10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*2830Sdjl * Common Development and Distribution License (the "License"). 6*2830Sdjl * You may not use this file except in compliance with the License. 70Sstevel@tonic-gate * 80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 100Sstevel@tonic-gate * See the License for the specific language governing permissions 110Sstevel@tonic-gate * and limitations under the License. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 180Sstevel@tonic-gate * 190Sstevel@tonic-gate * CDDL HEADER END 200Sstevel@tonic-gate */ 210Sstevel@tonic-gate /* 22*2830Sdjl * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 230Sstevel@tonic-gate * Use is subject to license terms. 240Sstevel@tonic-gate */ 250Sstevel@tonic-gate 260Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 270Sstevel@tonic-gate 280Sstevel@tonic-gate /* 290Sstevel@tonic-gate * ldapclient command. To make (initiailize) or uninitialize a machines as 300Sstevel@tonic-gate * and LDAP client. This command MUST be run as root (or it will simply exit). 310Sstevel@tonic-gate * 320Sstevel@tonic-gate * -I Install. No file_backup/recover for installing only (no doc). 330Sstevel@tonic-gate * 340Sstevel@tonic-gate * init Initialze (create) an LDAP client from a profile stored 350Sstevel@tonic-gate * in a directory-server. 360Sstevel@tonic-gate * manual Initialze (create) an LDAP client by hand (-file option 370Sstevel@tonic-gate * reads from file). 380Sstevel@tonic-gate * mod Modify the LDAP client configuration on this machine by hand. 390Sstevel@tonic-gate * list List the contents of the LDAP client cache files. 400Sstevel@tonic-gate * uninit Uninitialize this machine. 410Sstevel@tonic-gate * 420Sstevel@tonic-gate * -v Verbose flag. 430Sstevel@tonic-gate * -q Quiet flag (mutually exclusive with -v). 440Sstevel@tonic-gate * 450Sstevel@tonic-gate * -a attrName=attrVal 460Sstevel@tonic-gate * <attrName> can be one of the following: 470Sstevel@tonic-gate * 480Sstevel@tonic-gate * attributeMap 490Sstevel@tonic-gate * Attribute map. Can be multiple instances of this option. 500Sstevel@tonic-gate * (no former option) 510Sstevel@tonic-gate * authenticationMethod 520Sstevel@tonic-gate * Authentication method (formerly -a) 530Sstevel@tonic-gate * bindTimeLimit 540Sstevel@tonic-gate * Bind time limit. (no former option) 550Sstevel@tonic-gate * certificatePath 560Sstevel@tonic-gate * Path to certificates used for secure bind (no former option) 570Sstevel@tonic-gate * credentialLevel 580Sstevel@tonic-gate * Client credential level (no former option) 590Sstevel@tonic-gate * defaultServerList 600Sstevel@tonic-gate * Default server (no former option) Refer to DUA Config 610Sstevel@tonic-gate * Schema draft. 620Sstevel@tonic-gate * defaultSearchBase 630Sstevel@tonic-gate * Search Base DN. e.g. dc=eng,dc=sun,dc=com (formerly -b) 640Sstevel@tonic-gate * defaultSearchScope 650Sstevel@tonic-gate * Search scope. (formerly -s) 660Sstevel@tonic-gate * domainName 670Sstevel@tonic-gate * Hosts lookup domain (DNS) Ex. eng.sun.com (formerly -d) 680Sstevel@tonic-gate * followReferrals 690Sstevel@tonic-gate * Search dereference. followref or noref (default followref) 700Sstevel@tonic-gate * (formerly -r) 710Sstevel@tonic-gate * objectclassMap 720Sstevel@tonic-gate * Objectclass map. Can be multiple instances of this option. 730Sstevel@tonic-gate * (no former option) 740Sstevel@tonic-gate * preferredServerList 750Sstevel@tonic-gate * Server preference list. Comma ',' seperated list of IPaddr. 760Sstevel@tonic-gate * (formerly -p) 770Sstevel@tonic-gate * profileName 780Sstevel@tonic-gate * Profile name to use for init (ldapclient) or 790Sstevel@tonic-gate * generate (gen_profile). (formerly -P) 800Sstevel@tonic-gate * profileTTL 810Sstevel@tonic-gate * Client info TTL. If set to 0 this information will not be 820Sstevel@tonic-gate * automatically updated by the ldap_cachemgr(1M). 830Sstevel@tonic-gate * (formerly -e) 840Sstevel@tonic-gate * proxyDN 850Sstevel@tonic-gate * Binding DN. Ex. cn=client,ou=people,cd=eng,dc=sun,dc=com 860Sstevel@tonic-gate * (formerly -D) 870Sstevel@tonic-gate * proxyPassword 880Sstevel@tonic-gate * Client password not needed for authentication "none". 890Sstevel@tonic-gate * (formerly -w) 900Sstevel@tonic-gate * searchTimeLimit 910Sstevel@tonic-gate * Timeout value. (formerly -o) 920Sstevel@tonic-gate * serviceSearchDescriptor 930Sstevel@tonic-gate * Service search scope. (no former option) 940Sstevel@tonic-gate * serviceAuthenticationMethod 950Sstevel@tonic-gate * Service authenticaion method (no former option) 960Sstevel@tonic-gate * serviceCredentialLevel 970Sstevel@tonic-gate * Service credential level (no former option) 980Sstevel@tonic-gate * 990Sstevel@tonic-gate */ 1000Sstevel@tonic-gate 1010Sstevel@tonic-gate #include <stdlib.h> 1020Sstevel@tonic-gate #include <stdio.h> 1030Sstevel@tonic-gate #include <unistd.h> 1040Sstevel@tonic-gate #include <errno.h> 1050Sstevel@tonic-gate #include <sys/types.h> 1060Sstevel@tonic-gate #include <time.h> 1070Sstevel@tonic-gate #include <sys/param.h> 1080Sstevel@tonic-gate #include <sys/stat.h> 1090Sstevel@tonic-gate #include <sys/systeminfo.h> 1100Sstevel@tonic-gate #include <fcntl.h> 1110Sstevel@tonic-gate #include <xti.h> 1120Sstevel@tonic-gate #include <strings.h> 1130Sstevel@tonic-gate #include <limits.h> 1140Sstevel@tonic-gate #include <locale.h> 1150Sstevel@tonic-gate #include <syslog.h> 1160Sstevel@tonic-gate #include <libscf.h> 1170Sstevel@tonic-gate #include <assert.h> 118*2830Sdjl #include "ns_sldap.h" 119*2830Sdjl #include "ns_internal.h" 1200Sstevel@tonic-gate 1210Sstevel@tonic-gate #if !defined(TEXT_DOMAIN) 1220Sstevel@tonic-gate #define TEXT_DOMAIN "SUNW_OST_OSCMD" 1230Sstevel@tonic-gate #endif 1240Sstevel@tonic-gate 1250Sstevel@tonic-gate /* error codes */ 1260Sstevel@tonic-gate /* The manpage doc only allows for SUCCESS(0), FAIL(1) and CRED(2) on exit */ 1270Sstevel@tonic-gate #define CLIENT_SUCCESS 0 1280Sstevel@tonic-gate #define CLIENT_ERR_PARSE -1 1290Sstevel@tonic-gate #define CLIENT_ERR_FAIL 1 1300Sstevel@tonic-gate #define CLIENT_ERR_CREDENTIAL 2 1310Sstevel@tonic-gate #define CLIENT_ERR_MEMORY 3 1320Sstevel@tonic-gate #define CLIENT_ERR_RESTORE 4 1330Sstevel@tonic-gate #define CLIENT_ERR_RENAME 5 1340Sstevel@tonic-gate #define CLIENT_ERR_RECOVER 6 1350Sstevel@tonic-gate #define CLIENT_ERR_TIMEDOUT 7 1360Sstevel@tonic-gate #define CLIENT_ERR_MAINTENANCE 8 1370Sstevel@tonic-gate 1380Sstevel@tonic-gate /* Reset flag for start_services() */ 1390Sstevel@tonic-gate #define START_INIT 1 1400Sstevel@tonic-gate #define START_RESET 2 1410Sstevel@tonic-gate #define START_UNINIT 3 1420Sstevel@tonic-gate 1430Sstevel@tonic-gate /* Reset flag for stop_services() */ 1440Sstevel@tonic-gate #define STATE_NOSAVE 0 1450Sstevel@tonic-gate #define STATE_SAVE 1 1460Sstevel@tonic-gate 1470Sstevel@tonic-gate /* files to (possibiliy) restore */ 1480Sstevel@tonic-gate #define LDAP_RESTORE_DIR "/var/ldap/restore" 1490Sstevel@tonic-gate 1500Sstevel@tonic-gate #define DOMAINNAME_DIR "/etc" 1510Sstevel@tonic-gate #define DOMAINNAME_FILE "defaultdomain" 1520Sstevel@tonic-gate #define DOMAINNAME DOMAINNAME_DIR "/" DOMAINNAME_FILE 1530Sstevel@tonic-gate #define DOMAINNAME_BACK LDAP_RESTORE_DIR "/" DOMAINNAME_FILE 1540Sstevel@tonic-gate 1550Sstevel@tonic-gate #define NSSWITCH_DIR "/etc" 1560Sstevel@tonic-gate #define NSSWITCH_FILE "nsswitch.conf" 1570Sstevel@tonic-gate #define NSSWITCH_CONF NSSWITCH_DIR "/" NSSWITCH_FILE 1580Sstevel@tonic-gate #define NSSWITCH_BACK LDAP_RESTORE_DIR "/" NSSWITCH_FILE 1590Sstevel@tonic-gate #define NSSWITCH_LDAP "/etc/nsswitch.ldap" 1600Sstevel@tonic-gate 1610Sstevel@tonic-gate #define NIS_COLDSTART_DIR "/var/nis" 1620Sstevel@tonic-gate #define NIS_COLDSTART_FILE "NIS_COLD_START" 1630Sstevel@tonic-gate #define NIS_COLDSTART NIS_COLDSTART_DIR "/" NIS_COLDSTART_FILE 1640Sstevel@tonic-gate #define NIS_COLDSTART_BACK LDAP_RESTORE_DIR "/" NIS_COLDSTART_FILE 1650Sstevel@tonic-gate 1660Sstevel@tonic-gate #define YP_BIND_DIR "/var/yp/binding" 1670Sstevel@tonic-gate 1680Sstevel@tonic-gate /* Define the service FMRIs */ 1690Sstevel@tonic-gate #define SENDMAIL_FMRI "network/smtp:sendmail" 1700Sstevel@tonic-gate #define NSCD_FMRI "system/name-service-cache:default" 1710Sstevel@tonic-gate #define AUTOFS_FMRI "system/filesystem/autofs:default" 1720Sstevel@tonic-gate #define LDAP_FMRI "network/ldap/client:default" 1730Sstevel@tonic-gate #define NISD_FMRI "network/rpc/nisplus:default" 1740Sstevel@tonic-gate #define YP_FMRI "network/nis/client:default" 1750Sstevel@tonic-gate #define NS_MILESTONE_FMRI "milestone/name-services:default" 1760Sstevel@tonic-gate 1770Sstevel@tonic-gate /* Define flags for checking if services were enabled */ 1780Sstevel@tonic-gate #define SENDMAIL_ON 0x1 1790Sstevel@tonic-gate #define NSCD_ON 0x10 1800Sstevel@tonic-gate #define AUTOFS_ON 0x100 1810Sstevel@tonic-gate 1820Sstevel@tonic-gate #define CMD_DOMAIN_START "/usr/bin/domainname" 1830Sstevel@tonic-gate 1840Sstevel@tonic-gate /* Command to copy files */ 1850Sstevel@tonic-gate #define CMD_CP "/bin/cp -f" 1860Sstevel@tonic-gate #define CMD_MV "/bin/mv -f" 1870Sstevel@tonic-gate #define CMD_RM "/bin/rm -f" 1880Sstevel@tonic-gate 1890Sstevel@tonic-gate #define TO_DEV_NULL " >/dev/null 2>&1" 1900Sstevel@tonic-gate 1910Sstevel@tonic-gate /* Files that need to be just removed */ 1920Sstevel@tonic-gate #define NIS_PRIVATE_CACHE "/var/nis/.NIS_PRIVATE_DIRCACHE" 1930Sstevel@tonic-gate #define NIS_SHARED_CACHE "/var/nis/NIS_SHARED_DIRCACHE" 1940Sstevel@tonic-gate #define NIS_CLIENT_INFO "/var/nis/client_info" 1950Sstevel@tonic-gate #define LDAP_CACHE_LOG "/var/ldap/cachemgr.log" 1960Sstevel@tonic-gate 1970Sstevel@tonic-gate /* Output defines to supress if quiet mode set */ 1980Sstevel@tonic-gate #define CLIENT_FPUTS if (!mode_quiet) (void) fputs 1990Sstevel@tonic-gate #define CLIENT_FPRINTF if (!mode_quiet) (void) fprintf 2000Sstevel@tonic-gate #define CLIENT_FPUTC if (!mode_quiet) (void) fputc 2010Sstevel@tonic-gate 2020Sstevel@tonic-gate #define restart_service(fmri, waitflag)\ 2030Sstevel@tonic-gate do_service(fmri, waitflag, RESTART_SERVICE,\ 2040Sstevel@tonic-gate SCF_STATE_STRING_ONLINE) 2050Sstevel@tonic-gate #define start_service(fmri, waitflag) \ 2060Sstevel@tonic-gate do_service(fmri, waitflag, START_SERVICE,\ 2070Sstevel@tonic-gate SCF_STATE_STRING_ONLINE) 2080Sstevel@tonic-gate #define disable_service(fmri, waitflag) \ 2090Sstevel@tonic-gate do_service(fmri, waitflag, STOP_SERVICE,\ 2100Sstevel@tonic-gate SCF_STATE_STRING_DISABLED) 2110Sstevel@tonic-gate 2120Sstevel@tonic-gate /* 2130Sstevel@tonic-gate * There isn't a domainName defined as a param, so we set a value here 2140Sstevel@tonic-gate * (1001) should be big enough 2150Sstevel@tonic-gate */ 2160Sstevel@tonic-gate #define LOCAL_DOMAIN_P 1001 2170Sstevel@tonic-gate 2180Sstevel@tonic-gate #define START_SERVICE 1 2190Sstevel@tonic-gate #define STOP_SERVICE 2 2200Sstevel@tonic-gate #define RESTART_SERVICE 3 2210Sstevel@tonic-gate 2220Sstevel@tonic-gate #define DEFAULT_TIMEOUT 60000000 2230Sstevel@tonic-gate 2240Sstevel@tonic-gate #define INIT_WAIT_USECS 50000 2250Sstevel@tonic-gate 2260Sstevel@tonic-gate /* Used to turn off profile checking */ 2270Sstevel@tonic-gate #define CACHETTL_OFF "0" 2280Sstevel@tonic-gate 2290Sstevel@tonic-gate /* Globals */ 2300Sstevel@tonic-gate static char *cmd; 2310Sstevel@tonic-gate 2320Sstevel@tonic-gate static char *dname = NULL; 2330Sstevel@tonic-gate static char dname_buf[BUFSIZ]; 2340Sstevel@tonic-gate 2350Sstevel@tonic-gate static boolean_t sysid_install = B_FALSE; 2360Sstevel@tonic-gate 2370Sstevel@tonic-gate static int mode_verbose = 0; 2380Sstevel@tonic-gate static int mode_quiet = 0; 2390Sstevel@tonic-gate static int gen = 0; 2400Sstevel@tonic-gate 2410Sstevel@tonic-gate static int gStartLdap = 0; 2420Sstevel@tonic-gate static int gStartYp = 0; 2430Sstevel@tonic-gate static int gStartNisd = 0; 2440Sstevel@tonic-gate 2450Sstevel@tonic-gate static int enableFlag = 0; 2460Sstevel@tonic-gate 2470Sstevel@tonic-gate /* multival_t is used to hold params that can have more than one value */ 2480Sstevel@tonic-gate typedef struct { 2490Sstevel@tonic-gate int count; 2500Sstevel@tonic-gate char **optlist; 2510Sstevel@tonic-gate } multival_t; 2520Sstevel@tonic-gate 2530Sstevel@tonic-gate static multival_t *multival_new(); 2540Sstevel@tonic-gate static int multival_add(multival_t *list, char *opt); 2550Sstevel@tonic-gate static void multival_free(multival_t *list); 2560Sstevel@tonic-gate 2570Sstevel@tonic-gate /* 2580Sstevel@tonic-gate * clientopts_t is used to hold and pass around the param values from 2590Sstevel@tonic-gate * the cmd line 2600Sstevel@tonic-gate */ 2610Sstevel@tonic-gate typedef struct { 2620Sstevel@tonic-gate multival_t *attributeMap; 2630Sstevel@tonic-gate char *authenticationMethod; 2640Sstevel@tonic-gate char *bindTimeLimit; 2650Sstevel@tonic-gate char *certificatePath; 2660Sstevel@tonic-gate char *credentialLevel; 2670Sstevel@tonic-gate char *defaultSearchBase; 2680Sstevel@tonic-gate char *defaultServerList; 2690Sstevel@tonic-gate char *domainName; 2700Sstevel@tonic-gate char *followReferrals; 2710Sstevel@tonic-gate multival_t *objectclassMap; 2720Sstevel@tonic-gate char *preferredServerList; 2730Sstevel@tonic-gate char *profileName; 2740Sstevel@tonic-gate char *profileTTL; 2750Sstevel@tonic-gate char *proxyDN; 2760Sstevel@tonic-gate char *proxyPassword; 2770Sstevel@tonic-gate char *defaultSearchScope; 2780Sstevel@tonic-gate char *searchTimeLimit; 2790Sstevel@tonic-gate multival_t *serviceAuthenticationMethod; 2800Sstevel@tonic-gate multival_t *serviceCredentialLevel; 2810Sstevel@tonic-gate multival_t *serviceSearchDescriptor; 2820Sstevel@tonic-gate } clientopts_t; 2830Sstevel@tonic-gate 2840Sstevel@tonic-gate static clientopts_t *clientopts_new(); 2850Sstevel@tonic-gate static void clientopts_free(clientopts_t *list); 2860Sstevel@tonic-gate 2870Sstevel@tonic-gate extern ns_ldap_error_t *__ns_ldap_print_config(int); 2880Sstevel@tonic-gate extern void __ns_ldap_default_config(); 289*2830Sdjl extern int __ns_ldap_download(const char *, char *, char *, ns_ldap_error_t **); 2900Sstevel@tonic-gate 2910Sstevel@tonic-gate /* Function prototypes (these could be static) */ 2920Sstevel@tonic-gate static void usage(void); 2930Sstevel@tonic-gate 2940Sstevel@tonic-gate static int credCheck(clientopts_t *arglist); 2950Sstevel@tonic-gate static char *findBaseDN(char *); 2960Sstevel@tonic-gate static int clientSetParam(clientopts_t *optlist, int paramFlag, char *attrVal); 2970Sstevel@tonic-gate static int parseParam(char *param, char **paramVal); 2980Sstevel@tonic-gate static void dumpargs(clientopts_t *arglist); 2990Sstevel@tonic-gate static int num_args(clientopts_t *arglist); 3000Sstevel@tonic-gate 3010Sstevel@tonic-gate static int file_backup(void); 3020Sstevel@tonic-gate static int recover(int saveState); 3030Sstevel@tonic-gate static int mod_backup(void); 3040Sstevel@tonic-gate static int mod_recover(void); 3050Sstevel@tonic-gate static void mod_cleanup(void); 3060Sstevel@tonic-gate 3070Sstevel@tonic-gate static int client_list(clientopts_t *arglist); 3080Sstevel@tonic-gate static int client_manual(clientopts_t *arglist); 3090Sstevel@tonic-gate static int client_mod(clientopts_t *arglist); 3100Sstevel@tonic-gate static int client_uninit(clientopts_t *arglist); 3110Sstevel@tonic-gate static int client_genProfile(clientopts_t *arglist); 3120Sstevel@tonic-gate static int client_init(clientopts_t *arglist); 3130Sstevel@tonic-gate static boolean_t is_config_ok(const clientopts_t *list, boolean_t get_config); 3140Sstevel@tonic-gate static int file_move(const char *from, const char *to); 3150Sstevel@tonic-gate 3160Sstevel@tonic-gate static int start_services(int flag); 3170Sstevel@tonic-gate static int stop_services(int saveState); 3180Sstevel@tonic-gate static boolean_t is_service(const char *fmri, const char *state); 3190Sstevel@tonic-gate static int wait_till(const char *fmri, const char *state, useconds_t max, 3200Sstevel@tonic-gate const char *what, boolean_t check_maint); 3210Sstevel@tonic-gate static int do_service(const char *fmri, boolean_t waitflag, int dowhat, 3220Sstevel@tonic-gate const char *state); 3230Sstevel@tonic-gate static useconds_t get_timeout_value(int dowhat, const char *fmri, 3240Sstevel@tonic-gate useconds_t default_val); 3250Sstevel@tonic-gate 326702Sth160488 int 327702Sth160488 main(int argc, char **argv) 3280Sstevel@tonic-gate { 3290Sstevel@tonic-gate char *ret_locale, *ret_textdomain; 3300Sstevel@tonic-gate int retcode; 3310Sstevel@tonic-gate int paramFlag; 3320Sstevel@tonic-gate char *attrVal; 3330Sstevel@tonic-gate int sysinfostatus; 3340Sstevel@tonic-gate clientopts_t *optlist = NULL; 3350Sstevel@tonic-gate int op_manual = 0, op_mod = 0, op_uninit = 0; 3360Sstevel@tonic-gate int op_list = 0, op_init = 0, op_genprofile = 0; 3370Sstevel@tonic-gate extern char *optarg; 3380Sstevel@tonic-gate extern int optind; 3390Sstevel@tonic-gate int option; 3400Sstevel@tonic-gate 3410Sstevel@tonic-gate 3420Sstevel@tonic-gate ret_locale = setlocale(LC_ALL, ""); 3430Sstevel@tonic-gate if (ret_locale == NULL) { 3440Sstevel@tonic-gate CLIENT_FPUTS(gettext("Unable to set locale.\n"), stderr); 3450Sstevel@tonic-gate } 3460Sstevel@tonic-gate ret_textdomain = textdomain(TEXT_DOMAIN); 3470Sstevel@tonic-gate if (ret_textdomain == NULL) { 3480Sstevel@tonic-gate CLIENT_FPUTS(gettext("Unable to set textdomain.\n"), stderr); 3490Sstevel@tonic-gate } 3500Sstevel@tonic-gate 3510Sstevel@tonic-gate openlog("ldapclient", LOG_PID, LOG_USER); 3520Sstevel@tonic-gate 3530Sstevel@tonic-gate /* get name that invoked us */ 3540Sstevel@tonic-gate if (cmd = strrchr(argv[0], '/')) 3550Sstevel@tonic-gate ++cmd; 3560Sstevel@tonic-gate else 3570Sstevel@tonic-gate cmd = argv[0]; 3580Sstevel@tonic-gate 3590Sstevel@tonic-gate sysinfostatus = sysinfo(SI_SRPC_DOMAIN, dname_buf, BUFSIZ); 3600Sstevel@tonic-gate if (0 < sysinfostatus) 3610Sstevel@tonic-gate dname = &dname_buf[0]; 3620Sstevel@tonic-gate 3630Sstevel@tonic-gate optlist = clientopts_new(); 3640Sstevel@tonic-gate if (optlist == NULL) { 3650Sstevel@tonic-gate CLIENT_FPUTS( 3660Sstevel@tonic-gate gettext("Error getting optlist (malloc fail)\n"), 3670Sstevel@tonic-gate stderr); 3680Sstevel@tonic-gate exit(CLIENT_ERR_FAIL); 3690Sstevel@tonic-gate } 3700Sstevel@tonic-gate 3710Sstevel@tonic-gate optind = 1; 3720Sstevel@tonic-gate while (optind < argc) { 3730Sstevel@tonic-gate option = getopt(argc, argv, "vqa:I"); 3740Sstevel@tonic-gate 3750Sstevel@tonic-gate switch (option) { 3760Sstevel@tonic-gate case 'v': 3770Sstevel@tonic-gate mode_verbose = 1; 3780Sstevel@tonic-gate break; 3790Sstevel@tonic-gate case 'q': 3800Sstevel@tonic-gate mode_quiet = 1; 3810Sstevel@tonic-gate break; 3820Sstevel@tonic-gate case 'a': 3830Sstevel@tonic-gate attrVal = NULL; 3840Sstevel@tonic-gate paramFlag = parseParam(optarg, &attrVal); 3850Sstevel@tonic-gate if (paramFlag == CLIENT_ERR_PARSE) { 3860Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 3870Sstevel@tonic-gate gettext("Unrecognized " 3880Sstevel@tonic-gate "parameter \"%s\"\n"), 3890Sstevel@tonic-gate optarg); 3900Sstevel@tonic-gate usage(); 3910Sstevel@tonic-gate exit(CLIENT_ERR_FAIL); 3920Sstevel@tonic-gate } 3930Sstevel@tonic-gate retcode = clientSetParam(optlist, paramFlag, attrVal); 3940Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 3950Sstevel@tonic-gate CLIENT_FPRINTF( 3960Sstevel@tonic-gate stderr, 3970Sstevel@tonic-gate gettext("Error (%d) setting " 3980Sstevel@tonic-gate "param \"%s\"\n"), 3990Sstevel@tonic-gate retcode, optarg); 4000Sstevel@tonic-gate usage(); 4010Sstevel@tonic-gate exit(CLIENT_ERR_FAIL); 4020Sstevel@tonic-gate } 4030Sstevel@tonic-gate break; 4040Sstevel@tonic-gate case EOF: 4050Sstevel@tonic-gate if (strcmp(argv[optind], "init") == 0) { 4060Sstevel@tonic-gate op_init = 1; 4070Sstevel@tonic-gate } else if (strcmp(argv[optind], "manual") == 0) { 4080Sstevel@tonic-gate op_manual = 1; 4090Sstevel@tonic-gate } else if (strcmp(argv[optind], "mod") == 0) { 4100Sstevel@tonic-gate op_mod = 1; 4110Sstevel@tonic-gate } else if (strcmp(argv[optind], "list") == 0) { 4120Sstevel@tonic-gate op_list = 1; 4130Sstevel@tonic-gate } else if (strcmp(argv[optind], "uninit") == 0) { 4140Sstevel@tonic-gate op_uninit = 1; 4150Sstevel@tonic-gate } else if (strcmp(argv[optind], "genprofile") == 0) { 4160Sstevel@tonic-gate gen = 1; 4170Sstevel@tonic-gate op_genprofile = 1; 4180Sstevel@tonic-gate } else if (optind == argc-1) { 4190Sstevel@tonic-gate retcode = clientSetParam( 4200Sstevel@tonic-gate optlist, 4210Sstevel@tonic-gate NS_LDAP_SERVERS_P, 4220Sstevel@tonic-gate argv[optind]); /* ipAddr */ 4230Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 4240Sstevel@tonic-gate CLIENT_FPRINTF( 4250Sstevel@tonic-gate stderr, 4260Sstevel@tonic-gate gettext("Error (%d) setting " 4270Sstevel@tonic-gate "serverList param.