xref: /onnv-gate/usr/src/cmd/idmap/idmapd/init.c (revision 6017) 
14520Snw141292 /*
24520Snw141292  * CDDL HEADER START
34520Snw141292  *
44520Snw141292  * The contents of this file are subject to the terms of the
54520Snw141292  * Common Development and Distribution License (the "License").
64520Snw141292  * You may not use this file except in compliance with the License.
74520Snw141292  *
84520Snw141292  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
94520Snw141292  * or http://www.opensolaris.org/os/licensing.
104520Snw141292  * See the License for the specific language governing permissions
114520Snw141292  * and limitations under the License.
124520Snw141292  *
134520Snw141292  * When distributing Covered Code, include this CDDL HEADER in each
144520Snw141292  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
154520Snw141292  * If applicable, add the following below this CDDL HEADER, with the
164520Snw141292  * fields enclosed by brackets "[]" replaced with your own identifying
174520Snw141292  * information: Portions Copyright [yyyy] [name of copyright owner]
184520Snw141292  *
194520Snw141292  * CDDL HEADER END
204520Snw141292  */
214520Snw141292 /*
225908Sjp151216  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
234520Snw141292  * Use is subject to license terms.
244520Snw141292  */
254520Snw141292 
264520Snw141292 #pragma ident	"%Z%%M%	%I%	%E% SMI"
274520Snw141292 
284520Snw141292 /*
294520Snw141292  * Initialization routines
304520Snw141292  */
314520Snw141292 
324520Snw141292 #include "idmapd.h"
334520Snw141292 #include <signal.h>
344520Snw141292 #include <thread.h>
354520Snw141292 #include <string.h>
364520Snw141292 #include <errno.h>
374520Snw141292 #include <assert.h>
384520Snw141292 #include <unistd.h>
394520Snw141292 #include <sys/types.h>
404520Snw141292 #include <sys/stat.h>
414695Sbaban #include <rpcsvc/daemon_utils.h>
424520Snw141292 
434520Snw141292 
444520Snw141292 int
455908Sjp151216 init_mapping_system()
465908Sjp151216 {
474695Sbaban 	int rc = 0;
484695Sbaban 
494520Snw141292 	if (rwlock_init(&_idmapdstate.rwlk_cfg, USYNC_THREAD, NULL) != 0)
504520Snw141292 		return (-1);
515731Sbaban 	if ((rc = load_config()) < 0)
525731Sbaban 		return (rc);
534695Sbaban 
544695Sbaban 	(void) setegid(DAEMON_GID);
554695Sbaban 	(void) seteuid(DAEMON_UID);
564520Snw141292 	if (init_dbs() < 0) {
574695Sbaban 		rc = -1;
584520Snw141292 		fini_mapping_system();
594520Snw141292 	}
604695Sbaban 	(void) seteuid(0);
614695Sbaban 	(void) setegid(0);
624695Sbaban 
634695Sbaban 	return (rc);
644520Snw141292 }
654520Snw141292 
664520Snw141292 void
675908Sjp151216 fini_mapping_system()
685908Sjp151216 {
694520Snw141292 	fini_dbs();
704520Snw141292 }
714520Snw141292 
724520Snw141292 int
735908Sjp151216 load_config()
745908Sjp151216 {
755447Snw141292 	int rc;
765317Sjp151216 	idmap_pg_config_t *pgcfg;
774520Snw141292 	if ((_idmapdstate.cfg = idmap_cfg_init()) == NULL) {
785968Snw141292 		degrade_svc("failed to initialize config");
794520Snw141292 		return (-1);
804520Snw141292 	}
815317Sjp151216 	pgcfg = &_idmapdstate.cfg->pgcfg;
825317Sjp151216 
835447Snw141292 	rc = idmap_cfg_load(&_idmapdstate.cfg->handles,
845447Snw141292 	    &_idmapdstate.cfg->pgcfg, 0);
855447Snw141292 	if (rc < -1) {
