1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 /* 29 * Initialization routines 30 */ 31 32 #include "idmapd.h" 33 #include <signal.h> 34 #include <thread.h> 35 #include <string.h> 36 #include <errno.h> 37 #include <assert.h> 38 #include <unistd.h> 39 #include <sys/types.h> 40 #include <sys/stat.h> 41 #include <rpcsvc/daemon_utils.h> 42 43 static const char *me = "idmapd"; 44 45 int 46 init_mapping_system() { 47 int rc = 0; 48 49 if (rwlock_init(&_idmapdstate.rwlk_cfg, USYNC_THREAD, NULL) != 0) 50 return (-1); 51 if (load_config() < 0) 52 return (-1); 53 54 (void) setegid(DAEMON_GID); 55 (void) seteuid(DAEMON_UID); 56 if (init_dbs() < 0) { 57 rc = -1; 58 fini_mapping_system(); 59 } 60 (void) seteuid(0); 61 (void) setegid(0); 62 63 return (rc); 64 } 65 66 void 67 fini_mapping_system() { 68 fini_dbs(); 69 } 70 71 int 72 load_config() { 73 idmap_pg_config_t *pgcfg; 74 if ((_idmapdstate.cfg = idmap_cfg_init()) == NULL) { 75 idmapdlog(LOG_ERR, "%s: failed to initialize config", me); 76 degrade_svc(); 77 return (-1); 78 } 79 pgcfg = &_idmapdstate.cfg->pgcfg; 80 81 if (idmap_cfg_load(&_idmapdstate.cfg->handles, 82 &_idmapdstate.cfg->pgcfg) < 0) { 83 degrade_svc(); 84 idmapdlog(LOG_ERR, "%s: failed to load config", me); 85 return (-1); 86 } 87 88 if (pgcfg->default_domain == NULL || 89 pgcfg->default_domain[0] == '\0') { 90 idmapdlog(LOG_ERR, "%s: Default domain not configured; " 91 "AD lookup disabled", me); 92 degrade_svc(); 93 } 94 if (pgcfg->domain_name == NULL || 95 pgcfg->domain_name[0] == '\0') { 96 degrade_svc(); 97 idmapdlog(LOG_ERR, 98 "%s: AD joined domain is not configured; " 99 "AD lookup disabled", me); 100 } 101 if (pgcfg->global_catalog == NULL || 102 pgcfg->global_catalog[0].host[0] == '\0') { 103 degrade_svc(); 104 idmapdlog(LOG_ERR, 105 "%s: Global catalog server is not configured; " 106 "AD lookup disabled", me); 107 } 108 109 (void) reload_ad(); 110 111 if (idmap_cfg_start_updates(_idmapdstate.cfg) < 0) 112 idmapdlog(LOG_ERR, "%s: could not start config updater", 113 me); 114 return (0); 115 } 116 117 118 int 119 reload_ad() { 120 int i; 121 ad_t *old; 122 ad_t *new; 123 124 idmap_pg_config_t *pgcfg = &_idmapdstate.cfg->pgcfg; 125 126 if (pgcfg->default_domain == NULL || 127 pgcfg->global_catalog == NULL) { 128 if (_idmapdstate.ad == NULL) 129 idmapdlog(LOG_ERR, "%s: AD lookup disabled", me); 130 else 131 idmapdlog(LOG_ERR, "%s: cannot update AD context", me); 132 return (-1); 133 } 134 135 old = _idmapdstate.ad; 136 137 if (idmap_ad_alloc(&new, pgcfg->default_domain, 138 IDMAP_AD_GLOBAL_CATALOG) != 0) { 139 if (old == NULL) 140 degrade_svc(); 141 idmapdlog(LOG_ERR, "%s: could not initialize AD context", me); 142 return (-1); 143 } 144 145 for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++) { 146 if (idmap_add_ds(new, 147 pgcfg->global_catalog[i].host, 148 pgcfg->global_catalog[i].port) != 0) { 149 idmap_ad_free(&new); 150 if (old == NULL) 151 degrade_svc(); 152 idmapdlog(LOG_ERR, 153 "%s: could not initialize AD DS context", me); 154 return (-1); 155 } 156 } 157 158 _idmapdstate.ad = new; 159 160 if (old != NULL) 161 idmap_ad_free(&old); 162 163 return (0); 164 } 165 166 167 void 168 print_idmapdstate() { 169 int i; 170 idmap_pg_config_t *pgcfg = &_idmapdstate.cfg->pgcfg; 171 172 RDLOCK_CONFIG(); 173 174 if (_idmapdstate.cfg == NULL) { 175 idmapdlog(LOG_INFO, "%s: Null configuration", me); 176 UNLOCK_CONFIG(); 177 return; 178 } 179 180 idmapdlog(LOG_DEBUG, "%s: list_size_limit=%llu", me, 181 pgcfg->list_size_limit); 182 idmapdlog(LOG_DEBUG, "%s: default_domain=%s", me, 183 CHECK_NULL(pgcfg->default_domain)); 184 idmapdlog(LOG_DEBUG, "%s: domain_name=%s", me, 185 CHECK_NULL(pgcfg->domain_name)); 186 idmapdlog(LOG_DEBUG, "%s: machine_sid=%s", me, 187 CHECK_NULL(pgcfg->machine_sid)); 188 if (pgcfg->domain_controller == NULL || 189 pgcfg->domain_controller[0].host[0] == '\0') { 190 idmapdlog(LOG_DEBUG, "%s: No domain controllers known", me); 191 } else { 192 for (i = 0; pgcfg->domain_controller[i].host[0] != '\0'; i++) 193 idmapdlog(LOG_DEBUG, "%s: domain_controller=%s port=%d", 194 me, pgcfg->domain_controller[i].host, 195 pgcfg->domain_controller[i].port); 196 } 197 idmapdlog(LOG_DEBUG, "%s: forest_name=%s", me, 198 CHECK_NULL(pgcfg->forest_name)); 199 idmapdlog(LOG_DEBUG, "%s: site_name=%s", me, 200 CHECK_NULL(pgcfg->site_name)); 201 if (pgcfg->global_catalog == NULL || 202 pgcfg->global_catalog[0].host[0] == '\0') { 203 idmapdlog(LOG_DEBUG, "%s: No global catalog servers known", me); 204 } else { 205 for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++) 206 idmapdlog(LOG_DEBUG, "%s: global_catalog=%s port=%d", 207 me, 208 pgcfg->global_catalog[i].host, 209 pgcfg->global_catalog[i].port); 210 } 211 212 UNLOCK_CONFIG(); 213 } 214 215 int 216 create_directory(const char *path, uid_t uid, gid_t gid) { 217 int rc; 218 219 if ((rc = mkdir(path, 0700)) < 0 && errno != EEXIST) { 220 idmapdlog(LOG_ERR, 221 "%s: Error creating directory %s (%s)", 222 me, path, strerror(errno)); 223 return (-1); 224 } 225 226 if (lchown(path, uid, gid) < 0) { 227 idmapdlog(LOG_ERR, 228 "%s: Error creating directory %s (%s)", 229 me, path, strerror(errno)); 230 if (rc == 0) 231 (void) rmdir(path); 232 return (-1); 233 } 234 return (0); 235 } 236