c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * CDDL HEADER START
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * The contents of this file are subject to the terms of the
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Common Development and Distribution License (the "License").
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * You may not use this file except in compliance with the License.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * See the License for the specific language governing permissions
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * and limitations under the License.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * When distributing Covered Code, include this CDDL HEADER in each
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * If applicable, add the following below this CDDL HEADER, with the
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * fields enclosed by brackets "[]" replaced with your own identifying
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * information: Portions Copyright [yyyy] [name of copyright owner]
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * CDDL HEADER END
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Initialization routines
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw if (init_dbs() < 0) {
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw return (-1);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai degrade_svc(0, "fatal error while upgrading configuration");
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw /* Total failure */
349d5d8f2e43f7f425bc3d025dda555187160ab7nw degrade_svc(0, "fatal error while loading configuration");
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw if (rc != 0)
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw /* Partial failure */
71590c90e239661c113497da3ca8b7301dfbe24cnw idmapdlog(LOG_ERR, "Various errors occurred while loading "
71590c90e239661c113497da3ca8b7301dfbe24cnw "the configuration; check the logs");
0dcc71495bad040a0c83830efc85acf8d897350dnw /* Total failure */
0dcc71495bad040a0c83830efc85acf8d897350dnw return (rc);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright idmapdlog(LOG_DEBUG, "Initial configuration loaded");
c8e261054d98729a8718903716b9b8a512d8b693jp return (0);
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen idmap_trustedforest_t *trustfor = pgcfg->trusted_forests;
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen int num_trustfor = pgcfg->num_trusted_forests;
1ed6b69a5ca1ca3ee5e9a4931f74e2237c7e1c9fGordon Ross * ADS disabled, or no domain name specified.
1ed6b69a5ca1ca3ee5e9a4931f74e2237c7e1c9fGordon Ross * Not using adutils. (but still can use lsa)
349d5d8f2e43f7f425bc3d025dda555187160ab7nw * No GCs. Continue to use the previous AD config in case
349d5d8f2e43f7f425bc3d025dda555187160ab7nw * that's still good but auto-discovery had a transient failure.
349d5d8f2e43f7f425bc3d025dda555187160ab7nw * If that stops working we'll go into degraded mode anyways
349d5d8f2e43f7f425bc3d025dda555187160ab7nw * when it does.
349d5d8f2e43f7f425bc3d025dda555187160ab7nw "Global Catalog servers not configured/discoverable");
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai new_gcs = calloc(new_num_gcs, sizeof (adutils_ad_t *));
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen degrade_svc(0, "could not allocate AD context array "
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen "(out of memory)");
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai if (adutils_ad_alloc(&new_gcs[0], NULL, ADUTILS_AD_GLOBAL_CATALOG) !=
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen degrade_svc(0, "could not initialize AD context "
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen "(out of memory)");
c8e261054d98729a8718903716b9b8a512d8b693jp for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++) {
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen "(out of memory)");
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen for (i = 0; pgcfg->domains_in_forest[i].domain[0] != '\0';
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen "(out of memory)");
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen for (i = 0; i < num_trustfor; i++) {
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen ADUTILS_AD_GLOBAL_CATALOG) != ADUTILS_SUCCESS) {
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen degrade_svc(0, "could not initialize trusted AD "
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen "context (out of memory)");
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen for (j = 0; trustfor[i].global_catalog[j].host[0] != '\0';
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen "AD hosts (out of memory)");
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen for (j = 0; trustfor[i].domains_in_forest[j].domain[0] != '\0';
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen domain_in_forest = &trustfor[i].domains_in_forest[j];
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen /* Only add domains which are marked */
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen "AD domains (out of memory)");
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai for (i = 0; i < old_num_gcs; i++)
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai * NEEDSWORK: This should load entries for domain servers for all known
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai * domains - the joined domain, other domains in the forest, and trusted
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai * domains in other forests. However, we don't yet discover any DCs other
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai * than the DCs for the joined domain.