865447Snw141292 		/* Total failure */
875968Snw141292 		degrade_svc("fatal error while loading configuration");
885731Sbaban 		return (rc);
894520Snw141292 	}
905317Sjp151216 
915447Snw141292 	if (rc != 0)
925447Snw141292 		/* Partial failure */
93*6017Snw141292 		idmapdlog(LOG_ERR, "Various errors occurred while loading "
94*6017Snw141292 		    "the configuration; check the logs");
955447Snw141292 
965317Sjp151216 	if (pgcfg->global_catalog == NULL ||
975317Sjp151216 	    pgcfg->global_catalog[0].host[0] == '\0') {
985968Snw141292 		degrade_svc(
995968Snw141292 		    "global catalog server is not configured; AD lookup "
1005447Snw141292 		    "will fail until one or more global catalog server names "
1015447Snw141292 		    "are configured or discovered; auto-discovery will begin "
1025968Snw141292 		    "shortly");
1035447Snw141292 	} else {
1045447Snw141292 		restore_svc();
1055317Sjp151216 	}
1065317Sjp151216 
1075317Sjp151216 	(void) reload_ad();
1085317Sjp151216 
1095968Snw141292 	if ((rc = idmap_cfg_start_updates()) < 0) {
1105968Snw141292 		/* Total failure */
1115968Snw141292 		degrade_svc("could not start config updater");
1125968Snw141292 		return (rc);
1135968Snw141292 	}
1145447Snw141292 
115*6017Snw141292 	idmapdlog(LOG_DEBUG, "Initial configuration loaded");
1165447Snw141292 
1175317Sjp151216 	return (0);
1185317Sjp151216 }
1195317Sjp151216 
1205317Sjp151216 
1215317Sjp151216 int
1225908Sjp151216 reload_ad()
1235908Sjp151216 {
1245317Sjp151216 	int	i;
1255317Sjp151216 	ad_t	*old;
1265317Sjp151216 	ad_t	*new;
1275317Sjp151216 
1285317Sjp151216 	idmap_pg_config_t *pgcfg = &_idmapdstate.cfg->pgcfg;
1295317Sjp151216 
1305317Sjp151216 	if (pgcfg->default_domain == NULL ||
1315317Sjp151216 	    pgcfg->global_catalog == NULL) {
1325317Sjp151216 		if (_idmapdstate.ad == NULL)
133*6017Snw141292 			idmapdlog(LOG_ERR, "AD lookup disabled");
1345317Sjp151216 		else
135*6017Snw141292 			idmapdlog(LOG_ERR, "cannot update AD context");
1364520Snw141292 		return (-1);
1374520Snw141292 	}
1385317Sjp151216 
1395317Sjp151216 	old = _idmapdstate.ad;
1405317Sjp151216 
1415317Sjp151216 	if (idmap_ad_alloc(&new, pgcfg->default_domain,
1425317Sjp151216 	    IDMAP_AD_GLOBAL_CATALOG) != 0) {
1435968Snw141292 		degrade_svc("could not initialize AD context");
1444520Snw141292 		return (-1);
1454520Snw141292 	}
1465317Sjp151216 
1475317Sjp151216 	for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++) {
1485317Sjp151216 		if (idmap_add_ds(new,
1495317Sjp151216 		    pgcfg->global_catalog[i].host,
1505317Sjp151216 		    pgcfg->global_catalog[i].port) != 0) {
1515317Sjp151216 			idmap_ad_free(&new);
1525968Snw141292 			degrade_svc("could not initialize AD GC context");
1535317Sjp151216 			return (-1);
1545317Sjp151216 		}
1555317Sjp151216 	}
1565317Sjp151216 
1575317Sjp151216 	_idmapdstate.ad = new;
1585317Sjp151216 
1595317Sjp151216 	if (old != NULL)
1605317Sjp151216 		idmap_ad_free(&old);
1615317Sjp151216 
1624520Snw141292 	return (0);
1634520Snw141292 }
1644520Snw141292 
1655317Sjp151216 
1664520Snw141292 void
1675908Sjp151216 print_idmapdstate()
1685908Sjp151216 {
1695317Sjp151216 	int i;
1705731Sbaban 	idmap_pg_config_t *pgcfg;
1715317Sjp151216 
1724520Snw141292 	RDLOCK_CONFIG();
1734520Snw141292 
