xref: /titanic_52/usr/src/cmd/idmap/idmapd/init.c (revision 2dd2efa5a06a9befe46075cf41e16f57533c9f98)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 /*
29  * Initialization routines
30  */
31 
32 #include "idmapd.h"
33 #include <signal.h>
34 #include <thread.h>
35 #include <string.h>
36 #include <errno.h>
37 #include <assert.h>
38 #include <unistd.h>
39 #include <sys/types.h>
40 #include <sys/stat.h>
41 #include <rpcsvc/daemon_utils.h>
42 
43 static const char *me = "idmapd";
44 
45 int
46 init_mapping_system()
47 {
48 	int rc = 0;
49 
50 	if (rwlock_init(&_idmapdstate.rwlk_cfg, USYNC_THREAD, NULL) != 0)
51 		return (-1);
52 	if ((rc = load_config()) < 0)
53 		return (rc);
54 
55 	(void) setegid(DAEMON_GID);
56 	(void) seteuid(DAEMON_UID);
57 	if (init_dbs() < 0) {
58 		rc = -1;
59 		fini_mapping_system();
60 	}
61 	(void) seteuid(0);
62 	(void) setegid(0);
63 
64 	return (rc);
65 }
66 
67 void
68 fini_mapping_system()
69 {
70 	fini_dbs();
71 }
72 
73 int
74 load_config()
75 {
76 	int rc;
77 	idmap_pg_config_t *pgcfg;
78 	if ((_idmapdstate.cfg = idmap_cfg_init()) == NULL) {
79 		idmapdlog(LOG_ERR, "%s: failed to initialize config", me);
80 		degrade_svc();
81 		return (-1);
82 	}
83 	pgcfg = &_idmapdstate.cfg->pgcfg;
84 
85 	rc = idmap_cfg_load(&_idmapdstate.cfg->handles,
86 	    &_idmapdstate.cfg->pgcfg, 0);
87 	if (rc < -1) {
88 		/* Total failure */
89 		degrade_svc();
90 		idmapdlog(LOG_ERR, "%s: Fatal error while loading "
91 		    "configuration", me);
92 		return (rc);
93 	}
94 
95 	if (rc != 0)
96 		/* Partial failure */
97 		idmapdlog(LOG_ERR, "%s: Various errors occurred while loading "
98 		    "the configuration; check the logs", me);
99 
100 	if (pgcfg->global_catalog == NULL ||
101 	    pgcfg->global_catalog[0].host[0] == '\0') {
102 		degrade_svc();
103 		idmapdlog(LOG_INFO,
104 		    "%s: Global catalog server is not configured; AD lookup "
105 		    "will fail until one or more global catalog server names "
106 		    "are configured or discovered; auto-discovery will begin "
107 		    "shortly", me);
108 	} else {
109 		restore_svc();
110 	}
111 
112 	(void) reload_ad();
113 
114 	if (idmap_cfg_start_updates(_idmapdstate.cfg) < 0)
115 		idmapdlog(LOG_ERR, "%s: could not start config updater",
116 		    me);
117 
118 	idmapdlog(LOG_DEBUG, "%s: initial configuration loaded", me);
119 
120 	return (0);
121 }
122 
123 
124 int
125 reload_ad()
126 {
127 	int	i;
128 	ad_t	*old;
129 	ad_t	*new;
130 
131 	idmap_pg_config_t *pgcfg = &_idmapdstate.cfg->pgcfg;
132 
133 	if (pgcfg->default_domain == NULL ||
134 	    pgcfg->global_catalog == NULL) {
135 		if (_idmapdstate.ad == NULL)
136 			idmapdlog(LOG_ERR, "%s: AD lookup disabled", me);
137 		else
138 			idmapdlog(LOG_ERR, "%s: cannot update AD context", me);
139 		return (-1);
140 	}
141 
142 	old = _idmapdstate.ad;
143 
144 	if (idmap_ad_alloc(&new, pgcfg->default_domain,
145 	    IDMAP_AD_GLOBAL_CATALOG) != 0) {
146 		if (old == NULL)
147 			degrade_svc();
148 		idmapdlog(LOG_ERR, "%s: could not initialize AD context", me);
149 		return (-1);
150 	}
151 
152 	for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++) {
