xref: /onnv-gate/usr/src/cmd/idmap/idmapd/init.c (revision 5317:8c62b0b138cf) 
14520Snw141292 /*
24520Snw141292  * CDDL HEADER START
34520Snw141292  *
44520Snw141292  * The contents of this file are subject to the terms of the
54520Snw141292  * Common Development and Distribution License (the "License").
64520Snw141292  * You may not use this file except in compliance with the License.
74520Snw141292  *
84520Snw141292  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
94520Snw141292  * or http://www.opensolaris.org/os/licensing.
104520Snw141292  * See the License for the specific language governing permissions
114520Snw141292  * and limitations under the License.
124520Snw141292  *
134520Snw141292  * When distributing Covered Code, include this CDDL HEADER in each
144520Snw141292  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
154520Snw141292  * If applicable, add the following below this CDDL HEADER, with the
164520Snw141292  * fields enclosed by brackets "[]" replaced with your own identifying
174520Snw141292  * information: Portions Copyright [yyyy] [name of copyright owner]
184520Snw141292  *
194520Snw141292  * CDDL HEADER END
204520Snw141292  */
214520Snw141292 /*
224520Snw141292  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
234520Snw141292  * Use is subject to license terms.
244520Snw141292  */
254520Snw141292 
264520Snw141292 #pragma ident	"%Z%%M%	%I%	%E% SMI"
274520Snw141292 
284520Snw141292 /*
294520Snw141292  * Initialization routines
304520Snw141292  */
314520Snw141292 
324520Snw141292 #include "idmapd.h"
334520Snw141292 #include <signal.h>
344520Snw141292 #include <thread.h>
354520Snw141292 #include <string.h>
364520Snw141292 #include <errno.h>
374520Snw141292 #include <assert.h>
384520Snw141292 #include <unistd.h>
394520Snw141292 #include <sys/types.h>
404520Snw141292 #include <sys/stat.h>
414695Sbaban #include <rpcsvc/daemon_utils.h>
424520Snw141292 
434520Snw141292 static const char *me = "idmapd";
444520Snw141292 
454520Snw141292 int
464520Snw141292 init_mapping_system() {
474695Sbaban 	int rc = 0;
484695Sbaban 
494520Snw141292 	if (rwlock_init(&_idmapdstate.rwlk_cfg, USYNC_THREAD, NULL) != 0)
504520Snw141292 		return (-1);
514520Snw141292 	if (load_config() < 0)
524520Snw141292 		return (-1);
534695Sbaban 
544695Sbaban 	(void) setegid(DAEMON_GID);
554695Sbaban 	(void) seteuid(DAEMON_UID);
564520Snw141292 	if (init_dbs() < 0) {
574695Sbaban 		rc = -1;
584520Snw141292 		fini_mapping_system();
594520Snw141292 	}
604695Sbaban 	(void) seteuid(0);
614695Sbaban 	(void) setegid(0);
624695Sbaban 
634695Sbaban 	return (rc);
644520Snw141292 }
654520Snw141292 
664520Snw141292 void
674520Snw141292 fini_mapping_system() {
684520Snw141292 	fini_dbs();
694520Snw141292 }
704520Snw141292 
714520Snw141292 int
724520Snw141292 load_config() {
73*5317Sjp151216 	idmap_pg_config_t *pgcfg;
744520Snw141292 	if ((_idmapdstate.cfg = idmap_cfg_init()) == NULL) {
754644Sbaban 		idmapdlog(LOG_ERR, "%s: failed to initialize config", me);
76*5317Sjp151216 		degrade_svc();
774520Snw141292 		return (-1);
784520Snw141292 	}
79*5317Sjp151216 	pgcfg = &_idmapdstate.cfg->pgcfg;
80*5317Sjp151216 
81*5317Sjp151216 	if (idmap_cfg_load(&_idmapdstate.cfg->handles,
82*5317Sjp151216 	    &_idmapdstate.cfg->pgcfg) < 0) {
