void client::SetCAPath(std::string path)
{
DWORD dwError = 0;
dwError = VmAfdSetCAPathA(ServerName.c_str(),
path.c_str());
BAIL_ON_ERROR(dwError);
error:
THROW_IF_NEEDED(dwError);
}
static
DWORD
VmwDeploySetupClient(
PVMW_IC_SETUP_PARAMS pParams
)
{
DWORD dwError = 0;
PCSTR ppszServices[]=
{
VMW_DCERPC_SVC_NAME,
VMW_VMAFD_SVC_NAME
};
PCSTR pszHostname = "localhost";
PCSTR pszUsername = VMW_ADMIN_NAME;
int iSvc = 0;
PSTR pszPrivateKey = NULL;
PSTR pszCACert = NULL;
PSTR pszSSLCert = NULL;
PSTR pszDC = NULL;
VMW_DEPLOY_LOG_INFO(
"Joining system to domain [%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszDomainName));
dwError = VmwDeployValidateHostname(pParams->pszHostname);
BAIL_ON_DEPLOY_ERROR(dwError);
if (pParams->pszMachineAccount)
{
dwError = VmwDeployValidateHostname(pParams->pszMachineAccount);
BAIL_ON_DEPLOY_ERROR(dwError);
}
if (pParams->pszOrgUnit)
{
dwError = VmwDeployValidateOrgUnit(pParams->pszOrgUnit);
BAIL_ON_DEPLOY_ERROR(dwError);
}
pszUsername = (pParams->bUseMachineAccount && pParams->pszMachineAccount)
? pParams->pszMachineAccount : VMW_ADMIN_NAME;
VMW_DEPLOY_LOG_INFO(
"Validating Domain credentials for user [%s@%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pszUsername),
VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszDomainName));
dwError = VmAfdJoinValidateDomainCredentialsA(
pParams->pszDomainName,
pszUsername,
pParams->pszPassword);
BAIL_ON_DEPLOY_ERROR(dwError);
if (pParams->bDisableAfdListener)
{
VMW_DEPLOY_LOG_INFO("Disabling AFD Listener");
dwError = VmwDeployDisableAfdListener();
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Stopping the VMAFD Service...");
dwError = VmwDeployStopService(VMW_VMAFD_SVC_NAME);
BAIL_ON_DEPLOY_ERROR(dwError);
}
for (; iSvc < sizeof(ppszServices)/sizeof(ppszServices[0]); iSvc++)
{
PCSTR pszService = ppszServices[iSvc];
VMW_DEPLOY_LOG_INFO("Starting service [%s]", pszService);
dwError = VmwDeployStartService(pszService);
BAIL_ON_DEPLOY_ERROR(dwError);
}
VMW_DEPLOY_LOG_INFO("Setting configuration values");
dwError = VmAfdSetCAPathA(pszHostname, VMW_DEFAULT_CA_PATH);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Performing domain join operation");
dwError = VmAfdJoinVmDir2A(
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
pParams->pszMachineAccount ?
pParams->pszMachineAccount : pParams->pszHostname,
pParams->pszOrgUnit,
pParams->bMachinePreJoined ?
VMAFD_JOIN_FLAGS_CLIENT_PREJOINED : 0);
BAIL_ON_DEPLOY_ERROR(dwError);
dwError = VmAfdGetDCNameA(pszHostname, &pszDC);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO(
"Get root certificate from VMware Certificate Authority");
dwError = VmwDeployGetRootCACert(
pszDC,
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
&pszCACert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO(
"Adding VMCA's root certificate to VMware endpoint certificate store");
dwError = VmwDeployAddTrustedRoot(pszDC, pszCACert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Generating Machine SSL cert");
dwError = VmwDeployCreateMachineSSLCert(
pszDC,
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
pParams->pszHostname,
pParams->pszSubjectAltName ?