153 		if (idmap_add_ds(new,
154 		    pgcfg->global_catalog[i].host,
155 		    pgcfg->global_catalog[i].port) != 0) {
156 			idmap_ad_free(&new);
157 			if (old == NULL)
158 				degrade_svc();
159 			idmapdlog(LOG_ERR,
160 			    "%s: could not initialize AD DS context", me);
161 			return (-1);
162 		}
163 	}
164 
165 	_idmapdstate.ad = new;
166 
167 	if (old != NULL)
168 		idmap_ad_free(&old);
169 
170 	return (0);
171 }
172 
173 
174 void
175 print_idmapdstate()
176 {
177 	int i;
178 	idmap_pg_config_t *pgcfg;
179 
180 	RDLOCK_CONFIG();
181 
182 	if (_idmapdstate.cfg == NULL) {
183 		idmapdlog(LOG_INFO, "%s: Null configuration", me);
184 		UNLOCK_CONFIG();
185 		return;
186 	}
187 
188 	pgcfg = &_idmapdstate.cfg->pgcfg;
189 
190 	idmapdlog(LOG_DEBUG, "%s: list_size_limit=%llu", me,
191 	    pgcfg->list_size_limit);
192 	idmapdlog(LOG_DEBUG, "%s: default_domain=%s", me,
193 	    CHECK_NULL(pgcfg->default_domain));
194 	idmapdlog(LOG_DEBUG, "%s: domain_name=%s", me,
195 	    CHECK_NULL(pgcfg->domain_name));
196 	idmapdlog(LOG_DEBUG, "%s: machine_sid=%s", me,
197 	    CHECK_NULL(pgcfg->machine_sid));
198 	if (pgcfg->domain_controller == NULL ||
199 	    pgcfg->domain_controller[0].host[0] == '\0') {
200 		idmapdlog(LOG_DEBUG, "%s: No domain controllers known", me);
201 	} else {
202 		for (i = 0; pgcfg->domain_controller[i].host[0] != '\0'; i++)
203 			idmapdlog(LOG_DEBUG, "%s: domain_controller=%s port=%d",
204 			    me, pgcfg->domain_controller[i].host,
205 			    pgcfg->domain_controller[i].port);
206 	}
207 	idmapdlog(LOG_DEBUG, "%s: forest_name=%s", me,
208 	    CHECK_NULL(pgcfg->forest_name));
209 	idmapdlog(LOG_DEBUG, "%s: site_name=%s", me,
210 	    CHECK_NULL(pgcfg->site_name));
211 	if (pgcfg->global_catalog == NULL ||
212 	    pgcfg->global_catalog[0].host[0] == '\0') {
213 		idmapdlog(LOG_DEBUG, "%s: No global catalog servers known", me);
214 	} else {
215 		for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++)
216 			idmapdlog(LOG_DEBUG, "%s: global_catalog=%s port=%d",
217 			    me,
218 			    pgcfg->global_catalog[i].host,
219 			    pgcfg->global_catalog[i].port);
220 	}
221 	idmapdlog(LOG_DEBUG, "%s: ds_name_mapping_enabled=%s", me,
222 	    (pgcfg->ds_name_mapping_enabled == TRUE) ? "true" : "false");
223 	idmapdlog(LOG_DEBUG, "%s: ad_unixuser_attr=%s", me,
224 	    CHECK_NULL(pgcfg->ad_unixuser_attr));
225 	idmapdlog(LOG_DEBUG, "%s: ad_unixgroup_attr=%s", me,
226 	    CHECK_NULL(pgcfg->ad_unixgroup_attr));
227 	idmapdlog(LOG_DEBUG, "%s: nldap_winname_attr=%s", me,
228 	    CHECK_NULL(pgcfg->nldap_winname_attr));
229 
230 	UNLOCK_CONFIG();
231 }
232 
233 int
234 create_directory(const char *path, uid_t uid, gid_t gid)
235 {
236 	int	rc;
237 
238 	if ((rc = mkdir(path, 0700)) < 0 && errno != EEXIST) {
239 		idmapdlog(LOG_ERR,
240 		    "%s: Error creating directory %s (%s)",
241 		    me, path, strerror(errno));
242 		return (-1);
243 	}
244 
245 	if (lchown(path, uid, gid) < 0) {
246 		idmapdlog(LOG_ERR,
247 		    "%s: Error creating directory %s (%s)",
248 		    me, path, strerror(errno));
249 		if (rc == 0)
250 			(void) rmdir(path);
251 		return (-1);
252 	}
253 	return (0);
254 }
255