL_LOG_LEVEL_INFO);
}
else if (!strcasecmp(logLevel, "verbose"))
{
dwLogLevel = LOG_LEVEL_VERBOSE;
LwRtlLogSetLevel(LW_RTL_LOG_LEVEL_VERBOSE);
}
else if (!strcasecmp(logLevel, "debug"))
{
dwLogLevel = LOG_LEVEL_VERBOSE;
LwRtlLogSetLevel(LW_RTL_LOG_LEVEL_DEBUG);
}
else {
LW_CLEANUP_CTERR(&exc, LW_ERROR_INVALID_LOG_LEVEL);
}
if (pszLogFilePath == NULL)
{
// Determine the default log path
LW_CLEANUP_CTERR(&exc,
CTCheckDirectoryExists("/var/log", &directoryExists));
if (directoryExists)
{
pszLogFilePath = "/var/log/domainjoin-cli.log";
}
else
{
pszLogFilePath = "/var/adm/domainjoin-cli.log";
}
}
if (bNoLog) {
LW_CLEANUP_CTERR(&exc, dj_disable_logging());
} else if (!strcmp(pszLogFilePath, ".")) {
LW_CLEANUP_CTERR(&exc, dj_init_logging_to_console(dwLogLevel));
} else {
DWORD ceError = dj_init_logging_to_file(dwLogLevel, pszLogFilePath);
if(ceError == ERROR_ACCESS_DENIED)
{
fprintf(stderr, "Warning: insufficient permissions to log to %s. To enable logging, please specify a different filename with --logfile <file>.\n",
pszLogFilePath);
ceError = ERROR_SUCCESS;
LW_CLEANUP_CTERR(&exc, dj_disable_logging());
}
else if (ceError == ERROR_FILE_NOT_FOUND)
{
fprintf(stderr, "Warning: parent directory of log file %s does not exist. To enable logging, please specify a different filename with --logfile <file>.\n",
pszLogFilePath);
ceError = ERROR_SUCCESS;
LW_CLEANUP_CTERR(&exc, dj_disable_logging());
}
LW_CLEANUP_CTERR(&exc, ceError);
}
LwRtlLogSetCallback(RtlLogCallback, NULL);
if (!strcmp(argPos[0], "join") || !strcmp(argPos[0], "leave"))
{
DJ_LOG_INFO("Domainjoin invoked with the %s command (remaining arguments will be printed later):", argPos[0]);
// Only print up to the 'join' part
for (i = 0; i <= argPos - argv; i++)
{
DJ_LOG_INFO(" [%s]", argv[i]);
}
}
else
{
DJ_LOG_INFO("Domainjoin invoked with %d arg(s):", argc);
for (i = 0; i < argc; i++)
{
DJ_LOG_INFO(" [%s]", argv[i]);
}
}
if(!strcmp(argPos[0], "setname"))
{
PSTR pDomainSuffix = 0;
argPos++;
if(--remainingArgs != 1)
{
ShowUsage();
goto cleanup;
}
pDomainSuffix = strchr(argPos[0], '.');
if (pDomainSuffix)
{
*pDomainSuffix = 0;
pDomainSuffix++;
}
else
{
pDomainSuffix = "";
}
LW_TRY(&exc, DJSetComputerName(argPos[0], pDomainSuffix, &LW_EXC));
}
else if(!strcmp(argPos[0], "join"))
{
argPos++;
remainingArgs--;
LW_TRY(&exc, DoJoin(remainingArgs, argPos, columns, &LW_EXC));
}
else if(!strcmp(argPos[0], "leave"))
{
argPos++;
remainingArgs--;
LW_TRY(&exc, DoLeaveNew(remainingArgs, argPos, columns, &LW_EXC));
}
else if(!strcmp(argPos[0], "query"))
{
LW_TRY(&exc, DoQuery(&LW_EXC));
}
else if(!strcmp(argPos[0], "fixfqdn"))
LW_TRY(&exc, DoFixFqdn(&LW_EXC));
#ifndef ENABLE_MINIMAL
else if(!strcmp(argPos[0], "configure"))
{
argPos++;
remainingArgs--;
LW_TRY(&exc, DoConfigure(remainingArgs, argPos, &LW_EXC));
}
#endif
else if(!strcmp(argPos[0], "get_os_type") ||
!strcmp(argPos[0], "get_arch") ||
!strcmp(argPos[0], "get_distro") ||
!strcmp(argPos[0], "get_distro_version"))
{
LW_TRY(&exc, DoGetDistroInfo(remainingArgs, argPos, &LW_EXC));
}
else
{
LW_RAISE(&exc, LW_ERROR_SHOW_USAGE);
goto cleanup;
}
cleanup:
if (!LW_IS_OK(exc) && exc->code == LW_ERROR_SHOW_USAGE)
{
ShowUsage();
LWHandle(&exc);
}
else if (!LW_IS_OK(exc))
{
//Ignoring the return value from this because we can't do anything
//if there is an error
fprintf(stdout, "\n");
LWPrintException(stdout, exc, FALSE);
DJLogException(LOG_LEVEL_ERROR, exc);
LWHandle(&exc);
dj_close_log();
return 1;
}
dj_close_log();
return 0;
}
void
DJManageDaemons(
BOOLEAN bStart,
LWException **exc
)
{
BOOLEAN bFileExists = TRUE;
FILE* fp = NULL;
LWException *innerExc = NULL;
int i;
PLSA_LOG_INFO pLogInfo = NULL;
BOOLEAN bLsassContacted = FALSE;
DWORD dwError = 0;
LW_HANDLE hLsa = NULL;
LW_CLEANUP_CTERR(exc, CTCheckFileExists(PWGRD, &bFileExists));
if(bFileExists)
{
//Shutdown pwgr (a nscd-like daemon) on HP-UX because it only handles
//usernames up to 8 characters in length.
LW_TRY(exc, DJStartStopDaemon("pwgr", FALSE, &LW_EXC));
LW_CLEANUP_CTERR(exc, CTRunSedOnFile(PWGRD, PWGRD, FALSE, "s/=1/=0/"));
}
if(bStart)
{
// Set registry value for gpagentd to autostart.