\n"), 4280Sstevel@tonic-gate retcode); 4290Sstevel@tonic-gate usage(); 4300Sstevel@tonic-gate exit(CLIENT_ERR_FAIL); 4310Sstevel@tonic-gate } 4320Sstevel@tonic-gate } else { 4330Sstevel@tonic-gate CLIENT_FPUTS( 4340Sstevel@tonic-gate gettext("Error parsing " 4350Sstevel@tonic-gate "command line\n"), 4360Sstevel@tonic-gate stderr); 4370Sstevel@tonic-gate usage(); 4380Sstevel@tonic-gate exit(CLIENT_ERR_FAIL); 4390Sstevel@tonic-gate } 4400Sstevel@tonic-gate optind++; /* get past the verb and keep trying */ 4410Sstevel@tonic-gate break; 4420Sstevel@tonic-gate /* Backwards compatibility to support system install */ 4430Sstevel@tonic-gate case 'I': 4440Sstevel@tonic-gate sysid_install = B_TRUE; 4450Sstevel@tonic-gate op_init = 1; 4460Sstevel@tonic-gate mode_quiet = 1; 4470Sstevel@tonic-gate break; 4480Sstevel@tonic-gate case '?': 4490Sstevel@tonic-gate usage(); 4500Sstevel@tonic-gate CLIENT_FPUTS(gettext("\nOr\n\n"), stderr); 4510Sstevel@tonic-gate gen = 1; 4520Sstevel@tonic-gate usage(); 4530Sstevel@tonic-gate exit(CLIENT_ERR_FAIL); 4540Sstevel@tonic-gate break; 4550Sstevel@tonic-gate } 4560Sstevel@tonic-gate 4570Sstevel@tonic-gate } 4580Sstevel@tonic-gate 4590Sstevel@tonic-gate if ((getuid() != 0) && (!op_genprofile)) { 4600Sstevel@tonic-gate (void) puts( 4610Sstevel@tonic-gate "You must be root (SuperUser) to run this command."); 4620Sstevel@tonic-gate usage(); 4630Sstevel@tonic-gate exit(CLIENT_ERR_FAIL); 4640Sstevel@tonic-gate } 4650Sstevel@tonic-gate 4660Sstevel@tonic-gate /* 4670Sstevel@tonic-gate * All command line arguments are finished being parsed now 4680Sstevel@tonic-gate */ 4690Sstevel@tonic-gate 4700Sstevel@tonic-gate /* *** Do semantic checking here *** */ 4710Sstevel@tonic-gate 4720Sstevel@tonic-gate /* if gen and no no searchBase then err */ 4730Sstevel@tonic-gate if (gen && !optlist->defaultSearchBase) { 4740Sstevel@tonic-gate CLIENT_FPUTS( 4750Sstevel@tonic-gate gettext("ldapclient: Missing required attrName " 4760Sstevel@tonic-gate "defaultSearchBase\n"), 4770Sstevel@tonic-gate stderr); 4780Sstevel@tonic-gate usage(); 4790Sstevel@tonic-gate clientopts_free(optlist); 4800Sstevel@tonic-gate exit(CLIENT_ERR_FAIL); 4810Sstevel@tonic-gate } 4820Sstevel@tonic-gate 4830Sstevel@tonic-gate /* Only one verb can be specified */ 4840Sstevel@tonic-gate if ((op_init + op_manual + op_mod + op_uninit + 4850Sstevel@tonic-gate op_list + op_genprofile) != 1) { 4860Sstevel@tonic-gate usage(); 4870Sstevel@tonic-gate clientopts_free(optlist); 4880Sstevel@tonic-gate exit(CLIENT_ERR_FAIL); 4890Sstevel@tonic-gate } 4900Sstevel@tonic-gate 4910Sstevel@tonic-gate /* *** We passed semantic checking, so now do the operation *** */ 4920Sstevel@tonic-gate 4930Sstevel@tonic-gate if (mode_verbose) { 4940Sstevel@tonic-gate CLIENT_FPUTS(gettext("Arguments parsed:\n"), stderr); 4950Sstevel@tonic-gate dumpargs(optlist); 4960Sstevel@tonic-gate } 4970Sstevel@tonic-gate 4980Sstevel@tonic-gate 4990Sstevel@tonic-gate /* handle "ldapclient list" here. err checking done in func */ 5000Sstevel@tonic-gate if (op_list) { 5010Sstevel@tonic-gate if (mode_verbose) 5020Sstevel@tonic-gate CLIENT_FPUTS( 5030Sstevel@tonic-gate gettext("Handling list option\n"), 5040Sstevel@tonic-gate stderr); 5050Sstevel@tonic-gate retcode = client_list(optlist); 5060Sstevel@tonic-gate } 5070Sstevel@tonic-gate 5080Sstevel@tonic-gate /* handle "ldapclient uninit" here */ 5090Sstevel@tonic-gate if (op_uninit) { 5100Sstevel@tonic-gate if (mode_verbose) 5110Sstevel@tonic-gate CLIENT_FPUTS( 5120Sstevel@tonic-gate gettext("Handling uninit option\n"), 5130Sstevel@tonic-gate stderr); 5140Sstevel@tonic-gate retcode = client_uninit(optlist); 5150Sstevel@tonic-gate } 5160Sstevel@tonic-gate 5170Sstevel@tonic-gate /* handle "ldapclient init" (profile) */ 5180Sstevel@tonic-gate if (op_init) { 5190Sstevel@tonic-gate if (mode_verbose) 5200Sstevel@tonic-gate CLIENT_FPUTS( 5210Sstevel@tonic-gate gettext("Handling init option\n"), 5220Sstevel@tonic-gate stderr); 5230Sstevel@tonic-gate retcode = client_init(optlist); 5240Sstevel@tonic-gate } 5250Sstevel@tonic-gate 5260Sstevel@tonic-gate /* handle "genprofile" here */ 5270Sstevel@tonic-gate if (op_genprofile) { 5280Sstevel@tonic-gate if (mode_verbose) 5290Sstevel@tonic-gate CLIENT_FPUTS( 5300Sstevel@tonic-gate gettext("Handling genProfile\n"), 5310Sstevel@tonic-gate stderr); 5320Sstevel@tonic-gate retcode = client_genProfile(optlist); 5330Sstevel@tonic-gate } 5340Sstevel@tonic-gate 5350Sstevel@tonic-gate /* handle "ldapclient manual" here */ 5360Sstevel@tonic-gate if (op_manual) { 5370Sstevel@tonic-gate if (mode_verbose) 5380Sstevel@tonic-gate CLIENT_FPUTS( 5390Sstevel@tonic-gate gettext("Handling manual option\n"), 5400Sstevel@tonic-gate stderr); 5410Sstevel@tonic-gate retcode = client_manual(optlist); 5420Sstevel@tonic-gate } 5430Sstevel@tonic-gate 5440Sstevel@tonic-gate /* handle "ldapclient mod" here */ 5450Sstevel@tonic-gate if (op_mod) { 5460Sstevel@tonic-gate if (mode_verbose) 5470Sstevel@tonic-gate CLIENT_FPUTS( 5480Sstevel@tonic-gate gettext("Handling mod option\n"), 5490Sstevel@tonic-gate stderr); 5500Sstevel@tonic-gate retcode = client_mod(optlist); 5510Sstevel@tonic-gate } 5520Sstevel@tonic-gate 5530Sstevel@tonic-gate clientopts_free(optlist); 5540Sstevel@tonic-gate if ((retcode == CLIENT_SUCCESS) || 5550Sstevel@tonic-gate (retcode == CLIENT_ERR_FAIL) || 5560Sstevel@tonic-gate (retcode == CLIENT_ERR_CREDENTIAL)) 557*2830Sdjl return (retcode); 5580Sstevel@tonic-gate else 559*2830Sdjl return (CLIENT_ERR_FAIL); 5600Sstevel@tonic-gate } 5610Sstevel@tonic-gate 5620Sstevel@tonic-gate static int 5630Sstevel@tonic-gate client_list(clientopts_t *arglist) 5640Sstevel@tonic-gate { 5650Sstevel@tonic-gate ns_ldap_error_t *errorp; 5660Sstevel@tonic-gate int retcode = CLIENT_SUCCESS; 5670Sstevel@tonic-gate 5680Sstevel@tonic-gate if (num_args(arglist) > 0) { 5690Sstevel@tonic-gate CLIENT_FPUTS( 5700Sstevel@tonic-gate gettext("No args supported with \"list\" option\n"), 5710Sstevel@tonic-gate stderr); 5720Sstevel@tonic-gate usage(); 5730Sstevel@tonic-gate return (CLIENT_ERR_FAIL); /* exit code here ? */ 5740Sstevel@tonic-gate } 5750Sstevel@tonic-gate if ((errorp = __ns_ldap_print_config(mode_verbose)) != NULL) { 5760Sstevel@tonic-gate retcode = CLIENT_ERR_FAIL; 5770Sstevel@tonic-gate CLIENT_FPUTS( 5780Sstevel@tonic-gate gettext("Cannot get print configuration\n"), 5790Sstevel@tonic-gate stderr); 5800Sstevel@tonic-gate CLIENT_FPUTS(errorp->message, stderr); 5810Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp); 5820Sstevel@tonic-gate CLIENT_FPUTC('\n', stderr); 5830Sstevel@tonic-gate } 5840Sstevel@tonic-gate 5850Sstevel@tonic-gate return (retcode); 5860Sstevel@tonic-gate } 5870Sstevel@tonic-gate 5880Sstevel@tonic-gate static int 5890Sstevel@tonic-gate client_uninit(clientopts_t *arglist) 5900Sstevel@tonic-gate { 5910Sstevel@tonic-gate int retcode = CLIENT_SUCCESS; 592*2830Sdjl ns_ldap_self_gssapi_config_t config = NS_LDAP_SELF_GSSAPI_CONFIG_NONE; 5930Sstevel@tonic-gate 5940Sstevel@tonic-gate if (mode_verbose) { 5950Sstevel@tonic-gate CLIENT_FPUTS( 5960Sstevel@tonic-gate gettext("Restoring machine to previous " 5970Sstevel@tonic-gate "configuration state\n"), 5980Sstevel@tonic-gate stderr); 5990Sstevel@tonic-gate } 6000Sstevel@tonic-gate 6010Sstevel@tonic-gate if (num_args(arglist) > 0) { 6020Sstevel@tonic-gate CLIENT_FPUTS( 6030Sstevel@tonic-gate gettext("No args supported with \"uninit\" option\n"), 6040Sstevel@tonic-gate stderr); 6050Sstevel@tonic-gate usage(); 6060Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 6070Sstevel@tonic-gate } 6080Sstevel@tonic-gate 609*2830Sdjl (void) __ns_ldap_self_gssapi_config(&config); 610*2830Sdjl 6110Sstevel@tonic-gate retcode = stop_services(STATE_SAVE); 612*2830Sdjl 613*2830Sdjl if (config != NS_LDAP_SELF_GSSAPI_CONFIG_NONE) 614*2830Sdjl (void) system("/usr/sbin/cryptoadm enable metaslot"); 615*2830Sdjl 6160Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 6170Sstevel@tonic-gate CLIENT_FPUTS( 6180Sstevel@tonic-gate gettext("Errors stopping network services.\n"), stderr); 6190Sstevel@tonic-gate /* restart whatever services we can */ 6200Sstevel@tonic-gate (void) start_services(START_RESET); 6210Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 6220Sstevel@tonic-gate } 6230Sstevel@tonic-gate 6240Sstevel@tonic-gate retcode = recover(STATE_SAVE); 6250Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 6260Sstevel@tonic-gate CLIENT_FPUTS( 6270Sstevel@tonic-gate gettext("Cannot recover the configuration on " 6280Sstevel@tonic-gate "this machine.\n"), 6290Sstevel@tonic-gate stderr); 6300Sstevel@tonic-gate (void) start_services(START_RESET); 6310Sstevel@tonic-gate } else { 6320Sstevel@tonic-gate retcode = start_services(START_UNINIT); 6330Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 6340Sstevel@tonic-gate CLIENT_FPUTS( 6350Sstevel@tonic-gate gettext("Config restored but problems " 6360Sstevel@tonic-gate "encountered resetting network " 6370Sstevel@tonic-gate "services.\n"), 6380Sstevel@tonic-gate stderr); 6390Sstevel@tonic-gate } 6400Sstevel@tonic-gate } 6410Sstevel@tonic-gate 6420Sstevel@tonic-gate if (retcode == CLIENT_SUCCESS) { 6430Sstevel@tonic-gate CLIENT_FPUTS( 6440Sstevel@tonic-gate gettext("System successfully recovered\n"), 6450Sstevel@tonic-gate stderr); 6460Sstevel@tonic-gate } 6470Sstevel@tonic-gate 6480Sstevel@tonic-gate return (retcode); 6490Sstevel@tonic-gate } 6500Sstevel@tonic-gate 6510Sstevel@tonic-gate /* 6520Sstevel@tonic-gate * The following macro is used to do a __ns_ldap_setParam(). 6530Sstevel@tonic-gate * On every call, the return code is checked, and if there was 6540Sstevel@tonic-gate * a problem then the error message is printed, the ldaperr 6550Sstevel@tonic-gate * is freed and we return from the function with the offending 6560Sstevel@tonic-gate * error return code. This macro keeps us from having to 6570Sstevel@tonic-gate * repeat this code for every call to setParam as was done 6580Sstevel@tonic-gate * in the previous incarnation of ldapclient. 6590Sstevel@tonic-gate * 6600Sstevel@tonic-gate * assumes a "retcode" variable is available for status 6610Sstevel@tonic-gate */ 6620Sstevel@tonic-gate #define LDAP_SET_PARAM(argval, argdef) \ 6630Sstevel@tonic-gate retcode = 0; \ 6640Sstevel@tonic-gate if (NULL != argval) { \ 6650Sstevel@tonic-gate ns_ldap_error_t *ldaperr; \ 6660Sstevel@tonic-gate retcode = __ns_ldap_setParam(argdef, (void *)argval, &ldaperr); \ 6670Sstevel@tonic-gate if (retcode != NS_LDAP_SUCCESS) { \ 6680Sstevel@tonic-gate if (NULL != ldaperr) { \ 6690Sstevel@tonic-gate CLIENT_FPUTS(ldaperr->message, stderr); \ 6700Sstevel@tonic-gate CLIENT_FPUTC('\n', stderr); \ 6710Sstevel@tonic-gate (void) __ns_ldap_freeError(&ldaperr); \ 6720Sstevel@tonic-gate } \ 6730Sstevel@tonic-gate return (retcode ? CLIENT_ERR_FAIL : CLIENT_SUCCESS); \ 6740Sstevel@tonic-gate } \ 6750Sstevel@tonic-gate } 6760Sstevel@tonic-gate 6770Sstevel@tonic-gate static int 6780Sstevel@tonic-gate client_manual(clientopts_t *arglist) 6790Sstevel@tonic-gate { 6800Sstevel@tonic-gate int counter; 6810Sstevel@tonic-gate int domain_fp; 6820Sstevel@tonic-gate ns_ldap_error_t *errorp; 6830Sstevel@tonic-gate int ret_copy; 6840Sstevel@tonic-gate int reset_ret; 6850Sstevel@tonic-gate int retcode = CLIENT_SUCCESS; 6860Sstevel@tonic-gate 6870Sstevel@tonic-gate if (dname == NULL) { 6880Sstevel@tonic-gate CLIENT_FPUTS( 6890Sstevel@tonic-gate gettext("Manual failed: System domain not set and " 6900Sstevel@tonic-gate "no domainName specified.\n"), 6910Sstevel@tonic-gate stderr); 6920Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 6930Sstevel@tonic-gate } 6940Sstevel@tonic-gate 6950Sstevel@tonic-gate if (arglist->defaultSearchBase == NULL) { 6960Sstevel@tonic-gate CLIENT_FPUTS( 6970Sstevel@tonic-gate gettext("Manual failed: Missing required " 6980Sstevel@tonic-gate "defaultSearchBase attribute.\n"), 6990Sstevel@tonic-gate stderr); 7000Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 7010Sstevel@tonic-gate } 7020Sstevel@tonic-gate 7030Sstevel@tonic-gate if ((arglist->defaultServerList == NULL) && 7040Sstevel@tonic-gate (arglist->preferredServerList == NULL)) { 7050Sstevel@tonic-gate CLIENT_FPUTS( 7060Sstevel@tonic-gate gettext("Manual failed: Missing required " 7070Sstevel@tonic-gate "defaultServerList or preferredServerList " 7080Sstevel@tonic-gate "attribute.\n"), 7090Sstevel@tonic-gate stderr); 7100Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 7110Sstevel@tonic-gate } 7120Sstevel@tonic-gate 7130Sstevel@tonic-gate if (arglist->profileTTL != NULL) { 7140Sstevel@tonic-gate CLIENT_FPUTS( 7150Sstevel@tonic-gate gettext("Manual aborted: profileTTL is not supported " 7160Sstevel@tonic-gate "in manual mode.\n"), 7170Sstevel@tonic-gate stderr); 7180Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 7190Sstevel@tonic-gate } 7200Sstevel@tonic-gate 7210Sstevel@tonic-gate if (arglist->profileName != NULL) { 7220Sstevel@tonic-gate CLIENT_FPUTS( 7230Sstevel@tonic-gate gettext("Manual aborted: profileName is not supported " 7240Sstevel@tonic-gate "in manual mode.\n"), 7250Sstevel@tonic-gate stderr); 7260Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 7270Sstevel@tonic-gate } 7280Sstevel@tonic-gate 7290Sstevel@tonic-gate if (!is_config_ok(arglist, B_FALSE)) { 7300Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 7310Sstevel@tonic-gate gettext("Cannot specify LDAP port with tls\n")); 7320Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 7330Sstevel@tonic-gate } 7340Sstevel@tonic-gate 7350Sstevel@tonic-gate __ns_ldap_setServer(TRUE); /* Need this for _ns_setParam() */ 7360Sstevel@tonic-gate __ns_ldap_default_config(); 7370Sstevel@tonic-gate 7380Sstevel@tonic-gate /* Set version to latest (not version 1) */ 7390Sstevel@tonic-gate LDAP_SET_PARAM(NS_LDAP_VERSION, NS_LDAP_FILE_VERSION_P); 7400Sstevel@tonic-gate 7410Sstevel@tonic-gate /* Set profileTTL to 0 since NO profile on manual */ 7420Sstevel@tonic-gate LDAP_SET_PARAM(CACHETTL_OFF, NS_LDAP_CACHETTL_P); 7430Sstevel@tonic-gate 7440Sstevel@tonic-gate /* Set additional valid params from command line */ 7450Sstevel@tonic-gate LDAP_SET_PARAM(arglist->authenticationMethod, NS_LDAP_AUTH_P); 7460Sstevel@tonic-gate LDAP_SET_PARAM(arglist->defaultSearchBase, NS_LDAP_SEARCH_BASEDN_P); 7470Sstevel@tonic-gate LDAP_SET_PARAM(arglist->credentialLevel, NS_LDAP_CREDENTIAL_LEVEL_P); 7480Sstevel@tonic-gate LDAP_SET_PARAM(arglist->proxyDN, NS_LDAP_BINDDN_P); 7490Sstevel@tonic-gate LDAP_SET_PARAM(arglist->searchTimeLimit, NS_LDAP_SEARCH_TIME_P); 7500Sstevel@tonic-gate LDAP_SET_PARAM(arglist->preferredServerList, NS_LDAP_SERVER_PREF_P); 7510Sstevel@tonic-gate LDAP_SET_PARAM(arglist->profileName, NS_LDAP_PROFILE_P); 7520Sstevel@tonic-gate LDAP_SET_PARAM(arglist->followReferrals, NS_LDAP_SEARCH_REF_P); 7530Sstevel@tonic-gate LDAP_SET_PARAM(arglist->defaultSearchScope, NS_LDAP_SEARCH_SCOPE_P); 7540Sstevel@tonic-gate LDAP_SET_PARAM(arglist->bindTimeLimit, NS_LDAP_BIND_TIME_P); 7550Sstevel@tonic-gate LDAP_SET_PARAM(arglist->proxyPassword, NS_LDAP_BINDPASSWD_P); 7560Sstevel@tonic-gate LDAP_SET_PARAM(arglist->defaultServerList, NS_LDAP_SERVERS_P); 7570Sstevel@tonic-gate LDAP_SET_PARAM(arglist->certificatePath, NS_LDAP_HOST_CERTPATH_P); 7580Sstevel@tonic-gate 7590Sstevel@tonic-gate for (counter = 0; 7600Sstevel@tonic-gate counter < arglist->serviceAuthenticationMethod->count; 7610Sstevel@tonic-gate counter++) { 7620Sstevel@tonic-gate 7630Sstevel@tonic-gate LDAP_SET_PARAM( 7640Sstevel@tonic-gate arglist->serviceAuthenticationMethod->optlist[counter], 7650Sstevel@tonic-gate NS_LDAP_SERVICE_AUTH_METHOD_P); 7660Sstevel@tonic-gate } 7670Sstevel@tonic-gate for (counter = 0; 7680Sstevel@tonic-gate counter < arglist->serviceCredentialLevel->count; 7690Sstevel@tonic-gate counter++) { 7700Sstevel@tonic-gate 7710Sstevel@tonic-gate LDAP_SET_PARAM( 7720Sstevel@tonic-gate arglist->serviceCredentialLevel->optlist[counter], 7730Sstevel@tonic-gate NS_LDAP_SERVICE_CRED_LEVEL_P); 7740Sstevel@tonic-gate } 7750Sstevel@tonic-gate for (counter = 0; 7760Sstevel@tonic-gate counter < arglist->objectclassMap->count; 7770Sstevel@tonic-gate counter++) { 7780Sstevel@tonic-gate 7790Sstevel@tonic-gate LDAP_SET_PARAM(arglist->objectclassMap->optlist[counter], 7800Sstevel@tonic-gate NS_LDAP_OBJECTCLASSMAP_P); 7810Sstevel@tonic-gate } 7820Sstevel@tonic-gate for (counter = 0; counter < arglist->attributeMap->count; counter++) { 7830Sstevel@tonic-gate LDAP_SET_PARAM(arglist->attributeMap->optlist[counter], 7840Sstevel@tonic-gate NS_LDAP_ATTRIBUTEMAP_P); 7850Sstevel@tonic-gate } 7860Sstevel@tonic-gate for (counter = 0; 7870Sstevel@tonic-gate counter < arglist->serviceSearchDescriptor->count; 7880Sstevel@tonic-gate counter++) { 7890Sstevel@tonic-gate 7900Sstevel@tonic-gate LDAP_SET_PARAM( 7910Sstevel@tonic-gate arglist->serviceSearchDescriptor->optlist[counter], 7920Sstevel@tonic-gate NS_LDAP_SERVICE_SEARCH_DESC_P); 7930Sstevel@tonic-gate } 7940Sstevel@tonic-gate 7950Sstevel@tonic-gate retcode = credCheck(arglist); 7960Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 7970Sstevel@tonic-gate CLIENT_FPUTS( 7980Sstevel@tonic-gate gettext("Error in setting up credentials\n"), 7990Sstevel@tonic-gate stderr); 8000Sstevel@tonic-gate return (retcode); 8010Sstevel@tonic-gate } 8020Sstevel@tonic-gate 8030Sstevel@tonic-gate if (mode_verbose) 8040Sstevel@tonic-gate CLIENT_FPUTS( 8050Sstevel@tonic-gate gettext("About to modify this machines " 8060Sstevel@tonic-gate "configuration by writing the files\n"), 8070Sstevel@tonic-gate stderr); 8080Sstevel@tonic-gate 8090Sstevel@tonic-gate /* get ready to start playing with files */ 8100Sstevel@tonic-gate retcode = stop_services(STATE_SAVE); 8110Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 8120Sstevel@tonic-gate CLIENT_FPUTS( 8130Sstevel@tonic-gate gettext("Errors stopping network services.\n"), stderr); 8140Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 8150Sstevel@tonic-gate } 8160Sstevel@tonic-gate 8170Sstevel@tonic-gate /* Save orig versions of files */ 8180Sstevel@tonic-gate retcode = file_backup(); 8190Sstevel@tonic-gate if (retcode == CLIENT_ERR_RESTORE) { 8200Sstevel@tonic-gate CLIENT_FPUTS( 8210Sstevel@tonic-gate gettext("System not in state to enable ldap client.\n"), 8220Sstevel@tonic-gate stderr); 8230Sstevel@tonic-gate 8240Sstevel@tonic-gate reset_ret = start_services(START_RESET); 8250Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 8260Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 8270Sstevel@tonic-gate "starting services during reset\n"), 8280Sstevel@tonic-gate reset_ret); 8290Sstevel@tonic-gate } 8300Sstevel@tonic-gate return (retcode); 8310Sstevel@tonic-gate } else if (retcode != CLIENT_SUCCESS) { 8320Sstevel@tonic-gate CLIENT_FPUTS( 8330Sstevel@tonic-gate gettext("Save of system configuration failed! " 8340Sstevel@tonic-gate "Attempting recovery.\n"), 8350Sstevel@tonic-gate stderr); 8360Sstevel@tonic-gate retcode = recover(STATE_NOSAVE); 8370Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 8380Sstevel@tonic-gate CLIENT_FPUTS( 8390Sstevel@tonic-gate gettext("Recovery of systems configuration " 8400Sstevel@tonic-gate "failed. Manual intervention of " 8410Sstevel@tonic-gate "config files is required.\n"), 8420Sstevel@tonic-gate stderr); 8430Sstevel@tonic-gate return (retcode); 8440Sstevel@tonic-gate } 8450Sstevel@tonic-gate 8460Sstevel@tonic-gate reset_ret = start_services(START_RESET); 8470Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 8480Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 8490Sstevel@tonic-gate "starting services during reset\n"), 8500Sstevel@tonic-gate reset_ret); 8510Sstevel@tonic-gate } 8520Sstevel@tonic-gate 8530Sstevel@tonic-gate return (retcode); 8540Sstevel@tonic-gate } 8550Sstevel@tonic-gate 8560Sstevel@tonic-gate /* Dump new files */ 8570Sstevel@tonic-gate errorp = __ns_ldap_DumpConfiguration(NSCONFIGFILE); 8580Sstevel@tonic-gate if (errorp != NULL) { 8590Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 8600Sstevel@tonic-gate gettext("%s manual: errorp is not NULL; %s\n"), 8610Sstevel@tonic-gate cmd, errorp->message); 8620Sstevel@tonic-gate retcode = recover(STATE_NOSAVE); 8630Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 8640Sstevel@tonic-gate CLIENT_FPUTS( 8650Sstevel@tonic-gate gettext("Recovery of systems configuration " 8660Sstevel@tonic-gate "failed. Manual intervention of " 8670Sstevel@tonic-gate "config files is required.\n"), 8680Sstevel@tonic-gate stderr); 8690Sstevel@tonic-gate return (retcode); 8700Sstevel@tonic-gate } 8710Sstevel@tonic-gate reset_ret = start_services(START_RESET); 8720Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 8730Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 8740Sstevel@tonic-gate "starting services during reset\n"), 8750Sstevel@tonic-gate reset_ret); 8760Sstevel@tonic-gate } 8770Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp); 8780Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 8790Sstevel@tonic-gate } 8800Sstevel@tonic-gate 8810Sstevel@tonic-gate /* if (credargs(arglist)) */ 8820Sstevel@tonic-gate errorp = __ns_ldap_DumpConfiguration(NSCREDFILE); 8830Sstevel@tonic-gate if (errorp != NULL) { 8840Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 8850Sstevel@tonic-gate gettext("%s init: errorp is not NULL; %s\n"), 8860Sstevel@tonic-gate cmd, errorp->message); 8870Sstevel@tonic-gate retcode = recover(STATE_NOSAVE); 8880Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 8890Sstevel@tonic-gate CLIENT_FPUTS( 8900Sstevel@tonic-gate gettext("Recovery of systems configuration " 8910Sstevel@tonic-gate "failed. Manual intervention of " 8920Sstevel@tonic-gate "config files is required.\n"), 8930Sstevel@tonic-gate stderr); 8940Sstevel@tonic-gate return (retcode); 8950Sstevel@tonic-gate } 8960Sstevel@tonic-gate reset_ret = start_services(START_RESET); 8970Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 8980Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 8990Sstevel@tonic-gate "starting services during reset\n"), 9000Sstevel@tonic-gate reset_ret); 9010Sstevel@tonic-gate } 9020Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp); 9030Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 9040Sstevel@tonic-gate } 9050Sstevel@tonic-gate 9060Sstevel@tonic-gate ret_copy = system(CMD_CP " " NSSWITCH_LDAP " " NSSWITCH_CONF); 9070Sstevel@tonic-gate if (ret_copy != 0) { 9080Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 9090Sstevel@tonic-gate gettext("Error %d copying (%s) -> (%s)\n"), 9100Sstevel@tonic-gate ret_copy, NSSWITCH_LDAP, NSSWITCH_CONF); 9110Sstevel@tonic-gate retcode = recover(STATE_NOSAVE); 9120Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 9130Sstevel@tonic-gate CLIENT_FPUTS( 9140Sstevel@tonic-gate gettext("Recovery of systems configuration " 9150Sstevel@tonic-gate "failed. Manual intervention of " 9160Sstevel@tonic-gate "config files is required.\n"), 9170Sstevel@tonic-gate stderr); 9180Sstevel@tonic-gate } 9190Sstevel@tonic-gate reset_ret = start_services(START_RESET); 9200Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 9210Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 9220Sstevel@tonic-gate "starting services during reset\n"), 9230Sstevel@tonic-gate reset_ret); 9240Sstevel@tonic-gate } 9250Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 9260Sstevel@tonic-gate } 9270Sstevel@tonic-gate 9280Sstevel@tonic-gate if ((domain_fp = open(DOMAINNAME, O_WRONLY|O_CREAT|O_TRUNC, 9290Sstevel@tonic-gate S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)) == -1) { /* 0644 */ 9300Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Cannot open %s\n"), DOMAINNAME); 9310Sstevel@tonic-gate retcode = recover(STATE_NOSAVE); 9320Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 9330Sstevel@tonic-gate CLIENT_FPUTS( 9340Sstevel@tonic-gate gettext("Recovery of systems configuration " 9350Sstevel@tonic-gate "failed. Manual intervention of " 9360Sstevel@tonic-gate "config files is required.\n"), 9370Sstevel@tonic-gate stderr); 9380Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 9390Sstevel@tonic-gate } 9400Sstevel@tonic-gate reset_ret = start_services(START_RESET); 9410Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 9420Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 9430Sstevel@tonic-gate "starting services during reset\n"), 9440Sstevel@tonic-gate reset_ret); 9450Sstevel@tonic-gate } 9460Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 9470Sstevel@tonic-gate } 9480Sstevel@tonic-gate (void) write(domain_fp, dname, strlen(dname)); 9490Sstevel@tonic-gate (void) write(domain_fp, "\n", 1); 9500Sstevel@tonic-gate (void) close(domain_fp); 9510Sstevel@tonic-gate 9520Sstevel@tonic-gate retcode = start_services(START_INIT); 9530Sstevel@tonic-gate 9540Sstevel@tonic-gate if (retcode == CLIENT_SUCCESS) { 9550Sstevel@tonic-gate CLIENT_FPUTS(gettext("System successfully configured\n"), 9560Sstevel@tonic-gate stderr); 9570Sstevel@tonic-gate } else { 9580Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error resetting system.\n" 9590Sstevel@tonic-gate "Recovering old system settings.