1c5c4113dSnw /* 2c5c4113dSnw * CDDL HEADER START 3c5c4113dSnw * 4c5c4113dSnw * The contents of this file are subject to the terms of the 5c5c4113dSnw * Common Development and Distribution License (the "License"). 6c5c4113dSnw * You may not use this file except in compliance with the License. 7c5c4113dSnw * 8c5c4113dSnw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9c5c4113dSnw * or http://www.opensolaris.org/os/licensing. 10c5c4113dSnw * See the License for the specific language governing permissions 11c5c4113dSnw * and limitations under the License. 12c5c4113dSnw * 13c5c4113dSnw * When distributing Covered Code, include this CDDL HEADER in each 14c5c4113dSnw * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15c5c4113dSnw * If applicable, add the following below this CDDL HEADER, with the 16c5c4113dSnw * fields enclosed by brackets "[]" replaced with your own identifying 17c5c4113dSnw * information: Portions Copyright [yyyy] [name of copyright owner] 18c5c4113dSnw * 19c5c4113dSnw * CDDL HEADER END 20c5c4113dSnw */ 21c5c4113dSnw /* 22c5c4113dSnw * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23c5c4113dSnw * Use is subject to license terms. 24c5c4113dSnw */ 25c5c4113dSnw 26c5c4113dSnw #pragma ident "%Z%%M% %I% %E% SMI" 27c5c4113dSnw 28c5c4113dSnw /* 29c5c4113dSnw * Initialization routines 30c5c4113dSnw */ 31c5c4113dSnw 32c5c4113dSnw #include "idmapd.h" 33c5c4113dSnw #include <signal.h> 34c5c4113dSnw #include <thread.h> 35c5c4113dSnw #include <string.h> 36c5c4113dSnw #include <errno.h> 37c5c4113dSnw #include <assert.h> 38c5c4113dSnw #include <unistd.h> 39c5c4113dSnw #include <sys/types.h> 40c5c4113dSnw #include <sys/stat.h> 41*8edda628Sbaban #include <rpcsvc/daemon_utils.h> 42c5c4113dSnw 43c5c4113dSnw static const char *me = "idmapd"; 44c5c4113dSnw 45c5c4113dSnw int 46c5c4113dSnw init_mapping_system() { 47*8edda628Sbaban int rc = 0; 48*8edda628Sbaban 49c5c4113dSnw if (rwlock_init(&_idmapdstate.rwlk_cfg, USYNC_THREAD, NULL) != 0) 50c5c4113dSnw return (-1); 51c5c4113dSnw if (load_config() < 0) 52c5c4113dSnw return (-1); 53*8edda628Sbaban 54*8edda628Sbaban (void) setegid(DAEMON_GID); 55*8edda628Sbaban (void) seteuid(DAEMON_UID); 56c5c4113dSnw if (init_dbs() < 0) { 57*8edda628Sbaban rc = -1; 58c5c4113dSnw fini_mapping_system(); 59c5c4113dSnw } 60*8edda628Sbaban (void) seteuid(0); 61*8edda628Sbaban (void) setegid(0); 62*8edda628Sbaban 63*8edda628Sbaban return (rc); 64c5c4113dSnw } 65c5c4113dSnw 66c5c4113dSnw void 67c5c4113dSnw fini_mapping_system() { 68c5c4113dSnw fini_dbs(); 69c5c4113dSnw } 70c5c4113dSnw 71c5c4113dSnw int 72c5c4113dSnw load_config() { 73c5c4113dSnw if ((_idmapdstate.cfg = idmap_cfg_init()) == NULL) { 74651c0131Sbaban idmapdlog(LOG_ERR, "%s: failed to initialize config", me); 75c5c4113dSnw return (-1); 76c5c4113dSnw } 77c5c4113dSnw if (_idmapdstate.ad != NULL) 78c5c4113dSnw idmap_ad_free(&_idmapdstate.ad); 79c5c4113dSnw if (idmap_cfg_load(_idmapdstate.cfg) < 0) { 80651c0131Sbaban idmapdlog(LOG_ERR, "%s: failed to load config", me); 81c5c4113dSnw return (-1); 82c5c4113dSnw } 83c5c4113dSnw if (_idmapdstate.cfg->pgcfg.mapping_domain == NULL || 84c5c4113dSnw _idmapdstate.cfg->pgcfg.mapping_domain[0] == '\0') { 85c5c4113dSnw idmapdlog(LOG_ERR, "%s: Joined AD