dwError = SetBooleanRegistryValue("Services\\gpagent", "Autostart", TRUE);
// Trigger gpagentd start
dwError = DJStartService("gpagent");
// Make sure lsass is responding
bLsassContacted = FALSE;
for (i = 0; !bLsassContacted && i < 30; i++)
{
DJ_LOG_INFO("Trying to contact lsassd");
if (hLsa)
{
LsaCloseServer(hLsa);
hLsa = NULL;
}
dwError = LsaOpenServer(&hLsa);
if (dwError == ERROR_FILE_NOT_FOUND ||
dwError == LW_ERROR_ERRNO_ECONNREFUSED)
{
DJ_LOG_INFO("Failed with %d", dwError);
dwError = 0;
sleep(1);
continue;
}
LW_CLEANUP_CTERR(exc, dwError);
LW_CLEANUP_CTERR(exc, LsaGetLogInfo(hLsa, &pLogInfo));
bLsassContacted = TRUE;
}
if (!bLsassContacted)
{
LW_RAISE_EX(exc, ERROR_SERVICE_NOT_ACTIVE, "Unable to reach lsassd", "The lsass daemon could not be reached for 30 seconds after trying to start it. Please verify it is running.");
goto cleanup;
}
}
else
{
dwError = SetBooleanRegistryValue("Services\\gpagent", "Autostart", FALSE);
dwError = DJStopService("gpagent");
}
cleanup:
CTSafeCloseFile(&fp);
if (pLogInfo)
{
LsaFreeLogInfo(pLogInfo);
}
if (hLsa)
{
LsaCloseServer(hLsa);
}
LW_HANDLE(&innerExc);
}
static
void
FixNetworkInterfaces(
PSTR pszComputerName,
LWException **exc
)
{
DWORD ceError = ERROR_SUCCESS;
int EE = 0;
BOOLEAN bFileExists = FALSE;
BOOLEAN bDirExists = FALSE;
PSTR* ppszPaths = NULL;
DWORD nPaths = 0;
DWORD iPath = 0;
CHAR szBuf[1024];
PSTR pszPathifcfg = NULL;
BOOLEAN bDHCPHost = FALSE;
PSTR pszMachineSID = NULL;
PCSTR networkConfigPath = "/etc/sysconfig/network";
LW_CLEANUP_CTERR(exc, DJGetMachineSID(&pszMachineSID));
/*
* fixup HOSTNAME variable in /etc/sysconfig/network file if it exists
* note that 'network' is a *directory* on some dists (ie SUSE),
* is a *file* on others (ie Redhat). weird.
*/
LW_CLEANUP_CTERR(exc, CTCheckFileExists(networkConfigPath, &bFileExists));
if (bFileExists) {
sprintf(szBuf, "s/^.*\\(HOSTNAME\\).*=.*$/\\1=%s/", pszComputerName);
LW_CLEANUP_CTERR(exc, CTRunSedOnFile(networkConfigPath, networkConfigPath,
FALSE, szBuf));
}
LW_CLEANUP_CTERR(exc, CTCheckDirectoryExists("/etc/sysconfig/network", &bDirExists));
if (!bDirExists)
{
LW_CLEANUP_CTERR(exc, CTCheckDirectoryExists("/etc/sysconfig/network-scripts", &bDirExists));
}
if (bDirExists) {
struct
{
PCSTR dir;
PCSTR glob;
} const searchPaths[] = {
{"/etc/sysconfig/network", "ifcfg-eth-id-[^.]*$"},
{"/etc/sysconfig/network", "ifcfg-eth0[^.]*$"},
{"/etc/sysconfig/network", "ifcfg-eth[^.]*$"},
{"/etc/sysconfig/network", "ifcfg-eth-bus[^.]*$"},
//SLES 10.1 on zSeries uses one of:
// /etc/sysconfig/network/ifcfg-qeth-bus-ccw-0.0.0500
// /etc/sysconfig/network/ifcfg-ctc-bus-ccw-0.0.0004
{"/etc/sysconfig/network", "ifcfg-qeth-bus.*\\.[0-9]\\+$"},
{"/etc/sysconfig/network", "ifcfg-ctc-bus.*\\.[0-9]\\+$"},
// Redhat uses /etc/sysconfig/network-scripts/ifcfg-eth<number>
{"/etc/sysconfig/network-scripts", "ifcfg-eth[^.]*$"},
// RHEL 6 uses this
{"/etc/sysconfig/network-scripts", "ifcfg-Auto_eth[^.]*$"},
// ESX 3.5 and 4.0 use
// /etc/sysconfig/network-scripts/ifcfg-vswif<number>
{"/etc/sysconfig/network-scripts", "ifcfg-vswif[^.]*$"},
// RHEL 7: network interface naming seems to be ensXX or enoXXXX, etc.
{"/etc/sysconfig/network-scripts", "ifcfg-en[^.]*$"},
{NULL, NULL}
};
// Find the ifcfg file
pszPathifcfg = NULL;
for(iPath = 0; searchPaths[iPath].dir != NULL && pszPathifcfg == NULL; iPath++)
{
if (ppszPaths)
{
CTFreeStringArray(ppszPaths, nPaths);
ppszPaths = NULL;
}
ceError = CTGetMatchingFilePathsInFolder(searchPaths[iPath].dir,
searchPaths[iPath].glob,
&ppszPaths,
&nPaths);
if(ceError == ERROR_DIRECTORY)
{
ceError = ERROR_SUCCESS;
continue;
}
LW_CLEANUP_CTERR(exc, ceError);
if(nPaths > 0)
{
LW_CLEANUP_CTERR(exc, CTAllocateString(ppszPaths[0], &pszPathifcfg));
}
}
if (IsNullOrEmptyString(pszPathifcfg)) {
LW_CLEANUP_CTERR(exc, ERROR_FILE_NOT_FOUND);
}
DJ_LOG_INFO("Found ifcfg file at %s", pszPathifcfg);
LW_CLEANUP_CTERR(exc, DJCheckIfDHCPHost(pszPathifcfg, &bDHCPHost));
if (bDHCPHost) {
LW_CLEANUP_CTERR(exc, DJFixDHCPHost(pszPathifcfg, pszComputerName));
}
}
ceError = CTShell("/bin/hostname %hostname >/dev/null",
CTSHELL_STRING(hostname, pszComputerName));
LW_CLEANUP_CTERR(exc, ceError);
// Only DHCP boxes need to restart their networks
if (bDHCPHost) {
LW_CLEANUP_CTERR(exc, DJConfigureDHCPService(pszComputerName));
}
cleanup:
// This ensures that we do not change the SID after a machine name
// change. The issue here is that Samba implements its SAM such that
// a machine name change changes the seeding used for the machine SID.
