diff options
| author | nw141292 <none@none> | 2008-02-14 14:28:33 -0800 |
|---|---|---|
| committer | nw141292 <none@none> | 2008-02-14 14:28:33 -0800 |
| commit | 71590c90e239661c113497da3ca8b7301dfbe24c (patch) | |
| tree | e2ddfabdf90104463dd86fa0cb54a431871fe821 /usr/src/cmd | |
| parent | 24292ef779c1060fa735368b7a0855a422f6eab8 (diff) | |
| download | illumos-joyent-71590c90e239661c113497da3ca8b7301dfbe24c.tar.gz | |
6659114 always logging to syslog and stderr is not useful
6659534 error messages for DB-related failures should name the DB
6660512 6657342 made idmapd open new LDAP conns too often
Diffstat (limited to 'usr/src/cmd')
| -rw-r--r-- | usr/src/cmd/idmap/idmapd/addisc.c | 59 | ||||
| -rw-r--r-- | usr/src/cmd/idmap/idmapd/adutils.c | 2 | ||||
| -rw-r--r-- | usr/src/cmd/idmap/idmapd/dbutils.c | 102 | ||||
| -rw-r--r-- | usr/src/cmd/idmap/idmapd/idmap_config.c | 194 | ||||
| -rw-r--r-- | usr/src/cmd/idmap/idmapd/idmapd.c | 156 | ||||
| -rw-r--r-- | usr/src/cmd/idmap/idmapd/idmapd.h | 10 | ||||
| -rw-r--r-- | usr/src/cmd/idmap/idmapd/init.c | 59 | ||||
| -rw-r--r-- | usr/src/cmd/idmap/idmapd/server.c | 50 |
8 files changed, 323 insertions, 309 deletions
diff --git a/usr/src/cmd/idmap/idmapd/addisc.c b/usr/src/cmd/idmap/idmapd/addisc.c index 5cf7d915cb..505f0efcef 100644 --- a/usr/src/cmd/idmap/idmapd/addisc.c +++ b/usr/src/cmd/idmap/idmapd/addisc.c @@ -120,8 +120,6 @@ #define GC_ALL_A_NAME_FSTR "gc._msdcs.%s." -#define me "idmapd" - enum ad_item_type { AD_TYPE_INVALID = 0, /* The value is not valid */ AD_TYPE_FIXED, /* The value was fixed by caller */ @@ -300,8 +298,8 @@ find_subnets() lifrp = &lifr; if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { - idmapdlog(LOG_ERR, "%s: Failed to open IPv4 socket for " - "listing network interfaces (%s)", me, strerror(errno)); + idmapdlog(LOG_ERR, "Failed to open IPv4 socket for " + "listing network interfaces (%s)", strerror(errno)); return (NULL); } @@ -309,14 +307,14 @@ find_subnets() lifn.lifn_flags = 0; if (ioctl(sock, SIOCGLIFNUM, (char *)&lifn) < 0) { idmapdlog(LOG_ERR, - "%s: Failed to find the number of network interfaces (%s)", - me, strerror(errno)); + "Failed to find the number of network interfaces (%s)", + strerror(errno)); close(sock); return (NULL); } if (lifn.lifn_count < 1) { - idmapdlog(LOG_ERR, "%s: No IPv4 network interfaces found", me); + idmapdlog(LOG_ERR, "No IPv4 network interfaces found"); close(sock); return (NULL); } @@ -327,14 +325,14 @@ find_subnets() lifc.lifc_buf = malloc(lifc.lifc_len); if (lifc.lifc_buf == NULL) { - idmapdlog(LOG_ERR, "%s: Out of memory", me); + idmapdlog(LOG_ERR, "Out of memory"); close(sock); return (NULL); } if (ioctl(sock, SIOCGLIFCONF, (char *)&lifc) < 0) { - idmapdlog(LOG_ERR, "%s: Failed to list network interfaces (%s)", - me, strerror(errno)); + idmapdlog(LOG_ERR, "Failed to list network interfaces (%s)", + strerror(errno)); free(lifc.lifc_buf); close(sock); return (NULL); @@ -618,18 +616,18 @@ srv_query(res_state state, const char *svc_name, const char *dname, msg.buf, sizeof (msg.buf)); } - idmapdlog(LOG_DEBUG, "%s: %sing DNS for SRV RRs named '%s'", me, + idmapdlog(LOG_DEBUG, "%sing DNS for SRV RRs named '%s'", query_type, svc_name); if (len < 0) { - idmapdlog(LOG_ERR, "%s: DNS %s for '%s' failed (%s)", me, + idmapdlog(LOG_ERR, "DNS %s for '%s' failed (%s)", query_type, svc_name, hstrerror(state->res_h_errno)); return (NULL); } if (len > sizeof (msg.buf)) { - idmapdlog(LOG_ERR, "%s: DNS query %ib message doesn't fit" + idmapdlog(LOG_ERR, "DNS query %ib message doesn't fit" " into %ib buffer", - me, len, sizeof (msg.buf)); + len, sizeof (msg.buf)); return (NULL); } @@ -642,8 +640,7 @@ srv_query(res_state state, const char *svc_name, const char *dname, for (cnt = qdcount; cnt > 0; --cnt) { if ((len = dn_skipname(ptr, eom)) < 0) { - idmapdlog(LOG_ERR, - "%s: DNS query invalid message format", me); + idmapdlog(LOG_ERR, "DNS query invalid message format"); return (NULL); } ptr += len + QFIXEDSZ; @@ -660,8 +657,7 @@ srv_query(res_state state, const char *svc_name, const char *dname, len = dn_expand(msg.buf, eom, ptr, namebuf, sizeof (namebuf)); if (len < 0) { - idmapdlog(LOG_ERR, - "%s: DNS query invalid message format", me); + idmapdlog(LOG_ERR, "DNS query invalid message format"); return (NULL); } if (rrname != NULL && *rrname == NULL) @@ -672,8 +668,7 @@ srv_query(res_state state, const char *svc_name, const char *dname, NS_GET32(rttl, ptr); NS_GET16(size, ptr); if ((end = ptr + size) > eom) { - idmapdlog(LOG_ERR, - "%s: DNS query invalid message format", me); + idmapdlog(LOG_ERR, "DNS query invalid message format"); return (NULL); } @@ -688,18 +683,16 @@ srv_query(res_state state, const char *svc_name, const char *dname, len = dn_expand(msg.buf, eom, ptr, srv->host, sizeof (srv->host)); if (len < 0) { - idmapdlog(LOG_ERR, "%s: DNS query invalid SRV record", - me); + idmapdlog(LOG_ERR, "DNS query invalid SRV record"); return (NULL); } if (rttl < *ttl) *ttl = rttl; - idmapdlog(LOG_DEBUG, - "%s: Found %s %d IN SRV [%d][%d] %s:%d", me, - namebuf, rttl, srv->priority, srv->weight, - srv->host, srv->port); + idmapdlog(LOG_DEBUG, "Found %s %d IN SRV [%d][%d] %s:%d", + namebuf, rttl, srv->priority, srv->weight, srv->host, + srv->port); /* 3. move ptr to the end of current record */ @@ -763,8 +756,8 @@ ldap_lookup_entry_attr(LDAP **ld, ad_disc_ds_t *domainControllers, *ld = ldap_init(domainControllers[i].host, domainControllers[i].port); if (*ld == NULL) { - idmapdlog(LOG_INFO, "%s: Couldn't connect to " - "AD DC %s:%d (%s)", me, + idmapdlog(LOG_INFO, "Couldn't connect to " + "AD DC %s:%d (%s)", domainControllers[i].host, domainControllers[i].port, strerror(errno)); @@ -791,8 +784,8 @@ ldap_lookup_entry_attr(LDAP **ld, ad_disc_ds_t *domainControllers, if (rc == LDAP_SUCCESS) break; - idmapdlog(LOG_INFO, "%s: LDAP SASL bind to %s:%d " - "failed (%s)", me, domainControllers[i].host, + idmapdlog(LOG_INFO, "LDAP SASL bind to %s:%d " + "failed (%s)", domainControllers[i].host, domainControllers[i].port, ldap_err2string(rc)); (void) ldap_unbind(*ld); *ld = NULL; @@ -800,9 +793,9 @@ ldap_lookup_entry_attr(LDAP **ld, ad_disc_ds_t *domainControllers, } if (*ld == NULL) { - idmapdlog(LOG_ERR, "%s: Couldn't open and SASL bind LDAP " + idmapdlog(LOG_NOTICE, "Couldn't open and SASL bind LDAP " "connections to any domain controllers; discovery of " - "some items will fail", me); + "some items will fail"); return (NULL); } @@ -953,7 +946,7 @@ validate_DomainName(ad_disc_t ctx) free(srvname); if (dname == NULL) { - idmapdlog(LOG_ERR, "%s: Out of memory", me); + idmapdlog(LOG_ERR, "Out of memory"); return; } diff --git a/usr/src/cmd/idmap/idmapd/adutils.c b/usr/src/cmd/idmap/idmapd/adutils.c index 53f4c37f9f..93b2389c9a 100644 --- a/usr/src/cmd/idmap/idmapd/adutils.c +++ b/usr/src/cmd/idmap/idmapd/adutils.c @@ -574,6 +574,8 @@ retry: * around the wrong number of times. */ for (;;) { + if (adh != NULL && adh->ld != NULL && !adh->dead) + break; if (adh == NULL || (adh = adh->next) == NULL) adh = host_head; if (adh->owner == ad) diff --git a/usr/src/cmd/idmap/idmapd/dbutils.c b/usr/src/cmd/idmap/idmapd/dbutils.c index 6a6c0718a0..fb00df1d7c 100644 --- a/usr/src/cmd/idmap/idmapd/dbutils.c +++ b/usr/src/cmd/idmap/idmapd/dbutils.c @@ -29,7 +29,6 @@ * Database related utility routines */ -#include <atomic.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -53,8 +52,6 @@ #include "nldaputils.h" -static int degraded = 0; /* whether the FMRI has been marked degraded */ - static idmap_retcode sql_compile_n_step_once(sqlite *, char *, sqlite_vm **, int *, int, const char ***); static idmap_retcode lookup_wksids_name2sid(const char *, char **, char **, @@ -178,77 +175,6 @@ idmap_get_tsd(void) return (tsd); } -static -const char * -get_fmri(void) -{ - static char *fmri = NULL; - static char buf[60]; - char *s; - - membar_consumer(); - s = fmri; - if (s != NULL && *s == '\0') - return (NULL); - else if (s != NULL) - return (s); - - if ((s = getenv("SMF_FMRI")) == NULL || strlen(s) >= sizeof (buf)) - buf[0] = '\0'; - else - (void) strlcpy(buf, s, sizeof (buf)); - - membar_producer(); - fmri = buf; - - return (get_fmri()); -} - -/* - * Wrappers for smf_degrade/restore_instance() - * - * smf_restore_instance() is too heavy duty to be calling every time we - * have a successful AD name<->SID lookup. - */ -void -degrade_svc(const char *reason) -{ - const char *fmri; - - /* - * If the config update thread is in a state where auto-discovery could - * be re-tried, then this will make it try it -- a sort of auto-refresh. - */ - idmap_cfg_poke_updates(); - - if ((fmri = get_fmri()) == NULL) - return; - - membar_consumer(); - if (degraded) - return; - membar_producer(); - degraded = 1; - (void) smf_degrade_instance(fmri, 0); - idmapdlog(LOG_ERR, "idmapd: Degraded operation (%s)", reason); -} - -void -restore_svc(void) -{ - const char *fmri; - - if ((fmri = get_fmri()) == NULL) - return; - - membar_consumer(); - if (!degraded) - return; - (void) smf_restore_instance(fmri); - membar_producer(); - degraded = 0; -} - /* * A simple wrapper around u8_textprep_str() that returns the Unicode * lower-case version of some string. The result must be freed. @@ -650,7 +576,7 @@ rollback: * Execute the given SQL statment without using any callbacks */ idmap_retcode -sql_exec_no_cb(sqlite *db, char *sql) +sql_exec_no_cb(sqlite *db, const char *dbname, char *sql) { char *errmsg = NULL; int r; @@ -660,8 +586,8 @@ sql_exec_no_cb(sqlite *db, char *sql) assert(r != SQLITE_LOCKED && r != SQLITE_BUSY); if (r != SQLITE_OK) { - idmapdlog(LOG_ERR, "Database error during %s (%s)", sql, - CHECK_NULL(errmsg)); + idmapdlog(LOG_ERR, "Database error on %s while executing %s " + "(%s)", dbname, sql, CHECK_NULL(errmsg)); retcode = idmapd_string2stat(errmsg); if (errmsg != NULL) sqlite_freemem(errmsg); @@ -750,7 +676,7 @@ out: * Generate and execute SQL statement for LIST RPC calls */ idmap_retcode -process_list_svc_sql(sqlite *db, char *sql, uint64_t limit, +process_list_svc_sql(sqlite *db, const char *dbname, char *sql, uint64_t limit, list_svc_cb cb, void *result) { list_cb_data_t cb_data; @@ -772,8 +698,8 @@ process_list_svc_sql(sqlite *db, char *sql, uint64_t limit, default: retcode = IDMAP_ERR_INTERNAL; - idmapdlog(LOG_ERR, "Database error during %s (%s)", sql, - CHECK_NULL(errmsg)); + idmapdlog(LOG_ERR, "Database error on %s while executing " + "%s (%s)", dbname, sql, CHECK_NULL(errmsg)); break; } if (errmsg != NULL) @@ -987,7 +913,7 @@ add_namerule(sqlite *db, idmap_namerule *rule) goto out; } - retcode = sql_exec_no_cb(db, sql); + retcode = sql_exec_no_cb(db, IDMAP_DBNAME, sql); if (retcode == IDMAP_ERR_OTHER) retcode = IDMAP_ERR_CFG; @@ -1006,7 +932,7 @@ flush_namerules(sqlite *db) { idmap_stat retcode; - retcode = sql_exec_no_cb(db, "DELETE FROM namerules;"); + retcode = sql_exec_no_cb(db, IDMAP_DBNAME, "DELETE FROM namerules;"); return (retcode); } @@ -1052,7 +978,7 @@ rm_namerule(sqlite *db, idmap_namerule *rule) } - retcode = sql_exec_no_cb(db, sql); + retcode = sql_exec_no_cb(db, IDMAP_DBNAME, sql); out: if (expr != NULL) @@ -2827,7 +2753,7 @@ update_cache_pid2sid(lookup_state_t *state, sqlite *cache, goto out; } - retcode = sql_exec_no_cb(cache, sql); + retcode = sql_exec_no_cb(cache, IDMAP_CACHENAME, sql); if (retcode != IDMAP_SUCCESS) goto out; @@ -2855,7 +2781,7 @@ update_cache_pid2sid(lookup_state_t *state, sqlite *cache, goto out; } - retcode = sql_exec_no_cb(cache, sql); + retcode = sql_exec_no_cb(cache, IDMAP_CACHENAME, sql); out: if (sql != NULL) @@ -2900,7 +2826,7 @@ update_cache_sid2pid(lookup_state_t *state, sqlite *cache, goto out; } - retcode = sql_exec_no_cb(cache, sql); + retcode = sql_exec_no_cb(cache, IDMAP_CACHENAME, sql); if (retcode != IDMAP_SUCCESS) goto out; @@ -2928,7 +2854,7 @@ update_cache_sid2pid(lookup_state_t *state, sqlite *cache, goto out; } - retcode = sql_exec_no_cb(cache, sql); + retcode = sql_exec_no_cb(cache, IDMAP_CACHENAME, sql); if (retcode != IDMAP_SUCCESS) goto out; @@ -2956,7 +2882,7 @@ update_cache_sid2pid(lookup_state_t *state, sqlite *cache, goto out; } - retcode = sql_exec_no_cb(cache, sql); + retcode = sql_exec_no_cb(cache, IDMAP_CACHENAME, sql); out: if (sql != NULL) diff --git a/usr/src/cmd/idmap/idmapd/idmap_config.c b/usr/src/cmd/idmap/idmapd/idmap_config.c index 649662c8f0..1537d6e35a 100644 --- a/usr/src/cmd/idmap/idmapd/idmap_config.c +++ b/usr/src/cmd/idmap/idmapd/idmap_config.c @@ -53,9 +53,6 @@ /*LINTLIBRARY*/ -static const char *me = "idmapd"; - - static pthread_t update_thread_handle = 0; static int idmapd_ev_port = -1; @@ -78,7 +75,7 @@ generate_machine_sid(char **machine_sid) *machine_sid = calloc(1, MACHINE_SID_LEN); if (*machine_sid == NULL) { - idmapdlog(LOG_ERR, "%s: Out of memory", me); + idmapdlog(LOG_ERR, "Out of memory"); return (-1); } (void) strcpy(*machine_sid, "S-1-5-21"); @@ -100,6 +97,23 @@ generate_machine_sid(char **machine_sid) return (0); } +static bool_t +prop_exists(idmap_cfg_handles_t *handles, char *name) +{ + bool_t exists = FALSE; + + scf_property_t *scf_prop = scf_property_create(handles->main); + scf_value_t *value = scf_value_create(handles->main); + + if (scf_pg_get_property(handles->config_pg, name, scf_prop) == 0) + exists = TRUE; + + scf_value_destroy(value); + scf_property_destroy(scf_prop); + + return (exists); +} + /* Check if in the case of failure the original value of *val is preserved */ static int get_val_int(idmap_cfg_handles_t *handles, char *name, @@ -130,8 +144,8 @@ get_val_int(idmap_cfg_handles_t *handles, char *name, rc = scf_value_get_integer(value, val); break; default: - idmapdlog(LOG_ERR, "%s: Invalid scf integer type (%d)", - me, type); + idmapdlog(LOG_ERR, "Invalid scf integer type (%d)", + type); rc = -1; break; } @@ -164,7 +178,7 @@ scf_value2string(scf_value_t *value) buf_size *= 2; buf = (char *)realloc(buf, buf_size * sizeof (char)); if (!buf) { - idmapdlog(LOG_ERR, "%s: Out of memory", me); + idmapdlog(LOG_ERR, "Out of memory"); rc = -1; goto destruction; } @@ -212,8 +226,8 @@ restart: if (scf_iter_property_values(iter, scf_prop) < 0) { idmapdlog(LOG_ERR, - "%s: scf_iter_property_values(%s) failed: %s", - me, name, scf_strerror(scf_error())); + "scf_iter_property_values(%s) failed: %s", + name, scf_strerror(scf_error())); goto destruction; } @@ -235,7 +249,7 @@ restart: } if ((servers = calloc(count + 1, sizeof (*servers))) == NULL) { - idmapdlog(LOG_ERR, "%s: Out of memory", me); + idmapdlog(LOG_ERR, "Out of memory"); goto destruction; } @@ -299,8 +313,8 @@ get_val_astring(idmap_cfg_handles_t *handles, char *name, char **val) if (scf_property_get_value(scf_prop, value) < 0) { idmapdlog(LOG_ERR, - "%s: scf_property_get_value(%s) failed: %s", - me, name, scf_strerror(scf_error())); + "scf_property_get_value(%s) failed: %s", + name, scf_strerror(scf_error())); rc = -1; goto destruction; } @@ -337,38 +351,38 @@ set_val_astring(idmap_cfg_handles_t *handles, char *name, const char *val) (value = scf_value_create(handles->main)) == NULL || (tx = scf_transaction_create(handles->main)) == NULL || (ent = scf_entry_create(handles->main)) == NULL) { - idmapdlog(LOG_ERR, "%s: Unable to set property %s: %s", - me, name, scf_strerror(scf_error())); + idmapdlog(LOG_ERR, "Unable to set property %s", + name, scf_strerror(scf_error())); goto destruction; } for (i = 0; i < MAX_TRIES && (ret == -2 || ret == 0); i++) { if (scf_transaction_start(tx, handles->config_pg) == -1) { idmapdlog(LOG_ERR, - "%s: scf_transaction_start(%s) failed: %s", - me, name, scf_strerror(scf_error())); + "scf_transaction_start(%s) failed: %s", + name, scf_strerror(scf_error())); goto destruction; } if (scf_transaction_property_new(tx, ent, name, SCF_TYPE_ASTRING) < 0) { idmapdlog(LOG_ERR, - "%s: scf_transaction_property_new() failed: %s", - me, scf_strerror(scf_error())); + "scf_transaction_property_new() failed: %s", + scf_strerror(scf_error())); goto destruction; } if (scf_value_set_astring(value, val) == -1) { idmapdlog(LOG_ERR, - "%s: scf_value_set_astring() failed: %s", - me, scf_strerror(scf_error())); + "scf_value_set_astring() failed: %s", + scf_strerror(scf_error())); goto destruction; } if (scf_entry_add_value(ent, value) == -1) { idmapdlog(LOG_ERR, - "%s: scf_entry_add_value() failed: %s", - me, scf_strerror(scf_error())); + "scf_entry_add_value() failed: %s", + scf_strerror(scf_error())); goto destruction; } @@ -382,12 +396,12 @@ set_val_astring(idmap_cfg_handles_t *handles, char *name, const char *val) * retry tx. */ idmapdlog(LOG_WARNING, - "%s: scf_transaction_commit(%s) failed - Retry: %s", - me, name, scf_strerror(scf_error())); + "scf_transaction_commit(%s) failed - Retry: %s", + name, scf_strerror(scf_error())); if (scf_pg_update(handles->config_pg) == -1) { idmapdlog(LOG_ERR, - "%s: scf_pg_update() failed: %s", - me, scf_strerror(scf_error())); + "scf_pg_update() failed: %s", + scf_strerror(scf_error())); goto destruction; } scf_transaction_reset(tx); @@ -399,8 +413,8 @@ set_val_astring(idmap_cfg_handles_t *handles, char *name, const char *val) rc = 0; else if (ret != -2) idmapdlog(LOG_ERR, - "%s: scf_transaction_commit(%s) failed: %s", - me, name, scf_strerror(scf_error())); + "scf_transaction_commit(%s) failed: %s", + name, scf_strerror(scf_error())); destruction: scf_value_destroy(value); @@ -422,7 +436,7 @@ update_value(char **value, char **new, char *name) return (FALSE); } - idmapdlog(LOG_INFO, "%s: change %s=%s", me, name, CHECK_NULL(*new)); + idmapdlog(LOG_INFO, "change %s=%s", name, CHECK_NULL(*new)); if (*value != NULL) free(*value); *value = *new; @@ -454,13 +468,13 @@ update_dirs(ad_disc_ds_t **value, ad_disc_ds_t **new, char *name) if (*value == NULL) { /* We're unsetting this DS property */ - idmapdlog(LOG_INFO, "%s: change %s=<none>", me, name); + idmapdlog(LOG_INFO, "change %s=<none>", name); return (TRUE); } /* List all the new DSs */ for (i = 0; (*value)[i].host[0] != '\0'; i++) - idmapdlog(LOG_INFO, "%s: change %s=%s port=%d", me, name, + idmapdlog(LOG_INFO, "change %s=%s port=%d", name, (*value)[i].host, (*value)[i].port); return (TRUE); } @@ -568,18 +582,18 @@ retry: */ (void) unlink(IDMAP_CACHEDIR "/ccache"); /* HUP is the refresh method, so re-read SMF config */ - (void) idmapdlog(LOG_INFO, "idmapd: SMF refresh"); + (void) idmapdlog(LOG_INFO, "SMF refresh"); WRLOCK_CONFIG(); (void) idmap_cfg_unload(&_idmapdstate.cfg->pgcfg); rc = idmap_cfg_load(&_idmapdstate.cfg->handles, &_idmapdstate.cfg->pgcfg, 1); if (rc < -1) (void) idmapdlog(LOG_ERR, - "idmapd: Various errors re-loading configuration " + "Various errors re-loading configuration " "will cause AD lookups to fail"); else if (rc == -1) (void) idmapdlog(LOG_WARNING, - "idmapd: Various errors re-loading configuration " + "Various errors re-loading configuration " "may cause AD lookups to fail"); UNLOCK_CONFIG(); return (TRUE); @@ -632,34 +646,34 @@ idmap_cfg_update_thread(void *arg) new_cfg.default_domain = ad_disc_get_DomainName(ad_ctx); if (new_cfg.default_domain == NULL) idmapdlog(LOG_INFO, - "%s: unable to discover Default Domain", me); + "unable to discover Default Domain"); new_cfg.domain_name = ad_disc_get_DomainName(ad_ctx); if (new_cfg.domain_name == NULL) idmapdlog(LOG_INFO, - "%s: unable to discover Domain Name", me); + "unable to discover Domain Name"); new_cfg.domain_controller = ad_disc_get_DomainController(ad_ctx, AD_DISC_PREFER_SITE); if (new_cfg.domain_controller == NULL) idmapdlog(LOG_INFO, - "%s: unable to discover Domain Controller", me); + "unable to discover Domain Controller"); new_cfg.forest_name = ad_disc_get_ForestName(ad_ctx); if (new_cfg.forest_name == NULL) idmapdlog(LOG_INFO, - "%s: unable to discover Forest Name", me); + "unable to discover Forest Name"); new_cfg.site_name = ad_disc_get_SiteName(ad_ctx); if (new_cfg.site_name == NULL) idmapdlog(LOG_INFO, - "%s: unable to discover Site Name", me); + "unable to discover Site Name"); new_cfg.global_catalog = ad_disc_get_GlobalCatalog(ad_ctx, AD_DISC_PREFER_SITE); if (new_cfg.global_catalog == NULL) { idmapdlog(LOG_INFO, - "%s: unable to discover Global Catalog", me); + "unable to discover Global Catalog"); poke_is_interesting = 1; } else { poke_is_interesting = 0; @@ -670,9 +684,9 @@ idmap_cfg_update_thread(void *arg) new_cfg.domain_controller == NULL && new_cfg.forest_name == NULL && new_cfg.global_catalog == NULL) { - idmapdlog(LOG_NOTICE, "%s: Could not auto-discover AD " + idmapdlog(LOG_NOTICE, "Could not auto-discover AD " "domain and forest names nor domain controllers " - "and global catalog servers", me); + "and global catalog servers"); } /* @@ -681,7 +695,7 @@ idmap_cfg_update_thread(void *arg) WRLOCK_CONFIG(); if (live_cfg->list_size_limit != new_cfg.list_size_limit) { - idmapdlog(LOG_INFO, "%s: change list_size=%d", me, + idmapdlog(LOG_INFO, "change list_size=%d", new_cfg.list_size_limit); live_cfg->list_size_limit = new_cfg.list_size_limit; } @@ -740,24 +754,22 @@ idmap_cfg_update_thread(void *arg) int idmap_cfg_start_updates(void) { - const char *me = "idmap_cfg_start_updates"; - if ((idmapd_ev_port = port_create()) < 0) { - idmapdlog(LOG_ERR, "%s: Failed to create event port: %s", - me, strerror(errno)); + idmapdlog(LOG_ERR, "Failed to create event port: %s", + strerror(errno)); return (-1); } if ((rt_sock = socket(PF_ROUTE, SOCK_RAW, 0)) < 0) { - idmapdlog(LOG_ERR, "%s: Failed to open routing socket: %s", - me, strerror(errno)); + idmapdlog(LOG_ERR, "Failed to open routing socket: %s", + strerror(errno)); (void) close(idmapd_ev_port); return (-1); } if (fcntl(rt_sock, F_SETFL, O_NDELAY|O_NONBLOCK) < 0) { - idmapdlog(LOG_ERR, "%s: Failed to set routing socket flags: %s", - me, strerror(errno)); + idmapdlog(LOG_ERR, "Failed to set routing socket flags: %s", + strerror(errno)); (void) close(rt_sock); (void) close(idmapd_ev_port); return (-1); @@ -765,8 +777,8 @@ idmap_cfg_start_updates(void) if (port_associate(idmapd_ev_port, PORT_SOURCE_FD, rt_sock, POLLIN, NULL) != 0) { - idmapdlog(LOG_ERR, "%s: Failed to associate the routing " - "socket with the event port: %s", me, strerror(errno)); + idmapdlog(LOG_ERR, "Failed to associate the routing " + "socket with the event port: %s", strerror(errno)); (void) close(rt_sock); (void) close(idmapd_ev_port); return (-1); @@ -774,8 +786,8 @@ idmap_cfg_start_updates(void) if ((errno = pthread_create(&update_thread_handle, NULL, idmap_cfg_update_thread, NULL)) != 0) { - idmapdlog(LOG_ERR, "%s: Failed to start update thread: %s", - me, strerror(errno)); + idmapdlog(LOG_ERR, "Failed to start update thread: %s", + strerror(errno)); (void) port_dissociate(idmapd_ev_port, PORT_SOURCE_FD, rt_sock); (void) close(rt_sock); (void) close(idmapd_ev_port); @@ -794,6 +806,7 @@ idmap_cfg_load(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg, int errors = 0; uint8_t bool_val; char *str = NULL; + bool_t new_debug_mode; ad_disc_t ad_ctx = handles->ad_ctx; pgcfg->list_size_limit = 0; @@ -814,19 +827,30 @@ idmap_cfg_load(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg, ad_disc_refresh(handles->ad_ctx); if (scf_pg_update(handles->config_pg) < 0) { - idmapdlog(LOG_ERR, "%s: scf_pg_update() failed: %s", - me, scf_strerror(scf_error())); + idmapdlog(LOG_ERR, "scf_pg_update() failed: %s", + scf_strerror(scf_error())); rc = -2; goto exit; } if (scf_pg_update(handles->general_pg) < 0) { - idmapdlog(LOG_ERR, "%s: scf_pg_update() failed: %s", - me, scf_strerror(scf_error())); + idmapdlog(LOG_ERR, "scf_pg_update() failed: %s", + scf_strerror(scf_error())); rc = -2; goto exit; } + new_debug_mode = prop_exists(handles, "debug"); + if (_idmapdstate.debug_mode != new_debug_mode) { + if (_idmapdstate.debug_mode == FALSE) { + _idmapdstate.debug_mode = new_debug_mode; + idmapdlog(LOG_DEBUG, "debug mode enabled"); + } else { + idmapdlog(LOG_DEBUG, "debug mode disabled"); + _idmapdstate.debug_mode = new_debug_mode; + } + } + rc = get_val_int(handles, "list_size_limit", &pgcfg->list_size_limit, SCF_TYPE_COUNT); if (rc != 0) { @@ -873,17 +897,16 @@ idmap_cfg_load(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg, pgcfg->default_domain = strdup(pgcfg->domain_name); if (str != NULL) { idmapdlog(LOG_WARNING, - "%s: Ignoring obsolete, undocumented " - "config/mapping_domain property", me); + "Ignoring obsolete, undocumented " + "config/mapping_domain property"); } } else if (str != NULL) { pgcfg->default_domain = strdup(str); pgcfg->dflt_dom_set_in_smf = TRUE; idmapdlog(LOG_WARNING, - "%s: The config/mapping_domain property is " + "The config/mapping_domain property is " "obsolete; support for it will be removed, " - "please use config/default_domain instead", - me); + "please use config/default_domain instead"); } } @@ -968,10 +991,9 @@ idmap_cfg_load(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg, if (pgcfg->nldap_winname_attr != NULL) { idmapdlog(LOG_ERR, - "%s: native LDAP based name mapping not supported " + "native LDAP based name mapping not supported " "at this time. Please unset " - "config/nldap_winname_attr and restart idmapd.", - me); + "config/nldap_winname_attr and restart idmapd."); rc = -3; goto exit; } @@ -979,11 +1001,11 @@ idmap_cfg_load(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg, if (pgcfg->ad_unixuser_attr == NULL && pgcfg->ad_unixgroup_attr == NULL) { idmapdlog(LOG_ERR, - "%s: If config/ds_name_mapping_enabled property " + "If config/ds_name_mapping_enabled property " "is set to true then atleast one of the following " "name mapping attributes must be specified. " "(config/ad_unixuser_attr OR " - "config/ad_unixgroup_attr)", me); + "config/ad_unixgroup_attr)"); rc = -3; goto exit; } @@ -1000,7 +1022,7 @@ idmap_cfg_load(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg, pgcfg->default_domain = ad_disc_get_DomainName(ad_ctx); if (pgcfg->default_domain == NULL) { idmapdlog(LOG_INFO, - "%s: unable to discover Default Domain", me); + "unable to discover Default Domain"); } } @@ -1008,7 +1030,7 @@ idmap_cfg_load(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg, pgcfg->domain_name = ad_disc_get_DomainName(ad_ctx); if (pgcfg->domain_name == NULL) { idmapdlog(LOG_INFO, - "%s: unable to discover Domain Name", me); + "unable to discover Domain Name"); } } @@ -1017,7 +1039,7 @@ idmap_cfg_load(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg, ad_disc_get_DomainController(ad_ctx, AD_DISC_PREFER_SITE); if (pgcfg->domain_controller == NULL) { idmapdlog(LOG_INFO, - "%s: unable to discover Domain Controller", me); + "unable to discover Domain Controller"); } } @@ -1025,7 +1047,7 @@ idmap_cfg_load(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg, pgcfg->forest_name = ad_disc_get_ForestName(ad_ctx); if (pgcfg->forest_name == NULL) { idmapdlog(LOG_INFO, - "%s: unable to discover Forest Name", me); + "unable to discover Forest Name"); } } @@ -1033,7 +1055,7 @@ idmap_cfg_load(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg, pgcfg->site_name = ad_disc_get_SiteName(ad_ctx); if (pgcfg->site_name == NULL) { idmapdlog(LOG_INFO, - "%s: unable to discover Site Name", me); + "unable to discover Site Name"); } } @@ -1042,7 +1064,7 @@ idmap_cfg_load(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg, ad_disc_get_GlobalCatalog(ad_ctx, AD_DISC_PREFER_SITE); if (pgcfg->global_catalog == NULL) { idmapdlog(LOG_INFO, - "%s: unable to discover Global Catalog", me); + "unable to discover Global Catalog"); } } @@ -1066,7 +1088,7 @@ idmap_cfg_init() /* First the smf repository handles: */ idmap_cfg_t *cfg = calloc(1, sizeof (idmap_cfg_t)); if (!cfg) { - idmapdlog(LOG_ERR, "%s: Out of memory", me); + idmapdlog(LOG_ERR, "Out of memory"); return (NULL); } handles = &cfg->handles; @@ -1074,14 +1096,14 @@ idmap_cfg_init() (void) pthread_mutex_init(&handles->mutex, NULL); if (!