\n"), stderr), 9600Sstevel@tonic-gate 9610Sstevel@tonic-gate /* stop any started services for recover */ 9620Sstevel@tonic-gate /* don't stomp on history of saved services state */ 9630Sstevel@tonic-gate reset_ret = stop_services(STATE_NOSAVE); 9640Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 9650Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 9660Sstevel@tonic-gate "stopping services during reset\n"), 9670Sstevel@tonic-gate reset_ret); 9680Sstevel@tonic-gate /* Coninue and try to recover what we can */ 9690Sstevel@tonic-gate } 9700Sstevel@tonic-gate reset_ret = recover(STATE_NOSAVE); 9710Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 9720Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 9730Sstevel@tonic-gate "recovering service files during " 9740Sstevel@tonic-gate "reset\n"), reset_ret); 9750Sstevel@tonic-gate /* Continue and start what we can */ 9760Sstevel@tonic-gate } 9770Sstevel@tonic-gate reset_ret = start_services(START_RESET); 9780Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 9790Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 9800Sstevel@tonic-gate "starting services during reset\n"), 9810Sstevel@tonic-gate reset_ret); 9820Sstevel@tonic-gate } 9830Sstevel@tonic-gate } 9840Sstevel@tonic-gate 9850Sstevel@tonic-gate return (retcode); 9860Sstevel@tonic-gate } 9870Sstevel@tonic-gate 9880Sstevel@tonic-gate static int 9890Sstevel@tonic-gate client_mod(clientopts_t *arglist) 9900Sstevel@tonic-gate { 9910Sstevel@tonic-gate int counter; 9920Sstevel@tonic-gate int domain_fp; 9930Sstevel@tonic-gate ns_ldap_error_t *errorp; 9940Sstevel@tonic-gate int reset_ret; 9950Sstevel@tonic-gate int retcode = CLIENT_SUCCESS; 9960Sstevel@tonic-gate 9970Sstevel@tonic-gate __ns_ldap_setServer(TRUE); /* Need this for _ns_setParam() */ 9980Sstevel@tonic-gate if ((errorp = __ns_ldap_LoadConfiguration()) != NULL) { 9990Sstevel@tonic-gate CLIENT_FPUTS(gettext("Cannot get load configuration\n"), 10000Sstevel@tonic-gate stderr); 10010Sstevel@tonic-gate CLIENT_FPUTS(errorp->message, stderr); 10020Sstevel@tonic-gate CLIENT_FPUTC('\n', stderr); 10030Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp); 10040Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 10050Sstevel@tonic-gate } 10060Sstevel@tonic-gate 10070Sstevel@tonic-gate if (arglist->profileTTL != NULL) { 10080Sstevel@tonic-gate CLIENT_FPUTS( 10090Sstevel@tonic-gate gettext("Mod aborted: profileTTL modification is " 10100Sstevel@tonic-gate "not allowed in mod mode.\n"), 10110Sstevel@tonic-gate stderr); 10120Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 10130Sstevel@tonic-gate } 10140Sstevel@tonic-gate 10150Sstevel@tonic-gate if (arglist->profileName != NULL) { 10160Sstevel@tonic-gate CLIENT_FPUTS( 10170Sstevel@tonic-gate gettext("Mod aborted: profileName modification is " 10180Sstevel@tonic-gate "not allowed. If you want to use profiles " 10190Sstevel@tonic-gate "generate one with genProfile and load it " 10200Sstevel@tonic-gate "on the server with ldapadd.\n"), 10210Sstevel@tonic-gate stderr); 10220Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 10230Sstevel@tonic-gate } 10240Sstevel@tonic-gate 10250Sstevel@tonic-gate if (!is_config_ok(arglist, B_TRUE)) { 10260Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 10270Sstevel@tonic-gate gettext("Cannot specify LDAP port with tls\n")); 10280Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 10290Sstevel@tonic-gate } 10300Sstevel@tonic-gate 10310Sstevel@tonic-gate /* Set additional valid params from command line */ 10320Sstevel@tonic-gate LDAP_SET_PARAM(arglist->authenticationMethod, NS_LDAP_AUTH_P); 10330Sstevel@tonic-gate LDAP_SET_PARAM(arglist->defaultSearchBase, NS_LDAP_SEARCH_BASEDN_P); 10340Sstevel@tonic-gate LDAP_SET_PARAM(arglist->credentialLevel, NS_LDAP_CREDENTIAL_LEVEL_P); 10350Sstevel@tonic-gate LDAP_SET_PARAM(arglist->proxyDN, NS_LDAP_BINDDN_P); 10360Sstevel@tonic-gate LDAP_SET_PARAM(arglist->profileTTL, NS_LDAP_CACHETTL_P); 10370Sstevel@tonic-gate LDAP_SET_PARAM(arglist->searchTimeLimit, NS_LDAP_SEARCH_TIME_P); 10380Sstevel@tonic-gate LDAP_SET_PARAM(arglist->preferredServerList, NS_LDAP_SERVER_PREF_P); 10390Sstevel@tonic-gate LDAP_SET_PARAM(arglist->profileName, NS_LDAP_PROFILE_P); 10400Sstevel@tonic-gate LDAP_SET_PARAM(arglist->followReferrals, NS_LDAP_SEARCH_REF_P); 10410Sstevel@tonic-gate LDAP_SET_PARAM(arglist->defaultSearchScope, NS_LDAP_SEARCH_SCOPE_P); 10420Sstevel@tonic-gate LDAP_SET_PARAM(arglist->bindTimeLimit, NS_LDAP_BIND_TIME_P); 10430Sstevel@tonic-gate LDAP_SET_PARAM(arglist->proxyPassword, NS_LDAP_BINDPASSWD_P); 10440Sstevel@tonic-gate LDAP_SET_PARAM(arglist->defaultServerList, NS_LDAP_SERVERS_P); 10450Sstevel@tonic-gate LDAP_SET_PARAM(arglist->certificatePath, NS_LDAP_HOST_CERTPATH_P); 10460Sstevel@tonic-gate 10470Sstevel@tonic-gate for (counter = 0; 10480Sstevel@tonic-gate counter < arglist->serviceAuthenticationMethod->count; 10490Sstevel@tonic-gate counter++) { 10500Sstevel@tonic-gate 10510Sstevel@tonic-gate LDAP_SET_PARAM( 10520Sstevel@tonic-gate arglist->serviceAuthenticationMethod->optlist[counter], 10530Sstevel@tonic-gate NS_LDAP_SERVICE_AUTH_METHOD_P); 10540Sstevel@tonic-gate } 10550Sstevel@tonic-gate for (counter = 0; 10560Sstevel@tonic-gate counter < arglist->serviceCredentialLevel->count; 10570Sstevel@tonic-gate counter++) { 10580Sstevel@tonic-gate 10590Sstevel@tonic-gate LDAP_SET_PARAM( 10600Sstevel@tonic-gate arglist->serviceCredentialLevel->optlist[counter], 10610Sstevel@tonic-gate NS_LDAP_SERVICE_CRED_LEVEL_P); 10620Sstevel@tonic-gate } 10630Sstevel@tonic-gate for (counter = 0; 10640Sstevel@tonic-gate counter < arglist->objectclassMap->count; 10650Sstevel@tonic-gate counter++) { 10660Sstevel@tonic-gate 10670Sstevel@tonic-gate LDAP_SET_PARAM( 10680Sstevel@tonic-gate arglist->objectclassMap->optlist[counter], 10690Sstevel@tonic-gate NS_LDAP_OBJECTCLASSMAP_P); 10700Sstevel@tonic-gate } 10710Sstevel@tonic-gate for (counter = 0; 10720Sstevel@tonic-gate counter < arglist->attributeMap->count; 10730Sstevel@tonic-gate counter++) { 10740Sstevel@tonic-gate 10750Sstevel@tonic-gate LDAP_SET_PARAM( 10760Sstevel@tonic-gate arglist->attributeMap->optlist[counter], 10770Sstevel@tonic-gate NS_LDAP_ATTRIBUTEMAP_P); 10780Sstevel@tonic-gate } 10790Sstevel@tonic-gate for (counter = 0; 10800Sstevel@tonic-gate counter < arglist->serviceSearchDescriptor->count; 10810Sstevel@tonic-gate counter++) { 10820Sstevel@tonic-gate 10830Sstevel@tonic-gate LDAP_SET_PARAM( 10840Sstevel@tonic-gate arglist->serviceSearchDescriptor->optlist[counter], 10850Sstevel@tonic-gate NS_LDAP_SERVICE_SEARCH_DESC_P); 10860Sstevel@tonic-gate } 10870Sstevel@tonic-gate 10880Sstevel@tonic-gate retcode = credCheck(arglist); 10890Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 10900Sstevel@tonic-gate CLIENT_FPUTS( 10910Sstevel@tonic-gate gettext("Error in setting up credentials\n"), 10920Sstevel@tonic-gate stderr); 10930Sstevel@tonic-gate return (retcode); 10940Sstevel@tonic-gate } 10950Sstevel@tonic-gate 10960Sstevel@tonic-gate if (mode_verbose) 10970Sstevel@tonic-gate CLIENT_FPUTS( 10980Sstevel@tonic-gate gettext("About to modify this machines configuration " 10990Sstevel@tonic-gate "by writing the files\n"), 11000Sstevel@tonic-gate stderr); 11010Sstevel@tonic-gate 11020Sstevel@tonic-gate /* get ready to start playing with files */ 11030Sstevel@tonic-gate retcode = stop_services(STATE_SAVE); 11040Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 11050Sstevel@tonic-gate CLIENT_FPUTS( 11060Sstevel@tonic-gate gettext("Errors stopping network services.\n"), stderr); 11070Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 11080Sstevel@tonic-gate } 11090Sstevel@tonic-gate 11100Sstevel@tonic-gate /* Temporarily save orig versions of files */ 11110Sstevel@tonic-gate retcode = mod_backup(); 11120Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 11130Sstevel@tonic-gate CLIENT_FPUTS( 11140Sstevel@tonic-gate gettext("Unable to backup the ldap client files!\n"), 11150Sstevel@tonic-gate stderr); 11160Sstevel@tonic-gate 11170Sstevel@tonic-gate return (retcode); 11180Sstevel@tonic-gate 11190Sstevel@tonic-gate } 11200Sstevel@tonic-gate 11210Sstevel@tonic-gate /* Dump new files */ 11220Sstevel@tonic-gate errorp = __ns_ldap_DumpConfiguration(NSCONFIGFILE); 11230Sstevel@tonic-gate if (errorp != NULL) { 11240Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 11250Sstevel@tonic-gate gettext("%s mod: errorp is not NULL; %s\n"), 11260Sstevel@tonic-gate cmd, errorp->message); 11270Sstevel@tonic-gate retcode = mod_recover(); 11280Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 11290Sstevel@tonic-gate CLIENT_FPUTS( 11300Sstevel@tonic-gate gettext("Recovery of systems configuration " 11310Sstevel@tonic-gate "failed. Manual intervention of " 11320Sstevel@tonic-gate "config files is required.\n"), 11330Sstevel@tonic-gate stderr); 11340Sstevel@tonic-gate } 11350Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp); 11360Sstevel@tonic-gate reset_ret = start_services(START_RESET); 11370Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 11380Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 11390Sstevel@tonic-gate "starting services during reset\n"), 11400Sstevel@tonic-gate reset_ret); 11410Sstevel@tonic-gate } 11420Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 11430Sstevel@tonic-gate } 11440Sstevel@tonic-gate 11450Sstevel@tonic-gate /* if (credargs(arglist)) */ 11460Sstevel@tonic-gate errorp = __ns_ldap_DumpConfiguration(NSCREDFILE); 11470Sstevel@tonic-gate if (errorp != NULL) { 11480Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 11490Sstevel@tonic-gate gettext("%s mod: errorp is not NULL; %s\n"), 11500Sstevel@tonic-gate cmd, errorp->message); 11510Sstevel@tonic-gate retcode = mod_recover(); 11520Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 11530Sstevel@tonic-gate CLIENT_FPUTS( 11540Sstevel@tonic-gate gettext("Recovery of systems configuration " 11550Sstevel@tonic-gate "failed. Manual intervention of " 11560Sstevel@tonic-gate "config files is required.\n"), 11570Sstevel@tonic-gate stderr); 11580Sstevel@tonic-gate } 11590Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp); 11600Sstevel@tonic-gate reset_ret = start_services(START_RESET); 11610Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 11620Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 11630Sstevel@tonic-gate "starting services during reset\n"), 11640Sstevel@tonic-gate reset_ret); 11650Sstevel@tonic-gate } 11660Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 11670Sstevel@tonic-gate } 11680Sstevel@tonic-gate 11690Sstevel@tonic-gate if ((domain_fp = open(DOMAINNAME, O_WRONLY|O_CREAT|O_TRUNC, 11700Sstevel@tonic-gate S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)) == -1) { /* 0644 */ 11710Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Cannot open %s\n"), DOMAINNAME); 11720Sstevel@tonic-gate retcode = mod_recover(); 11730Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 11740Sstevel@tonic-gate CLIENT_FPUTS( 11750Sstevel@tonic-gate gettext("Recovery of systems configuration " 11760Sstevel@tonic-gate "failed! Machine needs to be " 11770Sstevel@tonic-gate "fixed!\n"), 11780Sstevel@tonic-gate stderr); 11790Sstevel@tonic-gate } 11800Sstevel@tonic-gate reset_ret = start_services(START_RESET); 11810Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 11820Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 11830Sstevel@tonic-gate "starting services during reset\n"), 11840Sstevel@tonic-gate reset_ret); 11850Sstevel@tonic-gate } 11860Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 11870Sstevel@tonic-gate } 11880Sstevel@tonic-gate (void) write(domain_fp, dname, strlen(dname)); 11890Sstevel@tonic-gate (void) write(domain_fp, "\n", 1); 11900Sstevel@tonic-gate (void) close(domain_fp); 11910Sstevel@tonic-gate 11920Sstevel@tonic-gate retcode = start_services(START_INIT); 11930Sstevel@tonic-gate 11940Sstevel@tonic-gate if (retcode == CLIENT_SUCCESS) { 11950Sstevel@tonic-gate CLIENT_FPUTS(gettext("System successfully configured\n"), 11960Sstevel@tonic-gate stderr); 11970Sstevel@tonic-gate } else { 11980Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error resetting system.\n" 11990Sstevel@tonic-gate "Recovering old system settings.\n"), stderr), 12000Sstevel@tonic-gate 12010Sstevel@tonic-gate /* stop any started services for recover */ 12020Sstevel@tonic-gate /* don't stomp on history of saved services state */ 12030Sstevel@tonic-gate reset_ret = stop_services(STATE_NOSAVE); 12040Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 12050Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 12060Sstevel@tonic-gate "stopping services during reset\n"), 12070Sstevel@tonic-gate reset_ret); 12080Sstevel@tonic-gate /* Coninue and try to recover what we can */ 12090Sstevel@tonic-gate } 12100Sstevel@tonic-gate reset_ret = mod_recover(); 12110Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 12120Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 12130Sstevel@tonic-gate "recovering service files during " 12140Sstevel@tonic-gate "reset\n"), reset_ret); 12150Sstevel@tonic-gate /* Continue and start what we can */ 12160Sstevel@tonic-gate } 12170Sstevel@tonic-gate reset_ret = start_services(START_RESET); 12180Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 12190Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 12200Sstevel@tonic-gate "starting services during reset\n"), 12210Sstevel@tonic-gate reset_ret); 12220Sstevel@tonic-gate } 12230Sstevel@tonic-gate } 12240Sstevel@tonic-gate 12250Sstevel@tonic-gate /* Cleanup temporary files created by mod_backup() */ 12260Sstevel@tonic-gate mod_cleanup(); 12270Sstevel@tonic-gate 12280Sstevel@tonic-gate return (retcode); 12290Sstevel@tonic-gate } 12300Sstevel@tonic-gate 12310Sstevel@tonic-gate 12320Sstevel@tonic-gate /* 12330Sstevel@tonic-gate * The following macro is used to check if an arg has already been set 12340Sstevel@tonic-gate * and issues an error message, a usage message and then returns an error. 12350Sstevel@tonic-gate * This was made into a macro to avoid the duplication of this code many 12360Sstevel@tonic-gate * times in the function below. 12370Sstevel@tonic-gate */ 12380Sstevel@tonic-gate #define LDAP_CHECK_INVALID(arg, param) \ 12390Sstevel@tonic-gate if (arg) { \ 12400Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Invalid parameter (%s) " \ 12410Sstevel@tonic-gate "specified\n"), param); \ 12420Sstevel@tonic-gate usage(); \ 12430Sstevel@tonic-gate return (CLIENT_ERR_FAIL); \ 12440Sstevel@tonic-gate } 12450Sstevel@tonic-gate 12460Sstevel@tonic-gate static int 12470Sstevel@tonic-gate client_genProfile(clientopts_t *arglist) 12480Sstevel@tonic-gate { 12490Sstevel@tonic-gate int counter; 12500Sstevel@tonic-gate int retcode; /* required for LDAP_SET_PARAM macro */ 12510Sstevel@tonic-gate ns_ldap_error_t *errorp; 12520Sstevel@tonic-gate 12530Sstevel@tonic-gate if (mode_verbose) 12540Sstevel@tonic-gate CLIENT_FPUTS(gettext("About to generate a profile\n"), stderr); 12550Sstevel@tonic-gate 12560Sstevel@tonic-gate /* *** Check for invalid args *** */ 12570Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->proxyDN, "proxyDN"); 12580Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->proxyPassword, "proxyPassword"); 12590Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->certificatePath, "certificatePath"); 12600Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->domainName, "domainName"); 12610Sstevel@tonic-gate /* *** End check for invalid args *** */ 12620Sstevel@tonic-gate 12630Sstevel@tonic-gate if (arglist->profileName == NULL) { 12640Sstevel@tonic-gate if (mode_verbose) 12650Sstevel@tonic-gate CLIENT_FPUTS( 12660Sstevel@tonic-gate gettext("No profile specified. " 12670Sstevel@tonic-gate "Using \"default\"\n"), 12680Sstevel@tonic-gate stderr); 12690Sstevel@tonic-gate arglist->profileName = "default"; 12700Sstevel@tonic-gate } 12710Sstevel@tonic-gate 12720Sstevel@tonic-gate __ns_ldap_setServer(TRUE); 12730Sstevel@tonic-gate __ns_ldap_default_config(); 12740Sstevel@tonic-gate 12750Sstevel@tonic-gate /* Set version to latest (not version 1) */ 12760Sstevel@tonic-gate LDAP_SET_PARAM(NS_LDAP_VERSION, NS_LDAP_FILE_VERSION_P); 12770Sstevel@tonic-gate 12780Sstevel@tonic-gate /* Set additional valid params from command line */ 12790Sstevel@tonic-gate LDAP_SET_PARAM(arglist->authenticationMethod, NS_LDAP_AUTH_P); 12800Sstevel@tonic-gate LDAP_SET_PARAM(arglist->defaultSearchBase, NS_LDAP_SEARCH_BASEDN_P); 12810Sstevel@tonic-gate LDAP_SET_PARAM(arglist->credentialLevel, NS_LDAP_CREDENTIAL_LEVEL_P); 12820Sstevel@tonic-gate LDAP_SET_PARAM(arglist->profileTTL, NS_LDAP_CACHETTL_P); 12830Sstevel@tonic-gate LDAP_SET_PARAM(arglist->searchTimeLimit, NS_LDAP_SEARCH_TIME_P); 12840Sstevel@tonic-gate LDAP_SET_PARAM(arglist->preferredServerList, NS_LDAP_SERVER_PREF_P); 12850Sstevel@tonic-gate LDAP_SET_PARAM(arglist->profileName, NS_LDAP_PROFILE_P); 12860Sstevel@tonic-gate LDAP_SET_PARAM(arglist->followReferrals, NS_LDAP_SEARCH_REF_P); 12870Sstevel@tonic-gate LDAP_SET_PARAM(arglist->defaultSearchScope, NS_LDAP_SEARCH_SCOPE_P); 12880Sstevel@tonic-gate LDAP_SET_PARAM(arglist->bindTimeLimit, NS_LDAP_BIND_TIME_P); 12890Sstevel@tonic-gate LDAP_SET_PARAM(arglist->defaultServerList, NS_LDAP_SERVERS_P); 12900Sstevel@tonic-gate 12910Sstevel@tonic-gate for (counter = 0; 12920Sstevel@tonic-gate counter < arglist->serviceAuthenticationMethod->count; 12930Sstevel@tonic-gate counter++) { 12940Sstevel@tonic-gate 12950Sstevel@tonic-gate LDAP_SET_PARAM( 12960Sstevel@tonic-gate arglist->serviceAuthenticationMethod->optlist[counter], 12970Sstevel@tonic-gate NS_LDAP_SERVICE_AUTH_METHOD_P); 12980Sstevel@tonic-gate } 12990Sstevel@tonic-gate for (counter = 0; 13000Sstevel@tonic-gate counter < arglist->serviceCredentialLevel->count; 13010Sstevel@tonic-gate counter++) { 13020Sstevel@tonic-gate 13030Sstevel@tonic-gate LDAP_SET_PARAM( 13040Sstevel@tonic-gate arglist->serviceCredentialLevel->optlist[counter], 13050Sstevel@tonic-gate NS_LDAP_SERVICE_CRED_LEVEL_P); 13060Sstevel@tonic-gate } 13070Sstevel@tonic-gate for (counter = 0; 13080Sstevel@tonic-gate counter < arglist->objectclassMap->count; 13090Sstevel@tonic-gate counter++) { 13100Sstevel@tonic-gate 13110Sstevel@tonic-gate LDAP_SET_PARAM( 13120Sstevel@tonic-gate arglist->objectclassMap->optlist[counter], 13130Sstevel@tonic-gate NS_LDAP_OBJECTCLASSMAP_P); 13140Sstevel@tonic-gate } 13150Sstevel@tonic-gate for (counter = 0; 13160Sstevel@tonic-gate counter < arglist->attributeMap->count; 13170Sstevel@tonic-gate counter++) { 13180Sstevel@tonic-gate 13190Sstevel@tonic-gate LDAP_SET_PARAM( 13200Sstevel@tonic-gate arglist->attributeMap->optlist[counter], 13210Sstevel@tonic-gate NS_LDAP_ATTRIBUTEMAP_P); 13220Sstevel@tonic-gate } 13230Sstevel@tonic-gate for (counter = 0; 13240Sstevel@tonic-gate counter < arglist->serviceSearchDescriptor->count; 13250Sstevel@tonic-gate counter++) { 13260Sstevel@tonic-gate 13270Sstevel@tonic-gate LDAP_SET_PARAM( 13280Sstevel@tonic-gate arglist->serviceSearchDescriptor->optlist[counter], 13290Sstevel@tonic-gate NS_LDAP_SERVICE_SEARCH_DESC_P); 13300Sstevel@tonic-gate } 13310Sstevel@tonic-gate 13320Sstevel@tonic-gate if (!is_config_ok(arglist, B_FALSE)) { 13330Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 13340Sstevel@tonic-gate gettext("WARNING: some clients do not support an LDAP " 13350Sstevel@tonic-gate "port with tls\n")); 13360Sstevel@tonic-gate } 13370Sstevel@tonic-gate 13380Sstevel@tonic-gate errorp = __ns_ldap_DumpLdif(NULL); 13390Sstevel@tonic-gate if (errorp != NULL) { 13400Sstevel@tonic-gate CLIENT_FPUTS(errorp->message, stderr); 13410Sstevel@tonic-gate CLIENT_FPUTC('\n', stderr); 13420Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp); 13430Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 13440Sstevel@tonic-gate } 13450Sstevel@tonic-gate 13460Sstevel@tonic-gate return (CLIENT_SUCCESS); 13470Sstevel@tonic-gate } 13480Sstevel@tonic-gate 13490Sstevel@tonic-gate static int 13500Sstevel@tonic-gate client_init(clientopts_t *arglist) 13510Sstevel@tonic-gate { 13520Sstevel@tonic-gate int profile_fp; 13530Sstevel@tonic-gate int retcode = CLIENT_SUCCESS; 13540Sstevel@tonic-gate char *nisBaseDN = NULL; 13550Sstevel@tonic-gate ns_ldap_error_t *errorp; 13560Sstevel@tonic-gate int reset_ret; 13570Sstevel@tonic-gate int ret_copy; 13580Sstevel@tonic-gate 13590Sstevel@tonic-gate if (mode_verbose) 13600Sstevel@tonic-gate CLIENT_FPUTS( 13610Sstevel@tonic-gate gettext("About to configure machine by downloading " 13620Sstevel@tonic-gate "a profile\n"), 13630Sstevel@tonic-gate stderr); 13640Sstevel@tonic-gate 13650Sstevel@tonic-gate if (dname == NULL) { 13660Sstevel@tonic-gate CLIENT_FPUTS( 13670Sstevel@tonic-gate gettext("Init failed: System domain not set and " 13680Sstevel@tonic-gate "no domainName specified.\n"), 13690Sstevel@tonic-gate stderr); 13700Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 13710Sstevel@tonic-gate } 13720Sstevel@tonic-gate 13730Sstevel@tonic-gate if (!arglist->defaultServerList) { 13740Sstevel@tonic-gate CLIENT_FPUTS(gettext("Missing LDAP server address\n"), stderr); 13750Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 13760Sstevel@tonic-gate } 13770Sstevel@tonic-gate 13780Sstevel@tonic-gate /* *** Check for invalid args *** */ 13790Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->authenticationMethod, 13800Sstevel@tonic-gate "authenticationMethod"); 13810Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->defaultSearchBase, 13820Sstevel@tonic-gate "defaultSearchBase"); 13830Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->credentialLevel, 13840Sstevel@tonic-gate "credentialLevel"); 13850Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->profileTTL, 13860Sstevel@tonic-gate "profileTTL"); 13870Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->searchTimeLimit, 13880Sstevel@tonic-gate "searchTimeLimit"); 13890Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->preferredServerList, 13900Sstevel@tonic-gate "preferredServerList"); 13910Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->followReferrals, 13920Sstevel@tonic-gate "followReferrals"); 13930Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->defaultSearchScope, 13940Sstevel@tonic-gate "defaultSearchScope"); 13950Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->bindTimeLimit, 13960Sstevel@tonic-gate "bindTimeLimit"); 13970Sstevel@tonic-gate 13980Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->objectclassMap->count, 13990Sstevel@tonic-gate "objectclassMap"); 14000Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->attributeMap->count, 14010Sstevel@tonic-gate "attributeMap"); 14020Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->serviceAuthenticationMethod->count, 14030Sstevel@tonic-gate "serviceAuthenticationMethod"); 14040Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->serviceCredentialLevel->count, 14050Sstevel@tonic-gate "serviceCredentialLevel"); 14060Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->serviceSearchDescriptor->count, 14070Sstevel@tonic-gate "serviceSearchDescriptor"); 14080Sstevel@tonic-gate /* *** End check for invalid args *** */ 14090Sstevel@tonic-gate 14100Sstevel@tonic-gate __ns_ldap_setServer(TRUE); 14110Sstevel@tonic-gate 14120Sstevel@tonic-gate if (arglist->profileName == NULL) { 14130Sstevel@tonic-gate if (mode_verbose) 14140Sstevel@tonic-gate CLIENT_FPUTS( 14150Sstevel@tonic-gate gettext("No profile specified. " 14160Sstevel@tonic-gate "Using \"default\"\n"), 14170Sstevel@tonic-gate stderr); 14180Sstevel@tonic-gate arglist->profileName = "default"; 14190Sstevel@tonic-gate } 14200Sstevel@tonic-gate 14210Sstevel@tonic-gate /* need to free nisBaseDN */ 14220Sstevel@tonic-gate nisBaseDN = findBaseDN(arglist->defaultServerList); 14230Sstevel@tonic-gate if (nisBaseDN == NULL) { 14240Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 14250Sstevel@tonic-gate gettext("Failed to find defaultSearchBase for " 14260Sstevel@tonic-gate "domain %s\n"), 14270Sstevel@tonic-gate dname); 14280Sstevel@tonic-gate 14290Sstevel@tonic-gate if (gStartLdap == START_RESET) 14300Sstevel@tonic-gate (void) start_service(LDAP_FMRI, B_TRUE); 14310Sstevel@tonic-gate 14320Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 14330Sstevel@tonic-gate } 14340Sstevel@tonic-gate retcode = __ns_ldap_setParam( 14350Sstevel@tonic-gate NS_LDAP_SEARCH_BASEDN_P, 14360Sstevel@tonic-gate (void *)nisBaseDN, 14370Sstevel@tonic-gate &errorp); 14380Sstevel@tonic-gate if (retcode != 0) { 14390Sstevel@tonic-gate CLIENT_FPUTS( 14400Sstevel@tonic-gate gettext("Unable to set search baseDN.\n"), stderr); 14410Sstevel@tonic-gate /* non-fatal */ 14420Sstevel@tonic-gate } 14430Sstevel@tonic-gate 14440Sstevel@tonic-gate LDAP_SET_PARAM(arglist->defaultServerList, NS_LDAP_SERVERS_P); 14450Sstevel@tonic-gate if (retcode != 0) { 14460Sstevel@tonic-gate CLIENT_FPUTS( 14470Sstevel@tonic-gate gettext("Unable to set server address.