// Therefore, we must re-store the old SID with the new machine name
// seed.
if (pszMachineSID) {
if (*pszMachineSID != '\0')
DJSetMachineSID(pszMachineSID);
CTFreeString(pszMachineSID);
}
if (ppszPaths)
CTFreeStringArray(ppszPaths, nPaths);
if (pszPathifcfg)
CTFreeString(pszPathifcfg);
DJ_LOG_VERBOSE("FixNetworkInterfaces LEAVE -> 0x%08x (EE = %d)", ceError, EE);
}
void
DoNsswitch(
JoinProcessOptions *options,
LWException **exc
)
{
LWException *restartException = NULL;
NsswitchConf conf;
DWORD ceError = ERROR_SUCCESS;
memset(&conf, 0, sizeof(conf));
LW_TRY(exc, ConfigureApparmor(options->joiningDomain, &LW_EXC));
if(options->joiningDomain)
LW_CLEANUP_CTERR(exc, DJFixMethodsConfigFile());
else
LW_CLEANUP_CTERR(exc, DJUnconfigMethodsConfigFile());
ceError = ReadNsswitchConf(&conf, "", TRUE);
if(ceError == ERROR_FILE_NOT_FOUND)
{
ceError = ERROR_SUCCESS;
if (options->warningCallback != NULL)
{
options->warningCallback(options, "Could not find file", "Could not find nsswitch file");
}
goto cleanup;
}
LW_CLEANUP_CTERR(exc, ceError);
if(options->joiningDomain)
{
LW_TRY(exc, RemoveCompat(&conf, NULL, &LW_EXC));
}
LW_CLEANUP_CTERR(exc, UpdateNsswitchConf(&conf, options->joiningDomain));
if(conf.modified)
LW_CLEANUP_CTERR(exc, WriteNsswitchConfiguration("", &conf));
else
DJ_LOG_INFO("nsswitch not modified");
CTCaptureOutputToExc( SCRIPTDIR "/ConfigureLogin nsswitch_restart",
&restartException);
if(restartException != NULL && restartException->code == ERROR_BAD_COMMAND)
{
if (options->warningCallback)
{
options->warningCallback(options, "Some services require manual restart", restartException->longMsg);
}
LW_HANDLE(&restartException);
}
LW_CLEANUP(exc, restartException);
LW_TRY(exc, RestartDtloginIfRunning(options, &LW_EXC));
if (options->joiningDomain && options->warningCallback != NULL)
{
options->warningCallback(options,
"System restart required",
"Your system has been configured to authenticate to "
"Active Directory for the first time. It is recommended "
"that you restart your system to ensure that all applications "
"recognize the new settings.");
}
cleanup:
FreeNsswitchConfContents(&conf);
}
static DWORD UnsupportedSeLinuxEnabled(BOOLEAN *hasBadSeLinux)
{
BOOLEAN hasSeLinux;
DWORD ceError = ERROR_SUCCESS;
PSTR output = NULL;
DistroInfo distro;
*hasBadSeLinux = FALSE;
memset(&distro, 0, sizeof(distro));
GCE(ceError = CTCheckFileOrLinkExists("/usr/sbin/selinuxenabled", &hasSeLinux));
if(!hasSeLinux)
goto cleanup;
GCE(ceError = CTCheckFileOrLinkExists("/usr/sbin/getenforce", &hasSeLinux));
if(!hasSeLinux)
goto cleanup;
ceError = CTRunCommand("/usr/sbin/selinuxenabled >/dev/null 2>&1");
if(ceError == ERROR_BAD_COMMAND)
{
//selinux is not enabled
ceError = ERROR_SUCCESS;
goto cleanup;
}
GCE(ceError);
GCE(ceError = CTCaptureOutput("/usr/sbin/getenforce", &output));
CTStripWhitespace(output);
if(!strcmp(output, "Permissive"))
{
goto cleanup;
}
DJ_LOG_INFO("Selinux found to be present, enabled, and enforcing.");
GCE(ceError = DJGetDistroInfo("", &distro));
switch(distro.distro)
{
case DISTRO_CENTOS:
case DISTRO_RHEL:
if(distro.version[0] < '5')
{
DJ_LOG_INFO("Safe version of RHEL");
goto cleanup;
}
break;
case DISTRO_FEDORA:
if(atol(distro.version) < 6)
{
DJ_LOG_INFO("Safe version of Fedora");
goto cleanup;
}
break;
default:
goto cleanup;
}
*hasBadSeLinux = TRUE;
cleanup:
if(ceError)
*hasBadSeLinux = TRUE;
CT_SAFE_FREE_STRING(output);
DJFreeDistroInfo(&distro);
return ceError;
}
DWORD
UpdateNsswitchConf(NsswitchConf *conf, BOOLEAN enable)
{
DWORD ceError = ERROR_SUCCESS;
LwDistroInfo distro;
int line;
int lwiIndex;
static const char* moduleName = "lsass";
static const char* oldModule = "lwidentity";
const char* pszModule = NULL;
CHAR szCommand[2 * PATH_MAX + 1] = {};
GCE(ceError = DJGetDistroInfo(NULL, &distro));
line = FindEntry(conf, 0, "passwd");
if(enable && line == -1)
{
DJ_LOG_INFO("Adding passwd line");
GCE(ceError = AddEntry(conf, &distro, &line, "passwd"));
GCE(ceError = InsertModule(conf, &distro, line, -1, "files"));
}
lwiIndex = FindModuleOnLine(conf, line, moduleName);
if(enable && lwiIndex == -1)
{
GCE(ceError = InsertModule(conf, &distro, line, -1, moduleName));
}
if(!enable && lwiIndex != -1)
{
GCE(ceError = RemoveModule(conf, line, lwiIndex));
}
lwiIndex = FindModuleOnLine(conf, line, oldModule);
if(lwiIndex != -1)
{
GCE(ceError = RemoveModule(conf, line, lwiIndex));
}
// If lwidentity was the only entry
// and we removed that now, don't write
// an empty entry into the file
if(!enable && line != -1 && GetEntry(conf, line)->modules.size == 0)
{
GCE(ceError = InsertModule(conf, &distro, line, -1, "files"));
}
line = FindEntry(conf, 0, "group");
if(line == -1)
{
line = FindEntry(conf, 0, "groups");
}
if(enable && line == -1)
{
/* The nsswitch file doesn't have an existing groups line. We have to
* guess based on platform whether it uses 'group' or 'groups'.
*/
const char *groupName = "group";
if(distro.os == OS_AIX || distro.os == OS_DARWIN)
{
groupName = "groups";
}
DJ_LOG_INFO("Adding %s line", groupName);
GCE(ceError = AddEntry(conf, &distro, &line, groupName));
GCE(ceError = InsertModule(conf, &distro, line, -1, "files"));
}
lwiIndex = FindModuleOnLine(conf, line, moduleName);
if(enable && lwiIndex == -1)
{
GCE(ceError = InsertModule(conf, &distro, line, -1, moduleName));
}
if(!enable && lwiIndex != -1)
{
GCE(ceError = RemoveModule(conf, line, lwiIndex));
}
lwiIndex = FindModuleOnLine(conf, line, oldModule);
if(lwiIndex != -1)
{
GCE(ceError = RemoveModule(conf, line, lwiIndex));
}
// If lwidentity was the only entry
// and we removed that now, don't write
// an empty entry into the file
if(!enable && line != -1 && GetEntry(conf, line)->modules.size == 0)
{
GCE(ceError = InsertModule(conf, &distro, line, -1, "files"));
}
// If initgroups is present, it overrides the groups line
// and has different semantics.