pParams->pszSubjectAltName : pParams->pszHostname,
&pszPrivateKey,
&pszSSLCert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Setting Machine SSL certificate");
dwError = VmAfdSetSSLCertificate(pszHostname, pszSSLCert, pszPrivateKey);
BAIL_ON_DEPLOY_ERROR(dwError);
cleanup:
if (pszPrivateKey)
{
VmwDeployFreeMemory(pszPrivateKey);
}
if (pszSSLCert)
{
VmwDeployFreeMemory(pszSSLCert);
}
if (pszCACert)
{
VmwDeployFreeMemory(pszCACert);
}
if (pszDC)
{
VmwDeployFreeMemory(pszDC);
}
return dwError;
error:
goto cleanup;
}
static
DWORD
VmwDeploySetupServerCommon(
PVMW_IC_SETUP_PARAMS pParams
)
{
DWORD dwError = 0;
PSTR pszHostname = "localhost";
PSTR pszLdapURI = NULL;
PSTR pszUsername = VMW_ADMIN_NAME;
PSTR pszCACert = NULL;
PSTR pszSSLCert = NULL;
PSTR pszPrivateKey = NULL;
PSTR pszVmdirCfgPath = NULL;
VMW_DEPLOY_LOG_INFO("Setting various configuration values");
VMW_DEPLOY_LOG_VERBOSE(
"Setting Domain Name to [%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszDomainName));
dwError = VmAfdSetDomainNameA(pszHostname, pParams->pszDomainName);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_VERBOSE(
"Setting Domain Controller Name to [%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszHostname));
dwError = VmAfdSetDCNameA(pszHostname, pParams->pszHostname);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_VERBOSE(
"Setting PNID to [%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszHostname));
dwError = VmAfdSetPNID(pszHostname, pParams->pszHostname);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_VERBOSE("Setting CA Path to [%s]", VMW_DEFAULT_CA_PATH);
dwError = VmAfdSetCAPathA(pszHostname, VMW_DEFAULT_CA_PATH);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Promoting directory service to be domain controller");
dwError = VmAfdPromoteVmDirA(
pszHostname,
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
pParams->pszSite,
pParams->pszServer);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Setting up the logical deployment unit");
dwError = VmwDeployAllocateStringPrintf(
&pszLdapURI,
"ldap://%s",
pszHostname);
BAIL_ON_DEPLOY_ERROR(dwError);
dwError = VmDirSetupLdu(
pszLdapURI,
pParams->pszDomainName,
pszUsername,
pParams->pszPassword);
BAIL_ON_DEPLOY_ERROR(dwError);
if (!IsNullOrEmptyString(pParams->pszDNSForwarders))
{
VMW_DEPLOY_LOG_INFO("Setting up DNS Forwarders [%s]",
pParams->pszDNSForwarders);
dwError = VmwDeploySetForwarders(
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
pParams->pszDNSForwarders);
BAIL_ON_DEPLOY_ERROR(dwError);
}
VMW_DEPLOY_LOG_INFO("Setting up VMware Certificate Authority");
dwError = VmwDeployMakeRootCACert(
pParams->pszHostname,
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
&pszCACert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO(
"Adding VMCA's root certificate to VMware endpoint certificate store");
dwError = VmwDeployAddTrustedRoot(pParams->pszHostname, pszCACert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Generating Machine SSL cert");
dwError = VmwDeployCreateMachineSSLCert(
pszHostname,
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
pParams->pszHostname,
pParams->pszSubjectAltName ?