\n"), stderr); 14480Sstevel@tonic-gate /* non-fatal */ 14490Sstevel@tonic-gate } 14500Sstevel@tonic-gate 14510Sstevel@tonic-gate /* Get and set profile params */ 14520Sstevel@tonic-gate retcode = __ns_ldap_download( 1453*2830Sdjl (const char *)arglist->profileName, 14540Sstevel@tonic-gate arglist->defaultServerList, 14550Sstevel@tonic-gate nisBaseDN, 14560Sstevel@tonic-gate &errorp); 14570Sstevel@tonic-gate if (retcode != NS_LDAP_SUCCESS) { 14580Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 14590Sstevel@tonic-gate gettext("The download of the profile failed.\n")); 14600Sstevel@tonic-gate if (errorp != NULL) { 14610Sstevel@tonic-gate CLIENT_FPRINTF(stderr, "%s\n", errorp->message); 14620Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp); 14630Sstevel@tonic-gate } else if (retcode == NS_LDAP_NOTFOUND) { 14640Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 14650Sstevel@tonic-gate gettext("Could not read the profile '%s'.\n" 14660Sstevel@tonic-gate "Perhaps it does not exist or you don't " 14670Sstevel@tonic-gate "have sufficient rights to read it.\n"), 14680Sstevel@tonic-gate arglist->profileName); 14690Sstevel@tonic-gate } 14700Sstevel@tonic-gate 14710Sstevel@tonic-gate if (gStartLdap == START_RESET) 14720Sstevel@tonic-gate (void) start_service(LDAP_FMRI, B_TRUE); 14730Sstevel@tonic-gate 14740Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 14750Sstevel@tonic-gate } 14760Sstevel@tonic-gate 14770Sstevel@tonic-gate /* Set additional valid params from command line */ 14780Sstevel@tonic-gate /* note that the domainName is not used in setParam */ 14790Sstevel@tonic-gate LDAP_SET_PARAM(arglist->proxyDN, NS_LDAP_BINDDN_P); 14800Sstevel@tonic-gate if (retcode != 0) { 14810Sstevel@tonic-gate CLIENT_FPUTS(gettext("setParam proxyDN failed.\n"), stderr); 14820Sstevel@tonic-gate /* non-fatal */ 14830Sstevel@tonic-gate } 14840Sstevel@tonic-gate LDAP_SET_PARAM(arglist->proxyPassword, NS_LDAP_BINDPASSWD_P); 14850Sstevel@tonic-gate if (retcode != 0) { 14860Sstevel@tonic-gate CLIENT_FPUTS( 14870Sstevel@tonic-gate gettext("setParam proxyPassword failed.\n"), stderr); 14880Sstevel@tonic-gate /* non-fatal */ 14890Sstevel@tonic-gate } 14900Sstevel@tonic-gate LDAP_SET_PARAM(arglist->certificatePath, NS_LDAP_HOST_CERTPATH_P); 14910Sstevel@tonic-gate 14920Sstevel@tonic-gate retcode = credCheck(arglist); 14930Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 14940Sstevel@tonic-gate CLIENT_FPUTS( 14950Sstevel@tonic-gate gettext("Error in setting up credentials\n"), stderr); 14960Sstevel@tonic-gate 14970Sstevel@tonic-gate if (gStartLdap == START_RESET) 14980Sstevel@tonic-gate (void) start_service(LDAP_FMRI, B_TRUE); 14990Sstevel@tonic-gate 15000Sstevel@tonic-gate return (retcode); 15010Sstevel@tonic-gate } 15020Sstevel@tonic-gate 15030Sstevel@tonic-gate if (mode_verbose) 15040Sstevel@tonic-gate CLIENT_FPUTS( 15050Sstevel@tonic-gate gettext("About to modify this machines configuration " 15060Sstevel@tonic-gate "by writing the files\n"), 15070Sstevel@tonic-gate stderr); 15080Sstevel@tonic-gate 15090Sstevel@tonic-gate /* get ready to start playing with files */ 15100Sstevel@tonic-gate retcode = stop_services(STATE_SAVE); 15110Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 15120Sstevel@tonic-gate CLIENT_FPUTS( 15130Sstevel@tonic-gate gettext("Errors stopping network services.\n"), stderr); 15140Sstevel@tonic-gate 15150Sstevel@tonic-gate if (gStartLdap == START_RESET) 15160Sstevel@tonic-gate (void) start_service(LDAP_FMRI, B_TRUE); 15170Sstevel@tonic-gate 15180Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 15190Sstevel@tonic-gate } 15200Sstevel@tonic-gate 15210Sstevel@tonic-gate /* Save orig versions of files */ 15220Sstevel@tonic-gate retcode = file_backup(); 15230Sstevel@tonic-gate if (retcode == CLIENT_ERR_RESTORE) { 15240Sstevel@tonic-gate CLIENT_FPUTS( 15250Sstevel@tonic-gate gettext("System not in state to enable ldap client.\n"), 15260Sstevel@tonic-gate stderr); 15270Sstevel@tonic-gate 15280Sstevel@tonic-gate return (retcode); 15290Sstevel@tonic-gate 15300Sstevel@tonic-gate } else if (retcode != CLIENT_SUCCESS) { 15310Sstevel@tonic-gate CLIENT_FPUTS( 15320Sstevel@tonic-gate gettext("Save of system configuration failed. " 15330Sstevel@tonic-gate "Attempting recovery.\n"), 15340Sstevel@tonic-gate stderr); 15350Sstevel@tonic-gate retcode = recover(STATE_NOSAVE); 15360Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 15370Sstevel@tonic-gate CLIENT_FPUTS( 15380Sstevel@tonic-gate gettext("Recovery of systems configuration " 15390Sstevel@tonic-gate "failed. Manual intervention of " 15400Sstevel@tonic-gate "config files is required.\n"), 15410Sstevel@tonic-gate stderr); 15420Sstevel@tonic-gate } 15430Sstevel@tonic-gate 15440Sstevel@tonic-gate reset_ret = start_services(START_RESET); 15450Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 15460Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 15470Sstevel@tonic-gate "starting services during reset\n"), 15480Sstevel@tonic-gate reset_ret); 15490Sstevel@tonic-gate } 15500Sstevel@tonic-gate 15510Sstevel@tonic-gate return (retcode); 15520Sstevel@tonic-gate } 15530Sstevel@tonic-gate 15540Sstevel@tonic-gate /* Dump new files */ 15550Sstevel@tonic-gate errorp = __ns_ldap_DumpConfiguration(NSCONFIGFILE); 15560Sstevel@tonic-gate if (NULL != errorp) { 15570Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 15580Sstevel@tonic-gate gettext("%s init: errorp is not NULL; %s\n"), 15590Sstevel@tonic-gate cmd, errorp->message); 15600Sstevel@tonic-gate retcode = recover(STATE_NOSAVE); 15610Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 15620Sstevel@tonic-gate CLIENT_FPUTS( 15630Sstevel@tonic-gate gettext("Recovery of systems configuration " 15640Sstevel@tonic-gate "failed. Manual intervention of " 15650Sstevel@tonic-gate "config files is required.\n"), 15660Sstevel@tonic-gate stderr); 15670Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 15680Sstevel@tonic-gate } 15690Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp); 15700Sstevel@tonic-gate reset_ret = start_services(START_RESET); 15710Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 15720Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 15730Sstevel@tonic-gate "starting services during reset\n"), 15740Sstevel@tonic-gate reset_ret); 15750Sstevel@tonic-gate } 15760Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 15770Sstevel@tonic-gate } 15780Sstevel@tonic-gate 15790Sstevel@tonic-gate /* if (credargs(arglist)) */ 15800Sstevel@tonic-gate errorp = __ns_ldap_DumpConfiguration(NSCREDFILE); 15810Sstevel@tonic-gate if (NULL != errorp) { 15820Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 15830Sstevel@tonic-gate gettext("%s init: errorp is not NULL; %s\n"), 15840Sstevel@tonic-gate cmd, errorp->message); 15850Sstevel@tonic-gate retcode = recover(STATE_NOSAVE); 15860Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 15870Sstevel@tonic-gate CLIENT_FPUTS( 15880Sstevel@tonic-gate gettext("Recovery of systems configuration " 15890Sstevel@tonic-gate "failed. Manual intervention of " 15900Sstevel@tonic-gate "config files is required.\n"), 15910Sstevel@tonic-gate stderr); 15920Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 15930Sstevel@tonic-gate } 15940Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp); 15950Sstevel@tonic-gate reset_ret = start_services(START_RESET); 15960Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 15970Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 15980Sstevel@tonic-gate "starting services during reset\n"), 15990Sstevel@tonic-gate reset_ret); 16000Sstevel@tonic-gate } 16010Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 16020Sstevel@tonic-gate } 16030Sstevel@tonic-gate 16040Sstevel@tonic-gate ret_copy = system(CMD_CP " " NSSWITCH_LDAP " " NSSWITCH_CONF); 16050Sstevel@tonic-gate if (ret_copy != 0) { 16060Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 16070Sstevel@tonic-gate gettext("Error %d copying (%s) -> (%s)\n"), 16080Sstevel@tonic-gate ret_copy, NSSWITCH_LDAP, NSSWITCH_CONF); 16090Sstevel@tonic-gate retcode = recover(STATE_NOSAVE); 16100Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 16110Sstevel@tonic-gate CLIENT_FPUTS( 16120Sstevel@tonic-gate gettext("Recovery of systems configuration " 16130Sstevel@tonic-gate "failed. Manual intervention of " 16140Sstevel@tonic-gate "config files is required.\n"), 16150Sstevel@tonic-gate stderr); 16160Sstevel@tonic-gate } 16170Sstevel@tonic-gate reset_ret = start_services(START_RESET); 16180Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 16190Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 16200Sstevel@tonic-gate "starting services during reset\n"), 16210Sstevel@tonic-gate reset_ret); 16220Sstevel@tonic-gate } 16230Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 16240Sstevel@tonic-gate } 16250Sstevel@tonic-gate 16260Sstevel@tonic-gate if ((profile_fp = open(DOMAINNAME, O_WRONLY|O_CREAT|O_TRUNC, 16270Sstevel@tonic-gate S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)) == -1) { /* 0644 */ 16280Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Cannot open %s\n"), DOMAINNAME); 16290Sstevel@tonic-gate retcode = recover(STATE_NOSAVE); 16300Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 16310Sstevel@tonic-gate CLIENT_FPUTS( 16320Sstevel@tonic-gate gettext("Recovery of systems configuration " 16330Sstevel@tonic-gate "failed. Manual intervention of " 16340Sstevel@tonic-gate "config files is required.\n"), 16350Sstevel@tonic-gate stderr); 16360Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 16370Sstevel@tonic-gate } 16380Sstevel@tonic-gate reset_ret = start_services(START_RESET); 16390Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 16400Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 16410Sstevel@tonic-gate "starting services during reset\n"), 16420Sstevel@tonic-gate reset_ret); 16430Sstevel@tonic-gate } 16440Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 16450Sstevel@tonic-gate } 16460Sstevel@tonic-gate (void) write(profile_fp, dname, strlen(dname)); 16470Sstevel@tonic-gate (void) write(profile_fp, "\n", 1); 16480Sstevel@tonic-gate (void) close(profile_fp); 16490Sstevel@tonic-gate 16500Sstevel@tonic-gate retcode = start_services(START_INIT); 16510Sstevel@tonic-gate 16520Sstevel@tonic-gate if (retcode == CLIENT_SUCCESS) { 16530Sstevel@tonic-gate CLIENT_FPUTS(gettext("System successfully configured\n"), 16540Sstevel@tonic-gate stderr); 16550Sstevel@tonic-gate } else { 16560Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error resetting system.\n" 16570Sstevel@tonic-gate "Recovering old system settings.\n"), stderr), 16580Sstevel@tonic-gate 16590Sstevel@tonic-gate /* stop any started services for recover */ 16600Sstevel@tonic-gate /* don't stomp on history of saved services state */ 16610Sstevel@tonic-gate reset_ret = stop_services(STATE_NOSAVE); 16620Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 16630Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 16640Sstevel@tonic-gate "stopping services during reset\n"), 16650Sstevel@tonic-gate reset_ret); 16660Sstevel@tonic-gate /* Coninue and try to recover what we can */ 16670Sstevel@tonic-gate } 16680Sstevel@tonic-gate reset_ret = recover(STATE_NOSAVE); 16690Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 16700Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 16710Sstevel@tonic-gate "recovering service files during " 16720Sstevel@tonic-gate "reset\n"), reset_ret); 16730Sstevel@tonic-gate /* Continue and start what we can */ 16740Sstevel@tonic-gate } 16750Sstevel@tonic-gate reset_ret = start_services(START_RESET); 16760Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) { 16770Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 16780Sstevel@tonic-gate "starting services during reset\n"), 16790Sstevel@tonic-gate reset_ret); 16800Sstevel@tonic-gate } 16810Sstevel@tonic-gate } 16820Sstevel@tonic-gate 16830Sstevel@tonic-gate return (retcode); 16840Sstevel@tonic-gate } 16850Sstevel@tonic-gate 16860Sstevel@tonic-gate 16870Sstevel@tonic-gate static void 16880Sstevel@tonic-gate usage(void) 16890Sstevel@tonic-gate { 16900Sstevel@tonic-gate if (mode_quiet) 16910Sstevel@tonic-gate return; 16920Sstevel@tonic-gate 16930Sstevel@tonic-gate if (gen == 0) { 16940Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 16950Sstevel@tonic-gate gettext("Usage: %s [-v | -q] init | manual | mod | " 16960Sstevel@tonic-gate "list | uninit [<args>]\n"), 16970Sstevel@tonic-gate cmd); 16980Sstevel@tonic-gate 16990Sstevel@tonic-gate CLIENT_FPUTS( 17000Sstevel@tonic-gate gettext("\nSet up a server or workstation as a " 17010Sstevel@tonic-gate "client of an LDAP namespace.\n"), 17020Sstevel@tonic-gate stderr); 17030Sstevel@tonic-gate } else { /* genprofile */ 17040Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 17050Sstevel@tonic-gate gettext("Usage: %s [-v | -q] genprofile " 17060Sstevel@tonic-gate "-a profileName=<name> " 17070Sstevel@tonic-gate "-a defaultSearchBase=<base> <args>\n"), 17080Sstevel@tonic-gate cmd); 17090Sstevel@tonic-gate 17100Sstevel@tonic-gate CLIENT_FPUTS( 17110Sstevel@tonic-gate gettext("\nGenerate a profile used to set up clients " 17120Sstevel@tonic-gate "of an LDAP namespace.\n"), 17130Sstevel@tonic-gate stderr); 17140Sstevel@tonic-gate } 17150Sstevel@tonic-gate CLIENT_FPUTS( 17160Sstevel@tonic-gate gettext("<args> take the form of \'-a attrName=attrVal\' as " 17170Sstevel@tonic-gate "described in the\n"), 17180Sstevel@tonic-gate stderr); 17190Sstevel@tonic-gate CLIENT_FPUTS(gettext("man page: ldapclient(1M)\n"), stderr); 17200Sstevel@tonic-gate } 17210Sstevel@tonic-gate 17220Sstevel@tonic-gate 17230Sstevel@tonic-gate /* 17240Sstevel@tonic-gate * stop_services is called to stop network services prior to their 17250Sstevel@tonic-gate * config files being moved/changed. In case a later recovery is needed 17260Sstevel@tonic-gate * (an error occurs during config), we detect whether the service is 17270Sstevel@tonic-gate * running and store that info so that a reset will only start services 17280Sstevel@tonic-gate * that were stopped here. 17290Sstevel@tonic-gate * 17300Sstevel@tonic-gate * In terms of SMF, this translates to disabling the services. So we 17310Sstevel@tonic-gate * try to disable them if they are in any other state 17320Sstevel@tonic-gate * 17330Sstevel@tonic-gate * Stop order : 17340Sstevel@tonic-gate * sendmail, nscd, autofs, ldap.client, nisd (rpc), inetinit(domainname) 17350Sstevel@tonic-gate */ 17360Sstevel@tonic-gate static int 17370Sstevel@tonic-gate stop_services(int saveState) 17380Sstevel@tonic-gate { 17390Sstevel@tonic-gate int ret; 17400Sstevel@tonic-gate 17410Sstevel@tonic-gate if (mode_verbose) { 17420Sstevel@tonic-gate CLIENT_FPUTS(gettext("Stopping network services\n"), stderr); 17430Sstevel@tonic-gate } 17440Sstevel@tonic-gate 17450Sstevel@tonic-gate if (!is_service(SENDMAIL_FMRI, SCF_STATE_STRING_DISABLED)) { 17460Sstevel@tonic-gate if (mode_verbose) 17470Sstevel@tonic-gate CLIENT_FPUTS(gettext("Stopping sendmail\n"), stderr); 17480Sstevel@tonic-gate ret = disable_service(SENDMAIL_FMRI, B_TRUE); 17490Sstevel@tonic-gate if (ret != CLIENT_SUCCESS) { 17500Sstevel@tonic-gate /* Not serious, but tell user what to do */ 17510Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Stopping sendmail " 17520Sstevel@tonic-gate "failed with (%d). You may need to restart " 17530Sstevel@tonic-gate "it manually for changes to take effect.\n"), 17540Sstevel@tonic-gate ret); 17550Sstevel@tonic-gate } else enableFlag |= SENDMAIL_ON; 17560Sstevel@tonic-gate } else { 17570Sstevel@tonic-gate if (mode_verbose) 17580Sstevel@tonic-gate CLIENT_FPUTS(gettext("sendmail not running\n"), stderr); 17590Sstevel@tonic-gate } 17600Sstevel@tonic-gate 17610Sstevel@tonic-gate if (!is_service(NSCD_FMRI, SCF_STATE_STRING_DISABLED)) { 17620Sstevel@tonic-gate if (mode_verbose) 17630Sstevel@tonic-gate CLIENT_FPUTS(gettext("Stopping nscd\n"), stderr); 17640Sstevel@tonic-gate ret = disable_service(NSCD_FMRI, B_TRUE); 17650Sstevel@tonic-gate if (ret != CLIENT_SUCCESS) { 17660Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Stopping nscd " 17670Sstevel@tonic-gate "failed with (%d)\n"), ret); 17680Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 17690Sstevel@tonic-gate } else enableFlag |= NSCD_ON; 17700Sstevel@tonic-gate } else { 17710Sstevel@tonic-gate if (mode_verbose) 17720Sstevel@tonic-gate CLIENT_FPUTS(gettext("nscd not running\n"), stderr); 17730Sstevel@tonic-gate } 17740Sstevel@tonic-gate 17750Sstevel@tonic-gate if (!is_service(AUTOFS_FMRI, SCF_STATE_STRING_DISABLED)) { 17760Sstevel@tonic-gate if (mode_verbose) 17770Sstevel@tonic-gate CLIENT_FPUTS(gettext("Stopping autofs\n"), stderr); 17780Sstevel@tonic-gate ret = disable_service(AUTOFS_FMRI, B_TRUE); 17790Sstevel@tonic-gate if (ret != CLIENT_SUCCESS) { 17800Sstevel@tonic-gate /* Not serious, but tell user what to do */ 17810Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Stopping autofs " 17820Sstevel@tonic-gate "failed with (%d). You may need to restart " 17830Sstevel@tonic-gate "it manually for changes to take effect.\n"), 17840Sstevel@tonic-gate ret); 17850Sstevel@tonic-gate } else enableFlag |= AUTOFS_ON; 17860Sstevel@tonic-gate } else { 17870Sstevel@tonic-gate if (mode_verbose) 17880Sstevel@tonic-gate CLIENT_FPUTS(gettext("autofs not running\n"), stderr); 17890Sstevel@tonic-gate } 17900Sstevel@tonic-gate 17910Sstevel@tonic-gate if (!is_service(LDAP_FMRI, SCF_STATE_STRING_DISABLED)) { 17920Sstevel@tonic-gate if (saveState) 17930Sstevel@tonic-gate gStartLdap = START_RESET; 17940Sstevel@tonic-gate if (mode_verbose) 17950Sstevel@tonic-gate CLIENT_FPUTS(gettext("Stopping ldap\n"), stderr); 17960Sstevel@tonic-gate ret = disable_service(LDAP_FMRI, B_TRUE); 17970Sstevel@tonic-gate if (ret != CLIENT_SUCCESS) { 17980Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Stopping ldap " 17990Sstevel@tonic-gate "failed with (%d)\n"), ret); 18000Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 18010Sstevel@tonic-gate } 18020Sstevel@tonic-gate } else { 18030Sstevel@tonic-gate if (mode_verbose) 18040Sstevel@tonic-gate CLIENT_FPUTS(gettext("ldap not running\n"), 18050Sstevel@tonic-gate stderr); 18060Sstevel@tonic-gate } 18070Sstevel@tonic-gate 18080Sstevel@tonic-gate if (!is_service(NISD_FMRI, SCF_STATE_STRING_DISABLED)) { 18090Sstevel@tonic-gate if (mode_verbose) 18100Sstevel@tonic-gate CLIENT_FPUTS(gettext("Stopping nisd\n"), stderr); 18110Sstevel@tonic-gate ret = disable_service(NISD_FMRI, B_TRUE); 18120Sstevel@tonic-gate if (ret != CLIENT_SUCCESS) { 18130Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Stopping nisd " 18140Sstevel@tonic-gate "failed with (%d)\n"), ret); 18150Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 18160Sstevel@tonic-gate } 18170Sstevel@tonic-gate } else { 18180Sstevel@tonic-gate if (mode_verbose) 18190Sstevel@tonic-gate CLIENT_FPUTS(gettext("nisd not running\n"), 18200Sstevel@tonic-gate stderr); 18210Sstevel@tonic-gate } 18220Sstevel@tonic-gate 18230Sstevel@tonic-gate if (!is_service(YP_FMRI, SCF_STATE_STRING_DISABLED)) { 18240Sstevel@tonic-gate if (saveState) 18250Sstevel@tonic-gate gStartYp = START_RESET; 18260Sstevel@tonic-gate if (mode_verbose) 18270Sstevel@tonic-gate CLIENT_FPUTS(gettext("Stopping nis(yp)\n"), stderr); 18280Sstevel@tonic-gate ret = disable_service(YP_FMRI, B_TRUE); 18290Sstevel@tonic-gate if (ret != 0) { 18300Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Stopping nis(yp) " 18310Sstevel@tonic-gate "failed with (%d)\n"), ret); 18320Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 18330Sstevel@tonic-gate } 18340Sstevel@tonic-gate } else { 18350Sstevel@tonic-gate if (mode_verbose) 18360Sstevel@tonic-gate CLIENT_FPUTS(gettext("nis(yp) not running\n"), 18370Sstevel@tonic-gate stderr); 18380Sstevel@tonic-gate } 18390Sstevel@tonic-gate 18400Sstevel@tonic-gate return (CLIENT_SUCCESS); 18410Sstevel@tonic-gate } 18420Sstevel@tonic-gate 18430Sstevel@tonic-gate /* 18440Sstevel@tonic-gate * start_services is called to start up network services after config 18450Sstevel@tonic-gate * files have all been setup or recovered. In the case of an error, the 18460Sstevel@tonic-gate * files will be recovered and start_services will be called with the 18470Sstevel@tonic-gate * "reset" flag set so that only those services that were earlier stopped 18480Sstevel@tonic-gate * will be started. If it is not a reset, then the services associated 18490Sstevel@tonic-gate * with files "recovered" will attempt to be started. 18500Sstevel@tonic-gate */ 18510Sstevel@tonic-gate static int 18520Sstevel@tonic-gate start_services(int flag) 18530Sstevel@tonic-gate { 1854*2830Sdjl int sysret, retcode = CLIENT_SUCCESS, rc = NS_LDAP_SUCCESS; 18550Sstevel@tonic-gate FILE *domain_fp; 18560Sstevel@tonic-gate char domainname[BUFSIZ]; 18570Sstevel@tonic-gate char cmd_domain_start[BUFSIZ]; 18580Sstevel@tonic-gate int domainlen; 1859*2830Sdjl ns_ldap_self_gssapi_config_t config = NS_LDAP_SELF_GSSAPI_CONFIG_NONE; 1860*2830Sdjl ns_ldap_error_t *errorp = NULL; 18610Sstevel@tonic-gate 18620Sstevel@tonic-gate if (mode_verbose) { 18630Sstevel@tonic-gate CLIENT_FPUTS(gettext("Starting network services\n"), stderr); 18640Sstevel@tonic-gate } 18650Sstevel@tonic-gate 18660Sstevel@tonic-gate /* Read in current defaultdomain so we can set it */ 18670Sstevel@tonic-gate domain_fp = fopen(DOMAINNAME, "r"); 18680Sstevel@tonic-gate if (domain_fp == NULL) { 18690Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error opening defaultdomain " 18700Sstevel@tonic-gate "(%d)\n"), errno); 18710Sstevel@tonic-gate /* if we did an ldap init, we must have domain */ 18720Sstevel@tonic-gate if (flag == START_INIT) 18730Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 18740Sstevel@tonic-gate } else { 18750Sstevel@tonic-gate if (fgets(domainname, BUFSIZ, domain_fp) == NULL) { 18760Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error reading defaultdomain\n"), 18770Sstevel@tonic-gate stderr); 18780Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 18790Sstevel@tonic-gate } 18800Sstevel@tonic-gate 18810Sstevel@tonic-gate if (fclose(domain_fp) != 0) { 18820Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 18830Sstevel@tonic-gate gettext("Error closing defaultdomain (%d)\n"), 18840Sstevel@tonic-gate errno); 18850Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 18860Sstevel@tonic-gate } 18870Sstevel@tonic-gate domainlen = strlen(domainname); 18880Sstevel@tonic-gate /* sanity check to make sure sprintf will fit */ 18890Sstevel@tonic-gate if (domainlen > (BUFSIZE - sizeof (CMD_DOMAIN_START) - 18900Sstevel@tonic-gate sizeof (TO_DEV_NULL) - 3)) { 18910Sstevel@tonic-gate CLIENT_FPUTS(gettext("Specified domainname is " 18920Sstevel@tonic-gate "too large\n"), stderr); 18930Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 18940Sstevel@tonic-gate } 18950Sstevel@tonic-gate if (domainname[domainlen-1] == '\n') 18960Sstevel@tonic-gate domainname[domainlen-1] = 0; 18970Sstevel@tonic-gate /* buffer size is checked above */ 1898*2830Sdjl (void) snprintf(cmd_domain_start, BUFSIZ, "%s %s %s", 1899*2830Sdjl CMD_DOMAIN_START, domainname, TO_DEV_NULL); 19000Sstevel@tonic-gate } 19010Sstevel@tonic-gate 19020Sstevel@tonic-gate /* 19030Sstevel@tonic-gate * We can be starting services after an init in which case 19040Sstevel@tonic-gate * we want to start ldap and not start yp or nis+. 