xref: /illumos-gate/usr/src/cmd/idmap/idmapd/init.c (revision 7b209c2c) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 /*
29  * Initialization routines
30  */
31 
32 #include "idmapd.h"
33 #include <signal.h>
34 #include <thread.h>
35 #include <string.h>
36 #include <errno.h>
37 #include <assert.h>
38 #include <unistd.h>
39 #include <sys/types.h>
40 #include <sys/stat.h>
41 #include <rpcsvc/daemon_utils.h>
42 
43 
44 int
45 init_mapping_system()
46 {
47 	int rc = 0;
48 
49 	if (rwlock_init(&_idmapdstate.rwlk_cfg, USYNC_THREAD, NULL) != 0)
50 		return (-1);
51 	if ((rc = load_config()) < 0)
52 		return (rc);
53 
54 	(void) setegid(DAEMON_GID);
55 	(void) seteuid(DAEMON_UID);
56 	if (init_dbs() < 0) {
57 		rc = -1;
58 		fini_mapping_system();
59 	}
60 	(void) seteuid(0);
61 	(void) setegid(0);
62 
63 	return (rc);
64 }
65 
66 void
67 fini_mapping_system()
68 {
69 	fini_dbs();
70 }
71 
72 int
73 load_config()
74 {
75 	int rc;
76 	idmap_pg_config_t *pgcfg;
77 	if ((_idmapdstate.cfg = idmap_cfg_init()) == NULL) {
78 		degrade_svc("failed to initialize config");
79 		return (-1);
80 	}
81 	pgcfg = &_idmapdstate.cfg->pgcfg;
82 
83 	rc = idmap_cfg_load(&_idmapdstate.cfg->handles,
84 	    &_idmapdstate.cfg->pgcfg, 0);
85 	if (rc < -1) {
86 		/* Total failure */
87 		degrade_svc("fatal error while loading configuration");
88 		return (rc);
89 	}
90 
91 	if (rc != 0)
92 		/* Partial failure */
93 		idmapdlog(LOG_ERR, "Various errors occurred while loading "
94 		    "the configuration; check the logs");
95 
96 	if (pgcfg->global_catalog == NULL ||
97 	    pgcfg->global_catalog[0].host[0] == '\0') {
98 		degrade_svc(
99 		    "global catalog server is not configured; AD lookup "
100 		    "will fail until one or more global catalog server names "
101 		    "are configured or discovered; auto-discovery will begin "
102 		    "shortly");
103 	} else {
104 		restore_svc();
105 	}
106 
107 	(void) reload_ad();
108 
109 	if ((rc = idmap_cfg_start_updates()) < 0) {
110 		/* Total failure */
111 		degrade_svc("could not start config updater");
112 		return (rc);
113 	}
114 
115 	idmapdlog(LOG_DEBUG, "Initial configuration loaded");
116 
117 	return (0);
118 }
119 
120 
121 int
122 reload_ad()
123 {
124 	int	i;
125 	ad_t	*old;
126 	ad_t	*new;
127 
128 	idmap_pg_config_t *pgcfg = &_idmapdstate.cfg->pgcfg;
129 
130 	if (pgcfg->default_domain == NULL ||
131 	    pgcfg->global_catalog == NULL) {
132 		if (_idmapdstate.ad == NULL)
133 			idmapdlog(LOG_ERR, "AD lookup disabled");
134 		else
135 			idmapdlog(LOG_ERR, "cannot update AD context");
136 		return (-1);
137 	}
138 
139 	old = _idmapdstate.ad;
140 
141 	if (idmap_ad_alloc(&new, pgcfg->default_domain,
142 	    IDMAP_AD_GLOBAL_CATALOG) != 0) {
143 		degrade_svc("could not initialize AD context");
144 		return (-1);
145 	}
146 
147 	for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++) {