83*5317Sjp151216 		degrade_svc();
844644Sbaban 		idmapdlog(LOG_ERR, "%s: failed to load config", me);
854520Snw141292 		return (-1);
864520Snw141292 	}
87*5317Sjp151216 
88*5317Sjp151216 	if (pgcfg->default_domain == NULL ||
89*5317Sjp151216 	    pgcfg->default_domain[0] == '\0') {
90*5317Sjp151216 		idmapdlog(LOG_ERR, "%s: Default domain not configured; "
91*5317Sjp151216 		    "AD lookup disabled", me);
92*5317Sjp151216 		degrade_svc();
93*5317Sjp151216 	}
94*5317Sjp151216 	if (pgcfg->domain_name == NULL ||
95*5317Sjp151216 	    pgcfg->domain_name[0] == '\0') {
96*5317Sjp151216 		degrade_svc();
97*5317Sjp151216 		idmapdlog(LOG_ERR,
98*5317Sjp151216 		    "%s: AD joined domain is not configured; "
99*5317Sjp151216 		    "AD lookup disabled", me);
100*5317Sjp151216 	}
101*5317Sjp151216 	if (pgcfg->global_catalog == NULL ||
102*5317Sjp151216 	    pgcfg->global_catalog[0].host[0] == '\0') {
103*5317Sjp151216 		degrade_svc();
104*5317Sjp151216 		idmapdlog(LOG_ERR,
105*5317Sjp151216 		    "%s: Global catalog server is not configured; "
106*5317Sjp151216 		    "AD lookup disabled", me);
107*5317Sjp151216 	}
108*5317Sjp151216 
109*5317Sjp151216 	(void) reload_ad();
110*5317Sjp151216 
111*5317Sjp151216 	if (idmap_cfg_start_updates(_idmapdstate.cfg) < 0)
112*5317Sjp151216 		idmapdlog(LOG_ERR, "%s: could not start config updater",
1134520Snw141292 			me);
114*5317Sjp151216 	return (0);
115*5317Sjp151216 }
116*5317Sjp151216 
117*5317Sjp151216 
118*5317Sjp151216 int
119*5317Sjp151216 reload_ad() {
120*5317Sjp151216 	int	i;
121*5317Sjp151216 	ad_t	*old;
122*5317Sjp151216 	ad_t	*new;
123*5317Sjp151216 
124*5317Sjp151216 	idmap_pg_config_t *pgcfg = &_idmapdstate.cfg->pgcfg;
125*5317Sjp151216 
126*5317Sjp151216 	if (pgcfg->default_domain == NULL ||
127*5317Sjp151216 	    pgcfg->global_catalog == NULL) {
128*5317Sjp151216 		if (_idmapdstate.ad == NULL)
129*5317Sjp151216 			idmapdlog(LOG_ERR, "%s: AD lookup disabled", me);
130*5317Sjp151216 		else
131*5317Sjp151216 			idmapdlog(LOG_ERR, "%s: cannot update AD context", me);
1324520Snw141292 		return (-1);
1334520Snw141292 	}
134*5317Sjp151216 
135*5317Sjp151216 	old = _idmapdstate.ad;
136*5317Sjp151216 
137*5317Sjp151216 	if (idmap_ad_alloc(&new, pgcfg->default_domain,
138*5317Sjp151216 	    IDMAP_AD_GLOBAL_CATALOG) != 0) {
139*5317Sjp151216 		if (old == NULL)
140*5317Sjp151216 			degrade_svc();
141*5317Sjp151216 		idmapdlog(LOG_ERR, "%s: could not initialize AD context", me);
1424520Snw141292 		return (-1);
1434520Snw141292 	}
144*5317Sjp151216 
145*5317Sjp151216 	for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++) {
146*5317Sjp151216 		if (idmap_add_ds(new,
147*5317Sjp151216 		    pgcfg->global_catalog[i].host,
148*5317Sjp151216 		    pgcfg->global_catalog[i].port) != 0) {
149*5317Sjp151216 			idmap_ad_free(&new);
150*5317Sjp151216 			if (old == NULL)
151*5317Sjp151216 				degrade_svc();
152*5317Sjp151216 			idmapdlog(LOG_ERR,
153*5317Sjp151216 			    "%s: could not initialize AD DS context", me);
154*5317Sjp151216 			return (-1);
155*5317Sjp151216 		}
156*5317Sjp151216 	}
157*5317Sjp151216 
158*5317Sjp151216 	_idmapdstate.ad = new;
159*5317Sjp151216 
160*5317Sjp151216 	if (old != NULL)
161*5317Sjp151216 		idmap_ad_free(&old);
162*5317Sjp151216 