pParams->pszSubjectAltName : pParams->pszHostname,
&pszPrivateKey,
&pszSSLCert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Setting Machine SSL certificate");
dwError = VmAfdSetSSLCertificate(pszHostname, pszSSLCert, pszPrivateKey);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO(
"Publishing Machine SSL certificate for directory service");
dwError = VmwDeployGetVmDirConfigPath(&pszVmdirCfgPath);
BAIL_ON_DEPLOY_ERROR(dwError);
dwError = VmwDeployWriteToFile(
pszSSLCert,
pszVmdirCfgPath,
VMW_VMDIR_SSL_CERT_FILE);
BAIL_ON_DEPLOY_ERROR(dwError);
dwError = VmwDeployWriteToFile(
pszPrivateKey,
pszVmdirCfgPath,
VMW_VMDIR_PRIV_KEY_FILE);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Restarting service [%s]", VMW_DIR_SVC_NAME);
dwError = VmwDeployRestartService(VMW_DIR_SVC_NAME);
BAIL_ON_DEPLOY_ERROR(dwError);
cleanup:
if (pszVmdirCfgPath)
{
VmwDeployFreeMemory(pszVmdirCfgPath);
}
if (pszLdapURI)
{
VmwDeployFreeMemory(pszLdapURI);
}
if (pszCACert)
{
VmwDeployFreeMemory(pszCACert);
}
if (pszPrivateKey)
{
VmwDeployFreeMemory(pszPrivateKey);
}
if (pszSSLCert)
{
VmwDeployFreeMemory(pszSSLCert);
}
return dwError;
error:
goto cleanup;
}
static
DWORD
VmwDeploySetupClientWithDC(
PVMW_IC_SETUP_PARAMS pParams
)
{
DWORD dwError = 0;
PCSTR ppszServices[]=
{
VMW_DCERPC_SVC_NAME,
VMW_VMAFD_SVC_NAME
};
PCSTR pszHostname = "localhost";
PCSTR pszUsername = VMW_ADMIN_NAME;
int iSvc = 0;
PSTR pszPrivateKey = NULL;
PSTR pszCACert = NULL;
PSTR pszSSLCert = NULL;
VMW_DEPLOY_LOG_INFO(
"Joining system to domain [%s] using controller at [%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszDomainName),
VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszServer));
if (IsNullOrEmptyString(pParams->pszServer))
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_DEPLOY_ERROR(dwError);
}
dwError = VmwDeployValidateHostname(pParams->pszHostname);
BAIL_ON_DEPLOY_ERROR(dwError);
if (pParams->pszMachineAccount)
{
dwError = VmwDeployValidateHostname(pParams->pszMachineAccount);
BAIL_ON_DEPLOY_ERROR(dwError);
}
if (pParams->pszOrgUnit)
{
dwError = VmwDeployValidateOrgUnit(pParams->pszOrgUnit);
BAIL_ON_DEPLOY_ERROR(dwError);
}
dwError = VmwDeployValidatePartnerCredentials(
pParams->pszServer,
pParams->pszPassword,
pParams->pszDomainName);
BAIL_ON_DEPLOY_ERROR(dwError);
if (pParams->bDisableAfdListener)
{
VMW_DEPLOY_LOG_INFO("Disabling AFD Listener");
dwError = VmwDeployDisableAfdListener();
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Stopping the VMAFD Service...");
dwError = VmwDeployStopService(VMW_VMAFD_SVC_NAME);
BAIL_ON_DEPLOY_ERROR(dwError);
}
for (; iSvc < sizeof(ppszServices)/sizeof(ppszServices[0]); iSvc++)
{
PCSTR pszService = ppszServices[iSvc];
VMW_DEPLOY_LOG_INFO("Starting service [%s]", pszService);
dwError = VmwDeployStartService(pszService);
BAIL_ON_DEPLOY_ERROR(dwError);
}
VMW_DEPLOY_LOG_INFO("Setting various configuration values");
dwError = VmAfdSetPNID(pszHostname, pParams->pszHostname);
BAIL_ON_DEPLOY_ERROR(dwError);
dwError = VmAfdSetCAPathA(pszHostname, VMW_DEFAULT_CA_PATH);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO(
"Joining system to directory service at [%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszServer));
pszUsername = (pParams->bUseMachineAccount && pParams->pszMachineAccount)
? pParams->pszMachineAccount : VMW_ADMIN_NAME;
dwError = VmAfdJoinVmDirA(
pParams->pszServer,
pszUsername,
pParams->pszPassword,
pParams->pszMachineAccount ?
pParams->pszMachineAccount : pParams->pszHostname,
pParams->pszDomainName,
pParams->pszOrgUnit);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO(
"Get root certificate from VMware Certificate Authority");
dwError = VmwDeployGetRootCACert(
pParams->pszServer,
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
&pszCACert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO(
"Adding VMCA's root certificate to VMware endpoint certificate store");
dwError = VmwDeployAddTrustedRoot(pParams->pszServer, pszCACert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Generating Machine SSL cert");
dwError = VmwDeployCreateMachineSSLCert(
pParams->pszServer,
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
pParams->pszHostname,
pParams->pszSubjectAltName ?