148 		if (idmap_add_ds(new,
149 		    pgcfg->global_catalog[i].host,
150 		    pgcfg->global_catalog[i].port) != 0) {
151 			idmap_ad_free(&new);
152 			degrade_svc("could not initialize AD GC context");
153 			return (-1);
154 		}
155 	}
156 
157 	_idmapdstate.ad = new;
158 
159 	if (old != NULL)
160 		idmap_ad_free(&old);
161 
162 	return (0);
163 }
164 
165 
166 void
167 print_idmapdstate()
168 {
169 	int i;
170 	idmap_pg_config_t *pgcfg;
171 
172 	RDLOCK_CONFIG();
173 
174 	if (_idmapdstate.cfg == NULL) {
175 		idmapdlog(LOG_INFO, "Null configuration");
176 		UNLOCK_CONFIG();
177 		return;
178 	}
179 
180 	pgcfg = &_idmapdstate.cfg->pgcfg;
181 
182 	idmapdlog(LOG_DEBUG, "list_size_limit=%llu", pgcfg->list_size_limit);
183 	idmapdlog(LOG_DEBUG, "default_domain=%s",
184 	    CHECK_NULL(pgcfg->default_domain));
185 	idmapdlog(LOG_DEBUG, "domain_name=%s", CHECK_NULL(pgcfg->domain_name));
186 	idmapdlog(LOG_DEBUG, "machine_sid=%s", CHECK_NULL(pgcfg->machine_sid));
187 	if (pgcfg->domain_controller == NULL ||
188 	    pgcfg->domain_controller[0].host[0] == '\0') {
189 		idmapdlog(LOG_DEBUG, "No domain controllers known");
190 	} else {
191 		for (i = 0; pgcfg->domain_controller[i].host[0] != '\0'; i++)
192 			idmapdlog(LOG_DEBUG, "domain_controller=%s port=%d",
193 			    pgcfg->domain_controller[i].host,
194 			    pgcfg->domain_controller[i].port);
195 	}
196 	idmapdlog(LOG_DEBUG, "forest_name=%s", CHECK_NULL(pgcfg->forest_name));
197 	idmapdlog(LOG_DEBUG, "site_name=%s", CHECK_NULL(pgcfg->site_name));
198 	if (pgcfg->global_catalog == NULL ||
199 	    pgcfg->global_catalog[0].host[0] == '\0') {
200 		idmapdlog(LOG_DEBUG, "No global catalog servers known");
201 	} else {
202 		for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++)
203 			idmapdlog(LOG_DEBUG, "global_catalog=%s port=%d",
204 			    pgcfg->global_catalog[i].host,
205 			    pgcfg->global_catalog[i].port);
206 	}
207 	idmapdlog(LOG_DEBUG, "ds_name_mapping_enabled=%s",
208 	    (pgcfg->ds_name_mapping_enabled == TRUE) ? "true" : "false");
209 	idmapdlog(LOG_DEBUG, "ad_unixuser_attr=%s",
210 	    CHECK_NULL(pgcfg->ad_unixuser_attr));
211 	idmapdlog(LOG_DEBUG, "ad_unixgroup_attr=%s",
212 	    CHECK_NULL(pgcfg->ad_unixgroup_attr));
213 	idmapdlog(LOG_DEBUG, "nldap_winname_attr=%s",
214 	    CHECK_NULL(pgcfg->nldap_winname_attr));
215 
216 	UNLOCK_CONFIG();
217 }
218 
219 int
220 create_directory(const char *path, uid_t uid, gid_t gid)
221 {
222 	int	rc;
223 
224 	if ((rc = mkdir(path, 0700)) < 0 && errno != EEXIST) {
225 		idmapdlog(LOG_ERR, "Error creating directory %s (%s)",
226 		    path, strerror(errno));
227 		return (-1);
228 	}
229 
230 	if (lchown(path, uid, gid) < 0) {
231 		idmapdlog(LOG_ERR, "Error creating directory %s (%s)",
232 		    path, strerror(errno));
233 		if (rc == 0)
234 			(void) rmdir(path);
235 		return (-1);
236 	}
237 	return (0);
238 }
239