17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
5cb5caa98Sdjl * Common Development and Distribution License (the "License").
6cb5caa98Sdjl * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate *
87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate * and limitations under the License.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * CDDL HEADER END
207c478bd9Sstevel@tonic-gate */
217c478bd9Sstevel@tonic-gate /*
22dd1104fbSMichen Chang * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
237c478bd9Sstevel@tonic-gate * Use is subject to license terms.
2433f5ff17SMilan Jurik * Copyright 2012 Milan Jurik. All rights reserved.
2548bbca81SDaniel Hoffman * Copyright (c) 2016 by Delphix. All rights reserved.
267c478bd9Sstevel@tonic-gate */
277c478bd9Sstevel@tonic-gate
287c478bd9Sstevel@tonic-gate /*
297c478bd9Sstevel@tonic-gate * ldapclient command. To make (initiailize) or uninitialize a machines as
307c478bd9Sstevel@tonic-gate * and LDAP client. This command MUST be run as root (or it will simply exit).
317c478bd9Sstevel@tonic-gate *
327c478bd9Sstevel@tonic-gate * -I Install. No file_backup/recover for installing only (no doc).
337c478bd9Sstevel@tonic-gate *
347c478bd9Sstevel@tonic-gate * init Initialze (create) an LDAP client from a profile stored
357c478bd9Sstevel@tonic-gate * in a directory-server.
367c478bd9Sstevel@tonic-gate * manual Initialze (create) an LDAP client by hand (-file option
377c478bd9Sstevel@tonic-gate * reads from file).
387c478bd9Sstevel@tonic-gate * mod Modify the LDAP client configuration on this machine by hand.
397c478bd9Sstevel@tonic-gate * list List the contents of the LDAP client cache files.
407c478bd9Sstevel@tonic-gate * uninit Uninitialize this machine.
417c478bd9Sstevel@tonic-gate *
427c478bd9Sstevel@tonic-gate * -v Verbose flag.
437c478bd9Sstevel@tonic-gate * -q Quiet flag (mutually exclusive with -v).
447c478bd9Sstevel@tonic-gate *
457c478bd9Sstevel@tonic-gate * -a attrName=attrVal
467c478bd9Sstevel@tonic-gate * <attrName> can be one of the following:
477c478bd9Sstevel@tonic-gate *
487c478bd9Sstevel@tonic-gate * attributeMap
497c478bd9Sstevel@tonic-gate * Attribute map. Can be multiple instances of this option.
507c478bd9Sstevel@tonic-gate * (no former option)
517c478bd9Sstevel@tonic-gate * authenticationMethod
527c478bd9Sstevel@tonic-gate * Authentication method (formerly -a)
537c478bd9Sstevel@tonic-gate * bindTimeLimit
547c478bd9Sstevel@tonic-gate * Bind time limit. (no former option)
557c478bd9Sstevel@tonic-gate * certificatePath
567c478bd9Sstevel@tonic-gate * Path to certificates used for secure bind (no former option)
577c478bd9Sstevel@tonic-gate * credentialLevel
587c478bd9Sstevel@tonic-gate * Client credential level (no former option)
597c478bd9Sstevel@tonic-gate * defaultServerList
607c478bd9Sstevel@tonic-gate * Default server (no former option) Refer to DUA Config
617c478bd9Sstevel@tonic-gate * Schema draft.
627c478bd9Sstevel@tonic-gate * defaultSearchBase
637c478bd9Sstevel@tonic-gate * Search Base DN. e.g. dc=eng,dc=sun,dc=com (formerly -b)
647c478bd9Sstevel@tonic-gate * defaultSearchScope
657c478bd9Sstevel@tonic-gate * Search scope. (formerly -s)
667c478bd9Sstevel@tonic-gate * domainName
677c478bd9Sstevel@tonic-gate * Hosts lookup domain (DNS) Ex. eng.sun.com (formerly -d)
687c478bd9Sstevel@tonic-gate * followReferrals
697c478bd9Sstevel@tonic-gate * Search dereference. followref or noref (default followref)
707c478bd9Sstevel@tonic-gate * (formerly -r)
717c478bd9Sstevel@tonic-gate * objectclassMap
727c478bd9Sstevel@tonic-gate * Objectclass map. Can be multiple instances of this option.
737c478bd9Sstevel@tonic-gate * (no former option)
747c478bd9Sstevel@tonic-gate * preferredServerList
757c478bd9Sstevel@tonic-gate * Server preference list. Comma ',' seperated list of IPaddr.
767c478bd9Sstevel@tonic-gate * (formerly -p)
777c478bd9Sstevel@tonic-gate * profileName
787c478bd9Sstevel@tonic-gate * Profile name to use for init (ldapclient) or
797c478bd9Sstevel@tonic-gate * generate (gen_profile). (formerly -P)
807c478bd9Sstevel@tonic-gate * profileTTL
817c478bd9Sstevel@tonic-gate * Client info TTL. If set to 0 this information will not be
82*bbf21555SRichard Lowe * automatically updated by the ldap_cachemgr(8).
837c478bd9Sstevel@tonic-gate * (formerly -e)
847c478bd9Sstevel@tonic-gate * proxyDN
857c478bd9Sstevel@tonic-gate * Binding DN. Ex. cn=client,ou=people,cd=eng,dc=sun,dc=com
867c478bd9Sstevel@tonic-gate * (formerly -D)
877c478bd9Sstevel@tonic-gate * proxyPassword
887c478bd9Sstevel@tonic-gate * Client password not needed for authentication "none".
897c478bd9Sstevel@tonic-gate * (formerly -w)
90dd1104fbSMichen Chang * adminDN
91dd1104fbSMichen Chang * Administrator DN for updating naming data.
92dd1104fbSMichen Chang * adminPassword
93dd1104fbSMichen Chang * Administrator password
94dd1104fbSMichen Chang * enableShadowUpdate
95dd1104fbSMichen Chang * Allow Administrator to change shadow data in LDAP
967c478bd9Sstevel@tonic-gate * searchTimeLimit
977c478bd9Sstevel@tonic-gate * Timeout value. (formerly -o)
987c478bd9Sstevel@tonic-gate * serviceSearchDescriptor
997c478bd9Sstevel@tonic-gate * Service search scope. (no former option)
1007c478bd9Sstevel@tonic-gate * serviceAuthenticationMethod
1017c478bd9Sstevel@tonic-gate * Service authenticaion method (no former option)
1027c478bd9Sstevel@tonic-gate * serviceCredentialLevel
1037c478bd9Sstevel@tonic-gate * Service credential level (no former option)
1047c478bd9Sstevel@tonic-gate *
1057c478bd9Sstevel@tonic-gate */
1067c478bd9Sstevel@tonic-gate
1077c478bd9Sstevel@tonic-gate #include <stdlib.h>
1087c478bd9Sstevel@tonic-gate #include <stdio.h>
1097c478bd9Sstevel@tonic-gate #include <unistd.h>
1107c478bd9Sstevel@tonic-gate #include <errno.h>
1117c478bd9Sstevel@tonic-gate #include <sys/types.h>
1127c478bd9Sstevel@tonic-gate #include <time.h>
1137c478bd9Sstevel@tonic-gate #include <sys/param.h>
1147c478bd9Sstevel@tonic-gate #include <sys/stat.h>
1157c478bd9Sstevel@tonic-gate #include <sys/systeminfo.h>
1167c478bd9Sstevel@tonic-gate #include <fcntl.h>
1177c478bd9Sstevel@tonic-gate #include <xti.h>
1187c478bd9Sstevel@tonic-gate #include <strings.h>
1197c478bd9Sstevel@tonic-gate #include <limits.h>
1207c478bd9Sstevel@tonic-gate #include <locale.h>
1217c478bd9Sstevel@tonic-gate #include <syslog.h>
1227c478bd9Sstevel@tonic-gate #include <libscf.h>
1237c478bd9Sstevel@tonic-gate #include <assert.h>
124e1dd0a2fSth
125e1dd0a2fSth #include "standalone.h"
1267c478bd9Sstevel@tonic-gate
1277c478bd9Sstevel@tonic-gate #if !defined(TEXT_DOMAIN)
1287c478bd9Sstevel@tonic-gate #define TEXT_DOMAIN "SUNW_OST_OSCMD"
1297c478bd9Sstevel@tonic-gate #endif
1307c478bd9Sstevel@tonic-gate
1317c478bd9Sstevel@tonic-gate /* error codes */
1327c478bd9Sstevel@tonic-gate /* The manpage doc only allows for SUCCESS(0), FAIL(1) and CRED(2) on exit */
1337c478bd9Sstevel@tonic-gate #define CLIENT_SUCCESS 0
1347c478bd9Sstevel@tonic-gate #define CLIENT_ERR_PARSE -1
1357c478bd9Sstevel@tonic-gate #define CLIENT_ERR_FAIL 1
1367c478bd9Sstevel@tonic-gate #define CLIENT_ERR_CREDENTIAL 2
1377c478bd9Sstevel@tonic-gate #define CLIENT_ERR_MEMORY 3
1387c478bd9Sstevel@tonic-gate #define CLIENT_ERR_RESTORE 4
1397c478bd9Sstevel@tonic-gate #define CLIENT_ERR_RENAME 5
1407c478bd9Sstevel@tonic-gate #define CLIENT_ERR_RECOVER 6
1417c478bd9Sstevel@tonic-gate #define CLIENT_ERR_TIMEDOUT 7
1427c478bd9Sstevel@tonic-gate #define CLIENT_ERR_MAINTENANCE 8
1437c478bd9Sstevel@tonic-gate
1447c478bd9Sstevel@tonic-gate /* Reset flag for start_services() */
1457c478bd9Sstevel@tonic-gate #define START_INIT 1
1467c478bd9Sstevel@tonic-gate #define START_RESET 2
1477c478bd9Sstevel@tonic-gate #define START_UNINIT 3
1487c478bd9Sstevel@tonic-gate
1497c478bd9Sstevel@tonic-gate /* Reset flag for stop_services() */
1507c478bd9Sstevel@tonic-gate #define STATE_NOSAVE 0
1517c478bd9Sstevel@tonic-gate #define STATE_SAVE 1
1527c478bd9Sstevel@tonic-gate
1537c478bd9Sstevel@tonic-gate /* files to (possibiliy) restore */
1547c478bd9Sstevel@tonic-gate #define LDAP_RESTORE_DIR "/var/ldap/restore"
1557c478bd9Sstevel@tonic-gate
1567c478bd9Sstevel@tonic-gate #define DOMAINNAME_DIR "/etc"
1577c478bd9Sstevel@tonic-gate #define DOMAINNAME_FILE "defaultdomain"
1587c478bd9Sstevel@tonic-gate #define DOMAINNAME DOMAINNAME_DIR "/" DOMAINNAME_FILE
1597c478bd9Sstevel@tonic-gate #define DOMAINNAME_BACK LDAP_RESTORE_DIR "/" DOMAINNAME_FILE
1607c478bd9Sstevel@tonic-gate
1617c478bd9Sstevel@tonic-gate #define NSSWITCH_DIR "/etc"
1627c478bd9Sstevel@tonic-gate #define NSSWITCH_FILE "nsswitch.conf"
1637c478bd9Sstevel@tonic-gate #define NSSWITCH_CONF NSSWITCH_DIR "/" NSSWITCH_FILE
1647c478bd9Sstevel@tonic-gate #define NSSWITCH_BACK LDAP_RESTORE_DIR "/" NSSWITCH_FILE
1657c478bd9Sstevel@tonic-gate #define NSSWITCH_LDAP "/etc/nsswitch.ldap"
1667c478bd9Sstevel@tonic-gate
1677c478bd9Sstevel@tonic-gate #define YP_BIND_DIR "/var/yp/binding"
1687c478bd9Sstevel@tonic-gate
1697c478bd9Sstevel@tonic-gate /* Define the service FMRIs */
1707c478bd9Sstevel@tonic-gate #define SENDMAIL_FMRI "network/smtp:sendmail"
1717c478bd9Sstevel@tonic-gate #define NSCD_FMRI "system/name-service-cache:default"
1727c478bd9Sstevel@tonic-gate #define AUTOFS_FMRI "system/filesystem/autofs:default"
1737c478bd9Sstevel@tonic-gate #define LDAP_FMRI "network/ldap/client:default"
1747c478bd9Sstevel@tonic-gate #define YP_FMRI "network/nis/client:default"
1757c478bd9Sstevel@tonic-gate #define NS_MILESTONE_FMRI "milestone/name-services:default"
1767c478bd9Sstevel@tonic-gate
1777c478bd9Sstevel@tonic-gate /* Define flags for checking if services were enabled */
1787c478bd9Sstevel@tonic-gate #define SENDMAIL_ON 0x1
1797c478bd9Sstevel@tonic-gate #define NSCD_ON 0x10
1807c478bd9Sstevel@tonic-gate #define AUTOFS_ON 0x100
1817c478bd9Sstevel@tonic-gate
1827c478bd9Sstevel@tonic-gate #define CMD_DOMAIN_START "/usr/bin/domainname"
1837c478bd9Sstevel@tonic-gate
1847c478bd9Sstevel@tonic-gate /* Command to copy files */
1857c478bd9Sstevel@tonic-gate #define CMD_CP "/bin/cp -f"
1867c478bd9Sstevel@tonic-gate #define CMD_MV "/bin/mv -f"
1877c478bd9Sstevel@tonic-gate #define CMD_RM "/bin/rm -f"
1887c478bd9Sstevel@tonic-gate
1897c478bd9Sstevel@tonic-gate #define TO_DEV_NULL " >/dev/null 2>&1"
1907c478bd9Sstevel@tonic-gate
1917c478bd9Sstevel@tonic-gate /* Files that need to be just removed */
1927c478bd9Sstevel@tonic-gate #define LDAP_CACHE_LOG "/var/ldap/cachemgr.log"
1937c478bd9Sstevel@tonic-gate
1947c478bd9Sstevel@tonic-gate /* Output defines to supress if quiet mode set */
1957c478bd9Sstevel@tonic-gate #define CLIENT_FPUTS if (!mode_quiet) (void) fputs
1967c478bd9Sstevel@tonic-gate #define CLIENT_FPRINTF if (!mode_quiet) (void) fprintf
1977c478bd9Sstevel@tonic-gate #define CLIENT_FPUTC if (!mode_quiet) (void) fputc
1987c478bd9Sstevel@tonic-gate
1997c478bd9Sstevel@tonic-gate #define restart_service(fmri, waitflag)\
2007c478bd9Sstevel@tonic-gate do_service(fmri, waitflag, RESTART_SERVICE,\
2017c478bd9Sstevel@tonic-gate SCF_STATE_STRING_ONLINE)
2027c478bd9Sstevel@tonic-gate #define start_service(fmri, waitflag) \
2037c478bd9Sstevel@tonic-gate do_service(fmri, waitflag, START_SERVICE,\
2047c478bd9Sstevel@tonic-gate SCF_STATE_STRING_ONLINE)
2057c478bd9Sstevel@tonic-gate #define disable_service(fmri, waitflag) \
2067c478bd9Sstevel@tonic-gate do_service(fmri, waitflag, STOP_SERVICE,\
2077c478bd9Sstevel@tonic-gate SCF_STATE_STRING_DISABLED)
2087c478bd9Sstevel@tonic-gate
2097c478bd9Sstevel@tonic-gate /*
2107c478bd9Sstevel@tonic-gate * There isn't a domainName defined as a param, so we set a value here
2117c478bd9Sstevel@tonic-gate * (1001) should be big enough
2127c478bd9Sstevel@tonic-gate */
2137c478bd9Sstevel@tonic-gate #define LOCAL_DOMAIN_P 1001
2147c478bd9Sstevel@tonic-gate
2157c478bd9Sstevel@tonic-gate #define START_SERVICE 1
2167c478bd9Sstevel@tonic-gate #define STOP_SERVICE 2
2177c478bd9Sstevel@tonic-gate #define RESTART_SERVICE 3
2187c478bd9Sstevel@tonic-gate
2197c478bd9Sstevel@tonic-gate #define DEFAULT_TIMEOUT 60000000
2207c478bd9Sstevel@tonic-gate
2217c478bd9Sstevel@tonic-gate #define INIT_WAIT_USECS 50000
2227c478bd9Sstevel@tonic-gate
2237c478bd9Sstevel@tonic-gate /* Used to turn off profile checking */
2247c478bd9Sstevel@tonic-gate #define CACHETTL_OFF "0"
2257c478bd9Sstevel@tonic-gate
2267c478bd9Sstevel@tonic-gate /* Globals */
2277c478bd9Sstevel@tonic-gate static char *cmd;
2287c478bd9Sstevel@tonic-gate
2297c478bd9Sstevel@tonic-gate static char *dname = NULL;
2307c478bd9Sstevel@tonic-gate static char dname_buf[BUFSIZ];
2317c478bd9Sstevel@tonic-gate
2327c478bd9Sstevel@tonic-gate static boolean_t sysid_install = B_FALSE;
2337c478bd9Sstevel@tonic-gate
2347c478bd9Sstevel@tonic-gate static int mode_verbose = 0;
2357c478bd9Sstevel@tonic-gate static int mode_quiet = 0;
2367c478bd9Sstevel@tonic-gate static int gen = 0;
2377c478bd9Sstevel@tonic-gate
2387c478bd9Sstevel@tonic-gate static int gStartLdap = 0;
2397c478bd9Sstevel@tonic-gate static int gStartYp = 0;
2407c478bd9Sstevel@tonic-gate
2417c478bd9Sstevel@tonic-gate static int enableFlag = 0;
2427c478bd9Sstevel@tonic-gate
2437c478bd9Sstevel@tonic-gate /* multival_t is used to hold params that can have more than one value */
2447c478bd9Sstevel@tonic-gate typedef struct {
2457c478bd9Sstevel@tonic-gate int count;
2467c478bd9Sstevel@tonic-gate char **optlist;
2477c478bd9Sstevel@tonic-gate } multival_t;
2487c478bd9Sstevel@tonic-gate
2497c478bd9Sstevel@tonic-gate static multival_t *multival_new();
2507c478bd9Sstevel@tonic-gate static int multival_add(multival_t *list, char *opt);
2517c478bd9Sstevel@tonic-gate static void multival_free(multival_t *list);
2527c478bd9Sstevel@tonic-gate
2537c478bd9Sstevel@tonic-gate /*
2547c478bd9Sstevel@tonic-gate * clientopts_t is used to hold and pass around the param values from
2557c478bd9Sstevel@tonic-gate * the cmd line
2567c478bd9Sstevel@tonic-gate */
2577c478bd9Sstevel@tonic-gate typedef struct {
2587c478bd9Sstevel@tonic-gate multival_t *attributeMap;
2597c478bd9Sstevel@tonic-gate char *authenticationMethod;
2607c478bd9Sstevel@tonic-gate char *bindTimeLimit;
2617c478bd9Sstevel@tonic-gate char *certificatePath;
2627c478bd9Sstevel@tonic-gate char *credentialLevel;
2637c478bd9Sstevel@tonic-gate char *defaultSearchBase;
2647c478bd9Sstevel@tonic-gate char *defaultServerList;
2657c478bd9Sstevel@tonic-gate char *domainName;
2667c478bd9Sstevel@tonic-gate char *followReferrals;
2677c478bd9Sstevel@tonic-gate multival_t *objectclassMap;
2687c478bd9Sstevel@tonic-gate char *preferredServerList;
2697c478bd9Sstevel@tonic-gate char *profileName;
2707c478bd9Sstevel@tonic-gate char *profileTTL;
2717c478bd9Sstevel@tonic-gate char *proxyDN;
2727c478bd9Sstevel@tonic-gate char *proxyPassword;
273dd1104fbSMichen Chang char *enableShadowUpdate;
274dd1104fbSMichen Chang char *adminDN;
275dd1104fbSMichen Chang char *adminPassword;
276e1dd0a2fSth char *bindDN;
277e1dd0a2fSth char *bindPasswd;
2787c478bd9Sstevel@tonic-gate char *defaultSearchScope;
2797c478bd9Sstevel@tonic-gate char *searchTimeLimit;
2807c478bd9Sstevel@tonic-gate multival_t *serviceAuthenticationMethod;
2817c478bd9Sstevel@tonic-gate multival_t *serviceCredentialLevel;
2827c478bd9Sstevel@tonic-gate multival_t *serviceSearchDescriptor;
2837c478bd9Sstevel@tonic-gate } clientopts_t;
2847c478bd9Sstevel@tonic-gate
2857c478bd9Sstevel@tonic-gate static clientopts_t *clientopts_new();
2867c478bd9Sstevel@tonic-gate static void clientopts_free(clientopts_t *list);
2877c478bd9Sstevel@tonic-gate
2887c478bd9Sstevel@tonic-gate extern ns_ldap_error_t *__ns_ldap_print_config(int);
2897c478bd9Sstevel@tonic-gate extern void __ns_ldap_default_config();
290cb5caa98Sdjl extern int __ns_ldap_download(const char *, char *, char *, ns_ldap_error_t **);
2917c478bd9Sstevel@tonic-gate
2927c478bd9Sstevel@tonic-gate /* Function prototypes (these could be static) */
2937c478bd9Sstevel@tonic-gate static void usage(void);
2947c478bd9Sstevel@tonic-gate
2957c478bd9Sstevel@tonic-gate static int credCheck(clientopts_t *arglist);
296dd1104fbSMichen Chang static int adminCredCheck(clientopts_t *arglist);
2977c478bd9Sstevel@tonic-gate static int clientSetParam(clientopts_t *optlist, int paramFlag, char *attrVal);
2987c478bd9Sstevel@tonic-gate static int parseParam(char *param, char **paramVal);
2997c478bd9Sstevel@tonic-gate static void dumpargs(clientopts_t *arglist);
3007c478bd9Sstevel@tonic-gate static int num_args(clientopts_t *arglist);
3017c478bd9Sstevel@tonic-gate
3027c478bd9Sstevel@tonic-gate static int file_backup(void);
3037c478bd9Sstevel@tonic-gate static int recover(int saveState);
3047c478bd9Sstevel@tonic-gate static int mod_backup(void);
3057c478bd9Sstevel@tonic-gate static int mod_recover(void);
3067c478bd9Sstevel@tonic-gate static void mod_cleanup(void);
3077c478bd9Sstevel@tonic-gate
3087c478bd9Sstevel@tonic-gate static int client_list(clientopts_t *arglist);
3097c478bd9Sstevel@tonic-gate static int client_manual(clientopts_t *arglist);
3107c478bd9Sstevel@tonic-gate static int client_mod(clientopts_t *arglist);
3117c478bd9Sstevel@tonic-gate static int client_uninit(clientopts_t *arglist);
3127c478bd9Sstevel@tonic-gate static int client_genProfile(clientopts_t *arglist);
3137c478bd9Sstevel@tonic-gate static int client_init(clientopts_t *arglist);
3147c478bd9Sstevel@tonic-gate static int file_move(const char *from, const char *to);
3157c478bd9Sstevel@tonic-gate
3167c478bd9Sstevel@tonic-gate static int start_services(int flag);
3177c478bd9Sstevel@tonic-gate static int stop_services(int saveState);
3187c478bd9Sstevel@tonic-gate static boolean_t is_service(const char *fmri, const char *state);
3197c478bd9Sstevel@tonic-gate static int wait_till(const char *fmri, const char *state, useconds_t max,
3207c478bd9Sstevel@tonic-gate const char *what, boolean_t check_maint);
3217c478bd9Sstevel@tonic-gate static int do_service(const char *fmri, boolean_t waitflag, int dowhat,
3227c478bd9Sstevel@tonic-gate const char *state);
3237c478bd9Sstevel@tonic-gate static useconds_t get_timeout_value(int dowhat, const char *fmri,
3247c478bd9Sstevel@tonic-gate useconds_t default_val);
3257c478bd9Sstevel@tonic-gate
326a506a34cSth int
main(int argc,char ** argv)327a506a34cSth main(int argc, char **argv)
3287c478bd9Sstevel@tonic-gate {
329e1dd0a2fSth char *ret_locale, *ret_textdomain;
330e1dd0a2fSth int retcode;
331e1dd0a2fSth int paramFlag;
332e1dd0a2fSth char *attrVal;
333e1dd0a2fSth int sysinfostatus;
334e1dd0a2fSth clientopts_t *optlist = NULL;
335e1dd0a2fSth int op_manual = 0, op_mod = 0, op_uninit = 0;
336e1dd0a2fSth int op_list = 0, op_init = 0, op_genprofile = 0;
337e1dd0a2fSth extern char *optarg;
338e1dd0a2fSth extern int optind;
339e1dd0a2fSth int option;
3407c478bd9Sstevel@tonic-gate
3417c478bd9Sstevel@tonic-gate ret_locale = setlocale(LC_ALL, "");
3427c478bd9Sstevel@tonic-gate if (ret_locale == NULL) {
3437c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Unable to set locale.\n"), stderr);
3447c478bd9Sstevel@tonic-gate }
3457c478bd9Sstevel@tonic-gate ret_textdomain = textdomain(TEXT_DOMAIN);
3467c478bd9Sstevel@tonic-gate if (ret_textdomain == NULL) {
3477c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Unable to set textdomain.\n"), stderr);
3487c478bd9Sstevel@tonic-gate }
3497c478bd9Sstevel@tonic-gate
3507c478bd9Sstevel@tonic-gate openlog("ldapclient", LOG_PID, LOG_USER);
3517c478bd9Sstevel@tonic-gate
3527c478bd9Sstevel@tonic-gate /* get name that invoked us */
3537c478bd9Sstevel@tonic-gate if (cmd = strrchr(argv[0], '/'))
3547c478bd9Sstevel@tonic-gate ++cmd;
3557c478bd9Sstevel@tonic-gate else
3567c478bd9Sstevel@tonic-gate cmd = argv[0];
3577c478bd9Sstevel@tonic-gate
3587c478bd9Sstevel@tonic-gate sysinfostatus = sysinfo(SI_SRPC_DOMAIN, dname_buf, BUFSIZ);
3597c478bd9Sstevel@tonic-gate if (0 < sysinfostatus)
3607c478bd9Sstevel@tonic-gate dname = &dname_buf[0];
3617c478bd9Sstevel@tonic-gate
3627c478bd9Sstevel@tonic-gate optlist = clientopts_new();
3637c478bd9Sstevel@tonic-gate if (optlist == NULL) {
3647c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
365e1dd0a2fSth gettext("Error getting optlist (malloc fail)\n"),
366e1dd0a2fSth stderr);
3677c478bd9Sstevel@tonic-gate exit(CLIENT_ERR_FAIL);
3687c478bd9Sstevel@tonic-gate }
3697c478bd9Sstevel@tonic-gate
3707c478bd9Sstevel@tonic-gate optind = 1;
3717c478bd9Sstevel@tonic-gate while (optind < argc) {
372dd1104fbSMichen Chang option = getopt(argc, argv, "vqa:ID:w:j:y:z:");
3737c478bd9Sstevel@tonic-gate
3747c478bd9Sstevel@tonic-gate switch (option) {
3757c478bd9Sstevel@tonic-gate case 'v':
3767c478bd9Sstevel@tonic-gate mode_verbose = 1;
3777c478bd9Sstevel@tonic-gate break;
3787c478bd9Sstevel@tonic-gate case 'q':
3797c478bd9Sstevel@tonic-gate mode_quiet = 1;
3807c478bd9Sstevel@tonic-gate break;
3817c478bd9Sstevel@tonic-gate case 'a':
3827c478bd9Sstevel@tonic-gate attrVal = NULL;
3837c478bd9Sstevel@tonic-gate paramFlag = parseParam(optarg, &attrVal);
3847c478bd9Sstevel@tonic-gate if (paramFlag == CLIENT_ERR_PARSE) {
3857c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
386e1dd0a2fSth gettext("Unrecognized "
387e1dd0a2fSth "parameter \"%s\"\n"),
388e1dd0a2fSth optarg);
3897c478bd9Sstevel@tonic-gate usage();
3907c478bd9Sstevel@tonic-gate exit(CLIENT_ERR_FAIL);
3917c478bd9Sstevel@tonic-gate }
392e1dd0a2fSth if (paramFlag == NS_LDAP_BINDPASSWD_P &&
393e1dd0a2fSth optlist->proxyPassword != NULL) {
394e1dd0a2fSth (void) fprintf(stderr,
395e1dd0a2fSth gettext("The -a proxyPassword option is "
396e1dd0a2fSth "mutually exclusive of -y. "
397e1dd0a2fSth "-a proxyPassword is ignored.\n"));
398e1dd0a2fSth break;
399e1dd0a2fSth }
400dd1104fbSMichen Chang if (paramFlag == NS_LDAP_ADMIN_BINDPASSWD_P &&
401dd1104fbSMichen Chang optlist->adminPassword != NULL) {
402dd1104fbSMichen Chang (void) fprintf(stderr,
403dd1104fbSMichen Chang gettext("The -a adminPassword option is "
404dd1104fbSMichen Chang "mutually exclusive of -z. "
405dd1104fbSMichen Chang "-a adminPassword is ignored.\n"));
406dd1104fbSMichen Chang break;
407dd1104fbSMichen Chang }
4087c478bd9Sstevel@tonic-gate retcode = clientSetParam(optlist, paramFlag, attrVal);
4097c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
4107c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(
411e1dd0a2fSth stderr,
412e1dd0a2fSth gettext("Error (%d) setting "
413e1dd0a2fSth "param \"%s\"\n"),
414e1dd0a2fSth retcode, optarg);
4157c478bd9Sstevel@tonic-gate usage();
4167c478bd9Sstevel@tonic-gate exit(CLIENT_ERR_FAIL);
4177c478bd9Sstevel@tonic-gate }
4187c478bd9Sstevel@tonic-gate break;
419e1dd0a2fSth case 'D':
420e1dd0a2fSth optlist->bindDN = strdup(optarg);
421e1dd0a2fSth break;
422e1dd0a2fSth case 'w':
423e1dd0a2fSth if (optlist->bindPasswd != NULL) {
424e1dd0a2fSth CLIENT_FPRINTF(stderr,
425e1dd0a2fSth gettext("The -w option is mutually "
426e1dd0a2fSth "exclusive of -j. -w is ignored."));
427e1dd0a2fSth break;
428e1dd0a2fSth }
429e1dd0a2fSth
430e1dd0a2fSth if (optarg[0] == '-' && optarg[1] == '\0') {
431e1dd0a2fSth /* Ask for a password later */
432e1dd0a2fSth break;
433e1dd0a2fSth }
434e1dd0a2fSth
435e1dd0a2fSth optlist->bindPasswd = strdup(optarg);
436e1dd0a2fSth break;
437e1dd0a2fSth case 'j':
438e1dd0a2fSth if (optlist->bindPasswd != NULL) {
439e1dd0a2fSth (void) fprintf(stderr,
440e1dd0a2fSth gettext("The -w option is mutually "
441e1dd0a2fSth "exclusive of -j. -w is ignored.\n"));
442e1dd0a2fSth free(optlist->bindPasswd);
443e1dd0a2fSth }
444e1dd0a2fSth optlist->bindPasswd = readPwd(optarg);
445e1dd0a2fSth if (optlist->bindPasswd == NULL) {
446e1dd0a2fSth exit(CLIENT_ERR_FAIL);
447e1dd0a2fSth }
448e1dd0a2fSth break;
449e1dd0a2fSth case 'y':
450e1dd0a2fSth if (optlist->proxyPassword != NULL) {
451e1dd0a2fSth (void) fprintf(stderr,
452e1dd0a2fSth gettext("The -a proxyPassword option is "
453e1dd0a2fSth "mutually exclusive of -y. "
454e1dd0a2fSth "-a proxyPassword is ignored.\n"));
455e1dd0a2fSth }
456e1dd0a2fSth optlist->proxyPassword = readPwd(optarg);
457e1dd0a2fSth if (optlist->proxyPassword == NULL) {
458e1dd0a2fSth exit(CLIENT_ERR_FAIL);
459e1dd0a2fSth }
460e1dd0a2fSth break;
461dd1104fbSMichen Chang case 'z':
462dd1104fbSMichen Chang if (optlist->adminPassword != NULL) {
463dd1104fbSMichen Chang (void) fprintf(stderr,
464dd1104fbSMichen Chang gettext("The -a adminPassword option is "
465dd1104fbSMichen Chang "mutually exclusive of -z. "
466dd1104fbSMichen Chang "-a adminPassword is ignored.\n"));
467dd1104fbSMichen Chang }
468dd1104fbSMichen Chang optlist->adminPassword = readPwd(optarg);
469dd1104fbSMichen Chang if (optlist->adminPassword == NULL) {
470dd1104fbSMichen Chang exit(CLIENT_ERR_FAIL);
471dd1104fbSMichen Chang }
472dd1104fbSMichen Chang break;
4737c478bd9Sstevel@tonic-gate case EOF:
4747c478bd9Sstevel@tonic-gate if (strcmp(argv[optind], "init") == 0) {
4757c478bd9Sstevel@tonic-gate op_init = 1;
4767c478bd9Sstevel@tonic-gate } else if (strcmp(argv[optind], "manual") == 0) {
4777c478bd9Sstevel@tonic-gate op_manual = 1;
4787c478bd9Sstevel@tonic-gate } else if (strcmp(argv[optind], "mod") == 0) {
4797c478bd9Sstevel@tonic-gate op_mod = 1;
4807c478bd9Sstevel@tonic-gate } else if (strcmp(argv[optind], "list") == 0) {
4817c478bd9Sstevel@tonic-gate op_list = 1;
4827c478bd9Sstevel@tonic-gate } else if (strcmp(argv[optind], "uninit") == 0) {
4837c478bd9Sstevel@tonic-gate op_uninit = 1;
4847c478bd9Sstevel@tonic-gate } else if (strcmp(argv[optind], "genprofile") == 0) {
4857c478bd9Sstevel@tonic-gate gen = 1;
4867c478bd9Sstevel@tonic-gate op_genprofile = 1;
4877c478bd9Sstevel@tonic-gate } else if (optind == argc-1) {
4887c478bd9Sstevel@tonic-gate retcode = clientSetParam(
489e1dd0a2fSth optlist,
490e1dd0a2fSth NS_LDAP_SERVERS_P,
491e1dd0a2fSth argv[optind]); /* ipAddr */
4927c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
4937c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(
494e1dd0a2fSth stderr,
495e1dd0a2fSth gettext("Error (%d) setting "
496e1dd0a2fSth "serverList param.\n"),
497e1dd0a2fSth retcode);
4987c478bd9Sstevel@tonic-gate usage();
4997c478bd9Sstevel@tonic-gate exit(CLIENT_ERR_FAIL);
5007c478bd9Sstevel@tonic-gate }
5017c478bd9Sstevel@tonic-gate } else {
5027c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
503e1dd0a2fSth gettext("Error parsing "
504e1dd0a2fSth "command line\n"),
505e1dd0a2fSth stderr);
5067c478bd9Sstevel@tonic-gate usage();
5077c478bd9Sstevel@tonic-gate exit(CLIENT_ERR_FAIL);
5087c478bd9Sstevel@tonic-gate }
5097c478bd9Sstevel@tonic-gate optind++; /* get past the verb and keep trying */
5107c478bd9Sstevel@tonic-gate break;
5117c478bd9Sstevel@tonic-gate /* Backwards compatibility to support system install */
5127c478bd9Sstevel@tonic-gate case 'I':
5137c478bd9Sstevel@tonic-gate sysid_install = B_TRUE;
5147c478bd9Sstevel@tonic-gate op_init = 1;
5157c478bd9Sstevel@tonic-gate mode_quiet = 1;
5167c478bd9Sstevel@tonic-gate break;
5177c478bd9Sstevel@tonic-gate case '?':
5187c478bd9Sstevel@tonic-gate usage();
5197c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("\nOr\n\n"), stderr);
5207c478bd9Sstevel@tonic-gate gen = 1;
5217c478bd9Sstevel@tonic-gate usage();
5227c478bd9Sstevel@tonic-gate exit(CLIENT_ERR_FAIL);
5237c478bd9Sstevel@tonic-gate break;
5247c478bd9Sstevel@tonic-gate }
5257c478bd9Sstevel@tonic-gate
5267c478bd9Sstevel@tonic-gate }
5277c478bd9Sstevel@tonic-gate
5287c478bd9Sstevel@tonic-gate if ((getuid() != 0) && (!op_genprofile)) {
5297c478bd9Sstevel@tonic-gate (void) puts(
530e1dd0a2fSth "You must be root (SuperUser) to run this command.");
5317c478bd9Sstevel@tonic-gate usage();
5327c478bd9Sstevel@tonic-gate exit(CLIENT_ERR_FAIL);
5337c478bd9Sstevel@tonic-gate }
5347c478bd9Sstevel@tonic-gate
5357c478bd9Sstevel@tonic-gate /*
5367c478bd9Sstevel@tonic-gate * All command line arguments are finished being parsed now
5377c478bd9Sstevel@tonic-gate */
5387c478bd9Sstevel@tonic-gate
5397c478bd9Sstevel@tonic-gate /* *** Do semantic checking here *** */
5407c478bd9Sstevel@tonic-gate
5417c478bd9Sstevel@tonic-gate /* if gen and no no searchBase then err */
5427c478bd9Sstevel@tonic-gate if (gen && !optlist->defaultSearchBase) {
5437c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
544e1dd0a2fSth gettext("ldapclient: Missing required attrName "
545e1dd0a2fSth "defaultSearchBase\n"),
546e1dd0a2fSth stderr);
5477c478bd9Sstevel@tonic-gate usage();
5487c478bd9Sstevel@tonic-gate clientopts_free(optlist);
5497c478bd9Sstevel@tonic-gate exit(CLIENT_ERR_FAIL);
5507c478bd9Sstevel@tonic-gate }
5517c478bd9Sstevel@tonic-gate
552dd1104fbSMichen Chang /*
553dd1104fbSMichen Chang * if init or manual, and if adminDN is specified then enableShadowUpdate
554dd1104fbSMichen Chang * must be set to TRUE.
