1c5c4113dSnw141292 /* 2c5c4113dSnw141292 * CDDL HEADER START 3c5c4113dSnw141292 * 4c5c4113dSnw141292 * The contents of this file are subject to the terms of the 5c5c4113dSnw141292 * Common Development and Distribution License (the "License"). 6c5c4113dSnw141292 * You may not use this file except in compliance with the License. 7c5c4113dSnw141292 * 8c5c4113dSnw141292 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9c5c4113dSnw141292 * or http://www.opensolaris.org/os/licensing. 10c5c4113dSnw141292 * See the License for the specific language governing permissions 11c5c4113dSnw141292 * and limitations under the License. 12c5c4113dSnw141292 * 13c5c4113dSnw141292 * When distributing Covered Code, include this CDDL HEADER in each 14c5c4113dSnw141292 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15c5c4113dSnw141292 * If applicable, add the following below this CDDL HEADER, with the 16c5c4113dSnw141292 * fields enclosed by brackets "[]" replaced with your own identifying 17c5c4113dSnw141292 * information: Portions Copyright [yyyy] [name of copyright owner] 18c5c4113dSnw141292 * 19c5c4113dSnw141292 * CDDL HEADER END 20c5c4113dSnw141292 */ 21c5c4113dSnw141292 /* 22c5c4113dSnw141292 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23c5c4113dSnw141292 * Use is subject to license terms. 24c5c4113dSnw141292 */ 25c5c4113dSnw141292 26c5c4113dSnw141292 #pragma ident "%Z%%M% %I% %E% SMI" 27c5c4113dSnw141292 28c5c4113dSnw141292 /* 29c5c4113dSnw141292 * Initialization routines 30c5c4113dSnw141292 */ 31c5c4113dSnw141292 32c5c4113dSnw141292 #include "idmapd.h" 33c5c4113dSnw141292 #include <signal.h> 34c5c4113dSnw141292 #include <thread.h> 35c5c4113dSnw141292 #include <string.h> 36c5c4113dSnw141292 #include <errno.h> 37c5c4113dSnw141292 #include <assert.h> 38c5c4113dSnw141292 #include <unistd.h> 39c5c4113dSnw141292 #include <sys/types.h> 40c5c4113dSnw141292 #include <sys/stat.h> 418edda628Sbaban #include <rpcsvc/daemon_utils.h> 42c5c4113dSnw141292 43c5c4113dSnw141292 static const char *me = "idmapd"; 44c5c4113dSnw141292 45c5c4113dSnw141292 int 46c5c4113dSnw141292 init_mapping_system() { 478edda628Sbaban int rc = 0; 488edda628Sbaban 49c5c4113dSnw141292 if (rwlock_init(&_idmapdstate.rwlk_cfg, USYNC_THREAD, NULL) != 0) 50c5c4113dSnw141292 return (-1); 51c5c4113dSnw141292 if (load_config() < 0) 52c5c4113dSnw141292 return (-1); 538edda628Sbaban 548edda628Sbaban (void) setegid(DAEMON_GID); 558edda628Sbaban (void) seteuid(DAEMON_UID); 56c5c4113dSnw141292 if (init_dbs() < 0) { 578edda628Sbaban rc = -1; 58c5c4113dSnw141292 fini_mapping_system(); 59c5c4113dSnw141292 } 608edda628Sbaban (void) seteuid(0); 618edda628Sbaban (void) setegid(0); 628edda628Sbaban 638edda628Sbaban return (rc); 64c5c4113dSnw141292 } 65c5c4113dSnw141292 66c5c4113dSnw141292 void 67c5c4113dSnw141292 fini_mapping_system() { 68c5c4113dSnw141292 fini_dbs(); 69c5c4113dSnw141292 } 70c5c4113dSnw141292 71c5c4113dSnw141292 int 72c5c4113dSnw141292 load_config() { 73*c8e26105Sjp151216 idmap_pg_config_t *pgcfg; 74c5c4113dSnw141292 if ((_idmapdstate.cfg = idmap_cfg_init()) == NULL) { 75651c0131Sbaban idmapdlog(LOG_ERR, "%s: failed to initialize config", me); 76*c8e26105Sjp151216 degrade_svc(); 77c5c4113dSnw141292 return (-1); 78c5c4113dSnw141292 } 79*c8e26105Sjp151216 pgcfg = &_idmapdstate.cfg->pgcfg; 80*c8e26105Sjp151216 81*c8e26105Sjp151216 if (idmap_cfg_load(&_idmapdstate.cfg->handles, 82*c8e26105Sjp151216 &_idmapdstate.cfg->pgcfg) < 0) { 83*c8e26105Sjp151216 degrade_svc(); 84651c0131Sbaban idmapdlog(LOG_ERR, "%s: failed to load config", me); 85c5c4113dSnw141292 return (-1); 86c5c4113dSnw141292 } 87*c8e26105Sjp151216 88*c8e26105Sjp151216 if (pgcfg->default_domain == NULL || 89*c8e26105Sjp151216 pgcfg->default_domain[0] == '\0') { 90*c8e26105Sjp151216 idmapdlog(LOG_ERR, "%s: Default domain not configured; " 91*c8e26105Sjp151216 "AD lookup disabled", me); 92*c8e26105Sjp151216 degrade_svc(); 93c5c4113dSnw141292 } 94*c8e26105Sjp151216 if (pgcfg->domain_name == NULL || 95*c8e26105Sjp151216 pgcfg->domain_name[0] == '\0') { 96*c8e26105Sjp151216 degrade_svc(); 97*c8e26105Sjp151216 idmapdlog(LOG_ERR, 98*c8e26105Sjp151216 "%s: AD joined domain is not configured; " 99*c8e26105Sjp151216 "AD lookup disabled", me); 100*c8e26105Sjp151216 } 101*c8e26105Sjp151216 if (pgcfg->global_catalog == NULL || 102*c8e26105Sjp151216 pgcfg->global_catalog[0].host[0] == '\0') { 103*c8e26105Sjp151216 degrade_svc(); 10462c60062Sbaban idmapdlog(LOG_ERR, 10562c60062Sbaban "%s: Global catalog server is not configured; " 106*c8e26105Sjp151216 "AD lookup disabled", me); 107c5c4113dSnw141292 } 108*c8e26105Sjp151216 109*c8e26105Sjp151216 (void) reload_ad(); 110*c8e26105Sjp151216 111*c8e26105Sjp151216 if (idmap_cfg_start_updates(_idmapdstate.cfg) < 0) 112*c8e26105Sjp151216 idmapdlog(LOG_ERR, "%s: could not start config updater", 113*c8e26105Sjp151216 me); 114c5c4113dSnw141292 return (0); 115c5c4113dSnw141292 } 116c5c4113dSnw141292 117*c8e26105Sjp151216 118*c8e26105Sjp151216 int 119*c8e26105Sjp151216 reload_ad() { 120*c8e26105Sjp151216 int i; 121*c8e26105Sjp151216 ad_t *old; 122*c8e26105Sjp151216 ad_t *new; 123*c8e26105Sjp151216 124*c8e26105Sjp151216 idmap_pg_config_t *pgcfg = &_idmapdstate.cfg->pgcfg; 125*c8e26105Sjp151216 126*c8e26105Sjp151216 if (pgcfg->default_domain == NULL || 127*c8e26105Sjp151216 pgcfg->global_catalog == NULL) { 128*c8e26105Sjp151216 if (_idmapdstate.ad == NULL) 129*c8e26105Sjp151216 idmapdlog(LOG_ERR, "%s: AD lookup disabled", me); 130*c8e26105Sjp151216 else 131*c8e26105Sjp151216 idmapdlog(LOG_ERR, "%s: cannot update AD context", me); 132*c8e26105Sjp151216 return (-1); 133*c8e26105Sjp151216 } 134*c8e26105Sjp151216 135*c8e26105Sjp151216 old = _idmapdstate.ad; 136*c8e26105Sjp151216 137*c8e26105Sjp151216 if (idmap_ad_alloc(&new, pgcfg->default_domain, 138*c8e26105Sjp151216 IDMAP_AD_GLOBAL_CATALOG) != 0) { 139*c8e26105Sjp151216 if (old == NULL) 140*c8e26105Sjp151216 degrade_svc(); 141*c8e26105Sjp151216 idmapdlog(LOG_ERR, "%s: could not initialize AD context", me); 142*c8e26105Sjp151216 return (-1); 143*c8e26105Sjp151216 } 144*c8e26105Sjp151216 145*c8e26105Sjp151216 for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++) { 146*c8e26105Sjp151216 if (idmap_add_ds(new, 147*c8e26105Sjp151216 pgcfg->global_catalog[i].host, 148*c8e26105Sjp151216 pgcfg->global_catalog[i].port) != 0) { 149*c8e26105Sjp151216 idmap_ad_free(&new); 150*c8e26105Sjp151216 if (old == NULL) 151*c8e26105Sjp151216 degrade_svc(); 152*c8e26105Sjp151216 idmapdlog(LOG_ERR, 153*c8e26105Sjp151216 "%s: could not initialize AD DS context", me); 154*c8e26105Sjp151216 return (-1); 155*c8e26105Sjp151216 } 156*c8e26105Sjp151216 } 157*c8e26105Sjp151216 158*c8e26105Sjp151216 _idmapdstate.ad = new; 159*c8e26105Sjp151216 160*c8e26105Sjp151216 if (old != NULL) 161*c8e26105Sjp151216 idmap_ad_free(&old); 162*c8e26105Sjp151216 