// As soon as a module reports success, processing stops. We don't want
// that so we need to add '[SUCCESS=continue]'
// We are not adding initgroups if it is not present.
line = FindEntry(conf, 0, "initgroups");
lwiIndex = FindModuleOnLine(conf, line, moduleName);
if(enable && line != -1 && lwiIndex == -1)
{
GCE(ceError = InsertModule(conf, &distro, line, -1, moduleName));
lwiIndex = FindModuleOnLine(conf, line, moduleName);
if (lwiIndex > 0)
{
ceError = InsertModule(conf, &distro, line, lwiIndex, "[SUCCESS=continue]");
if (ceError)
{
RemoveModule(conf, line, lwiIndex - 1);
GCE(ceError);
}
}
}
if (!enable && line != -1 && lwiIndex != -1)
{
if (lwiIndex > 0)
{
pszModule = GetModule(conf, line, lwiIndex - 1);
if (pszModule && *pszModule == '[')
{
GCE(ceError = RemoveModule(conf, line, lwiIndex - 1));
lwiIndex = lwiIndex - 1;
}
}
GCE(ceError = RemoveModule(conf, line, lwiIndex));
}
if(!enable && line != -1 && GetEntry(conf, line)->modules.size == 0)
{
GCE(ceError = InsertModule(conf, &distro, line, -1, "files"));
}
if(distro.os == OS_SUNOS)
{
if(strcmp("5.11", distro.version) == 0)
{
if(enable)
{
sprintf(szCommand,
"svccfg -s name-service/switch setprop config/password=\\\"files %s\\\"",
moduleName);
if(system(szCommand) < 0)
{
goto cleanup;
}
memset(szCommand, 0, sizeof(szCommand));
sprintf(szCommand,
"svccfg -s name-service/switch setprop config/group=\\\"files %s\\\"",
moduleName);
if(system(szCommand) < 0)
{
goto cleanup;
}
memset(szCommand, 0, sizeof(szCommand));
sprintf(szCommand, "svcadm refresh name-service/switch");
if(system(szCommand) < 0)
{
goto cleanup;
}
}
else
{
memset(szCommand, 0, sizeof(szCommand));
sprintf(szCommand,
"svccfg -s name-service/switch setprop config/password=files");
if(system(szCommand) < 0)
{
goto cleanup;
}
memset(szCommand, 0, sizeof(szCommand));
sprintf(szCommand,
"svccfg -s name-service/switch setprop config/group=files");
if(system(szCommand) < 0)
{
goto cleanup;
}
memset(szCommand, 0, sizeof(szCommand));
sprintf(szCommand, "svcadm refresh name-service/switch");
if(system(szCommand) < 0)
{
goto cleanup;
}
}
}
else
{
goto cleanup;
}
}
cleanup:
DJFreeDistroInfo(&distro);
return ceError;
}
static
DWORD
DJUpdateHostEntry(
PHOSTSFILELINE pLine,
PCSTR pszShortName,
PCSTR pszFqdnName,
PCSTR pszRemoveName1,
PCSTR pszRemoveName2
)
{
DWORD ceError = ERROR_SUCCESS;
PHOSTFILEALIAS *aliasPos;
//This updates our hostname in a line of the hosts file
// 1. pszFqdnName will be added as the primary name in the host entry
// 2. pszShortName will be added as the first alias
// 3. Whatever was previously the primary name and first alias will be
// added as the second and third aliases
// 4. If pszRemoveName1 and or pszRemoveName2 are not null, they will
// be removed from the alias list
if (pszFqdnName == NULL && pszShortName != NULL)
{
pszFqdnName = pszShortName;
pszShortName = NULL;
}
else if (pszFqdnName != NULL && pszShortName != NULL &&
!strcasecmp(pszFqdnName, pszShortName))
{
pszShortName = NULL;
}
DJ_LOG_INFO("Adding %s (fqdn %s) to /etc/hosts ip %s, "
"removing %s, %s, %s, %s",
Disp(pszShortName), Disp(pszFqdnName),
Disp(pLine->pEntry->pszIpAddress),
Disp(pszShortName), Disp(pszFqdnName),
Disp(pszRemoveName1), Disp(pszRemoveName2));
if (pszFqdnName != NULL && (pLine->pEntry->pszCanonicalName == NULL ||
strcasecmp(pLine->pEntry->pszCanonicalName, pszFqdnName)))
{
if (pLine->pEntry->pszCanonicalName != NULL)
{
ceError = DJAddAlias(pLine, pLine->pEntry->pszCanonicalName, FALSE, NULL);
BAIL_ON_CENTERIS_ERROR(ceError);
CTFreeString(pLine->pEntry->pszCanonicalName);
pLine->pEntry->pszCanonicalName = NULL;
}
ceError = CTAllocateString(pszFqdnName, &pLine->pEntry->pszCanonicalName);
BAIL_ON_CENTERIS_ERROR(ceError);
pLine->bModified = TRUE;
}
aliasPos = &pLine->pEntry->pAliasList;
if (pszShortName != NULL)
{
if (pLine->pEntry->pAliasList == NULL || strcasecmp(pLine->pEntry->pAliasList->pszAlias, pszShortName))
{
ceError = DJAddAlias(pLine, pszShortName, TRUE, NULL);
BAIL_ON_CENTERIS_ERROR(ceError);
}
//Skip over this so we don't delete it
aliasPos = &(*aliasPos)->pNext;
}
{
PCSTR removeStrings[] = {
pszShortName,
pszFqdnName,
pszRemoveName1,
pszRemoveName2 };
while (*aliasPos != NULL)
{
int i;
for(i=0; i<sizeof(removeStrings)/sizeof(removeStrings[0]); i++)
{
if(removeStrings[i] != NULL &&
!strcasecmp((*aliasPos)->pszAlias, removeStrings[i]))
{
//Remove it
PHOSTFILEALIAS remove = *aliasPos;
(*aliasPos) = remove->pNext;
DJFreeAlias(remove);
pLine->bModified = TRUE;
goto removed_entry;
}
}
//Advance to the next entry because nothing was removed.
