xref: /titanic_50/usr/src/cmd/idmap/idmapd/init.c (revision 349d5d8f2e43f7f425bc3d025dda555187160ab7) 
1c5c4113dSnw141292 /*
2c5c4113dSnw141292  * CDDL HEADER START
3c5c4113dSnw141292  *
4c5c4113dSnw141292  * The contents of this file are subject to the terms of the
5c5c4113dSnw141292  * Common Development and Distribution License (the "License").
6c5c4113dSnw141292  * You may not use this file except in compliance with the License.
7c5c4113dSnw141292  *
8c5c4113dSnw141292  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9c5c4113dSnw141292  * or http://www.opensolaris.org/os/licensing.
10c5c4113dSnw141292  * See the License for the specific language governing permissions
11c5c4113dSnw141292  * and limitations under the License.
12c5c4113dSnw141292  *
13c5c4113dSnw141292  * When distributing Covered Code, include this CDDL HEADER in each
14c5c4113dSnw141292  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15c5c4113dSnw141292  * If applicable, add the following below this CDDL HEADER, with the
16c5c4113dSnw141292  * fields enclosed by brackets "[]" replaced with your own identifying
17c5c4113dSnw141292  * information: Portions Copyright [yyyy] [name of copyright owner]
18c5c4113dSnw141292  *
19c5c4113dSnw141292  * CDDL HEADER END
20c5c4113dSnw141292  */
21c5c4113dSnw141292 /*
224edd44c5Sjp151216  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23c5c4113dSnw141292  * Use is subject to license terms.
24c5c4113dSnw141292  */
25c5c4113dSnw141292 
26c5c4113dSnw141292 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27c5c4113dSnw141292 
28c5c4113dSnw141292 /*
29c5c4113dSnw141292  * Initialization routines
30c5c4113dSnw141292  */
31c5c4113dSnw141292 
32c5c4113dSnw141292 #include "idmapd.h"
33c5c4113dSnw141292 #include <signal.h>
34c5c4113dSnw141292 #include <thread.h>
35c5c4113dSnw141292 #include <string.h>
36c5c4113dSnw141292 #include <errno.h>
37c5c4113dSnw141292 #include <assert.h>
38c5c4113dSnw141292 #include <unistd.h>
39c5c4113dSnw141292 #include <sys/types.h>
40c5c4113dSnw141292 #include <sys/stat.h>
418edda628Sbaban #include <rpcsvc/daemon_utils.h>
42c5c4113dSnw141292 
43c5c4113dSnw141292 
44c5c4113dSnw141292 int
454edd44c5Sjp151216 init_mapping_system()
464edd44c5Sjp151216 {
478edda628Sbaban 	int rc = 0;
488edda628Sbaban 
49c5c4113dSnw141292 	if (rwlock_init(&_idmapdstate.rwlk_cfg, USYNC_THREAD, NULL) != 0)
50c5c4113dSnw141292 		return (-1);
51e8c27ec8Sbaban 	if ((rc = load_config()) < 0)
52e8c27ec8Sbaban 		return (rc);
538edda628Sbaban 
548edda628Sbaban 	(void) setegid(DAEMON_GID);
558edda628Sbaban 	(void) seteuid(DAEMON_UID);
56c5c4113dSnw141292 	if (init_dbs() < 0) {
578edda628Sbaban 		rc = -1;
58c5c4113dSnw141292 		fini_mapping_system();
59c5c4113dSnw141292 	}
608edda628Sbaban 	(void) seteuid(0);
618edda628Sbaban 	(void) setegid(0);
628edda628Sbaban 
638edda628Sbaban 	return (rc);
64c5c4113dSnw141292 }
65c5c4113dSnw141292 
66c5c4113dSnw141292 void
674edd44c5Sjp151216 fini_mapping_system()
684edd44c5Sjp151216 {
69c5c4113dSnw141292 	fini_dbs();
70c5c4113dSnw141292 }
71c5c4113dSnw141292 
72c5c4113dSnw141292 int
734edd44c5Sjp151216 load_config()
744edd44c5Sjp151216 {
75e3c2d6aaSnw141292 	int rc;
76c5c4113dSnw141292 	if ((_idmapdstate.cfg = idmap_cfg_init()) == NULL) {
77*349d5d8fSnw141292 		degrade_svc(0, "failed to initialize config");
78c5c4113dSnw141292 		return (-1);
79c5c4113dSnw141292 	}
80c8e26105Sjp151216 