163*c8e26105Sjp151216 return (0); 164*c8e26105Sjp151216 } 165*c8e26105Sjp151216 166*c8e26105Sjp151216 167c5c4113dSnw141292 void 168c5c4113dSnw141292 print_idmapdstate() { 169*c8e26105Sjp151216 int i; 170*c8e26105Sjp151216 idmap_pg_config_t *pgcfg = &_idmapdstate.cfg->pgcfg; 171*c8e26105Sjp151216 172c5c4113dSnw141292 RDLOCK_CONFIG(); 173c5c4113dSnw141292 174*c8e26105Sjp151216 if (_idmapdstate.cfg == NULL) { 175*c8e26105Sjp151216 idmapdlog(LOG_INFO, "%s: Null configuration", me); 176*c8e26105Sjp151216 UNLOCK_CONFIG(); 177*c8e26105Sjp151216 return; 178c5c4113dSnw141292 } 179*c8e26105Sjp151216 180*c8e26105Sjp151216 idmapdlog(LOG_DEBUG, "%s: list_size_limit=%llu", me, 181*c8e26105Sjp151216 pgcfg->list_size_limit); 182*c8e26105Sjp151216 idmapdlog(LOG_DEBUG, "%s: default_domain=%s", me, 183*c8e26105Sjp151216 CHECK_NULL(pgcfg->default_domain)); 184*c8e26105Sjp151216 idmapdlog(LOG_DEBUG, "%s: domain_name=%s", me, 185*c8e26105Sjp151216 CHECK_NULL(pgcfg->domain_name)); 186*c8e26105Sjp151216 idmapdlog(LOG_DEBUG, "%s: machine_sid=%s", me, 187*c8e26105Sjp151216 CHECK_NULL(pgcfg->machine_sid)); 188*c8e26105Sjp151216 if (pgcfg->domain_controller == NULL || 189*c8e26105Sjp151216 pgcfg->domain_controller[0].host[0] == '\0') { 190*c8e26105Sjp151216 idmapdlog(LOG_DEBUG, "%s: No domain controllers known", me); 191*c8e26105Sjp151216 } else { 192*c8e26105Sjp151216 for (i = 0; pgcfg->domain_controller[i].host[0] != '\0'; i++) 193*c8e26105Sjp151216 idmapdlog(LOG_DEBUG, "%s: domain_controller=%s port=%d", 194*c8e26105Sjp151216 me, pgcfg->domain_controller[i].host, 195*c8e26105Sjp151216 pgcfg->domain_controller[i].port); 196*c8e26105Sjp151216 } 197*c8e26105Sjp151216 idmapdlog(LOG_DEBUG, "%s: forest_name=%s", me, 198*c8e26105Sjp151216 CHECK_NULL(pgcfg->forest_name)); 199*c8e26105Sjp151216 idmapdlog(LOG_DEBUG, "%s: site_name=%s", me, 200*c8e26105Sjp151216 CHECK_NULL(pgcfg->site_name)); 201*c8e26105Sjp151216 if (pgcfg->global_catalog == NULL || 202*c8e26105Sjp151216 pgcfg->global_catalog[0].host[0] == '\0') { 203*c8e26105Sjp151216 idmapdlog(LOG_DEBUG, "%s: No global catalog servers known", me); 204*c8e26105Sjp151216 } else { 205*c8e26105Sjp151216 for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++) 206*c8e26105Sjp151216 idmapdlog(LOG_DEBUG, "%s: global_catalog=%s port=%d", 207*c8e26105Sjp151216 me, 208*c8e26105Sjp151216 pgcfg->global_catalog[i].host, 209*c8e26105Sjp151216 pgcfg->global_catalog[i].port); 210*c8e26105Sjp151216 } 211*c8e26105Sjp151216 212c5c4113dSnw141292 UNLOCK_CONFIG(); 213c5c4113dSnw141292 } 214c5c4113dSnw141292 215c5c4113dSnw141292 int 216c5c4113dSnw141292 create_directory(const char *path, uid_t uid, gid_t gid) { 217c5c4113dSnw141292 int rc; 218c5c4113dSnw141292 219c5c4113dSnw141292 if ((rc = mkdir(path, 0700)) < 0 && errno != EEXIST) { 220c5c4113dSnw141292 idmapdlog(LOG_ERR, 221c5c4113dSnw141292 "%s: Error creating directory %s (%s)", 222c5c4113dSnw141292 me, path, strerror(errno)); 223c5c4113dSnw141292 return (-1); 224c5c4113dSnw141292 } 225c5c4113dSnw141292 226c5c4113dSnw141292 if (lchown(path, uid, gid) < 0) { 227c5c4113dSnw141292 idmapdlog(LOG_ERR, 228c5c4113dSnw141292 "%s: Error creating directory %s (%s)", 229c5c4113dSnw141292 me, path, strerror(errno)); 230c5c4113dSnw141292 if (rc == 0) 231c5c4113dSnw141292 (void) rmdir(path); 232c5c4113dSnw141292 return (-1); 233c5c4113dSnw141292 } 234c5c4113dSnw141292 return (0); 235c5c4113dSnw141292 } 236