aliasPos = &(*aliasPos)->pNext;
removed_entry:
;
}
}
error:
return ceError;
}
static
DWORD
DJWriteHostsFileIfModified(
const char *filename,
PHOSTSFILELINE pHostFileLineList
)
{
DWORD ceError = ERROR_SUCCESS;
PHOSTSFILELINE pLine = pHostFileLineList;
FILE* fp = NULL;
PHOSTFILEALIAS pAlias = NULL;
BOOLEAN bRemoveFile = FALSE;
char *tempName = NULL;
char *finalName = NULL;
ceError = CTGetFileTempPath(
filename,
&finalName,
&tempName);
BAIL_ON_CENTERIS_ERROR(ceError);
if (DJHostsFileWasModified(pHostFileLineList))
{
DJ_LOG_INFO("Writing out updated %s file", finalName);
fp = fopen(tempName, "w");
if (fp == NULL) {
ceError = LwMapErrnoToLwError(errno);
BAIL_ON_CENTERIS_ERROR(ceError);
}
bRemoveFile = TRUE;
while (pLine) {
if (pLine->pEntry != NULL) {
if (!IsNullOrEmptyString(pLine->pEntry->pszIpAddress))
{
if (fprintf(fp, "%s", pLine->pEntry->pszIpAddress) < 0)
{
ceError = LwMapErrnoToLwError(errno);
BAIL_ON_CENTERIS_ERROR(ceError);
}
}
if (!IsNullOrEmptyString(pLine->pEntry->pszCanonicalName))
{
if (fprintf(fp, " %s", pLine->pEntry->pszCanonicalName) < 0)
{
ceError = LwMapErrnoToLwError(errno);
BAIL_ON_CENTERIS_ERROR(ceError);
}
}
pAlias = pLine->pEntry->pAliasList;
while (pAlias) {
if (!IsNullOrEmptyString(pAlias->pszAlias))
{
if (fprintf(fp, " %s", pAlias->pszAlias) < 0)
{
ceError = LwMapErrnoToLwError(errno);
BAIL_ON_CENTERIS_ERROR(ceError);
}
}
pAlias = pAlias->pNext;
}
if (pLine->pszComment != NULL)
{
if (fprintf(fp, " %s", pLine->pszComment) < 0)
{
ceError = LwMapErrnoToLwError(errno);
BAIL_ON_CENTERIS_ERROR(ceError);
}
}
if (fprintf(fp, "\n") < 0)
{
ceError = LwMapErrnoToLwError(errno);
BAIL_ON_CENTERIS_ERROR(ceError);
}
}
else if(pLine->pszComment != NULL)
{
if (fprintf(fp, "%s\n", pLine->pszComment) < 0)
{
ceError = LwMapErrnoToLwError(errno);
BAIL_ON_CENTERIS_ERROR(ceError);
}
}
pLine = pLine->pNext;
}
if (fp) {
fclose(fp);
fp = NULL;
}
ceError = CTSafeReplaceFile(finalName, tempName);
BAIL_ON_CENTERIS_ERROR(ceError);
#if defined(__LWI_DARWIN__)
MacDnsCacheFlush();
#endif
bRemoveFile = FALSE;
}
else
DJ_LOG_INFO("%s file was not modified; not rewriting", finalName);
error:
if (fp)
fclose(fp);
if (bRemoveFile)
CTRemoveFile(tempName);
CT_SAFE_FREE_STRING(finalName);
CT_SAFE_FREE_STRING(tempName);
return ceError;
}
static
DWORD
DJFixNetworkManagerOnlineTimeout(
)
{
DWORD ceError = ERROR_SUCCESS;
PSTR pszFilePath = "/etc/sysconfig/network/config";
DWORD dwTimeout = 60;
int EE = 0;
BOOLEAN bFileExists = FALSE;
char *isEnabled = NULL;
char *currentTimeout = NULL;
char *sedExpression = NULL;
long currentTimeoutLong;
char *conversionEnd;
ceError = CTCheckFileExists(pszFilePath, &bFileExists);
CLEANUP_ON_DWORD_EE(ceError, EE);
if(!bFileExists)
goto cleanup;
ceError = CTShell(". %pszFilePath; echo \"$NETWORKMANAGER\" >%enabled; echo \"$NM_ONLINE_TIMEOUT\" >%timeout",
CTSHELL_STRING (pszFilePath, pszFilePath),
CTSHELL_BUFFER (enabled, &isEnabled),
CTSHELL_BUFFER (timeout, ¤tTimeout));
CLEANUP_ON_DWORD_EE(ceError, EE);
CTStripTrailingWhitespace(isEnabled);
CTStripTrailingWhitespace(currentTimeout);
DJ_LOG_VERBOSE("Network manager enabled [%s] network manager timeout [%s]", isEnabled, currentTimeout);
if(strcasecmp(isEnabled, "yes"))
{
DJ_LOG_INFO("Network manager is not enabled");
goto cleanup;
}
currentTimeoutLong = strtol(currentTimeout, &conversionEnd, 10);
if(*conversionEnd != '\0')
{
DJ_LOG_INFO("Unable to convert network manager timeout to long");
currentTimeoutLong = 0;
}
if(currentTimeoutLong < dwTimeout)
{
DJ_LOG_INFO("Setting network manager timeout to %d", dwTimeout);
ceError = CTAllocateStringPrintf(&sedExpression,
"s/^\\([ \t]*NM_ONLINE_TIMEOUT[ \t]*=[ \t]*\\).*$/\\1%d/",
dwTimeout);
CLEANUP_ON_DWORD_EE(ceError, EE);
ceError = CTRunSedOnFile(pszFilePath, pszFilePath, FALSE, sedExpression);
CLEANUP_ON_DWORD_EE(ceError, EE);
}
cleanup:
DJ_LOG_VERBOSE("DJFixNetworkManagerOnlineTimeout LEAVE -> 0x%08x (EE = %d)", ceError, EE);
CT_SAFE_FREE_STRING(isEnabled);
CT_SAFE_FREE_STRING(currentTimeout);
CT_SAFE_FREE_STRING(sedExpression);
return ceError;
}
DWORD
ReadNsswitchConf(NsswitchConf *conf, const char *testPrefix,
BOOLEAN allowFileCreate)
{
PSTR copyDestPath = NULL;
PSTR defaultFilePath = NULL;
DWORD ceError = ERROR_SUCCESS;
BOOLEAN bFileExists = FALSE;
memset(conf, 0, sizeof(*conf));
//Keep trying to read different filenames until one of them is found
if(!bFileExists)
{
bFileExists = TRUE;
ceError = ReadNsswitchFile(conf, testPrefix, "/etc/nsswitch.conf");
if(ceError == ERROR_FILE_NOT_FOUND)
{
bFileExists = FALSE;
ceError = ERROR_SUCCESS;
}
GCE(ceError);
}
if(!bFileExists)
{
bFileExists = TRUE;
ceError = ReadNsswitchFile(conf, testPrefix, "/etc/netsvc.conf");
if(ceError == ERROR_FILE_NOT_FOUND)
{
bFileExists = FALSE;
ceError = ERROR_SUCCESS;
}
GCE(ceError);
}
/* HP-UX 11.xx does not appear to have an nsswitch file in
place by default. If we don't find on already installed,
use our own */
if(!bFileExists)
{
GCE(ceError = CTAllocateStringPrintf(
&defaultFilePath, "%s%s", testPrefix, NSSWITCH_LWIDEFAULTS));
GCE(ceError = CTCheckFileExists(defaultFilePath, &bFileExists));
if (bFileExists) {
ceError = ReadNsswitchFile(conf, testPrefix, NSSWITCH_LWIDEFAULTS);
GCE(ceError);
CT_SAFE_FREE_STRING(conf->filename);
conf->modified = TRUE;
if(allowFileCreate)
{
GCE(ceError = CTStrdup(NSSWITCH_CONF_PATH, &conf->filename));
/* Copy over the original file. This way the user can more
* clearly see what we changed by comparing nsswitch.conf with
* nsswitch.conf.lwidentity.orig. Also, the permissions will be
* correct this way when the file is written out.