555dd1104fbSMichen Chang */
556dd1104fbSMichen Chang if ((op_init || op_manual) &&
557dd1104fbSMichen Chang (!optlist->enableShadowUpdate ||
558dd1104fbSMichen Chang strcasecmp(optlist->enableShadowUpdate, "TRUE") != 0) &&
559dd1104fbSMichen Chang (optlist->adminDN || optlist->adminPassword)) {
560dd1104fbSMichen Chang CLIENT_FPUTS(
561dd1104fbSMichen Chang gettext("ldapclient: adminDN and adminPassword must not "
562dd1104fbSMichen Chang "be specified if enableShadowUpdate is not set to TRUE \n"),
563dd1104fbSMichen Chang stderr);
564dd1104fbSMichen Chang usage();
565dd1104fbSMichen Chang clientopts_free(optlist);
566dd1104fbSMichen Chang exit(CLIENT_ERR_FAIL);
567dd1104fbSMichen Chang }
568dd1104fbSMichen Chang
5697c478bd9Sstevel@tonic-gate /* Only one verb can be specified */
5707c478bd9Sstevel@tonic-gate if ((op_init + op_manual + op_mod + op_uninit +
571e1dd0a2fSth op_list + op_genprofile) != 1) {
5727c478bd9Sstevel@tonic-gate usage();
5737c478bd9Sstevel@tonic-gate clientopts_free(optlist);
5747c478bd9Sstevel@tonic-gate exit(CLIENT_ERR_FAIL);
5757c478bd9Sstevel@tonic-gate }
5767c478bd9Sstevel@tonic-gate
5777c478bd9Sstevel@tonic-gate /* *** We passed semantic checking, so now do the operation *** */
5787c478bd9Sstevel@tonic-gate
5797c478bd9Sstevel@tonic-gate if (mode_verbose) {
5807c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Arguments parsed:\n"), stderr);
5817c478bd9Sstevel@tonic-gate dumpargs(optlist);
5827c478bd9Sstevel@tonic-gate }
5837c478bd9Sstevel@tonic-gate
5847c478bd9Sstevel@tonic-gate
5857c478bd9Sstevel@tonic-gate /* handle "ldapclient list" here. err checking done in func */
5867c478bd9Sstevel@tonic-gate if (op_list) {
5877c478bd9Sstevel@tonic-gate if (mode_verbose)
5887c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
589e1dd0a2fSth gettext("Handling list option\n"),
590e1dd0a2fSth stderr);
5917c478bd9Sstevel@tonic-gate retcode = client_list(optlist);
5927c478bd9Sstevel@tonic-gate }
5937c478bd9Sstevel@tonic-gate
5947c478bd9Sstevel@tonic-gate /* handle "ldapclient uninit" here */
5957c478bd9Sstevel@tonic-gate if (op_uninit) {
5967c478bd9Sstevel@tonic-gate if (mode_verbose)
5977c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
598e1dd0a2fSth gettext("Handling uninit option\n"),
599e1dd0a2fSth stderr);
6007c478bd9Sstevel@tonic-gate retcode = client_uninit(optlist);
6017c478bd9Sstevel@tonic-gate }
6027c478bd9Sstevel@tonic-gate
6037c478bd9Sstevel@tonic-gate /* handle "ldapclient init" (profile) */
6047c478bd9Sstevel@tonic-gate if (op_init) {
6057c478bd9Sstevel@tonic-gate if (mode_verbose)
6067c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
607e1dd0a2fSth gettext("Handling init option\n"),
608e1dd0a2fSth stderr);
6097c478bd9Sstevel@tonic-gate retcode = client_init(optlist);
6107c478bd9Sstevel@tonic-gate }
6117c478bd9Sstevel@tonic-gate
6127c478bd9Sstevel@tonic-gate /* handle "genprofile" here */
6137c478bd9Sstevel@tonic-gate if (op_genprofile) {
6147c478bd9Sstevel@tonic-gate if (mode_verbose)
6157c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
616e1dd0a2fSth gettext("Handling genProfile\n"),
617e1dd0a2fSth stderr);
6187c478bd9Sstevel@tonic-gate retcode = client_genProfile(optlist);
6197c478bd9Sstevel@tonic-gate }
6207c478bd9Sstevel@tonic-gate
6217c478bd9Sstevel@tonic-gate /* handle "ldapclient manual" here */
6227c478bd9Sstevel@tonic-gate if (op_manual) {
6237c478bd9Sstevel@tonic-gate if (mode_verbose)
6247c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
625e1dd0a2fSth gettext("Handling manual option\n"),
626e1dd0a2fSth stderr);
6277c478bd9Sstevel@tonic-gate retcode = client_manual(optlist);
6287c478bd9Sstevel@tonic-gate }
6297c478bd9Sstevel@tonic-gate
6307c478bd9Sstevel@tonic-gate /* handle "ldapclient mod" here */
6317c478bd9Sstevel@tonic-gate if (op_mod) {
6327c478bd9Sstevel@tonic-gate if (mode_verbose)
6337c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
634e1dd0a2fSth gettext("Handling mod option\n"),
635e1dd0a2fSth stderr);
6367c478bd9Sstevel@tonic-gate retcode = client_mod(optlist);
6377c478bd9Sstevel@tonic-gate }
6387c478bd9Sstevel@tonic-gate
6397c478bd9Sstevel@tonic-gate clientopts_free(optlist);
6407c478bd9Sstevel@tonic-gate if ((retcode == CLIENT_SUCCESS) ||
641e1dd0a2fSth (retcode == CLIENT_ERR_FAIL) ||
642e1dd0a2fSth (retcode == CLIENT_ERR_CREDENTIAL))
643cb5caa98Sdjl return (retcode);
6447c478bd9Sstevel@tonic-gate else
645cb5caa98Sdjl return (CLIENT_ERR_FAIL);
6467c478bd9Sstevel@tonic-gate }
6477c478bd9Sstevel@tonic-gate
6487c478bd9Sstevel@tonic-gate static int
client_list(clientopts_t * arglist)6497c478bd9Sstevel@tonic-gate client_list(clientopts_t *arglist)
6507c478bd9Sstevel@tonic-gate {
6517c478bd9Sstevel@tonic-gate ns_ldap_error_t *errorp;
6527c478bd9Sstevel@tonic-gate int retcode = CLIENT_SUCCESS;
6537c478bd9Sstevel@tonic-gate
6547c478bd9Sstevel@tonic-gate if (num_args(arglist) > 0) {
6557c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
656e1dd0a2fSth gettext("No args supported with \"list\" option\n"),
657e1dd0a2fSth stderr);
6587c478bd9Sstevel@tonic-gate usage();
6597c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL); /* exit code here ? */
6607c478bd9Sstevel@tonic-gate }
6617c478bd9Sstevel@tonic-gate if ((errorp = __ns_ldap_print_config(mode_verbose)) != NULL) {
6627c478bd9Sstevel@tonic-gate retcode = CLIENT_ERR_FAIL;
6637c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
664e1dd0a2fSth gettext("Cannot get print configuration\n"),
665e1dd0a2fSth stderr);
6667c478bd9Sstevel@tonic-gate CLIENT_FPUTS(errorp->message, stderr);
6677c478bd9Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp);
6687c478bd9Sstevel@tonic-gate CLIENT_FPUTC('\n', stderr);
6697c478bd9Sstevel@tonic-gate }
6707c478bd9Sstevel@tonic-gate
6717c478bd9Sstevel@tonic-gate return (retcode);
6727c478bd9Sstevel@tonic-gate }
6737c478bd9Sstevel@tonic-gate
6747c478bd9Sstevel@tonic-gate static int
client_uninit(clientopts_t * arglist)6757c478bd9Sstevel@tonic-gate client_uninit(clientopts_t *arglist)
6767c478bd9Sstevel@tonic-gate {
6777c478bd9Sstevel@tonic-gate int retcode = CLIENT_SUCCESS;
678cb5caa98Sdjl ns_ldap_self_gssapi_config_t config = NS_LDAP_SELF_GSSAPI_CONFIG_NONE;
6797c478bd9Sstevel@tonic-gate
6807c478bd9Sstevel@tonic-gate if (mode_verbose) {
6817c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
682e1dd0a2fSth gettext("Restoring machine to previous "
683e1dd0a2fSth "configuration state\n"),
684e1dd0a2fSth stderr);
6857c478bd9Sstevel@tonic-gate }
6867c478bd9Sstevel@tonic-gate
6877c478bd9Sstevel@tonic-gate if (num_args(arglist) > 0) {
6887c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
689e1dd0a2fSth gettext("No args supported with \"uninit\" option\n"),
690e1dd0a2fSth stderr);
6917c478bd9Sstevel@tonic-gate usage();
6927c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
6937c478bd9Sstevel@tonic-gate }
6947c478bd9Sstevel@tonic-gate
695cb5caa98Sdjl (void) __ns_ldap_self_gssapi_config(&config);
696cb5caa98Sdjl
6977c478bd9Sstevel@tonic-gate retcode = stop_services(STATE_SAVE);
698cb5caa98Sdjl
699cb5caa98Sdjl if (config != NS_LDAP_SELF_GSSAPI_CONFIG_NONE)
700cb5caa98Sdjl (void) system("/usr/sbin/cryptoadm enable metaslot");
701cb5caa98Sdjl
7027c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
7037c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
704e1dd0a2fSth gettext("Errors stopping network services.\n"), stderr);
7057c478bd9Sstevel@tonic-gate /* restart whatever services we can */
7067c478bd9Sstevel@tonic-gate (void) start_services(START_RESET);
7077c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
7087c478bd9Sstevel@tonic-gate }
7097c478bd9Sstevel@tonic-gate
7107c478bd9Sstevel@tonic-gate retcode = recover(STATE_SAVE);
7117c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
7127c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
713e1dd0a2fSth gettext("Cannot recover the configuration on "
714e1dd0a2fSth "this machine.\n"),
715e1dd0a2fSth stderr);
7167c478bd9Sstevel@tonic-gate (void) start_services(START_RESET);
7177c478bd9Sstevel@tonic-gate } else {
7187c478bd9Sstevel@tonic-gate retcode = start_services(START_UNINIT);
7197c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
7207c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
721e1dd0a2fSth gettext("Config restored but problems "
722e1dd0a2fSth "encountered resetting network "
723e1dd0a2fSth "services.\n"),
724e1dd0a2fSth stderr);
7257c478bd9Sstevel@tonic-gate }
7267c478bd9Sstevel@tonic-gate }
7277c478bd9Sstevel@tonic-gate
7287c478bd9Sstevel@tonic-gate if (retcode == CLIENT_SUCCESS) {
7297c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
730e1dd0a2fSth gettext("System successfully recovered\n"),
731e1dd0a2fSth stderr);
7327c478bd9Sstevel@tonic-gate }
7337c478bd9Sstevel@tonic-gate
7347c478bd9Sstevel@tonic-gate return (retcode);
7357c478bd9Sstevel@tonic-gate }
7367c478bd9Sstevel@tonic-gate
7377c478bd9Sstevel@tonic-gate /*
7387c478bd9Sstevel@tonic-gate * The following macro is used to do a __ns_ldap_setParam().
7397c478bd9Sstevel@tonic-gate * On every call, the return code is checked, and if there was
7407c478bd9Sstevel@tonic-gate * a problem then the error message is printed, the ldaperr
7417c478bd9Sstevel@tonic-gate * is freed and we return from the function with the offending
7427c478bd9Sstevel@tonic-gate * error return code. This macro keeps us from having to
7437c478bd9Sstevel@tonic-gate * repeat this code for every call to setParam as was done
7447c478bd9Sstevel@tonic-gate * in the previous incarnation of ldapclient.
7457c478bd9Sstevel@tonic-gate *
7467c478bd9Sstevel@tonic-gate * assumes a "retcode" variable is available for status
7477c478bd9Sstevel@tonic-gate */
7487c478bd9Sstevel@tonic-gate #define LDAP_SET_PARAM(argval, argdef) \
7497c478bd9Sstevel@tonic-gate retcode = 0; \
7507c478bd9Sstevel@tonic-gate if (NULL != argval) { \
7517c478bd9Sstevel@tonic-gate ns_ldap_error_t *ldaperr; \
7527c478bd9Sstevel@tonic-gate retcode = __ns_ldap_setParam(argdef, (void *)argval, &ldaperr); \
7537c478bd9Sstevel@tonic-gate if (retcode != NS_LDAP_SUCCESS) { \
7547c478bd9Sstevel@tonic-gate if (NULL != ldaperr) { \
7557c478bd9Sstevel@tonic-gate CLIENT_FPUTS(ldaperr->message, stderr); \
7567c478bd9Sstevel@tonic-gate CLIENT_FPUTC('\n', stderr); \
7577c478bd9Sstevel@tonic-gate (void) __ns_ldap_freeError(&ldaperr); \
7587c478bd9Sstevel@tonic-gate } \
7597c478bd9Sstevel@tonic-gate return (retcode ? CLIENT_ERR_FAIL : CLIENT_SUCCESS); \
7607c478bd9Sstevel@tonic-gate } \
7617c478bd9Sstevel@tonic-gate }
7627c478bd9Sstevel@tonic-gate
763e1dd0a2fSth /*
764e1dd0a2fSth * The following macro is used to check if an arg has already been set
765e1dd0a2fSth * and issues an error message, a usage message and then returns an error.
766e1dd0a2fSth * This was made into a macro to avoid the duplication of this code many
767e1dd0a2fSth * times in the function below.
768e1dd0a2fSth */
769e1dd0a2fSth #define LDAP_CHECK_INVALID(arg, param) \
770e1dd0a2fSth if (arg) { \
771e1dd0a2fSth CLIENT_FPRINTF(stderr, gettext("Invalid parameter (%s) " \
772e1dd0a2fSth "specified\n"), param); \
773e1dd0a2fSth usage(); \
774e1dd0a2fSth return (CLIENT_ERR_FAIL); \
775e1dd0a2fSth }
776e1dd0a2fSth
7777c478bd9Sstevel@tonic-gate static int
client_manual(clientopts_t * arglist)7787c478bd9Sstevel@tonic-gate client_manual(clientopts_t *arglist)
7797c478bd9Sstevel@tonic-gate {
7807c478bd9Sstevel@tonic-gate int counter;
7817c478bd9Sstevel@tonic-gate int domain_fp;
7827c478bd9Sstevel@tonic-gate ns_ldap_error_t *errorp;
7837c478bd9Sstevel@tonic-gate int ret_copy;
7847c478bd9Sstevel@tonic-gate int reset_ret;
7857c478bd9Sstevel@tonic-gate int retcode = CLIENT_SUCCESS;
7867c478bd9Sstevel@tonic-gate
7877c478bd9Sstevel@tonic-gate if (dname == NULL) {
7887c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
789e1dd0a2fSth gettext("Manual failed: System domain not set and "
790e1dd0a2fSth "no domainName specified.\n"),
791e1dd0a2fSth stderr);
7927c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
7937c478bd9Sstevel@tonic-gate }
7947c478bd9Sstevel@tonic-gate
7957c478bd9Sstevel@tonic-gate if (arglist->defaultSearchBase == NULL) {
7967c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
797e1dd0a2fSth gettext("Manual failed: Missing required "
798e1dd0a2fSth "defaultSearchBase attribute.\n"),
799e1dd0a2fSth stderr);
8007c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
8017c478bd9Sstevel@tonic-gate }
8027c478bd9Sstevel@tonic-gate
8037c478bd9Sstevel@tonic-gate if ((arglist->defaultServerList == NULL) &&
804e1dd0a2fSth (arglist->preferredServerList == NULL)) {
8057c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
806e1dd0a2fSth gettext("Manual failed: Missing required "
807e1dd0a2fSth "defaultServerList or preferredServerList "
808e1dd0a2fSth "attribute.\n"),
809e1dd0a2fSth stderr);
8107c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
8117c478bd9Sstevel@tonic-gate }
8127c478bd9Sstevel@tonic-gate
8137c478bd9Sstevel@tonic-gate if (arglist->profileTTL != NULL) {
8147c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
815e1dd0a2fSth gettext("Manual aborted: profileTTL is not supported "
816e1dd0a2fSth "in manual mode.\n"),
817e1dd0a2fSth stderr);
8187c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
8197c478bd9Sstevel@tonic-gate }
8207c478bd9Sstevel@tonic-gate
8217c478bd9Sstevel@tonic-gate if (arglist->profileName != NULL) {
8227c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
823e1dd0a2fSth gettext("Manual aborted: profileName is not supported "
824e1dd0a2fSth "in manual mode.\n"),
825e1dd0a2fSth stderr);
8267c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
8277c478bd9Sstevel@tonic-gate }
8287c478bd9Sstevel@tonic-gate
829e1dd0a2fSth LDAP_CHECK_INVALID(arglist->bindDN, "bind DN");
830e1dd0a2fSth LDAP_CHECK_INVALID(arglist->bindPasswd, "bind password");
8317c478bd9Sstevel@tonic-gate
8327c478bd9Sstevel@tonic-gate __ns_ldap_setServer(TRUE); /* Need this for _ns_setParam() */
8337c478bd9Sstevel@tonic-gate __ns_ldap_default_config();
8347c478bd9Sstevel@tonic-gate
8357c478bd9Sstevel@tonic-gate /* Set version to latest (not version 1) */
8367c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(NS_LDAP_VERSION, NS_LDAP_FILE_VERSION_P);
8377c478bd9Sstevel@tonic-gate
8387c478bd9Sstevel@tonic-gate /* Set profileTTL to 0 since NO profile on manual */
8397c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(CACHETTL_OFF, NS_LDAP_CACHETTL_P);
8407c478bd9Sstevel@tonic-gate
8417c478bd9Sstevel@tonic-gate /* Set additional valid params from command line */
8427c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->authenticationMethod, NS_LDAP_AUTH_P);
8437c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->defaultSearchBase, NS_LDAP_SEARCH_BASEDN_P);
8447c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->credentialLevel, NS_LDAP_CREDENTIAL_LEVEL_P);
8457c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->proxyDN, NS_LDAP_BINDDN_P);
846dd1104fbSMichen Chang LDAP_SET_PARAM(arglist->enableShadowUpdate,
847dd1104fbSMichen Chang NS_LDAP_ENABLE_SHADOW_UPDATE_P);
848dd1104fbSMichen Chang LDAP_SET_PARAM(arglist->adminDN, NS_LDAP_ADMIN_BINDDN_P);
8497c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->searchTimeLimit, NS_LDAP_SEARCH_TIME_P);
8507c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->preferredServerList, NS_LDAP_SERVER_PREF_P);
8517c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->profileName, NS_LDAP_PROFILE_P);
8527c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->followReferrals, NS_LDAP_SEARCH_REF_P);
8537c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->defaultSearchScope, NS_LDAP_SEARCH_SCOPE_P);
8547c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->bindTimeLimit, NS_LDAP_BIND_TIME_P);
8557c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->proxyPassword, NS_LDAP_BINDPASSWD_P);
856dd1104fbSMichen Chang LDAP_SET_PARAM(arglist->adminPassword, NS_LDAP_ADMIN_BINDPASSWD_P);
8577c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->defaultServerList, NS_LDAP_SERVERS_P);
8587c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->certificatePath, NS_LDAP_HOST_CERTPATH_P);
8597c478bd9Sstevel@tonic-gate
8607c478bd9Sstevel@tonic-gate for (counter = 0;
861e1dd0a2fSth counter < arglist->serviceAuthenticationMethod->count;
862e1dd0a2fSth counter++) {
8637c478bd9Sstevel@tonic-gate
8647c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(
865e1dd0a2fSth arglist->serviceAuthenticationMethod->optlist[counter],
866e1dd0a2fSth NS_LDAP_SERVICE_AUTH_METHOD_P);
8677c478bd9Sstevel@tonic-gate }
8687c478bd9Sstevel@tonic-gate for (counter = 0;
869e1dd0a2fSth counter < arglist->serviceCredentialLevel->count;
870e1dd0a2fSth counter++) {
8717c478bd9Sstevel@tonic-gate
8727c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(
873e1dd0a2fSth arglist->serviceCredentialLevel->optlist[counter],
874e1dd0a2fSth NS_LDAP_SERVICE_CRED_LEVEL_P);
8757c478bd9Sstevel@tonic-gate }
8767c478bd9Sstevel@tonic-gate for (counter = 0;
877e1dd0a2fSth counter < arglist->objectclassMap->count;
878e1dd0a2fSth counter++) {
8797c478bd9Sstevel@tonic-gate
8807c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->objectclassMap->optlist[counter],
881e1dd0a2fSth NS_LDAP_OBJECTCLASSMAP_P);
8827c478bd9Sstevel@tonic-gate }
8837c478bd9Sstevel@tonic-gate for (counter = 0; counter < arglist->attributeMap->count; counter++) {
8847c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->attributeMap->optlist[counter],
885e1dd0a2fSth NS_LDAP_ATTRIBUTEMAP_P);
8867c478bd9Sstevel@tonic-gate }
8877c478bd9Sstevel@tonic-gate for (counter = 0;
888e1dd0a2fSth counter < arglist->serviceSearchDescriptor->count;
889e1dd0a2fSth counter++) {
8907c478bd9Sstevel@tonic-gate
8917c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(
892e1dd0a2fSth arglist->serviceSearchDescriptor->optlist[counter],
893e1dd0a2fSth NS_LDAP_SERVICE_SEARCH_DESC_P);
8947c478bd9Sstevel@tonic-gate }
8957c478bd9Sstevel@tonic-gate
8967c478bd9Sstevel@tonic-gate retcode = credCheck(arglist);
897dd1104fbSMichen Chang if (retcode == CLIENT_SUCCESS)
898dd1104fbSMichen Chang retcode = adminCredCheck(arglist);
8997c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
9007c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
901e1dd0a2fSth gettext("Error in setting up credentials\n"),
902e1dd0a2fSth stderr);
9037c478bd9Sstevel@tonic-gate return (retcode);
9047c478bd9Sstevel@tonic-gate }
9057c478bd9Sstevel@tonic-gate
9067c478bd9Sstevel@tonic-gate if (mode_verbose)
9077c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
908e1dd0a2fSth gettext("About to modify this machines "
909e1dd0a2fSth "configuration by writing the files\n"),
910e1dd0a2fSth stderr);
9117c478bd9Sstevel@tonic-gate
9127c478bd9Sstevel@tonic-gate /* get ready to start playing with files */
9137c478bd9Sstevel@tonic-gate retcode = stop_services(STATE_SAVE);
9147c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
9157c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
916e1dd0a2fSth gettext("Errors stopping network services.\n"), stderr);
9177c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
9187c478bd9Sstevel@tonic-gate }
9197c478bd9Sstevel@tonic-gate
9207c478bd9Sstevel@tonic-gate /* Save orig versions of files */
9217c478bd9Sstevel@tonic-gate retcode = file_backup();
9227c478bd9Sstevel@tonic-gate if (retcode == CLIENT_ERR_RESTORE) {
9237c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
924e1dd0a2fSth gettext("System not in state to enable ldap client.\n"),
925e1dd0a2fSth stderr);
9267c478bd9Sstevel@tonic-gate
9277c478bd9Sstevel@tonic-gate reset_ret = start_services(START_RESET);
9287c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
9297c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
930e1dd0a2fSth "starting services during reset\n"),
931e1dd0a2fSth reset_ret);
9327c478bd9Sstevel@tonic-gate }
9337c478bd9Sstevel@tonic-gate return (retcode);
9347c478bd9Sstevel@tonic-gate } else if (retcode != CLIENT_SUCCESS) {
9357c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
936e1dd0a2fSth gettext("Save of system configuration failed! "
937e1dd0a2fSth "Attempting recovery.\n"),
938e1dd0a2fSth stderr);
9397c478bd9Sstevel@tonic-gate retcode = recover(STATE_NOSAVE);
9407c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
9417c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
942e1dd0a2fSth gettext("Recovery of systems configuration "
943e1dd0a2fSth "failed. Manual intervention of "
944e1dd0a2fSth "config files is required.\n"),
945e1dd0a2fSth stderr);
9467c478bd9Sstevel@tonic-gate return (retcode);
9477c478bd9Sstevel@tonic-gate }
9487c478bd9Sstevel@tonic-gate
9497c478bd9Sstevel@tonic-gate reset_ret = start_services(START_RESET);
9507c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
9517c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
952e1dd0a2fSth "starting services during reset\n"),
953e1dd0a2fSth reset_ret);
9547c478bd9Sstevel@tonic-gate }
9557c478bd9Sstevel@tonic-gate
9567c478bd9Sstevel@tonic-gate return (retcode);
9577c478bd9Sstevel@tonic-gate }
9587c478bd9Sstevel@tonic-gate
9597c478bd9Sstevel@tonic-gate /* Dump new files */
9607c478bd9Sstevel@tonic-gate errorp = __ns_ldap_DumpConfiguration(NSCONFIGFILE);
9617c478bd9Sstevel@tonic-gate if (errorp != NULL) {
9627c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
963e1dd0a2fSth gettext("%s manual: errorp is not NULL; %s\n"),
964e1dd0a2fSth cmd, errorp->message);
9657c478bd9Sstevel@tonic-gate retcode = recover(STATE_NOSAVE);
9667c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
9677c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
968e1dd0a2fSth gettext("Recovery of systems configuration "
969e1dd0a2fSth "failed. Manual intervention of "
970e1dd0a2fSth "config files is required.\n"),
971e1dd0a2fSth stderr);
9727c478bd9Sstevel@tonic-gate return (retcode);
9737c478bd9Sstevel@tonic-gate }
9747c478bd9Sstevel@tonic-gate reset_ret = start_services(START_RESET);
9757c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
9767c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
977e1dd0a2fSth "starting services during reset\n"),
978e1dd0a2fSth reset_ret);
9797c478bd9Sstevel@tonic-gate }
9807c478bd9Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp);
9817c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
9827c478bd9Sstevel@tonic-gate }
9837c478bd9Sstevel@tonic-gate
9847c478bd9Sstevel@tonic-gate /* if (credargs(arglist)) */
9857c478bd9Sstevel@tonic-gate errorp = __ns_ldap_DumpConfiguration(NSCREDFILE);
9867c478bd9Sstevel@tonic-gate if (errorp != NULL) {
9877c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
988e1dd0a2fSth gettext("%s init: errorp is not NULL; %s\n"),
989e1dd0a2fSth cmd, errorp->message);
9907c478bd9Sstevel@tonic-gate retcode = recover(STATE_NOSAVE);
9917c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
9927c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
993e1dd0a2fSth gettext("Recovery of systems configuration "
994e1dd0a2fSth "failed. Manual intervention of "
995e1dd0a2fSth "config files is required.\n"),
996e1dd0a2fSth stderr);
9977c478bd9Sstevel@tonic-gate return (retcode);
9987c478bd9Sstevel@tonic-gate }
9997c478bd9Sstevel@tonic-gate reset_ret = start_services(START_RESET);
10007c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
10017c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
1002e1dd0a2fSth "starting services during reset\n"),
1003e1dd0a2fSth reset_ret);
10047c478bd9Sstevel@tonic-gate }
10057c478bd9Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp);
10067c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
10077c478bd9Sstevel@tonic-gate }
10087c478bd9Sstevel@tonic-gate
10097c478bd9Sstevel@tonic-gate ret_copy = system(CMD_CP " " NSSWITCH_LDAP " " NSSWITCH_CONF);
10107c478bd9Sstevel@tonic-gate if (ret_copy != 0) {
10117c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
1012e1dd0a2fSth gettext("Error %d copying (%s) -> (%s)\n"),
1013e1dd0a2fSth ret_copy, NSSWITCH_LDAP, NSSWITCH_CONF);
10147c478bd9Sstevel@tonic-gate retcode = recover(STATE_NOSAVE);
10157c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
10167c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1017e1dd0a2fSth gettext("Recovery of systems configuration "
1018e1dd0a2fSth "failed. Manual intervention of "
1019e1dd0a2fSth "config files is required.\n"),
1020e1dd0a2fSth stderr);
10217c478bd9Sstevel@tonic-gate }
10227c478bd9Sstevel@tonic-gate reset_ret = start_services(START_RESET);
10237c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
10247c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
1025e1dd0a2fSth "starting services during reset\n"),
1026e1dd0a2fSth reset_ret);
10277c478bd9Sstevel@tonic-gate }
10287c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
10297c478bd9Sstevel@tonic-gate }
10307c478bd9Sstevel@tonic-gate
10317c478bd9Sstevel@tonic-gate if ((domain_fp = open(DOMAINNAME, O_WRONLY|O_CREAT|O_TRUNC,
1032e1dd0a2fSth S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)) == -1) { /* 0644 */
10337c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Cannot open %s\n"), DOMAINNAME);
10347c478bd9Sstevel@tonic-gate retcode = recover(STATE_NOSAVE);
10357c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
10367c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1037e1dd0a2fSth gettext("Recovery of systems configuration "
1038e1dd0a2fSth "failed. Manual intervention of "
1039e1dd0a2fSth "config files is required.\n"),
1040e1dd0a2fSth stderr);
10417c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
10427c478bd9Sstevel@tonic-gate }
10437c478bd9Sstevel@tonic-gate reset_ret = start_services(START_RESET);
10447c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
10457c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
1046e1dd0a2fSth "starting services during reset\n"),
1047e1dd0a2fSth reset_ret);
10487c478bd9Sstevel@tonic-gate }
10497c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
10507c478bd9Sstevel@tonic-gate }
10517c478bd9Sstevel@tonic-gate (void) write(domain_fp, dname, strlen(dname));
10527c478bd9Sstevel@tonic-gate (void) write(domain_fp, "\n", 1);
10537c478bd9Sstevel@tonic-gate (void) close(domain_fp);