pParams->pszSubjectAltName : pParams->pszHostname,
&pszPrivateKey,
&pszSSLCert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Setting Machine SSL certificate");
dwError = VmAfdSetSSLCertificate(pszHostname, pszSSLCert, pszPrivateKey);
BAIL_ON_DEPLOY_ERROR(dwError);
cleanup:
if (pszPrivateKey)
{
VmwDeployFreeMemory(pszPrivateKey);
}
if (pszSSLCert)
{
VmwDeployFreeMemory(pszSSLCert);
}
if (pszCACert)
{
VmwDeployFreeMemory(pszCACert);
}
return dwError;
error:
goto cleanup;
}
static
DWORD
VmwDeploySetupClient(
PVMW_IC_SETUP_PARAMS pParams
)
{
DWORD dwError = 0;
PCSTR ppszServices[]=
{
VMW_DCERPC_SVC_NAME,
VMW_VMAFD_SVC_NAME
};
PCSTR pszHostname = "localhost";
PCSTR pszUsername = VMW_ADMIN_NAME;
int iSvc = 0;
PSTR pszPrivateKey = NULL;
PSTR pszCACert = NULL;
PSTR pszSSLCert = NULL;
VMW_DEPLOY_LOG_INFO(
"Setting up system as client to Infrastructure node at [%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszServer));
dwError = VmwDeployValidatePartnerCredentials(
pParams->pszServer,
pParams->pszPassword,
pParams->pszDomainName);
BAIL_ON_DEPLOY_ERROR(dwError);
for (; iSvc < sizeof(ppszServices)/sizeof(ppszServices[0]); iSvc++)
{
PCSTR pszService = ppszServices[iSvc];
VMW_DEPLOY_LOG_INFO("Starting service [%s]", pszService);
dwError = VmwDeployStartService(pszService);
BAIL_ON_DEPLOY_ERROR(dwError);
}
VMW_DEPLOY_LOG_INFO("Setting various configuration values");
dwError = VmAfdSetDomainNameA(pszHostname, pParams->pszDomainName);
BAIL_ON_DEPLOY_ERROR(dwError);
dwError = VmAfdSetDCNameA(pszHostname, pParams->pszServer);
BAIL_ON_DEPLOY_ERROR(dwError);
dwError = VmAfdSetPNID(pszHostname, pParams->pszHostname);
BAIL_ON_DEPLOY_ERROR(dwError);
dwError = VmAfdSetCAPathA(pszHostname, VMW_DEFAULT_CA_PATH);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO(
"Joining system to directory service at [%s]",
VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszServer));
dwError = VmAfdJoinVmDirA(
pParams->pszServer,
pszUsername,
pParams->pszPassword,
pParams->pszHostname,
pParams->pszDomainName,
NULL /* Org Unit */);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO(
"Get root certificate from VMware Certificate Authority");
dwError = VmwDeployGetRootCACert(
pParams->pszServer,
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
&pszCACert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO(
"Adding VMCA's root certificate to VMware endpoint certificate store");
dwError = VmwDeployAddTrustedRoot(pParams->pszServer, pszCACert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Generating Machine SSL cert");
dwError = VmwDeployCreateMachineSSLCert(
pParams->pszServer,
pParams->pszDomainName,
pszUsername,
pParams->pszPassword,
pParams->pszHostname,
&pszPrivateKey,
&pszSSLCert);
BAIL_ON_DEPLOY_ERROR(dwError);
VMW_DEPLOY_LOG_INFO("Setting Machine SSL certificate");
dwError = VmAfdSetSSLCertificate(pszHostname, pszSSLCert, pszPrivateKey);
BAIL_ON_DEPLOY_ERROR(dwError);
cleanup:
if (pszPrivateKey)
{
VmwDeployFreeMemory(pszPrivateKey);
}
if (pszSSLCert)
{
VmwDeployFreeMemory(pszSSLCert);
}
if (pszCACert)
{
VmwDeployFreeMemory(pszCACert);
}
return dwError;
error:
goto cleanup;
}
