xref: /titanic_52/usr/src/cmd/idmap/idmapd/init.c (revision 1be2e5dfebda7cac010af97aae7a3a1b45649aed)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 /*
29  * Initialization routines
30  */
31 
32 #include "idmapd.h"
33 #include <signal.h>
34 #include <thread.h>
35 #include <string.h>
36 #include <errno.h>
37 #include <assert.h>
38 #include <unistd.h>
39 #include <sys/types.h>
40 #include <sys/stat.h>
41 #include <rpcsvc/daemon_utils.h>
42 
43 static const char *me = "idmapd";
44 
45 int
46 init_mapping_system() {
47 	int rc = 0;
48 
49 	if (rwlock_init(&_idmapdstate.rwlk_cfg, USYNC_THREAD, NULL) != 0)
50 		return (-1);
51 	if (load_config() < 0)
52 		return (-1);
53 
54 	(void) setegid(DAEMON_GID);
55 	(void) seteuid(DAEMON_UID);
56 	if (init_dbs() < 0) {
57 		rc = -1;
58 		fini_mapping_system();
59 	}
60 	(void) seteuid(0);
61 	(void) setegid(0);
62 
63 	return (rc);
64 }
65 
66 void
67 fini_mapping_system() {
68 	fini_dbs();
69 }
70 
71 int
72 load_config() {
73 	idmap_pg_config_t *pgcfg;
74 	if ((_idmapdstate.cfg = idmap_cfg_init()) == NULL) {
75 		idmapdlog(LOG_ERR, "%s: failed to initialize config", me);
76 		degrade_svc();
77 		return (-1);
78 	}
79 	pgcfg = &_idmapdstate.cfg->pgcfg;
80 
81 	if (idmap_cfg_load(&_idmapdstate.cfg->handles,
82 	    &_idmapdstate.cfg->pgcfg) < 0) {
83 		degrade_svc();
84 		idmapdlog(LOG_ERR, "%s: failed to load config", me);
85 		return (-1);
86 	}
87 
88 	if (pgcfg->default_domain == NULL ||
89 	    pgcfg->default_domain[0] == '\0') {
90 		idmapdlog(LOG_ERR, "%s: Default domain not configured; "
91 		    "AD lookup disabled", me);
92 		degrade_svc();
93 	}
94 	if (pgcfg->domain_name == NULL ||
95 	    pgcfg->domain_name[0] == '\0') {
96 		degrade_svc();
97 		idmapdlog(LOG_ERR,
98 		    "%s: AD joined domain is not configured; "
99 		    "AD lookup disabled", me);
100 	}
101 	if (pgcfg->global_catalog == NULL ||
102 	    pgcfg->global_catalog[0].host[0] == '\0') {
103 		degrade_svc();
104 		idmapdlog(LOG_ERR,
105 		    "%s: Global catalog server is not configured; "
106 		    "AD lookup disabled", me);
107 	}
108 
109 	(void) reload_ad();
110 
111 	if (idmap_cfg_start_updates(_idmapdstate.cfg) < 0)
112 		idmapdlog(LOG_ERR, "%s: could not start config updater",
113 			me);
114 	return (0);
115 }
116 
117 
118 int
119 reload_ad() {
120 	int	i;
121 	ad_t	*old;
122 	ad_t	*new;
123 
124 	idmap_pg_config_t *pgcfg = &_idmapdstate.cfg->pgcfg;
125 
126 	if (pgcfg->default_domain == NULL ||
127 	    pgcfg->global_catalog == NULL) {
128 		if (_idmapdstate.ad == NULL)
129 			idmapdlog(LOG_ERR, "%s: AD lookup disabled", me);
130 		else
131 			idmapdlog(LOG_ERR, "%s: cannot update AD context", me);
132 		return (-1);
133 	}
134 
135 	old = _idmapdstate.ad;
136 
137 	if (idmap_ad_alloc(&new, pgcfg->default_domain,
138 	    IDMAP_AD_GLOBAL_CATALOG) != 0) {
139 		if (old == NULL)
