1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* 27 * Initialization routines 28 */ 29 30 #include "idmapd.h" 31 #include <signal.h> 32 #include <thread.h> 33 #include <string.h> 34 #include <errno.h> 35 #include <assert.h> 36 #include <unistd.h> 37 #include <sys/types.h> 38 #include <sys/stat.h> 39 #include <rpcsvc/daemon_utils.h> 40 41 42 int 43 init_mapping_system() 44 { 45 int rc = 0; 46 47 if (rwlock_init(&_idmapdstate.rwlk_cfg, USYNC_THREAD, NULL) != 0) 48 return (-1); 49 if ((rc = load_config()) < 0) 50 return (rc); 51 52 (void) setegid(DAEMON_GID); 53 (void) seteuid(DAEMON_UID); 54 if (init_dbs() < 0) { 55 rc = -1; 56 fini_mapping_system(); 57 } 58 (void) seteuid(0); 59 (void) setegid(0); 60 61 return (rc); 62 } 63 64 void 65 fini_mapping_system() 66 { 67 fini_dbs(); 68 } 69 70 int 71 load_config() 72 { 73 int rc; 74 if ((_idmapdstate.cfg = idmap_cfg_init()) == NULL) { 75 degrade_svc(0, "failed to initialize config"); 76 return (-1); 77 } 78 79 rc = idmap_cfg_load(_idmapdstate.cfg, 0); 80 if (rc < -1) { 81 /* Total failure */ 82 degrade_svc(0, "fatal error while loading configuration"); 83 return (rc); 84 } 85 86 if (rc != 0) 87 /* Partial failure */ 88 idmapdlog(LOG_ERR, "Various errors occurred while loading " 89 "the configuration; check the logs"); 90 91 if ((rc = idmap_cfg_start_updates()) < 0) { 92 /* Total failure */ 93 degrade_svc(0, "could not start config updater"); 94 return (rc); 95 } 96 97 idmapdlog(LOG_DEBUG, "Initial configuration loaded"); 98 99 return (0); 100 } 101 102 103 void 104 reload_ad() 105 { 106 int i; 107 adutils_ad_t *old; 108 adutils_ad_t *new; 109 110 idmap_pg_config_t *pgcfg = &_idmapdstate.cfg->pgcfg; 111 112 if (pgcfg->global_catalog == NULL || 113 pgcfg->global_catalog[0].host[0] == '\0') { 114 /* 115 * No GCs. Continue to use the previous AD config in case 116 * that's still good but auto-discovery had a transient failure. 117 * If that stops working we'll go into degraded mode anyways 118 * when it does. 119 */ 120 degrade_svc(0, 121 "Global Catalog servers not configured/discoverable"); 122 return; 123 } 124 125 old = _idmapdstate.ad; 126 127 if (adutils_ad_alloc(&new, pgcfg->default_domain, 128 ADUTILS_AD_GLOBAL_CATALOG) != ADUTILS_SUCCESS) { 129 degrade_svc(0, "could not initialize AD context"); 130 return; 131 } 132 133 for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++) { 134 if (idmap_add_ds(new, 135 pgcfg->global_catalog[i].host, 136 pgcfg->global_catalog[i].port) != 0) { 137 adutils_ad_free(&new); 138 degrade_svc(0, "could not initialize AD GC context"); 139 return; 140 } 141 } 142 143 _idmapdstate.ad = new; 144 145 if (old != NULL) 146 adutils_ad_free(&old); 147 } 148 149 150 void 151 print_idmapdstate() 152 { 153 int i; 154 idmap_pg_config_t *pgcfg; 155 156 RDLOCK_CONFIG(); 157 158 if (_idmapdstate.cfg == NULL) { 159 idmapdlog(LOG_INFO, "Null configuration"); 160 UNLOCK_CONFIG(); 161 return; 162 } 163 164 pgcfg = &_idmapdstate.cfg->pgcfg; 165 166 idmapdlog(LOG_DEBUG, "list_size_limit=%llu", pgcfg->list_size_limit); 167 idmapdlog(LOG_DEBUG, "default_domain=%s", 168 CHECK_NULL(pgcfg->default_domain)); 169 idmapdlog(LOG_DEBUG, "domain_name=%s", CHECK_NULL(pgcfg->domain_name)); 170 idmapdlog(LOG_DEBUG, "machine_sid=%s", CHECK_NULL(pgcfg->machine_sid)); 171 if (pgcfg->domain_controller == NULL || 172 pgcfg->domain_controller[0].host[0] == '\0') { 173 idmapdlog(LOG_DEBUG, "No domain controllers known"); 174 } else { 175 for (i = 0; pgcfg->domain_controller[i].host[0] != '\0'; i++) 176 idmapdlog(LOG_DEBUG, "domain_controller=%s port=%d", 177 pgcfg->domain_controller[i].host, 178 pgcfg->domain_controller[i].port); 179 } 180 idmapdlog(LOG_DEBUG, "forest_name=%s", CHECK_NULL(pgcfg->forest_name)); 181 idmapdlog(LOG_DEBUG, "site_name=%s", CHECK_NULL(pgcfg->site_name)); 182 if (pgcfg->global_catalog == NULL || 183 pgcfg->global_catalog[0].host[0] == '\0') { 184 idmapdlog(LOG_DEBUG, "No global catalog servers known"); 185 } else { 186 for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++) 187 idmapdlog(LOG_DEBUG, "global_catalog=%s port=%d", 188 pgcfg->global_catalog[i].host, 189 pgcfg->global_catalog[i].port); 190 } 191 idmapdlog(LOG_DEBUG, "ds_name_mapping_enabled=%s", 192 (pgcfg->ds_name_mapping_enabled == TRUE) ? "true" : "false"); 193 idmapdlog(LOG_DEBUG, "ad_unixuser_attr=%s", 194 CHECK_NULL(pgcfg->ad_unixuser_attr)); 195 idmapdlog(LOG_DEBUG, "ad_unixgroup_attr=%s", 196 CHECK_NULL(pgcfg->ad_unixgroup_attr)); 197 idmapdlog(LOG_DEBUG, "nldap_winname_attr=%s", 198 CHECK_NULL(pgcfg->nldap_winname_attr)); 199 200 UNLOCK_CONFIG(); 201 } 202 203 int 204 create_directory(const char *path, uid_t uid, gid_t gid) 205 { 206 int rc; 207 208 if ((rc = mkdir(path, 0700)) < 0 && errno != EEXIST) { 209 idmapdlog(LOG_ERR, "Error creating directory %s (%s)", 210 path, strerror(errno)); 211 return (-1); 212 } 213 214 if (lchown(path, uid, gid) < 0) { 215 idmapdlog(LOG_ERR, "Error creating directory %s (%s)", 216 path, strerror(errno)); 217 if (rc == 0) 218 (void) rmdir(path); 219 return (-1); 220 } 221 return (0); 222 } 223