19050Sstevel@tonic-gate */ 19060Sstevel@tonic-gate if (flag == START_INIT) { 19070Sstevel@tonic-gate sysret = system(cmd_domain_start); 19080Sstevel@tonic-gate if (mode_verbose) 19090Sstevel@tonic-gate CLIENT_FPRINTF(stderr, "start: %s %s... %s\n", 19100Sstevel@tonic-gate CMD_DOMAIN_START, domainname, 19110Sstevel@tonic-gate (sysret == 0) ? gettext("success") : 19120Sstevel@tonic-gate gettext("failed")); 19130Sstevel@tonic-gate if (sysret != 0) { 19140Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("\"%s\" returned: %d\n"), 19150Sstevel@tonic-gate CMD_DOMAIN_START, sysret); 19160Sstevel@tonic-gate 19170Sstevel@tonic-gate retcode = CLIENT_ERR_FAIL; 19180Sstevel@tonic-gate } 19190Sstevel@tonic-gate 1920*2830Sdjl if ((rc = __ns_ldap_self_gssapi_config(&config)) != 1921*2830Sdjl NS_LDAP_SUCCESS) { 1922*2830Sdjl CLIENT_FPRINTF(stderr, gettext("Error (%d) while " 1923*2830Sdjl "checking sasl/GSSAPI configuration\n"), 1924*2830Sdjl rc); 19250Sstevel@tonic-gate retcode = CLIENT_ERR_FAIL; 1926*2830Sdjl } 1927*2830Sdjl 1928*2830Sdjl if (config != NS_LDAP_SELF_GSSAPI_CONFIG_NONE) { 1929*2830Sdjl 1930*2830Sdjl rc = __ns_ldap_check_dns_preq( 1931*2830Sdjl 1, mode_verbose, mode_quiet, 1932*2830Sdjl NSSWITCH_LDAP, config, &errorp); 1933*2830Sdjl if (errorp) 1934*2830Sdjl (void) __ns_ldap_freeError(&errorp); 1935*2830Sdjl 1936*2830Sdjl if (rc != NS_LDAP_SUCCESS) 1937*2830Sdjl retcode = CLIENT_ERR_FAIL; 1938*2830Sdjl } 1939*2830Sdjl 1940*2830Sdjl if (rc == NS_LDAP_SUCCESS && 1941*2830Sdjl start_service(LDAP_FMRI, B_TRUE) != CLIENT_SUCCESS) 1942*2830Sdjl retcode = CLIENT_ERR_FAIL; 1943*2830Sdjl 1944*2830Sdjl if (config != NS_LDAP_SELF_GSSAPI_CONFIG_NONE && 1945*2830Sdjl rc == NS_LDAP_SUCCESS && retcode == CLIENT_SUCCESS) { 1946*2830Sdjl rc = __ns_ldap_check_gssapi_preq( 1947*2830Sdjl 1, mode_verbose, mode_quiet, config, 1948*2830Sdjl &errorp); 1949*2830Sdjl if (errorp) 1950*2830Sdjl (void) __ns_ldap_freeError(&errorp); 1951*2830Sdjl 1952*2830Sdjl if (rc != NS_LDAP_SUCCESS) 1953*2830Sdjl retcode = CLIENT_ERR_FAIL; 1954*2830Sdjl 1955*2830Sdjl } 19560Sstevel@tonic-gate /* No YP or NIS+ after init */ 19570Sstevel@tonic-gate /* 19580Sstevel@tonic-gate * Or we can be starting services after an uninit or error 19590Sstevel@tonic-gate * recovery. We want to start whatever services were running 19600Sstevel@tonic-gate * before. In the case of error recovery, it is the services 19610Sstevel@tonic-gate * that were running before we stopped them (flags set in 19620Sstevel@tonic-gate * stop_services). If it is an uninit then we determine 19630Sstevel@tonic-gate * which services to start based on the files we recovered 19640Sstevel@tonic-gate * (flags set in recover). 19650Sstevel@tonic-gate */ 19660Sstevel@tonic-gate } else { 19670Sstevel@tonic-gate /* uninit and recover should set flags of what to start */ 19680Sstevel@tonic-gate if (domain_fp) { 19690Sstevel@tonic-gate sysret = system(cmd_domain_start); 19700Sstevel@tonic-gate if (mode_verbose) 19710Sstevel@tonic-gate CLIENT_FPRINTF(stderr, "start: %s %s... %s\n", 19720Sstevel@tonic-gate CMD_DOMAIN_START, domainname, 19730Sstevel@tonic-gate (sysret == 0) ? gettext("success") : 19740Sstevel@tonic-gate gettext("failed")); 19750Sstevel@tonic-gate if (sysret != 0) { 19760Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("\"%s\" " 19770Sstevel@tonic-gate "returned: %d\n"), 19780Sstevel@tonic-gate CMD_DOMAIN_START, sysret); 19790Sstevel@tonic-gate 19800Sstevel@tonic-gate retcode = CLIENT_ERR_FAIL; 19810Sstevel@tonic-gate } 19820Sstevel@tonic-gate } 19830Sstevel@tonic-gate 19840Sstevel@tonic-gate if (gStartLdap == flag) { 19850Sstevel@tonic-gate if (!(is_service(LDAP_FMRI, SCF_STATE_STRING_ONLINE))) 19860Sstevel@tonic-gate if (start_service(LDAP_FMRI, B_TRUE) 19870Sstevel@tonic-gate != CLIENT_SUCCESS) 19880Sstevel@tonic-gate retcode = CLIENT_ERR_FAIL; 19890Sstevel@tonic-gate } 19900Sstevel@tonic-gate 19910Sstevel@tonic-gate if (gStartYp == flag) { 19920Sstevel@tonic-gate if (!(is_service(YP_FMRI, SCF_STATE_STRING_ONLINE))) 19930Sstevel@tonic-gate (void) start_service(YP_FMRI, B_TRUE); 19940Sstevel@tonic-gate } 19950Sstevel@tonic-gate 19960Sstevel@tonic-gate if (gStartNisd == flag) { 19970Sstevel@tonic-gate if (!(is_service(NISD_FMRI, SCF_STATE_STRING_ONLINE))) 19980Sstevel@tonic-gate (void) start_service(NISD_FMRI, B_TRUE); 19990Sstevel@tonic-gate } 20000Sstevel@tonic-gate 20010Sstevel@tonic-gate } 20020Sstevel@tonic-gate if ((enableFlag & AUTOFS_ON) && 20030Sstevel@tonic-gate !(is_service(AUTOFS_FMRI, SCF_STATE_STRING_ONLINE))) 20040Sstevel@tonic-gate (void) start_service(AUTOFS_FMRI, B_TRUE); 20050Sstevel@tonic-gate 20060Sstevel@tonic-gate if ((enableFlag & NSCD_ON) && 20070Sstevel@tonic-gate !(is_service(NSCD_FMRI, SCF_STATE_STRING_ONLINE))) 20080Sstevel@tonic-gate (void) start_service(NSCD_FMRI, B_TRUE); 20090Sstevel@tonic-gate 2010*2830Sdjl #if 0 2011*2830Sdjl if (flag == START_INIT && config != NS_LDAP_SELF_GSSAPI_CONFIG_NONE && 2012*2830Sdjl retcode == CLIENT_SUCCESS && 2013*2830Sdjl !(is_service(NSCD_FMRI, SCF_STATE_STRING_ONLINE))) { 2014*2830Sdjl CLIENT_FPRINTF(stderr, "start: %s\n", 2015*2830Sdjl gettext("self/sasl/GSSAPI is configured" 2016*2830Sdjl " but nscd is not online")); 2017*2830Sdjl retcode = CLIENT_ERR_FAIL; 2018*2830Sdjl } 2019*2830Sdjl #endif 2020*2830Sdjl 20210Sstevel@tonic-gate if ((enableFlag & SENDMAIL_ON) && 20220Sstevel@tonic-gate !(is_service(SENDMAIL_FMRI, SCF_STATE_STRING_ONLINE))) 20230Sstevel@tonic-gate (void) start_service(SENDMAIL_FMRI, B_TRUE); 20240Sstevel@tonic-gate 20250Sstevel@tonic-gate /* 20260Sstevel@tonic-gate * Restart name-service milestone so that any consumer 20270Sstevel@tonic-gate * which depends on it will be restarted. 20280Sstevel@tonic-gate */ 20290Sstevel@tonic-gate (void) restart_service(NS_MILESTONE_FMRI, B_TRUE); 20300Sstevel@tonic-gate return (retcode); 20310Sstevel@tonic-gate } 20320Sstevel@tonic-gate 20330Sstevel@tonic-gate /* 20340Sstevel@tonic-gate * credCheck is called to check if credentials are required for this 20350Sstevel@tonic-gate * configuration. Currently, this means that if any credentialLevel is 20360Sstevel@tonic-gate * proxy and any authenticationMethod is something other than none, then 20370Sstevel@tonic-gate * credential info is required (proxyDN and proxyPassword). 20380Sstevel@tonic-gate */ 20390Sstevel@tonic-gate static int 20400Sstevel@tonic-gate credCheck(clientopts_t *arglist) 20410Sstevel@tonic-gate { 20420Sstevel@tonic-gate int counter; 20430Sstevel@tonic-gate int **credLevel; 20440Sstevel@tonic-gate ns_auth_t **authMethod; 20450Sstevel@tonic-gate char **proxyDN, **proxyPassword; 20460Sstevel@tonic-gate ns_ldap_error_t *errorp; 20470Sstevel@tonic-gate int credProxy, authNotNone; 20480Sstevel@tonic-gate int retcode; 20490Sstevel@tonic-gate 20500Sstevel@tonic-gate /* If credentialLevel is proxy, make sure we have proxyDN and proxyPassword */ 20510Sstevel@tonic-gate retcode = __ns_ldap_getParam(NS_LDAP_CREDENTIAL_LEVEL_P, 20520Sstevel@tonic-gate (void ***)&credLevel, &errorp); 20530Sstevel@tonic-gate if (retcode != 0) { 20540Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 20550Sstevel@tonic-gate gettext("Error %d while trying to retrieve " 20560Sstevel@tonic-gate "credLevel\n"), 20570Sstevel@tonic-gate retcode); 20580Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 20590Sstevel@tonic-gate } 20600Sstevel@tonic-gate retcode = __ns_ldap_getParam(NS_LDAP_AUTH_P, 20610Sstevel@tonic-gate (void ***)&authMethod, &errorp); 20620Sstevel@tonic-gate if (retcode != 0) { 20630Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 20640Sstevel@tonic-gate gettext("Error %d while trying to retrieve " 20650Sstevel@tonic-gate "authMethod\n"), retcode); 20660Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 20670Sstevel@tonic-gate } 20680Sstevel@tonic-gate retcode = __ns_ldap_getParam(NS_LDAP_BINDDN_P, 20690Sstevel@tonic-gate (void ***)&proxyDN, &errorp); 20700Sstevel@tonic-gate if (retcode != 0) { 20710Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 20720Sstevel@tonic-gate gettext("Error %d while trying to retrieve proxyDN\n"), 20730Sstevel@tonic-gate retcode); 20740Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 20750Sstevel@tonic-gate } 20760Sstevel@tonic-gate retcode = __ns_ldap_getParam(NS_LDAP_BINDPASSWD_P, 20770Sstevel@tonic-gate (void ***)&proxyPassword, &errorp); 20780Sstevel@tonic-gate if (retcode != 0) { 20790Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 20800Sstevel@tonic-gate gettext("Error %d while trying to retrieve " 20810Sstevel@tonic-gate "proxyPassword\n"), retcode); 20820Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 20830Sstevel@tonic-gate } 20840Sstevel@tonic-gate 20850Sstevel@tonic-gate if (mode_verbose) { 20860Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 20870Sstevel@tonic-gate gettext("Proxy DN: %s\n"), 20880Sstevel@tonic-gate (proxyDN && proxyDN[0]) ? proxyDN[0] : "NULL"); 20890Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 20900Sstevel@tonic-gate gettext("Proxy password: %s\n"), 20910Sstevel@tonic-gate (proxyPassword && proxyPassword[0]) ? 20920Sstevel@tonic-gate proxyPassword[0] : "NULL"); 20930Sstevel@tonic-gate } 20940Sstevel@tonic-gate 20950Sstevel@tonic-gate credProxy = 0; /* flag to indicate if we have a credLevel of proxy */ 20960Sstevel@tonic-gate for (counter = 0; credLevel && credLevel[counter] != NULL; counter++) { 20970Sstevel@tonic-gate if (mode_verbose) 20980Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 20990Sstevel@tonic-gate gettext("Credential level: %d\n"), 21000Sstevel@tonic-gate *credLevel[counter]); 21010Sstevel@tonic-gate if (*credLevel[counter] == NS_LDAP_CRED_PROXY) { 21020Sstevel@tonic-gate credProxy = 1; 21030Sstevel@tonic-gate break; 21040Sstevel@tonic-gate } 21050Sstevel@tonic-gate } 21060Sstevel@tonic-gate 21070Sstevel@tonic-gate authNotNone = 0; /* flag for authMethod other than none */ 21080Sstevel@tonic-gate for (counter = 0; 21090Sstevel@tonic-gate authMethod && authMethod[counter] != NULL; 21100Sstevel@tonic-gate counter++) { 21110Sstevel@tonic-gate 21120Sstevel@tonic-gate if (mode_verbose) 21130Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 21140Sstevel@tonic-gate gettext("Authentication method: %d\n"), 21150Sstevel@tonic-gate authMethod[counter]->type); 21160Sstevel@tonic-gate if (authMethod[counter]->type != NS_LDAP_AUTH_NONE && 21170Sstevel@tonic-gate !(authMethod[counter]->type == NS_LDAP_AUTH_TLS && 21180Sstevel@tonic-gate authMethod[counter]->tlstype == NS_LDAP_TLS_NONE)) { 21190Sstevel@tonic-gate authNotNone = 1; 21200Sstevel@tonic-gate break; 21210Sstevel@tonic-gate } 21220Sstevel@tonic-gate } 21230Sstevel@tonic-gate 21240Sstevel@tonic-gate /* First, if we don't need proxyDN/Password then just return ok */ 21250Sstevel@tonic-gate if (!(credProxy && authNotNone)) { 21260Sstevel@tonic-gate if (mode_verbose) 21270Sstevel@tonic-gate CLIENT_FPUTS( 21280Sstevel@tonic-gate gettext("No proxyDN/proxyPassword required\n"), 21290Sstevel@tonic-gate stderr); 21300Sstevel@tonic-gate return (CLIENT_SUCCESS); 21310Sstevel@tonic-gate } 21320Sstevel@tonic-gate 21330Sstevel@tonic-gate /* Now let's check if we have the cred stuff we need */ 21340Sstevel@tonic-gate if (!proxyDN || !proxyDN[0]) { 21350Sstevel@tonic-gate CLIENT_FPUTS( 21360Sstevel@tonic-gate gettext("credentialLevel is proxy and no proxyDN " 21370Sstevel@tonic-gate "specified\n"), 21380Sstevel@tonic-gate stderr); 21390Sstevel@tonic-gate return (CLIENT_ERR_CREDENTIAL); 21400Sstevel@tonic-gate } 21410Sstevel@tonic-gate 21420Sstevel@tonic-gate /* If we need proxyPassword (prompt) */ 21430Sstevel@tonic-gate if (!proxyPassword || !proxyPassword[0]) { 21440Sstevel@tonic-gate CLIENT_FPUTS( 21450Sstevel@tonic-gate gettext("credentialLevel requires proxyPassword\n"), 21460Sstevel@tonic-gate stderr); 21470Sstevel@tonic-gate arglist->proxyPassword = getpassphrase("Proxy Bind Password:"); 21480Sstevel@tonic-gate if (arglist->proxyPassword == NULL) { 21490Sstevel@tonic-gate CLIENT_FPUTS(gettext("Get password failed\n"), stderr); 21500Sstevel@tonic-gate return (CLIENT_ERR_CREDENTIAL); 21510Sstevel@tonic-gate } 21520Sstevel@tonic-gate LDAP_SET_PARAM(arglist->proxyPassword, NS_LDAP_BINDPASSWD_P); 21530Sstevel@tonic-gate if (retcode != 0) { 21540Sstevel@tonic-gate CLIENT_FPUTS( 21550Sstevel@tonic-gate gettext("setParam proxyPassword failed.\n"), 21560Sstevel@tonic-gate stderr); 21570Sstevel@tonic-gate return (CLIENT_ERR_CREDENTIAL); 21580Sstevel@tonic-gate } 21590Sstevel@tonic-gate } 21600Sstevel@tonic-gate 21610Sstevel@tonic-gate return (CLIENT_SUCCESS); 21620Sstevel@tonic-gate } 21630Sstevel@tonic-gate 21640Sstevel@tonic-gate /* 21650Sstevel@tonic-gate * try to restore the previous name space on this machine 21660Sstevel@tonic-gate */ 21670Sstevel@tonic-gate static int 21680Sstevel@tonic-gate recover(int saveState) 21690Sstevel@tonic-gate { 21700Sstevel@tonic-gate struct stat buf; 21710Sstevel@tonic-gate int stat_ret, retcode, fd; 21720Sstevel@tonic-gate int domain = 0, domainlen; 21730Sstevel@tonic-gate char yp_dir[BUFSIZE], yp_dir_back[BUFSIZE]; 21740Sstevel@tonic-gate char name[BUFSIZ]; 21750Sstevel@tonic-gate char *ldap_conf_file, *ldap_cred_file; 21760Sstevel@tonic-gate char ldap_file_back[BUFSIZE], ldap_cred_back[BUFSIZE]; 21770Sstevel@tonic-gate 21780Sstevel@tonic-gate /* If running as Sysid Install become a no-op */ 21790Sstevel@tonic-gate if (sysid_install == B_TRUE) 21800Sstevel@tonic-gate return (CLIENT_SUCCESS); 21810Sstevel@tonic-gate 21820Sstevel@tonic-gate stat_ret = stat(LDAP_RESTORE_DIR, &buf); 21830Sstevel@tonic-gate if (stat_ret != 0) { 21840Sstevel@tonic-gate CLIENT_FPUTS( 21850Sstevel@tonic-gate gettext("Cannot recover. No backup files " 21860Sstevel@tonic-gate "found.\n"), 21870Sstevel@tonic-gate stderr); 21880Sstevel@tonic-gate CLIENT_FPUTS( 21890Sstevel@tonic-gate gettext("\t Either this machine was not initialized\n"), 21900Sstevel@tonic-gate stderr); 21910Sstevel@tonic-gate CLIENT_FPUTS( 21920Sstevel@tonic-gate gettext("\t by ldapclient or the backup files " 21930Sstevel@tonic-gate "have been\n"), 21940Sstevel@tonic-gate stderr); 21950Sstevel@tonic-gate CLIENT_FPUTS( 21960Sstevel@tonic-gate gettext("\t removed manually or with an \"uninit\"\n"), 21970Sstevel@tonic-gate stderr); 21980Sstevel@tonic-gate return (CLIENT_ERR_RESTORE); /* invalid backup */ 21990Sstevel@tonic-gate } 22000Sstevel@tonic-gate 22010Sstevel@tonic-gate /* 22020Sstevel@tonic-gate * Get domainname. Allow no domainname for the case where "files" 22030Sstevel@tonic-gate * config was backed up. 22040Sstevel@tonic-gate */ 22050Sstevel@tonic-gate stat_ret = stat(DOMAINNAME_BACK, &buf); 22060Sstevel@tonic-gate if (mode_verbose) 22070Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 22080Sstevel@tonic-gate gettext("recover: stat(%s)=%d\n"), 22090Sstevel@tonic-gate DOMAINNAME_BACK, stat_ret); 22100Sstevel@tonic-gate if (stat_ret == 0) { 22110Sstevel@tonic-gate if (mode_verbose) 22120Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 22130Sstevel@tonic-gate gettext("recover: open(%s)\n"), 22140Sstevel@tonic-gate DOMAINNAME_BACK); 22150Sstevel@tonic-gate fd = open(DOMAINNAME_BACK, O_RDONLY); 22160Sstevel@tonic-gate if (mode_verbose) 22170Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 22180Sstevel@tonic-gate gettext("recover: read(%s)\n"), 22190Sstevel@tonic-gate DOMAINNAME_BACK); 22200Sstevel@tonic-gate domainlen = read(fd, &(name[0]), BUFSIZ-1); 22210Sstevel@tonic-gate (void) close(fd); 22220Sstevel@tonic-gate if (domainlen < 0) { 22230Sstevel@tonic-gate CLIENT_FPUTS( 22240Sstevel@tonic-gate gettext("Cannot recover. Cannot determine " 22250Sstevel@tonic-gate "previous domain name.\n"), 22260Sstevel@tonic-gate stderr); 22270Sstevel@tonic-gate return (CLIENT_ERR_RESTORE); /* invalid backup */ 22280Sstevel@tonic-gate } else { 22290Sstevel@tonic-gate char *ptr; 22300Sstevel@tonic-gate 22310Sstevel@tonic-gate ptr = strchr(&(name[0]), '\n'); 22320Sstevel@tonic-gate if (ptr != NULL) 22330Sstevel@tonic-gate *ptr = '\0'; 22340Sstevel@tonic-gate else 22350Sstevel@tonic-gate name[domainlen] = '\0'; 22360Sstevel@tonic-gate 22370Sstevel@tonic-gate if (mode_verbose) 22380Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 22390Sstevel@tonic-gate gettext("recover: old domainname " 22400Sstevel@tonic-gate "\"%s\"\n"), name); 22410Sstevel@tonic-gate 22420Sstevel@tonic-gate if (strlen(name) == 0) 22430Sstevel@tonic-gate domain = 0; 22440Sstevel@tonic-gate else 22450Sstevel@tonic-gate domain = 1; /* flag that we have domain */ 22460Sstevel@tonic-gate 22470Sstevel@tonic-gate } 22480Sstevel@tonic-gate } 22490Sstevel@tonic-gate 22500Sstevel@tonic-gate 22510Sstevel@tonic-gate /* 22520Sstevel@tonic-gate * we can recover at this point 22530Sstevel@tonic-gate * remove LDAP config files before restore 22540Sstevel@tonic-gate */ 22550Sstevel@tonic-gate (void) unlink(NSCONFIGFILE); 22560Sstevel@tonic-gate (void) unlink(NSCREDFILE); 22570Sstevel@tonic-gate 22580Sstevel@tonic-gate ldap_conf_file = strrchr(NSCONFIGFILE, '/') + 1; 22590Sstevel@tonic-gate ldap_cred_file = strrchr(NSCREDFILE, '/') + 1; 22600Sstevel@tonic-gate 22610Sstevel@tonic-gate (void) strlcpy(ldap_file_back, LDAP_RESTORE_DIR "/", BUFSIZE); 22620Sstevel@tonic-gate (void) strlcat(ldap_file_back, ldap_conf_file, BUFSIZE); 22630Sstevel@tonic-gate 22640Sstevel@tonic-gate stat_ret = stat(ldap_file_back, &buf); 22650Sstevel@tonic-gate if (mode_verbose) 22660Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 22670Sstevel@tonic-gate gettext("recover: stat(%s)=%d\n"), 22680Sstevel@tonic-gate ldap_file_back, stat_ret); 22690Sstevel@tonic-gate if (stat_ret == 0) { 22700Sstevel@tonic-gate if (saveState) 22710Sstevel@tonic-gate gStartLdap = START_UNINIT; 22720Sstevel@tonic-gate retcode = file_move(ldap_file_back, NSCONFIGFILE); 22730Sstevel@tonic-gate if (mode_verbose) 22740Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 22750Sstevel@tonic-gate gettext("recover: file_move(%s, %s)=%d\n"), 22760Sstevel@tonic-gate ldap_file_back, NSCONFIGFILE, retcode); 22770Sstevel@tonic-gate if (retcode != 0) 22780Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 22790Sstevel@tonic-gate gettext("recover: file_move(%s, %s) failed\n"), 22800Sstevel@tonic-gate ldap_file_back, NSCONFIGFILE); 22810Sstevel@tonic-gate } 22820Sstevel@tonic-gate 22830Sstevel@tonic-gate (void) strlcpy(ldap_cred_back, LDAP_RESTORE_DIR "/", BUFSIZE); 22840Sstevel@tonic-gate (void) strlcat(ldap_cred_back, ldap_cred_file, BUFSIZE); 22850Sstevel@tonic-gate 22860Sstevel@tonic-gate stat_ret = stat(ldap_cred_back, &buf); 22870Sstevel@tonic-gate if (mode_verbose) 22880Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 22890Sstevel@tonic-gate gettext("recover: stat(%s)=%d\n"), 22900Sstevel@tonic-gate ldap_cred_back, stat_ret); 22910Sstevel@tonic-gate if (stat_ret == 0) { 22920Sstevel@tonic-gate retcode = file_move(ldap_cred_back, NSCREDFILE); 22930Sstevel@tonic-gate if (mode_verbose) 22940Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 22950Sstevel@tonic-gate gettext("recover: file_move(%s, %s)=%d\n"), 22960Sstevel@tonic-gate ldap_cred_back, NSCREDFILE, retcode); 22970Sstevel@tonic-gate if (retcode != 0) 22980Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 22990Sstevel@tonic-gate gettext("recover: file_move(%s, %s) failed\n"), 23000Sstevel@tonic-gate ldap_cred_back, NSCREDFILE); 23010Sstevel@tonic-gate } 23020Sstevel@tonic-gate 23030Sstevel@tonic-gate /* Check for recovery of NIS+ */ 23040Sstevel@tonic-gate stat_ret = stat(NIS_COLDSTART_BACK, &buf); 23050Sstevel@tonic-gate if (mode_verbose) 23060Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 23070Sstevel@tonic-gate gettext("recover: stat(%s)=%d\n"), 23080Sstevel@tonic-gate NIS_COLDSTART_BACK, stat_ret); 23090Sstevel@tonic-gate if (stat_ret == 0) { 23100Sstevel@tonic-gate if (saveState) { 23110Sstevel@tonic-gate gStartNisd = START_UNINIT; 23120Sstevel@tonic-gate } 23130Sstevel@tonic-gate if (mode_verbose) 23140Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 23150Sstevel@tonic-gate gettext("recover: file_move(%s, %s)\n"), 23160Sstevel@tonic-gate NIS_COLDSTART_BACK, NIS_COLDSTART); 23170Sstevel@tonic-gate retcode = file_move(NIS_COLDSTART_BACK, NIS_COLDSTART); 23180Sstevel@tonic-gate if (retcode != 0) 23190Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 23200Sstevel@tonic-gate gettext("recover: file_move(%s, %s) failed!\n"), 23210Sstevel@tonic-gate NIS_COLDSTART_BACK, NIS_COLDSTART); 23220Sstevel@tonic-gate } 23230Sstevel@tonic-gate 23240Sstevel@tonic-gate /* Check for recovery of NIS(YP) if we have a domainname */ 23250Sstevel@tonic-gate if (domain) { 23260Sstevel@tonic-gate /* "name" would have to be huge for this, but just in case */ 23270Sstevel@tonic-gate if (strlen(name) >= (BUFSIZE - strlen(LDAP_RESTORE_DIR))) 23280Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 23290Sstevel@tonic-gate if (strlen(name) >= (BUFSIZE - strlen(YP_BIND_DIR))) 23300Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 23310Sstevel@tonic-gate 23320Sstevel@tonic-gate (void) strlcpy(yp_dir_back, LDAP_RESTORE_DIR "/", BUFSIZE); 23330Sstevel@tonic-gate (void) strlcat(yp_dir_back, name, BUFSIZE); 23340Sstevel@tonic-gate stat_ret = stat(yp_dir_back, &buf); 23350Sstevel@tonic-gate if (mode_verbose) 23360Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 23370Sstevel@tonic-gate gettext("recover: stat(%s)=%d\n"), 23380Sstevel@tonic-gate yp_dir_back, stat_ret); 23390Sstevel@tonic-gate if (stat_ret == 0) { 23400Sstevel@tonic-gate (void) strlcpy(yp_dir, YP_BIND_DIR "/", BUFSIZE); 23410Sstevel@tonic-gate (void) strlcat(yp_dir, name, BUFSIZE); 23420Sstevel@tonic-gate retcode = file_move(yp_dir_back, yp_dir); 23430Sstevel@tonic-gate if (mode_verbose) 23440Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 23450Sstevel@tonic-gate gettext("recover: file_move(%s, " 23460Sstevel@tonic-gate "%s)=%d\n"), 23470Sstevel@tonic-gate yp_dir_back, yp_dir, retcode); 23480Sstevel@tonic-gate if (retcode != 0) { 23490Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 23500Sstevel@tonic-gate gettext("recover: file_move(%s, " 23510Sstevel@tonic-gate "%s) failed!\n"), 23520Sstevel@tonic-gate yp_dir_back, yp_dir); 23530Sstevel@tonic-gate } else { 23540Sstevel@tonic-gate if (saveState) 23550Sstevel@tonic-gate gStartYp = START_UNINIT; 23560Sstevel@tonic-gate } 23570Sstevel@tonic-gate } 23580Sstevel@tonic-gate } 23590Sstevel@tonic-gate 23600Sstevel@tonic-gate /* restore machine configuration */ 23610Sstevel@tonic-gate stat_ret = stat(NSSWITCH_BACK, &buf); 23620Sstevel@tonic-gate if (mode_verbose) 23630Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 23640Sstevel@tonic-gate gettext("recover: stat(%s)=%d\n"), 23650Sstevel@tonic-gate NSSWITCH_BACK, stat_ret); 23660Sstevel@tonic-gate if (stat_ret == 0) { 23670Sstevel@tonic-gate retcode = file_move(NSSWITCH_BACK, NSSWITCH_CONF); 23680Sstevel@tonic-gate if (mode_verbose) 23690Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 23700Sstevel@tonic-gate gettext("recover: file_move(%s, %s)=%d\n"), 23710Sstevel@tonic-gate NSSWITCH_BACK, NSSWITCH_CONF, retcode); 23720Sstevel@tonic-gate if (retcode != 0) 23730Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 23740Sstevel@tonic-gate gettext("recover: file_move(%s, %s) failed\n"), 23750Sstevel@tonic-gate NSSWITCH_BACK, NSSWITCH_CONF); 23760Sstevel@tonic-gate } 23770Sstevel@tonic-gate 23780Sstevel@tonic-gate stat_ret = stat(DOMAINNAME_BACK, &buf); 23790Sstevel@tonic-gate if (mode_verbose) 23800Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 23810Sstevel@tonic-gate gettext("recover: stat(%s)=%d\n"), 23820Sstevel@tonic-gate DOMAINNAME_BACK, stat_ret); 23830Sstevel@tonic-gate if (stat_ret == 0) { 23840Sstevel@tonic-gate retcode = file_move(DOMAINNAME_BACK, DOMAINNAME); 23850Sstevel@tonic-gate if (mode_verbose) 23860Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 23870Sstevel@tonic-gate gettext("recover: file_move(%s, %s)=%d\n"), 23880Sstevel@tonic-gate DOMAINNAME_BACK, DOMAINNAME, retcode); 23890Sstevel@tonic-gate if (retcode != 0) 23900Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 23910Sstevel@tonic-gate gettext("recover: file_move(%s, %s) failed\n"), 23920Sstevel@tonic-gate DOMAINNAME_BACK, DOMAINNAME); 23930Sstevel@tonic-gate } 23940Sstevel@tonic-gate 23950Sstevel@tonic-gate retcode = rmdir(LDAP_RESTORE_DIR); 23960Sstevel@tonic-gate if (retcode != 0) { 23970Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 23980Sstevel@tonic-gate gettext("Error removing \"%s\" directory.