1c5c4113dSnw /* 2c5c4113dSnw * CDDL HEADER START 3c5c4113dSnw * 4c5c4113dSnw * The contents of this file are subject to the terms of the 5c5c4113dSnw * Common Development and Distribution License (the "License"). 6c5c4113dSnw * You may not use this file except in compliance with the License. 7c5c4113dSnw * 8c5c4113dSnw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9c5c4113dSnw * or http://www.opensolaris.org/os/licensing. 10c5c4113dSnw * See the License for the specific language governing permissions 11c5c4113dSnw * and limitations under the License. 12c5c4113dSnw * 13c5c4113dSnw * When distributing Covered Code, include this CDDL HEADER in each 14c5c4113dSnw * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15c5c4113dSnw * If applicable, add the following below this CDDL HEADER, with the 16c5c4113dSnw * fields enclosed by brackets "[]" replaced with your own identifying 17c5c4113dSnw * information: Portions Copyright [yyyy] [name of copyright owner] 18c5c4113dSnw * 19c5c4113dSnw * CDDL HEADER END 20c5c4113dSnw */ 21c5c4113dSnw /* 22*4edd44c5Sjp * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23c5c4113dSnw * Use is subject to license terms. 24c5c4113dSnw */ 25c5c4113dSnw 26c5c4113dSnw #pragma ident "%Z%%M% %I% %E% SMI" 27c5c4113dSnw 28c5c4113dSnw /* 29c5c4113dSnw * Initialization routines 30c5c4113dSnw */ 31c5c4113dSnw 32c5c4113dSnw #include "idmapd.h" 33c5c4113dSnw #include <signal.h> 34c5c4113dSnw #include <thread.h> 35c5c4113dSnw #include <string.h> 36c5c4113dSnw #include <errno.h> 37c5c4113dSnw #include <assert.h> 38c5c4113dSnw #include <unistd.h> 39c5c4113dSnw #include <sys/types.h> 40c5c4113dSnw #include <sys/stat.h> 418edda628Sbaban #include <rpcsvc/daemon_utils.h> 42c5c4113dSnw 43c5c4113dSnw static const char *me = "idmapd"; 44c5c4113dSnw 45c5c4113dSnw int 46*4edd44c5Sjp init_mapping_system() 47*4edd44c5Sjp { 488edda628Sbaban int rc = 0; 498edda628Sbaban 50c5c4113dSnw if (rwlock_init(&_idmapdstate.rwlk_cfg, USYNC_THREAD, NULL) != 0) 51c5c4113dSnw return (-1); 52e8c27ec8Sbaban if ((rc = load_config()) < 0) 53e8c27ec8Sbaban return (rc); 548edda628Sbaban 558edda628Sbaban (void) setegid(DAEMON_GID); 568edda628Sbaban (void) seteuid(DAEMON_UID); 57c5c4113dSnw if (init_dbs() < 0) { 588edda628Sbaban rc = -1; 59c5c4113dSnw fini_mapping_system(); 60c5c4113dSnw } 618edda628Sbaban (void) seteuid(0); 628edda628Sbaban (void) setegid(0); 638edda628Sbaban 648edda628Sbaban return (rc); 65c5c4113dSnw } 66c5c4113dSnw 67c5c4113dSnw void 68*4edd44c5Sjp fini_mapping_system() 69*4edd44c5Sjp { 70c5c4113dSnw fini_dbs(); 71c5c4113dSnw } 72c5c4113dSnw 73c5c4113dSnw int 74*4edd44c5Sjp load_config() 75*4edd44c5Sjp { 76e3c2d6aaSnw int rc; 77c8e26105Sjp idmap_pg_config_t *pgcfg; 78c5c4113dSnw if ((_idmapdstate.cfg = idmap_cfg_init()) == NULL) { 79651c0131Sbaban idmapdlog(LOG_ERR, "%s: failed to initialize config", me); 80c8e26105Sjp degrade_svc(); 81c5c4113dSnw return (-1); 82c5c4113dSnw } 83c8e26105Sjp pgcfg = &_idmapdstate.cfg->pgcfg; 84c8e26105Sjp 85e3c2d6aaSnw rc = idmap_cfg_load(&_idmapdstate.cfg->handles, 86e3c2d6aaSnw &_idmapdstate.cfg->pgcfg, 0); 87e3c2d6aaSnw if (rc < -1) { 88e3c2d6aaSnw /* Total failure */ 89c8e26105Sjp degrade_svc(); 