1634520Snw141292 	return (0);
1644520Snw141292 }
1654520Snw141292 
166*5317Sjp151216 
1674520Snw141292 void
1684520Snw141292 print_idmapdstate() {
169*5317Sjp151216 	int i;
170*5317Sjp151216 	idmap_pg_config_t *pgcfg = &_idmapdstate.cfg->pgcfg;
171*5317Sjp151216 
1724520Snw141292 	RDLOCK_CONFIG();
1734520Snw141292 
174*5317Sjp151216 	if (_idmapdstate.cfg == NULL) {
175*5317Sjp151216 		idmapdlog(LOG_INFO, "%s: Null configuration", me);
176*5317Sjp151216 		UNLOCK_CONFIG();
177*5317Sjp151216 		return;
1784520Snw141292 	}
179*5317Sjp151216 
180*5317Sjp151216 	idmapdlog(LOG_DEBUG, "%s: list_size_limit=%llu", me,
181*5317Sjp151216 	    pgcfg->list_size_limit);
182*5317Sjp151216 	idmapdlog(LOG_DEBUG, "%s: default_domain=%s", me,
183*5317Sjp151216 	    CHECK_NULL(pgcfg->default_domain));
184*5317Sjp151216 	idmapdlog(LOG_DEBUG, "%s: domain_name=%s", me,
185*5317Sjp151216 	    CHECK_NULL(pgcfg->domain_name));
186*5317Sjp151216 	idmapdlog(LOG_DEBUG, "%s: machine_sid=%s", me,
187*5317Sjp151216 	    CHECK_NULL(pgcfg->machine_sid));
188*5317Sjp151216 	if (pgcfg->domain_controller == NULL ||
189*5317Sjp151216 	    pgcfg->domain_controller[0].host[0] == '\0') {
190*5317Sjp151216 		idmapdlog(LOG_DEBUG, "%s: No domain controllers known", me);
191*5317Sjp151216 	} else {
192*5317Sjp151216 		for (i = 0; pgcfg->domain_controller[i].host[0] != '\0'; i++)
193*5317Sjp151216 			idmapdlog(LOG_DEBUG, "%s: domain_controller=%s port=%d",
194*5317Sjp151216 			    me, pgcfg->domain_controller[i].host,
195*5317Sjp151216 			    pgcfg->domain_controller[i].port);
196*5317Sjp151216 	}
197*5317Sjp151216 	idmapdlog(LOG_DEBUG, "%s: forest_name=%s", me,
198*5317Sjp151216 	    CHECK_NULL(pgcfg->forest_name));
199*5317Sjp151216 	idmapdlog(LOG_DEBUG, "%s: site_name=%s", me,
200*5317Sjp151216 	    CHECK_NULL(pgcfg->site_name));
201*5317Sjp151216 	if (pgcfg->global_catalog == NULL ||
202*5317Sjp151216 	    pgcfg->global_catalog[0].host[0] == '\0') {
203*5317Sjp151216 		idmapdlog(LOG_DEBUG, "%s: No global catalog servers known", me);
204*5317Sjp151216 	} else {
205*5317Sjp151216 		for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++)
206*5317Sjp151216 			idmapdlog(LOG_DEBUG, "%s: global_catalog=%s port=%d",
207*5317Sjp151216 			    me,
208*5317Sjp151216 			    pgcfg->global_catalog[i].host,
209*5317Sjp151216 			    pgcfg->global_catalog[i].port);
210*5317Sjp151216 	}
211*5317Sjp151216 
2124520Snw141292 	UNLOCK_CONFIG();
2134520Snw141292 }
2144520Snw141292 
2154520Snw141292 int
2164520Snw141292 create_directory(const char *path, uid_t uid, gid_t gid) {
2174520Snw141292 	int	rc;
2184520Snw141292 
2194520Snw141292 	if ((rc = mkdir(path, 0700)) < 0 && errno != EEXIST) {
2204520Snw141292 		idmapdlog(LOG_ERR,
2214520Snw141292 			"%s: Error creating directory %s (%s)",
2224520Snw141292 			me, path, strerror(errno));
2234520Snw141292 		return (-1);
2244520Snw141292 	}
2254520Snw141292 
2264520Snw141292 	if (lchown(path, uid, gid) < 0) {
2274520Snw141292 		idmapdlog(LOG_ERR,
2284520Snw141292 			"%s: Error creating directory %s (%s)",
2294520Snw141292 			me, path, strerror(errno));
2304520Snw141292 		if (rc == 0)
2314520Snw141292 			(void) rmdir(path);
2324520Snw141292 		return (-1);
2334520Snw141292 	}
2344520Snw141292 	return (0);
2354520Snw141292 }
236