\n"), 23990Sstevel@tonic-gate LDAP_RESTORE_DIR); 24000Sstevel@tonic-gate } 24010Sstevel@tonic-gate 24020Sstevel@tonic-gate return (CLIENT_SUCCESS); 24030Sstevel@tonic-gate } 24040Sstevel@tonic-gate 24050Sstevel@tonic-gate /* 24060Sstevel@tonic-gate * try to save the current state of this machine. 24070Sstevel@tonic-gate * this just overwrites any old saved configration files. 24080Sstevel@tonic-gate * 24090Sstevel@tonic-gate * This function should only be called after network services have been stopped. 24100Sstevel@tonic-gate * 24110Sstevel@tonic-gate * Returns 0 on successful save 24120Sstevel@tonic-gate * Otherwise returns -1 24130Sstevel@tonic-gate */ 24140Sstevel@tonic-gate static int 24150Sstevel@tonic-gate file_backup(void) 24160Sstevel@tonic-gate { 24170Sstevel@tonic-gate struct stat buf; 24180Sstevel@tonic-gate int domain_stat, conf_stat, ldap_stat; 24190Sstevel@tonic-gate int nis_stat, yp_stat, restore_stat; 24200Sstevel@tonic-gate int retcode, namelen, ret; 24210Sstevel@tonic-gate char yp_dir[BUFSIZ], yp_dir_back[BUFSIZ]; 24220Sstevel@tonic-gate char name[BUFSIZ]; 24230Sstevel@tonic-gate char *ldap_conf_file, *ldap_cred_file; 24240Sstevel@tonic-gate char ldap_file_back[BUFSIZE], ldap_cred_back[BUFSIZE]; 24250Sstevel@tonic-gate 24260Sstevel@tonic-gate ret = CLIENT_SUCCESS; 24270Sstevel@tonic-gate /* If running as Sysid Install become a no-op */ 24280Sstevel@tonic-gate if (sysid_install == B_TRUE) 24290Sstevel@tonic-gate return (CLIENT_SUCCESS); 24300Sstevel@tonic-gate 24310Sstevel@tonic-gate /* If existing backup files, clear for this run */ 24320Sstevel@tonic-gate restore_stat = stat(LDAP_RESTORE_DIR, &buf); 24330Sstevel@tonic-gate if (restore_stat == 0) { 24340Sstevel@tonic-gate if (mode_verbose) { 24350Sstevel@tonic-gate CLIENT_FPUTS( 24360Sstevel@tonic-gate gettext("Removing existing restore " 24370Sstevel@tonic-gate "directory\n"), 24380Sstevel@tonic-gate stderr); 24390Sstevel@tonic-gate } 24400Sstevel@tonic-gate (void) system("/bin/rm -fr " LDAP_RESTORE_DIR); 24410Sstevel@tonic-gate restore_stat = stat(LDAP_RESTORE_DIR, &buf); 24420Sstevel@tonic-gate if (restore_stat == 0) { 24430Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 24440Sstevel@tonic-gate gettext("Unable to remove backup " 24450Sstevel@tonic-gate "directory (%s)\n"), 24460Sstevel@tonic-gate LDAP_RESTORE_DIR); 24470Sstevel@tonic-gate return (CLIENT_ERR_RESTORE); 24480Sstevel@tonic-gate } 24490Sstevel@tonic-gate } 24500Sstevel@tonic-gate 24510Sstevel@tonic-gate retcode = mkdir(LDAP_RESTORE_DIR, 0755); 24520Sstevel@tonic-gate if (retcode != 0) { 24530Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 24540Sstevel@tonic-gate gettext("file_backup: Failed to make %s backup " 24550Sstevel@tonic-gate "directory. mkdir=%d\n"), 24560Sstevel@tonic-gate LDAP_RESTORE_DIR, retcode); 24570Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 24580Sstevel@tonic-gate } 24590Sstevel@tonic-gate 24600Sstevel@tonic-gate conf_stat = stat(NSSWITCH_CONF, &buf); 24610Sstevel@tonic-gate if (mode_verbose) 24620Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 24630Sstevel@tonic-gate gettext("file_backup: stat(%s)=%d\n"), 24640Sstevel@tonic-gate NSSWITCH_CONF, conf_stat); 24650Sstevel@tonic-gate if (conf_stat == 0) { 24660Sstevel@tonic-gate if (mode_verbose) 24670Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 24680Sstevel@tonic-gate gettext("file_backup: (%s -> %s)\n"), 24690Sstevel@tonic-gate NSSWITCH_CONF, NSSWITCH_BACK); 24700Sstevel@tonic-gate retcode = file_move(NSSWITCH_CONF, NSSWITCH_BACK); 24710Sstevel@tonic-gate if (retcode != 0) { 24720Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 24730Sstevel@tonic-gate gettext("file_backup: file_move(%s, %s) failed " 24740Sstevel@tonic-gate "with %d\n"), 24750Sstevel@tonic-gate NSSWITCH_CONF, NSSWITCH_BACK, retcode); 24760Sstevel@tonic-gate ret = CLIENT_ERR_RENAME; 24770Sstevel@tonic-gate } 24780Sstevel@tonic-gate } else { 24790Sstevel@tonic-gate if (mode_verbose) 24800Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 24810Sstevel@tonic-gate gettext("file_backup: No %s file.\n"), 24820Sstevel@tonic-gate NSSWITCH_CONF); 24830Sstevel@tonic-gate } 24840Sstevel@tonic-gate 24850Sstevel@tonic-gate domain_stat = stat(DOMAINNAME, &buf); 24860Sstevel@tonic-gate if (mode_verbose) 24870Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 24880Sstevel@tonic-gate gettext("file_backup: stat(%s)=%d\n"), 24890Sstevel@tonic-gate DOMAINNAME, domain_stat); 24900Sstevel@tonic-gate if ((domain_stat == 0) && (buf.st_size > 0)) { 24910Sstevel@tonic-gate if (mode_verbose) 24920Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 24930Sstevel@tonic-gate gettext("file_backup: (%s -> %s)\n"), 24940Sstevel@tonic-gate DOMAINNAME, DOMAINNAME_BACK); 24950Sstevel@tonic-gate retcode = file_move(DOMAINNAME, DOMAINNAME_BACK); 24960Sstevel@tonic-gate if (retcode != 0) { 24970Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 24980Sstevel@tonic-gate gettext("file_backup: file_move(%s, %s) failed " 24990Sstevel@tonic-gate "with %d\n"), 25000Sstevel@tonic-gate DOMAINNAME, DOMAINNAME_BACK, retcode); 25010Sstevel@tonic-gate ret = CLIENT_ERR_RENAME; 25020Sstevel@tonic-gate } 25030Sstevel@tonic-gate } else { 25040Sstevel@tonic-gate if (mode_verbose) 25050Sstevel@tonic-gate if (domain_stat != 0) { 25060Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 25070Sstevel@tonic-gate gettext("file_backup: No %s file.\n"), 25080Sstevel@tonic-gate DOMAINNAME); 25090Sstevel@tonic-gate } else { 25100Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 25110Sstevel@tonic-gate gettext("file_backup: Empty %s " 25120Sstevel@tonic-gate "file.\n"), 25130Sstevel@tonic-gate DOMAINNAME); 25140Sstevel@tonic-gate } 25150Sstevel@tonic-gate } 25160Sstevel@tonic-gate 25170Sstevel@tonic-gate nis_stat = stat(NIS_COLDSTART, &buf); 25180Sstevel@tonic-gate if (mode_verbose) 25190Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 25200Sstevel@tonic-gate gettext("file_backup: stat(%s)=%d\n"), 25210Sstevel@tonic-gate NIS_COLDSTART, nis_stat); 25220Sstevel@tonic-gate if (nis_stat == 0) { 25230Sstevel@tonic-gate if (mode_verbose) 25240Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 25250Sstevel@tonic-gate gettext("file_backup: (%s -> %s)\n"), 25260Sstevel@tonic-gate NIS_COLDSTART, NIS_COLDSTART_BACK); 25270Sstevel@tonic-gate retcode = file_move(NIS_COLDSTART, NIS_COLDSTART_BACK); 25280Sstevel@tonic-gate if (retcode != 0) { 25290Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 25300Sstevel@tonic-gate gettext("file_backup: file_move(%s, %s) failed " 25310Sstevel@tonic-gate "with %d\n"), 25320Sstevel@tonic-gate NIS_COLDSTART, NIS_COLDSTART_BACK, retcode); 25330Sstevel@tonic-gate ret = CLIENT_ERR_RENAME; 25340Sstevel@tonic-gate } 25350Sstevel@tonic-gate } else { 25360Sstevel@tonic-gate if (mode_verbose) 25370Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 25380Sstevel@tonic-gate gettext("file_backup: No %s file.\n"), 25390Sstevel@tonic-gate NIS_COLDSTART); 25400Sstevel@tonic-gate } 25410Sstevel@tonic-gate 25420Sstevel@tonic-gate namelen = BUFSIZ; 25430Sstevel@tonic-gate (void) sysinfo(SI_SRPC_DOMAIN, &(name[0]), namelen); 25440Sstevel@tonic-gate namelen = strlen(name); 25450Sstevel@tonic-gate 25460Sstevel@tonic-gate if (mode_verbose) 25470Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 25480Sstevel@tonic-gate gettext("file_backup: nis domain is \"%s\"\n"), 25490Sstevel@tonic-gate (namelen > 0) ? name : "EMPTY"); 25500Sstevel@tonic-gate /* check for domain name if not set cannot save NIS(YP) state */ 25510Sstevel@tonic-gate if (namelen > 0) { 25520Sstevel@tonic-gate /* moving /var/yp/binding will cause ypbind to core dump */ 25530Sstevel@tonic-gate (void) strlcpy(yp_dir, YP_BIND_DIR "/", BUFSIZE); 25540Sstevel@tonic-gate (void) strlcat(yp_dir, name, BUFSIZE); 25550Sstevel@tonic-gate yp_stat = stat(yp_dir, &buf); 25560Sstevel@tonic-gate if (mode_verbose) 25570Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 25580Sstevel@tonic-gate gettext("file_backup: stat(%s)=%d\n"), 25590Sstevel@tonic-gate yp_dir, yp_stat); 25600Sstevel@tonic-gate if (yp_stat == 0) { 25610Sstevel@tonic-gate (void) strlcpy(yp_dir_back, LDAP_RESTORE_DIR "/", 25620Sstevel@tonic-gate BUFSIZE); 25630Sstevel@tonic-gate (void) strlcat(yp_dir_back, name, BUFSIZE); 25640Sstevel@tonic-gate if (mode_verbose) 25650Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 25660Sstevel@tonic-gate gettext("file_backup: (%s -> %s)\n"), 25670Sstevel@tonic-gate yp_dir, yp_dir_back); 25680Sstevel@tonic-gate retcode = file_move(yp_dir, yp_dir_back); 25690Sstevel@tonic-gate if (retcode != 0) { 25700Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 25710Sstevel@tonic-gate gettext("file_backup: file_move(%s, %s)" 25720Sstevel@tonic-gate " failed with %d\n"), 25730Sstevel@tonic-gate yp_dir, yp_dir_back, retcode); 25740Sstevel@tonic-gate ret = CLIENT_ERR_RENAME; 25750Sstevel@tonic-gate } 25760Sstevel@tonic-gate } else { 25770Sstevel@tonic-gate if (mode_verbose) 25780Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 25790Sstevel@tonic-gate gettext("file_backup: No %s " 25800Sstevel@tonic-gate "directory.\n"), yp_dir); 25810Sstevel@tonic-gate } 25820Sstevel@tonic-gate } 25830Sstevel@tonic-gate 25840Sstevel@tonic-gate 25850Sstevel@tonic-gate /* point to file name, not path delim (/) */ 25860Sstevel@tonic-gate ldap_conf_file = strrchr(NSCONFIGFILE, '/') + 1; 25870Sstevel@tonic-gate ldap_cred_file = strrchr(NSCREDFILE, '/') + 1; 25880Sstevel@tonic-gate 25890Sstevel@tonic-gate ldap_stat = stat(NSCONFIGFILE, &buf); 25900Sstevel@tonic-gate if (mode_verbose) 25910Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 25920Sstevel@tonic-gate gettext("file_backup: stat(%s)=%d\n"), 25930Sstevel@tonic-gate NSCONFIGFILE, ldap_stat); 25940Sstevel@tonic-gate if (ldap_stat == 0) { 25950Sstevel@tonic-gate (void) strlcpy(ldap_file_back, LDAP_RESTORE_DIR "/", BUFSIZE); 25960Sstevel@tonic-gate (void) strlcat(ldap_file_back, ldap_conf_file, BUFSIZE); 25970Sstevel@tonic-gate if (mode_verbose) 25980Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 25990Sstevel@tonic-gate gettext("file_backup: (%s -> %s)\n"), 26000Sstevel@tonic-gate NSCONFIGFILE, ldap_file_back); 26010Sstevel@tonic-gate retcode = file_move(NSCONFIGFILE, ldap_file_back); 26020Sstevel@tonic-gate if (retcode != 0) { 26030Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 26040Sstevel@tonic-gate gettext("file_backup: file_move(%s, %s) failed " 26050Sstevel@tonic-gate "with %d\n"), 26060Sstevel@tonic-gate NSCONFIGFILE, ldap_file_back, retcode); 26070Sstevel@tonic-gate ret = CLIENT_ERR_RENAME; 26080Sstevel@tonic-gate } 26090Sstevel@tonic-gate 26100Sstevel@tonic-gate (void) strlcpy(ldap_cred_back, LDAP_RESTORE_DIR "/", BUFSIZE); 26110Sstevel@tonic-gate (void) strlcat(ldap_cred_back, ldap_cred_file, BUFSIZE); 26120Sstevel@tonic-gate if (mode_verbose) 26130Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 26140Sstevel@tonic-gate gettext("file_backup: (%s -> %s)\n"), 26150Sstevel@tonic-gate NSCREDFILE, ldap_cred_back); 26160Sstevel@tonic-gate retcode = file_move(NSCREDFILE, ldap_cred_back); 26170Sstevel@tonic-gate if (retcode != 0) { 26180Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 26190Sstevel@tonic-gate gettext("file_backup: file_move(%s, %s) failed " 26200Sstevel@tonic-gate "with %d\n"), 26210Sstevel@tonic-gate NSCREDFILE, ldap_cred_back, retcode); 26220Sstevel@tonic-gate ret = CLIENT_ERR_RENAME; 26230Sstevel@tonic-gate } 26240Sstevel@tonic-gate } else { 26250Sstevel@tonic-gate if (mode_verbose) 26260Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 26270Sstevel@tonic-gate gettext("file_backup: No %s file.\n"), 26280Sstevel@tonic-gate NSCONFIGFILE); 26290Sstevel@tonic-gate } 26300Sstevel@tonic-gate 26310Sstevel@tonic-gate return (ret); 26320Sstevel@tonic-gate } 26330Sstevel@tonic-gate 26340Sstevel@tonic-gate /* 26350Sstevel@tonic-gate * mod_backup() 26360Sstevel@tonic-gate * 26370Sstevel@tonic-gate * This function is used to temporily backup the LDAP client files in /var/ldap 26380Sstevel@tonic-gate * that the "mod" operation needs to update. If an error occurs then the 26390Sstevel@tonic-gate * function mod_recover() can be invoke to recover the unmodified files. 26400Sstevel@tonic-gate */ 26410Sstevel@tonic-gate static int 26420Sstevel@tonic-gate mod_backup(void) 26430Sstevel@tonic-gate { 26440Sstevel@tonic-gate int rc; 26450Sstevel@tonic-gate int retcode = CLIENT_SUCCESS; 26460Sstevel@tonic-gate 26470Sstevel@tonic-gate rc = system(CMD_CP " " NSCONFIGFILE " " NSCONFIGFILE ".mod"); 26480Sstevel@tonic-gate retcode += rc; 26490Sstevel@tonic-gate if (mode_verbose) 26500Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 26510Sstevel@tonic-gate gettext("mod_backup: backup %s for %s\n"), 26520Sstevel@tonic-gate rc ? "failed" : "successful", NSCONFIGFILE); 26530Sstevel@tonic-gate 26540Sstevel@tonic-gate rc = system(CMD_CP " " NSCREDFILE " " NSCREDFILE ".mod"); 26550Sstevel@tonic-gate retcode += rc; 26560Sstevel@tonic-gate if (mode_verbose) 26570Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 26580Sstevel@tonic-gate gettext("mod_backup: backup %s for %s\n"), 26590Sstevel@tonic-gate rc ? "failed" : "successful", NSCREDFILE); 26600Sstevel@tonic-gate 26610Sstevel@tonic-gate rc = system(CMD_CP " " DOMAINNAME " " DOMAINNAME ".mod"); 26620Sstevel@tonic-gate retcode += rc; 26630Sstevel@tonic-gate if (mode_verbose) 26640Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 26650Sstevel@tonic-gate gettext("mod_backup: backup %s for %s\n"), 26660Sstevel@tonic-gate rc ? "failed" : "successful", DOMAINNAME); 26670Sstevel@tonic-gate 26680Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) 26690Sstevel@tonic-gate retcode = CLIENT_ERR_RENAME; 26700Sstevel@tonic-gate return (retcode); 26710Sstevel@tonic-gate } 26720Sstevel@tonic-gate 26730Sstevel@tonic-gate /* 26740Sstevel@tonic-gate * mod_recover() 26750Sstevel@tonic-gate * 26760Sstevel@tonic-gate * This function is used to recover the temporily backed up files by 26770Sstevel@tonic-gate * the mod_backup() function if an error occurs during the "mod" 26780Sstevel@tonic-gate * operation. 26790Sstevel@tonic-gate */ 26800Sstevel@tonic-gate static int 26810Sstevel@tonic-gate mod_recover(void) 26820Sstevel@tonic-gate { 26830Sstevel@tonic-gate int rc; 26840Sstevel@tonic-gate int retcode = CLIENT_SUCCESS; 26850Sstevel@tonic-gate 26860Sstevel@tonic-gate rc = system(CMD_MV " " NSCONFIGFILE ".mod " NSCONFIGFILE); 26870Sstevel@tonic-gate retcode += rc; 26880Sstevel@tonic-gate if (mode_verbose) 26890Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 26900Sstevel@tonic-gate gettext("mod_recover: recovery %s for %s\n"), 26910Sstevel@tonic-gate rc ? "failed" : "successful", NSCONFIGFILE); 26920Sstevel@tonic-gate 26930Sstevel@tonic-gate rc = system(CMD_MV " " NSCREDFILE ".mod " NSCREDFILE); 26940Sstevel@tonic-gate retcode += rc; 26950Sstevel@tonic-gate if (mode_verbose) 26960Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 26970Sstevel@tonic-gate gettext("mod_recover: recovery %s for %s\n"), 26980Sstevel@tonic-gate rc ? "failed" : "successful", NSCREDFILE); 26990Sstevel@tonic-gate 27000Sstevel@tonic-gate rc = system(CMD_MV " " DOMAINNAME ".mod " DOMAINNAME); 27010Sstevel@tonic-gate retcode += rc; 27020Sstevel@tonic-gate if (mode_verbose) 27030Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 27040Sstevel@tonic-gate gettext("mod_recover: recovery %s for %s\n"), 27050Sstevel@tonic-gate rc ? "failed" : "successful", DOMAINNAME); 27060Sstevel@tonic-gate 27070Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) 27080Sstevel@tonic-gate retcode = CLIENT_ERR_RENAME; 27090Sstevel@tonic-gate return (retcode); 27100Sstevel@tonic-gate } 27110Sstevel@tonic-gate 27120Sstevel@tonic-gate /* 27130Sstevel@tonic-gate * mod_cleanup() 27140Sstevel@tonic-gate * 27150Sstevel@tonic-gate * This function removes the .mod files in /var/ldap. 27160Sstevel@tonic-gate */ 27170Sstevel@tonic-gate static void 27180Sstevel@tonic-gate mod_cleanup(void) 27190Sstevel@tonic-gate { 27200Sstevel@tonic-gate (void) system(CMD_RM " " NSCONFIGFILE ".mod " TO_DEV_NULL); 27210Sstevel@tonic-gate (void) system(CMD_RM " " NSCREDFILE ".mod " TO_DEV_NULL); 27220Sstevel@tonic-gate (void) system(CMD_RM " " DOMAINNAME ".mod " TO_DEV_NULL); 27230Sstevel@tonic-gate } 27240Sstevel@tonic-gate 27250Sstevel@tonic-gate #define MAX_DN_ARRAY 100 27260Sstevel@tonic-gate #define LDAP_NAMINGCONTEXTS "namingcontexts" 27270Sstevel@tonic-gate 27280Sstevel@tonic-gate static char * 27290Sstevel@tonic-gate findBaseDN(char *server) 27300Sstevel@tonic-gate { 27310Sstevel@tonic-gate int ret; 27320Sstevel@tonic-gate ns_ldap_entry_t *entry; 27330Sstevel@tonic-gate ns_ldap_result_t *resultp; 27340Sstevel@tonic-gate ns_ldap_error_t *errorp = NULL; 27350Sstevel@tonic-gate char filter[BUFSIZ], *rootDN[MAX_DN_ARRAY], *nisBaseDN; 27360Sstevel@tonic-gate char *attribute[] = { LDAP_NAMINGCONTEXTS, NULL }; 27370Sstevel@tonic-gate int root_cnt, found_cxt; 27380Sstevel@tonic-gate int i, j, k, retcode; 27390Sstevel@tonic-gate 27400Sstevel@tonic-gate if (mode_verbose) 27410Sstevel@tonic-gate CLIENT_FPUTS(gettext("findBaseDN: begins\n"), stderr); 27420Sstevel@tonic-gate 27430Sstevel@tonic-gate if (dname == NULL) 27440Sstevel@tonic-gate return (NULL); 27450Sstevel@tonic-gate 27460Sstevel@tonic-gate if (is_service(LDAP_FMRI, SCF_STATE_STRING_ONLINE)) { 27470Sstevel@tonic-gate gStartLdap = START_RESET; /* reset flag for err cases */ 27480Sstevel@tonic-gate if (mode_verbose) 27490Sstevel@tonic-gate CLIENT_FPUTS(gettext("findBaseDN: Stopping ldap\n"), 27500Sstevel@tonic-gate stderr); 27510Sstevel@tonic-gate ret = disable_service(LDAP_FMRI, B_TRUE); 27520Sstevel@tonic-gate if (ret != 0) { 27530Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("findBaseDN: Stopping " 27540Sstevel@tonic-gate "ldap failed with (%d)\n"), ret); 27550Sstevel@tonic-gate return (NULL); 27560Sstevel@tonic-gate } 27570Sstevel@tonic-gate (void) unlink(LDAP_CACHE_LOG); 27580Sstevel@tonic-gate } else { 27590Sstevel@tonic-gate if (mode_verbose) 27600Sstevel@tonic-gate CLIENT_FPUTS(gettext("findBaseDN: ldap not running\n"), 27610Sstevel@tonic-gate stderr); 27620Sstevel@tonic-gate } 27630Sstevel@tonic-gate 27640Sstevel@tonic-gate if (mode_verbose) 27650Sstevel@tonic-gate CLIENT_FPUTS( 27660Sstevel@tonic-gate gettext("findBaseDN: calling " 27670Sstevel@tonic-gate "__ns_ldap_default_config()\n"), 27680Sstevel@tonic-gate stderr); 27690Sstevel@tonic-gate __ns_ldap_default_config(); 27700Sstevel@tonic-gate 27710Sstevel@tonic-gate retcode = __ns_ldap_setParam(NS_LDAP_SERVERS_P, 27720Sstevel@tonic-gate (void *)server, &errorp); 27730Sstevel@tonic-gate if (retcode != NS_LDAP_SUCCESS) { 27740Sstevel@tonic-gate goto findDN_err_exit; 27750Sstevel@tonic-gate } 27760Sstevel@tonic-gate 27770Sstevel@tonic-gate retcode = __ns_ldap_setParam(NS_LDAP_AUTH_P, 27780Sstevel@tonic-gate (void *)"NS_LDAP_AUTH_NONE", &errorp); 27790Sstevel@tonic-gate if (retcode != NS_LDAP_SUCCESS) { 27800Sstevel@tonic-gate goto findDN_err_exit; 27810Sstevel@tonic-gate } 27820Sstevel@tonic-gate 27830Sstevel@tonic-gate retcode = __ns_ldap_setParam(NS_LDAP_TRANSPORT_SEC_P, 27840Sstevel@tonic-gate (void *)"NS_LDAP_SEC_NONE", &errorp); 27850Sstevel@tonic-gate if (retcode != NS_LDAP_SUCCESS) { 27860Sstevel@tonic-gate goto findDN_err_exit; 27870Sstevel@tonic-gate } 27880Sstevel@tonic-gate 27890Sstevel@tonic-gate retcode = __ns_ldap_setParam(NS_LDAP_SEARCH_BASEDN_P, 27900Sstevel@tonic-gate (void *)"", &errorp); 27910Sstevel@tonic-gate if (retcode != NS_LDAP_SUCCESS) { 27920Sstevel@tonic-gate goto findDN_err_exit; 27930Sstevel@tonic-gate } 27940Sstevel@tonic-gate 27950Sstevel@tonic-gate retcode = __ns_ldap_setParam(NS_LDAP_SEARCH_SCOPE_P, 27960Sstevel@tonic-gate (void *)"NS_LDAP_SCOPE_BASE", &errorp); 27970Sstevel@tonic-gate if (retcode != NS_LDAP_SUCCESS) { 27980Sstevel@tonic-gate goto findDN_err_exit; 27990Sstevel@tonic-gate } 28000Sstevel@tonic-gate 28010Sstevel@tonic-gate (void) strcpy(&filter[0], "(objectclass=*)"); 28020Sstevel@tonic-gate 28030Sstevel@tonic-gate ret = __ns_ldap_list(NULL, filter, NULL, (const char **)attribute, 28040Sstevel@tonic-gate NULL, 0, &resultp, &errorp, NULL, NULL); 28050Sstevel@tonic-gate if (NULL == resultp) { 28060Sstevel@tonic-gate if (mode_verbose) 28070Sstevel@tonic-gate CLIENT_FPUTS( 28080Sstevel@tonic-gate gettext("__ns_ldap_list return NULL resultp\n"), 28090Sstevel@tonic-gate stderr); 28100Sstevel@tonic-gate 28110Sstevel@tonic-gate goto findDN_err_exit; 28120Sstevel@tonic-gate } 28130Sstevel@tonic-gate 28140Sstevel@tonic-gate for (i = 0; i < MAX_DN_ARRAY; i++) 28150Sstevel@tonic-gate rootDN[i] = NULL; 28160Sstevel@tonic-gate root_cnt = 0; 28170Sstevel@tonic-gate entry = resultp->entry; 28180Sstevel@tonic-gate for (i = 0; i < resultp->entries_count; i++) { 28190Sstevel@tonic-gate for (j = 0; j < entry->attr_count; j++) { 28200Sstevel@tonic-gate char *cp; 28210Sstevel@tonic-gate 28220Sstevel@tonic-gate cp = entry->attr_pair[j]->attrname; 28230Sstevel@tonic-gate if (0 != j) { 28240Sstevel@tonic-gate for (k = 0; entry->attr_pair[j]->attrvalue[k]; k++) 28250Sstevel@tonic-gate if (0 == strcasecmp(cp, LDAP_NAMINGCONTEXTS)) { 28260Sstevel@tonic-gate if (NULL == rootDN[root_cnt]) 28270Sstevel@tonic-gate rootDN[root_cnt++] = strdup(entry->attr_pair[j] 28280Sstevel@tonic-gate ->attrvalue[k]); 28290Sstevel@tonic-gate if (rootDN[root_cnt-1] == NULL) { 28300Sstevel@tonic-gate root_cnt--; 28310Sstevel@tonic-gate CLIENT_FPUTS(gettext("Memory " 28320Sstevel@tonic-gate "allocation error.\n"), stderr); 28330Sstevel@tonic-gate /* 28340Sstevel@tonic-gate * fall through and let processing happen on the 28350Sstevel@tonic-gate * rootDNs found to this point. Most likely 28360Sstevel@tonic-gate * things will fall apart if we are out of memory! 