*/
DJ_LOG_INFO("Copying default nsswitch file");
GCE(ceError = CTAllocateStringPrintf(
©DestPath, "%s%s", testPrefix, NSSWITCH_CONF_PATH));
ceError = CTCopyFileWithOriginalPerms(defaultFilePath, copyDestPath);
GCE(ceError);
}
else
{
GCE(ceError = CTStrdup(NSSWITCH_LWIDEFAULTS, &conf->filename));
}
}
}
if(!bFileExists)
{
GCE(ceError = ERROR_FILE_NOT_FOUND);
}
cleanup:
CT_SAFE_FREE_STRING(copyDestPath);
CT_SAFE_FREE_STRING(defaultFilePath);
return ceError;
}
BOOLEAN FindSshAndConfig(
PCSTR pSshOrSshd,
PSTR *ppSshBinary,
PSTR *ppSshConfig,
LWException **ppExc)
{
DWORD ceError = ERROR_SUCCESS;
/* Mac OS X stores the configuration in /etc */
/* CSW ssh on Solaris uses /opt/csw/etc/ssh */
const PCSTR ppSshConfigPaths[] = {
"/etc/ssh",
"/opt/ssh/etc",
"/usr/local/etc",
"/etc",
"/etc/openssh",
"/usr/openssh/etc",
"/opt/csw/etc/ssh",
NULL
};
DWORD foundConfigCount = 0;
PSTR* ppFoundConfigs = NULL;
/* Solaris Sparc 10 stores sshd in /usr/lib/ssh */
/* Experian says their sshd is at /usr/openssh/sbin/sshd */
/* CSW ssh on Solaris uses /opt/csw/sbin/sshd */
const PCSTR ppSshBinaryPaths[] = {
"/usr/sbin",
"/opt/ssh/sbin",
"/usr/local/sbin",
"/usr/bin",
"/opt/ssh/bin",
"/usr/local/bin",
"/usr/lib/ssh",
"/usr/openssh/sbin",
"/usr/openssh/bin",
"/opt/csw/sbin",
"/opt/csw/bin",
"/opt/ssh/hpux64/sbin",
NULL
};
DWORD foundBinaryCount = 0;
PSTR* ppFoundBinaries = NULL;
PSTR pConfigFilename = NULL;
PSTR pBinaryFilename = NULL;
PSTR pFoundConfigList = NULL;
PSTR pFoundBinaryList = NULL;
DWORD index = 0;
*ppSshBinary = NULL;
*ppSshConfig = NULL;
LW_CLEANUP_CTERR(ppExc, CTAllocateStringPrintf(
&pConfigFilename, "%s_config", pSshOrSshd));
LW_CLEANUP_CTERR(ppExc, CTAllocateStringPrintf(
&pBinaryFilename, "%s", pSshOrSshd));
ceError = LwFindFilesInPaths(
pConfigFilename,
LWFILE_REGULAR,
ppSshConfigPaths,
&foundConfigCount,
&ppFoundConfigs);
LW_CLEANUP_CTERR(ppExc, ceError);
ceError = LwRemoveDuplicateInodes(
&foundConfigCount,
ppFoundConfigs);
LW_CLEANUP_CTERR(ppExc, ceError);
ceError = LwFindFilesInPaths(
pBinaryFilename,
LWFILE_REGULAR,
ppSshBinaryPaths,
&foundBinaryCount,
&ppFoundBinaries);
LW_CLEANUP_CTERR(ppExc, ceError);
ceError = LwRemoveDuplicateInodes(
&foundBinaryCount,
ppFoundBinaries);
LW_CLEANUP_CTERR(ppExc, ceError);
// Ssh version A.04.40.005 on HP-UX Itanimum has these paths:
// /opt/ssh/hpux64/sbin/sshd (ELF-64 IA64)
// /opt/ssh/sbin/sshd (ELF-32 IA64)
// /usr/sbin/sshd (symlink to /opt/ssh/hpux64/sbin/sshd)
//
// Ssh version A.04.30.007 on HP-UX Itanimum has these paths:
// /opt/ssh/hpux64/sbin/sshd (ELF-64 IA64)
// /opt/ssh/sbin/sshd (ELF-32 IA64)
// /usr/sbin/sshd (symlink to /opt/ssh/sbin/sshd)
//
// Both files point to the same config path. An exception must exist for
// this case since the inodes are different for the two architectures.
//
// The symlink at /usr/sbin/sshd wins the duplication removal process. So
// if it is found, the other path must be removed.
for (index = 0; index < foundBinaryCount; index++)
{
if (!strcmp(ppFoundBinaries[index], "/usr/sbin/sshd"))
{
// Remove /opt/ssh/sbin/sshd or /opt/ssh/hpux64/sbin/sshd if they
// are in the list
for (index = 0; index < foundBinaryCount; index++)
{
if (!strcmp(ppFoundBinaries[index], "/opt/ssh/sbin/sshd") ||
!strcmp(ppFoundBinaries[index],
"/opt/ssh/hpux64/sbin/sshd"))
{
LW_SAFE_FREE_STRING(ppFoundBinaries[index]);
memmove(&ppFoundBinaries[index],
&ppFoundBinaries[index+1],
(foundBinaryCount - index - 1) *
sizeof(ppFoundBinaries[index]));
foundBinaryCount--;
break;
}
}
break;
}
}
if ((foundConfigCount | foundBinaryCount) > 0 && foundConfigCount != foundBinaryCount)
{
ceError = CombinePaths(
foundConfigCount,
ppFoundConfigs,
&pFoundConfigList);
LW_CLEANUP_CTERR(ppExc, ceError);
ceError = CombinePaths(
foundBinaryCount,
ppFoundBinaries,
&pFoundBinaryList);
LW_CLEANUP_CTERR(ppExc, ceError);
if ((foundConfigCount | foundBinaryCount) == 1)
{
ceError = ERROR_FILE_NOT_FOUND;
}
else
{
ceError = ERROR_DUPLICATE_SERVICE_NAME;
}
LW_RAISE_EX(ppExc, ceError,
"Unable to find ssh binary",
"A %s config file was at %s, and a %s binary file was found at %s. Exactly one config file and one binary must exist on the system in a standard location. Uninstall any unused copies of ssh.",
pSshOrSshd,
pFoundConfigList,