domain not configured; name " 86c5c4113dSnw "based and ephemeral mapping will not function", me); 87c5c4113dSnw } else if (idmap_ad_alloc(&_idmapdstate.ad, 88c5c4113dSnw _idmapdstate.cfg->pgcfg.mapping_domain, 89c5c4113dSnw IDMAP_AD_GLOBAL_CATALOG) != 0) { 90c5c4113dSnw idmapdlog(LOG_ERR, "%s: could not initialize AD context", 91c5c4113dSnw me); 92c5c4113dSnw return (-1); 93c5c4113dSnw } 94c5c4113dSnw if (_idmapdstate.cfg->pgcfg.global_catalog == NULL || 95c5c4113dSnw _idmapdstate.cfg->pgcfg.global_catalog[0] == '\0') { 96c5c4113dSnw idmapdlog(LOG_ERR, "%s: Global catalog DSnot configured; name " 97c5c4113dSnw "based and ephemeral mapping will not function", me); 98c5c4113dSnw } else if (idmap_add_ds(_idmapdstate.ad, 99c5c4113dSnw _idmapdstate.cfg->pgcfg.global_catalog, 0) != 0) { 100c5c4113dSnw idmapdlog(LOG_ERR, "%s: could not initialize AD DS context", 101c5c4113dSnw me); 102c5c4113dSnw return (-1); 103c5c4113dSnw } 104c5c4113dSnw return (0); 105c5c4113dSnw } 106c5c4113dSnw 107c5c4113dSnw void 108c5c4113dSnw print_idmapdstate() { 109c5c4113dSnw RDLOCK_CONFIG(); 110c5c4113dSnw 111c5c4113dSnw if (_idmapdstate.daemon_mode == FALSE) { 112c5c4113dSnw (void) fprintf(stderr, "%s: daemon_mode=%s\n", 113c5c4113dSnw me, _idmapdstate.daemon_mode == TRUE?"true":"false"); 114c5c4113dSnw (void) fprintf(stderr, "%s: hostname=%s\n", 115c5c4113dSnw me, _idmapdstate.hostname); 116c5c4113dSnw (void) fprintf(stderr, "%s; name service domain=%s\n", me, 117c5c4113dSnw _idmapdstate.domainname); 118c5c4113dSnw 119c5c4113dSnw (void) fprintf(stderr, "%s: config=%s\n", me, 120c5c4113dSnw _idmapdstate.cfg?"not null":"null"); 121c5c4113dSnw } 122c5c4113dSnw if (_idmapdstate.cfg == NULL || _idmapdstate.daemon_mode == TRUE) 123c5c4113dSnw goto out; 124c5c4113dSnw (void) fprintf(stderr, "%s: list_size_limit=%llu\n", me, 125c5c4113dSnw _idmapdstate.cfg->pgcfg.list_size_limit); 126c5c4113dSnw (void) fprintf(stderr, "%s: mapping_domain=%s\n", me, 127c5c4113dSnw CHECK_NULL(_idmapdstate.cfg->pgcfg.mapping_domain)); 128c5c4113dSnw (void) fprintf(stderr, "%s: machine_sid=%s\n", me, 129c5c4113dSnw CHECK_NULL(_idmapdstate.cfg->pgcfg.machine_sid)); 130c5c4113dSnw (void) fprintf(stderr, "%s: global_catalog=%s\n", me, 131c5c4113dSnw CHECK_NULL(_idmapdstate.cfg->pgcfg.global_catalog)); 132c5c4113dSnw (void) fprintf(stderr, "%s: domain_controller=%s\n", me, 133c5c4113dSnw CHECK_NULL(_idmapdstate.cfg->pgcfg.domain_controller)); 134c5c4113dSnw out: 135c5c4113dSnw UNLOCK_CONFIG(); 136c5c4113dSnw } 137c5c4113dSnw 138c5c4113dSnw int 139c5c4113dSnw create_directory(const char *path, uid_t uid, gid_t gid) { 140c5c4113dSnw int rc; 141c5c4113dSnw 142c5c4113dSnw if ((rc = mkdir(path, 0700)) < 0 && errno != EEXIST) { 143c5c4113dSnw idmapdlog(LOG_ERR, 144c5c4113dSnw "%s: Error creating directory %s (%s)", 145c5c4113dSnw me, path, strerror(errno)); 146c5c4113dSnw return (-1); 147c5c4113dSnw } 148c5c4113dSnw 149c5c4113dSnw if (lchown(path, uid, gid) < 0) { 150c5c4113dSnw idmapdlog(LOG_ERR, 151c5c4113dSnw "%s: Error creating directory %s (%s)", 152c5c4113dSnw me, path, strerror(errno)); 153c5c4113dSnw if (rc == 0) 154c5c4113dSnw (void) rmdir(path); 155c5c4113dSnw return (-1); 156c5c4113dSnw } 157c5c4113dSnw return (0); 158c5c4113dSnw } 159