idmap_config.c revision e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* Config routines common to idmap(1M) and idmapd(1M)
*/
#include <stdlib.h>
#include <strings.h>
#include <libintl.h>
#include <ctype.h>
#include <errno.h>
#include "idmapd.h"
#include <stdio.h>
#include <stdarg.h>
#include <pthread.h>
#include <port.h>
#include "addisc.h"
#define CONFIG_PG "config"
#define GENERAL_PG "general"
/* initial length of the array for policy options/attributes: */
#define DEF_ARRAY_LENGTH 16
/*LINTLIBRARY*/
static const char *me = "idmapd";
static pthread_t update_thread_handle = 0;
int hup_ev_port = -1;
extern int hupped;
static int
generate_machine_sid(char **machine_sid) {
char *p;
/*
* Generate and split 128-bit UUID into four 32-bit RIDs
* The machine_sid will be of the form S-1-5-N1-N2-N3-N4
* We depart from Windows here, which instead of 128
* bits worth of random numbers uses 96 bits.
*/
if (*machine_sid == NULL) {
return (-1);
}
uuid_clear(uu);
for (i = 0; i < UUID_LEN/4; i++) {
j = i * 4;
p += rlen;
}
return (0);
}
/* Check if in the case of failure the original value of *val is preserved */
static int
{
int rc = 0;
/* this is OK: the property is just undefined */
goto destruction;
/* It is still OK when a property doesn't have any value */
goto destruction;
switch (type) {
case SCF_TYPE_BOOLEAN:
break;
case SCF_TYPE_COUNT:
break;
case SCF_TYPE_INTEGER:
break;
default:
rc = -1;
break;
}
return (rc);
}
static char *
int rc = -1;
char buf_size = 127;
int length;
for (;;) {
if (length < 0) {
rc = -1;
goto destruction;
}
buf_size *= 2;
if (!buf) {
rc = -1;
goto destruction;
}
} else {
rc = 0;
break;
}
}
if (rc < 0) {
if (buf)
}
return (buf);
}
static int
ad_disc_ds_t **val)
{
int len, i;
int count = 0;
int rc = -1;
/* this is OK: the property is just undefined */
rc = 0;
goto destruction;
}
"%s: scf_iter_property_values(%s) failed: %s",
goto destruction;
}
/* Workaround scf bugs -- can't reset an iteration */
if (count == 0) {
count++;
if (count == 0) {
/* no values */
rc = 0;
goto destruction;
}
goto restart;
}
goto destruction;
}
i = 0;
goto destruction;
}
*portstr++ = '\0';
(char **)NULL, 10);
}
/* Ignore this server if the hostname is too long */
i++;
}
rc = 0;
if (rc < 0) {
if (servers)
}
return (rc);
}
static int
{
int rc = 0;
/* this is OK: the property is just undefined */
goto destruction;
"%s: scf_property_get_value(%s) failed: %s",
rc = -1;
goto destruction;
}
rc = -1;
if (rc < 0) {
if (*val)
}
return (rc);
}
static int
{
int rc = -1;
int ret = -2;
int i;
goto destruction;
}
"%s: scf_transaction_start(%s) failed: %s",
goto destruction;
}
SCF_TYPE_ASTRING) < 0) {
"%s: scf_transaction_property_new() failed: %s",
goto destruction;
}
"%s: scf_value_set_astring() failed: %s",
goto destruction;
}
"%s: scf_entry_add_value() failed: %s",
goto destruction;
}
break;
/*
* Property group set in scf_transaction_start()
* is not the most recent. Update pg, reset tx and
* retry tx.
*/
"%s: scf_transaction_commit(%s) failed - Retry: %s",
"%s: scf_pg_update() failed: %s",
goto destruction;
}
}
}
if (ret == 1)
rc = 0;
else if (ret != -2)
"%s: scf_transaction_commit(%s) failed: %s",
return (rc);
}
static int
{
return (FALSE);
return (FALSE);
}
return (TRUE);
}
static int
{
int i;
return (FALSE);
return (FALSE);
}
if (*value)
return (TRUE);
}
/*
* Returns 1 if SIGHUP has been received (see hup_handler elsewhere), 0
* otherwise. Uses an event port and a user-defined event.
*
* Note that port_get() does not update its timeout argument when EINTR,
* unlike nanosleep(). We probably don't care very much here because
* the only signals we expect are ones that will lead to idmapd dying or
* SIGHUP, and we intend for the latter to cause this function to
* return. But if we did care then we could always use a timer event
* (see timer_create(3RT)) and associate it with the same event port,
* then we could get accurate waiting regardless of EINTRs.
*/
static
int
{
int retries = 1;
/*
* If event port creation failed earlier and fails now then we
* simply don't learn about SIGHUPs in a timely fashion. No big
* deal
*/
return (0);
}
switch (errno) {
case EBADF:
case EBADFD:
hup_ev_port = -1;
break;
case EINVAL:
/*
* Shouldn't happen, except, perhaps, near the
* end of time
*/
if (retries-- > 0)
goto retry;
/* NOTREACHED */
break;
case EINTR:
if (!hupped)
goto retry;
break;
case ETIME:
/* Timeout */
break;
default:
/* EFAULT */
break;
}
}
/*
* We only have one event that we care about, a user event, so
* there's nothing to check or clean up about pe.
*
* If we get here it's either because we had a SIGHUP and a user
* event was sent to our port, or because the port_get() timed
* out (or even both!).