pSshOrSshd,
pFoundBinaryList);
}
if (foundConfigCount == 1)
{
DJ_LOG_INFO("Found config file %s", ppFoundConfigs[0]);
*ppSshConfig = ppFoundConfigs[0];
ppFoundConfigs[0] = NULL;
}
if (foundBinaryCount == 1)
{
DJ_LOG_INFO("Found binary %s", ppFoundBinaries[0]);
*ppSshBinary = ppFoundBinaries[0];
ppFoundBinaries[0] = NULL;
}
cleanup:
if (ppFoundConfigs)
{
LwFreeStringArray(
ppFoundConfigs,
foundConfigCount);
}
if (ppFoundBinaries)
{
LwFreeStringArray(
ppFoundBinaries,
foundBinaryCount);
}
LW_SAFE_FREE_STRING(pConfigFilename);
LW_SAFE_FREE_STRING(pBinaryFilename);
LW_SAFE_FREE_STRING(pFoundConfigList);
LW_SAFE_FREE_STRING(pFoundBinaryList);
return (foundConfigCount == 1);
}
DWORD
UpdateNsswitchConf(NsswitchConf *conf, BOOLEAN enable)
{
DWORD ceError = ERROR_SUCCESS;
DistroInfo distro;
int line;
int lwiIndex;
static const char* moduleName = "lsass";
static const char* oldModule = "lwidentity";
GCE(ceError = DJGetDistroInfo(NULL, &distro));
line = FindEntry(conf, 0, "passwd");
if(enable && line == -1)
{
DJ_LOG_INFO("Adding passwd line");
GCE(ceError = AddEntry(conf, &distro, &line, "passwd"));
GCE(ceError = InsertModule(conf, &distro, line, -1, "files"));
}
lwiIndex = FindModuleOnLine(conf, line, moduleName);
if(enable && lwiIndex == -1)
{
GCE(ceError = InsertModule(conf, &distro, line, -1, moduleName));
}
if(!enable && lwiIndex != -1)
{
GCE(ceError = RemoveModule(conf, line, lwiIndex));
}
lwiIndex = FindModuleOnLine(conf, line, oldModule);
if(lwiIndex != -1)
{
GCE(ceError = RemoveModule(conf, line, lwiIndex));
}
// If lwidentity was the only entry
// and we removed that now, don't write
// an empty entry into the file
if(!enable && line != -1 && GetEntry(conf, line)->modules.size == 0)
{
GCE(ceError = InsertModule(conf, &distro, line, -1, "files"));
}
line = FindEntry(conf, 0, "group");
if(line == -1)
{
line = FindEntry(conf, 0, "groups");
}
if(enable && line == -1)
{
/* The nsswitch file doesn't have an existing groups line. We have to
* guess based on platform whether it uses 'group' or 'groups'.
*/
const char *groupName = "group";
if(distro.os == OS_AIX || distro.os == OS_DARWIN)
{
groupName = "groups";
}
DJ_LOG_INFO("Adding %s line", groupName);
GCE(ceError = AddEntry(conf, &distro, &line, groupName));
GCE(ceError = InsertModule(conf, &distro, line, -1, "files"));
}
lwiIndex = FindModuleOnLine(conf, line, moduleName);
if(enable && lwiIndex == -1)
{
GCE(ceError = InsertModule(conf, &distro, line, -1, moduleName));
}
if(!enable && lwiIndex != -1)
{
GCE(ceError = RemoveModule(conf, line, lwiIndex));
}
lwiIndex = FindModuleOnLine(conf, line, oldModule);
if(lwiIndex != -1)
{
GCE(ceError = RemoveModule(conf, line, lwiIndex));
}
// If lwidentity was the only entry
// and we removed that now, don't write
// an empty entry into the file
if(!enable && line != -1 && GetEntry(conf, line)->modules.size == 0)
{
GCE(ceError = InsertModule(conf, &distro, line, -1, "files"));
}
cleanup:
DJFreeDistroInfo(&distro);
return ceError;
}
static void GetSshVersion(PCSTR rootPrefix, SshdVersion *version, PCSTR binaryPath, LWException **exc)
{
DWORD ceError = ERROR_SUCCESS;
PSTR command = NULL;
PSTR commandOutput = NULL;
PCSTR versionStart;
PSTR intEnd;
version->isOpenSsh = FALSE;
version->major = -1;
version->minor = -1;
version->secondMinor = -1;
version->patch = -1;
if(rootPrefix == NULL)
rootPrefix = "";
LW_CLEANUP_CTERR(exc, CTAllocateStringPrintf(
&command, "%s%s -v 2>&1",
rootPrefix, binaryPath));
ceError = CTCaptureOutput(command, &commandOutput);
if(ceError == ERROR_BAD_COMMAND)
ceError = ERROR_SUCCESS;
LW_CLEANUP_CTERR(exc, ceError);
// The version string is in the form OpenSSH_4.6p1
// or OpenSSH_3.6.1p1
versionStart = strstr(commandOutput, "OpenSSH_");
if(versionStart == NULL)
{
goto cleanup;
}
version->isOpenSsh = TRUE;
versionStart += strlen("OpenSSH_");
version->major = strtoul(versionStart, &intEnd, 10);
if(intEnd == versionStart)
version->major = -1;
if(intEnd == NULL || *intEnd != '.')
goto cleanup;
versionStart = intEnd + 1;
version->minor = strtoul(versionStart, &intEnd, 10);
if(intEnd == versionStart)
version->minor = -1;
if(intEnd == NULL || (*intEnd != '.' && *intEnd != 'p'))
goto cleanup;
versionStart = intEnd + 1;
if(*intEnd == '.')
