xref: /titanic_51/usr/src/cmd/idmap/idmapd/init.c (revision 8edda6281c84e0632a22f9c8dbf0d6f1558878eb) 
1c5c4113dSnw141292 /*
2c5c4113dSnw141292  * CDDL HEADER START
3c5c4113dSnw141292  *
4c5c4113dSnw141292  * The contents of this file are subject to the terms of the
5c5c4113dSnw141292  * Common Development and Distribution License (the "License").
6c5c4113dSnw141292  * You may not use this file except in compliance with the License.
7c5c4113dSnw141292  *
8c5c4113dSnw141292  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9c5c4113dSnw141292  * or http://www.opensolaris.org/os/licensing.
10c5c4113dSnw141292  * See the License for the specific language governing permissions
11c5c4113dSnw141292  * and limitations under the License.
12c5c4113dSnw141292  *
13c5c4113dSnw141292  * When distributing Covered Code, include this CDDL HEADER in each
14c5c4113dSnw141292  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15c5c4113dSnw141292  * If applicable, add the following below this CDDL HEADER, with the
16c5c4113dSnw141292  * fields enclosed by brackets "[]" replaced with your own identifying
17c5c4113dSnw141292  * information: Portions Copyright [yyyy] [name of copyright owner]
18c5c4113dSnw141292  *
19c5c4113dSnw141292  * CDDL HEADER END
20c5c4113dSnw141292  */
21c5c4113dSnw141292 /*
22c5c4113dSnw141292  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23c5c4113dSnw141292  * Use is subject to license terms.
24c5c4113dSnw141292  */
25c5c4113dSnw141292 
26c5c4113dSnw141292 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27c5c4113dSnw141292 
28c5c4113dSnw141292 /*
29c5c4113dSnw141292  * Initialization routines
30c5c4113dSnw141292  */
31c5c4113dSnw141292 
32c5c4113dSnw141292 #include "idmapd.h"
33c5c4113dSnw141292 #include <signal.h>
34c5c4113dSnw141292 #include <thread.h>
35c5c4113dSnw141292 #include <string.h>
36c5c4113dSnw141292 #include <errno.h>
37c5c4113dSnw141292 #include <assert.h>
38c5c4113dSnw141292 #include <unistd.h>
39c5c4113dSnw141292 #include <sys/types.h>
40c5c4113dSnw141292 #include <sys/stat.h>
41*8edda628Sbaban #include <rpcsvc/daemon_utils.h>
42c5c4113dSnw141292 
43c5c4113dSnw141292 static const char *me = "idmapd";
44c5c4113dSnw141292 
45c5c4113dSnw141292 int
46c5c4113dSnw141292 init_mapping_system() {
47*8edda628Sbaban 	int rc = 0;
48*8edda628Sbaban 
49c5c4113dSnw141292 	if (rwlock_init(&_idmapdstate.rwlk_cfg, USYNC_THREAD, NULL) != 0)
50c5c4113dSnw141292 		return (-1);
51c5c4113dSnw141292 	if (load_config() < 0)
52c5c4113dSnw141292 		return (-1);
53*8edda628Sbaban 
54*8edda628Sbaban 	(void) setegid(DAEMON_GID);
55*8edda628Sbaban 	(void) seteuid(DAEMON_UID);
56c5c4113dSnw141292 	if (init_dbs() < 0) {
57*8edda628Sbaban 		rc = -1;
58c5c4113dSnw141292 		fini_mapping_system();
59c5c4113dSnw141292 	}
60*8edda628Sbaban 	(void) seteuid(0);
61*8edda628Sbaban 	(void) setegid(0);
62*8edda628Sbaban 
63*8edda628Sbaban 	return (rc);
64c5c4113dSnw141292 }
65c5c4113dSnw141292 
66c5c4113dSnw141292 void
67c5c4113dSnw141292 fini_mapping_system() {
68c5c4113dSnw141292 	fini_dbs();
69c5c4113dSnw141292 }
70c5c4113dSnw141292 
71c5c4113dSnw141292 int
72c5c4113dSnw141292 load_config() {
73c5c4113dSnw141292 	if ((_idmapdstate.cfg = idmap_cfg_init()) == NULL) {
74651c0131Sbaban 		idmapdlog(LOG_ERR, "%s: failed to initialize config", me);
75c5c4113dSnw141292 		return (-1);
76c5c4113dSnw141292 	}
77c5c4113dSnw141292 	if (_idmapdstate.ad != NULL)
78c5c4113dSnw141292 		idmap_ad_free(&_idmapdstate.ad);
79c5c4113dSnw141292 	if (idmap_cfg_load(_idmapdstate.cfg) < 0) {
80651c0131Sbaban 		idmapdlog(LOG_ERR, "%s: failed to load config", me);
81c5c4113dSnw141292 		return (-1);
82c5c4113dSnw141292 	}
83c5c4113dSnw141292 	if (_idmapdstate.cfg->pgcfg.mapping_domain == NULL ||
84c5c4113dSnw141292 	    _idmapdstate.cfg->pgcfg.mapping_domain[0] == '\0') {