*/
if (hupped) {
int rc;
hupped = 0;
/*
* Blow away the ccache, we might have re-joined the
* domain or joined a new one
*/
/* HUP is the refresh method, so re-read SMF config */
if (rc == -2)
"idmapd: Various errors re-loading configuration "
"will cause AD lookups to fail");
if (rc == -1)
(void) idmapdlog(LOG_WARNING,
"idmapd: Various errors re-loading configuration "
"may cause AD lookups to fail");
return (1);
}
return (0);
}
void *
idmap_cfg_update_thread(void *arg)
{
int first = 1;
for (;;) {
if (first) {
ttl = 1;
first = 0;
} else {
}
if (ttl > MAX_CHECK_TIME)
if (ttl == -1) {
} else if (ttl > SUBNET_CHECK_TIME) {
/*
* We really ought to just monitor
* network interfaces with a PF_ROUTE
* socket... This crude method of
* discovering subnet changes will do
* for now. Though might even not want
* to bother: subnet changes leading to
* sitename changes ought never happen,
* and requiring a refresh when they do
* to be able to refresh us).
*/
if (wait_for_ttl(&delay)) {
/* Got SIGHUP, re-discover */
ttl = 0;
break;
}
ttl -= SUBNET_CHECK_TIME;
if (ad_disc_SubnetChanged(ad_ctx))
break;
} else {
if (wait_for_ttl(&delay))
ttl = 0;
}
}
/*
* Load configuration data into a private copy.
*
* The fixed values (i.e., from SMF) have already been
* set in AD auto discovery, so if all values have been
* set in SMF and they haven't been changed or the
* service been refreshed then the rest of this loop's
* body is one big no-op.
*/
"%s: unable to discover Default Domain", me);
}
"%s: unable to discover Domain Name", me);
}
"%s: unable to discover Domain Controller", me);
}
"%s: unable to discover Forest Name", me);
}
"%s: unable to discover Site Name", me);
}
"%s: unable to discover Global Catalog", me);
}
"domain and forest names nor domain controllers "
"and global catalog servers", me);
continue;
}
/*
* Update the live configuration
*/
}
/*
* If default_domain came from SMF then we must not
* auto-discover it.
*/
/*
* either the default domain or the global
* catalog server list changed.
*/
if (changed) {
(void) reload_ad();
}
}
/*NOTREACHED*/
return (NULL);
}
int
{
/* Don't check for failure -- see wait_for_ttl() */
hup_ev_port = port_create();
if (errno == 0)
return (0);
else
return (-1);
}
int
int discover)
{
int rc;
int errors = 0;
pgcfg->list_size_limit = 0;
rc = -2;
goto exit;
}
rc = -2;
goto exit;
}
if (rc != 0) {
pgcfg->list_size_limit = 0;
errors++;
}
&pgcfg->domain_name);
if (rc != 0)
errors++;
else
&pgcfg->default_domain);
if (rc != 0) {
/*
* SCF failures fetching config/default_domain we treat
* as fatal as they may leave ID mapping rules that
* match unqualified winnames flapping in the wind.
*/
rc = -2;
goto exit;
}
if (rc != 0)
errors++;
/*
* We treat default_domain as having been specified in SMF IFF
* either (the config/default_domain property was set) or (the
* old, obsolete, never documented config/mapping_domain
* property was set and the new config/domain_name property was
* not set).
*/
"%s: Ignoring obsolete, undocumented "
"config/mapping_domain property", me);
}
"%s: The config/mapping_domain property is "
"obsolete; support for it will be removed, "
"please use config/default_domain instead",
me);
}
}
if (rc != 0)
errors++;
/* If machine_sid not configured, generate one */
rc = -2;
goto exit;
}
pgcfg->machine_sid);
if (rc != 0)
errors++;
}
if (rc != 0)
errors++;
else
(void) ad_disc_set_DomainController(ad_ctx,
if (rc != 0)
errors++;
else
if (rc != 0)
errors++;
else
&pgcfg->global_catalog);
if (rc != 0)
errors++;
else
if (!discover)
goto exit;
/*
* Auto Discover the rest
*/
"%s: unable to discover Default Domain", me);
}
}
"%s: unable to discover Domain Name", me);
}
}
"%s: unable to discover Domain Controller", me);
}
}
"%s: unable to discover Forest Name", me);
}
}
"%s: unable to discover Site Name", me);
}
}
"%s: unable to discover Global Catalog", me);
}
}
exit:
if (rc == -2)
return (rc);
return ((errors == 0) ? 0 : -1);
}
/*
* Initialize 'cfg'.
*/
idmap_cfg_init() {
/* First the smf repository handles: */
if (!cfg) {
return (NULL);
}
goto error;
}
goto error;
}
goto error;
}
NULL, /* scope */
NULL, /* prop */
SCF_DECODE_FMRI_EXACT) < 0) {
goto error;
}
goto error;
}
/* Initialize AD Auto Discovery context */
goto error;
return (cfg);
(void) idmap_cfg_fini(cfg);
return (NULL);
}
void
if (pgcfg->default_domain) {
}
if (pgcfg->domain_name) {
}
if (pgcfg->machine_sid) {
}
if (pgcfg->domain_controller) {
}
if (pgcfg->forest_name) {
}
}
if (pgcfg->global_catalog) {
}
}
int
{
return (0);
}