1745317Sjp151216 	if (_idmapdstate.cfg == NULL) {
175*6017Snw141292 		idmapdlog(LOG_INFO, "Null configuration");
1765317Sjp151216 		UNLOCK_CONFIG();
1775317Sjp151216 		return;
1784520Snw141292 	}
1795317Sjp151216 
1805731Sbaban 	pgcfg = &_idmapdstate.cfg->pgcfg;
1815731Sbaban 
182*6017Snw141292 	idmapdlog(LOG_DEBUG, "list_size_limit=%llu", pgcfg->list_size_limit);
183*6017Snw141292 	idmapdlog(LOG_DEBUG, "default_domain=%s",
1845317Sjp151216 	    CHECK_NULL(pgcfg->default_domain));
185*6017Snw141292 	idmapdlog(LOG_DEBUG, "domain_name=%s", CHECK_NULL(pgcfg->domain_name));
186*6017Snw141292 	idmapdlog(LOG_DEBUG, "machine_sid=%s", CHECK_NULL(pgcfg->machine_sid));
1875317Sjp151216 	if (pgcfg->domain_controller == NULL ||
1885317Sjp151216 	    pgcfg->domain_controller[0].host[0] == '\0') {
189*6017Snw141292 		idmapdlog(LOG_DEBUG, "No domain controllers known");
1905317Sjp151216 	} else {
1915317Sjp151216 		for (i = 0; pgcfg->domain_controller[i].host[0] != '\0'; i++)
192*6017Snw141292 			idmapdlog(LOG_DEBUG, "domain_controller=%s port=%d",
193*6017Snw141292 			    pgcfg->domain_controller[i].host,
1945317Sjp151216 			    pgcfg->domain_controller[i].port);
1955317Sjp151216 	}
196*6017Snw141292 	idmapdlog(LOG_DEBUG, "forest_name=%s", CHECK_NULL(pgcfg->forest_name));
197*6017Snw141292 	idmapdlog(LOG_DEBUG, "site_name=%s", CHECK_NULL(pgcfg->site_name));
1985317Sjp151216 	if (pgcfg->global_catalog == NULL ||
1995317Sjp151216 	    pgcfg->global_catalog[0].host[0] == '\0') {
200*6017Snw141292 		idmapdlog(LOG_DEBUG, "No global catalog servers known");
2015317Sjp151216 	} else {
2025317Sjp151216 		for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++)
203*6017Snw141292 			idmapdlog(LOG_DEBUG, "global_catalog=%s port=%d",
2045317Sjp151216 			    pgcfg->global_catalog[i].host,
2055317Sjp151216 			    pgcfg->global_catalog[i].port);
2065317Sjp151216 	}
207*6017Snw141292 	idmapdlog(LOG_DEBUG, "ds_name_mapping_enabled=%s",
2085731Sbaban 	    (pgcfg->ds_name_mapping_enabled == TRUE) ? "true" : "false");
209*6017Snw141292 	idmapdlog(LOG_DEBUG, "ad_unixuser_attr=%s",
2105731Sbaban 	    CHECK_NULL(pgcfg->ad_unixuser_attr));
211*6017Snw141292 	idmapdlog(LOG_DEBUG, "ad_unixgroup_attr=%s",
2125731Sbaban 	    CHECK_NULL(pgcfg->ad_unixgroup_attr));
213*6017Snw141292 	idmapdlog(LOG_DEBUG, "nldap_winname_attr=%s",
2145731Sbaban 	    CHECK_NULL(pgcfg->nldap_winname_attr));
2155317Sjp151216 
2164520Snw141292 	UNLOCK_CONFIG();
2174520Snw141292 }
2184520Snw141292 
2194520Snw141292 int
2205908Sjp151216 create_directory(const char *path, uid_t uid, gid_t gid)
2215908Sjp151216 {
2224520Snw141292 	int	rc;
2234520Snw141292 
2244520Snw141292 	if ((rc = mkdir(path, 0700)) < 0 && errno != EEXIST) {
225*6017Snw141292 		idmapdlog(LOG_ERR, "Error creating directory %s (%s)",
226*6017Snw141292 		    path, strerror(errno));
2274520Snw141292 		return (-1);
2284520Snw141292 	}
2294520Snw141292 
2304520Snw141292 	if (lchown(path, uid, gid) < 0) {
231*6017Snw141292 		idmapdlog(LOG_ERR, "Error creating directory %s (%s)",
232*6017Snw141292 		    path, strerror(errno));
2334520Snw141292 		if (rc == 0)
2344520Snw141292 			(void) rmdir(path);
2354520Snw141292 		return (-1);
2364520Snw141292 	}
2374520Snw141292 	return (0);
2384520Snw141292 }
239