81*349d5d8fSnw141292 	rc = idmap_cfg_load(_idmapdstate.cfg, 0);
82e3c2d6aaSnw141292 	if (rc < -1) {
83e3c2d6aaSnw141292 		/* Total failure */
84*349d5d8fSnw141292 		degrade_svc(0, "fatal error while loading configuration");
85e8c27ec8Sbaban 		return (rc);
86c5c4113dSnw141292 	}
87c8e26105Sjp151216 
88e3c2d6aaSnw141292 	if (rc != 0)
89e3c2d6aaSnw141292 		/* Partial failure */
9071590c90Snw141292 		idmapdlog(LOG_ERR, "Various errors occurred while loading "
9171590c90Snw141292 		    "the configuration; check the logs");
92e3c2d6aaSnw141292 
930dcc7149Snw141292 	if ((rc = idmap_cfg_start_updates()) < 0) {
940dcc7149Snw141292 		/* Total failure */
95*349d5d8fSnw141292 		degrade_svc(0, "could not start config updater");
960dcc7149Snw141292 		return (rc);
970dcc7149Snw141292 	}
98e3c2d6aaSnw141292 
9971590c90Snw141292 	idmapdlog(LOG_DEBUG, "Initial configuration loaded");
100e3c2d6aaSnw141292 
101c5c4113dSnw141292 	return (0);
102c5c4113dSnw141292 }
103c5c4113dSnw141292 
104c8e26105Sjp151216 
105*349d5d8fSnw141292 void
1064edd44c5Sjp151216 reload_ad()
1074edd44c5Sjp151216 {
108c8e26105Sjp151216 	int	i;
109c8e26105Sjp151216 	ad_t	*old;
110c8e26105Sjp151216 	ad_t	*new;
111c8e26105Sjp151216 
112c8e26105Sjp151216 	idmap_pg_config_t *pgcfg = &_idmapdstate.cfg->pgcfg;
113c8e26105Sjp151216 
114*349d5d8fSnw141292 	if (pgcfg->global_catalog == NULL ||
115*349d5d8fSnw141292 	    pgcfg->global_catalog[0].host[0] == '\0') {
116*349d5d8fSnw141292 		/*
117*349d5d8fSnw141292 		 * No GCs.  Continue to use the previous AD config in case
118*349d5d8fSnw141292 		 * that's still good but auto-discovery had a transient failure.
119*349d5d8fSnw141292 		 * If that stops working we'll go into degraded mode anyways
120*349d5d8fSnw141292 		 * when it does.
121*349d5d8fSnw141292 		 */
122*349d5d8fSnw141292 		degrade_svc(0,
123*349d5d8fSnw141292 		    "Global Catalog servers not configured/discoverable");
124*349d5d8fSnw141292 		return;
125c8e26105Sjp151216 	}
126c8e26105Sjp151216 
127c8e26105Sjp151216 	old = _idmapdstate.ad;
128c8e26105Sjp151216 
129c8e26105Sjp151216 	if (idmap_ad_alloc(&new, pgcfg->default_domain,
130c8e26105Sjp151216 	    IDMAP_AD_GLOBAL_CATALOG) != 0) {
131*349d5d8fSnw141292 		degrade_svc(0, "could not initialize AD context");
132*349d5d8fSnw141292 		return;
133c8e26105Sjp151216 	}
134c8e26105Sjp151216 
135c8e26105Sjp151216 	for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++) {
136c8e26105Sjp151216 		if (idmap_add_ds(new,
137c8e26105Sjp151216 		    pgcfg->global_catalog[i].host,
138c8e26105Sjp151216 		    pgcfg->global_catalog[i].port) != 0) {
139c8e26105Sjp151216 			idmap_ad_free(&new);
140*349d5d8fSnw141292 			degrade_svc(0, "could not initialize AD GC context");
141*349d5d8fSnw141292 			return;
142c8e26105Sjp151216 		}
143c8e26105Sjp151216 	}
144c8e26105Sjp151216 
145c8e26105Sjp151216 	_idmapdstate.ad = new;
146c8e26105Sjp151216 
147c8e26105Sjp151216 	if (old != NULL)
148c8e26105Sjp151216 		idmap_ad_free(&old);
149c8e26105Sjp151216 }
150c8e26105Sjp151216 
151c8e26105Sjp151216 
152c5c4113dSnw141292 void
1534edd44c5Sjp151216 print_idmapdstate()
1544edd44c5Sjp151216 {
155c8e26105Sjp151216 	int i;
156e8c27ec8Sbaban 	idmap_pg_config_t *pgcfg;
157c8e26105Sjp151216 
158c5c4113dSnw141292 	RDLOCK_CONFIG();
159c5c4113dSnw141292 
160c8e26105Sjp151216 	if (_idmapdstate.cfg == NULL) {
16171590c90Snw141292 		idmapdlog(LOG_INFO, "Null configuration");