140 			degrade_svc();
141 		idmapdlog(LOG_ERR, "%s: could not initialize AD context", me);
142 		return (-1);
143 	}
144 
145 	for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++) {
146 		if (idmap_add_ds(new,
147 		    pgcfg->global_catalog[i].host,
148 		    pgcfg->global_catalog[i].port) != 0) {
149 			idmap_ad_free(&new);
150 			if (old == NULL)
151 				degrade_svc();
152 			idmapdlog(LOG_ERR,
153 			    "%s: could not initialize AD DS context", me);
154 			return (-1);
155 		}
156 	}
157 
158 	_idmapdstate.ad = new;
159 
160 	if (old != NULL)
161 		idmap_ad_free(&old);
162 
163 	return (0);
164 }
165 
166 
167 void
168 print_idmapdstate() {
169 	int i;
170 	idmap_pg_config_t *pgcfg = &_idmapdstate.cfg->pgcfg;
171 
172 	RDLOCK_CONFIG();
173 
174 	if (_idmapdstate.cfg == NULL) {
175 		idmapdlog(LOG_INFO, "%s: Null configuration", me);
176 		UNLOCK_CONFIG();
177 		return;
178 	}
179 
180 	idmapdlog(LOG_DEBUG, "%s: list_size_limit=%llu", me,
181 	    pgcfg->list_size_limit);
182 	idmapdlog(LOG_DEBUG, "%s: default_domain=%s", me,
183 	    CHECK_NULL(pgcfg->default_domain));
184 	idmapdlog(LOG_DEBUG, "%s: domain_name=%s", me,
185 	    CHECK_NULL(pgcfg->domain_name));
186 	idmapdlog(LOG_DEBUG, "%s: machine_sid=%s", me,
187 	    CHECK_NULL(pgcfg->machine_sid));
188 	if (pgcfg->domain_controller == NULL ||
189 	    pgcfg->domain_controller[0].host[0] == '\0') {
190 		idmapdlog(LOG_DEBUG, "%s: No domain controllers known", me);
191 	} else {
192 		for (i = 0; pgcfg->domain_controller[i].host[0] != '\0'; i++)
193 			idmapdlog(LOG_DEBUG, "%s: domain_controller=%s port=%d",
194 			    me, pgcfg->domain_controller[i].host,
195 			    pgcfg->domain_controller[i].port);
196 	}
197 	idmapdlog(LOG_DEBUG, "%s: forest_name=%s", me,
198 	    CHECK_NULL(pgcfg->forest_name));
199 	idmapdlog(LOG_DEBUG, "%s: site_name=%s", me,
200 	    CHECK_NULL(pgcfg->site_name));
201 	if (pgcfg->global_catalog == NULL ||
202 	    pgcfg->global_catalog[0].host[0] == '\0') {
203 		idmapdlog(LOG_DEBUG, "%s: No global catalog servers known", me);
204 	} else {
205 		for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++)
206 			idmapdlog(LOG_DEBUG, "%s: global_catalog=%s port=%d",
207 			    me,
208 			    pgcfg->global_catalog[i].host,
209 			    pgcfg->global_catalog[i].port);
210 	}
211 
212 	UNLOCK_CONFIG();
213 }
214 
215 int
216 create_directory(const char *path, uid_t uid, gid_t gid) {
217 	int	rc;
218 
219 	if ((rc = mkdir(path, 0700)) < 0 && errno != EEXIST) {
220 		idmapdlog(LOG_ERR,
221 			"%s: Error creating directory %s (%s)",
222 			me, path, strerror(errno));
223 		return (-1);
224 	}
225 
226 	if (lchown(path, uid, gid) < 0) {
227 		idmapdlog(LOG_ERR,
228 			"%s: Error creating directory %s (%s)",
229 			me, path, strerror(errno));
230 		if (rc == 0)
231 			(void) rmdir(path);
232 		return (-1);
233 	}
234 	return (0);
235 }
236