{
version->secondMinor = strtoul(versionStart, &intEnd, 10);
if(intEnd == versionStart)
version->secondMinor = -1;
if(intEnd == NULL || *intEnd != 'p')
goto cleanup;
versionStart = intEnd + 1;
}
version->patch = strtoul(versionStart, &intEnd, 10);
if(intEnd == versionStart)
version->patch = -1;
cleanup:
if(version->isOpenSsh)
{
DJ_LOG_INFO("Found open sshd version %d.%d.%dp%d", version->major,
version->minor, version->secondMinor, version->patch);
}
else
{
DJ_LOG_INFO("Found non-openssh version of ssh");
}
CT_SAFE_FREE_STRING(command);
CT_SAFE_FREE_STRING(commandOutput);
}
void DoLeaveNew(int argc, char **argv, int columns, LWException **exc)
{
JoinProcessOptions options;
BOOLEAN advanced = FALSE;
BOOLEAN preview = FALSE;
DynamicArray enableModules, disableModules, ignoreModules;
DynamicArray detailModules;
size_t i;
PSTR moduleDetails = NULL;
PSTR wrapped = NULL;
int passwordIndex = -1;
DJZeroJoinProcessOptions(&options);
memset(&enableModules, 0, sizeof(enableModules));
memset(&disableModules, 0, sizeof(disableModules));
memset(&ignoreModules, 0, sizeof(ignoreModules));
memset(&detailModules, 0, sizeof(detailModules));
while(argc > 0 && CTStrStartsWith(argv[0], "--"))
{
if(!strcmp(argv[0], "--advanced"))
advanced = TRUE;
else if(!strcmp(argv[0], "--preview"))
preview = TRUE;
else if(argc < 2)
{
LW_RAISE(exc, LW_ERROR_SHOW_USAGE);
goto cleanup;
}
else if(!strcmp(argv[0], "--enable"))
{
LW_CLEANUP_CTERR(exc, CTArrayAppend(&enableModules, sizeof(PCSTR *), &argv[1], 1));
argv++;
argc--;
}
else if(!strcmp(argv[0], "--disable"))
{
if(!strcmp(argv[1], "ssh")){
options.ignoreSsh = TRUE;
}
else {
options.ignoreSsh = FALSE;
LW_CLEANUP_CTERR(exc, CTArrayAppend(&disableModules, sizeof(PCSTR *), &argv[1], 1));
}
argv++;
argc--;
}
else if(!strcmp(argv[0], "--ignore"))
{
LW_CLEANUP_CTERR(exc, CTArrayAppend(&ignoreModules, sizeof(PCSTR *), &argv[1], 1));
argv++;
argc--;
}
else if(!strcmp(argv[0], "--details"))
{
LW_CLEANUP_CTERR(exc, CTArrayAppend(&detailModules, sizeof(PCSTR *), &argv[1], 1));
argv++;
argc--;
}
else if(!strcmp(argv[0], "--multiple"))
{
options.enableMultipleJoins = TRUE;
LW_CLEANUP_CTERR(exc, CTStrdup(argv[1], &options.domainName));
argv++;
argc--;
}
else
{
LW_RAISE(exc, LW_ERROR_SHOW_USAGE);
goto cleanup;
}
argv++;
argc--;
}
if(argc == 2)
{
LW_CLEANUP_CTERR(exc, CTStrdup(argv[1], &options.password));
passwordIndex = 1;
}
else if(argc > 2)
{
LW_RAISE(exc, LW_ERROR_SHOW_USAGE);
goto cleanup;
}
options.joiningDomain = FALSE;
DJ_LOG_INFO("Domainjoin invoked with %d arg(s) to the leave command:", argc);
for(i = 0; i < argc; i++)
{
DJ_LOG_INFO(" [%s]", i == passwordIndex ? "<password>" : argv[i]);
}
if(argc > 0)
{
LW_CLEANUP_CTERR(exc, CTStrdup(argv[0], &options.username));
}
options.warningCallback = PrintWarning;
options.showTraces = advanced;
LW_CLEANUP_CTERR(exc, DJGetComputerName(&options.computerName));
LW_TRY(exc, DJInitModuleStates(&options, &LW_EXC));
for(i = 0; i < enableModules.size; i++)
{
PCSTR module = *(PCSTR *)CTArrayGetItem(
&enableModules, i, sizeof(PCSTR));
if(CTArrayFindString(&disableModules, module) != -1)
{
LW_RAISE_EX(exc, ERROR_INVALID_PARAMETER, "Module already specified", "The module '%s' is listed as being disabled and enabled", module);
goto cleanup;
}
if(CTArrayFindString(&ignoreModules, module) != -1)
{
LW_RAISE_EX(exc, ERROR_INVALID_PARAMETER, "Module already specified", "The module '%s' is listed as being ignored and enabled", module);
goto cleanup;
}
LW_TRY(exc, DJSetModuleDisposition(&options, module, EnableModule, &LW_EXC));
}
for(i = 0; i < disableModules.size; i++)
{
PCSTR module = *(PCSTR *)CTArrayGetItem(
&disableModules, i, sizeof(PCSTR));
if(CTArrayFindString(&enableModules, module) != -1)
{
LW_RAISE_EX(exc, ERROR_INVALID_PARAMETER, "Module already specified", "The module '%s' is listed as being disabled and enabled", module);
goto cleanup;
}
if(CTArrayFindString(&ignoreModules, module) != -1)
{
LW_RAISE_EX(exc, ERROR_INVALID_PARAMETER, "Module already specified", "The module '%s' is listed as being disabled and ignored", module);
goto cleanup;
}
LW_TRY(exc, DJSetModuleDisposition(&options, module, DisableModule, &LW_EXC));
}
for(i = 0; i < ignoreModules.size; i++)
{
PCSTR module = *(PCSTR *)CTArrayGetItem(
&ignoreModules, i, sizeof(PCSTR));
if(CTArrayFindString(&enableModules, module) != -1)
{
LW_RAISE_EX(exc, ERROR_INVALID_PARAMETER, "Module already specified", "The module '%s' is listed as being ignored and enabled", module);
goto cleanup;
}
if(CTArrayFindString(&disableModules, module) != -1)
{
LW_RAISE_EX(exc, ERROR_INVALID_PARAMETER, "Module already specified", "The module '%s' is listed as being ignored and disabled", module);
goto cleanup;
}
LW_TRY(exc, DJSetModuleDisposition(&options, module, IgnoreModule, &LW_EXC));
}
for(i = 0; i < detailModules.size; i++)
{
PCSTR module = *(PCSTR *)CTArrayGetItem(
&detailModules, i, sizeof(PCSTR));
ModuleState *state = DJGetModuleStateByName(&options, module);
if(state == NULL)
{
LW_RAISE_EX(exc, ERROR_INVALID_PARAMETER, "Unable to find module.", "Please check the spelling of '%s'. This module cannot be found", module);
goto cleanup;
}
PrintModuleState(state);
}
if(detailModules.size > 0)
{
PrintStateKey();
}
for(i = 0; i < detailModules.size; i++)
{
PCSTR module = *(PCSTR *)CTArrayGetItem(
&detailModules, i, sizeof(PCSTR));
ModuleState *state = DJGetModuleStateByName(&options, module);
CT_SAFE_FREE_STRING(moduleDetails);
CT_SAFE_FREE_STRING(wrapped);
LW_TRY(exc, moduleDetails = state->module->GetChangeDescription(&options, &LW_EXC));
LW_CLEANUP_CTERR(exc, CTWordWrap(moduleDetails, &wrapped, 4, columns));
fprintf(stdout, "\nDetails for '%s':\n%s\n", state->module->longName, wrapped);
}
if(detailModules.size > 0)
goto cleanup;
LW_TRY(exc, PrintJoinHeader(&options, &LW_EXC));
if(preview)
{
PrintModuleStates(advanced, &options);
if(!advanced)
LW_TRY(exc, DJCheckRequiredEnabled(&options, &LW_EXC));
goto cleanup;
}
LW_TRY(exc, DJCheckRequiredEnabled(&options, &LW_EXC));
if (options.username != NULL && IsNullOrEmptyString(options.password))
{
CT_SAFE_FREE_STRING(options.password);
LW_CLEANUP_CTERR(exc, FillMissingPassword(options.username,
&options.password));
}
LW_TRY(exc, DJRunJoinProcess(&options, &LW_EXC));
fprintf(stdout, "SUCCESS\n");
cleanup:
DJFreeJoinProcessOptions(&options);
CTArrayFree(&enableModules);
CTArrayFree(&disableModules);
CTArrayFree(&ignoreModules);
CTArrayFree(&detailModules);
CT_SAFE_FREE_STRING(moduleDetails);
CT_SAFE_FREE_STRING(wrapped);
}