28370Sstevel@tonic-gate */ 28380Sstevel@tonic-gate break; 28390Sstevel@tonic-gate } 28400Sstevel@tonic-gate } 28410Sstevel@tonic-gate } 28420Sstevel@tonic-gate } 28430Sstevel@tonic-gate entry = entry->next; 28440Sstevel@tonic-gate } 28450Sstevel@tonic-gate (void) __ns_ldap_freeResult(&resultp); 28460Sstevel@tonic-gate if (mode_verbose) 28470Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 28480Sstevel@tonic-gate gettext("found %d namingcontexts\n"), root_cnt); 28490Sstevel@tonic-gate if (root_cnt == 0) { 28500Sstevel@tonic-gate CLIENT_FPUTS(gettext("Cannot find the rootDN\n"), stderr); 28510Sstevel@tonic-gate goto findDN_err_exit; 28520Sstevel@tonic-gate } 28530Sstevel@tonic-gate found_cxt = -1; 28540Sstevel@tonic-gate for (i = 0; i < root_cnt; i++) { 28550Sstevel@tonic-gate retcode = __ns_ldap_setParam(NS_LDAP_SEARCH_BASEDN_P, 28560Sstevel@tonic-gate (void *)rootDN[i], &errorp); 28570Sstevel@tonic-gate if (NS_LDAP_SUCCESS != retcode) { 28580Sstevel@tonic-gate CLIENT_FPUTS( 28590Sstevel@tonic-gate gettext("Error setting param " 28600Sstevel@tonic-gate "NS_LDAP_SEARCH_BASEDN_P\n"), stderr); 28610Sstevel@tonic-gate goto findDN_err_exit; 28620Sstevel@tonic-gate } 28630Sstevel@tonic-gate retcode = __ns_ldap_setParam(NS_LDAP_SEARCH_SCOPE_P, 28640Sstevel@tonic-gate (void *)"NS_LDAP_SCOPE_SUBTREE", &errorp); 28650Sstevel@tonic-gate if (NS_LDAP_SUCCESS != retcode) { 28660Sstevel@tonic-gate CLIENT_FPUTS( 28670Sstevel@tonic-gate gettext("Error setting param " 28680Sstevel@tonic-gate "NS_LDAP_SEARCH_SCOPE_P\n"), 28690Sstevel@tonic-gate stderr); 28700Sstevel@tonic-gate goto findDN_err_exit; 28710Sstevel@tonic-gate } 28720Sstevel@tonic-gate (void) snprintf(&filter[0], BUFSIZ, 28730Sstevel@tonic-gate "(&(objectclass=nisDomainObject)(nisdomain=%s))", 28740Sstevel@tonic-gate dname); 28750Sstevel@tonic-gate if (mode_verbose) { 28760Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 28770Sstevel@tonic-gate gettext("findBaseDN: __ns_ldap_list(NULL, \"%s\"\n"), 28780Sstevel@tonic-gate filter); 28790Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 28800Sstevel@tonic-gate gettext("rootDN[%d] %s\n"), i, rootDN[i]); 28810Sstevel@tonic-gate } 28820Sstevel@tonic-gate ret = __ns_ldap_list(NULL, filter, NULL, (const char **)NULL, 28830Sstevel@tonic-gate NULL, 0, &resultp, &errorp, NULL, NULL); 28840Sstevel@tonic-gate if (ret == NS_LDAP_SUCCESS) { 28850Sstevel@tonic-gate found_cxt = i; 28860Sstevel@tonic-gate break; 28870Sstevel@tonic-gate } else { 28880Sstevel@tonic-gate if (mode_verbose) 28890Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 28900Sstevel@tonic-gate gettext("NOTFOUND:Could not find the " 28910Sstevel@tonic-gate "nisDomainObject for DN %s\n"), 28920Sstevel@tonic-gate rootDN[i]); 28930Sstevel@tonic-gate } 28940Sstevel@tonic-gate } 28950Sstevel@tonic-gate if (-1 == found_cxt) { 28960Sstevel@tonic-gate if (mode_verbose) 28970Sstevel@tonic-gate CLIENT_FPUTS(gettext("found_cxt = -1\n"), stderr); 28980Sstevel@tonic-gate goto findDN_err_exit; 28990Sstevel@tonic-gate } 29000Sstevel@tonic-gate if (resultp == NULL) { 29010Sstevel@tonic-gate CLIENT_FPUTS(gettext("resultp is NULL\n"), stderr); 29020Sstevel@tonic-gate goto findDN_err_exit; 29030Sstevel@tonic-gate } 29040Sstevel@tonic-gate entry = resultp->entry; 29050Sstevel@tonic-gate if (entry == NULL) { 29060Sstevel@tonic-gate CLIENT_FPUTS(gettext("entry is NULL\n"), stderr); 29070Sstevel@tonic-gate goto findDN_err_exit; 29080Sstevel@tonic-gate } 29090Sstevel@tonic-gate 29100Sstevel@tonic-gate nisBaseDN = strdup(entry->attr_pair[0]->attrvalue[0]); 29110Sstevel@tonic-gate 29120Sstevel@tonic-gate (void) __ns_ldap_freeResult(&resultp); 29130Sstevel@tonic-gate 29140Sstevel@tonic-gate if (mode_verbose) 29150Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 29160Sstevel@tonic-gate gettext("found baseDN %s for domain %s\n"), 29170Sstevel@tonic-gate nisBaseDN ? nisBaseDN : "NULL", dname); 29180Sstevel@tonic-gate 29190Sstevel@tonic-gate return (nisBaseDN); 29200Sstevel@tonic-gate 29210Sstevel@tonic-gate findDN_err_exit: 29220Sstevel@tonic-gate if (mode_verbose) { 29230Sstevel@tonic-gate CLIENT_FPUTS(gettext("findBaseDN: Err exit\n"), stderr); 29240Sstevel@tonic-gate } 29250Sstevel@tonic-gate if (NULL != errorp) { 29260Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("\t%s\n"), errorp->message); 29270Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp); 29280Sstevel@tonic-gate } 29290Sstevel@tonic-gate return (NULL); 29300Sstevel@tonic-gate } 29310Sstevel@tonic-gate 29320Sstevel@tonic-gate static multival_t * 29330Sstevel@tonic-gate multival_new() 29340Sstevel@tonic-gate { 29350Sstevel@tonic-gate multival_t *hold; 29360Sstevel@tonic-gate 29370Sstevel@tonic-gate hold = calloc(1, sizeof (multival_t)); 29380Sstevel@tonic-gate if (hold == NULL) { 29390Sstevel@tonic-gate CLIENT_FPUTS( 29400Sstevel@tonic-gate gettext("multival_new: Memory allocation error\n"), 29410Sstevel@tonic-gate stderr); 29420Sstevel@tonic-gate } 29430Sstevel@tonic-gate return (hold); /* NULL -> error */ 29440Sstevel@tonic-gate } 29450Sstevel@tonic-gate 29460Sstevel@tonic-gate static int 29470Sstevel@tonic-gate multival_add(multival_t *list, char *opt) 29480Sstevel@tonic-gate { 29490Sstevel@tonic-gate if (opt == NULL) { 29500Sstevel@tonic-gate CLIENT_FPUTS( 29510Sstevel@tonic-gate gettext("Empty value passed to multival_add\n"), 29520Sstevel@tonic-gate stderr); 29530Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 29540Sstevel@tonic-gate } 29550Sstevel@tonic-gate 29560Sstevel@tonic-gate if (list->count == 0) { 29570Sstevel@tonic-gate list->optlist = (char **)malloc(sizeof (char **)); 29580Sstevel@tonic-gate } else { 29590Sstevel@tonic-gate list->optlist = (char **)realloc(list->optlist, 29600Sstevel@tonic-gate (list->count + 1) * sizeof (char **)); 29610Sstevel@tonic-gate } 29620Sstevel@tonic-gate 29630Sstevel@tonic-gate if (list->optlist == NULL) { 29640Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error allocating memory\n"), stderr); 29650Sstevel@tonic-gate return (CLIENT_ERR_MEMORY); /* 0 is success */ 29660Sstevel@tonic-gate } 29670Sstevel@tonic-gate 29680Sstevel@tonic-gate list->optlist[list->count] = opt; 29690Sstevel@tonic-gate list->count++; 29700Sstevel@tonic-gate 29710Sstevel@tonic-gate return (CLIENT_SUCCESS); 29720Sstevel@tonic-gate } 29730Sstevel@tonic-gate 29740Sstevel@tonic-gate static void 29750Sstevel@tonic-gate multival_free(multival_t *list) 29760Sstevel@tonic-gate { 29770Sstevel@tonic-gate if (list == NULL) 29780Sstevel@tonic-gate return; 29790Sstevel@tonic-gate 29800Sstevel@tonic-gate if (list->optlist != NULL) 29810Sstevel@tonic-gate free(list->optlist); 29820Sstevel@tonic-gate free(list); 29830Sstevel@tonic-gate } 29840Sstevel@tonic-gate 29850Sstevel@tonic-gate static clientopts_t * 29860Sstevel@tonic-gate clientopts_new() 29870Sstevel@tonic-gate { 29880Sstevel@tonic-gate clientopts_t *hold; 29890Sstevel@tonic-gate 29900Sstevel@tonic-gate hold = calloc(1, sizeof (clientopts_t)); 29910Sstevel@tonic-gate if (NULL == hold) { 29920Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error allocating memory for " 29930Sstevel@tonic-gate "clientopts structure\n"), stderr); 29940Sstevel@tonic-gate return (hold); /* NULL -> error */ 29950Sstevel@tonic-gate } 29960Sstevel@tonic-gate 29970Sstevel@tonic-gate hold->serviceAuthenticationMethod = multival_new(); 29980Sstevel@tonic-gate if (NULL == hold->serviceAuthenticationMethod) { 29990Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error allocating memory for " 30000Sstevel@tonic-gate "serviceAuthenticationMethod\n"), stderr); 30010Sstevel@tonic-gate free(hold); 30020Sstevel@tonic-gate return (NULL); /* NULL -> error */ 30030Sstevel@tonic-gate } 30040Sstevel@tonic-gate 30050Sstevel@tonic-gate hold->serviceCredentialLevel = multival_new(); 30060Sstevel@tonic-gate if (NULL == hold->serviceCredentialLevel) { 30070Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error allocating memory for " 30080Sstevel@tonic-gate "serviceCredentialLevel\n"), stderr); 30090Sstevel@tonic-gate multival_free(hold->serviceAuthenticationMethod); 30100Sstevel@tonic-gate free(hold); 30110Sstevel@tonic-gate return (NULL); /* NULL -> error */ 30120Sstevel@tonic-gate } 30130Sstevel@tonic-gate 30140Sstevel@tonic-gate hold->objectclassMap = multival_new(); 30150Sstevel@tonic-gate if (NULL == hold->objectclassMap) { 30160Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error allocating memory for " 30170Sstevel@tonic-gate "objectclassMap\n"), stderr); 30180Sstevel@tonic-gate multival_free(hold->serviceAuthenticationMethod); 30190Sstevel@tonic-gate multival_free(hold->serviceCredentialLevel); 30200Sstevel@tonic-gate free(hold); 30210Sstevel@tonic-gate return (NULL); /* NULL -> error */ 30220Sstevel@tonic-gate } 30230Sstevel@tonic-gate 30240Sstevel@tonic-gate hold->attributeMap = multival_new(); 30250Sstevel@tonic-gate if (NULL == hold->attributeMap) { 30260Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error allocating memory for " 30270Sstevel@tonic-gate "attributeMap\n"), stderr); 30280Sstevel@tonic-gate multival_free(hold->serviceAuthenticationMethod); 30290Sstevel@tonic-gate multival_free(hold->serviceCredentialLevel); 30300Sstevel@tonic-gate multival_free(hold->objectclassMap); 30310Sstevel@tonic-gate free(hold); 30320Sstevel@tonic-gate return (NULL); /* NULL -> error */ 30330Sstevel@tonic-gate } 30340Sstevel@tonic-gate 30350Sstevel@tonic-gate hold->serviceSearchDescriptor = multival_new(); 30360Sstevel@tonic-gate if (NULL == hold->serviceSearchDescriptor) { 30370Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error allocating memory for " 30380Sstevel@tonic-gate "serviceSearchDescriptor\n"), stderr); 30390Sstevel@tonic-gate multival_free(hold->serviceAuthenticationMethod); 30400Sstevel@tonic-gate multival_free(hold->serviceCredentialLevel); 30410Sstevel@tonic-gate multival_free(hold->objectclassMap); 30420Sstevel@tonic-gate multival_free(hold->attributeMap); 30430Sstevel@tonic-gate free(hold); 30440Sstevel@tonic-gate return (NULL); /* NULL -> error */ 30450Sstevel@tonic-gate } 30460Sstevel@tonic-gate 30470Sstevel@tonic-gate return (hold); 30480Sstevel@tonic-gate } 30490Sstevel@tonic-gate 30500Sstevel@tonic-gate static void 30510Sstevel@tonic-gate clientopts_free(clientopts_t *list) 30520Sstevel@tonic-gate { 30530Sstevel@tonic-gate if (NULL == list) 30540Sstevel@tonic-gate return; 30550Sstevel@tonic-gate 30560Sstevel@tonic-gate multival_free(list->serviceAuthenticationMethod); 30570Sstevel@tonic-gate multival_free(list->serviceCredentialLevel); 30580Sstevel@tonic-gate multival_free(list->objectclassMap); 30590Sstevel@tonic-gate multival_free(list->attributeMap); 30600Sstevel@tonic-gate multival_free(list->serviceSearchDescriptor); 30610Sstevel@tonic-gate 30620Sstevel@tonic-gate free(list); 30630Sstevel@tonic-gate 30640Sstevel@tonic-gate } 30650Sstevel@tonic-gate 30660Sstevel@tonic-gate static void 30670Sstevel@tonic-gate multival_list(char *opt, multival_t *list) 30680Sstevel@tonic-gate { 30690Sstevel@tonic-gate int i; 30700Sstevel@tonic-gate 30710Sstevel@tonic-gate if (list->count == 0) 30720Sstevel@tonic-gate return; 30730Sstevel@tonic-gate 30740Sstevel@tonic-gate (void) puts(opt); 30750Sstevel@tonic-gate for (i = 0; i < list->count; i++) { 30760Sstevel@tonic-gate (void) printf("\t\targ[%d]: %s\n", i, list->optlist[i]); 30770Sstevel@tonic-gate } 30780Sstevel@tonic-gate } 30790Sstevel@tonic-gate 30800Sstevel@tonic-gate /* return the number of arguments specified in the command line */ 30810Sstevel@tonic-gate static int 30820Sstevel@tonic-gate num_args(clientopts_t *list) 30830Sstevel@tonic-gate { 30840Sstevel@tonic-gate int arg_count = 0; 30850Sstevel@tonic-gate 30860Sstevel@tonic-gate arg_count += list->authenticationMethod ? 1 : 0; 30870Sstevel@tonic-gate arg_count += list->serviceAuthenticationMethod->count; 30880Sstevel@tonic-gate arg_count += list->defaultSearchBase ? 1 : 0; 30890Sstevel@tonic-gate arg_count += list->credentialLevel ? 1 : 0; 30900Sstevel@tonic-gate arg_count += list->serviceCredentialLevel->count; 30910Sstevel@tonic-gate arg_count += list->domainName ? 1 : 0; 30920Sstevel@tonic-gate arg_count += list->proxyDN ? 1 : 0; 30930Sstevel@tonic-gate arg_count += list->profileTTL ? 1 : 0; 30940Sstevel@tonic-gate arg_count += list->objectclassMap->count; 30950Sstevel@tonic-gate arg_count += list->searchTimeLimit ? 1 : 0; 30960Sstevel@tonic-gate arg_count += list->preferredServerList ? 1 : 0; 30970Sstevel@tonic-gate arg_count += list->profileName ? 1 : 0; 30980Sstevel@tonic-gate arg_count += list->followReferrals ? 1 : 0; 30990Sstevel@tonic-gate arg_count += list->attributeMap->count; 31000Sstevel@tonic-gate arg_count += list->defaultSearchScope ? 1 : 0; 31010Sstevel@tonic-gate arg_count += list->serviceSearchDescriptor->count; 31020Sstevel@tonic-gate arg_count += list->bindTimeLimit ? 1 : 0; 31030Sstevel@tonic-gate arg_count += list->proxyPassword ? 1 : 0; 31040Sstevel@tonic-gate arg_count += list->defaultServerList ? 1 : 0; 31050Sstevel@tonic-gate arg_count += list->certificatePath ? 1 : 0; 31060Sstevel@tonic-gate 31070Sstevel@tonic-gate return (arg_count); 31080Sstevel@tonic-gate } 31090Sstevel@tonic-gate 31100Sstevel@tonic-gate #define CLIENT_PRINT(opt, str) if (str) \ 31110Sstevel@tonic-gate (void) printf("%s%s\n", (opt), (str)) 31120Sstevel@tonic-gate 31130Sstevel@tonic-gate static void 31140Sstevel@tonic-gate dumpargs(clientopts_t *list) 31150Sstevel@tonic-gate { 31160Sstevel@tonic-gate CLIENT_PRINT("\tauthenticationMethod: ", list->authenticationMethod); 31170Sstevel@tonic-gate multival_list("\tserviceAuthenticationMethod: ", 31180Sstevel@tonic-gate list->serviceAuthenticationMethod); 31190Sstevel@tonic-gate CLIENT_PRINT("\tdefaultSearchBase: ", list->defaultSearchBase); 31200Sstevel@tonic-gate CLIENT_PRINT("\tcredentialLevel: ", list->credentialLevel); 31210Sstevel@tonic-gate multival_list("\tserviceCredentialLevel: ", 31220Sstevel@tonic-gate list->serviceCredentialLevel); 31230Sstevel@tonic-gate CLIENT_PRINT("\tdomainName: ", list->domainName); 31240Sstevel@tonic-gate CLIENT_PRINT("\tproxyDN: ", list->proxyDN); 31250Sstevel@tonic-gate CLIENT_PRINT("\tprofileTTL: ", list->profileTTL); 31260Sstevel@tonic-gate multival_list("\tobjectclassMap: ", list->objectclassMap); 31270Sstevel@tonic-gate CLIENT_PRINT("\tsearchTimeLimit: ", list->searchTimeLimit); 31280Sstevel@tonic-gate CLIENT_PRINT("\tpreferredServerList: ", list->preferredServerList); 31290Sstevel@tonic-gate CLIENT_PRINT("\tprofileName: ", list->profileName); 31300Sstevel@tonic-gate CLIENT_PRINT("\tfollowReferrals: ", list->followReferrals); 31310Sstevel@tonic-gate multival_list("\tattributeMap: ", list->attributeMap); 31320Sstevel@tonic-gate CLIENT_PRINT("\tdefaultSearchScope: ", list->defaultSearchScope); 31330Sstevel@tonic-gate multival_list("\tserviceSearchDescriptor: ", 31340Sstevel@tonic-gate list->serviceSearchDescriptor); 31350Sstevel@tonic-gate CLIENT_PRINT("\tbindTimeLimit: ", list->bindTimeLimit); 31360Sstevel@tonic-gate CLIENT_PRINT("\tproxyPassword: ", list->proxyPassword); 31370Sstevel@tonic-gate CLIENT_PRINT("\tdefaultServerList: ", list->defaultServerList); 31380Sstevel@tonic-gate CLIENT_PRINT("\tcertificatePath: ", list->certificatePath); 31390Sstevel@tonic-gate } 31400Sstevel@tonic-gate 31410Sstevel@tonic-gate 31420Sstevel@tonic-gate /* These definitions are only used in parseParam() below. */ 31430Sstevel@tonic-gate struct param { 31440Sstevel@tonic-gate char *name; 31450Sstevel@tonic-gate int index; 31460Sstevel@tonic-gate }; 31470Sstevel@tonic-gate 31480Sstevel@tonic-gate static struct param paramArray[] = { 31490Sstevel@tonic-gate {"proxyDN", NS_LDAP_BINDDN_P}, 31500Sstevel@tonic-gate {"proxyPassword", NS_LDAP_BINDPASSWD_P}, 31510Sstevel@tonic-gate {"defaultServerList", NS_LDAP_SERVERS_P}, 31520Sstevel@tonic-gate {"defaultSearchBase", NS_LDAP_SEARCH_BASEDN_P}, 31530Sstevel@tonic-gate {"authenticationMethod", NS_LDAP_AUTH_P}, 31540Sstevel@tonic-gate {"followReferrals", NS_LDAP_SEARCH_REF_P}, 31550Sstevel@tonic-gate {"profileTTL", NS_LDAP_CACHETTL_P}, 31560Sstevel@tonic-gate {"certificatePath", NS_LDAP_HOST_CERTPATH_P}, 31570Sstevel@tonic-gate {"defaultSearchScope", NS_LDAP_SEARCH_SCOPE_P}, 31580Sstevel@tonic-gate {"bindTimeLimit", NS_LDAP_BIND_TIME_P}, 31590Sstevel@tonic-gate {"searchTimeLimit", NS_LDAP_SEARCH_TIME_P}, 31600Sstevel@tonic-gate {"preferredServerList", NS_LDAP_SERVER_PREF_P}, 31610Sstevel@tonic-gate {"profileName", NS_LDAP_PROFILE_P}, 31620Sstevel@tonic-gate {"credentialLevel", NS_LDAP_CREDENTIAL_LEVEL_P}, 31630Sstevel@tonic-gate {"serviceSearchDescriptor", NS_LDAP_SERVICE_SEARCH_DESC_P}, 31640Sstevel@tonic-gate {"attributeMap", NS_LDAP_ATTRIBUTEMAP_P}, 31650Sstevel@tonic-gate {"objectclassMap", NS_LDAP_OBJECTCLASSMAP_P}, 31660Sstevel@tonic-gate {"serviceAuthenticationMethod", NS_LDAP_SERVICE_AUTH_METHOD_P}, 31670Sstevel@tonic-gate {"serviceCredentialLevel", NS_LDAP_SERVICE_CRED_LEVEL_P}, 31680Sstevel@tonic-gate {"domainName", LOCAL_DOMAIN_P}, 31690Sstevel@tonic-gate {NULL, 0} 31700Sstevel@tonic-gate }; 31710Sstevel@tonic-gate 31720Sstevel@tonic-gate static int 31730Sstevel@tonic-gate parseParam(char *param, char **paramVal) 31740Sstevel@tonic-gate { 31750Sstevel@tonic-gate char *val = NULL; 31760Sstevel@tonic-gate int counter; 31770Sstevel@tonic-gate 31780Sstevel@tonic-gate if (mode_verbose) { 31790Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Parsing %s\n"), param); 31800Sstevel@tonic-gate } 31810Sstevel@tonic-gate 31820Sstevel@tonic-gate val = strchr(param, '='); 31830Sstevel@tonic-gate if (val == NULL) { 31840Sstevel@tonic-gate CLIENT_FPUTS( 31850Sstevel@tonic-gate gettext("Didn\'t find \'=\' character in string\n"), 31860Sstevel@tonic-gate stderr); 31870Sstevel@tonic-gate paramVal = NULL; 31880Sstevel@tonic-gate return (CLIENT_ERR_PARSE); 31890Sstevel@tonic-gate } 31900Sstevel@tonic-gate 31910Sstevel@tonic-gate *val = '\0'; 31920Sstevel@tonic-gate 31930Sstevel@tonic-gate for (counter = 0; paramArray[counter].name != NULL; counter++) { 31940Sstevel@tonic-gate if (strcasecmp(paramArray[counter].name, param) == 0) { 31950Sstevel@tonic-gate *paramVal = val+1; 31960Sstevel@tonic-gate *val = '='; /* restore original param */ 31970Sstevel@tonic-gate return (paramArray[counter].index); 31980Sstevel@tonic-gate } 31990Sstevel@tonic-gate } 32000Sstevel@tonic-gate 32010Sstevel@tonic-gate /* Not found */ 32020Sstevel@tonic-gate *val = '='; /* restore original param */ 32030Sstevel@tonic-gate *paramVal = NULL; 32040Sstevel@tonic-gate return (CLIENT_ERR_PARSE); 32050Sstevel@tonic-gate } 32060Sstevel@tonic-gate 32070Sstevel@tonic-gate /* 32080Sstevel@tonic-gate * The following macro checks if an option has already been specified 32090Sstevel@tonic-gate * and errs out with usage if so 32100Sstevel@tonic-gate */ 32110Sstevel@tonic-gate #define CLIENT_OPT_CHECK(opt, optarg) \ 32120Sstevel@tonic-gate if (optarg) { \ 32130Sstevel@tonic-gate CLIENT_FPUTS(gettext("Invalid use of option\n"), stderr); \ 32140Sstevel@tonic-gate usage(); \ 32150Sstevel@tonic-gate clientopts_free(optlist); \ 32160Sstevel@tonic-gate return (CLIENT_ERR_FAIL); \ 32170Sstevel@tonic-gate } 32180Sstevel@tonic-gate 32190Sstevel@tonic-gate static int 32200Sstevel@tonic-gate clientSetParam(clientopts_t *optlist, int paramFlag, char *attrVal) 32210Sstevel@tonic-gate { 32220Sstevel@tonic-gate int retcode = 0; 32230Sstevel@tonic-gate int counter; 32240Sstevel@tonic-gate 32250Sstevel@tonic-gate 32260Sstevel@tonic-gate switch (paramFlag) { 32270Sstevel@tonic-gate case NS_LDAP_AUTH_P: 32280Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->authenticationMethod); 32290Sstevel@tonic-gate optlist->authenticationMethod = attrVal; 32300Sstevel@tonic-gate break; 32310Sstevel@tonic-gate 32320Sstevel@tonic-gate case NS_LDAP_SERVICE_AUTH_METHOD_P: /* multiple allowed */ 32330Sstevel@tonic-gate retcode = multival_add(optlist->serviceAuthenticationMethod, 32340Sstevel@tonic-gate attrVal); 32350Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 32360Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 32370Sstevel@tonic-gate gettext("Error processing attrVal %s\n"), 32380Sstevel@tonic-gate attrVal?attrVal:"NULL"); 32390Sstevel@tonic-gate usage(); 32400Sstevel@tonic-gate clientopts_free(optlist); 32410Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 32420Sstevel@tonic-gate } 32430Sstevel@tonic-gate break; 32440Sstevel@tonic-gate 32450Sstevel@tonic-gate case NS_LDAP_SEARCH_BASEDN_P: 32460Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->defaultSearchBase); 32470Sstevel@tonic-gate optlist->defaultSearchBase = attrVal; 32480Sstevel@tonic-gate break; 32490Sstevel@tonic-gate 32500Sstevel@tonic-gate case NS_LDAP_CREDENTIAL_LEVEL_P: 32510Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->credentialLevel); 32520Sstevel@tonic-gate optlist->credentialLevel = attrVal; 32530Sstevel@tonic-gate break; 32540Sstevel@tonic-gate 32550Sstevel@tonic-gate case NS_LDAP_SERVICE_CRED_LEVEL_P: /* multiple allowed */ 32560Sstevel@tonic-gate retcode = multival_add(optlist->serviceCredentialLevel, 32570Sstevel@tonic-gate attrVal); 32580Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 32590Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 32600Sstevel@tonic-gate gettext("Error processing attrVal %s\n"), 32610Sstevel@tonic-gate attrVal?attrVal:"NULL"); 32620Sstevel@tonic-gate usage(); 32630Sstevel@tonic-gate clientopts_free(optlist); 32640Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 32650Sstevel@tonic-gate } 32660Sstevel@tonic-gate break; 32670Sstevel@tonic-gate 32680Sstevel@tonic-gate case LOCAL_DOMAIN_P: 32690Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->domainName); 32700Sstevel@tonic-gate optlist->domainName = attrVal; 32710Sstevel@tonic-gate dname = optlist->domainName; 32720Sstevel@tonic-gate break; 32730Sstevel@tonic-gate 32740Sstevel@tonic-gate case NS_LDAP_BINDDN_P: 32750Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->proxyDN); 32760Sstevel@tonic-gate optlist->proxyDN = attrVal; 32770Sstevel@tonic-gate break; 32780Sstevel@tonic-gate 32790Sstevel@tonic-gate case NS_LDAP_CACHETTL_P: 32800Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->profileTTL); 32810Sstevel@tonic-gate optlist->profileTTL = attrVal; 32820Sstevel@tonic-gate break; 32830Sstevel@tonic-gate 32840Sstevel@tonic-gate case NS_LDAP_OBJECTCLASSMAP_P: /* multiple allowed */ 32850Sstevel@tonic-gate retcode = multival_add(optlist->objectclassMap, attrVal); 32860Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 32870Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 32880Sstevel@tonic-gate gettext("Error processing attrVal %s\n"), 32890Sstevel@tonic-gate attrVal?attrVal:"NULL"); 32900Sstevel@tonic-gate usage(); 32910Sstevel@tonic-gate clientopts_free(optlist); 32920Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 32930Sstevel@tonic-gate } 32940Sstevel@tonic-gate break; 32950Sstevel@tonic-gate 32960Sstevel@tonic-gate case NS_LDAP_SEARCH_TIME_P: 32970Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->searchTimeLimit); 32980Sstevel@tonic-gate optlist->searchTimeLimit = attrVal; 32990Sstevel@tonic-gate break; 33000Sstevel@tonic-gate 33010Sstevel@tonic-gate case NS_LDAP_SERVER_PREF_P: 33020Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->preferredServerList); 33030Sstevel@tonic-gate optlist->preferredServerList = attrVal; 33040Sstevel@tonic-gate /* replace ',' chars with ' ' for proper syntax */ 33050Sstevel@tonic-gate for (counter = 0; 33060Sstevel@tonic-gate counter < strlen(optlist->preferredServerList); 33070Sstevel@tonic-gate counter++) { 33080Sstevel@tonic-gate 33090Sstevel@tonic-gate if (optlist->preferredServerList[counter] == ',') 33100Sstevel@tonic-gate optlist->preferredServerList[counter] = ' '; 33110Sstevel@tonic-gate } 33120Sstevel@tonic-gate break; 33130Sstevel@tonic-gate 33140Sstevel@tonic-gate case NS_LDAP_PROFILE_P: 33150Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->profileName); 33160Sstevel@tonic-gate optlist->profileName = attrVal; 33170Sstevel@tonic-gate break; 33180Sstevel@tonic-gate 33190Sstevel@tonic-gate case NS_LDAP_SEARCH_REF_P: 33200Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->followReferrals); 33210Sstevel@tonic-gate if (0 == strcasecmp(attrVal, "followref")) 33220Sstevel@tonic-gate optlist->followReferrals = "TRUE"; 33230Sstevel@tonic-gate else if (0 == strcasecmp(attrVal, "noref")) 33240Sstevel@tonic-gate optlist->followReferrals = "FALSE"; 33250Sstevel@tonic-gate else 33260Sstevel@tonic-gate optlist->followReferrals = attrVal; 33270Sstevel@tonic-gate break; 33280Sstevel@tonic-gate 33290Sstevel@tonic-gate case NS_LDAP_ATTRIBUTEMAP_P: /* multiple allowed */ 33300Sstevel@tonic-gate retcode = multival_add(optlist->attributeMap, attrVal); 33310Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 33320Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 33330Sstevel@tonic-gate gettext("Error processing attrVal %s\n"), 33340Sstevel@tonic-gate attrVal?attrVal:"NULL"); 33350Sstevel@tonic-gate usage(); 33360Sstevel@tonic-gate clientopts_free(optlist); 33370Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 33380Sstevel@tonic-gate } 33390Sstevel@tonic-gate break; 33400Sstevel@tonic-gate 33410Sstevel@tonic-gate case NS_LDAP_SEARCH_SCOPE_P: 33420Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->defaultSearchScope); 33430Sstevel@tonic-gate optlist->defaultSearchScope = attrVal; 33440Sstevel@tonic-gate break; 33450Sstevel@tonic-gate 33460Sstevel@tonic-gate case NS_LDAP_SERVICE_SEARCH_DESC_P: /* multiple allowed */ 33470Sstevel@tonic-gate retcode = multival_add(optlist->serviceSearchDescriptor, 33480Sstevel@tonic-gate attrVal); 33490Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) { 33500Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 33510Sstevel@tonic-gate gettext("Error processing attrVal %s\n"), 33520Sstevel@tonic-gate attrVal?attrVal:"NULL"); 33530Sstevel@tonic-gate usage(); 33540Sstevel@tonic-gate clientopts_free(optlist); 33550Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 33560Sstevel@tonic-gate } 33570Sstevel@tonic-gate break; 33580Sstevel@tonic-gate 33590Sstevel@tonic-gate case NS_LDAP_BIND_TIME_P: 33600Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->bindTimeLimit); 33610Sstevel@tonic-gate optlist->bindTimeLimit = attrVal; 33620Sstevel@tonic-gate break; 33630Sstevel@tonic-gate 33640Sstevel@tonic-gate case NS_LDAP_BINDPASSWD_P: 33650Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->proxyPassword); 33660Sstevel@tonic-gate optlist->proxyPassword = attrVal; 33670Sstevel@tonic-gate break; 33680Sstevel@tonic-gate 33690Sstevel@tonic-gate case NS_LDAP_HOST_CERTPATH_P: 33700Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->certificatePath); 33710Sstevel@tonic-gate optlist->certificatePath = attrVal; 33720Sstevel@tonic-gate break; 33730Sstevel@tonic-gate 33740Sstevel@tonic-gate case NS_LDAP_SERVERS_P: 33750Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->defaultServerList); 33760Sstevel@tonic-gate optlist->defaultServerList = attrVal; 33770Sstevel@tonic-gate break; 33780Sstevel@tonic-gate 33790Sstevel@tonic-gate default: 33800Sstevel@tonic-gate usage(); 33810Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 33820Sstevel@tonic-gate /* break; lint doesn't like break before end of switch */ 33830Sstevel@tonic-gate } 33840Sstevel@tonic-gate 33850Sstevel@tonic-gate return (retcode); 33860Sstevel@tonic-gate } 33870Sstevel@tonic-gate 33880Sstevel@tonic-gate /* 33890Sstevel@tonic-gate * file_move() - Used to move a config file (backup/restore). 