10547c478bd9Sstevel@tonic-gate
10557c478bd9Sstevel@tonic-gate retcode = start_services(START_INIT);
10567c478bd9Sstevel@tonic-gate
10577c478bd9Sstevel@tonic-gate if (retcode == CLIENT_SUCCESS) {
10587c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("System successfully configured\n"),
1059e1dd0a2fSth stderr);
10607c478bd9Sstevel@tonic-gate } else {
10617c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error resetting system.\n"
1062e1dd0a2fSth "Recovering old system settings.\n"), stderr),
10637c478bd9Sstevel@tonic-gate
1064e1dd0a2fSth /* stop any started services for recover */
1065e1dd0a2fSth /* don't stomp on history of saved services state */
1066e1dd0a2fSth reset_ret = stop_services(STATE_NOSAVE);
10677c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
10687c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
1069e1dd0a2fSth "stopping services during reset\n"),
1070e1dd0a2fSth reset_ret);
10717c478bd9Sstevel@tonic-gate /* Coninue and try to recover what we can */
10727c478bd9Sstevel@tonic-gate }
10737c478bd9Sstevel@tonic-gate reset_ret = recover(STATE_NOSAVE);
10747c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
10757c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
1076e1dd0a2fSth "recovering service files during "
1077e1dd0a2fSth "reset\n"), reset_ret);
10787c478bd9Sstevel@tonic-gate /* Continue and start what we can */
10797c478bd9Sstevel@tonic-gate }
10807c478bd9Sstevel@tonic-gate reset_ret = start_services(START_RESET);
10817c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
10827c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
1083e1dd0a2fSth "starting services during reset\n"),
1084e1dd0a2fSth reset_ret);
10857c478bd9Sstevel@tonic-gate }
10867c478bd9Sstevel@tonic-gate }
10877c478bd9Sstevel@tonic-gate
10887c478bd9Sstevel@tonic-gate return (retcode);
10897c478bd9Sstevel@tonic-gate }
10907c478bd9Sstevel@tonic-gate
10917c478bd9Sstevel@tonic-gate static int
client_mod(clientopts_t * arglist)10927c478bd9Sstevel@tonic-gate client_mod(clientopts_t *arglist)
10937c478bd9Sstevel@tonic-gate {
10947c478bd9Sstevel@tonic-gate int counter;
10957c478bd9Sstevel@tonic-gate int domain_fp;
10967c478bd9Sstevel@tonic-gate ns_ldap_error_t *errorp;
10977c478bd9Sstevel@tonic-gate int reset_ret;
10987c478bd9Sstevel@tonic-gate int retcode = CLIENT_SUCCESS;
10997c478bd9Sstevel@tonic-gate
11007c478bd9Sstevel@tonic-gate __ns_ldap_setServer(TRUE); /* Need this for _ns_setParam() */
11017c478bd9Sstevel@tonic-gate if ((errorp = __ns_ldap_LoadConfiguration()) != NULL) {
11027c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Cannot get load configuration\n"),
1103e1dd0a2fSth stderr);
11047c478bd9Sstevel@tonic-gate CLIENT_FPUTS(errorp->message, stderr);
11057c478bd9Sstevel@tonic-gate CLIENT_FPUTC('\n', stderr);
11067c478bd9Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp);
11077c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
11087c478bd9Sstevel@tonic-gate }
11097c478bd9Sstevel@tonic-gate
11107c478bd9Sstevel@tonic-gate if (arglist->profileTTL != NULL) {
11117c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1112e1dd0a2fSth gettext("Mod aborted: profileTTL modification is "
1113e1dd0a2fSth "not allowed in mod mode.\n"),
1114e1dd0a2fSth stderr);
11157c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
11167c478bd9Sstevel@tonic-gate }
11177c478bd9Sstevel@tonic-gate
11187c478bd9Sstevel@tonic-gate if (arglist->profileName != NULL) {
11197c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1120e1dd0a2fSth gettext("Mod aborted: profileName modification is "
1121e1dd0a2fSth "not allowed. If you want to use profiles "
1122e1dd0a2fSth "generate one with genProfile and load it "
1123e1dd0a2fSth "on the server with ldapadd.\n"),
1124e1dd0a2fSth stderr);
11257c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
11267c478bd9Sstevel@tonic-gate }
11277c478bd9Sstevel@tonic-gate
1128e1dd0a2fSth LDAP_CHECK_INVALID(arglist->bindDN, "bind DN");
1129e1dd0a2fSth LDAP_CHECK_INVALID(arglist->bindPasswd, "bind password");
11307c478bd9Sstevel@tonic-gate
11317c478bd9Sstevel@tonic-gate /* Set additional valid params from command line */
11327c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->authenticationMethod, NS_LDAP_AUTH_P);
11337c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->defaultSearchBase, NS_LDAP_SEARCH_BASEDN_P);
11347c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->credentialLevel, NS_LDAP_CREDENTIAL_LEVEL_P);
11357c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->proxyDN, NS_LDAP_BINDDN_P);
1136dd1104fbSMichen Chang LDAP_SET_PARAM(arglist->adminDN, NS_LDAP_ADMIN_BINDDN_P);
11377c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->profileTTL, NS_LDAP_CACHETTL_P);
11387c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->searchTimeLimit, NS_LDAP_SEARCH_TIME_P);
11397c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->preferredServerList, NS_LDAP_SERVER_PREF_P);
11407c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->profileName, NS_LDAP_PROFILE_P);
11417c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->followReferrals, NS_LDAP_SEARCH_REF_P);
11427c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->defaultSearchScope, NS_LDAP_SEARCH_SCOPE_P);
11437c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->bindTimeLimit, NS_LDAP_BIND_TIME_P);
11447c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->proxyPassword, NS_LDAP_BINDPASSWD_P);
1145dd1104fbSMichen Chang LDAP_SET_PARAM(arglist->adminPassword, NS_LDAP_ADMIN_BINDPASSWD_P);
11467c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->defaultServerList, NS_LDAP_SERVERS_P);
1147dd1104fbSMichen Chang LDAP_SET_PARAM(arglist->enableShadowUpdate,
1148dd1104fbSMichen Chang NS_LDAP_ENABLE_SHADOW_UPDATE_P);
11497c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->certificatePath, NS_LDAP_HOST_CERTPATH_P);
11507c478bd9Sstevel@tonic-gate
11517c478bd9Sstevel@tonic-gate for (counter = 0;
1152e1dd0a2fSth counter < arglist->serviceAuthenticationMethod->count;
1153e1dd0a2fSth counter++) {
11547c478bd9Sstevel@tonic-gate
11557c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(
1156e1dd0a2fSth arglist->serviceAuthenticationMethod->optlist[counter],
1157e1dd0a2fSth NS_LDAP_SERVICE_AUTH_METHOD_P);
11587c478bd9Sstevel@tonic-gate }
11597c478bd9Sstevel@tonic-gate for (counter = 0;
1160e1dd0a2fSth counter < arglist->serviceCredentialLevel->count;
1161e1dd0a2fSth counter++) {
11627c478bd9Sstevel@tonic-gate
11637c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(
1164e1dd0a2fSth arglist->serviceCredentialLevel->optlist[counter],
1165e1dd0a2fSth NS_LDAP_SERVICE_CRED_LEVEL_P);
11667c478bd9Sstevel@tonic-gate }
11677c478bd9Sstevel@tonic-gate for (counter = 0;
1168e1dd0a2fSth counter < arglist->objectclassMap->count;
1169e1dd0a2fSth counter++) {
11707c478bd9Sstevel@tonic-gate
11717c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(
1172e1dd0a2fSth arglist->objectclassMap->optlist[counter],
1173e1dd0a2fSth NS_LDAP_OBJECTCLASSMAP_P);
11747c478bd9Sstevel@tonic-gate }
11757c478bd9Sstevel@tonic-gate for (counter = 0;
1176e1dd0a2fSth counter < arglist->attributeMap->count;
1177e1dd0a2fSth counter++) {
11787c478bd9Sstevel@tonic-gate
11797c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(
1180e1dd0a2fSth arglist->attributeMap->optlist[counter],
1181e1dd0a2fSth NS_LDAP_ATTRIBUTEMAP_P);
11827c478bd9Sstevel@tonic-gate }
11837c478bd9Sstevel@tonic-gate for (counter = 0;
1184e1dd0a2fSth counter < arglist->serviceSearchDescriptor->count;
1185e1dd0a2fSth counter++) {
11867c478bd9Sstevel@tonic-gate
11877c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(
1188e1dd0a2fSth arglist->serviceSearchDescriptor->optlist[counter],
1189e1dd0a2fSth NS_LDAP_SERVICE_SEARCH_DESC_P);
11907c478bd9Sstevel@tonic-gate }
11917c478bd9Sstevel@tonic-gate
11927c478bd9Sstevel@tonic-gate retcode = credCheck(arglist);
1193dd1104fbSMichen Chang if (retcode == CLIENT_SUCCESS)
1194dd1104fbSMichen Chang retcode = adminCredCheck(arglist);
11957c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
11967c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1197e1dd0a2fSth gettext("Error in setting up credentials\n"),
1198e1dd0a2fSth stderr);
11997c478bd9Sstevel@tonic-gate return (retcode);
12007c478bd9Sstevel@tonic-gate }
12017c478bd9Sstevel@tonic-gate
12027c478bd9Sstevel@tonic-gate if (mode_verbose)
12037c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1204e1dd0a2fSth gettext("About to modify this machines configuration "
1205e1dd0a2fSth "by writing the files\n"),
1206e1dd0a2fSth stderr);
12077c478bd9Sstevel@tonic-gate
12087c478bd9Sstevel@tonic-gate /* get ready to start playing with files */
12097c478bd9Sstevel@tonic-gate retcode = stop_services(STATE_SAVE);
12107c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
12117c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1212e1dd0a2fSth gettext("Errors stopping network services.\n"), stderr);
12137c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
12147c478bd9Sstevel@tonic-gate }
12157c478bd9Sstevel@tonic-gate
12167c478bd9Sstevel@tonic-gate /* Temporarily save orig versions of files */
12177c478bd9Sstevel@tonic-gate retcode = mod_backup();
12187c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
12197c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1220e1dd0a2fSth gettext("Unable to backup the ldap client files!\n"),
1221e1dd0a2fSth stderr);
12227c478bd9Sstevel@tonic-gate
12237c478bd9Sstevel@tonic-gate return (retcode);
12247c478bd9Sstevel@tonic-gate
12257c478bd9Sstevel@tonic-gate }
12267c478bd9Sstevel@tonic-gate
12277c478bd9Sstevel@tonic-gate /* Dump new files */
12287c478bd9Sstevel@tonic-gate errorp = __ns_ldap_DumpConfiguration(NSCONFIGFILE);
12297c478bd9Sstevel@tonic-gate if (errorp != NULL) {
12307c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
1231e1dd0a2fSth gettext("%s mod: errorp is not NULL; %s\n"),
1232e1dd0a2fSth cmd, errorp->message);
12337c478bd9Sstevel@tonic-gate retcode = mod_recover();
12347c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
12357c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1236e1dd0a2fSth gettext("Recovery of systems configuration "
1237e1dd0a2fSth "failed. Manual intervention of "
1238e1dd0a2fSth "config files is required.\n"),
1239e1dd0a2fSth stderr);
12407c478bd9Sstevel@tonic-gate }
12417c478bd9Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp);
12427c478bd9Sstevel@tonic-gate reset_ret = start_services(START_RESET);
12437c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
12447c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
1245e1dd0a2fSth "starting services during reset\n"),
1246e1dd0a2fSth reset_ret);
12477c478bd9Sstevel@tonic-gate }
12487c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
12497c478bd9Sstevel@tonic-gate }
12507c478bd9Sstevel@tonic-gate
12517c478bd9Sstevel@tonic-gate /* if (credargs(arglist)) */
12527c478bd9Sstevel@tonic-gate errorp = __ns_ldap_DumpConfiguration(NSCREDFILE);
12537c478bd9Sstevel@tonic-gate if (errorp != NULL) {
12547c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
1255e1dd0a2fSth gettext("%s mod: errorp is not NULL; %s\n"),
1256e1dd0a2fSth cmd, errorp->message);
12577c478bd9Sstevel@tonic-gate retcode = mod_recover();
12587c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
12597c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1260e1dd0a2fSth gettext("Recovery of systems configuration "
1261e1dd0a2fSth "failed. Manual intervention of "
1262e1dd0a2fSth "config files is required.\n"),
1263e1dd0a2fSth stderr);
12647c478bd9Sstevel@tonic-gate }
12657c478bd9Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp);
12667c478bd9Sstevel@tonic-gate reset_ret = start_services(START_RESET);
12677c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
12687c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
1269e1dd0a2fSth "starting services during reset\n"),
1270e1dd0a2fSth reset_ret);
12717c478bd9Sstevel@tonic-gate }
12727c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
12737c478bd9Sstevel@tonic-gate }
12747c478bd9Sstevel@tonic-gate
12757c478bd9Sstevel@tonic-gate if ((domain_fp = open(DOMAINNAME, O_WRONLY|O_CREAT|O_TRUNC,
1276e1dd0a2fSth S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)) == -1) { /* 0644 */
12777c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Cannot open %s\n"), DOMAINNAME);
12787c478bd9Sstevel@tonic-gate retcode = mod_recover();
12797c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
12807c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1281e1dd0a2fSth gettext("Recovery of systems configuration "
1282e1dd0a2fSth "failed! Machine needs to be "
1283e1dd0a2fSth "fixed!\n"),
1284e1dd0a2fSth stderr);
12857c478bd9Sstevel@tonic-gate }
12867c478bd9Sstevel@tonic-gate reset_ret = start_services(START_RESET);
12877c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
12887c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
1289e1dd0a2fSth "starting services during reset\n"),
1290e1dd0a2fSth reset_ret);
12917c478bd9Sstevel@tonic-gate }
12927c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
12937c478bd9Sstevel@tonic-gate }
12947c478bd9Sstevel@tonic-gate (void) write(domain_fp, dname, strlen(dname));
12957c478bd9Sstevel@tonic-gate (void) write(domain_fp, "\n", 1);
12967c478bd9Sstevel@tonic-gate (void) close(domain_fp);
12977c478bd9Sstevel@tonic-gate
12987c478bd9Sstevel@tonic-gate retcode = start_services(START_INIT);
12997c478bd9Sstevel@tonic-gate
13007c478bd9Sstevel@tonic-gate if (retcode == CLIENT_SUCCESS) {
13017c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("System successfully configured\n"),
1302e1dd0a2fSth stderr);
13037c478bd9Sstevel@tonic-gate } else {
13047c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error resetting system.\n"
1305e1dd0a2fSth "Recovering old system settings.\n"), stderr),
13067c478bd9Sstevel@tonic-gate
1307e1dd0a2fSth /* stop any started services for recover */
1308e1dd0a2fSth /* don't stomp on history of saved services state */
1309e1dd0a2fSth reset_ret = stop_services(STATE_NOSAVE);
13107c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
13117c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
1312e1dd0a2fSth "stopping services during reset\n"),
1313e1dd0a2fSth reset_ret);
13147c478bd9Sstevel@tonic-gate /* Coninue and try to recover what we can */
13157c478bd9Sstevel@tonic-gate }
13167c478bd9Sstevel@tonic-gate reset_ret = mod_recover();
13177c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
13187c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
1319e1dd0a2fSth "recovering service files during "
1320e1dd0a2fSth "reset\n"), reset_ret);
13217c478bd9Sstevel@tonic-gate /* Continue and start what we can */
13227c478bd9Sstevel@tonic-gate }
13237c478bd9Sstevel@tonic-gate reset_ret = start_services(START_RESET);
13247c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
13257c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
1326e1dd0a2fSth "starting services during reset\n"),
1327e1dd0a2fSth reset_ret);
13287c478bd9Sstevel@tonic-gate }
13297c478bd9Sstevel@tonic-gate }
13307c478bd9Sstevel@tonic-gate
13317c478bd9Sstevel@tonic-gate /* Cleanup temporary files created by mod_backup() */
13327c478bd9Sstevel@tonic-gate mod_cleanup();
13337c478bd9Sstevel@tonic-gate
13347c478bd9Sstevel@tonic-gate return (retcode);
13357c478bd9Sstevel@tonic-gate }
13367c478bd9Sstevel@tonic-gate
13377c478bd9Sstevel@tonic-gate
13387c478bd9Sstevel@tonic-gate static int
client_genProfile(clientopts_t * arglist)13397c478bd9Sstevel@tonic-gate client_genProfile(clientopts_t *arglist)
13407c478bd9Sstevel@tonic-gate {
13417c478bd9Sstevel@tonic-gate int counter;
13427c478bd9Sstevel@tonic-gate int retcode; /* required for LDAP_SET_PARAM macro */
13437c478bd9Sstevel@tonic-gate ns_ldap_error_t *errorp;
13447c478bd9Sstevel@tonic-gate
13457c478bd9Sstevel@tonic-gate if (mode_verbose)
13467c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("About to generate a profile\n"), stderr);
13477c478bd9Sstevel@tonic-gate
13487c478bd9Sstevel@tonic-gate /* *** Check for invalid args *** */
13497c478bd9Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->proxyDN, "proxyDN");
13507c478bd9Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->proxyPassword, "proxyPassword");
1351dd1104fbSMichen Chang LDAP_CHECK_INVALID(arglist->enableShadowUpdate,
1352dd1104fbSMichen Chang "enableShadowUpdate");
1353dd1104fbSMichen Chang LDAP_CHECK_INVALID(arglist->adminDN, "adminDN");
1354dd1104fbSMichen Chang LDAP_CHECK_INVALID(arglist->adminPassword, "adminPassword");
13557c478bd9Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->certificatePath, "certificatePath");
13567c478bd9Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->domainName, "domainName");
1357e1dd0a2fSth LDAP_CHECK_INVALID(arglist->bindDN, "bind DN");
1358e1dd0a2fSth LDAP_CHECK_INVALID(arglist->bindPasswd, "bind password");
13597c478bd9Sstevel@tonic-gate /* *** End check for invalid args *** */
13607c478bd9Sstevel@tonic-gate
13617c478bd9Sstevel@tonic-gate if (arglist->profileName == NULL) {
13627c478bd9Sstevel@tonic-gate if (mode_verbose)
13637c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1364e1dd0a2fSth gettext("No profile specified. "
1365e1dd0a2fSth "Using \"default\"\n"),
1366e1dd0a2fSth stderr);
13677c478bd9Sstevel@tonic-gate arglist->profileName = "default";
13687c478bd9Sstevel@tonic-gate }
13697c478bd9Sstevel@tonic-gate
13707c478bd9Sstevel@tonic-gate __ns_ldap_setServer(TRUE);
13717c478bd9Sstevel@tonic-gate __ns_ldap_default_config();
13727c478bd9Sstevel@tonic-gate
13737c478bd9Sstevel@tonic-gate /* Set version to latest (not version 1) */
13747c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(NS_LDAP_VERSION, NS_LDAP_FILE_VERSION_P);
13757c478bd9Sstevel@tonic-gate
13767c478bd9Sstevel@tonic-gate /* Set additional valid params from command line */
13777c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->authenticationMethod, NS_LDAP_AUTH_P);
13787c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->defaultSearchBase, NS_LDAP_SEARCH_BASEDN_P);
13797c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->credentialLevel, NS_LDAP_CREDENTIAL_LEVEL_P);
13807c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->profileTTL, NS_LDAP_CACHETTL_P);
13817c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->searchTimeLimit, NS_LDAP_SEARCH_TIME_P);
13827c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->preferredServerList, NS_LDAP_SERVER_PREF_P);
13837c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->profileName, NS_LDAP_PROFILE_P);
13847c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->followReferrals, NS_LDAP_SEARCH_REF_P);
13857c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->defaultSearchScope, NS_LDAP_SEARCH_SCOPE_P);
13867c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->bindTimeLimit, NS_LDAP_BIND_TIME_P);
13877c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->defaultServerList, NS_LDAP_SERVERS_P);
13887c478bd9Sstevel@tonic-gate
13897c478bd9Sstevel@tonic-gate for (counter = 0;
1390e1dd0a2fSth counter < arglist->serviceAuthenticationMethod->count;
1391e1dd0a2fSth counter++) {
13927c478bd9Sstevel@tonic-gate
13937c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(
1394e1dd0a2fSth arglist->serviceAuthenticationMethod->optlist[counter],
1395e1dd0a2fSth NS_LDAP_SERVICE_AUTH_METHOD_P);
13967c478bd9Sstevel@tonic-gate }
13977c478bd9Sstevel@tonic-gate for (counter = 0;
1398e1dd0a2fSth counter < arglist->serviceCredentialLevel->count;
1399e1dd0a2fSth counter++) {
14007c478bd9Sstevel@tonic-gate
14017c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(
1402e1dd0a2fSth arglist->serviceCredentialLevel->optlist[counter],
1403e1dd0a2fSth NS_LDAP_SERVICE_CRED_LEVEL_P);
14047c478bd9Sstevel@tonic-gate }
14057c478bd9Sstevel@tonic-gate for (counter = 0;
1406e1dd0a2fSth counter < arglist->objectclassMap->count;
1407e1dd0a2fSth counter++) {
14087c478bd9Sstevel@tonic-gate
14097c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(
1410e1dd0a2fSth arglist->objectclassMap->optlist[counter],
1411e1dd0a2fSth NS_LDAP_OBJECTCLASSMAP_P);
14127c478bd9Sstevel@tonic-gate }
14137c478bd9Sstevel@tonic-gate for (counter = 0;
1414e1dd0a2fSth counter < arglist->attributeMap->count;
1415e1dd0a2fSth counter++) {
14167c478bd9Sstevel@tonic-gate
14177c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(
1418e1dd0a2fSth arglist->attributeMap->optlist[counter],
1419e1dd0a2fSth NS_LDAP_ATTRIBUTEMAP_P);
14207c478bd9Sstevel@tonic-gate }
14217c478bd9Sstevel@tonic-gate for (counter = 0;
1422e1dd0a2fSth counter < arglist->serviceSearchDescriptor->count;
1423e1dd0a2fSth counter++) {
14247c478bd9Sstevel@tonic-gate
14257c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(
1426e1dd0a2fSth arglist->serviceSearchDescriptor->optlist[counter],
1427e1dd0a2fSth NS_LDAP_SERVICE_SEARCH_DESC_P);
14287c478bd9Sstevel@tonic-gate }
14297c478bd9Sstevel@tonic-gate
14307c478bd9Sstevel@tonic-gate errorp = __ns_ldap_DumpLdif(NULL);
14317c478bd9Sstevel@tonic-gate if (errorp != NULL) {
14327c478bd9Sstevel@tonic-gate CLIENT_FPUTS(errorp->message, stderr);
14337c478bd9Sstevel@tonic-gate CLIENT_FPUTC('\n', stderr);
14347c478bd9Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp);
14357c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
14367c478bd9Sstevel@tonic-gate }
14377c478bd9Sstevel@tonic-gate
14387c478bd9Sstevel@tonic-gate return (CLIENT_SUCCESS);
14397c478bd9Sstevel@tonic-gate }
14407c478bd9Sstevel@tonic-gate
1441e1dd0a2fSth /* INET6_ADDRSTRLEN + ":" + <5-digit port> + some round-up */
1442e1dd0a2fSth #define MAX_HOSTADDR_LEN (INET6_ADDRSTRLEN + 6 + 12)
1443e1dd0a2fSth
14447c478bd9Sstevel@tonic-gate static int
client_init(clientopts_t * arglist)14457c478bd9Sstevel@tonic-gate client_init(clientopts_t *arglist)
14467c478bd9Sstevel@tonic-gate {
1447e1dd0a2fSth int profile_fp;
1448e1dd0a2fSth int retcode = CLIENT_SUCCESS;
1449e1dd0a2fSth ns_ldap_error_t *errorp;
1450e1dd0a2fSth int reset_ret;
1451e1dd0a2fSth int ret_copy;
1452e1dd0a2fSth ns_standalone_conf_t cfg = standaloneDefaults;
1453e1dd0a2fSth ns_auth_t auth = {NS_LDAP_AUTH_NONE,
1454e1dd0a2fSth NS_LDAP_TLS_NONE,
1455e1dd0a2fSth NS_LDAP_SASL_NONE,
1456e1dd0a2fSth NS_LDAP_SASLOPT_NONE};
1457e1dd0a2fSth char peer[MAX_HOSTADDR_LEN];
1458e1dd0a2fSth ns_auth_t **authMethod;
1459e1dd0a2fSth int **credLevel, i;
1460e1dd0a2fSth char *cred;
14617c478bd9Sstevel@tonic-gate
14627c478bd9Sstevel@tonic-gate if (mode_verbose)
14637c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1464e1dd0a2fSth gettext("About to configure machine by downloading "
1465e1dd0a2fSth "a profile\n"),
1466e1dd0a2fSth stderr);
14677c478bd9Sstevel@tonic-gate
14687c478bd9Sstevel@tonic-gate if (dname == NULL) {
14697c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1470e1dd0a2fSth gettext("Init failed: System domain not set and "
1471e1dd0a2fSth "no domainName specified.\n"),
1472e1dd0a2fSth stderr);
14737c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
14747c478bd9Sstevel@tonic-gate }
14757c478bd9Sstevel@tonic-gate
14767c478bd9Sstevel@tonic-gate if (!arglist->defaultServerList) {
14777c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Missing LDAP server address\n"), stderr);
14787c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
14797c478bd9Sstevel@tonic-gate }
14807c478bd9Sstevel@tonic-gate
14817c478bd9Sstevel@tonic-gate /* *** Check for invalid args *** */
14827c478bd9Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->defaultSearchBase,
1483e1dd0a2fSth "defaultSearchBase");
14847c478bd9Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->profileTTL,
1485e1dd0a2fSth "profileTTL");
14867c478bd9Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->searchTimeLimit,
1487e1dd0a2fSth "searchTimeLimit");
14887c478bd9Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->preferredServerList,
1489e1dd0a2fSth "preferredServerList");
14907c478bd9Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->followReferrals,
1491e1dd0a2fSth "followReferrals");
14927c478bd9Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->defaultSearchScope,
1493e1dd0a2fSth "defaultSearchScope");
14947c478bd9Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->bindTimeLimit,
1495e1dd0a2fSth "bindTimeLimit");
14967c478bd9Sstevel@tonic-gate
14977c478bd9Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->objectclassMap->count,
1498e1dd0a2fSth "objectclassMap");
14997c478bd9Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->attributeMap->count,
1500e1dd0a2fSth "attributeMap");
15017c478bd9Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->serviceAuthenticationMethod->count,
1502e1dd0a2fSth "serviceAuthenticationMethod");
15037c478bd9Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->serviceCredentialLevel->count,
1504e1dd0a2fSth "serviceCredentialLevel");
15057c478bd9Sstevel@tonic-gate LDAP_CHECK_INVALID(arglist->serviceSearchDescriptor->count,
1506e1dd0a2fSth "serviceSearchDescriptor");
15077c478bd9Sstevel@tonic-gate /* *** End check for invalid args *** */
15087c478bd9Sstevel@tonic-gate
15097c478bd9Sstevel@tonic-gate if (arglist->profileName == NULL) {
15107c478bd9Sstevel@tonic-gate if (mode_verbose)
15117c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1512e1dd0a2fSth gettext("No profile specified. "
1513e1dd0a2fSth "Using \"default\"\n"),
1514e1dd0a2fSth stderr);
15157c478bd9Sstevel@tonic-gate arglist->profileName = "default";
15167c478bd9Sstevel@tonic-gate }
15177c478bd9Sstevel@tonic-gate
1518e1dd0a2fSth (void) strncpy(peer, arglist->defaultServerList, MAX_HOSTADDR_LEN - 1);
1519e1dd0a2fSth if (separatePort(peer, &cfg.SA_SERVER, &cfg.SA_PORT) > 0) {
15207c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
15217c478bd9Sstevel@tonic-gate }
1522e1dd0a2fSth
1523e1dd0a2fSth if (arglist->bindDN != NULL) {
1524e1dd0a2fSth cfg.SA_CRED = "proxy";
1525e1dd0a2fSth /*
1526e1dd0a2fSth * We don't want to force users to always specify authentication
152748bbca81SDaniel Hoffman * method when we can infer it. If users want SSL, they would
1528e1dd0a2fSth * have to specify appropriate -a though.