162c8e26105Sjp151216 		UNLOCK_CONFIG();
163c8e26105Sjp151216 		return;
164c5c4113dSnw141292 	}
165c8e26105Sjp151216 
166e8c27ec8Sbaban 	pgcfg = &_idmapdstate.cfg->pgcfg;
167e8c27ec8Sbaban 
16871590c90Snw141292 	idmapdlog(LOG_DEBUG, "list_size_limit=%llu", pgcfg->list_size_limit);
16971590c90Snw141292 	idmapdlog(LOG_DEBUG, "default_domain=%s",
170c8e26105Sjp151216 	    CHECK_NULL(pgcfg->default_domain));
17171590c90Snw141292 	idmapdlog(LOG_DEBUG, "domain_name=%s", CHECK_NULL(pgcfg->domain_name));
17271590c90Snw141292 	idmapdlog(LOG_DEBUG, "machine_sid=%s", CHECK_NULL(pgcfg->machine_sid));
173c8e26105Sjp151216 	if (pgcfg->domain_controller == NULL ||
174c8e26105Sjp151216 	    pgcfg->domain_controller[0].host[0] == '\0') {
17571590c90Snw141292 		idmapdlog(LOG_DEBUG, "No domain controllers known");
176c8e26105Sjp151216 	} else {
177c8e26105Sjp151216 		for (i = 0; pgcfg->domain_controller[i].host[0] != '\0'; i++)
17871590c90Snw141292 			idmapdlog(LOG_DEBUG, "domain_controller=%s port=%d",
17971590c90Snw141292 			    pgcfg->domain_controller[i].host,
180c8e26105Sjp151216 			    pgcfg->domain_controller[i].port);
181c8e26105Sjp151216 	}
18271590c90Snw141292 	idmapdlog(LOG_DEBUG, "forest_name=%s", CHECK_NULL(pgcfg->forest_name));
18371590c90Snw141292 	idmapdlog(LOG_DEBUG, "site_name=%s", CHECK_NULL(pgcfg->site_name));
184c8e26105Sjp151216 	if (pgcfg->global_catalog == NULL ||
185c8e26105Sjp151216 	    pgcfg->global_catalog[0].host[0] == '\0') {
18671590c90Snw141292 		idmapdlog(LOG_DEBUG, "No global catalog servers known");
187c8e26105Sjp151216 	} else {
188c8e26105Sjp151216 		for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++)
18971590c90Snw141292 			idmapdlog(LOG_DEBUG, "global_catalog=%s port=%d",
190c8e26105Sjp151216 			    pgcfg->global_catalog[i].host,
191c8e26105Sjp151216 			    pgcfg->global_catalog[i].port);
192c8e26105Sjp151216 	}
19371590c90Snw141292 	idmapdlog(LOG_DEBUG, "ds_name_mapping_enabled=%s",
194e8c27ec8Sbaban 	    (pgcfg->ds_name_mapping_enabled == TRUE) ? "true" : "false");
19571590c90Snw141292 	idmapdlog(LOG_DEBUG, "ad_unixuser_attr=%s",
196e8c27ec8Sbaban 	    CHECK_NULL(pgcfg->ad_unixuser_attr));
19771590c90Snw141292 	idmapdlog(LOG_DEBUG, "ad_unixgroup_attr=%s",
198e8c27ec8Sbaban 	    CHECK_NULL(pgcfg->ad_unixgroup_attr));
19971590c90Snw141292 	idmapdlog(LOG_DEBUG, "nldap_winname_attr=%s",
200e8c27ec8Sbaban 	    CHECK_NULL(pgcfg->nldap_winname_attr));
201c8e26105Sjp151216 
202c5c4113dSnw141292 	UNLOCK_CONFIG();
203c5c4113dSnw141292 }
204c5c4113dSnw141292 
205c5c4113dSnw141292 int
2064edd44c5Sjp151216 create_directory(const char *path, uid_t uid, gid_t gid)
2074edd44c5Sjp151216 {
208c5c4113dSnw141292 	int	rc;
209c5c4113dSnw141292 
210c5c4113dSnw141292 	if ((rc = mkdir(path, 0700)) < 0 && errno != EEXIST) {
21171590c90Snw141292 		idmapdlog(LOG_ERR, "Error creating directory %s (%s)",
21271590c90Snw141292 		    path, strerror(errno));
213c5c4113dSnw141292 		return (-1);
214c5c4113dSnw141292 	}
215c5c4113dSnw141292 
216c5c4113dSnw141292 	if (lchown(path, uid, gid) < 0) {
21771590c90Snw141292 		idmapdlog(LOG_ERR, "Error creating directory %s (%s)",
21871590c90Snw141292 		    path, strerror(errno));
219c5c4113dSnw141292 		if (rc == 0)
220c5c4113dSnw141292 			(void) rmdir(path);
221c5c4113dSnw141292 		return (-1);
222c5c4113dSnw141292 	}
223c5c4113dSnw141292 	return (0);
224c5c4113dSnw141292 }
225