xref: /titanic_51/usr/src/cmd/idmap/idmapd/init.c (revision 4f7e1866327a77aa6dbef06a88fd04eda82a08f0)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 /*
29  * Initialization routines
30  */
31 
32 #include "idmapd.h"
33 #include <signal.h>
34 #include <thread.h>
35 #include <string.h>
36 #include <errno.h>
37 #include <assert.h>
38 #include <unistd.h>
39 #include <sys/types.h>
40 #include <sys/stat.h>
41 #include <rpcsvc/daemon_utils.h>
42 
43 
44 int
45 init_mapping_system()
46 {
47 	int rc = 0;
48 
49 	if (rwlock_init(&_idmapdstate.rwlk_cfg, USYNC_THREAD, NULL) != 0)
50 		return (-1);
51 	if ((rc = load_config()) < 0)
52 		return (rc);
53 
54 	(void) setegid(DAEMON_GID);
55 	(void) seteuid(DAEMON_UID);
56 	if (init_dbs() < 0) {
57 		rc = -1;
58 		fini_mapping_system();
59 	}
60 	(void) seteuid(0);
61 	(void) setegid(0);
62 
63 	return (rc);
64 }
65 
66 void
67 fini_mapping_system()
68 {
69 	fini_dbs();
70 }
71 
72 int
73 load_config()
74 {
75 	int rc;
76 	if ((_idmapdstate.cfg = idmap_cfg_init()) == NULL) {
77 		degrade_svc(0, "failed to initialize config");
78 		return (-1);
79 	}
80 
81 	rc = idmap_cfg_load(_idmapdstate.cfg, 0);
82 	if (rc < -1) {
83 		/* Total failure */
84 		degrade_svc(0, "fatal error while loading configuration");
85 		return (rc);
86 	}
87 
88 	if (rc != 0)
89 		/* Partial failure */
90 		idmapdlog(LOG_ERR, "Various errors occurred while loading "
91 		    "the configuration; check the logs");
92 
93 	if ((rc = idmap_cfg_start_updates()) < 0) {
94 		/* Total failure */
95 		degrade_svc(0, "could not start config updater");
96 		return (rc);
97 	}
98 
99 	idmapdlog(LOG_DEBUG, "Initial configuration loaded");
100 
101 	return (0);
102 }
103 
104 
105 void
106 reload_ad()
107 {
108 	int	i;
109 	ad_t	*old;
110 	ad_t	*new;
111 
112 	idmap_pg_config_t *pgcfg = &_idmapdstate.cfg->pgcfg;
113 
114 	if (pgcfg->global_catalog == NULL ||
115 	    pgcfg->global_catalog[0].host[0] == '\0') {
116 		/*
117 		 * No GCs.  Continue to use the previous AD config in case
118 		 * that's still good but auto-discovery had a transient failure.
119 		 * If that stops working we'll go into degraded mode anyways
120 		 * when it does.
121 		 */
122 		degrade_svc(0,
123 		    "Global Catalog servers not configured/discoverable");
124 		return;
125 	}
126 
127 	old = _idmapdstate.ad;
128 
129 	if (idmap_ad_alloc(&new, pgcfg->default_domain,
130 	    IDMAP_AD_GLOBAL_CATALOG) != 0) {
131 		degrade_svc(0, "could not initialize AD context");
132 		return;
133 	}
134 
135 	for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++) {
136 		if (idmap_add_ds(new,
137 		    pgcfg->global_catalog[i].host,
138 		    pgcfg->global_catalog[i].port) != 0) {
139 			idmap_ad_free(&new);
140 			degrade_svc(0, "could not initialize AD GC context");
141 			return;
142 		}
143 	}
144 
145 	_idmapdstate.ad = new;
146 
147 	if (old != NULL)
148 		idmap_ad_free(&old);
149 }
150 
151 
152 void
153 print_idmapdstate()
154 {
155 	int i;
156 	idmap_pg_config_t *pgcfg;
157 
158 	RDLOCK_CONFIG();
159 
160 	if (_idmapdstate.cfg == NULL) {
161 		idmapdlog(LOG_INFO, "Null configuration");
162 		UNLOCK_CONFIG();
163 		return;
164 	}
165 
166 	pgcfg = &_idmapdstate.cfg->pgcfg;
167 
168 	idmapdlog(LOG_DEBUG, "list_size_limit=%llu", pgcfg->list_size_limit);
169 	idmapdlog(LOG_DEBUG, "default_domain=%s",
170 	    CHECK_NULL(pgcfg->default_domain));
171 	idmapdlog(LOG_DEBUG, "domain_name=%s", CHECK_NULL(pgcfg->domain_name));
172 	idmapdlog(LOG_DEBUG, "machine_sid=%s", CHECK_NULL(pgcfg->machine_sid));
173 	if (pgcfg->domain_controller == NULL ||
174 	    pgcfg->domain_controller[0].host[0] == '\0') {
175 		idmapdlog(LOG_DEBUG, "No domain controllers known");
176 	} else {
177 		for (i = 0; pgcfg->domain_controller[i].host[0] != '\0'; i++)
178 			idmapdlog(LOG_DEBUG, "domain_controller=%s port=%d",
179 			    pgcfg->domain_controller[i].host,
180 			    pgcfg->domain_controller[i].port);
181 	}
182 	idmapdlog(LOG_DEBUG, "forest_name=%s", CHECK_NULL(pgcfg->forest_name));
183 	idmapdlog(LOG_DEBUG, "site_name=%s", CHECK_NULL(pgcfg->site_name));
184 	if (pgcfg->global_catalog == NULL ||
185 	    pgcfg->global_catalog[0].host[0] == '\0') {
186 		idmapdlog(LOG_DEBUG, "No global catalog servers known");
187 	} else {
188 		for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++)
189 			idmapdlog(LOG_DEBUG, "global_catalog=%s port=%d",
190 			    pgcfg->global_catalog[i].host,
191 			    pgcfg->global_catalog[i].port);
192 	}
193 	idmapdlog(LOG_DEBUG, "ds_name_mapping_enabled=%s",
194 	    (pgcfg->ds_name_mapping_enabled == TRUE) ? "true" : "false");
195 	idmapdlog(LOG_DEBUG, "ad_unixuser_attr=%s",
196 	    CHECK_NULL(pgcfg->ad_unixuser_attr));
197 	idmapdlog(LOG_DEBUG, "ad_unixgroup_attr=%s",
198 	    CHECK_NULL(pgcfg->ad_unixgroup_attr));
199 	idmapdlog(LOG_DEBUG, "nldap_winname_attr=%s",
200 	    CHECK_NULL(pgcfg->nldap_winname_attr));
201 
202 	UNLOCK_CONFIG();
203 }
204 
205 int
206 create_directory(const char *path, uid_t uid, gid_t gid)
207 {
208 	int	rc;
209 
210 	if ((rc = mkdir(path, 0700)) < 0 && errno != EEXIST) {
211 		idmapdlog(LOG_ERR, "Error creating directory %s (%s)",
212 		    path, strerror(errno));
213 		return (-1);
214 	}
215 
216 	if (lchown(path, uid, gid) < 0) {
217 		idmapdlog(LOG_ERR, "Error creating directory %s (%s)",
218 		    path, strerror(errno));
219 		if (rc == 0)
220 			(void) rmdir(path);
221 		return (-1);
222 	}
223 	return (0);
224 }
225