xref: /titanic_44/usr/src/cmd/idmap/idmapd/init.c (revision 4bff34e37def8a90f9194d81bc345c52ba20086a) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 /*
29  * Initialization routines
30  */
31 
32 #include "idmapd.h"
33 #include <signal.h>
34 #include <thread.h>
35 #include <string.h>
36 #include <errno.h>
37 #include <assert.h>
38 #include <unistd.h>
39 #include <sys/types.h>
40 #include <sys/stat.h>
41 #include <rpcsvc/daemon_utils.h>
42 
43 static const char *me = "idmapd";
44 
45 int
46 init_mapping_system()
47 {
48 	int rc = 0;
49 
50 	if (rwlock_init(&_idmapdstate.rwlk_cfg, USYNC_THREAD, NULL) != 0)
51 		return (-1);
52 	if ((rc = load_config()) < 0)
53 		return (rc);
54 
55 	(void) setegid(DAEMON_GID);
56 	(void) seteuid(DAEMON_UID);
57 	if (init_dbs() < 0) {
58 		rc = -1;
59 		fini_mapping_system();
60 	}
61 	(void) seteuid(0);
62 	(void) setegid(0);
63 
64 	return (rc);
65 }
66 
67 void
68 fini_mapping_system()
69 {
70 	fini_dbs();
71 }
72 
73 int
74 load_config()
75 {
76 	int rc;
77 	idmap_pg_config_t *pgcfg;
78 	if ((_idmapdstate.cfg = idmap_cfg_init()) == NULL) {
79 		degrade_svc("failed to initialize config");
80 		return (-1);
81 	}
82 	pgcfg = &_idmapdstate.cfg->pgcfg;
83 
84 	rc = idmap_cfg_load(&_idmapdstate.cfg->handles,
85 	    &_idmapdstate.cfg->pgcfg, 0);
86 	if (rc < -1) {
87 		/* Total failure */
88 		degrade_svc("fatal error while loading configuration");
89 		return (rc);
90 	}
91 
92 	if (rc != 0)
93 		/* Partial failure */
94 		idmapdlog(LOG_ERR, "%s: Various errors occurred while loading "
95 		    "the configuration; check the logs", me);
96 
97 	if (pgcfg->global_catalog == NULL ||
98 	    pgcfg->global_catalog[0].host[0] == '\0') {
99 		degrade_svc(
100 		    "global catalog server is not configured; AD lookup "
101 		    "will fail until one or more global catalog server names "
102 		    "are configured or discovered; auto-discovery will begin "
103 		    "shortly");
104 	} else {
105 		restore_svc();
106 	}
107 
108 	(void) reload_ad();
109 
110 	if ((rc = idmap_cfg_start_updates()) < 0) {
111 		/* Total failure */
112 		degrade_svc("could not start config updater");
113 		return (rc);
114 	}
115 
116 	idmapdlog(LOG_DEBUG, "%s: Initial configuration loaded", me);
117 
118 	return (0);
119 }
120 
121 
122 int
123 reload_ad()
124 {
125 	int	i;
126 	ad_t	*old;
127 	ad_t	*new;
128 
129 	idmap_pg_config_t *pgcfg = &_idmapdstate.cfg->pgcfg;
130 
131 	if (pgcfg->default_domain == NULL ||
132 	    pgcfg->global_catalog == NULL) {
133 		if (_idmapdstate.ad == NULL)
134 			idmapdlog(LOG_ERR, "%s: AD lookup disabled", me);
135 		else
136 			idmapdlog(LOG_ERR, "%s: cannot update AD context", me);
137 		return (-1);
138 	}
139 
140 	old = _idmapdstate.ad;
141 
142 	if (idmap_ad_alloc(&new, pgcfg->default_domain,
143 	    IDMAP_AD_GLOBAL_CATALOG) != 0) {
144 		degrade_svc("could not initialize AD context");
145 		return (-1);
146 	}
147 
148 	for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++) {
149 		if (idmap_add_ds(new,
150 		    pgcfg->global_catalog[i].host,