1529e1dd0a2fSth */
1530e1dd0a2fSth auth.type = NS_LDAP_AUTH_SIMPLE;
1531e1dd0a2fSth if (arglist->bindPasswd == NULL) {
1532e1dd0a2fSth arglist->bindPasswd =
1533e1dd0a2fSth getpassphrase("Bind Password:");
1534e1dd0a2fSth if (arglist->bindPasswd == NULL) {
1535e1dd0a2fSth CLIENT_FPUTS(gettext("Get password failed\n"),
1536e1dd0a2fSth stderr);
1537e1dd0a2fSth
1538e1dd0a2fSth if (gStartLdap == START_RESET)
1539e1dd0a2fSth (void) start_service(LDAP_FMRI, B_TRUE);
1540e1dd0a2fSth
1541e1dd0a2fSth return (CLIENT_ERR_CREDENTIAL);
1542e1dd0a2fSth }
1543e1dd0a2fSth }
15447c478bd9Sstevel@tonic-gate }
1545e1dd0a2fSth cfg.SA_BIND_DN = arglist->bindDN;
1546e1dd0a2fSth cfg.SA_BIND_PWD = arglist->bindPasswd;
15477c478bd9Sstevel@tonic-gate
1548e1dd0a2fSth if (arglist->authenticationMethod != NULL) {
1549e1dd0a2fSth if (__ns_ldap_initAuth(arglist->authenticationMethod,
1550e1dd0a2fSth &auth, &errorp) != NS_LDAP_SUCCESS) {
1551e1dd0a2fSth if (errorp != NULL) {
1552e1dd0a2fSth CLIENT_FPRINTF(stderr, "%s", errorp->message);
1553e1dd0a2fSth (void) __ns_ldap_freeError(&errorp);
1554e1dd0a2fSth }
1555e1dd0a2fSth
1556e1dd0a2fSth if (gStartLdap == START_RESET)
1557e1dd0a2fSth (void) start_service(LDAP_FMRI, B_TRUE);
1558e1dd0a2fSth
1559e1dd0a2fSth return (CLIENT_ERR_FAIL);
1560e1dd0a2fSth }
1561e1dd0a2fSth cfg.SA_AUTH = &auth;
15627c478bd9Sstevel@tonic-gate }
1563e1dd0a2fSth cfg.SA_CRED = arglist->credentialLevel;
15647c478bd9Sstevel@tonic-gate
1565e1dd0a2fSth cfg.SA_DOMAIN = arglist->domainName;
1566e1dd0a2fSth cfg.SA_PROFILE_NAME = arglist->profileName;
1567e1dd0a2fSth cfg.SA_CERT_PATH = arglist->certificatePath;
1568e1dd0a2fSth
1569e1dd0a2fSth cfg.type = NS_LDAP_SERVER;
1570e1dd0a2fSth
1571e1dd0a2fSth if (__ns_ldap_initStandalone(&cfg, &errorp) != NS_LDAP_SUCCESS) {
15727c478bd9Sstevel@tonic-gate if (errorp != NULL) {
1573e1dd0a2fSth CLIENT_FPRINTF(stderr, "%s", errorp->message);
15747c478bd9Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp);
15757c478bd9Sstevel@tonic-gate }
15767c478bd9Sstevel@tonic-gate
15777c478bd9Sstevel@tonic-gate if (gStartLdap == START_RESET)
15787c478bd9Sstevel@tonic-gate (void) start_service(LDAP_FMRI, B_TRUE);
15797c478bd9Sstevel@tonic-gate
15807c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
15817c478bd9Sstevel@tonic-gate }
15827c478bd9Sstevel@tonic-gate
1583e1dd0a2fSth if (arglist->proxyDN != NULL && arglist->proxyPassword == NULL) {
1584e1dd0a2fSth arglist->proxyPassword = getpassphrase("Proxy Bind Password:");
1585e1dd0a2fSth if (arglist->proxyPassword == NULL) {
1586e1dd0a2fSth CLIENT_FPUTS(gettext("Get password failed\n"), stderr);
1587e1dd0a2fSth
1588e1dd0a2fSth if (gStartLdap == START_RESET)
1589e1dd0a2fSth (void) start_service(LDAP_FMRI, B_TRUE);
1590e1dd0a2fSth
1591e1dd0a2fSth return (CLIENT_ERR_CREDENTIAL);
1592e1dd0a2fSth }
15937c478bd9Sstevel@tonic-gate }
1594e1dd0a2fSth if (arglist->proxyDN != NULL && arglist->proxyPassword != NULL) {
1595e1dd0a2fSth if (__ns_ldap_setParam(NS_LDAP_BINDDN_P,
1596e1dd0a2fSth arglist->proxyDN, &errorp) != NS_LDAP_SUCCESS) {
1597e1dd0a2fSth if (errorp != NULL) {
1598e1dd0a2fSth CLIENT_FPRINTF(stderr, "%s", errorp->message);
1599e1dd0a2fSth (void) __ns_ldap_freeError(&errorp);
1600e1dd0a2fSth }
1601e1dd0a2fSth return (CLIENT_ERR_CREDENTIAL);
1602e1dd0a2fSth }
1603e1dd0a2fSth if (__ns_ldap_setParam(NS_LDAP_BINDPASSWD_P,
1604e1dd0a2fSth arglist->proxyPassword, &errorp) != NS_LDAP_SUCCESS) {
1605e1dd0a2fSth if (errorp != NULL) {
1606e1dd0a2fSth CLIENT_FPRINTF(stderr, "%s", errorp->message);
1607e1dd0a2fSth (void) __ns_ldap_freeError(&errorp);
1608e1dd0a2fSth }
1609e1dd0a2fSth return (CLIENT_ERR_CREDENTIAL);
1610e1dd0a2fSth }
1611e1dd0a2fSth }
1612e1dd0a2fSth
1613dd1104fbSMichen Chang if (arglist->enableShadowUpdate != NULL) {
1614dd1104fbSMichen Chang LDAP_SET_PARAM(arglist->enableShadowUpdate,
1615dd1104fbSMichen Chang NS_LDAP_ENABLE_SHADOW_UPDATE_P);
1616dd1104fbSMichen Chang }
1617dd1104fbSMichen Chang
1618dd1104fbSMichen Chang if (arglist->enableShadowUpdate &&
1619dd1104fbSMichen Chang strcasecmp(arglist->enableShadowUpdate, "TRUE") == 0 &&
1620dd1104fbSMichen Chang arglist->adminDN != NULL && arglist->adminPassword == NULL) {
1621dd1104fbSMichen Chang arglist->adminPassword = getpassphrase("admin Bind Password:");
1622dd1104fbSMichen Chang if (arglist->adminPassword == NULL) {
1623dd1104fbSMichen Chang CLIENT_FPUTS(gettext("Get password failed\n"), stderr);
1624dd1104fbSMichen Chang
1625dd1104fbSMichen Chang if (gStartLdap == START_RESET)
1626dd1104fbSMichen Chang (void) start_service(LDAP_FMRI, B_TRUE);
1627dd1104fbSMichen Chang
1628dd1104fbSMichen Chang return (CLIENT_ERR_CREDENTIAL);
1629dd1104fbSMichen Chang }
1630dd1104fbSMichen Chang }
1631dd1104fbSMichen Chang if (arglist->adminDN != NULL && arglist->adminPassword != NULL) {
1632dd1104fbSMichen Chang if (__ns_ldap_setParam(NS_LDAP_ADMIN_BINDDN_P,
1633dd1104fbSMichen Chang arglist->adminDN, &errorp) != NS_LDAP_SUCCESS) {
1634dd1104fbSMichen Chang if (errorp != NULL) {
1635dd1104fbSMichen Chang CLIENT_FPRINTF(stderr, "%s\n", errorp->message);
1636dd1104fbSMichen Chang (void) __ns_ldap_freeError(&errorp);
1637dd1104fbSMichen Chang }
1638dd1104fbSMichen Chang return (CLIENT_ERR_CREDENTIAL);
1639dd1104fbSMichen Chang }
1640dd1104fbSMichen Chang if (__ns_ldap_setParam(NS_LDAP_ADMIN_BINDPASSWD_P,
1641dd1104fbSMichen Chang arglist->adminPassword, &errorp) != NS_LDAP_SUCCESS) {
1642dd1104fbSMichen Chang if (errorp != NULL) {
1643dd1104fbSMichen Chang CLIENT_FPRINTF(stderr, "%s\n", errorp->message);
1644dd1104fbSMichen Chang (void) __ns_ldap_freeError(&errorp);
1645dd1104fbSMichen Chang }
1646dd1104fbSMichen Chang return (CLIENT_ERR_CREDENTIAL);
1647dd1104fbSMichen Chang }
1648dd1104fbSMichen Chang }
1649dd1104fbSMichen Chang
1650e1dd0a2fSth if (arglist->authenticationMethod != NULL) {
1651e1dd0a2fSth if (__ns_ldap_getParam(NS_LDAP_AUTH_P,
1652e1dd0a2fSth (void ***)&authMethod, &errorp) != NS_LDAP_SUCCESS) {
1653e1dd0a2fSth if (errorp != NULL) {
1654e1dd0a2fSth CLIENT_FPRINTF(stderr, "%s", errorp->message);
1655e1dd0a2fSth (void) __ns_ldap_freeError(&errorp);
1656e1dd0a2fSth }
1657e1dd0a2fSth return (CLIENT_ERR_CREDENTIAL);
1658e1dd0a2fSth }
1659e1dd0a2fSth
1660e1dd0a2fSth if (authMethod != NULL) {
1661e1dd0a2fSth for (i = 0; authMethod[i] != NULL; ++i) {
1662e1dd0a2fSth if (authMethod[i]->type == auth.type) {
1663e1dd0a2fSth break;
1664e1dd0a2fSth }
1665e1dd0a2fSth }
1666e1dd0a2fSth
1667e1dd0a2fSth if (authMethod[i] == NULL) {
1668e1dd0a2fSth CLIENT_FPRINTF(stderr, gettext(
1669e1dd0a2fSth "Warning: init authentication method "
1670e1dd0a2fSth "not found in DUAConfigProfile.\n"));
1671e1dd0a2fSth } else {
1672e1dd0a2fSth if (i != 0) {
1673e1dd0a2fSth CLIENT_FPRINTF(stderr,
1674e1dd0a2fSth gettext(
1675e1dd0a2fSth "Warning: init authentication"
1676e1dd0a2fSth "method using secondary "
1677e1dd0a2fSth "authentication method from "
1678e1dd0a2fSth "DUAConfigProfile.\n"));
1679e1dd0a2fSth }
1680e1dd0a2fSth }
1681e1dd0a2fSth (void) __ns_ldap_freeParam((void ***) &authMethod);
1682e1dd0a2fSth }
1683e1dd0a2fSth }
1684e1dd0a2fSth
1685e1dd0a2fSth if (arglist->credentialLevel != NULL) {
1686e1dd0a2fSth if (__ns_ldap_getParam(NS_LDAP_CREDENTIAL_LEVEL_P,
1687e1dd0a2fSth (void ***)&credLevel, &errorp) != NS_LDAP_SUCCESS) {
1688e1dd0a2fSth if (errorp != NULL) {
1689e1dd0a2fSth CLIENT_FPRINTF(stderr, "%s", errorp->message);
1690e1dd0a2fSth (void) __ns_ldap_freeError(&errorp);
1691e1dd0a2fSth }
1692e1dd0a2fSth return (CLIENT_ERR_CREDENTIAL);
1693e1dd0a2fSth }
1694e1dd0a2fSth if (credLevel != NULL) {
1695e1dd0a2fSth for (i = 0; credLevel[i] != NULL; ++i) {
1696e1dd0a2fSth switch (*credLevel[i]) {
1697e1dd0a2fSth case NS_LDAP_CRED_ANON :
1698e1dd0a2fSth cred = "none";
1699e1dd0a2fSth break;
1700e1dd0a2fSth case NS_LDAP_CRED_PROXY :
1701e1dd0a2fSth cred = "proxy";
1702e1dd0a2fSth break;
1703e1dd0a2fSth case NS_LDAP_CRED_SELF :
1704e1dd0a2fSth cred = "self";
1705e1dd0a2fSth break;
1706e1dd0a2fSth default:
1707e1dd0a2fSth continue;
1708e1dd0a2fSth }
1709e1dd0a2fSth if (strcmp(cred,
1710e1dd0a2fSth arglist->credentialLevel) == 0) {
1711e1dd0a2fSth break;
1712e1dd0a2fSth }
1713e1dd0a2fSth }
1714e1dd0a2fSth if (credLevel[i] == NULL) {
1715e1dd0a2fSth CLIENT_FPRINTF(stderr, gettext(
1716e1dd0a2fSth "Warning: init credential level not found "
1717e1dd0a2fSth "in DUAConfigProfile.\n"));
1718e1dd0a2fSth } else {
1719e1dd0a2fSth if (i != 0) {
1720e1dd0a2fSth CLIENT_FPRINTF(stderr,
1721e1dd0a2fSth gettext("Warning: "
1722e1dd0a2fSth "init credential level using "
1723e1dd0a2fSth "secondary credential level from "
1724e1dd0a2fSth "DUAConfigProfile.\n"));
1725e1dd0a2fSth }
1726e1dd0a2fSth }
1727e1dd0a2fSth (void) __ns_ldap_freeParam((void ***) &credLevel);
1728e1dd0a2fSth }
17297c478bd9Sstevel@tonic-gate }
17307c478bd9Sstevel@tonic-gate
17317c478bd9Sstevel@tonic-gate retcode = credCheck(arglist);
1732dd1104fbSMichen Chang if (retcode == CLIENT_SUCCESS)
1733dd1104fbSMichen Chang retcode = adminCredCheck(arglist);
17347c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
17357c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1736e1dd0a2fSth gettext("Error in setting up credentials\n"), stderr);
17377c478bd9Sstevel@tonic-gate
17387c478bd9Sstevel@tonic-gate if (gStartLdap == START_RESET)
17397c478bd9Sstevel@tonic-gate (void) start_service(LDAP_FMRI, B_TRUE);
17407c478bd9Sstevel@tonic-gate
17417c478bd9Sstevel@tonic-gate return (retcode);
17427c478bd9Sstevel@tonic-gate }
17437c478bd9Sstevel@tonic-gate
17447c478bd9Sstevel@tonic-gate if (mode_verbose)
17457c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1746e1dd0a2fSth gettext("About to modify this machines configuration "
1747e1dd0a2fSth "by writing the files\n"),
1748e1dd0a2fSth stderr);
17497c478bd9Sstevel@tonic-gate
17507c478bd9Sstevel@tonic-gate /* get ready to start playing with files */
17517c478bd9Sstevel@tonic-gate retcode = stop_services(STATE_SAVE);
17527c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
17537c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1754e1dd0a2fSth gettext("Errors stopping network services.\n"), stderr);
17557c478bd9Sstevel@tonic-gate
17567c478bd9Sstevel@tonic-gate if (gStartLdap == START_RESET)
17577c478bd9Sstevel@tonic-gate (void) start_service(LDAP_FMRI, B_TRUE);
17587c478bd9Sstevel@tonic-gate
17597c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
17607c478bd9Sstevel@tonic-gate }
17617c478bd9Sstevel@tonic-gate
17627c478bd9Sstevel@tonic-gate /* Save orig versions of files */
17637c478bd9Sstevel@tonic-gate retcode = file_backup();
17647c478bd9Sstevel@tonic-gate if (retcode == CLIENT_ERR_RESTORE) {
17657c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1766e1dd0a2fSth gettext("System not in state to enable ldap client.\n"),
1767e1dd0a2fSth stderr);
17687c478bd9Sstevel@tonic-gate
17697c478bd9Sstevel@tonic-gate return (retcode);
17707c478bd9Sstevel@tonic-gate
17717c478bd9Sstevel@tonic-gate } else if (retcode != CLIENT_SUCCESS) {
17727c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1773e1dd0a2fSth gettext("Save of system configuration failed. "
1774e1dd0a2fSth "Attempting recovery.\n"),
1775e1dd0a2fSth stderr);
17767c478bd9Sstevel@tonic-gate retcode = recover(STATE_NOSAVE);
17777c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
17787c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1779e1dd0a2fSth gettext("Recovery of systems configuration "
1780e1dd0a2fSth "failed. Manual intervention of "
1781e1dd0a2fSth "config files is required.\n"),
1782e1dd0a2fSth stderr);
17837c478bd9Sstevel@tonic-gate }
17847c478bd9Sstevel@tonic-gate
17857c478bd9Sstevel@tonic-gate reset_ret = start_services(START_RESET);
17867c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
17877c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
1788e1dd0a2fSth "starting services during reset\n"),
1789e1dd0a2fSth reset_ret);
17907c478bd9Sstevel@tonic-gate }
17917c478bd9Sstevel@tonic-gate
17927c478bd9Sstevel@tonic-gate return (retcode);
17937c478bd9Sstevel@tonic-gate }
17947c478bd9Sstevel@tonic-gate
17957c478bd9Sstevel@tonic-gate /* Dump new files */
17967c478bd9Sstevel@tonic-gate errorp = __ns_ldap_DumpConfiguration(NSCONFIGFILE);
17977c478bd9Sstevel@tonic-gate if (NULL != errorp) {
17987c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
1799e1dd0a2fSth gettext("%s init: errorp is not NULL; %s\n"),
1800e1dd0a2fSth cmd, errorp->message);
18017c478bd9Sstevel@tonic-gate retcode = recover(STATE_NOSAVE);
18027c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
18037c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1804e1dd0a2fSth gettext("Recovery of systems configuration "
1805e1dd0a2fSth "failed. Manual intervention of "
1806e1dd0a2fSth "config files is required.\n"),
1807e1dd0a2fSth stderr);
18087c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
18097c478bd9Sstevel@tonic-gate }
18107c478bd9Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp);
18117c478bd9Sstevel@tonic-gate reset_ret = start_services(START_RESET);
18127c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
18137c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
1814e1dd0a2fSth "starting services during reset\n"),
1815e1dd0a2fSth reset_ret);
18167c478bd9Sstevel@tonic-gate }
18177c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
18187c478bd9Sstevel@tonic-gate }
18197c478bd9Sstevel@tonic-gate
18207c478bd9Sstevel@tonic-gate /* if (credargs(arglist)) */
18217c478bd9Sstevel@tonic-gate errorp = __ns_ldap_DumpConfiguration(NSCREDFILE);
18227c478bd9Sstevel@tonic-gate if (NULL != errorp) {
18237c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
1824e1dd0a2fSth gettext("%s init: errorp is not NULL; %s\n"),
1825e1dd0a2fSth cmd, errorp->message);
18267c478bd9Sstevel@tonic-gate retcode = recover(STATE_NOSAVE);
18277c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
18287c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1829e1dd0a2fSth gettext("Recovery of systems configuration "
1830e1dd0a2fSth "failed. Manual intervention of "
1831e1dd0a2fSth "config files is required.\n"),
1832e1dd0a2fSth stderr);
18337c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
18347c478bd9Sstevel@tonic-gate }
18357c478bd9Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp);
18367c478bd9Sstevel@tonic-gate reset_ret = start_services(START_RESET);
18377c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
18387c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
1839e1dd0a2fSth "starting services during reset\n"),
1840e1dd0a2fSth reset_ret);
18417c478bd9Sstevel@tonic-gate }
18427c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
18437c478bd9Sstevel@tonic-gate }
18447c478bd9Sstevel@tonic-gate
18457c478bd9Sstevel@tonic-gate ret_copy = system(CMD_CP " " NSSWITCH_LDAP " " NSSWITCH_CONF);
18467c478bd9Sstevel@tonic-gate if (ret_copy != 0) {
18477c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
1848e1dd0a2fSth gettext("Error %d copying (%s) -> (%s)\n"),
1849e1dd0a2fSth ret_copy, NSSWITCH_LDAP, NSSWITCH_CONF);
18507c478bd9Sstevel@tonic-gate retcode = recover(STATE_NOSAVE);
18517c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
18527c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1853e1dd0a2fSth gettext("Recovery of systems configuration "
1854e1dd0a2fSth "failed. Manual intervention of "
1855e1dd0a2fSth "config files is required.\n"),
1856e1dd0a2fSth stderr);
18577c478bd9Sstevel@tonic-gate }
18587c478bd9Sstevel@tonic-gate reset_ret = start_services(START_RESET);
18597c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
18607c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
1861e1dd0a2fSth "starting services during reset\n"),
1862e1dd0a2fSth reset_ret);
18637c478bd9Sstevel@tonic-gate }
18647c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
18657c478bd9Sstevel@tonic-gate }
18667c478bd9Sstevel@tonic-gate
18677c478bd9Sstevel@tonic-gate if ((profile_fp = open(DOMAINNAME, O_WRONLY|O_CREAT|O_TRUNC,
1868e1dd0a2fSth S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)) == -1) { /* 0644 */
18697c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Cannot open %s\n"), DOMAINNAME);
18707c478bd9Sstevel@tonic-gate retcode = recover(STATE_NOSAVE);
18717c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
18727c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1873e1dd0a2fSth gettext("Recovery of systems configuration "
1874e1dd0a2fSth "failed. Manual intervention of "
1875e1dd0a2fSth "config files is required.\n"),
1876e1dd0a2fSth stderr);
18777c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
18787c478bd9Sstevel@tonic-gate }
18797c478bd9Sstevel@tonic-gate reset_ret = start_services(START_RESET);
18807c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
18817c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
1882e1dd0a2fSth "starting services during reset\n"),
1883e1dd0a2fSth reset_ret);
18847c478bd9Sstevel@tonic-gate }
18857c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
18867c478bd9Sstevel@tonic-gate }
18877c478bd9Sstevel@tonic-gate (void) write(profile_fp, dname, strlen(dname));
18887c478bd9Sstevel@tonic-gate (void) write(profile_fp, "\n", 1);
18897c478bd9Sstevel@tonic-gate (void) close(profile_fp);
18907c478bd9Sstevel@tonic-gate
18917c478bd9Sstevel@tonic-gate retcode = start_services(START_INIT);
18927c478bd9Sstevel@tonic-gate
18937c478bd9Sstevel@tonic-gate if (retcode == CLIENT_SUCCESS) {
18947c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("System successfully configured\n"),
1895e1dd0a2fSth stderr);
18967c478bd9Sstevel@tonic-gate } else {
18977c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error resetting system.\n"
1898e1dd0a2fSth "Recovering old system settings.\n"), stderr),
18997c478bd9Sstevel@tonic-gate
1900e1dd0a2fSth /* stop any started services for recover */
1901e1dd0a2fSth /* don't stomp on history of saved services state */
1902e1dd0a2fSth reset_ret = stop_services(STATE_NOSAVE);
19037c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
19047c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
1905e1dd0a2fSth "stopping services during reset\n"),
1906e1dd0a2fSth reset_ret);
19077c478bd9Sstevel@tonic-gate /* Coninue and try to recover what we can */
19087c478bd9Sstevel@tonic-gate }
19097c478bd9Sstevel@tonic-gate reset_ret = recover(STATE_NOSAVE);
19107c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
19117c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
1912e1dd0a2fSth "recovering service files during "
1913e1dd0a2fSth "reset\n"), reset_ret);
19147c478bd9Sstevel@tonic-gate /* Continue and start what we can */
19157c478bd9Sstevel@tonic-gate }
19167c478bd9Sstevel@tonic-gate reset_ret = start_services(START_RESET);
19177c478bd9Sstevel@tonic-gate if (reset_ret != CLIENT_SUCCESS) {
19187c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
1919e1dd0a2fSth "starting services during reset\n"),
1920e1dd0a2fSth reset_ret);
19217c478bd9Sstevel@tonic-gate }
19227c478bd9Sstevel@tonic-gate }
19237c478bd9Sstevel@tonic-gate
19247c478bd9Sstevel@tonic-gate return (retcode);
19257c478bd9Sstevel@tonic-gate }
19267c478bd9Sstevel@tonic-gate
19277c478bd9Sstevel@tonic-gate
19287c478bd9Sstevel@tonic-gate static void
usage(void)19297c478bd9Sstevel@tonic-gate usage(void)
19307c478bd9Sstevel@tonic-gate {
19317c478bd9Sstevel@tonic-gate if (mode_quiet)
19327c478bd9Sstevel@tonic-gate return;
19337c478bd9Sstevel@tonic-gate
19347c478bd9Sstevel@tonic-gate if (gen == 0) {
19357c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
1936e1dd0a2fSth gettext("Usage: %s [-v | -q] init | manual | mod | "
1937e1dd0a2fSth "list | uninit [<args>]\n"),
1938e1dd0a2fSth cmd);
1939e1dd0a2fSth
1940e1dd0a2fSth CLIENT_FPRINTF(stderr,
1941e1dd0a2fSth gettext("\n %s [-v | -q] [-a authenticationMethod]"
1942e1dd0a2fSth " [-D bindDN]\n\t[-w bindPassword] [-j passswdFile]"
1943dd1104fbSMichen Chang " [-y proxyPasswordFile]\n\t"
1944dd1104fbSMichen Chang "[-z adminPasswordFile] init [<args>]\n"),
1945e1dd0a2fSth cmd);
19467c478bd9Sstevel@tonic-gate
19477c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1948e1dd0a2fSth gettext("\nSet up a server or workstation as a "
1949e1dd0a2fSth "client of an LDAP namespace.\n"),
1950e1dd0a2fSth stderr);
19517c478bd9Sstevel@tonic-gate } else { /* genprofile */
19527c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
1953e1dd0a2fSth gettext("Usage: %s [-v | -q] genprofile "
1954e1dd0a2fSth "-a profileName=<name> "
1955e1dd0a2fSth "-a defaultSearchBase=<base> <args>\n"),
1956e1dd0a2fSth cmd);
19577c478bd9Sstevel@tonic-gate
19587c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1959e1dd0a2fSth gettext("\nGenerate a profile used to set up clients "
1960e1dd0a2fSth "of an LDAP namespace.\n"),
1961e1dd0a2fSth stderr);
19627c478bd9Sstevel@tonic-gate }
19637c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
1964e1dd0a2fSth gettext("<args> take the form of \'-a attrName=attrVal\' as "
1965e1dd0a2fSth "described in the\n"),
1966e1dd0a2fSth stderr);
1967*bbf21555SRichard Lowe CLIENT_FPUTS(gettext("man page: ldapclient(8)\n"), stderr);
19687c478bd9Sstevel@tonic-gate }
19697c478bd9Sstevel@tonic-gate
19707c478bd9Sstevel@tonic-gate
19717c478bd9Sstevel@tonic-gate /*
19727c478bd9Sstevel@tonic-gate * stop_services is called to stop network services prior to their
19737c478bd9Sstevel@tonic-gate * config files being moved/changed. In case a later recovery is needed
19747c478bd9Sstevel@tonic-gate * (an error occurs during config), we detect whether the service is
19757c478bd9Sstevel@tonic-gate * running and store that info so that a reset will only start services
19767c478bd9Sstevel@tonic-gate * that were stopped here.
19777c478bd9Sstevel@tonic-gate *
19787c478bd9Sstevel@tonic-gate * In terms of SMF, this translates to disabling the services. So we
19797c478bd9Sstevel@tonic-gate * try to disable them if they are in any other state
19807c478bd9Sstevel@tonic-gate *
19817c478bd9Sstevel@tonic-gate * Stop order :
19827c478bd9Sstevel@tonic-gate * sendmail, nscd, autofs, ldap.client, nisd (rpc), inetinit(domainname)
19837c478bd9Sstevel@tonic-gate */
19847c478bd9Sstevel@tonic-gate static int
stop_services(int saveState)19857c478bd9Sstevel@tonic-gate stop_services(int saveState)
19867c478bd9Sstevel@tonic-gate {
19877c478bd9Sstevel@tonic-gate int ret;
19887c478bd9Sstevel@tonic-gate
19897c478bd9Sstevel@tonic-gate if (mode_verbose) {
19907c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Stopping network services\n"), stderr);
19917c478bd9Sstevel@tonic-gate }
19927c478bd9Sstevel@tonic-gate
19937c478bd9Sstevel@tonic-gate if (!is_service(SENDMAIL_FMRI, SCF_STATE_STRING_DISABLED)) {
19947c478bd9Sstevel@tonic-gate if (mode_verbose)
19957c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Stopping sendmail\n"), stderr);
19967c478bd9Sstevel@tonic-gate ret = disable_service(SENDMAIL_FMRI, B_TRUE);
19977c478bd9Sstevel@tonic-gate if (ret != CLIENT_SUCCESS) {
19987c478bd9Sstevel@tonic-gate /* Not serious, but tell user what to do */
19997c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Stopping sendmail "
2000e1dd0a2fSth "failed with (%d). You may need to restart "
2001e1dd0a2fSth "it manually for changes to take effect.\n"),
2002e1dd0a2fSth ret);
20037c478bd9Sstevel@tonic-gate } else enableFlag |= SENDMAIL_ON;
20047c478bd9Sstevel@tonic-gate } else {
20057c478bd9Sstevel@tonic-gate if (mode_verbose)
20067c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("sendmail not running\n"), stderr);
20077c478bd9Sstevel@tonic-gate }
20087c478bd9Sstevel@tonic-gate
20097c478bd9Sstevel@tonic-gate if (!is_service(NSCD_FMRI, SCF_STATE_STRING_DISABLED)) {
20107c478bd9Sstevel@tonic-gate if (mode_verbose)
20117c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Stopping nscd\n"), stderr);
20127c478bd9Sstevel@tonic-gate ret = disable_service(NSCD_FMRI, B_TRUE);
20137c478bd9Sstevel@tonic-gate if (ret != CLIENT_SUCCESS) {
20147c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Stopping nscd "
20157c478bd9Sstevel@tonic-gate "failed with (%d)\n"), ret);
20167c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
20177c478bd9Sstevel@tonic-gate } else enableFlag |= NSCD_ON;
20187c478bd9Sstevel@tonic-gate } else {
20197c478bd9Sstevel@tonic-gate if (mode_verbose)
20207c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("nscd not running\n"), stderr);
20217c478bd9Sstevel@tonic-gate }
20227c478bd9Sstevel@tonic-gate
20237c478bd9Sstevel@tonic-gate if (!is_service(AUTOFS_FMRI, SCF_STATE_STRING_DISABLED)) {
20247c478bd9Sstevel@tonic-gate if (mode_verbose)
20257c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Stopping autofs\n"), stderr);
20267c478bd9Sstevel@tonic-gate ret = disable_service(AUTOFS_FMRI, B_TRUE);
20277c478bd9Sstevel@tonic-gate if (ret != CLIENT_SUCCESS) {
20287c478bd9Sstevel@tonic-gate /* Not serious, but tell user what to do */
20297c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Stopping autofs "
2030e1dd0a2fSth "failed with (%d). You may need to restart "
2031e1dd0a2fSth "it manually for changes to take effect.\n"),
2032e1dd0a2fSth ret);
20337c478bd9Sstevel@tonic-gate } else enableFlag |= AUTOFS_ON;
20347c478bd9Sstevel@tonic-gate } else {
20357c478bd9Sstevel@tonic-gate if (mode_verbose)
20367c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("autofs not running\n"), stderr);
20377c478bd9Sstevel@tonic-gate }
20387c478bd9Sstevel@tonic-gate
20397c478bd9Sstevel@tonic-gate if (!is_service(LDAP_FMRI, SCF_STATE_STRING_DISABLED)) {
20407c478bd9Sstevel@tonic-gate if (saveState)
20417c478bd9Sstevel@tonic-gate gStartLdap = START_RESET;
20427c478bd9Sstevel@tonic-gate if (mode_verbose)
20437c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Stopping ldap\n"), stderr);
20447c478bd9Sstevel@tonic-gate ret = disable_service(LDAP_FMRI, B_TRUE);
20457c478bd9Sstevel@tonic-gate if (ret != CLIENT_SUCCESS) {
20467c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Stopping ldap "
20477c478bd9Sstevel@tonic-gate "failed with (%d)\n"), ret);
20487c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
20497c478bd9Sstevel@tonic-gate }
20507c478bd9Sstevel@tonic-gate } else {
20517c478bd9Sstevel@tonic-gate if (mode_verbose)
20527c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("ldap not running\n"),
2053e1dd0a2fSth stderr);
20547c478bd9Sstevel@tonic-gate }
20557c478bd9Sstevel@tonic-gate
20567c478bd9Sstevel@tonic-gate if (!is_service(YP_FMRI, SCF_STATE_STRING_DISABLED)) {
20577c478bd9Sstevel@tonic-gate if (saveState)
20587c478bd9Sstevel@tonic-gate gStartYp = START_RESET;
20597c478bd9Sstevel@tonic-gate if (mode_verbose)
20607c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Stopping nis(yp)\n"), stderr);
20617c478bd9Sstevel@tonic-gate ret = disable_service(YP_FMRI, B_TRUE);
20627c478bd9Sstevel@tonic-gate if (ret != 0) {
20637c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Stopping nis(yp) "
20647c478bd9Sstevel@tonic-gate "failed with (%d)\n"), ret);
20657c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
20667c478bd9Sstevel@tonic-gate }
20677c478bd9Sstevel@tonic-gate } else {
20687c478bd9Sstevel@tonic-gate if (mode_verbose)
20697c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("nis(yp) not running\n"),
2070e1dd0a2fSth stderr);
20717c478bd9Sstevel@tonic-gate }
20727c478bd9Sstevel@tonic-gate
20737c478bd9Sstevel@tonic-gate return (CLIENT_SUCCESS);
20747c478bd9Sstevel@tonic-gate }
20757c478bd9Sstevel@tonic-gate
20767c478bd9Sstevel@tonic-gate /*
20777c478bd9Sstevel@tonic-gate * start_services is called to start up network services after config
20787c478bd9Sstevel@tonic-gate * files have all been setup or recovered. In the case of an error, the
20797c478bd9Sstevel@tonic-gate * files will be recovered and start_services will be called with the
20807c478bd9Sstevel@tonic-gate * "reset" flag set so that only those services that were earlier stopped
20817c478bd9Sstevel@tonic-gate * will be started. If it is not a reset, then the services associated
20827c478bd9Sstevel@tonic-gate * with files "recovered" will attempt to be started.