33900Sstevel@tonic-gate * 33910Sstevel@tonic-gate * This function uses a system() call with /bin/mv to handle the 33920Sstevel@tonic-gate * case where the backup directory (/var) is on a different file 33930Sstevel@tonic-gate * system than the config file (typically /etc). 33940Sstevel@tonic-gate */ 33950Sstevel@tonic-gate static int 33960Sstevel@tonic-gate file_move(const char *from, const char *to) 33970Sstevel@tonic-gate { 33980Sstevel@tonic-gate int retcode; 33990Sstevel@tonic-gate char mvCommand[] = CMD_MV; 34000Sstevel@tonic-gate char cmd_buffer[(2 * MAXPATHLEN) + sizeof (mvCommand) + 3]; 34010Sstevel@tonic-gate 34020Sstevel@tonic-gate (void) snprintf(cmd_buffer, sizeof (cmd_buffer), "%s %s %s", 34030Sstevel@tonic-gate mvCommand, from, to); 34040Sstevel@tonic-gate 34050Sstevel@tonic-gate /* 34060Sstevel@tonic-gate * This function should only be used internally to move 34070Sstevel@tonic-gate * system files to/from the backup directory. For security 34080Sstevel@tonic-gate * reasons (this is run as root), don't use this function 34090Sstevel@tonic-gate * with arguments passed into the program. 34100Sstevel@tonic-gate */ 34110Sstevel@tonic-gate retcode = system(cmd_buffer); 34120Sstevel@tonic-gate 34130Sstevel@tonic-gate return (retcode); 34140Sstevel@tonic-gate } 34150Sstevel@tonic-gate 34160Sstevel@tonic-gate 34170Sstevel@tonic-gate static boolean_t 34180Sstevel@tonic-gate has_port(const char *server) 34190Sstevel@tonic-gate { 34200Sstevel@tonic-gate const char *s; 34210Sstevel@tonic-gate const char *end; 34220Sstevel@tonic-gate 34230Sstevel@tonic-gate /* 34240Sstevel@tonic-gate * Don't check that address is legal - only determine 34250Sstevel@tonic-gate * if there is a port specified - works for both ipv4 and ipv6 34260Sstevel@tonic-gate */ 34270Sstevel@tonic-gate 34280Sstevel@tonic-gate while (server != NULL) { 34290Sstevel@tonic-gate end = strchr(server, ','); 34300Sstevel@tonic-gate if (end == NULL) 34310Sstevel@tonic-gate s = server + strlen(server); 34320Sstevel@tonic-gate else { 34330Sstevel@tonic-gate s = end; 34340Sstevel@tonic-gate end = end + 1; 34350Sstevel@tonic-gate } 34360Sstevel@tonic-gate 34370Sstevel@tonic-gate while (s >= server) { 34380Sstevel@tonic-gate if (*s == ']') 34390Sstevel@tonic-gate break; 34400Sstevel@tonic-gate else if (*s == ':') 34410Sstevel@tonic-gate return (B_TRUE); 34420Sstevel@tonic-gate s--; 34430Sstevel@tonic-gate } 34440Sstevel@tonic-gate server = end; 34450Sstevel@tonic-gate } 34460Sstevel@tonic-gate return (B_FALSE); 34470Sstevel@tonic-gate } 34480Sstevel@tonic-gate 34490Sstevel@tonic-gate 34500Sstevel@tonic-gate /* 34510Sstevel@tonic-gate * Check to see if configured to use tls and some server has a port number 34520Sstevel@tonic-gate * configured. The goal is to help prevent users from configuring impossible 34530Sstevel@tonic-gate * profiles 34540Sstevel@tonic-gate */ 34550Sstevel@tonic-gate 34560Sstevel@tonic-gate static boolean_t 34570Sstevel@tonic-gate is_config_ok(const clientopts_t *list, boolean_t get_config) 34580Sstevel@tonic-gate { 34590Sstevel@tonic-gate boolean_t has_tls = B_FALSE; 34600Sstevel@tonic-gate boolean_t is_ok = B_TRUE; 34610Sstevel@tonic-gate multival_t *m_val; 34620Sstevel@tonic-gate int i, j, len; 34630Sstevel@tonic-gate const char *begin; 34640Sstevel@tonic-gate const char *end; 34650Sstevel@tonic-gate ns_auth_t **authMethod; 34660Sstevel@tonic-gate char **servers; 34670Sstevel@tonic-gate char **sam; 34680Sstevel@tonic-gate ns_ldap_error_t *errorp = NULL; 34690Sstevel@tonic-gate int rc; 34700Sstevel@tonic-gate 34710Sstevel@tonic-gate if (list->authenticationMethod != NULL) { 34720Sstevel@tonic-gate begin = list->authenticationMethod; 34730Sstevel@tonic-gate len = strlen(begin) - 3; 34740Sstevel@tonic-gate for (i = 0; i < len; i++) 34750Sstevel@tonic-gate if (strncasecmp(begin + i, "tls:", 4) == 0) 34760Sstevel@tonic-gate break; 34770Sstevel@tonic-gate has_tls = i < len; 34780Sstevel@tonic-gate } else if (get_config) { 34790Sstevel@tonic-gate rc = __ns_ldap_getParam(NS_LDAP_AUTH_P, 34800Sstevel@tonic-gate (void ***)&authMethod, &errorp); 34810Sstevel@tonic-gate if (rc == NS_LDAP_SUCCESS && authMethod != NULL) { 34820Sstevel@tonic-gate for (i = 0; authMethod[i] != NULL && !has_tls; i++) 34830Sstevel@tonic-gate has_tls = authMethod[i]->type == NS_LDAP_AUTH_TLS; 34840Sstevel@tonic-gate (void) __ns_ldap_freeParam((void ***) &authMethod); 34850Sstevel@tonic-gate } 34860Sstevel@tonic-gate if (errorp != NULL) 34870Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp); 34880Sstevel@tonic-gate errorp = NULL; 34890Sstevel@tonic-gate } 34900Sstevel@tonic-gate 34910Sstevel@tonic-gate m_val = list->serviceAuthenticationMethod; 34920Sstevel@tonic-gate if (!has_tls && m_val != NULL) { 34930Sstevel@tonic-gate for (j = 0; j < m_val->count && !has_tls; j++) { 34940Sstevel@tonic-gate begin = m_val->optlist[j]; 34950Sstevel@tonic-gate /* skip over service tag */ 34960Sstevel@tonic-gate if (begin != NULL) 34970Sstevel@tonic-gate begin = strchr(begin, ':'); 34980Sstevel@tonic-gate if (begin == NULL) 34990Sstevel@tonic-gate continue; 35000Sstevel@tonic-gate len = strlen(begin) - 3; 35010Sstevel@tonic-gate for (i = 0; i < len; i++) 35020Sstevel@tonic-gate if (strncasecmp(begin + i, "tls:", 4) == 0) 35030Sstevel@tonic-gate break; 35040Sstevel@tonic-gate has_tls = i < len; 35050Sstevel@tonic-gate } 35060Sstevel@tonic-gate } 35070Sstevel@tonic-gate if (!has_tls && get_config) { 35080Sstevel@tonic-gate rc = __ns_ldap_getParam(NS_LDAP_SERVICE_AUTH_METHOD_P, 35090Sstevel@tonic-gate (void ***)&sam, &errorp); 35100Sstevel@tonic-gate if (rc == NS_LDAP_SUCCESS && sam != NULL) { 35110Sstevel@tonic-gate for (i = 0; sam[i] != NULL && !has_tls; i++) { 35120Sstevel@tonic-gate if (m_val != NULL) { 35130Sstevel@tonic-gate /* check to see if a new service is replacing */ 35140Sstevel@tonic-gate for (j = 0; j < m_val->count; j++) { 35150Sstevel@tonic-gate begin = m_val->optlist[j]; 35160Sstevel@tonic-gate if (begin == NULL) 35170Sstevel@tonic-gate continue; 35180Sstevel@tonic-gate end = strchr(begin, ':'); 35190Sstevel@tonic-gate if (end == NULL) 35200Sstevel@tonic-gate continue; 35210Sstevel@tonic-gate len = end - begin + 1; 35220Sstevel@tonic-gate if (strncasecmp(sam[i], begin, len) == 0) 35230Sstevel@tonic-gate break; 35240Sstevel@tonic-gate } 35250Sstevel@tonic-gate if (j != m_val->count) 35260Sstevel@tonic-gate continue; 35270Sstevel@tonic-gate } 35280Sstevel@tonic-gate begin = sam[i]; 35290Sstevel@tonic-gate /* skip over service tag */ 35300Sstevel@tonic-gate if (begin != NULL) 35310Sstevel@tonic-gate begin = strchr(begin, ':'); 35320Sstevel@tonic-gate if (begin != NULL) { 35330Sstevel@tonic-gate len = strlen(begin) - 3; 35340Sstevel@tonic-gate for (i = 0; i < len; i++) 35350Sstevel@tonic-gate if (strncasecmp(begin + i, "tls:", 4) == 0) 35360Sstevel@tonic-gate break; 35370Sstevel@tonic-gate has_tls = i < len; 35380Sstevel@tonic-gate } 35390Sstevel@tonic-gate } 35400Sstevel@tonic-gate (void) __ns_ldap_freeParam((void ***) &sam); 35410Sstevel@tonic-gate } 35420Sstevel@tonic-gate if (errorp != NULL) 35430Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp); 35440Sstevel@tonic-gate errorp = NULL; 35450Sstevel@tonic-gate } 35460Sstevel@tonic-gate 35470Sstevel@tonic-gate if (has_tls) { 35480Sstevel@tonic-gate /* 35490Sstevel@tonic-gate * Don't check that address is legal - only determine 35500Sstevel@tonic-gate * if there is a port specified 35510Sstevel@tonic-gate */ 35520Sstevel@tonic-gate if (list->defaultServerList != NULL) 35530Sstevel@tonic-gate is_ok = !has_port(list->defaultServerList); 35540Sstevel@tonic-gate else if (get_config && is_ok) { 35550Sstevel@tonic-gate rc = __ns_ldap_getParam(NS_LDAP_SERVERS_P, 35560Sstevel@tonic-gate (void ***) &servers, &errorp); 35570Sstevel@tonic-gate if (rc == NS_LDAP_SUCCESS && servers != NULL) { 35580Sstevel@tonic-gate for (i = 0; servers[i] != NULL && is_ok; i++) 35590Sstevel@tonic-gate is_ok = !has_port(servers[i]); 35600Sstevel@tonic-gate (void) __ns_ldap_freeParam((void ***) &servers); 35610Sstevel@tonic-gate } 35620Sstevel@tonic-gate } 35630Sstevel@tonic-gate if (errorp != NULL) 35640Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp); 35650Sstevel@tonic-gate errorp = NULL; 35660Sstevel@tonic-gate 35670Sstevel@tonic-gate if (is_ok) 35680Sstevel@tonic-gate is_ok = !has_port(list->preferredServerList); 35690Sstevel@tonic-gate else if (get_config && is_ok) { 35700Sstevel@tonic-gate rc = __ns_ldap_getParam(NS_LDAP_SERVER_PREF_P, 35710Sstevel@tonic-gate (void ***) &servers, &errorp); 35720Sstevel@tonic-gate if (rc == NS_LDAP_SUCCESS && servers != NULL) { 35730Sstevel@tonic-gate for (i = 0; servers[i] != NULL && is_ok; i++) 35740Sstevel@tonic-gate is_ok = !has_port(servers[i]); 35750Sstevel@tonic-gate (void) __ns_ldap_freeParam((void ***) &servers); 35760Sstevel@tonic-gate } 35770Sstevel@tonic-gate if (errorp != NULL) 35780Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp); 35790Sstevel@tonic-gate } 35800Sstevel@tonic-gate } 35810Sstevel@tonic-gate 35820Sstevel@tonic-gate return (is_ok); 35830Sstevel@tonic-gate } 35840Sstevel@tonic-gate 35850Sstevel@tonic-gate 35860Sstevel@tonic-gate /* 35870Sstevel@tonic-gate * Manipulate the service as instructed by "dowhat" 35880Sstevel@tonic-gate */ 35890Sstevel@tonic-gate static int 35900Sstevel@tonic-gate do_service(const char *fmri, boolean_t waitflag, int dowhat, 35910Sstevel@tonic-gate const char *state) { 35920Sstevel@tonic-gate 35930Sstevel@tonic-gate int status; 35940Sstevel@tonic-gate boolean_t is_maint; 35950Sstevel@tonic-gate const char *what = gettext("not set"); 35960Sstevel@tonic-gate useconds_t max; 35970Sstevel@tonic-gate 35980Sstevel@tonic-gate /* Check if we are in maintenance */ 35990Sstevel@tonic-gate is_maint = is_service(fmri, SCF_STATE_STRING_MAINT); 36000Sstevel@tonic-gate 36010Sstevel@tonic-gate switch (dowhat) { 36020Sstevel@tonic-gate case START_SERVICE: 36030Sstevel@tonic-gate what = gettext("start"); 36040Sstevel@tonic-gate status = smf_enable_instance(fmri, 36050Sstevel@tonic-gate (sysid_install == B_TRUE)?SMF_TEMPORARY:0); 36060Sstevel@tonic-gate break; 36070Sstevel@tonic-gate case STOP_SERVICE: 36080Sstevel@tonic-gate what = gettext("stop"); 36090Sstevel@tonic-gate status = smf_disable_instance(fmri, 36100Sstevel@tonic-gate (sysid_install == B_TRUE)?SMF_TEMPORARY:0); 36110Sstevel@tonic-gate break; 36120Sstevel@tonic-gate case RESTART_SERVICE: 36130Sstevel@tonic-gate what = gettext("restart"); 36140Sstevel@tonic-gate status = smf_restart_instance(fmri); 36150Sstevel@tonic-gate break; 36160Sstevel@tonic-gate default: 36170Sstevel@tonic-gate /* coding error; will not happen */ 36180Sstevel@tonic-gate assert(0); 36190Sstevel@tonic-gate } 36200Sstevel@tonic-gate 36210Sstevel@tonic-gate /* 36220Sstevel@tonic-gate * If the service was previously in maintenance then we need to 36230Sstevel@tonic-gate * clear it immediately. The "dowhat" action will set the 36240Sstevel@tonic-gate * enabled property of the service as intended by the caller while 36250Sstevel@tonic-gate * clear will actually cause it to be enabled/disabled. 36260Sstevel@tonic-gate * We assume that the caller has called us after taking some 36270Sstevel@tonic-gate * recovery action. Even if it's not the case, we don't lose 36280Sstevel@tonic-gate * anything. 36290Sstevel@tonic-gate */ 36300Sstevel@tonic-gate if (status == 0 && is_maint == B_TRUE) { 36310Sstevel@tonic-gate if (mode_verbose) 36320Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 36330Sstevel@tonic-gate "%s: %s... %s\n", 36340Sstevel@tonic-gate what, 36350Sstevel@tonic-gate fmri, 36360Sstevel@tonic-gate gettext("restoring from maintenance state")); 36370Sstevel@tonic-gate status = smf_restore_instance(fmri); 36380Sstevel@tonic-gate } 36390Sstevel@tonic-gate 36400Sstevel@tonic-gate if (status == 0) { 36410Sstevel@tonic-gate /* Check if we need to wait ? */ 36420Sstevel@tonic-gate if (waitflag == B_FALSE) { 36430Sstevel@tonic-gate if (mode_verbose) 36440Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 36450Sstevel@tonic-gate "%s: %s... %s\n", 36460Sstevel@tonic-gate what, 36470Sstevel@tonic-gate fmri, 36480Sstevel@tonic-gate gettext("success")); 36490Sstevel@tonic-gate return (CLIENT_SUCCESS); 36500Sstevel@tonic-gate } 36510Sstevel@tonic-gate 36520Sstevel@tonic-gate /* Otherwise wait for max seconds (from the manifest) */ 36530Sstevel@tonic-gate max = get_timeout_value(dowhat, fmri, DEFAULT_TIMEOUT); 36540Sstevel@tonic-gate status = wait_till(fmri, state, max, what, !is_maint); 36550Sstevel@tonic-gate if (status == CLIENT_SUCCESS) 36560Sstevel@tonic-gate return (CLIENT_SUCCESS); 36570Sstevel@tonic-gate /* For error fall through for corrective action */ 36580Sstevel@tonic-gate } else { 36590Sstevel@tonic-gate /* Well, service failed ... */ 36600Sstevel@tonic-gate if (mode_verbose) 36610Sstevel@tonic-gate CLIENT_FPRINTF(stderr, "%s: %s... %s: %s\n", 36620Sstevel@tonic-gate what, 36630Sstevel@tonic-gate fmri, 36640Sstevel@tonic-gate gettext("failed"), 36650Sstevel@tonic-gate scf_strerror(scf_error())); 36660Sstevel@tonic-gate status = CLIENT_ERR_FAIL; 36670Sstevel@tonic-gate /* For error fall through for corrective action */ 36680Sstevel@tonic-gate } 36690Sstevel@tonic-gate 36700Sstevel@tonic-gate /* 36710Sstevel@tonic-gate * If service is still offline after start/restart, then transitioning 36720Sstevel@tonic-gate * failed and guess is restarter failed to apply the timeout as well. 36730Sstevel@tonic-gate * So instead of leaving it offline, let's just disable it until we have 36740Sstevel@tonic-gate * some other mechanism available from smf to handle such situation. 36750Sstevel@tonic-gate */ 36760Sstevel@tonic-gate if (dowhat != STOP_SERVICE) 36770Sstevel@tonic-gate if (is_service(fmri, SCF_STATE_STRING_OFFLINE)) { 36780Sstevel@tonic-gate if (mode_verbose) 36790Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 36800Sstevel@tonic-gate "%s: %s... %s\n", 36810Sstevel@tonic-gate what, 36820Sstevel@tonic-gate fmri, 36830Sstevel@tonic-gate gettext("offline to disable")); 36840Sstevel@tonic-gate (void) disable_service(fmri, waitflag); 36850Sstevel@tonic-gate } 36860Sstevel@tonic-gate 36870Sstevel@tonic-gate return (status); 36880Sstevel@tonic-gate } 36890Sstevel@tonic-gate 36900Sstevel@tonic-gate 36910Sstevel@tonic-gate /* 36920Sstevel@tonic-gate * Wait for "max" usecs for the service described by "fmri" to change 36930Sstevel@tonic-gate * to "state". If check_maint is true then return immediately if 36940Sstevel@tonic-gate * service goes into maintenance 36950Sstevel@tonic-gate */ 36960Sstevel@tonic-gate static int 36970Sstevel@tonic-gate wait_till(const char *fmri, const char *state, useconds_t max, 36980Sstevel@tonic-gate const char *what, boolean_t check_maint) { 36990Sstevel@tonic-gate char *st; 37000Sstevel@tonic-gate useconds_t usecs = INIT_WAIT_USECS; 37010Sstevel@tonic-gate 37020Sstevel@tonic-gate for (; max > 0; max -= usecs) { 37030Sstevel@tonic-gate /* incremental wait */ 37040Sstevel@tonic-gate usecs *= 2; 37050Sstevel@tonic-gate usecs = (usecs > max)?max:usecs; 37060Sstevel@tonic-gate if (mode_verbose) 37070Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 37080Sstevel@tonic-gate "%s: %s %u %s\n", 37090Sstevel@tonic-gate what, gettext("sleep"), usecs, 37100Sstevel@tonic-gate gettext("microseconds")); 37110Sstevel@tonic-gate (void) usleep(usecs); 37120Sstevel@tonic-gate 37130Sstevel@tonic-gate /* Check state after the wait */ 37140Sstevel@tonic-gate if ((st = smf_get_state(fmri)) != NULL) { 37150Sstevel@tonic-gate if (strcmp(st, state) == 0) { 37160Sstevel@tonic-gate if (mode_verbose) 37170Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 37180Sstevel@tonic-gate "%s: %s... %s\n", 37190Sstevel@tonic-gate what, 37200Sstevel@tonic-gate fmri, 37210Sstevel@tonic-gate gettext("success")); 37220Sstevel@tonic-gate free(st); 37230Sstevel@tonic-gate return (CLIENT_SUCCESS); 37240Sstevel@tonic-gate } 37250Sstevel@tonic-gate 37260Sstevel@tonic-gate /* 37270Sstevel@tonic-gate * If service has gone into maintenance then 37280Sstevel@tonic-gate * we will time out anyway, so we are better 37290Sstevel@tonic-gate * off returning now 37300Sstevel@tonic-gate */ 37310Sstevel@tonic-gate if (check_maint && 37320Sstevel@tonic-gate strcmp(st, SCF_STATE_STRING_MAINT) == 0) { 37330Sstevel@tonic-gate if (mode_verbose) 37340Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 37350Sstevel@tonic-gate "%s: %s... %s\n", 37360Sstevel@tonic-gate what, 37370Sstevel@tonic-gate fmri, 37380Sstevel@tonic-gate gettext("maintenance")); 37390Sstevel@tonic-gate free(st); 37400Sstevel@tonic-gate return (CLIENT_ERR_MAINTENANCE); 37410Sstevel@tonic-gate } 37420Sstevel@tonic-gate free(st); 37430Sstevel@tonic-gate } else { 37440Sstevel@tonic-gate if (mode_verbose) 37450Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 37460Sstevel@tonic-gate "%s: %s... %s: %s\n", 37470Sstevel@tonic-gate what, 37480Sstevel@tonic-gate fmri, 37490Sstevel@tonic-gate gettext("failed"), 37500Sstevel@tonic-gate scf_strerror(scf_error())); 37510Sstevel@tonic-gate return (CLIENT_ERR_FAIL); 37520Sstevel@tonic-gate } 37530Sstevel@tonic-gate } 37540Sstevel@tonic-gate 37550Sstevel@tonic-gate /* Timed out waiting */ 37560Sstevel@tonic-gate if (mode_verbose) 37570Sstevel@tonic-gate CLIENT_FPRINTF(stderr, 37580Sstevel@tonic-gate "%s: %s... %s\n", 37590Sstevel@tonic-gate what, 37600Sstevel@tonic-gate fmri, 37610Sstevel@tonic-gate gettext("timed out")); 37620Sstevel@tonic-gate return (CLIENT_ERR_TIMEDOUT); 37630Sstevel@tonic-gate } 37640Sstevel@tonic-gate 37650Sstevel@tonic-gate 37660Sstevel@tonic-gate static boolean_t 37670Sstevel@tonic-gate is_service(const char *fmri, const char *state) { 37680Sstevel@tonic-gate char *st; 37690Sstevel@tonic-gate boolean_t result = B_FALSE; 37700Sstevel@tonic-gate 37710Sstevel@tonic-gate if ((st = smf_get_state(fmri)) != NULL) { 37720Sstevel@tonic-gate if (strcmp(st, state) == 0) 37730Sstevel@tonic-gate result = B_TRUE; 37740Sstevel@tonic-gate free(st); 37750Sstevel@tonic-gate } 37760Sstevel@tonic-gate return (result); 37770Sstevel@tonic-gate } 37780Sstevel@tonic-gate 37790Sstevel@tonic-gate 37800Sstevel@tonic-gate /* 37810Sstevel@tonic-gate * 37820Sstevel@tonic-gate * get_timeout_val : returns the timeout value set in fmri manifest 37830Sstevel@tonic-gate * inputs : action(start/stop) 37840Sstevel@tonic-gate * fmri(defined fmri string) 37850Sstevel@tonic-gate * Returns default if error, the timeout val otherwise 37860Sstevel@tonic-gate * 37870Sstevel@tonic-gate */ 37880Sstevel@tonic-gate 37890Sstevel@tonic-gate static useconds_t 37900Sstevel@tonic-gate get_timeout_value(int dowhat, const char *fmri, useconds_t default_val) 37910Sstevel@tonic-gate { 37920Sstevel@tonic-gate scf_simple_prop_t *sp = NULL; 37930Sstevel@tonic-gate uint64_t *cp = NULL; 37940Sstevel@tonic-gate int timeout = default_val/1000000; 37950Sstevel@tonic-gate char *action = NULL; 37960Sstevel@tonic-gate const char *actionstr = NULL; 37970Sstevel@tonic-gate 37980Sstevel@tonic-gate switch (dowhat) { 37990Sstevel@tonic-gate case START_SERVICE: 38000Sstevel@tonic-gate case RESTART_SERVICE: 38010Sstevel@tonic-gate action = "start"; 38020Sstevel@tonic-gate actionstr = gettext("start"); 38030Sstevel@tonic-gate break; 38040Sstevel@tonic-gate case STOP_SERVICE: 38050Sstevel@tonic-gate action = "stop"; 38060Sstevel@tonic-gate actionstr = gettext("stop"); 38070Sstevel@tonic-gate break; 38080Sstevel@tonic-gate default: 38090Sstevel@tonic-gate assert(0); 38100Sstevel@tonic-gate } 38110Sstevel@tonic-gate 38120Sstevel@tonic-gate 38130Sstevel@tonic-gate sp = scf_simple_prop_get(NULL, fmri, action, SCF_PROPERTY_TIMEOUT); 38140Sstevel@tonic-gate if (sp == NULL) { 38150Sstevel@tonic-gate if (mode_verbose) 38160Sstevel@tonic-gate CLIENT_FPRINTF(stderr, "%s: %s... %s: %s\n", 38170Sstevel@tonic-gate actionstr, 38180Sstevel@tonic-gate fmri, 38190Sstevel@tonic-gate gettext("failed to retrieve timeout property"), 38200Sstevel@tonic-gate scf_strerror(scf_error())); 38210Sstevel@tonic-gate return (default_val); 38220Sstevel@tonic-gate } 38230Sstevel@tonic-gate 38240Sstevel@tonic-gate cp = scf_simple_prop_next_count(sp); 38250Sstevel@tonic-gate if (cp == NULL) { 38260Sstevel@tonic-gate if (mode_verbose) 38270Sstevel@tonic-gate CLIENT_FPRINTF(stderr, "%s: %s... %s: %s\n", 38280Sstevel@tonic-gate actionstr, 38290Sstevel@tonic-gate fmri, 38300Sstevel@tonic-gate gettext("failed to retrieve timeout value"), 38310Sstevel@tonic-gate scf_strerror(scf_error())); 38320Sstevel@tonic-gate scf_simple_prop_free(sp); 38330Sstevel@tonic-gate return (default_val); 38340Sstevel@tonic-gate } 38350Sstevel@tonic-gate 38360Sstevel@tonic-gate if (*cp != 0) 38370Sstevel@tonic-gate timeout = *cp; 38380Sstevel@tonic-gate scf_simple_prop_free(sp); 38390Sstevel@tonic-gate return (timeout * 1000000); 38400Sstevel@tonic-gate } 3841