151 		    pgcfg->global_catalog[i].port) != 0) {
152 			idmap_ad_free(&new);
153 			degrade_svc("could not initialize AD GC context");
154 			return (-1);
155 		}
156 	}
157 
158 	_idmapdstate.ad = new;
159 
160 	if (old != NULL)
161 		idmap_ad_free(&old);
162 
163 	return (0);
164 }
165 
166 
167 void
168 print_idmapdstate()
169 {
170 	int i;
171 	idmap_pg_config_t *pgcfg;
172 
173 	RDLOCK_CONFIG();
174 
175 	if (_idmapdstate.cfg == NULL) {
176 		idmapdlog(LOG_INFO, "%s: Null configuration", me);
177 		UNLOCK_CONFIG();
178 		return;
179 	}
180 
181 	pgcfg = &_idmapdstate.cfg->pgcfg;
182 
183 	idmapdlog(LOG_DEBUG, "%s: list_size_limit=%llu", me,
184 	    pgcfg->list_size_limit);
185 	idmapdlog(LOG_DEBUG, "%s: default_domain=%s", me,
186 	    CHECK_NULL(pgcfg->default_domain));
187 	idmapdlog(LOG_DEBUG, "%s: domain_name=%s", me,
188 	    CHECK_NULL(pgcfg->domain_name));
189 	idmapdlog(LOG_DEBUG, "%s: machine_sid=%s", me,
190 	    CHECK_NULL(pgcfg->machine_sid));
191 	if (pgcfg->domain_controller == NULL ||
192 	    pgcfg->domain_controller[0].host[0] == '\0') {
193 		idmapdlog(LOG_DEBUG, "%s: No domain controllers known", me);
194 	} else {
195 		for (i = 0; pgcfg->domain_controller[i].host[0] != '\0'; i++)
196 			idmapdlog(LOG_DEBUG, "%s: domain_controller=%s port=%d",
197 			    me, pgcfg->domain_controller[i].host,
198 			    pgcfg->domain_controller[i].port);
199 	}
200 	idmapdlog(LOG_DEBUG, "%s: forest_name=%s", me,
201 	    CHECK_NULL(pgcfg->forest_name));
202 	idmapdlog(LOG_DEBUG, "%s: site_name=%s", me,
203 	    CHECK_NULL(pgcfg->site_name));
204 	if (pgcfg->global_catalog == NULL ||
205 	    pgcfg->global_catalog[0].host[0] == '\0') {
206 		idmapdlog(LOG_DEBUG, "%s: No global catalog servers known", me);
207 	} else {
208 		for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++)
209 			idmapdlog(LOG_DEBUG, "%s: global_catalog=%s port=%d",
210 			    me,
211 			    pgcfg->global_catalog[i].host,
212 			    pgcfg->global_catalog[i].port);
213 	}
214 	idmapdlog(LOG_DEBUG, "%s: ds_name_mapping_enabled=%s", me,
215 	    (pgcfg->ds_name_mapping_enabled == TRUE) ? "true" : "false");
216 	idmapdlog(LOG_DEBUG, "%s: ad_unixuser_attr=%s", me,
217 	    CHECK_NULL(pgcfg->ad_unixuser_attr));
218 	idmapdlog(LOG_DEBUG, "%s: ad_unixgroup_attr=%s", me,
219 	    CHECK_NULL(pgcfg->ad_unixgroup_attr));
220 	idmapdlog(LOG_DEBUG, "%s: nldap_winname_attr=%s", me,
221 	    CHECK_NULL(pgcfg->nldap_winname_attr));
222 
223 	UNLOCK_CONFIG();
224 }
225 
226 int
227 create_directory(const char *path, uid_t uid, gid_t gid)
228 {
229 	int	rc;
230 
231 	if ((rc = mkdir(path, 0700)) < 0 && errno != EEXIST) {
232 		idmapdlog(LOG_ERR,
233 		    "%s: Error creating directory %s (%s)",
234 		    me, path, strerror(errno));
235 		return (-1);
236 	}
237 
238 	if (lchown(path, uid, gid) < 0) {
239 		idmapdlog(LOG_ERR,
240 		    "%s: Error creating directory %s (%s)",
241 		    me, path, strerror(errno));
242 		if (rc == 0)
243 			(void) rmdir(path);
244 		return (-1);
245 	}
246 	return (0);
247 }
248