20837c478bd9Sstevel@tonic-gate */
20847c478bd9Sstevel@tonic-gate static int
start_services(int flag)20857c478bd9Sstevel@tonic-gate start_services(int flag)
20867c478bd9Sstevel@tonic-gate {
2087cb5caa98Sdjl int sysret, retcode = CLIENT_SUCCESS, rc = NS_LDAP_SUCCESS;
20887c478bd9Sstevel@tonic-gate FILE *domain_fp;
20897c478bd9Sstevel@tonic-gate char domainname[BUFSIZ];
20907c478bd9Sstevel@tonic-gate char cmd_domain_start[BUFSIZ];
20917c478bd9Sstevel@tonic-gate int domainlen;
2092cb5caa98Sdjl ns_ldap_self_gssapi_config_t config = NS_LDAP_SELF_GSSAPI_CONFIG_NONE;
2093cb5caa98Sdjl ns_ldap_error_t *errorp = NULL;
20947c478bd9Sstevel@tonic-gate
20957c478bd9Sstevel@tonic-gate if (mode_verbose) {
20967c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Starting network services\n"), stderr);
20977c478bd9Sstevel@tonic-gate }
20987c478bd9Sstevel@tonic-gate
20997c478bd9Sstevel@tonic-gate /* Read in current defaultdomain so we can set it */
21007c478bd9Sstevel@tonic-gate domain_fp = fopen(DOMAINNAME, "r");
21017c478bd9Sstevel@tonic-gate if (domain_fp == NULL) {
21027c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Error opening defaultdomain "
2103e1dd0a2fSth "(%d)\n"), errno);
21047c478bd9Sstevel@tonic-gate /* if we did an ldap init, we must have domain */
21057c478bd9Sstevel@tonic-gate if (flag == START_INIT)
21067c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
21077c478bd9Sstevel@tonic-gate } else {
21087c478bd9Sstevel@tonic-gate if (fgets(domainname, BUFSIZ, domain_fp) == NULL) {
21097c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error reading defaultdomain\n"),
2110e1dd0a2fSth stderr);
21117c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
21127c478bd9Sstevel@tonic-gate }
21137c478bd9Sstevel@tonic-gate
21147c478bd9Sstevel@tonic-gate if (fclose(domain_fp) != 0) {
21157c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2116e1dd0a2fSth gettext("Error closing defaultdomain (%d)\n"),
2117e1dd0a2fSth errno);
21187c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
21197c478bd9Sstevel@tonic-gate }
21207c478bd9Sstevel@tonic-gate domainlen = strlen(domainname);
21217c478bd9Sstevel@tonic-gate /* sanity check to make sure sprintf will fit */
21227c478bd9Sstevel@tonic-gate if (domainlen > (BUFSIZE - sizeof (CMD_DOMAIN_START) -
2123e1dd0a2fSth sizeof (TO_DEV_NULL) - 3)) {
21247c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Specified domainname is "
2125e1dd0a2fSth "too large\n"), stderr);
21267c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
21277c478bd9Sstevel@tonic-gate }
21287c478bd9Sstevel@tonic-gate if (domainname[domainlen-1] == '\n')
21297c478bd9Sstevel@tonic-gate domainname[domainlen-1] = 0;
21307c478bd9Sstevel@tonic-gate /* buffer size is checked above */
2131cb5caa98Sdjl (void) snprintf(cmd_domain_start, BUFSIZ, "%s %s %s",
2132e1dd0a2fSth CMD_DOMAIN_START, domainname, TO_DEV_NULL);
21337c478bd9Sstevel@tonic-gate }
21347c478bd9Sstevel@tonic-gate
21357c478bd9Sstevel@tonic-gate /*
21367c478bd9Sstevel@tonic-gate * We can be starting services after an init in which case
213736e852a1SRaja Andra * we want to start ldap and not start yp.
21387c478bd9Sstevel@tonic-gate */
21397c478bd9Sstevel@tonic-gate if (flag == START_INIT) {
21407c478bd9Sstevel@tonic-gate sysret = system(cmd_domain_start);
21417c478bd9Sstevel@tonic-gate if (mode_verbose)
21427c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, "start: %s %s... %s\n",
2143e1dd0a2fSth CMD_DOMAIN_START, domainname,
2144e1dd0a2fSth (sysret == 0) ? gettext("success") :
2145e1dd0a2fSth gettext("failed"));
21467c478bd9Sstevel@tonic-gate if (sysret != 0) {
21477c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("\"%s\" returned: %d\n"),
2148e1dd0a2fSth CMD_DOMAIN_START, sysret);
21497c478bd9Sstevel@tonic-gate
21507c478bd9Sstevel@tonic-gate retcode = CLIENT_ERR_FAIL;
21517c478bd9Sstevel@tonic-gate }
21527c478bd9Sstevel@tonic-gate
2153cb5caa98Sdjl if ((rc = __ns_ldap_self_gssapi_config(&config)) !=
2154e1dd0a2fSth NS_LDAP_SUCCESS) {
2155cb5caa98Sdjl CLIENT_FPRINTF(stderr, gettext("Error (%d) while "
2156e1dd0a2fSth "checking sasl/GSSAPI configuration\n"),
2157e1dd0a2fSth rc);
21587c478bd9Sstevel@tonic-gate retcode = CLIENT_ERR_FAIL;
2159cb5caa98Sdjl }
21607c478bd9Sstevel@tonic-gate
2161cb5caa98Sdjl if (config != NS_LDAP_SELF_GSSAPI_CONFIG_NONE) {
2162cb5caa98Sdjl
2163cb5caa98Sdjl rc = __ns_ldap_check_dns_preq(
2164e1dd0a2fSth 1, mode_verbose, mode_quiet,
2165e1dd0a2fSth NSSWITCH_LDAP, config, &errorp);
2166cb5caa98Sdjl if (errorp)
2167cb5caa98Sdjl (void) __ns_ldap_freeError(&errorp);
2168cb5caa98Sdjl
2169cb5caa98Sdjl if (rc != NS_LDAP_SUCCESS)
2170cb5caa98Sdjl retcode = CLIENT_ERR_FAIL;
2171cb5caa98Sdjl }
2172cb5caa98Sdjl
2173cb5caa98Sdjl if (rc == NS_LDAP_SUCCESS &&
2174e1dd0a2fSth start_service(LDAP_FMRI, B_TRUE) != CLIENT_SUCCESS)
2175cb5caa98Sdjl retcode = CLIENT_ERR_FAIL;
2176cb5caa98Sdjl
2177cb5caa98Sdjl if (config != NS_LDAP_SELF_GSSAPI_CONFIG_NONE &&
2178e1dd0a2fSth rc == NS_LDAP_SUCCESS && retcode == CLIENT_SUCCESS) {
2179cb5caa98Sdjl rc = __ns_ldap_check_gssapi_preq(
2180e1dd0a2fSth 1, mode_verbose, mode_quiet, config,
2181e1dd0a2fSth &errorp);
2182cb5caa98Sdjl if (errorp)
2183cb5caa98Sdjl (void) __ns_ldap_freeError(&errorp);
2184cb5caa98Sdjl
2185cb5caa98Sdjl if (rc != NS_LDAP_SUCCESS)
2186cb5caa98Sdjl retcode = CLIENT_ERR_FAIL;
2187cb5caa98Sdjl
2188cb5caa98Sdjl }
218936e852a1SRaja Andra /* No YP after init */
21907c478bd9Sstevel@tonic-gate /*
21917c478bd9Sstevel@tonic-gate * Or we can be starting services after an uninit or error
21927c478bd9Sstevel@tonic-gate * recovery. We want to start whatever services were running
21937c478bd9Sstevel@tonic-gate * before. In the case of error recovery, it is the services
21947c478bd9Sstevel@tonic-gate * that were running before we stopped them (flags set in
21957c478bd9Sstevel@tonic-gate * stop_services). If it is an uninit then we determine
21967c478bd9Sstevel@tonic-gate * which services to start based on the files we recovered
21977c478bd9Sstevel@tonic-gate * (flags set in recover).
21987c478bd9Sstevel@tonic-gate */
21997c478bd9Sstevel@tonic-gate } else {
22007c478bd9Sstevel@tonic-gate /* uninit and recover should set flags of what to start */
22017c478bd9Sstevel@tonic-gate if (domain_fp) {
22027c478bd9Sstevel@tonic-gate sysret = system(cmd_domain_start);
22037c478bd9Sstevel@tonic-gate if (mode_verbose)
22047c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, "start: %s %s... %s\n",
2205e1dd0a2fSth CMD_DOMAIN_START, domainname,
2206e1dd0a2fSth (sysret == 0) ? gettext("success") :
2207e1dd0a2fSth gettext("failed"));
22087c478bd9Sstevel@tonic-gate if (sysret != 0) {
22097c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("\"%s\" "
2210e1dd0a2fSth "returned: %d\n"),
2211e1dd0a2fSth CMD_DOMAIN_START, sysret);
22127c478bd9Sstevel@tonic-gate
22137c478bd9Sstevel@tonic-gate retcode = CLIENT_ERR_FAIL;
22147c478bd9Sstevel@tonic-gate }
22157c478bd9Sstevel@tonic-gate }
22167c478bd9Sstevel@tonic-gate
22177c478bd9Sstevel@tonic-gate if (gStartLdap == flag) {
22187c478bd9Sstevel@tonic-gate if (!(is_service(LDAP_FMRI, SCF_STATE_STRING_ONLINE)))
22197c478bd9Sstevel@tonic-gate if (start_service(LDAP_FMRI, B_TRUE)
2220e1dd0a2fSth != CLIENT_SUCCESS)
22217c478bd9Sstevel@tonic-gate retcode = CLIENT_ERR_FAIL;
22227c478bd9Sstevel@tonic-gate }
22237c478bd9Sstevel@tonic-gate
22247c478bd9Sstevel@tonic-gate if (gStartYp == flag) {
22257c478bd9Sstevel@tonic-gate if (!(is_service(YP_FMRI, SCF_STATE_STRING_ONLINE)))
22267c478bd9Sstevel@tonic-gate (void) start_service(YP_FMRI, B_TRUE);
22277c478bd9Sstevel@tonic-gate }
22287c478bd9Sstevel@tonic-gate }
22297c478bd9Sstevel@tonic-gate if ((enableFlag & AUTOFS_ON) &&
22307c478bd9Sstevel@tonic-gate !(is_service(AUTOFS_FMRI, SCF_STATE_STRING_ONLINE)))
22317c478bd9Sstevel@tonic-gate (void) start_service(AUTOFS_FMRI, B_TRUE);
22327c478bd9Sstevel@tonic-gate
22337c478bd9Sstevel@tonic-gate if ((enableFlag & NSCD_ON) &&
22347c478bd9Sstevel@tonic-gate !(is_service(NSCD_FMRI, SCF_STATE_STRING_ONLINE)))
22357c478bd9Sstevel@tonic-gate (void) start_service(NSCD_FMRI, B_TRUE);
22367c478bd9Sstevel@tonic-gate
2237cb5caa98Sdjl #if 0
2238cb5caa98Sdjl if (flag == START_INIT && config != NS_LDAP_SELF_GSSAPI_CONFIG_NONE &&
2239cb5caa98Sdjl retcode == CLIENT_SUCCESS &&
2240cb5caa98Sdjl !(is_service(NSCD_FMRI, SCF_STATE_STRING_ONLINE))) {
2241cb5caa98Sdjl CLIENT_FPRINTF(stderr, "start: %s\n",
2242e1dd0a2fSth gettext("self/sasl/GSSAPI is configured"
2243e1dd0a2fSth " but nscd is not online"));
2244cb5caa98Sdjl retcode = CLIENT_ERR_FAIL;
2245cb5caa98Sdjl }
2246cb5caa98Sdjl #endif
2247cb5caa98Sdjl
22487c478bd9Sstevel@tonic-gate if ((enableFlag & SENDMAIL_ON) &&
22497c478bd9Sstevel@tonic-gate !(is_service(SENDMAIL_FMRI, SCF_STATE_STRING_ONLINE)))
22507c478bd9Sstevel@tonic-gate (void) start_service(SENDMAIL_FMRI, B_TRUE);
22517c478bd9Sstevel@tonic-gate
22527c478bd9Sstevel@tonic-gate /*
22537c478bd9Sstevel@tonic-gate * Restart name-service milestone so that any consumer
22547c478bd9Sstevel@tonic-gate * which depends on it will be restarted.
22557c478bd9Sstevel@tonic-gate */
22567c478bd9Sstevel@tonic-gate (void) restart_service(NS_MILESTONE_FMRI, B_TRUE);
22577c478bd9Sstevel@tonic-gate return (retcode);
22587c478bd9Sstevel@tonic-gate }
22597c478bd9Sstevel@tonic-gate
22607c478bd9Sstevel@tonic-gate /*
22617c478bd9Sstevel@tonic-gate * credCheck is called to check if credentials are required for this
22627c478bd9Sstevel@tonic-gate * configuration. Currently, this means that if any credentialLevel is
22637c478bd9Sstevel@tonic-gate * proxy and any authenticationMethod is something other than none, then
22647c478bd9Sstevel@tonic-gate * credential info is required (proxyDN and proxyPassword).
22657c478bd9Sstevel@tonic-gate */
22667c478bd9Sstevel@tonic-gate static int
credCheck(clientopts_t * arglist)22677c478bd9Sstevel@tonic-gate credCheck(clientopts_t *arglist)
22687c478bd9Sstevel@tonic-gate {
22697c478bd9Sstevel@tonic-gate int counter;
22707c478bd9Sstevel@tonic-gate int **credLevel;
22717c478bd9Sstevel@tonic-gate ns_auth_t **authMethod;
22727c478bd9Sstevel@tonic-gate char **proxyDN, **proxyPassword;
22737c478bd9Sstevel@tonic-gate ns_ldap_error_t *errorp;
22747c478bd9Sstevel@tonic-gate int credProxy, authNotNone;
22757c478bd9Sstevel@tonic-gate int retcode;
22767c478bd9Sstevel@tonic-gate
22777c478bd9Sstevel@tonic-gate /* If credentialLevel is proxy, make sure we have proxyDN and proxyPassword */
22787c478bd9Sstevel@tonic-gate retcode = __ns_ldap_getParam(NS_LDAP_CREDENTIAL_LEVEL_P,
2279e1dd0a2fSth (void ***)&credLevel, &errorp);
22807c478bd9Sstevel@tonic-gate if (retcode != 0) {
22817c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2282e1dd0a2fSth gettext("Error %d while trying to retrieve "
2283e1dd0a2fSth "credLevel\n"),
2284e1dd0a2fSth retcode);
22857c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
22867c478bd9Sstevel@tonic-gate }
22877c478bd9Sstevel@tonic-gate retcode = __ns_ldap_getParam(NS_LDAP_AUTH_P,
2288e1dd0a2fSth (void ***)&authMethod, &errorp);
22897c478bd9Sstevel@tonic-gate if (retcode != 0) {
22907c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2291e1dd0a2fSth gettext("Error %d while trying to retrieve "
2292e1dd0a2fSth "authMethod\n"), retcode);
22937c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
22947c478bd9Sstevel@tonic-gate }
22957c478bd9Sstevel@tonic-gate retcode = __ns_ldap_getParam(NS_LDAP_BINDDN_P,
2296e1dd0a2fSth (void ***)&proxyDN, &errorp);
22977c478bd9Sstevel@tonic-gate if (retcode != 0) {
22987c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2299e1dd0a2fSth gettext("Error %d while trying to retrieve proxyDN\n"),
2300e1dd0a2fSth retcode);
23017c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
23027c478bd9Sstevel@tonic-gate }
23037c478bd9Sstevel@tonic-gate retcode = __ns_ldap_getParam(NS_LDAP_BINDPASSWD_P,
2304e1dd0a2fSth (void ***)&proxyPassword, &errorp);
23057c478bd9Sstevel@tonic-gate if (retcode != 0) {
23067c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2307e1dd0a2fSth gettext("Error %d while trying to retrieve "
2308e1dd0a2fSth "proxyPassword\n"), retcode);
23097c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
23107c478bd9Sstevel@tonic-gate }
23117c478bd9Sstevel@tonic-gate
23127c478bd9Sstevel@tonic-gate if (mode_verbose) {
23137c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2314e1dd0a2fSth gettext("Proxy DN: %s\n"),
2315e1dd0a2fSth (proxyDN && proxyDN[0]) ? proxyDN[0] : "NULL");
23167c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2317e1dd0a2fSth gettext("Proxy password: %s\n"),
2318e1dd0a2fSth (proxyPassword && proxyPassword[0]) ?
2319e1dd0a2fSth proxyPassword[0] : "NULL");
23207c478bd9Sstevel@tonic-gate }
23217c478bd9Sstevel@tonic-gate
23227c478bd9Sstevel@tonic-gate credProxy = 0; /* flag to indicate if we have a credLevel of proxy */
23237c478bd9Sstevel@tonic-gate for (counter = 0; credLevel && credLevel[counter] != NULL; counter++) {
23247c478bd9Sstevel@tonic-gate if (mode_verbose)
23257c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2326e1dd0a2fSth gettext("Credential level: %d\n"),
2327e1dd0a2fSth *credLevel[counter]);
23287c478bd9Sstevel@tonic-gate if (*credLevel[counter] == NS_LDAP_CRED_PROXY) {
23297c478bd9Sstevel@tonic-gate credProxy = 1;
23307c478bd9Sstevel@tonic-gate break;
23317c478bd9Sstevel@tonic-gate }
23327c478bd9Sstevel@tonic-gate }
23337c478bd9Sstevel@tonic-gate
23347c478bd9Sstevel@tonic-gate authNotNone = 0; /* flag for authMethod other than none */
23357c478bd9Sstevel@tonic-gate for (counter = 0;
2336e1dd0a2fSth authMethod && authMethod[counter] != NULL;
2337e1dd0a2fSth counter++) {
23387c478bd9Sstevel@tonic-gate
23397c478bd9Sstevel@tonic-gate if (mode_verbose)
23407c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2341e1dd0a2fSth gettext("Authentication method: %d\n"),
2342e1dd0a2fSth authMethod[counter]->type);
23437c478bd9Sstevel@tonic-gate if (authMethod[counter]->type != NS_LDAP_AUTH_NONE &&
23447c478bd9Sstevel@tonic-gate !(authMethod[counter]->type == NS_LDAP_AUTH_TLS &&
23457c478bd9Sstevel@tonic-gate authMethod[counter]->tlstype == NS_LDAP_TLS_NONE)) {
23467c478bd9Sstevel@tonic-gate authNotNone = 1;
23477c478bd9Sstevel@tonic-gate break;
23487c478bd9Sstevel@tonic-gate }
23497c478bd9Sstevel@tonic-gate }
23507c478bd9Sstevel@tonic-gate
23517c478bd9Sstevel@tonic-gate /* First, if we don't need proxyDN/Password then just return ok */
23527c478bd9Sstevel@tonic-gate if (!(credProxy && authNotNone)) {
23537c478bd9Sstevel@tonic-gate if (mode_verbose)
23547c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
2355e1dd0a2fSth gettext("No proxyDN/proxyPassword required\n"),
2356e1dd0a2fSth stderr);
23577c478bd9Sstevel@tonic-gate return (CLIENT_SUCCESS);
23587c478bd9Sstevel@tonic-gate }
23597c478bd9Sstevel@tonic-gate
23607c478bd9Sstevel@tonic-gate /* Now let's check if we have the cred stuff we need */
23617c478bd9Sstevel@tonic-gate if (!proxyDN || !proxyDN[0]) {
23627c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
2363e1dd0a2fSth gettext("credentialLevel is proxy and no proxyDN "
2364e1dd0a2fSth "specified\n"),
2365e1dd0a2fSth stderr);
23667c478bd9Sstevel@tonic-gate return (CLIENT_ERR_CREDENTIAL);
23677c478bd9Sstevel@tonic-gate }
23687c478bd9Sstevel@tonic-gate
23697c478bd9Sstevel@tonic-gate /* If we need proxyPassword (prompt) */
23707c478bd9Sstevel@tonic-gate if (!proxyPassword || !proxyPassword[0]) {
23717c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
2372e1dd0a2fSth gettext("credentialLevel requires proxyPassword\n"),
2373e1dd0a2fSth stderr);
23747c478bd9Sstevel@tonic-gate arglist->proxyPassword = getpassphrase("Proxy Bind Password:");
23757c478bd9Sstevel@tonic-gate if (arglist->proxyPassword == NULL) {
23767c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Get password failed\n"), stderr);
23777c478bd9Sstevel@tonic-gate return (CLIENT_ERR_CREDENTIAL);
23787c478bd9Sstevel@tonic-gate }
23797c478bd9Sstevel@tonic-gate LDAP_SET_PARAM(arglist->proxyPassword, NS_LDAP_BINDPASSWD_P);
23807c478bd9Sstevel@tonic-gate if (retcode != 0) {
23817c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
2382e1dd0a2fSth gettext("setParam proxyPassword failed.\n"),
2383e1dd0a2fSth stderr);
23847c478bd9Sstevel@tonic-gate return (CLIENT_ERR_CREDENTIAL);
23857c478bd9Sstevel@tonic-gate }
23867c478bd9Sstevel@tonic-gate }
23877c478bd9Sstevel@tonic-gate
23887c478bd9Sstevel@tonic-gate return (CLIENT_SUCCESS);
23897c478bd9Sstevel@tonic-gate }
23907c478bd9Sstevel@tonic-gate
2391dd1104fbSMichen Chang /*
2392dd1104fbSMichen Chang * adminCredCheck is called to check if the admin credential is required
2393dd1104fbSMichen Chang * for this configuration. This means that if enableShadowUpdate is set
2394dd1104fbSMichen Chang * to TRUE then credential info is required (adminDN and adminPassword).
2395dd1104fbSMichen Chang * One exception is that if there is a 'self' credentialLevel and
2396dd1104fbSMichen Chang * 'sasl/GSSAPI' authenticationMethod (i.e., possibly using Kerberos
2397dd1104fbSMichen Chang * host credential) then adminDN and adminPassword are not required.
2398dd1104fbSMichen Chang */
2399dd1104fbSMichen Chang static int
adminCredCheck(clientopts_t * arglist)2400dd1104fbSMichen Chang adminCredCheck(clientopts_t *arglist)
2401dd1104fbSMichen Chang {
2402dd1104fbSMichen Chang int counter;
2403dd1104fbSMichen Chang int **enabled = NULL;
2404dd1104fbSMichen Chang int **credLevel = NULL;
2405dd1104fbSMichen Chang char **adminDN = NULL;
2406dd1104fbSMichen Chang char **adminPassword = NULL;
2407dd1104fbSMichen Chang ns_auth_t **authMethod = NULL;
2408dd1104fbSMichen Chang ns_ldap_error_t *errorp = NULL;
2409dd1104fbSMichen Chang int credSelf, authSASLgss;
2410dd1104fbSMichen Chang int retcode, rc;
2411dd1104fbSMichen Chang
2412dd1104fbSMichen Chang /* If shadow update not enabled, then no need to check */
2413dd1104fbSMichen Chang retcode = __ns_ldap_getParam(NS_LDAP_ENABLE_SHADOW_UPDATE_P,
2414dd1104fbSMichen Chang (void ***)&enabled, &errorp);
2415dd1104fbSMichen Chang if (retcode != 0) {
2416dd1104fbSMichen Chang CLIENT_FPRINTF(stderr,
2417dd1104fbSMichen Chang gettext("Error %d while trying to retrieve "
2418dd1104fbSMichen Chang "enableShadowUpdate\n"), retcode);
2419dd1104fbSMichen Chang rc = CLIENT_ERR_FAIL;
2420dd1104fbSMichen Chang goto out;
2421dd1104fbSMichen Chang }
2422dd1104fbSMichen Chang if (enabled == NULL ||
2423dd1104fbSMichen Chang *enabled[0] != NS_LDAP_ENABLE_SHADOW_UPDATE_TRUE) {
2424dd1104fbSMichen Chang if (mode_verbose)
2425dd1104fbSMichen Chang CLIENT_FPUTS(
2426dd1104fbSMichen Chang gettext("Shadow Update is not enabled, "
2427dd1104fbSMichen Chang "no adminDN/adminPassword is required.\n"), stderr);
2428dd1104fbSMichen Chang rc = CLIENT_SUCCESS;
2429dd1104fbSMichen Chang goto out;
2430dd1104fbSMichen Chang }
2431dd1104fbSMichen Chang
2432dd1104fbSMichen Chang /* get credentialLevel */
2433dd1104fbSMichen Chang retcode = __ns_ldap_getParam(NS_LDAP_CREDENTIAL_LEVEL_P,
2434dd1104fbSMichen Chang (void ***)&credLevel, &errorp);
2435dd1104fbSMichen Chang if (retcode != 0) {
2436dd1104fbSMichen Chang CLIENT_FPRINTF(stderr,
2437dd1104fbSMichen Chang gettext("Error %d while trying to retrieve credLevel\n"),
2438dd1104fbSMichen Chang retcode);
2439dd1104fbSMichen Chang rc = CLIENT_ERR_FAIL;
2440dd1104fbSMichen Chang goto out;
2441dd1104fbSMichen Chang }
2442dd1104fbSMichen Chang
2443dd1104fbSMichen Chang /* get AuthenticationMethod */
2444dd1104fbSMichen Chang retcode = __ns_ldap_getParam(NS_LDAP_AUTH_P,
2445dd1104fbSMichen Chang (void ***)&authMethod, &errorp);
2446dd1104fbSMichen Chang if (retcode != 0) {
2447dd1104fbSMichen Chang CLIENT_FPRINTF(stderr,
2448dd1104fbSMichen Chang gettext("Error %d while trying to retrieve authMethod\n"),
2449dd1104fbSMichen Chang retcode);
2450dd1104fbSMichen Chang rc = CLIENT_ERR_FAIL;
2451dd1104fbSMichen Chang goto out;
2452dd1104fbSMichen Chang }
2453dd1104fbSMichen Chang
2454dd1104fbSMichen Chang /* get adminDN */
2455dd1104fbSMichen Chang retcode = __ns_ldap_getParam(NS_LDAP_ADMIN_BINDDN_P,
2456dd1104fbSMichen Chang (void ***)&adminDN, &errorp);
2457dd1104fbSMichen Chang if (retcode != 0) {
2458dd1104fbSMichen Chang CLIENT_FPRINTF(stderr,
2459dd1104fbSMichen Chang gettext("Error %d while trying to retrieve adminDN\n"),
2460dd1104fbSMichen Chang retcode);
2461dd1104fbSMichen Chang rc = CLIENT_ERR_FAIL;
2462dd1104fbSMichen Chang goto out;
2463dd1104fbSMichen Chang }
2464dd1104fbSMichen Chang
2465dd1104fbSMichen Chang /* get adminPassword */
2466dd1104fbSMichen Chang retcode = __ns_ldap_getParam(NS_LDAP_ADMIN_BINDPASSWD_P,
2467dd1104fbSMichen Chang (void ***)&adminPassword, &errorp);
2468dd1104fbSMichen Chang if (retcode != 0) {
2469dd1104fbSMichen Chang CLIENT_FPRINTF(stderr,
2470dd1104fbSMichen Chang gettext("Error %d while trying to retrieve "
2471dd1104fbSMichen Chang "adminPassword\n"), retcode);
2472dd1104fbSMichen Chang rc = CLIENT_ERR_FAIL;
2473dd1104fbSMichen Chang goto out;
2474dd1104fbSMichen Chang }
2475dd1104fbSMichen Chang
2476dd1104fbSMichen Chang if (mode_verbose) {
2477dd1104fbSMichen Chang CLIENT_FPRINTF(stderr,
2478dd1104fbSMichen Chang gettext("admin DN: %s\n"),
2479dd1104fbSMichen Chang (adminDN && adminDN[0]) ? adminDN[0] : "NULL");
2480dd1104fbSMichen Chang CLIENT_FPRINTF(stderr,
2481dd1104fbSMichen Chang gettext("admin password: %s\n"),
2482dd1104fbSMichen Chang (adminPassword && adminPassword[0]) ?