90e3c2d6aaSnw idmapdlog(LOG_ERR, "%s: Fatal error while loading " 91e3c2d6aaSnw "configuration", me); 92e8c27ec8Sbaban return (rc); 93c5c4113dSnw } 94c8e26105Sjp 95e3c2d6aaSnw if (rc != 0) 96e3c2d6aaSnw /* Partial failure */ 97e3c2d6aaSnw idmapdlog(LOG_ERR, "%s: Various errors occurred while loading " 98*4edd44c5Sjp "the configuration; check the logs", me); 99e3c2d6aaSnw 100c8e26105Sjp if (pgcfg->global_catalog == NULL || 101c8e26105Sjp pgcfg->global_catalog[0].host[0] == '\0') { 102c8e26105Sjp degrade_svc(); 103e3c2d6aaSnw idmapdlog(LOG_INFO, 104e3c2d6aaSnw "%s: Global catalog server is not configured; AD lookup " 105e3c2d6aaSnw "will fail until one or more global catalog server names " 106e3c2d6aaSnw "are configured or discovered; auto-discovery will begin " 107e3c2d6aaSnw "shortly", me); 108e3c2d6aaSnw } else { 109e3c2d6aaSnw restore_svc(); 110c8e26105Sjp } 111c8e26105Sjp 112c8e26105Sjp (void) reload_ad(); 113c8e26105Sjp 114c8e26105Sjp if (idmap_cfg_start_updates(_idmapdstate.cfg) < 0) 115c8e26105Sjp idmapdlog(LOG_ERR, "%s: could not start config updater", 116*4edd44c5Sjp me); 117e3c2d6aaSnw 118e3c2d6aaSnw idmapdlog(LOG_DEBUG, "%s: initial configuration loaded", me); 119e3c2d6aaSnw 120c8e26105Sjp return (0); 121c8e26105Sjp } 122c8e26105Sjp 123c8e26105Sjp 124c8e26105Sjp int 125*4edd44c5Sjp reload_ad() 126*4edd44c5Sjp { 127c8e26105Sjp int i; 128c8e26105Sjp ad_t *old; 129c8e26105Sjp ad_t *new; 130c8e26105Sjp 131c8e26105Sjp idmap_pg_config_t *pgcfg = &_idmapdstate.cfg->pgcfg; 132c8e26105Sjp 133c8e26105Sjp if (pgcfg->default_domain == NULL || 134c8e26105Sjp pgcfg->global_catalog == NULL) { 135c8e26105Sjp if (_idmapdstate.ad == NULL) 136c8e26105Sjp idmapdlog(LOG_ERR, "%s: AD lookup disabled", me); 137c8e26105Sjp else 138c8e26105Sjp idmapdlog(LOG_ERR, "%s: cannot update AD context", me); 139c5c4113dSnw return (-1); 140c5c4113dSnw } 141c8e26105Sjp 142c8e26105Sjp old = _idmapdstate.ad; 143c8e26105Sjp 144c8e26105Sjp if (idmap_ad_alloc(&new, pgcfg->default_domain, 145c8e26105Sjp IDMAP_AD_GLOBAL_CATALOG) != 0) { 146c8e26105Sjp if (old == NULL) 147c8e26105Sjp degrade_svc(); 148c8e26105Sjp idmapdlog(LOG_ERR, "%s: could not initialize AD context", me); 149c8e26105Sjp return (-1); 150c8e26105Sjp } 151c8e26105Sjp 152c8e26105Sjp for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++) { 153c8e26105Sjp if (idmap_add_ds(new, 154c8e26105Sjp pgcfg->global_catalog[i].host, 155c8e26105Sjp pgcfg->global_catalog[i].port) != 0) { 156c8e26105Sjp idmap_ad_free(&new); 157c8e26105Sjp if (old == NULL) 158c8e26105Sjp degrade_svc(); 159c8e26105Sjp idmapdlog(LOG_ERR, 160c8e26105Sjp "%s: could not initialize AD DS context", me); 161c8e26105Sjp return (-1); 162c8e26105Sjp } 163c8e26105Sjp } 164c8e26105Sjp 165c8e26105Sjp _idmapdstate.ad = new; 166c8e26105Sjp 167c8e26105Sjp if (old != NULL) 168c8e26105Sjp idmap_ad_free(&old); 169c8e26105Sjp 170c5c4113dSnw return (0); 171c5c4113dSnw } 172c5c4113dSnw 173c8e26105Sjp 174c5c4113dSnw void 175*4edd44c5Sjp print_idmapdstate() 176*4edd44c5Sjp { 177c8e26105Sjp int i; 178e8c27ec8Sbaban idmap_pg_config_t *pgcfg; 179c8e26105Sjp 180c5c4113dSnw RDLOCK_CONFIG(); 181c5c4113dSnw 182c8e26105Sjp if (_idmapdstate.cfg == NULL) { 183c8e26105Sjp