85c5c4113dSnw141292 		idmapdlog(LOG_ERR, "%s: Joined AD domain not configured; name "
86c5c4113dSnw141292 			"based and ephemeral mapping will not function", me);
87c5c4113dSnw141292 	} else if (idmap_ad_alloc(&_idmapdstate.ad,
88c5c4113dSnw141292 		    _idmapdstate.cfg->pgcfg.mapping_domain,
89c5c4113dSnw141292 		    IDMAP_AD_GLOBAL_CATALOG) != 0) {
90c5c4113dSnw141292 		idmapdlog(LOG_ERR, "%s: could not initialize AD context",
91c5c4113dSnw141292 			me);
92c5c4113dSnw141292 		return (-1);
93c5c4113dSnw141292 	}
94c5c4113dSnw141292 	if (_idmapdstate.cfg->pgcfg.global_catalog == NULL ||
95c5c4113dSnw141292 	    _idmapdstate.cfg->pgcfg.global_catalog[0] == '\0') {
96c5c4113dSnw141292 		idmapdlog(LOG_ERR, "%s: Global catalog DSnot configured; name "
97c5c4113dSnw141292 			"based and ephemeral mapping will not function", me);
98c5c4113dSnw141292 	} else if (idmap_add_ds(_idmapdstate.ad,
99c5c4113dSnw141292 		    _idmapdstate.cfg->pgcfg.global_catalog, 0) != 0) {
100c5c4113dSnw141292 		idmapdlog(LOG_ERR, "%s: could not initialize AD DS context",
101c5c4113dSnw141292 			me);
102c5c4113dSnw141292 		return (-1);
103c5c4113dSnw141292 	}
104c5c4113dSnw141292 	return (0);
105c5c4113dSnw141292 }
106c5c4113dSnw141292 
107c5c4113dSnw141292 void
108c5c4113dSnw141292 print_idmapdstate() {
109c5c4113dSnw141292 	RDLOCK_CONFIG();
110c5c4113dSnw141292 
111c5c4113dSnw141292 	if (_idmapdstate.daemon_mode == FALSE) {
112c5c4113dSnw141292 		(void) fprintf(stderr, "%s: daemon_mode=%s\n",
113c5c4113dSnw141292 			me, _idmapdstate.daemon_mode == TRUE?"true":"false");
114c5c4113dSnw141292 		(void) fprintf(stderr, "%s: hostname=%s\n",
115c5c4113dSnw141292 			me, _idmapdstate.hostname);
116c5c4113dSnw141292 		(void) fprintf(stderr, "%s; name service domain=%s\n", me,
117c5c4113dSnw141292 			_idmapdstate.domainname);
118c5c4113dSnw141292 
119c5c4113dSnw141292 		(void) fprintf(stderr, "%s: config=%s\n", me,
120c5c4113dSnw141292 			_idmapdstate.cfg?"not null":"null");
121c5c4113dSnw141292 	}
122c5c4113dSnw141292 	if (_idmapdstate.cfg == NULL || _idmapdstate.daemon_mode == TRUE)
123c5c4113dSnw141292 		goto out;
124c5c4113dSnw141292 	(void) fprintf(stderr, "%s: list_size_limit=%llu\n", me,
125c5c4113dSnw141292 		_idmapdstate.cfg->pgcfg.list_size_limit);
126c5c4113dSnw141292 	(void) fprintf(stderr, "%s: mapping_domain=%s\n", me,
127c5c4113dSnw141292 		CHECK_NULL(_idmapdstate.cfg->pgcfg.mapping_domain));
128c5c4113dSnw141292 	(void) fprintf(stderr, "%s: machine_sid=%s\n", me,
129c5c4113dSnw141292 		CHECK_NULL(_idmapdstate.cfg->pgcfg.machine_sid));
130c5c4113dSnw141292 	(void) fprintf(stderr, "%s: global_catalog=%s\n", me,
131c5c4113dSnw141292 		CHECK_NULL(_idmapdstate.cfg->pgcfg.global_catalog));
132c5c4113dSnw141292 	(void) fprintf(stderr, "%s: domain_controller=%s\n", me,
133c5c4113dSnw141292 		CHECK_NULL(_idmapdstate.cfg->pgcfg.domain_controller));
134c5c4113dSnw141292 out:
135c5c4113dSnw141292 	UNLOCK_CONFIG();
136c5c4113dSnw141292 }
137c5c4113dSnw141292 
138c5c4113dSnw141292 int
139c5c4113dSnw141292 create_directory(const char *path, uid_t uid, gid_t gid) {
140c5c4113dSnw141292 	int	rc;
141c5c4113dSnw141292 
142c5c4113dSnw141292 	if ((rc = mkdir(path, 0700)) < 0 && errno != EEXIST) {
143c5c4113dSnw141292 		idmapdlog(LOG_ERR,
144c5c4113dSnw141292 			"%s: Error creating directory %s (%s)",
145c5c4113dSnw141292 			me, path, strerror(errno));
146c5c4113dSnw141292 		return (-1);
147c5c4113dSnw141292 	}
148c5c4113dSnw141292 
149c5c4113dSnw141292 	if (lchown(path, uid, gid) < 0) {
150c5c4113dSnw141292 		idmapdlog(LOG_ERR,
151c5c4113dSnw141292 			"%s: Error creating directory %s (%s)",
152c5c4113dSnw141292 			me, path, strerror(errno));
153c5c4113dSnw141292 		if (rc == 0)
154c5c4113dSnw141292 			(void) rmdir(path);
155c5c4113dSnw141292 		return (-1);
156c5c4113dSnw141292 	}
157c5c4113dSnw141292 	return (0);
158c5c4113dSnw141292 }
159