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai idmap_pg_config_t *pgcfg = &_idmapdstate.cfg->pgcfg;
1ed6b69a5ca1ca3ee5e9a4931f74e2237c7e1c9fGordon Ross * ADS disabled, or no domain name specified.
1ed6b69a5ca1ca3ee5e9a4931f74e2237c7e1c9fGordon Ross * Not using adutils. (but still can use lsa)
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai * No DCs. Continue to use the previous AD config in case
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai * that's still good but auto-discovery had a transient failure.
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai * If that stops working we'll go into degraded mode anyways
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai * when it does.
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai "Domain controller servers not configured/discoverable");
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai new_dcs = calloc(new_num_dcs, sizeof (adutils_ad_t *));
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai if (adutils_ad_alloc(&new_dcs[0], pgcfg->domain_name,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai for (i = 0; pgcfg->domain_controller[i].host[0] != '\0'; i++) {
46cf8a39beaa5f4ec8398951a61783ae0c508e04Jordan Brown * NEEDSWORK: All we need here is to add the domain and SID for
46cf8a39beaa5f4ec8398951a61783ae0c508e04Jordan Brown * this DC to the list of domains supported by this entry. Isn't
46cf8a39beaa5f4ec8398951a61783ae0c508e04Jordan Brown * there an easier way to find the SID than to walk through the list
46cf8a39beaa5f4ec8398951a61783ae0c508e04Jordan Brown * of all of the domains in the forest?
46cf8a39beaa5f4ec8398951a61783ae0c508e04Jordan Brown ad_disc_domainsinforest_t *dif = pgcfg->domains_in_forest;
46cf8a39beaa5f4ec8398951a61783ae0c508e04Jordan Brown if (domain_eq(pgcfg->domain_name, dif->domain)) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai for (i = 0; i < old_num_dcs; i++)
71590c90e239661c113497da3ca8b7301dfbe24cnw idmapdlog(LOG_DEBUG, "list_size_limit=%llu", pgcfg->list_size_limit);
71590c90e239661c113497da3ca8b7301dfbe24cnw idmapdlog(LOG_DEBUG, "domain_name=%s", CHECK_NULL(pgcfg->domain_name));
71590c90e239661c113497da3ca8b7301dfbe24cnw idmapdlog(LOG_DEBUG, "machine_sid=%s", CHECK_NULL(pgcfg->machine_sid));
c8e261054d98729a8718903716b9b8a512d8b693jp for (i = 0; pgcfg->domain_controller[i].host[0] != '\0'; i++)
71590c90e239661c113497da3ca8b7301dfbe24cnw idmapdlog(LOG_DEBUG, "forest_name=%s", CHECK_NULL(pgcfg->forest_name));
71590c90e239661c113497da3ca8b7301dfbe24cnw idmapdlog(LOG_DEBUG, "site_name=%s", CHECK_NULL(pgcfg->site_name));
c8e261054d98729a8718903716b9b8a512d8b693jp for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++)
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen pgcfg->domains_in_forest[0].domain[0] == '\0') {
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen idmapdlog(LOG_DEBUG, "No domains in forest %s known",
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen for (i = 0; pgcfg->domains_in_forest[i].domain[0] != '\0'; i++)
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen idmapdlog(LOG_DEBUG, "domains in forest %s = %s",
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen pgcfg->trusted_domains[0].domain[0] == '\0') {
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen idmapdlog(LOG_DEBUG, "No trusted domains known");
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen for (i = 0; pgcfg->trusted_domains[i].domain[0] != '\0'; i++)
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen for (i = 0; i < pgcfg->num_trusted_forests; i++) {
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen for (j = 0; tf->global_catalog[j].host[0] != '\0'; j++)
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen "trusted forest %s global_catalog=%s port=%d",
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen for (j = 0; tf->domains_in_forest[j].domain[0] != '\0'; j++) {
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen "trusted forest %s domain=%s",
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai idmapdlog(LOG_DEBUG, "directory_based_mapping=%s",
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai enum_lookup(pgcfg->directory_based_mapping, directory_mapping_map));
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw return (-1);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw if (rc == 0)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw return (-1);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw return (0);