idmapdlog(LOG_INFO, "%s: Null configuration", me); 184c8e26105Sjp UNLOCK_CONFIG(); 185c8e26105Sjp return; 186c8e26105Sjp } 187c5c4113dSnw 188e8c27ec8Sbaban pgcfg = &_idmapdstate.cfg->pgcfg; 189e8c27ec8Sbaban 190c8e26105Sjp idmapdlog(LOG_DEBUG, "%s: list_size_limit=%llu", me, 191c8e26105Sjp pgcfg->list_size_limit); 192c8e26105Sjp idmapdlog(LOG_DEBUG, "%s: default_domain=%s", me, 193c8e26105Sjp CHECK_NULL(pgcfg->default_domain)); 194c8e26105Sjp idmapdlog(LOG_DEBUG, "%s: domain_name=%s", me, 195c8e26105Sjp CHECK_NULL(pgcfg->domain_name)); 196c8e26105Sjp idmapdlog(LOG_DEBUG, "%s: machine_sid=%s", me, 197c8e26105Sjp CHECK_NULL(pgcfg->machine_sid)); 198c8e26105Sjp if (pgcfg->domain_controller == NULL || 199c8e26105Sjp pgcfg->domain_controller[0].host[0] == '\0') { 200c8e26105Sjp idmapdlog(LOG_DEBUG, "%s: No domain controllers known", me); 201c8e26105Sjp } else { 202c8e26105Sjp for (i = 0; pgcfg->domain_controller[i].host[0] != '\0'; i++) 203c8e26105Sjp idmapdlog(LOG_DEBUG, "%s: domain_controller=%s port=%d", 204c8e26105Sjp me, pgcfg->domain_controller[i].host, 205c8e26105Sjp pgcfg->domain_controller[i].port); 206c8e26105Sjp } 207c8e26105Sjp idmapdlog(LOG_DEBUG, "%s: forest_name=%s", me, 208c8e26105Sjp CHECK_NULL(pgcfg->forest_name)); 209c8e26105Sjp idmapdlog(LOG_DEBUG, "%s: site_name=%s", me, 210c8e26105Sjp CHECK_NULL(pgcfg->site_name)); 211c8e26105Sjp if (pgcfg->global_catalog == NULL || 212c8e26105Sjp pgcfg->global_catalog[0].host[0] == '\0') { 213c8e26105Sjp idmapdlog(LOG_DEBUG, "%s: No global catalog servers known", me); 214c8e26105Sjp } else { 215c8e26105Sjp for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++) 216c8e26105Sjp idmapdlog(LOG_DEBUG, "%s: global_catalog=%s port=%d", 217c8e26105Sjp me, 218c8e26105Sjp pgcfg->global_catalog[i].host, 219c8e26105Sjp pgcfg->global_catalog[i].port); 220c5c4113dSnw } 221e8c27ec8Sbaban idmapdlog(LOG_DEBUG, "%s: ds_name_mapping_enabled=%s", me, 222e8c27ec8Sbaban (pgcfg->ds_name_mapping_enabled == TRUE) ? "true" : "false"); 223e8c27ec8Sbaban idmapdlog(LOG_DEBUG, "%s: ad_unixuser_attr=%s", me, 224e8c27ec8Sbaban CHECK_NULL(pgcfg->ad_unixuser_attr)); 225e8c27ec8Sbaban idmapdlog(LOG_DEBUG, "%s: ad_unixgroup_attr=%s", me, 226e8c27ec8Sbaban CHECK_NULL(pgcfg->ad_unixgroup_attr)); 227e8c27ec8Sbaban idmapdlog(LOG_DEBUG, "%s: nldap_winname_attr=%s", me, 228e8c27ec8Sbaban CHECK_NULL(pgcfg->nldap_winname_attr)); 229c8e26105Sjp 230c5c4113dSnw UNLOCK_CONFIG(); 231c5c4113dSnw } 232c5c4113dSnw 233c5c4113dSnw int 234*4edd44c5Sjp create_directory(const char *path, uid_t uid, gid_t gid) 235*4edd44c5Sjp { 236c5c4113dSnw int rc; 237c5c4113dSnw 238c5c4113dSnw if ((rc = mkdir(path, 0700)) < 0 && errno != EEXIST) { 239c5c4113dSnw idmapdlog(LOG_ERR, 240*4edd44c5Sjp "%s: Error creating directory %s (%s)", 241*4edd44c5Sjp me, path, strerror(errno)); 242c5c4113dSnw return (-1); 243c5c4113dSnw } 244c5c4113dSnw 245c5c4113dSnw if (lchown(path, uid, gid) < 0) { 246c5c4113dSnw idmapdlog(LOG_ERR, 247*4edd44c5Sjp "%s: Error creating directory %s (%s)", 248*4edd44c5Sjp me, path, strerror(errno)); 249c5c4113dSnw if (rc == 0) 250c5c4113dSnw (void) rmdir(path); 251c5c4113dSnw return (-1); 252c5c4113dSnw } 253c5c4113dSnw return (0); 254c5c4113dSnw } 255