2483dd1104fbSMichen Chang adminPassword[0] : "NULL");
2484dd1104fbSMichen Chang }
2485dd1104fbSMichen Chang
2486dd1104fbSMichen Chang credSelf = 0; /* flag to indicate if we have a credLevel of self */
2487dd1104fbSMichen Chang for (counter = 0; credLevel && credLevel[counter] != NULL; counter++) {
2488dd1104fbSMichen Chang if (mode_verbose)
2489dd1104fbSMichen Chang CLIENT_FPRINTF(stderr,
2490dd1104fbSMichen Chang gettext("Credential level: %d\n"),
2491dd1104fbSMichen Chang *credLevel[counter]);
2492dd1104fbSMichen Chang if (*credLevel[counter] == NS_LDAP_CRED_SELF) {
2493dd1104fbSMichen Chang credSelf = 1;
2494dd1104fbSMichen Chang break;
2495dd1104fbSMichen Chang }
2496dd1104fbSMichen Chang }
2497dd1104fbSMichen Chang
2498dd1104fbSMichen Chang authSASLgss = 0; /* flag for authMethod of SASL/gssapi */
2499dd1104fbSMichen Chang for (counter = 0;
2500dd1104fbSMichen Chang authMethod && authMethod[counter] != NULL;
2501dd1104fbSMichen Chang counter++) {
2502dd1104fbSMichen Chang
2503dd1104fbSMichen Chang if (mode_verbose)
2504dd1104fbSMichen Chang CLIENT_FPRINTF(stderr,
2505dd1104fbSMichen Chang gettext("Authentication sasl mechanism: %d\n"),
2506dd1104fbSMichen Chang authMethod[counter]->saslmech);
2507dd1104fbSMichen Chang if (authMethod[counter]->saslmech == NS_LDAP_SASL_GSSAPI) {
2508dd1104fbSMichen Chang authSASLgss = 1;
2509dd1104fbSMichen Chang break;
2510dd1104fbSMichen Chang }
2511dd1104fbSMichen Chang }
2512dd1104fbSMichen Chang
2513dd1104fbSMichen Chang /* First, if we don't need adminDN/adminPassword then just return ok */
2514dd1104fbSMichen Chang if (credSelf && authSASLgss) {
2515dd1104fbSMichen Chang if (mode_verbose)
2516dd1104fbSMichen Chang CLIENT_FPUTS(
2517dd1104fbSMichen Chang gettext("A credential Level of self and an "
2518dd1104fbSMichen Chang "authentication method of sasl/GSSAPI is "
2519dd1104fbSMichen Chang "configured, no adminDN/adminPassword "
2520dd1104fbSMichen Chang "is required.\n"), stderr);
2521dd1104fbSMichen Chang rc = CLIENT_SUCCESS;
2522dd1104fbSMichen Chang goto out;
2523dd1104fbSMichen Chang }
2524dd1104fbSMichen Chang
2525dd1104fbSMichen Chang /* Now let's check if we have the cred stuff we need */
25263718f283SToomas Soome if (adminDN == NULL || adminDN[0] == NULL) {
2527dd1104fbSMichen Chang CLIENT_FPUTS(
2528dd1104fbSMichen Chang gettext("Shadow Update is enabled, but "
2529dd1104fbSMichen Chang "no adminDN is configured.\n"), stderr);
2530dd1104fbSMichen Chang rc = CLIENT_ERR_CREDENTIAL;
2531dd1104fbSMichen Chang goto out;
2532dd1104fbSMichen Chang }
2533dd1104fbSMichen Chang
2534dd1104fbSMichen Chang /* If we need adminPassword (prompt) */
25353718f283SToomas Soome if (adminPassword == NULL || adminPassword[0] == NULL) {
2536dd1104fbSMichen Chang CLIENT_FPUTS(
2537dd1104fbSMichen Chang gettext("Shadow Update requires adminPassword\n"),
2538dd1104fbSMichen Chang stderr);
2539dd1104fbSMichen Chang arglist->adminPassword = getpassphrase("admin Password:");
2540dd1104fbSMichen Chang if (arglist->adminPassword == NULL) {
2541dd1104fbSMichen Chang CLIENT_FPUTS(gettext("Unable to get admin password\n"),
2542dd1104fbSMichen Chang stderr);
2543dd1104fbSMichen Chang rc = CLIENT_ERR_CREDENTIAL;
2544dd1104fbSMichen Chang goto out;
2545dd1104fbSMichen Chang }
2546dd1104fbSMichen Chang LDAP_SET_PARAM(arglist->adminPassword,
2547dd1104fbSMichen Chang NS_LDAP_ADMIN_BINDPASSWD_P);
2548dd1104fbSMichen Chang if (retcode != 0) {
2549dd1104fbSMichen Chang CLIENT_FPUTS(
2550dd1104fbSMichen Chang gettext("setParam adminPassword failed.\n"),
2551dd1104fbSMichen Chang stderr);
2552dd1104fbSMichen Chang rc = CLIENT_ERR_CREDENTIAL;
2553dd1104fbSMichen Chang goto out;
2554dd1104fbSMichen Chang }
2555dd1104fbSMichen Chang }
2556dd1104fbSMichen Chang
2557dd1104fbSMichen Chang rc = CLIENT_SUCCESS;
2558dd1104fbSMichen Chang
2559dd1104fbSMichen Chang out:
2560dd1104fbSMichen Chang if (enabled != NULL)
2561dd1104fbSMichen Chang (void) __ns_ldap_freeParam((void ***)&enabled);
2562dd1104fbSMichen Chang if (credLevel != NULL)
2563dd1104fbSMichen Chang (void) __ns_ldap_freeParam((void ***)&credLevel);
2564dd1104fbSMichen Chang if (authMethod != NULL)
2565dd1104fbSMichen Chang (void) __ns_ldap_freeParam((void ***)&authMethod);
2566dd1104fbSMichen Chang if (adminDN != NULL)
2567dd1104fbSMichen Chang (void) __ns_ldap_freeParam((void ***)&adminDN);
2568dd1104fbSMichen Chang if (adminPassword != NULL)
2569dd1104fbSMichen Chang (void) __ns_ldap_freeParam((void ***)&adminPassword);
2570dd1104fbSMichen Chang
2571dd1104fbSMichen Chang return (rc);
2572dd1104fbSMichen Chang }
2573dd1104fbSMichen Chang
25747c478bd9Sstevel@tonic-gate /*
25757c478bd9Sstevel@tonic-gate * try to restore the previous name space on this machine
25767c478bd9Sstevel@tonic-gate */
25777c478bd9Sstevel@tonic-gate static int
recover(int saveState)25787c478bd9Sstevel@tonic-gate recover(int saveState)
25797c478bd9Sstevel@tonic-gate {
25807c478bd9Sstevel@tonic-gate struct stat buf;
25817c478bd9Sstevel@tonic-gate int stat_ret, retcode, fd;
25827c478bd9Sstevel@tonic-gate int domain = 0, domainlen;
25837c478bd9Sstevel@tonic-gate char yp_dir[BUFSIZE], yp_dir_back[BUFSIZE];
25847c478bd9Sstevel@tonic-gate char name[BUFSIZ];
25857c478bd9Sstevel@tonic-gate char *ldap_conf_file, *ldap_cred_file;
25867c478bd9Sstevel@tonic-gate char ldap_file_back[BUFSIZE], ldap_cred_back[BUFSIZE];
25877c478bd9Sstevel@tonic-gate
25887c478bd9Sstevel@tonic-gate /* If running as Sysid Install become a no-op */
25897c478bd9Sstevel@tonic-gate if (sysid_install == B_TRUE)
25907c478bd9Sstevel@tonic-gate return (CLIENT_SUCCESS);
25917c478bd9Sstevel@tonic-gate
25927c478bd9Sstevel@tonic-gate stat_ret = stat(LDAP_RESTORE_DIR, &buf);
25937c478bd9Sstevel@tonic-gate if (stat_ret != 0) {
25947c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
2595e1dd0a2fSth gettext("Cannot recover. No backup files "
2596e1dd0a2fSth "found.\n"),
2597e1dd0a2fSth stderr);
25987c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
2599e1dd0a2fSth gettext("\t Either this machine was not initialized\n"),
2600e1dd0a2fSth stderr);
26017c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
2602e1dd0a2fSth gettext("\t by ldapclient or the backup files "
2603e1dd0a2fSth "have been\n"),
2604e1dd0a2fSth stderr);
26057c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
2606e1dd0a2fSth gettext("\t removed manually or with an \"uninit\"\n"),
2607e1dd0a2fSth stderr);
26087c478bd9Sstevel@tonic-gate return (CLIENT_ERR_RESTORE); /* invalid backup */
26097c478bd9Sstevel@tonic-gate }
26107c478bd9Sstevel@tonic-gate
26117c478bd9Sstevel@tonic-gate /*
26127c478bd9Sstevel@tonic-gate * Get domainname. Allow no domainname for the case where "files"
26137c478bd9Sstevel@tonic-gate * config was backed up.
26147c478bd9Sstevel@tonic-gate */
26157c478bd9Sstevel@tonic-gate stat_ret = stat(DOMAINNAME_BACK, &buf);
26167c478bd9Sstevel@tonic-gate if (mode_verbose)
26177c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2618e1dd0a2fSth gettext("recover: stat(%s)=%d\n"),
2619e1dd0a2fSth DOMAINNAME_BACK, stat_ret);
26207c478bd9Sstevel@tonic-gate if (stat_ret == 0) {
26217c478bd9Sstevel@tonic-gate if (mode_verbose)
26227c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2623e1dd0a2fSth gettext("recover: open(%s)\n"),
2624e1dd0a2fSth DOMAINNAME_BACK);
26257c478bd9Sstevel@tonic-gate fd = open(DOMAINNAME_BACK, O_RDONLY);
26267c478bd9Sstevel@tonic-gate if (mode_verbose)
26277c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2628e1dd0a2fSth gettext("recover: read(%s)\n"),
2629e1dd0a2fSth DOMAINNAME_BACK);
26307c478bd9Sstevel@tonic-gate domainlen = read(fd, &(name[0]), BUFSIZ-1);
26317c478bd9Sstevel@tonic-gate (void) close(fd);
26327c478bd9Sstevel@tonic-gate if (domainlen < 0) {
26337c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
2634e1dd0a2fSth gettext("Cannot recover. Cannot determine "
2635e1dd0a2fSth "previous domain name.\n"),
2636e1dd0a2fSth stderr);
26377c478bd9Sstevel@tonic-gate return (CLIENT_ERR_RESTORE); /* invalid backup */
26387c478bd9Sstevel@tonic-gate } else {
26397c478bd9Sstevel@tonic-gate char *ptr;
26407c478bd9Sstevel@tonic-gate
26417c478bd9Sstevel@tonic-gate ptr = strchr(&(name[0]), '\n');
26427c478bd9Sstevel@tonic-gate if (ptr != NULL)
26437c478bd9Sstevel@tonic-gate *ptr = '\0';
26447c478bd9Sstevel@tonic-gate else
26457c478bd9Sstevel@tonic-gate name[domainlen] = '\0';
26467c478bd9Sstevel@tonic-gate
26477c478bd9Sstevel@tonic-gate if (mode_verbose)
26487c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2649e1dd0a2fSth gettext("recover: old domainname "
2650e1dd0a2fSth "\"%s\"\n"), name);
26517c478bd9Sstevel@tonic-gate
26527c478bd9Sstevel@tonic-gate if (strlen(name) == 0)
26537c478bd9Sstevel@tonic-gate domain = 0;
26547c478bd9Sstevel@tonic-gate else
26557c478bd9Sstevel@tonic-gate domain = 1; /* flag that we have domain */
26567c478bd9Sstevel@tonic-gate
26577c478bd9Sstevel@tonic-gate }
26587c478bd9Sstevel@tonic-gate }
26597c478bd9Sstevel@tonic-gate
26607c478bd9Sstevel@tonic-gate
26617c478bd9Sstevel@tonic-gate /*
26627c478bd9Sstevel@tonic-gate * we can recover at this point
26637c478bd9Sstevel@tonic-gate * remove LDAP config files before restore
26647c478bd9Sstevel@tonic-gate */
26657c478bd9Sstevel@tonic-gate (void) unlink(NSCONFIGFILE);
26667c478bd9Sstevel@tonic-gate (void) unlink(NSCREDFILE);
26677c478bd9Sstevel@tonic-gate
26687c478bd9Sstevel@tonic-gate ldap_conf_file = strrchr(NSCONFIGFILE, '/') + 1;
26697c478bd9Sstevel@tonic-gate ldap_cred_file = strrchr(NSCREDFILE, '/') + 1;
26707c478bd9Sstevel@tonic-gate
26717c478bd9Sstevel@tonic-gate (void) strlcpy(ldap_file_back, LDAP_RESTORE_DIR "/", BUFSIZE);
26727c478bd9Sstevel@tonic-gate (void) strlcat(ldap_file_back, ldap_conf_file, BUFSIZE);
26737c478bd9Sstevel@tonic-gate
26747c478bd9Sstevel@tonic-gate stat_ret = stat(ldap_file_back, &buf);
26757c478bd9Sstevel@tonic-gate if (mode_verbose)
26767c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2677e1dd0a2fSth gettext("recover: stat(%s)=%d\n"),
2678e1dd0a2fSth ldap_file_back, stat_ret);
26797c478bd9Sstevel@tonic-gate if (stat_ret == 0) {
26807c478bd9Sstevel@tonic-gate if (saveState)
26817c478bd9Sstevel@tonic-gate gStartLdap = START_UNINIT;
26827c478bd9Sstevel@tonic-gate retcode = file_move(ldap_file_back, NSCONFIGFILE);
26837c478bd9Sstevel@tonic-gate if (mode_verbose)
26847c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2685e1dd0a2fSth gettext("recover: file_move(%s, %s)=%d\n"),
2686e1dd0a2fSth ldap_file_back, NSCONFIGFILE, retcode);
26877c478bd9Sstevel@tonic-gate if (retcode != 0)
26887c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2689e1dd0a2fSth gettext("recover: file_move(%s, %s) failed\n"),
2690e1dd0a2fSth ldap_file_back, NSCONFIGFILE);
26917c478bd9Sstevel@tonic-gate }
26927c478bd9Sstevel@tonic-gate
26937c478bd9Sstevel@tonic-gate (void) strlcpy(ldap_cred_back, LDAP_RESTORE_DIR "/", BUFSIZE);
26947c478bd9Sstevel@tonic-gate (void) strlcat(ldap_cred_back, ldap_cred_file, BUFSIZE);
26957c478bd9Sstevel@tonic-gate
26967c478bd9Sstevel@tonic-gate stat_ret = stat(ldap_cred_back, &buf);
26977c478bd9Sstevel@tonic-gate if (mode_verbose)
26987c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2699e1dd0a2fSth gettext("recover: stat(%s)=%d\n"),
2700e1dd0a2fSth ldap_cred_back, stat_ret);
27017c478bd9Sstevel@tonic-gate if (stat_ret == 0) {
27027c478bd9Sstevel@tonic-gate retcode = file_move(ldap_cred_back, NSCREDFILE);
27037c478bd9Sstevel@tonic-gate if (mode_verbose)
27047c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2705e1dd0a2fSth gettext("recover: file_move(%s, %s)=%d\n"),
2706e1dd0a2fSth ldap_cred_back, NSCREDFILE, retcode);
27077c478bd9Sstevel@tonic-gate if (retcode != 0)
27087c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2709e1dd0a2fSth gettext("recover: file_move(%s, %s) failed\n"),
2710e1dd0a2fSth ldap_cred_back, NSCREDFILE);
27117c478bd9Sstevel@tonic-gate }
27127c478bd9Sstevel@tonic-gate
27137c478bd9Sstevel@tonic-gate /* Check for recovery of NIS(YP) if we have a domainname */
27147c478bd9Sstevel@tonic-gate if (domain) {
27157c478bd9Sstevel@tonic-gate /* "name" would have to be huge for this, but just in case */
27167c478bd9Sstevel@tonic-gate if (strlen(name) >= (BUFSIZE - strlen(LDAP_RESTORE_DIR)))
27177c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
27187c478bd9Sstevel@tonic-gate if (strlen(name) >= (BUFSIZE - strlen(YP_BIND_DIR)))
27197c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
27207c478bd9Sstevel@tonic-gate
27217c478bd9Sstevel@tonic-gate (void) strlcpy(yp_dir_back, LDAP_RESTORE_DIR "/", BUFSIZE);
27227c478bd9Sstevel@tonic-gate (void) strlcat(yp_dir_back, name, BUFSIZE);
27237c478bd9Sstevel@tonic-gate stat_ret = stat(yp_dir_back, &buf);
27247c478bd9Sstevel@tonic-gate if (mode_verbose)
27257c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2726e1dd0a2fSth gettext("recover: stat(%s)=%d\n"),
2727e1dd0a2fSth yp_dir_back, stat_ret);
27287c478bd9Sstevel@tonic-gate if (stat_ret == 0) {
27297c478bd9Sstevel@tonic-gate (void) strlcpy(yp_dir, YP_BIND_DIR "/", BUFSIZE);
27307c478bd9Sstevel@tonic-gate (void) strlcat(yp_dir, name, BUFSIZE);
27317c478bd9Sstevel@tonic-gate retcode = file_move(yp_dir_back, yp_dir);
27327c478bd9Sstevel@tonic-gate if (mode_verbose)
27337c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2734e1dd0a2fSth gettext("recover: file_move(%s, "
2735e1dd0a2fSth "%s)=%d\n"),
2736e1dd0a2fSth yp_dir_back, yp_dir, retcode);
27377c478bd9Sstevel@tonic-gate if (retcode != 0) {
27387c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2739e1dd0a2fSth gettext("recover: file_move(%s, "
2740e1dd0a2fSth "%s) failed!\n"),
2741e1dd0a2fSth yp_dir_back, yp_dir);
27427c478bd9Sstevel@tonic-gate } else {
27437c478bd9Sstevel@tonic-gate if (saveState)
27447c478bd9Sstevel@tonic-gate gStartYp = START_UNINIT;
27457c478bd9Sstevel@tonic-gate }
27467c478bd9Sstevel@tonic-gate }
27477c478bd9Sstevel@tonic-gate }
27487c478bd9Sstevel@tonic-gate
27497c478bd9Sstevel@tonic-gate /* restore machine configuration */
27507c478bd9Sstevel@tonic-gate stat_ret = stat(NSSWITCH_BACK, &buf);
27517c478bd9Sstevel@tonic-gate if (mode_verbose)
27527c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2753e1dd0a2fSth gettext("recover: stat(%s)=%d\n"),
2754e1dd0a2fSth NSSWITCH_BACK, stat_ret);
27557c478bd9Sstevel@tonic-gate if (stat_ret == 0) {
27567c478bd9Sstevel@tonic-gate retcode = file_move(NSSWITCH_BACK, NSSWITCH_CONF);
27577c478bd9Sstevel@tonic-gate if (mode_verbose)
27587c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2759e1dd0a2fSth gettext("recover: file_move(%s, %s)=%d\n"),
2760e1dd0a2fSth NSSWITCH_BACK, NSSWITCH_CONF, retcode);
27617c478bd9Sstevel@tonic-gate if (retcode != 0)
27627c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2763e1dd0a2fSth gettext("recover: file_move(%s, %s) failed\n"),
2764e1dd0a2fSth NSSWITCH_BACK, NSSWITCH_CONF);
27657c478bd9Sstevel@tonic-gate }
27667c478bd9Sstevel@tonic-gate
27677c478bd9Sstevel@tonic-gate stat_ret = stat(DOMAINNAME_BACK, &buf);
27687c478bd9Sstevel@tonic-gate if (mode_verbose)
27697c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2770e1dd0a2fSth gettext("recover: stat(%s)=%d\n"),
2771e1dd0a2fSth DOMAINNAME_BACK, stat_ret);
27727c478bd9Sstevel@tonic-gate if (stat_ret == 0) {
27737c478bd9Sstevel@tonic-gate retcode = file_move(DOMAINNAME_BACK, DOMAINNAME);
27747c478bd9Sstevel@tonic-gate if (mode_verbose)
27757c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2776e1dd0a2fSth gettext("recover: file_move(%s, %s)=%d\n"),
2777e1dd0a2fSth DOMAINNAME_BACK, DOMAINNAME, retcode);
27787c478bd9Sstevel@tonic-gate if (retcode != 0)
27797c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2780e1dd0a2fSth gettext("recover: file_move(%s, %s) failed\n"),
2781e1dd0a2fSth DOMAINNAME_BACK, DOMAINNAME);
27827c478bd9Sstevel@tonic-gate }
27837c478bd9Sstevel@tonic-gate
27847c478bd9Sstevel@tonic-gate retcode = rmdir(LDAP_RESTORE_DIR);
27857c478bd9Sstevel@tonic-gate if (retcode != 0) {
27867c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2787e1dd0a2fSth gettext("Error removing \"%s\" directory.\n"),
2788e1dd0a2fSth LDAP_RESTORE_DIR);
27897c478bd9Sstevel@tonic-gate }
27907c478bd9Sstevel@tonic-gate
27917c478bd9Sstevel@tonic-gate return (CLIENT_SUCCESS);
27927c478bd9Sstevel@tonic-gate }
27937c478bd9Sstevel@tonic-gate
27947c478bd9Sstevel@tonic-gate /*
27957c478bd9Sstevel@tonic-gate * try to save the current state of this machine.
27967c478bd9Sstevel@tonic-gate * this just overwrites any old saved configration files.
27977c478bd9Sstevel@tonic-gate *
27987c478bd9Sstevel@tonic-gate * This function should only be called after network services have been stopped.
27997c478bd9Sstevel@tonic-gate *
28007c478bd9Sstevel@tonic-gate * Returns 0 on successful save
28017c478bd9Sstevel@tonic-gate * Otherwise returns -1
28027c478bd9Sstevel@tonic-gate */
28037c478bd9Sstevel@tonic-gate static int
file_backup(void)28047c478bd9Sstevel@tonic-gate file_backup(void)
28057c478bd9Sstevel@tonic-gate {
28067c478bd9Sstevel@tonic-gate struct stat buf;
28077c478bd9Sstevel@tonic-gate int domain_stat, conf_stat, ldap_stat;
280836e852a1SRaja Andra int yp_stat, restore_stat;
28097c478bd9Sstevel@tonic-gate int retcode, namelen, ret;
28107c478bd9Sstevel@tonic-gate char yp_dir[BUFSIZ], yp_dir_back[BUFSIZ];
28117c478bd9Sstevel@tonic-gate char name[BUFSIZ];
28127c478bd9Sstevel@tonic-gate char *ldap_conf_file, *ldap_cred_file;
28137c478bd9Sstevel@tonic-gate char ldap_file_back[BUFSIZE], ldap_cred_back[BUFSIZE];
28147c478bd9Sstevel@tonic-gate
28157c478bd9Sstevel@tonic-gate ret = CLIENT_SUCCESS;
28167c478bd9Sstevel@tonic-gate /* If running as Sysid Install become a no-op */
28177c478bd9Sstevel@tonic-gate if (sysid_install == B_TRUE)
28187c478bd9Sstevel@tonic-gate return (CLIENT_SUCCESS);
28197c478bd9Sstevel@tonic-gate
28207c478bd9Sstevel@tonic-gate /* If existing backup files, clear for this run */
28217c478bd9Sstevel@tonic-gate restore_stat = stat(LDAP_RESTORE_DIR, &buf);
28227c478bd9Sstevel@tonic-gate if (restore_stat == 0) {
28237c478bd9Sstevel@tonic-gate if (mode_verbose) {
28247c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
2825e1dd0a2fSth gettext("Removing existing restore "
2826e1dd0a2fSth "directory\n"),
2827e1dd0a2fSth stderr);
28287c478bd9Sstevel@tonic-gate }
28297c478bd9Sstevel@tonic-gate (void) system("/bin/rm -fr " LDAP_RESTORE_DIR);
28307c478bd9Sstevel@tonic-gate restore_stat = stat(LDAP_RESTORE_DIR, &buf);
28317c478bd9Sstevel@tonic-gate if (restore_stat == 0) {
28327c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2833e1dd0a2fSth gettext("Unable to remove backup "
2834e1dd0a2fSth "directory (%s)\n"),
2835e1dd0a2fSth LDAP_RESTORE_DIR);
28367c478bd9Sstevel@tonic-gate return (CLIENT_ERR_RESTORE);
28377c478bd9Sstevel@tonic-gate }
28387c478bd9Sstevel@tonic-gate }
28397c478bd9Sstevel@tonic-gate
28407c478bd9Sstevel@tonic-gate retcode = mkdir(LDAP_RESTORE_DIR, 0755);
28417c478bd9Sstevel@tonic-gate if (retcode != 0) {
28427c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2843e1dd0a2fSth gettext("file_backup: Failed to make %s backup "
2844e1dd0a2fSth "directory. mkdir=%d\n"),
2845e1dd0a2fSth LDAP_RESTORE_DIR, retcode);
28467c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
28477c478bd9Sstevel@tonic-gate }
28487c478bd9Sstevel@tonic-gate
28497c478bd9Sstevel@tonic-gate conf_stat = stat(NSSWITCH_CONF, &buf);
28507c478bd9Sstevel@tonic-gate if (mode_verbose)
28517c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2852e1dd0a2fSth gettext("file_backup: stat(%s)=%d\n"),
2853e1dd0a2fSth NSSWITCH_CONF, conf_stat);
28547c478bd9Sstevel@tonic-gate if (conf_stat == 0) {
28557c478bd9Sstevel@tonic-gate if (mode_verbose)
28567c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2857e1dd0a2fSth gettext("file_backup: (%s -> %s)\n"),
2858e1dd0a2fSth NSSWITCH_CONF, NSSWITCH_BACK);
28597c478bd9Sstevel@tonic-gate retcode = file_move(NSSWITCH_CONF, NSSWITCH_BACK);
28607c478bd9Sstevel@tonic-gate if (retcode != 0) {
28617c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2862e1dd0a2fSth gettext("file_backup: file_move(%s, %s) failed "
2863e1dd0a2fSth "with %d\n"),
2864e1dd0a2fSth NSSWITCH_CONF, NSSWITCH_BACK, retcode);
28657c478bd9Sstevel@tonic-gate ret = CLIENT_ERR_RENAME;
28667c478bd9Sstevel@tonic-gate }
28677c478bd9Sstevel@tonic-gate } else {
28687c478bd9Sstevel@tonic-gate if (mode_verbose)
28697c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2870e1dd0a2fSth gettext("file_backup: No %s file.\n"),
2871e1dd0a2fSth NSSWITCH_CONF);
28727c478bd9Sstevel@tonic-gate }
28737c478bd9Sstevel@tonic-gate
28747c478bd9Sstevel@tonic-gate domain_stat = stat(DOMAINNAME, &buf);
28757c478bd9Sstevel@tonic-gate if (mode_verbose)
28767c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2877e1dd0a2fSth gettext("file_backup: stat(%s)=%d\n"),
2878e1dd0a2fSth DOMAINNAME, domain_stat);
28797c478bd9Sstevel@tonic-gate if ((domain_stat == 0) && (buf.st_size > 0)) {
28807c478bd9Sstevel@tonic-gate if (mode_verbose)
28817c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2882e1dd0a2fSth gettext("file_backup: (%s -> %s)\n"),
2883e1dd0a2fSth DOMAINNAME, DOMAINNAME_BACK);
28847c478bd9Sstevel@tonic-gate retcode = file_move(DOMAINNAME, DOMAINNAME_BACK);
28857c478bd9Sstevel@tonic-gate if (retcode != 0) {
28867c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2887e1dd0a2fSth gettext("file_backup: file_move(%s, %s) failed "
2888e1dd0a2fSth "with %d\n"),
2889e1dd0a2fSth DOMAINNAME, DOMAINNAME_BACK, retcode);
28907c478bd9Sstevel@tonic-gate ret = CLIENT_ERR_RENAME;
28917c478bd9Sstevel@tonic-gate }
28927c478bd9Sstevel@tonic-gate } else {
28937c478bd9Sstevel@tonic-gate if (mode_verbose)
28947c478bd9Sstevel@tonic-gate if (domain_stat != 0) {
28957c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2896e1dd0a2fSth gettext("file_backup: No %s file.\n"),
2897e1dd0a2fSth DOMAINNAME);
28987c478bd9Sstevel@tonic-gate } else {
28997c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2900e1dd0a2fSth gettext("file_backup: Empty %s "
2901e1dd0a2fSth "file.\n"),
2902e1dd0a2fSth DOMAINNAME);
29037c478bd9Sstevel@tonic-gate }
29047c478bd9Sstevel@tonic-gate }
29057c478bd9Sstevel@tonic-gate
29067c478bd9Sstevel@tonic-gate namelen = BUFSIZ;
29077c478bd9Sstevel@tonic-gate (void) sysinfo(SI_SRPC_DOMAIN, &(name[0]), namelen);
29087c478bd9Sstevel@tonic-gate namelen = strlen(name);
29097c478bd9Sstevel@tonic-gate
29107c478bd9Sstevel@tonic-gate if (mode_verbose)
29117c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2912e1dd0a2fSth gettext("file_backup: nis domain is \"%s\"\n"),
2913e1dd0a2fSth (namelen > 0) ? name : "EMPTY");
29147c478bd9Sstevel@tonic-gate /* check for domain name if not set cannot save NIS(YP) state */
29157c478bd9Sstevel@tonic-gate if (namelen > 0) {
29167c478bd9Sstevel@tonic-gate /* moving /var/yp/binding will cause ypbind to core dump */
29177c478bd9Sstevel@tonic-gate (void) strlcpy(yp_dir, YP_BIND_DIR "/", BUFSIZE);
29187c478bd9Sstevel@tonic-gate (void) strlcat(yp_dir, name, BUFSIZE);
29197c478bd9Sstevel@tonic-gate yp_stat = stat(yp_dir, &buf);
29207c478bd9Sstevel@tonic-gate if (mode_verbose)
29217c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2922e1dd0a2fSth gettext("file_backup: stat(%s)=%d\n"),
2923e1dd0a2fSth yp_dir, yp_stat);
29247c478bd9Sstevel@tonic-gate if (yp_stat == 0) {
29257c478bd9Sstevel@tonic-gate (void) strlcpy(yp_dir_back, LDAP_RESTORE_DIR "/",
2926e1dd0a2fSth BUFSIZE);
29277c478bd9Sstevel@tonic-gate (void) strlcat(yp_dir_back, name, BUFSIZE);
29287c478bd9Sstevel@tonic-gate if (mode_verbose)
29297c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2930e1dd0a2fSth gettext("file_backup: (%s -> %s)\n"),
2931e1dd0a2fSth yp_dir, yp_dir_back);
29327c478bd9Sstevel@tonic-gate retcode = file_move(yp_dir, yp_dir_back);
29337c478bd9Sstevel@tonic-gate if (retcode != 0) {
29347c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2935e1dd0a2fSth gettext("file_backup: file_move(%s, %s)"
2936e1dd0a2fSth " failed with %d\n"),
2937e1dd0a2fSth yp_dir, yp_dir_back, retcode);
29387c478bd9Sstevel@tonic-gate ret = CLIENT_ERR_RENAME;
29397c478bd9Sstevel@tonic-gate }
29407c478bd9Sstevel@tonic-gate } else {
29417c478bd9Sstevel@tonic-gate if (mode_verbose)
29427c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2943e1dd0a2fSth gettext("file_backup: No %s "
2944e1dd0a2fSth "directory.\n"), yp_dir);
29457c478bd9Sstevel@tonic-gate }
29467c478bd9Sstevel@tonic-gate }
29477c478bd9Sstevel@tonic-gate
29487c478bd9Sstevel@tonic-gate
29497c478bd9Sstevel@tonic-gate /* point to file name, not path delim (/) */
29507c478bd9Sstevel@tonic-gate ldap_conf_file = strrchr(NSCONFIGFILE, '/') + 1;
29517c478bd9Sstevel@tonic-gate ldap_cred_file = strrchr(NSCREDFILE, '/') + 1;
29527c478bd9Sstevel@tonic-gate
29537c478bd9Sstevel@tonic-gate ldap_stat = stat(NSCONFIGFILE, &buf);
29547c478bd9Sstevel@tonic-gate if (mode_verbose)
29557c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2956e1dd0a2fSth gettext("file_backup: stat(%s)=%d\n"),
2957e1dd0a2fSth NSCONFIGFILE, ldap_stat);
29587c478bd9Sstevel@tonic-gate if (ldap_stat == 0) {
29597c478bd9Sstevel@tonic-gate (void) strlcpy(ldap_file_back, LDAP_RESTORE_DIR "/", BUFSIZE);
29607c478bd9Sstevel@tonic-gate (void) strlcat(ldap_file_back, ldap_conf_file, BUFSIZE);
29617c478bd9Sstevel@tonic-gate if (mode_verbose)
29627c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2963e1dd0a2fSth gettext("file_backup: (%s -> %s)\n"),
2964e1dd0a2fSth NSCONFIGFILE, ldap_file_back);
29657c478bd9Sstevel@tonic-gate retcode = file_move(NSCONFIGFILE, ldap_file_back);
29667c478bd9Sstevel@tonic-gate if (retcode != 0) {
29677c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2968e1dd0a2fSth gettext("file_backup: file_move(%s, %s) failed "
2969e1dd0a2fSth "with %d\n"),
2970e1dd0a2fSth NSCONFIGFILE, ldap_file_back, retcode);
29717c478bd9Sstevel@tonic-gate ret = CLIENT_ERR_RENAME;
29727c478bd9Sstevel@tonic-gate }
29737c478bd9Sstevel@tonic-gate
29747c478bd9Sstevel@tonic-gate (void) strlcpy(ldap_cred_back, LDAP_RESTORE_DIR "/", BUFSIZE);
29757c478bd9Sstevel@tonic-gate (void) strlcat(ldap_cred_back, ldap_cred_file, BUFSIZE);
29767c478bd9Sstevel@tonic-gate if (mode_verbose)
29777c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2978e1dd0a2fSth gettext("file_backup: (%s -> %s)\n"),
2979e1dd0a2fSth NSCREDFILE, ldap_cred_back);
29807c478bd9Sstevel@tonic-gate retcode = file_move(NSCREDFILE, ldap_cred_back);
29817c478bd9Sstevel@tonic-gate if (retcode != 0) {
29827c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2983e1dd0a2fSth gettext("file_backup: file_move(%s, %s) failed "
2984e1dd0a2fSth "with %d\n"),
2985e1dd0a2fSth NSCREDFILE, ldap_cred_back, retcode);
29867c478bd9Sstevel@tonic-gate ret = CLIENT_ERR_RENAME;
29877c478bd9Sstevel@tonic-gate }
29887c478bd9Sstevel@tonic-gate } else {
29897c478bd9Sstevel@tonic-gate if (mode_verbose)
29907c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
2991e1dd0a2fSth gettext("file_backup: No %s file.\n"),
2992e1dd0a2fSth NSCONFIGFILE);
29937c478bd9Sstevel@tonic-gate }
29947c478bd9Sstevel@tonic-gate
29957c478bd9Sstevel@tonic-gate return (ret);
29967c478bd9Sstevel@tonic-gate }
29977c478bd9Sstevel@tonic-gate
29987c478bd9Sstevel@tonic-gate /*
29997c478bd9Sstevel@tonic-gate * mod_backup()
30007c478bd9Sstevel@tonic-gate *
30017c478bd9Sstevel@tonic-gate * This function is used to temporily backup the LDAP client files in /var/ldap
30027c478bd9Sstevel@tonic-gate * that the "mod" operation needs to update. If an error occurs then the
30037c478bd9Sstevel@tonic-gate * function mod_recover() can be invoke to recover the unmodified files.
30047c478bd9Sstevel@tonic-gate */
30057c478bd9Sstevel@tonic-gate static int
mod_backup(void)30067c478bd9Sstevel@tonic-gate mod_backup(void)
30077c478bd9Sstevel@tonic-gate {
30087c478bd9Sstevel@tonic-gate int rc;
30097c478bd9Sstevel@tonic-gate int retcode = CLIENT_SUCCESS;
30107c478bd9Sstevel@tonic-gate
30117c478bd9Sstevel@tonic-gate rc = system(CMD_CP " " NSCONFIGFILE " " NSCONFIGFILE ".mod");
30127c478bd9Sstevel@tonic-gate retcode += rc;
30137c478bd9Sstevel@tonic-gate if (mode_verbose)
30147c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
30157c478bd9Sstevel@tonic-gate gettext("mod_backup: backup %s for %s\n"),
30167c478bd9Sstevel@tonic-gate rc ? "failed" : "successful", NSCONFIGFILE);
30177c478bd9Sstevel@tonic-gate
30187c478bd9Sstevel@tonic-gate rc = system(CMD_CP " " NSCREDFILE " " NSCREDFILE ".mod");
30197c478bd9Sstevel@tonic-gate retcode += rc;
30207c478bd9Sstevel@tonic-gate if (mode_verbose)
30217c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
30227c478bd9Sstevel@tonic-gate gettext("mod_backup: backup %s for %s\n"),
30237c478bd9Sstevel@tonic-gate rc ? "failed" : "successful", NSCREDFILE);
30247c478bd9Sstevel@tonic-gate
30257c478bd9Sstevel@tonic-gate rc = system(CMD_CP " " DOMAINNAME " " DOMAINNAME ".mod");
30267c478bd9Sstevel@tonic-gate retcode += rc;
30277c478bd9Sstevel@tonic-gate if (mode_verbose)
30287c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
30297c478bd9Sstevel@tonic-gate gettext("mod_backup: backup %s for %s\n"),
30307c478bd9Sstevel@tonic-gate rc ? "failed" : "successful", DOMAINNAME);
30317c478bd9Sstevel@tonic-gate
30327c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS)
30337c478bd9Sstevel@tonic-gate retcode = CLIENT_ERR_RENAME;
30347c478bd9Sstevel@tonic-gate return (retcode);
30357c478bd9Sstevel@tonic-gate }
30367c478bd9Sstevel@tonic-gate
30377c478bd9Sstevel@tonic-gate /*
30387c478bd9Sstevel@tonic-gate * mod_recover()
30397c478bd9Sstevel@tonic-gate *
30407c478bd9Sstevel@tonic-gate * This function is used to recover the temporily backed up files by
30417c478bd9Sstevel@tonic-gate * the mod_backup() function if an error occurs during the "mod"
30427c478bd9Sstevel@tonic-gate * operation.
30437c478bd9Sstevel@tonic-gate */
30447c478bd9Sstevel@tonic-gate static int
mod_recover(void)30457c478bd9Sstevel@tonic-gate mod_recover(void)
30467c478bd9Sstevel@tonic-gate {
30477c478bd9Sstevel@tonic-gate int rc;
30487c478bd9Sstevel@tonic-gate int retcode = CLIENT_SUCCESS;
30497c478bd9Sstevel@tonic-gate
30507c478bd9Sstevel@tonic-gate rc = system(CMD_MV " " NSCONFIGFILE ".mod " NSCONFIGFILE);
30517c478bd9Sstevel@tonic-gate retcode += rc;
30527c478bd9Sstevel@tonic-gate if (mode_verbose)
30537c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
30547c478bd9Sstevel@tonic-gate gettext("mod_recover: recovery %s for %s\n"),
30557c478bd9Sstevel@tonic-gate rc ? "failed" : "successful", NSCONFIGFILE);
30567c478bd9Sstevel@tonic-gate
30577c478bd9Sstevel@tonic-gate rc = system(CMD_MV " " NSCREDFILE ".mod " NSCREDFILE);
30587c478bd9Sstevel@tonic-gate retcode += rc;
30597c478bd9Sstevel@tonic-gate if (mode_verbose)
30607c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
30617c478bd9Sstevel@tonic-gate gettext("mod_recover: recovery %s for %s\n"),
30627c478bd9Sstevel@tonic-gate rc ? "failed" : "successful", NSCREDFILE);
30637c478bd9Sstevel@tonic-gate
30647c478bd9Sstevel@tonic-gate rc = system(CMD_MV " " DOMAINNAME ".mod " DOMAINNAME);
30657c478bd9Sstevel@tonic-gate retcode += rc;
30667c478bd9Sstevel@tonic-gate if (mode_verbose)
30677c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
30687c478bd9Sstevel@tonic-gate gettext("mod_recover: recovery %s for %s\n"),
30697c478bd9Sstevel@tonic-gate rc ? "failed" : "successful", DOMAINNAME);
30707c478bd9Sstevel@tonic-gate
30717c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS)
30727c478bd9Sstevel@tonic-gate retcode = CLIENT_ERR_RENAME;
30737c478bd9Sstevel@tonic-gate return (retcode);
30747c478bd9Sstevel@tonic-gate }
30757c478bd9Sstevel@tonic-gate
30767c478bd9Sstevel@tonic-gate /*
30777c478bd9Sstevel@tonic-gate * mod_cleanup()
30787c478bd9Sstevel@tonic-gate *
30797c478bd9Sstevel@tonic-gate * This function removes the .mod files in /var/ldap.
30807c478bd9Sstevel@tonic-gate */
30817c478bd9Sstevel@tonic-gate static void
mod_cleanup(void)30827c478bd9Sstevel@tonic-gate mod_cleanup(void)
30837c478bd9Sstevel@tonic-gate {
30847c478bd9Sstevel@tonic-gate (void) system(CMD_RM " " NSCONFIGFILE ".mod " TO_DEV_NULL);
30857c478bd9Sstevel@tonic-gate (void) system(CMD_RM " " NSCREDFILE ".mod " TO_DEV_NULL);
30867c478bd9Sstevel@tonic-gate (void) system(CMD_RM " " DOMAINNAME ".mod " TO_DEV_NULL);
30877c478bd9Sstevel@tonic-gate }
30887c478bd9Sstevel@tonic-gate
30897c478bd9Sstevel@tonic-gate #define MAX_DN_ARRAY 100
30907c478bd9Sstevel@tonic-gate #define LDAP_NAMINGCONTEXTS "namingcontexts"
30917c478bd9Sstevel@tonic-gate
30927c478bd9Sstevel@tonic-gate static multival_t *
multival_new()30937c478bd9Sstevel@tonic-gate multival_new()
30947c478bd9Sstevel@tonic-gate {
30957c478bd9Sstevel@tonic-gate multival_t *hold;
30967c478bd9Sstevel@tonic-gate
30977c478bd9Sstevel@tonic-gate hold = calloc(1, sizeof (multival_t));
30987c478bd9Sstevel@tonic-gate if (hold == NULL) {
30997c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
3100e1dd0a2fSth gettext("multival_new: Memory allocation error\n"),
3101e1dd0a2fSth stderr);
31027c478bd9Sstevel@tonic-gate }
31037c478bd9Sstevel@tonic-gate return (hold); /* NULL -> error */
31047c478bd9Sstevel@tonic-gate }
31057c478bd9Sstevel@tonic-gate
31067c478bd9Sstevel@tonic-gate static int
multival_add(multival_t * list,char * opt)31077c478bd9Sstevel@tonic-gate multival_add(multival_t *list, char *opt)
31087c478bd9Sstevel@tonic-gate {
31097c478bd9Sstevel@tonic-gate if (opt == NULL) {
31107c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
3111e1dd0a2fSth gettext("Empty value passed to multival_add\n"),
3112e1dd0a2fSth stderr);
31137c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
31147c478bd9Sstevel@tonic-gate }
31157c478bd9Sstevel@tonic-gate
31167c478bd9Sstevel@tonic-gate if (list->count == 0) {
31177c478bd9Sstevel@tonic-gate list->optlist = (char **)malloc(sizeof (char **));
31187c478bd9Sstevel@tonic-gate } else {
31197c478bd9Sstevel@tonic-gate list->optlist = (char **)realloc(list->optlist,
3120e1dd0a2fSth (list->count + 1) * sizeof (char **));
31217c478bd9Sstevel@tonic-gate }
31227c478bd9Sstevel@tonic-gate
31237c478bd9Sstevel@tonic-gate if (list->optlist == NULL) {
31247c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error allocating memory\n"), stderr);
31257c478bd9Sstevel@tonic-gate return (CLIENT_ERR_MEMORY); /* 0 is success */
31267c478bd9Sstevel@tonic-gate }
31277c478bd9Sstevel@tonic-gate
31287c478bd9Sstevel@tonic-gate list->optlist[list->count] = opt;
31297c478bd9Sstevel@tonic-gate list->count++;
31307c478bd9Sstevel@tonic-gate
31317c478bd9Sstevel@tonic-gate return (CLIENT_SUCCESS);
31327c478bd9Sstevel@tonic-gate }
31337c478bd9Sstevel@tonic-gate
31347c478bd9Sstevel@tonic-gate static void
multival_free(multival_t * list)31357c478bd9Sstevel@tonic-gate multival_free(multival_t *list)
31367c478bd9Sstevel@tonic-gate {
31377c478bd9Sstevel@tonic-gate if (list == NULL)
31387c478bd9Sstevel@tonic-gate return;
31397c478bd9Sstevel@tonic-gate
31407c478bd9Sstevel@tonic-gate if (list->optlist != NULL)
31417c478bd9Sstevel@tonic-gate free(list->optlist);
31427c478bd9Sstevel@tonic-gate free(list);
31437c478bd9Sstevel@tonic-gate }
31447c478bd9Sstevel@tonic-gate
31457c478bd9Sstevel@tonic-gate static clientopts_t *
clientopts_new()31467c478bd9Sstevel@tonic-gate clientopts_new()
31477c478bd9Sstevel@tonic-gate {
31487c478bd9Sstevel@tonic-gate clientopts_t *hold;
31497c478bd9Sstevel@tonic-gate
31507c478bd9Sstevel@tonic-gate hold = calloc(1, sizeof (clientopts_t));
31517c478bd9Sstevel@tonic-gate if (NULL == hold) {
31527c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error allocating memory for "
3153e1dd0a2fSth "clientopts structure\n"), stderr);
31547c478bd9Sstevel@tonic-gate return (hold); /* NULL -> error */
31557c478bd9Sstevel@tonic-gate }
31567c478bd9Sstevel@tonic-gate
31577c478bd9Sstevel@tonic-gate hold->serviceAuthenticationMethod = multival_new();
31587c478bd9Sstevel@tonic-gate if (NULL == hold->serviceAuthenticationMethod) {
31597c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error allocating memory for "
3160e1dd0a2fSth "serviceAuthenticationMethod\n"), stderr);
31617c478bd9Sstevel@tonic-gate free(hold);
31627c478bd9Sstevel@tonic-gate return (NULL); /* NULL -> error */
31637c478bd9Sstevel@tonic-gate }
31647c478bd9Sstevel@tonic-gate
31657c478bd9Sstevel@tonic-gate hold->serviceCredentialLevel = multival_new();
31667c478bd9Sstevel@tonic-gate if (NULL == hold->serviceCredentialLevel) {
31677c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error allocating memory for "
3168e1dd0a2fSth "serviceCredentialLevel\n"), stderr);
31697c478bd9Sstevel@tonic-gate multival_free(hold->serviceAuthenticationMethod);
31707c478bd9Sstevel@tonic-gate free(hold);
31717c478bd9Sstevel@tonic-gate return (NULL); /* NULL -> error */
31727c478bd9Sstevel@tonic-gate }
31737c478bd9Sstevel@tonic-gate
31747c478bd9Sstevel@tonic-gate hold->objectclassMap = multival_new();
31757c478bd9Sstevel@tonic-gate if (NULL == hold->objectclassMap) {
31767c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error allocating memory for "
3177e1dd0a2fSth "objectclassMap\n"), stderr);
31787c478bd9Sstevel@tonic-gate multival_free(hold->serviceAuthenticationMethod);
31797c478bd9Sstevel@tonic-gate multival_free(hold->serviceCredentialLevel);
31807c478bd9Sstevel@tonic-gate free(hold);
31817c478bd9Sstevel@tonic-gate return (NULL); /* NULL -> error */
31827c478bd9Sstevel@tonic-gate }
31837c478bd9Sstevel@tonic-gate
31847c478bd9Sstevel@tonic-gate hold->attributeMap = multival_new();
31857c478bd9Sstevel@tonic-gate if (NULL == hold->attributeMap) {
31867c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error allocating memory for "
3187e1dd0a2fSth "attributeMap\n"), stderr);
31887c478bd9Sstevel@tonic-gate multival_free(hold->serviceAuthenticationMethod);
31897c478bd9Sstevel@tonic-gate multival_free(hold->serviceCredentialLevel);
31907c478bd9Sstevel@tonic-gate multival_free(hold->objectclassMap);
31917c478bd9Sstevel@tonic-gate free(hold);
31927c478bd9Sstevel@tonic-gate return (NULL); /* NULL -> error */
31937c478bd9Sstevel@tonic-gate }
31947c478bd9Sstevel@tonic-gate
31957c478bd9Sstevel@tonic-gate hold->serviceSearchDescriptor = multival_new();
31967c478bd9Sstevel@tonic-gate if (NULL == hold->serviceSearchDescriptor) {
31977c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Error allocating memory for "
3198e1dd0a2fSth "serviceSearchDescriptor\n"), stderr);
31997c478bd9Sstevel@tonic-gate multival_free(hold->serviceAuthenticationMethod);
32007c478bd9Sstevel@tonic-gate multival_free(hold->serviceCredentialLevel);
32017c478bd9Sstevel@tonic-gate multival_free(hold->objectclassMap);
32027c478bd9Sstevel@tonic-gate multival_free(hold->attributeMap);
32037c478bd9Sstevel@tonic-gate free(hold);
32047c478bd9Sstevel@tonic-gate return (NULL); /* NULL -> error */
32057c478bd9Sstevel@tonic-gate }
32067c478bd9Sstevel@tonic-gate
32077c478bd9Sstevel@tonic-gate return (hold);
32087c478bd9Sstevel@tonic-gate }
32097c478bd9Sstevel@tonic-gate
32107c478bd9Sstevel@tonic-gate static void
clientopts_free(clientopts_t * list)32117c478bd9Sstevel@tonic-gate clientopts_free(clientopts_t *list)
32127c478bd9Sstevel@tonic-gate {
32137c478bd9Sstevel@tonic-gate if (NULL == list)
32147c478bd9Sstevel@tonic-gate return;
32157c478bd9Sstevel@tonic-gate
32167c478bd9Sstevel@tonic-gate multival_free(list->serviceAuthenticationMethod);
32177c478bd9Sstevel@tonic-gate multival_free(list->serviceCredentialLevel);
32187c478bd9Sstevel@tonic-gate multival_free(list->objectclassMap);
32197c478bd9Sstevel@tonic-gate multival_free(list->attributeMap);
32207c478bd9Sstevel@tonic-gate multival_free(list->serviceSearchDescriptor);
32217c478bd9Sstevel@tonic-gate
32227c478bd9Sstevel@tonic-gate free(list);
32237c478bd9Sstevel@tonic-gate
32247c478bd9Sstevel@tonic-gate }
32257c478bd9Sstevel@tonic-gate
32267c478bd9Sstevel@tonic-gate static void
multival_list(char * opt,multival_t * list)32277c478bd9Sstevel@tonic-gate multival_list(char *opt, multival_t *list)
32287c478bd9Sstevel@tonic-gate {
32297c478bd9Sstevel@tonic-gate int i;
32307c478bd9Sstevel@tonic-gate
32317c478bd9Sstevel@tonic-gate if (list->count == 0)
32327c478bd9Sstevel@tonic-gate return;
32337c478bd9Sstevel@tonic-gate
32347c478bd9Sstevel@tonic-gate (void) puts(opt);
32357c478bd9Sstevel@tonic-gate for (i = 0; i < list->count; i++) {
32367c478bd9Sstevel@tonic-gate (void) printf("\t\targ[%d]: %s\n", i, list->optlist[i]);
32377c478bd9Sstevel@tonic-gate }
32387c478bd9Sstevel@tonic-gate }
32397c478bd9Sstevel@tonic-gate
32407c478bd9Sstevel@tonic-gate /* return the number of arguments specified in the command line */
32417c478bd9Sstevel@tonic-gate static int
num_args(clientopts_t * list)32427c478bd9Sstevel@tonic-gate num_args(clientopts_t *list)
32437c478bd9Sstevel@tonic-gate {
32447c478bd9Sstevel@tonic-gate int arg_count = 0;
32457c478bd9Sstevel@tonic-gate
32467c478bd9Sstevel@tonic-gate arg_count += list->authenticationMethod ? 1 : 0;
32477c478bd9Sstevel@tonic-gate arg_count += list->serviceAuthenticationMethod->count;
32487c478bd9Sstevel@tonic-gate arg_count += list->defaultSearchBase ? 1 : 0;
32497c478bd9Sstevel@tonic-gate arg_count += list->credentialLevel ? 1 : 0;
32507c478bd9Sstevel@tonic-gate arg_count += list->serviceCredentialLevel->count;
32517c478bd9Sstevel@tonic-gate arg_count += list->domainName ? 1 : 0;
32527c478bd9Sstevel@tonic-gate arg_count += list->proxyDN ? 1 : 0;
3253dd1104fbSMichen Chang arg_count += list->enableShadowUpdate ? 1 : 0;
3254dd1104fbSMichen Chang arg_count += list->adminDN ? 1 : 0;
32557c478bd9Sstevel@tonic-gate arg_count += list->profileTTL ? 1 : 0;
32567c478bd9Sstevel@tonic-gate arg_count += list->objectclassMap->count;
32577c478bd9Sstevel@tonic-gate arg_count += list->searchTimeLimit ? 1 : 0;
32587c478bd9Sstevel@tonic-gate arg_count += list->preferredServerList ? 1 : 0;
32597c478bd9Sstevel@tonic-gate arg_count += list->profileName ? 1 : 0;
32607c478bd9Sstevel@tonic-gate arg_count += list->followReferrals ? 1 : 0;
32617c478bd9Sstevel@tonic-gate arg_count += list->attributeMap->count;
32627c478bd9Sstevel@tonic-gate arg_count += list->defaultSearchScope ? 1 : 0;
32637c478bd9Sstevel@tonic-gate arg_count += list->serviceSearchDescriptor->count;
32647c478bd9Sstevel@tonic-gate arg_count += list->bindTimeLimit ? 1 : 0;
32657c478bd9Sstevel@tonic-gate arg_count += list->proxyPassword ? 1 : 0;
3266dd1104fbSMichen Chang arg_count += list->adminPassword ? 1 : 0;
32677c478bd9Sstevel@tonic-gate arg_count += list->defaultServerList ? 1 : 0;
32687c478bd9Sstevel@tonic-gate arg_count += list->certificatePath ? 1 : 0;
32697c478bd9Sstevel@tonic-gate
32707c478bd9Sstevel@tonic-gate return (arg_count);
32717c478bd9Sstevel@tonic-gate }
32727c478bd9Sstevel@tonic-gate
32737c478bd9Sstevel@tonic-gate #define CLIENT_PRINT(opt, str) if (str) \
32747c478bd9Sstevel@tonic-gate (void) printf("%s%s\n", (opt), (str))
32757c478bd9Sstevel@tonic-gate
32767c478bd9Sstevel@tonic-gate static void
dumpargs(clientopts_t * list)32777c478bd9Sstevel@tonic-gate dumpargs(clientopts_t *list)
32787c478bd9Sstevel@tonic-gate {
32797c478bd9Sstevel@tonic-gate CLIENT_PRINT("\tauthenticationMethod: ", list->authenticationMethod);
32807c478bd9Sstevel@tonic-gate multival_list("\tserviceAuthenticationMethod: ",
3281e1dd0a2fSth list->serviceAuthenticationMethod);
32827c478bd9Sstevel@tonic-gate CLIENT_PRINT("\tdefaultSearchBase: ", list->defaultSearchBase);
32837c478bd9Sstevel@tonic-gate CLIENT_PRINT("\tcredentialLevel: ", list->credentialLevel);
32847c478bd9Sstevel@tonic-gate multival_list("\tserviceCredentialLevel: ",
3285e1dd0a2fSth list->serviceCredentialLevel);
32867c478bd9Sstevel@tonic-gate CLIENT_PRINT("\tdomainName: ", list->domainName);
32877c478bd9Sstevel@tonic-gate CLIENT_PRINT("\tproxyDN: ", list->proxyDN);
3288dd1104fbSMichen Chang CLIENT_PRINT("\tadminDN: ", list->adminDN);
3289dd1104fbSMichen Chang CLIENT_PRINT("\tenableShadowUpdate: ", list->enableShadowUpdate);
32907c478bd9Sstevel@tonic-gate CLIENT_PRINT("\tprofileTTL: ", list->profileTTL);
32917c478bd9Sstevel@tonic-gate multival_list("\tobjectclassMap: ", list->objectclassMap);
32927c478bd9Sstevel@tonic-gate CLIENT_PRINT("\tsearchTimeLimit: ", list->searchTimeLimit);
32937c478bd9Sstevel@tonic-gate CLIENT_PRINT("\tpreferredServerList: ", list->preferredServerList);
32947c478bd9Sstevel@tonic-gate CLIENT_PRINT("\tprofileName: ", list->profileName);
32957c478bd9Sstevel@tonic-gate CLIENT_PRINT("\tfollowReferrals: ", list->followReferrals);
32967c478bd9Sstevel@tonic-gate multival_list("\tattributeMap: ", list->attributeMap);
32977c478bd9Sstevel@tonic-gate CLIENT_PRINT("\tdefaultSearchScope: ", list->defaultSearchScope);
32987c478bd9Sstevel@tonic-gate multival_list("\tserviceSearchDescriptor: ",
3299e1dd0a2fSth list->serviceSearchDescriptor);
33007c478bd9Sstevel@tonic-gate CLIENT_PRINT("\tbindTimeLimit: ", list->bindTimeLimit);
33017c478bd9Sstevel@tonic-gate CLIENT_PRINT("\tproxyPassword: ", list->proxyPassword);
3302dd1104fbSMichen Chang CLIENT_PRINT("\tadminPassword: ", list->adminPassword);
33037c478bd9Sstevel@tonic-gate CLIENT_PRINT("\tdefaultServerList: ", list->defaultServerList);
33047c478bd9Sstevel@tonic-gate CLIENT_PRINT("\tcertificatePath: ", list->certificatePath);
33057c478bd9Sstevel@tonic-gate }
33067c478bd9Sstevel@tonic-gate
33077c478bd9Sstevel@tonic-gate
33087c478bd9Sstevel@tonic-gate /* These definitions are only used in parseParam() below. */
33097c478bd9Sstevel@tonic-gate struct param {
33107c478bd9Sstevel@tonic-gate char *name;
33117c478bd9Sstevel@tonic-gate int index;
33127c478bd9Sstevel@tonic-gate };
33137c478bd9Sstevel@tonic-gate
33147c478bd9Sstevel@tonic-gate static struct param paramArray[] = {
33157c478bd9Sstevel@tonic-gate {"proxyDN", NS_LDAP_BINDDN_P},
33167c478bd9Sstevel@tonic-gate {"proxyPassword", NS_LDAP_BINDPASSWD_P},
33177c478bd9Sstevel@tonic-gate {"defaultServerList", NS_LDAP_SERVERS_P},
33187c478bd9Sstevel@tonic-gate {"defaultSearchBase", NS_LDAP_SEARCH_BASEDN_P},
33197c478bd9Sstevel@tonic-gate {"authenticationMethod", NS_LDAP_AUTH_P},
33207c478bd9Sstevel@tonic-gate {"followReferrals", NS_LDAP_SEARCH_REF_P},
33217c478bd9Sstevel@tonic-gate {"profileTTL", NS_LDAP_CACHETTL_P},
33227c478bd9Sstevel@tonic-gate {"certificatePath", NS_LDAP_HOST_CERTPATH_P},
33237c478bd9Sstevel@tonic-gate {"defaultSearchScope", NS_LDAP_SEARCH_SCOPE_P},
33247c478bd9Sstevel@tonic-gate {"bindTimeLimit", NS_LDAP_BIND_TIME_P},
33257c478bd9Sstevel@tonic-gate {"searchTimeLimit", NS_LDAP_SEARCH_TIME_P},
33267c478bd9Sstevel@tonic-gate {"preferredServerList", NS_LDAP_SERVER_PREF_P},
33277c478bd9Sstevel@tonic-gate {"profileName", NS_LDAP_PROFILE_P},
33287c478bd9Sstevel@tonic-gate {"credentialLevel", NS_LDAP_CREDENTIAL_LEVEL_P},
33297c478bd9Sstevel@tonic-gate {"serviceSearchDescriptor", NS_LDAP_SERVICE_SEARCH_DESC_P},
33307c478bd9Sstevel@tonic-gate {"attributeMap", NS_LDAP_ATTRIBUTEMAP_P},
33317c478bd9Sstevel@tonic-gate {"objectclassMap", NS_LDAP_OBJECTCLASSMAP_P},
33327c478bd9Sstevel@tonic-gate {"serviceAuthenticationMethod", NS_LDAP_SERVICE_AUTH_METHOD_P},
33337c478bd9Sstevel@tonic-gate {"serviceCredentialLevel", NS_LDAP_SERVICE_CRED_LEVEL_P},
33347c478bd9Sstevel@tonic-gate {"domainName", LOCAL_DOMAIN_P},
3335dd1104fbSMichen Chang {"enableShadowUpdate", NS_LDAP_ENABLE_SHADOW_UPDATE_P},
3336dd1104fbSMichen Chang {"adminDN", NS_LDAP_ADMIN_BINDDN_P},
3337dd1104fbSMichen Chang {"adminPassword", NS_LDAP_ADMIN_BINDPASSWD_P},
33387c478bd9Sstevel@tonic-gate {NULL, 0}
33397c478bd9Sstevel@tonic-gate };
33407c478bd9Sstevel@tonic-gate
33417c478bd9Sstevel@tonic-gate static int
parseParam(char * param,char ** paramVal)33427c478bd9Sstevel@tonic-gate parseParam(char *param, char **paramVal)
33437c478bd9Sstevel@tonic-gate {
33447c478bd9Sstevel@tonic-gate char *val = NULL;
33457c478bd9Sstevel@tonic-gate int counter;
33467c478bd9Sstevel@tonic-gate
33477c478bd9Sstevel@tonic-gate if (mode_verbose) {
33487c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, gettext("Parsing %s\n"), param);
33497c478bd9Sstevel@tonic-gate }
33507c478bd9Sstevel@tonic-gate
33517c478bd9Sstevel@tonic-gate val = strchr(param, '=');
33527c478bd9Sstevel@tonic-gate if (val == NULL) {
33537c478bd9Sstevel@tonic-gate CLIENT_FPUTS(
3354e1dd0a2fSth gettext("Didn\'t find \'=\' character in string\n"),
3355e1dd0a2fSth stderr);
33567c478bd9Sstevel@tonic-gate paramVal = NULL;
33577c478bd9Sstevel@tonic-gate return (CLIENT_ERR_PARSE);
33587c478bd9Sstevel@tonic-gate }
33597c478bd9Sstevel@tonic-gate
33607c478bd9Sstevel@tonic-gate *val = '\0';
33617c478bd9Sstevel@tonic-gate
33627c478bd9Sstevel@tonic-gate for (counter = 0; paramArray[counter].name != NULL; counter++) {
33637c478bd9Sstevel@tonic-gate if (strcasecmp(paramArray[counter].name, param) == 0) {
33647c478bd9Sstevel@tonic-gate *paramVal = val+1;
33657c478bd9Sstevel@tonic-gate *val = '='; /* restore original param */
33667c478bd9Sstevel@tonic-gate return (paramArray[counter].index);
33677c478bd9Sstevel@tonic-gate }
33687c478bd9Sstevel@tonic-gate }
33697c478bd9Sstevel@tonic-gate
33707c478bd9Sstevel@tonic-gate /* Not found */
33717c478bd9Sstevel@tonic-gate *val = '='; /* restore original param */
33727c478bd9Sstevel@tonic-gate *paramVal = NULL;
33737c478bd9Sstevel@tonic-gate return (CLIENT_ERR_PARSE);
33747c478bd9Sstevel@tonic-gate }
33757c478bd9Sstevel@tonic-gate
33767c478bd9Sstevel@tonic-gate /*
33777c478bd9Sstevel@tonic-gate * The following macro checks if an option has already been specified
33787c478bd9Sstevel@tonic-gate * and errs out with usage if so
33797c478bd9Sstevel@tonic-gate */
33807c478bd9Sstevel@tonic-gate #define CLIENT_OPT_CHECK(opt, optarg) \
33817c478bd9Sstevel@tonic-gate if (optarg) { \
33827c478bd9Sstevel@tonic-gate CLIENT_FPUTS(gettext("Invalid use of option\n"), stderr); \
33837c478bd9Sstevel@tonic-gate usage(); \
33847c478bd9Sstevel@tonic-gate clientopts_free(optlist); \
33857c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL); \
33867c478bd9Sstevel@tonic-gate }
33877c478bd9Sstevel@tonic-gate
33887c478bd9Sstevel@tonic-gate static int
clientSetParam(clientopts_t * optlist,int paramFlag,char * attrVal)33897c478bd9Sstevel@tonic-gate clientSetParam(clientopts_t *optlist, int paramFlag, char *attrVal)
33907c478bd9Sstevel@tonic-gate {
33917c478bd9Sstevel@tonic-gate int retcode = 0;
33927c478bd9Sstevel@tonic-gate int counter;
33937c478bd9Sstevel@tonic-gate
33947c478bd9Sstevel@tonic-gate
33957c478bd9Sstevel@tonic-gate switch (paramFlag) {
33967c478bd9Sstevel@tonic-gate case NS_LDAP_AUTH_P:
33977c478bd9Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->authenticationMethod);
33987c478bd9Sstevel@tonic-gate optlist->authenticationMethod = attrVal;
33997c478bd9Sstevel@tonic-gate break;
34007c478bd9Sstevel@tonic-gate
34017c478bd9Sstevel@tonic-gate case NS_LDAP_SERVICE_AUTH_METHOD_P: /* multiple allowed */
34027c478bd9Sstevel@tonic-gate retcode = multival_add(optlist->serviceAuthenticationMethod,
3403e1dd0a2fSth attrVal);
34047c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
34057c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
3406e1dd0a2fSth gettext("Error processing attrVal %s\n"),
3407e1dd0a2fSth attrVal?attrVal:"NULL");
34087c478bd9Sstevel@tonic-gate usage();
34097c478bd9Sstevel@tonic-gate clientopts_free(optlist);
34107c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
34117c478bd9Sstevel@tonic-gate }
34127c478bd9Sstevel@tonic-gate break;
34137c478bd9Sstevel@tonic-gate
34147c478bd9Sstevel@tonic-gate case NS_LDAP_SEARCH_BASEDN_P:
34157c478bd9Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->defaultSearchBase);
34167c478bd9Sstevel@tonic-gate optlist->defaultSearchBase = attrVal;
34177c478bd9Sstevel@tonic-gate break;
34187c478bd9Sstevel@tonic-gate
34197c478bd9Sstevel@tonic-gate case NS_LDAP_CREDENTIAL_LEVEL_P:
34207c478bd9Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->credentialLevel);
34217c478bd9Sstevel@tonic-gate optlist->credentialLevel = attrVal;
34227c478bd9Sstevel@tonic-gate break;
34237c478bd9Sstevel@tonic-gate
34247c478bd9Sstevel@tonic-gate case NS_LDAP_SERVICE_CRED_LEVEL_P: /* multiple allowed */
34257c478bd9Sstevel@tonic-gate retcode = multival_add(optlist->serviceCredentialLevel,
3426e1dd0a2fSth attrVal);
34277c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
34287c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
3429e1dd0a2fSth gettext("Error processing attrVal %s\n"),
3430e1dd0a2fSth attrVal?attrVal:"NULL");
34317c478bd9Sstevel@tonic-gate usage();
34327c478bd9Sstevel@tonic-gate clientopts_free(optlist);
34337c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
34347c478bd9Sstevel@tonic-gate }
34357c478bd9Sstevel@tonic-gate break;
34367c478bd9Sstevel@tonic-gate
34377c478bd9Sstevel@tonic-gate case LOCAL_DOMAIN_P:
34387c478bd9Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->domainName);
34397c478bd9Sstevel@tonic-gate optlist->domainName = attrVal;
34407c478bd9Sstevel@tonic-gate dname = optlist->domainName;
34417c478bd9Sstevel@tonic-gate break;
34427c478bd9Sstevel@tonic-gate
34437c478bd9Sstevel@tonic-gate case NS_LDAP_BINDDN_P:
34447c478bd9Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->proxyDN);
34457c478bd9Sstevel@tonic-gate optlist->proxyDN = attrVal;
34467c478bd9Sstevel@tonic-gate break;
34477c478bd9Sstevel@tonic-gate
3448dd1104fbSMichen Chang case NS_LDAP_ENABLE_SHADOW_UPDATE_P:
3449dd1104fbSMichen Chang CLIENT_OPT_CHECK(paramFlag, optlist->enableShadowUpdate);
3450dd1104fbSMichen Chang optlist->enableShadowUpdate = attrVal;
3451dd1104fbSMichen Chang break;
3452dd1104fbSMichen Chang
3453dd1104fbSMichen Chang case NS_LDAP_ADMIN_BINDDN_P:
3454dd1104fbSMichen Chang CLIENT_OPT_CHECK(paramFlag, optlist->adminDN);
3455dd1104fbSMichen Chang optlist->adminDN = attrVal;
3456dd1104fbSMichen Chang break;
3457dd1104fbSMichen Chang
34587c478bd9Sstevel@tonic-gate case NS_LDAP_CACHETTL_P:
34597c478bd9Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->profileTTL);
34607c478bd9Sstevel@tonic-gate optlist->profileTTL = attrVal;
34617c478bd9Sstevel@tonic-gate break;
34627c478bd9Sstevel@tonic-gate
34637c478bd9Sstevel@tonic-gate case NS_LDAP_OBJECTCLASSMAP_P: /* multiple allowed */
34647c478bd9Sstevel@tonic-gate retcode = multival_add(optlist->objectclassMap, attrVal);
34657c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
34667c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
3467e1dd0a2fSth gettext("Error processing attrVal %s\n"),
3468e1dd0a2fSth attrVal?attrVal:"NULL");
34697c478bd9Sstevel@tonic-gate usage();
34707c478bd9Sstevel@tonic-gate clientopts_free(optlist);
34717c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
34727c478bd9Sstevel@tonic-gate }
34737c478bd9Sstevel@tonic-gate break;
34747c478bd9Sstevel@tonic-gate
34757c478bd9Sstevel@tonic-gate case NS_LDAP_SEARCH_TIME_P:
34767c478bd9Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->searchTimeLimit);
34777c478bd9Sstevel@tonic-gate optlist->searchTimeLimit = attrVal;
34787c478bd9Sstevel@tonic-gate break;
34797c478bd9Sstevel@tonic-gate
34807c478bd9Sstevel@tonic-gate case NS_LDAP_SERVER_PREF_P:
34817c478bd9Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->preferredServerList);
34827c478bd9Sstevel@tonic-gate optlist->preferredServerList = attrVal;
34837c478bd9Sstevel@tonic-gate /* replace ',' chars with ' ' for proper syntax */
34847c478bd9Sstevel@tonic-gate for (counter = 0;
3485e1dd0a2fSth counter < strlen(optlist->preferredServerList);
3486e1dd0a2fSth counter++) {
34877c478bd9Sstevel@tonic-gate
34887c478bd9Sstevel@tonic-gate if (optlist->preferredServerList[counter] == ',')
34897c478bd9Sstevel@tonic-gate optlist->preferredServerList[counter] = ' ';
34907c478bd9Sstevel@tonic-gate }
34917c478bd9Sstevel@tonic-gate break;
34927c478bd9Sstevel@tonic-gate
34937c478bd9Sstevel@tonic-gate case NS_LDAP_PROFILE_P:
34947c478bd9Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->profileName);
34957c478bd9Sstevel@tonic-gate optlist->profileName = attrVal;
34967c478bd9Sstevel@tonic-gate break;
34977c478bd9Sstevel@tonic-gate
34987c478bd9Sstevel@tonic-gate case NS_LDAP_SEARCH_REF_P:
34997c478bd9Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->followReferrals);
35007c478bd9Sstevel@tonic-gate if (0 == strcasecmp(attrVal, "followref"))
35017c478bd9Sstevel@tonic-gate optlist->followReferrals = "TRUE";
35027c478bd9Sstevel@tonic-gate else if (0 == strcasecmp(attrVal, "noref"))
35037c478bd9Sstevel@tonic-gate optlist->followReferrals = "FALSE";
35047c478bd9Sstevel@tonic-gate else
35057c478bd9Sstevel@tonic-gate optlist->followReferrals = attrVal;
35067c478bd9Sstevel@tonic-gate break;
35077c478bd9Sstevel@tonic-gate
35087c478bd9Sstevel@tonic-gate case NS_LDAP_ATTRIBUTEMAP_P: /* multiple allowed */
35097c478bd9Sstevel@tonic-gate retcode = multival_add(optlist->attributeMap, attrVal);
35107c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
35117c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
3512e1dd0a2fSth gettext("Error processing attrVal %s\n"),
3513e1dd0a2fSth attrVal?attrVal:"NULL");
35147c478bd9Sstevel@tonic-gate usage();
35157c478bd9Sstevel@tonic-gate clientopts_free(optlist);
35167c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
35177c478bd9Sstevel@tonic-gate }
35187c478bd9Sstevel@tonic-gate break;
35197c478bd9Sstevel@tonic-gate
35207c478bd9Sstevel@tonic-gate case NS_LDAP_SEARCH_SCOPE_P:
35217c478bd9Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->defaultSearchScope);
35227c478bd9Sstevel@tonic-gate optlist->defaultSearchScope = attrVal;
35237c478bd9Sstevel@tonic-gate break;
35247c478bd9Sstevel@tonic-gate
35257c478bd9Sstevel@tonic-gate case NS_LDAP_SERVICE_SEARCH_DESC_P: /* multiple allowed */
35267c478bd9Sstevel@tonic-gate retcode = multival_add(optlist->serviceSearchDescriptor,
3527e1dd0a2fSth attrVal);
35287c478bd9Sstevel@tonic-gate if (retcode != CLIENT_SUCCESS) {
35297c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
3530e1dd0a2fSth gettext("Error processing attrVal %s\n"),
3531e1dd0a2fSth attrVal?attrVal:"NULL");
35327c478bd9Sstevel@tonic-gate usage();
35337c478bd9Sstevel@tonic-gate clientopts_free(optlist);
35347c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
35357c478bd9Sstevel@tonic-gate }
35367c478bd9Sstevel@tonic-gate break;
35377c478bd9Sstevel@tonic-gate
35387c478bd9Sstevel@tonic-gate case NS_LDAP_BIND_TIME_P:
35397c478bd9Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->bindTimeLimit);
35407c478bd9Sstevel@tonic-gate optlist->bindTimeLimit = attrVal;
35417c478bd9Sstevel@tonic-gate break;
35427c478bd9Sstevel@tonic-gate
35437c478bd9Sstevel@tonic-gate case NS_LDAP_BINDPASSWD_P:
35447c478bd9Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->proxyPassword);
35457c478bd9Sstevel@tonic-gate optlist->proxyPassword = attrVal;
35467c478bd9Sstevel@tonic-gate break;
35477c478bd9Sstevel@tonic-gate
3548dd1104fbSMichen Chang case NS_LDAP_ADMIN_BINDPASSWD_P:
3549dd1104fbSMichen Chang CLIENT_OPT_CHECK(paramFlag, optlist->adminPassword);
3550dd1104fbSMichen Chang optlist->adminPassword = attrVal;
3551dd1104fbSMichen Chang break;
3552dd1104fbSMichen Chang
35537c478bd9Sstevel@tonic-gate case NS_LDAP_HOST_CERTPATH_P:
35547c478bd9Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->certificatePath);
35557c478bd9Sstevel@tonic-gate optlist->certificatePath = attrVal;
35567c478bd9Sstevel@tonic-gate break;
35577c478bd9Sstevel@tonic-gate
35587c478bd9Sstevel@tonic-gate case NS_LDAP_SERVERS_P:
35597c478bd9Sstevel@tonic-gate CLIENT_OPT_CHECK(paramFlag, optlist->defaultServerList);
35607c478bd9Sstevel@tonic-gate optlist->defaultServerList = attrVal;
35617c478bd9Sstevel@tonic-gate break;
35627c478bd9Sstevel@tonic-gate
35637c478bd9Sstevel@tonic-gate default:
35647c478bd9Sstevel@tonic-gate usage();
35657c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
35667c478bd9Sstevel@tonic-gate /* break; lint doesn't like break before end of switch */
35677c478bd9Sstevel@tonic-gate }
35687c478bd9Sstevel@tonic-gate
35697c478bd9Sstevel@tonic-gate return (retcode);
35707c478bd9Sstevel@tonic-gate }
35717c478bd9Sstevel@tonic-gate
35727c478bd9Sstevel@tonic-gate /*
35737c478bd9Sstevel@tonic-gate * file_move() - Used to move a config file (backup/restore).
35747c478bd9Sstevel@tonic-gate *
35757c478bd9Sstevel@tonic-gate * This function uses a system() call with /bin/mv to handle the
35767c478bd9Sstevel@tonic-gate * case where the backup directory (/var) is on a different file
35777c478bd9Sstevel@tonic-gate * system than the config file (typically /etc).
35787c478bd9Sstevel@tonic-gate */
35797c478bd9Sstevel@tonic-gate static int
file_move(const char * from,const char * to)35807c478bd9Sstevel@tonic-gate file_move(const char *from, const char *to)
35817c478bd9Sstevel@tonic-gate {
35827c478bd9Sstevel@tonic-gate int retcode;
35837c478bd9Sstevel@tonic-gate char mvCommand[] = CMD_MV;
35847c478bd9Sstevel@tonic-gate char cmd_buffer[(2 * MAXPATHLEN) + sizeof (mvCommand) + 3];
35857c478bd9Sstevel@tonic-gate
35867c478bd9Sstevel@tonic-gate (void) snprintf(cmd_buffer, sizeof (cmd_buffer), "%s %s %s",
3587e1dd0a2fSth mvCommand, from, to);
35887c478bd9Sstevel@tonic-gate
35897c478bd9Sstevel@tonic-gate /*
35907c478bd9Sstevel@tonic-gate * This function should only be used internally to move
35917c478bd9Sstevel@tonic-gate * system files to/from the backup directory. For security
35927c478bd9Sstevel@tonic-gate * reasons (this is run as root), don't use this function
35937c478bd9Sstevel@tonic-gate * with arguments passed into the program.
35947c478bd9Sstevel@tonic-gate */
35957c478bd9Sstevel@tonic-gate retcode = system(cmd_buffer);
35967c478bd9Sstevel@tonic-gate
35977c478bd9Sstevel@tonic-gate return (retcode);
35987c478bd9Sstevel@tonic-gate }
35997c478bd9Sstevel@tonic-gate
36007c478bd9Sstevel@tonic-gate
36017c478bd9Sstevel@tonic-gate /*
36027c478bd9Sstevel@tonic-gate * Manipulate the service as instructed by "dowhat"
36037c478bd9Sstevel@tonic-gate */
36047c478bd9Sstevel@tonic-gate static int
do_service(const char * fmri,boolean_t waitflag,int dowhat,const char * state)36057c478bd9Sstevel@tonic-gate do_service(const char *fmri, boolean_t waitflag, int dowhat,
36067c478bd9Sstevel@tonic-gate const char *state) {
36077c478bd9Sstevel@tonic-gate
36087c478bd9Sstevel@tonic-gate int status;
36097c478bd9Sstevel@tonic-gate boolean_t is_maint;
36107c478bd9Sstevel@tonic-gate const char *what = gettext("not set");
36117c478bd9Sstevel@tonic-gate useconds_t max;
36127c478bd9Sstevel@tonic-gate
36137c478bd9Sstevel@tonic-gate /* Check if we are in maintenance */
36147c478bd9Sstevel@tonic-gate is_maint = is_service(fmri, SCF_STATE_STRING_MAINT);
36157c478bd9Sstevel@tonic-gate
36167c478bd9Sstevel@tonic-gate switch (dowhat) {
36177c478bd9Sstevel@tonic-gate case START_SERVICE:
36187c478bd9Sstevel@tonic-gate what = gettext("start");
36197c478bd9Sstevel@tonic-gate status = smf_enable_instance(fmri,
36207c478bd9Sstevel@tonic-gate (sysid_install == B_TRUE)?SMF_TEMPORARY:0);
36217c478bd9Sstevel@tonic-gate break;
36227c478bd9Sstevel@tonic-gate case STOP_SERVICE:
36237c478bd9Sstevel@tonic-gate what = gettext("stop");
36247c478bd9Sstevel@tonic-gate status = smf_disable_instance(fmri,
36257c478bd9Sstevel@tonic-gate (sysid_install == B_TRUE)?SMF_TEMPORARY:0);
36267c478bd9Sstevel@tonic-gate break;
36277c478bd9Sstevel@tonic-gate case RESTART_SERVICE:
36287c478bd9Sstevel@tonic-gate what = gettext("restart");
36297c478bd9Sstevel@tonic-gate status = smf_restart_instance(fmri);
36307c478bd9Sstevel@tonic-gate break;
36317c478bd9Sstevel@tonic-gate default:
36327c478bd9Sstevel@tonic-gate /* coding error; will not happen */
36337c478bd9Sstevel@tonic-gate assert(0);
36347c478bd9Sstevel@tonic-gate }
36357c478bd9Sstevel@tonic-gate
36367c478bd9Sstevel@tonic-gate /*
36377c478bd9Sstevel@tonic-gate * If the service was previously in maintenance then we need to
36387c478bd9Sstevel@tonic-gate * clear it immediately. The "dowhat" action will set the
36397c478bd9Sstevel@tonic-gate * enabled property of the service as intended by the caller while
36407c478bd9Sstevel@tonic-gate * clear will actually cause it to be enabled/disabled.
36417c478bd9Sstevel@tonic-gate * We assume that the caller has called us after taking some
36427c478bd9Sstevel@tonic-gate * recovery action. Even if it's not the case, we don't lose
36437c478bd9Sstevel@tonic-gate * anything.
36447c478bd9Sstevel@tonic-gate */
36457c478bd9Sstevel@tonic-gate if (status == 0 && is_maint == B_TRUE) {
36467c478bd9Sstevel@tonic-gate if (mode_verbose)
36477c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
36487c478bd9Sstevel@tonic-gate "%s: %s... %s\n",
36497c478bd9Sstevel@tonic-gate what,
36507c478bd9Sstevel@tonic-gate fmri,
36517c478bd9Sstevel@tonic-gate gettext("restoring from maintenance state"));
36527c478bd9Sstevel@tonic-gate status = smf_restore_instance(fmri);
36537c478bd9Sstevel@tonic-gate }
36547c478bd9Sstevel@tonic-gate
36557c478bd9Sstevel@tonic-gate if (status == 0) {
36567c478bd9Sstevel@tonic-gate /* Check if we need to wait ? */
36577c478bd9Sstevel@tonic-gate if (waitflag == B_FALSE) {
36587c478bd9Sstevel@tonic-gate if (mode_verbose)
36597c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
36607c478bd9Sstevel@tonic-gate "%s: %s... %s\n",
36617c478bd9Sstevel@tonic-gate what,
36627c478bd9Sstevel@tonic-gate fmri,
36637c478bd9Sstevel@tonic-gate gettext("success"));
36647c478bd9Sstevel@tonic-gate return (CLIENT_SUCCESS);
36657c478bd9Sstevel@tonic-gate }
36667c478bd9Sstevel@tonic-gate
36677c478bd9Sstevel@tonic-gate /* Otherwise wait for max seconds (from the manifest) */
36687c478bd9Sstevel@tonic-gate max = get_timeout_value(dowhat, fmri, DEFAULT_TIMEOUT);
36697c478bd9Sstevel@tonic-gate status = wait_till(fmri, state, max, what, !is_maint);
36707c478bd9Sstevel@tonic-gate if (status == CLIENT_SUCCESS)
36717c478bd9Sstevel@tonic-gate return (CLIENT_SUCCESS);
36727c478bd9Sstevel@tonic-gate /* For error fall through for corrective action */
36737c478bd9Sstevel@tonic-gate } else {
36747c478bd9Sstevel@tonic-gate /* Well, service failed ... */
36757c478bd9Sstevel@tonic-gate if (mode_verbose)
36767c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, "%s: %s... %s: %s\n",
36777c478bd9Sstevel@tonic-gate what,
36787c478bd9Sstevel@tonic-gate fmri,
36797c478bd9Sstevel@tonic-gate gettext("failed"),
36807c478bd9Sstevel@tonic-gate scf_strerror(scf_error()));
36817c478bd9Sstevel@tonic-gate status = CLIENT_ERR_FAIL;
36827c478bd9Sstevel@tonic-gate /* For error fall through for corrective action */
36837c478bd9Sstevel@tonic-gate }
36847c478bd9Sstevel@tonic-gate
36857c478bd9Sstevel@tonic-gate /*
36867c478bd9Sstevel@tonic-gate * If service is still offline after start/restart, then transitioning
36877c478bd9Sstevel@tonic-gate * failed and guess is restarter failed to apply the timeout as well.
36887c478bd9Sstevel@tonic-gate * So instead of leaving it offline, let's just disable it until we have
36897c478bd9Sstevel@tonic-gate * some other mechanism available from smf to handle such situation.
36907c478bd9Sstevel@tonic-gate */
36917c478bd9Sstevel@tonic-gate if (dowhat != STOP_SERVICE)
36927c478bd9Sstevel@tonic-gate if (is_service(fmri, SCF_STATE_STRING_OFFLINE)) {
36937c478bd9Sstevel@tonic-gate if (mode_verbose)
36947c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
36957c478bd9Sstevel@tonic-gate "%s: %s... %s\n",
36967c478bd9Sstevel@tonic-gate what,
36977c478bd9Sstevel@tonic-gate fmri,
36987c478bd9Sstevel@tonic-gate gettext("offline to disable"));
36997c478bd9Sstevel@tonic-gate (void) disable_service(fmri, waitflag);
37007c478bd9Sstevel@tonic-gate }
37017c478bd9Sstevel@tonic-gate
37027c478bd9Sstevel@tonic-gate return (status);
37037c478bd9Sstevel@tonic-gate }
37047c478bd9Sstevel@tonic-gate
37057c478bd9Sstevel@tonic-gate
37067c478bd9Sstevel@tonic-gate /*
37077c478bd9Sstevel@tonic-gate * Wait for "max" usecs for the service described by "fmri" to change
37087c478bd9Sstevel@tonic-gate * to "state". If check_maint is true then return immediately if
37097c478bd9Sstevel@tonic-gate * service goes into maintenance
37107c478bd9Sstevel@tonic-gate */
37117c478bd9Sstevel@tonic-gate static int
wait_till(const char * fmri,const char * state,useconds_t max,const char * what,boolean_t check_maint)37127c478bd9Sstevel@tonic-gate wait_till(const char *fmri, const char *state, useconds_t max,
37137c478bd9Sstevel@tonic-gate const char *what, boolean_t check_maint) {
37147c478bd9Sstevel@tonic-gate char *st;
37157c478bd9Sstevel@tonic-gate useconds_t usecs = INIT_WAIT_USECS;
37167c478bd9Sstevel@tonic-gate
37177c478bd9Sstevel@tonic-gate for (; max > 0; max -= usecs) {
37187c478bd9Sstevel@tonic-gate /* incremental wait */
37197c478bd9Sstevel@tonic-gate usecs *= 2;
37207c478bd9Sstevel@tonic-gate usecs = (usecs > max)?max:usecs;
37217c478bd9Sstevel@tonic-gate if (mode_verbose)
37227c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
37237c478bd9Sstevel@tonic-gate "%s: %s %u %s\n",
37247c478bd9Sstevel@tonic-gate what, gettext("sleep"), usecs,
37257c478bd9Sstevel@tonic-gate gettext("microseconds"));
37267c478bd9Sstevel@tonic-gate (void) usleep(usecs);
37277c478bd9Sstevel@tonic-gate
37287c478bd9Sstevel@tonic-gate /* Check state after the wait */
37297c478bd9Sstevel@tonic-gate if ((st = smf_get_state(fmri)) != NULL) {
37307c478bd9Sstevel@tonic-gate if (strcmp(st, state) == 0) {
37317c478bd9Sstevel@tonic-gate if (mode_verbose)
37327c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
37337c478bd9Sstevel@tonic-gate "%s: %s... %s\n",
37347c478bd9Sstevel@tonic-gate what,
37357c478bd9Sstevel@tonic-gate fmri,
37367c478bd9Sstevel@tonic-gate gettext("success"));
37377c478bd9Sstevel@tonic-gate free(st);
37387c478bd9Sstevel@tonic-gate return (CLIENT_SUCCESS);
37397c478bd9Sstevel@tonic-gate }
37407c478bd9Sstevel@tonic-gate
37417c478bd9Sstevel@tonic-gate /*
37427c478bd9Sstevel@tonic-gate * If service has gone into maintenance then
37437c478bd9Sstevel@tonic-gate * we will time out anyway, so we are better
37447c478bd9Sstevel@tonic-gate * off returning now
37457c478bd9Sstevel@tonic-gate */
37467c478bd9Sstevel@tonic-gate if (check_maint &&
37477c478bd9Sstevel@tonic-gate strcmp(st, SCF_STATE_STRING_MAINT) == 0) {
37487c478bd9Sstevel@tonic-gate if (mode_verbose)
37497c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
37507c478bd9Sstevel@tonic-gate "%s: %s... %s\n",
37517c478bd9Sstevel@tonic-gate what,
37527c478bd9Sstevel@tonic-gate fmri,
37537c478bd9Sstevel@tonic-gate gettext("maintenance"));
37547c478bd9Sstevel@tonic-gate free(st);
37557c478bd9Sstevel@tonic-gate return (CLIENT_ERR_MAINTENANCE);
37567c478bd9Sstevel@tonic-gate }
37577c478bd9Sstevel@tonic-gate free(st);
37587c478bd9Sstevel@tonic-gate } else {
37597c478bd9Sstevel@tonic-gate if (mode_verbose)
37607c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
37617c478bd9Sstevel@tonic-gate "%s: %s... %s: %s\n",
37627c478bd9Sstevel@tonic-gate what,
37637c478bd9Sstevel@tonic-gate fmri,
37647c478bd9Sstevel@tonic-gate gettext("failed"),
37657c478bd9Sstevel@tonic-gate scf_strerror(scf_error()));
37667c478bd9Sstevel@tonic-gate return (CLIENT_ERR_FAIL);
37677c478bd9Sstevel@tonic-gate }
37687c478bd9Sstevel@tonic-gate }
37697c478bd9Sstevel@tonic-gate
37707c478bd9Sstevel@tonic-gate /* Timed out waiting */
37717c478bd9Sstevel@tonic-gate if (mode_verbose)
37727c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr,
37737c478bd9Sstevel@tonic-gate "%s: %s... %s\n",
37747c478bd9Sstevel@tonic-gate what,
37757c478bd9Sstevel@tonic-gate fmri,
37767c478bd9Sstevel@tonic-gate gettext("timed out"));
37777c478bd9Sstevel@tonic-gate return (CLIENT_ERR_TIMEDOUT);
37787c478bd9Sstevel@tonic-gate }
37797c478bd9Sstevel@tonic-gate
37807c478bd9Sstevel@tonic-gate
37817c478bd9Sstevel@tonic-gate static boolean_t
is_service(const char * fmri,const char * state)37827c478bd9Sstevel@tonic-gate is_service(const char *fmri, const char *state) {
37837c478bd9Sstevel@tonic-gate char *st;
37847c478bd9Sstevel@tonic-gate boolean_t result = B_FALSE;
37857c478bd9Sstevel@tonic-gate
37867c478bd9Sstevel@tonic-gate if ((st = smf_get_state(fmri)) != NULL) {
37877c478bd9Sstevel@tonic-gate if (strcmp(st, state) == 0)
37887c478bd9Sstevel@tonic-gate result = B_TRUE;
37897c478bd9Sstevel@tonic-gate free(st);
37907c478bd9Sstevel@tonic-gate }
37917c478bd9Sstevel@tonic-gate return (result);
37927c478bd9Sstevel@tonic-gate }
37937c478bd9Sstevel@tonic-gate
37947c478bd9Sstevel@tonic-gate
37957c478bd9Sstevel@tonic-gate /*
37967c478bd9Sstevel@tonic-gate *
37977c478bd9Sstevel@tonic-gate * get_timeout_val : returns the timeout value set in fmri manifest
37987c478bd9Sstevel@tonic-gate * inputs : action(start/stop)
37997c478bd9Sstevel@tonic-gate * fmri(defined fmri string)
38007c478bd9Sstevel@tonic-gate * Returns default if error, the timeout val otherwise
38017c478bd9Sstevel@tonic-gate *
38027c478bd9Sstevel@tonic-gate */
38037c478bd9Sstevel@tonic-gate
38047c478bd9Sstevel@tonic-gate static useconds_t
get_timeout_value(int dowhat,const char * fmri,useconds_t default_val)38057c478bd9Sstevel@tonic-gate get_timeout_value(int dowhat, const char *fmri, useconds_t default_val)
38067c478bd9Sstevel@tonic-gate {
38077c478bd9Sstevel@tonic-gate scf_simple_prop_t *sp = NULL;
38087c478bd9Sstevel@tonic-gate uint64_t *cp = NULL;
38097c478bd9Sstevel@tonic-gate int timeout = default_val/1000000;
38107c478bd9Sstevel@tonic-gate char *action = NULL;
38117c478bd9Sstevel@tonic-gate const char *actionstr = NULL;
38127c478bd9Sstevel@tonic-gate
38137c478bd9Sstevel@tonic-gate switch (dowhat) {
38147c478bd9Sstevel@tonic-gate case START_SERVICE:
38157c478bd9Sstevel@tonic-gate case RESTART_SERVICE:
38167c478bd9Sstevel@tonic-gate action = "start";
38177c478bd9Sstevel@tonic-gate actionstr = gettext("start");
38187c478bd9Sstevel@tonic-gate break;
38197c478bd9Sstevel@tonic-gate case STOP_SERVICE:
38207c478bd9Sstevel@tonic-gate action = "stop";
38217c478bd9Sstevel@tonic-gate actionstr = gettext("stop");
38227c478bd9Sstevel@tonic-gate break;
38237c478bd9Sstevel@tonic-gate default:
38247c478bd9Sstevel@tonic-gate assert(0);
38257c478bd9Sstevel@tonic-gate }
38267c478bd9Sstevel@tonic-gate
38277c478bd9Sstevel@tonic-gate
38287c478bd9Sstevel@tonic-gate sp = scf_simple_prop_get(NULL, fmri, action, SCF_PROPERTY_TIMEOUT);
38297c478bd9Sstevel@tonic-gate if (sp == NULL) {
38307c478bd9Sstevel@tonic-gate if (mode_verbose)
38317c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, "%s: %s... %s: %s\n",
3832e1dd0a2fSth actionstr,
3833e1dd0a2fSth fmri,
3834e1dd0a2fSth gettext("failed to retrieve timeout property"),
3835e1dd0a2fSth scf_strerror(scf_error()));
38367c478bd9Sstevel@tonic-gate return (default_val);
38377c478bd9Sstevel@tonic-gate }
38387c478bd9Sstevel@tonic-gate
38397c478bd9Sstevel@tonic-gate cp = scf_simple_prop_next_count(sp);
38407c478bd9Sstevel@tonic-gate if (cp == NULL) {
38417c478bd9Sstevel@tonic-gate if (mode_verbose)
38427c478bd9Sstevel@tonic-gate CLIENT_FPRINTF(stderr, "%s: %s... %s: %s\n",
3843e1dd0a2fSth actionstr,
3844e1dd0a2fSth fmri,
3845e1dd0a2fSth gettext("failed to retrieve timeout value"),
3846e1dd0a2fSth scf_strerror(scf_error()));
38477c478bd9Sstevel@tonic-gate scf_simple_prop_free(sp);
38487c478bd9Sstevel@tonic-gate return (default_val);
38497c478bd9Sstevel@tonic-gate }
38507c478bd9Sstevel@tonic-gate
38517c478bd9Sstevel@tonic-gate if (*cp != 0)
38527c478bd9Sstevel@tonic-gate timeout = *cp;
38537c478bd9Sstevel@tonic-gate scf_simple_prop_free(sp);
38547c478bd9Sstevel@tonic-gate return (timeout * 1000000);
38557c478bd9Sstevel@tonic-gate }
3856