(handles->main = scf_handle_create(SCF_VERSION))) { - idmapdlog(LOG_ERR, "%s: scf_handle_create() failed: %s", - me, scf_strerror(scf_error())); + idmapdlog(LOG_ERR, "scf_handle_create() failed: %s", + scf_strerror(scf_error())); goto error; } if (scf_handle_bind(handles->main) < 0) { - idmapdlog(LOG_ERR, "%s: scf_handle_bind() failed: %s", - me, scf_strerror(scf_error())); + idmapdlog(LOG_ERR, "scf_handle_bind() failed: %s", + scf_strerror(scf_error())); goto error; } @@ -1089,8 +1111,8 @@ idmap_cfg_init() !(handles->instance = scf_instance_create(handles->main)) || !(handles->config_pg = scf_pg_create(handles->main)) || !(handles->general_pg = scf_pg_create(handles->main))) { - idmapdlog(LOG_ERR, "%s: scf handle creation failed: %s", - me, scf_strerror(scf_error())); + idmapdlog(LOG_ERR, "scf handle creation failed: %s", + scf_strerror(scf_error())); goto error; } @@ -1102,15 +1124,15 @@ idmap_cfg_init() handles->config_pg, /* pg */ NULL, /* prop */ SCF_DECODE_FMRI_EXACT) < 0) { - idmapdlog(LOG_ERR, "%s: scf_handle_decode_fmri() failed: %s", - me, scf_strerror(scf_error())); + idmapdlog(LOG_ERR, "scf_handle_decode_fmri() failed: %s", + scf_strerror(scf_error())); goto error; } if (scf_service_get_pg(handles->service, GENERAL_PG, handles->general_pg) < 0) { - idmapdlog(LOG_ERR, "%s: scf_service_get_pg() failed: %s", - me, scf_strerror(scf_error())); + idmapdlog(LOG_ERR, "scf_service_get_pg() failed: %s", + scf_strerror(scf_error())); goto error; } diff --git a/usr/src/cmd/idmap/idmapd/idmapd.c b/usr/src/cmd/idmap/idmapd/idmapd.c index 98407ac1a1..ac58ec4f98 100644 --- a/usr/src/cmd/idmap/idmapd/idmapd.c +++ b/usr/src/cmd/idmap/idmapd/idmapd.c @@ -30,6 +30,7 @@ */ #include "idmapd.h" +#include <atomic.h> #include <signal.h> #include <rpc/pmap_clnt.h> /* for pmap_unset */ #include <string.h> /* strcmp */ @@ -59,10 +60,6 @@ static void term_handler(int); static void init_idmapd(); static void fini_idmapd(); -#ifndef SIG_PF -#define SIG_PF void(*)(int) -#endif - #define _RPCSVC_CLOSEDOWN 120 int _rpcsvcstate = _IDLE; /* Set when a request is serviced */ @@ -73,10 +70,7 @@ idmapd_state_t _idmapdstate; SVCXPRT *xprt = NULL; static int dfd = -1; /* our door server fildes, for unregistration */ - -#ifdef DEBUG -#define RPC_SVC_FG -#endif +static int degraded = 0; /* whether the FMRI has been marked degraded */ /* * This is needed for mech_krb5 -- we run as daemon, yes, but we want @@ -112,11 +106,22 @@ app_krb5_user_uid(void) static void term_handler(int sig) { - (void) idmapdlog(LOG_INFO, "idmapd: Terminating."); + idmapdlog(LOG_INFO, "Terminating."); fini_idmapd(); _exit(0); } +/*ARGSUSED*/ +static void +usr1_handler(int sig) +{ + bool_t saved_debug_mode = _idmapdstate.debug_mode; + + _idmapdstate.debug_mode = TRUE; + print_idmapdstate(); + _idmapdstate.debug_mode = saved_debug_mode; +} + static int pipe_fd = -1; static void @@ -174,7 +179,6 @@ daemonize_start(void) (void) setsid(); (void) umask(0077); openlog("idmap", LOG_PID, LOG_DAEMON); - _idmapdstate.daemon_mode = TRUE; return (0); } @@ -183,18 +187,17 @@ int main(int argc, char **argv) { int c; -#ifdef RPC_SVC_FG - bool_t daemonize = FALSE; -#else - bool_t daemonize = TRUE; -#endif - while ((c = getopt(argc, argv, "d")) != EOF) { + _idmapdstate.daemon_mode = TRUE; + _idmapdstate.debug_mode = FALSE; + while ((c = getopt(argc, argv, "d")) != -1) { switch (c) { case 'd': - daemonize = FALSE; + _idmapdstate.daemon_mode = FALSE; break; default: + fprintf(stderr, "Usage: /usr/lib/idmapd"); + return (SMF_EXIT_ERR_CONFIG); break; } } @@ -204,17 +207,17 @@ main(int argc, char **argv) (void) textdomain(TEXT_DOMAIN); if (is_system_labeled() && getzoneid() != GLOBAL_ZONEID) { - (void) idmapdlog(LOG_ERR, - "idmapd: with Trusted Extensions idmapd runs only in the " + idmapdlog(LOG_ERR, + "with Trusted Extensions idmapd runs only in the " "global zone"); exit(1); } (void) mutex_init(&_svcstate_lock, USYNC_THREAD, NULL); - if (daemonize == TRUE) { + if (_idmapdstate.daemon_mode == TRUE) { if (daemonize_start() < 0) { - (void) perror("idmapd: unable to daemonize"); + (void) idmapdlog(LOG_ERR, "unable to daemonize"); exit(-1); } } else @@ -226,20 +229,21 @@ main(int argc, char **argv) /* signal handlers that should run only after we're initialized */ (void) sigset(SIGTERM, term_handler); + (void) sigset(SIGUSR1, usr1_handler); (void) sigset(SIGHUP, idmap_cfg_hup_handler); if (__init_daemon_priv(PU_RESETGROUPS|PU_CLEARLIMITSET, DAEMON_UID, DAEMON_GID, PRIV_PROC_AUDIT, PRIV_FILE_DAC_READ, (char *)NULL) == -1) { - (void) idmapdlog(LOG_ERR, "idmapd: unable to drop privileges"); + idmapdlog(LOG_ERR, "unable to drop privileges"); exit(1); } __fini_daemon_priv(PRIV_PROC_FORK, PRIV_PROC_EXEC, PRIV_PROC_SESSION, PRIV_FILE_LINK_ANY, PRIV_PROC_INFO, (char *)NULL); - if (daemonize == TRUE) + if (_idmapdstate.daemon_mode == TRUE) daemonize_ready(); /* With doors RPC this just wastes this thread, oh well */ @@ -267,44 +271,38 @@ init_idmapd() (void) unlink(IDMAP_CACHEDIR "/ccache"); putenv("KRB5CCNAME=" IDMAP_CACHEDIR "/ccache"); - memset(&_idmapdstate, 0, sizeof (_idmapdstate)); - if (sysinfo(SI_HOSTNAME, _idmapdstate.hostname, sizeof (_idmapdstate.hostname)) == -1) { error = errno; - idmapdlog(LOG_ERR, - "idmapd: unable to determine hostname, error: %d", + idmapdlog(LOG_ERR, "unable to determine hostname, error: %d", error); exit(1); } if ((error = init_mapping_system()) < 0) { - idmapdlog(LOG_ERR, - "idmapd: unable to initialize mapping system"); + idmapdlog(LOG_ERR, "unable to initialize mapping system"); exit(error < -2 ? SMF_EXIT_ERR_CONFIG : 1); } xprt = svc_door_create(idmap_prog_1, IDMAP_PROG, IDMAP_V1, connmaxrec); if (xprt == NULL) { - idmapdlog(LOG_ERR, - "idmapd: unable to create door RPC service"); + idmapdlog(LOG_ERR, "unable to create door RPC service"); goto errout; } if (!svc_control(xprt, SVCSET_CONNMAXREC, &connmaxrec)) { - idmapdlog(LOG_ERR, - "idmapd: unable to limit RPC request size"); + idmapdlog(LOG_ERR, "unable to limit RPC request size"); goto errout; } dfd = xprt->xp_fd; if (dfd == -1) { - idmapdlog(LOG_ERR, "idmapd: unable to register door"); + idmapdlog(LOG_ERR, "unable to register door"); goto errout; } if ((error = idmap_reg(dfd)) != 0) { - idmapdlog(LOG_ERR, "idmapd: unable to register door (%s)", + idmapdlog(LOG_ERR, "unable to register door (%s)", strerror(errno)); goto errout; } @@ -312,8 +310,8 @@ init_idmapd() if ((error = allocids(_idmapdstate.new_eph_db, 8192, &_idmapdstate.next_uid, 8192, &_idmapdstate.next_gid)) != 0) { - idmapdlog(LOG_ERR, "idmapd: unable to allocate ephemeral IDs " - "(%s)", strerror(errno)); + idmapdlog(LOG_ERR, "unable to allocate ephemeral IDs (%s)", + strerror(errno)); _idmapdstate.next_uid = _idmapdstate.limit_uid = SENTINEL_PID; _idmapdstate.next_gid = _idmapdstate.limit_gid = SENTINEL_PID; } else { @@ -339,16 +337,98 @@ fini_idmapd() svc_destroy(xprt); } +static +const char * +get_fmri(void) +{ + static char *fmri = NULL; + static char buf[60]; + char *s; + + membar_consumer(); + s = fmri; + if (s != NULL && *s == '\0') + return (NULL); + else if (s != NULL) + return (s); + + if ((s = getenv("SMF_FMRI")) == NULL || strlen(s) >= sizeof (buf)) + buf[0] = '\0'; + else + (void) strlcpy(buf, s, sizeof (buf)); + + membar_producer(); + fmri = buf; + + return (get_fmri()); +} + +/* + * Wrappers for smf_degrade/restore_instance() + * + * smf_restore_instance() is too heavy duty to be calling every time we + * have a successful AD name<->SID lookup. + */ +void +degrade_svc(const char *reason) +{ + const char *fmri; + + /* + * If the config update thread is in a state where auto-discovery could + * be re-tried, then this will make it try it -- a sort of auto-refresh. + */ + idmap_cfg_poke_updates(); + + membar_consumer(); + if (degraded) + return; + membar_producer(); + degraded = 1; + + if ((fmri = get_fmri()) != NULL) + (void) smf_degrade_instance(fmri, 0); + + idmapdlog(LOG_ERR, "Degraded operation (%s)", reason); +} + +void +restore_svc(void) +{ + const char *fmri; + + membar_consumer(); + if (!degraded) + return; + + if ((fmri = get_fmri()) == NULL) + (void) smf_restore_instance(fmri); + + membar_producer(); + degraded = 0; + idmapdlog(LOG_INFO, "Normal operation restored"); +} + void idmapdlog(int pri, const char *format, ...) { va_list args; va_start(args, format); - if (_idmapdstate.daemon_mode == FALSE) { + + if (_idmapdstate.debug_mode == TRUE || + _idmapdstate.daemon_mode == FALSE) { (void) vfprintf(stderr, format, args); (void) fprintf(stderr, "\n"); } + + /* + * We don't want to fill up the logs with useless messages when + * we're degraded, but we still want to log. + */ + if (degraded) + pri = LOG_DEBUG; + (void) vsyslog(pri, format, args); va_end(args); } diff --git a/usr/src/cmd/idmap/idmapd/idmapd.h b/usr/src/cmd/idmap/idmapd/idmapd.h index f39c028d3f..1c050a3415 100644 --- a/usr/src/cmd/idmap/idmapd/idmapd.h +++ b/usr/src/cmd/idmap/idmapd/idmapd.h @@ -73,7 +73,8 @@ typedef enum idmap_namemap_mode { typedef struct idmapd_state { rwlock_t rwlk_cfg; /* config lock */ idmap_cfg_t *cfg; /* config */ - bool_t daemon_mode; /* daemon mode? yes/no */ + bool_t daemon_mode; + bool_t debug_mode; char hostname[MAX_NAME_LEN]; /* my hostname */ uid_t next_uid; gid_t next_gid; @@ -186,7 +187,6 @@ typedef struct msg_table { #define IDMAP_CACHEDIR "/var/run/idmap" #define IDMAP_DBNAME IDMAP_DBDIR "/idmap.db" #define IDMAP_CACHENAME IDMAP_CACHEDIR "/idmap.db" -#define IDMAP_CACHENAME IDMAP_CACHEDIR "/idmap.db" #define EMPTY_STRING(str) (str == NULL || *str == 0) @@ -233,7 +233,7 @@ extern int init_dbs(); extern void fini_dbs(); extern idmap_retcode get_db_handle(sqlite **); extern idmap_retcode get_cache_handle(sqlite **); -extern idmap_retcode sql_exec_no_cb(sqlite *, char *); +extern idmap_retcode sql_exec_no_cb(sqlite *, const char *, char *); extern idmap_retcode add_namerule(sqlite *, idmap_namerule *); extern idmap_retcode rm_namerule(sqlite *, idmap_namerule *); extern idmap_retcode flush_namerules(sqlite *); @@ -243,8 +243,8 @@ extern char *tolower_u8(const char *); extern idmap_retcode gen_sql_expr_from_rule(idmap_namerule *, char **); extern idmap_retcode validate_list_cb_data(list_cb_data_t *, int, char **, int, uchar_t **, size_t); -extern idmap_retcode process_list_svc_sql(sqlite *, char *, uint64_t, - list_svc_cb, void *); +extern idmap_retcode process_list_svc_sql(sqlite *, const char *, char *, + uint64_t, list_svc_cb, void *); extern idmap_retcode sid2pid_first_pass(lookup_state_t *, sqlite *, idmap_mapping *, idmap_id_res *); extern idmap_retcode sid2pid_second_pass(lookup_state_t *, sqlite *, diff --git a/usr/src/cmd/idmap/idmapd/init.c b/usr/src/cmd/idmap/idmapd/init.c index 36bcd9c484..39915bb4a8 100644 --- a/usr/src/cmd/idmap/idmapd/init.c +++ b/usr/src/cmd/idmap/idmapd/init.c @@ -40,7 +40,6 @@ #include <sys/stat.h> #include <rpcsvc/daemon_utils.h> -static const char *me = "idmapd"; int init_mapping_system() @@ -91,8 +90,8 @@ load_config() if (rc != 0) /* Partial failure */ - idmapdlog(LOG_ERR, "%s: Various errors occurred while loading " - "the configuration; check the logs", me); + idmapdlog(LOG_ERR, "Various errors occurred while loading " + "the configuration; check the logs"); if (pgcfg->global_catalog == NULL || pgcfg->global_catalog[0].host[0] == '\0') { @@ -113,7 +112,7 @@ load_config() return (rc); } - idmapdlog(LOG_DEBUG, "%s: Initial configuration loaded", me); + idmapdlog(LOG_DEBUG, "Initial configuration loaded"); return (0); } @@ -131,9 +130,9 @@ reload_ad() if (pgcfg->default_domain == NULL || pgcfg->global_catalog == NULL) { if (_idmapdstate.ad == NULL) - idmapdlog(LOG_ERR, "%s: AD lookup disabled", me); + idmapdlog(LOG_ERR, "AD lookup disabled"); else - idmapdlog(LOG_ERR, "%s: cannot update AD context", me); + idmapdlog(LOG_ERR, "cannot update AD context"); return (-1); } @@ -173,51 +172,45 @@ print_idmapdstate() RDLOCK_CONFIG(); if (_idmapdstate.cfg == NULL) { - idmapdlog(LOG_INFO, "%s: Null configuration", me); + idmapdlog(LOG_INFO, "Null configuration"); UNLOCK_CONFIG(); return; } pgcfg = &_idmapdstate.cfg->pgcfg; - idmapdlog(LOG_DEBUG, "%s: list_size_limit=%llu", me, - pgcfg->list_size_limit); - idmapdlog(LOG_DEBUG, "%s: default_domain=%s", me, + idmapdlog(LOG_DEBUG, "list_size_limit=%llu", pgcfg->list_size_limit); + idmapdlog(LOG_DEBUG, "default_domain=%s", CHECK_NULL(pgcfg->default_domain)); - idmapdlog(LOG_DEBUG, "%s: domain_name=%s", me, - CHECK_NULL(pgcfg->domain_name)); - idmapdlog(LOG_DEBUG, "%s: machine_sid=%s", me, - CHECK_NULL(pgcfg->machine_sid)); + idmapdlog(LOG_DEBUG, "domain_name=%s", CHECK_NULL(pgcfg->domain_name)); + idmapdlog(LOG_DEBUG, "machine_sid=%s", CHECK_NULL(pgcfg->machine_sid)); if (pgcfg->domain_controller == NULL || pgcfg->domain_controller[0].host[0] == '\0') { - idmapdlog(LOG_DEBUG, "%s: No domain controllers known", me); + idmapdlog(LOG_DEBUG, "No domain controllers known"); } else { for (i = 0; pgcfg->domain_controller[i].host[0] != '\0'; i++) - idmapdlog(LOG_DEBUG, "%s: domain_controller=%s port=%d", - me, pgcfg->domain_controller[i].host, + idmapdlog(LOG_DEBUG, "domain_controller=%s port=%d", + pgcfg->domain_controller[i].host, pgcfg->domain_controller[i].port); } - idmapdlog(LOG_DEBUG, "%s: forest_name=%s", me, - CHECK_NULL(pgcfg->forest_name)); - idmapdlog(LOG_DEBUG, "%s: site_name=%s", me, - CHECK_NULL(pgcfg->site_name)); + idmapdlog(LOG_DEBUG, "forest_name=%s", CHECK_NULL(pgcfg->forest_name)); + idmapdlog(LOG_DEBUG, "site_name=%s", CHECK_NULL(pgcfg->site_name)); if (pgcfg->global_catalog == NULL || pgcfg->global_catalog[0].host[0] == '\0') { - idmapdlog(LOG_DEBUG, "%s: No global catalog servers known", me); + idmapdlog(LOG_DEBUG, "No global catalog servers known"); } else { for (i = 0; pgcfg->global_catalog[i].host[0] != '\0'; i++) - idmapdlog(LOG_DEBUG, "%s: global_catalog=%s port=%d", - me, + idmapdlog(LOG_DEBUG, "global_catalog=%s port=%d", pgcfg->global_catalog[i].host, pgcfg->global_catalog[i].port); } - idmapdlog(LOG_DEBUG, "%s: ds_name_mapping_enabled=%s", me, + idmapdlog(LOG_DEBUG, "ds_name_mapping_enabled=%s", (pgcfg->ds_name_mapping_enabled == TRUE) ? "true" : "false"); - idmapdlog(LOG_DEBUG, "%s: ad_unixuser_attr=%s", me, + idmapdlog(LOG_DEBUG, "ad_unixuser_attr=%s", CHECK_NULL(pgcfg->ad_unixuser_attr)); - idmapdlog(LOG_DEBUG, "%s: ad_unixgroup_attr=%s", me, + idmapdlog(LOG_DEBUG, "ad_unixgroup_attr=%s", CHECK_NULL(pgcfg->ad_unixgroup_attr)); - idmapdlog(LOG_DEBUG, "%s: nldap_winname_attr=%s", me, + idmapdlog(LOG_DEBUG, "nldap_winname_attr=%s", CHECK_NULL(pgcfg->nldap_winname_attr)); UNLOCK_CONFIG(); @@ -229,16 +222,14 @@ create_directory(const char *path, uid_t uid, gid_t gid) int rc; if ((rc = mkdir(path, 0700)) < 0 && errno != EEXIST) { - idmapdlog(LOG_ERR, - "%s: Error creating directory %s (%s)", - me, path, strerror(errno)); + idmapdlog(LOG_ERR, "Error creating directory %s (%s)", + path, strerror(errno)); return (-1); } if (lchown(path, uid, gid) < 0) { - idmapdlog(LOG_ERR, - "%s: Error creating directory %s (%s)", - me, path, strerror(errno)); + idmapdlog(LOG_ERR, "Error creating directory %s (%s)", + path, strerror(errno)); if (rc == 0) (void) rmdir(path); return (-1); diff --git a/usr/src/cmd/idmap/idmapd/server.c b/usr/src/cmd/idmap/idmapd/server.c index 052f6b16ae..3d9fecd4f3 100644 --- a/usr/src/cmd/idmap/idmapd/server.c +++ b/usr/src/cmd/idmap/idmapd/server.c @@ -57,8 +57,8 @@ return (1);\ } -#define PROCESS_LIST_SVC_SQL(rcode, db, sql, limit, cb, res, len)\ - rcode = process_list_svc_sql(db, sql, limit, cb, res);\ +#define PROCESS_LIST_SVC_SQL(rcode, db, dbname, sql, limit, cb, res, len)\ + rcode = process_list_svc_sql(db, dbname, sql, limit, cb, res);\ if (rcode == IDMAP_ERR_BUSY)\ res->retcode = IDMAP_ERR_BUSY;\ else if (rcode == IDMAP_SUCCESS && len == 0)\ @@ -350,7 +350,8 @@ idmap_get_mapped_ids_1_svc(idmap_mapping_batch batch, state.sid2pid_done = state.pid2sid_done = TRUE; /* Update cache in a single transaction */ - if (sql_exec_no_cb(cache, "BEGIN TRANSACTION;") != IDMAP_SUCCESS) + if (sql_exec_no_cb(cache, IDMAP_CACHENAME, "BEGIN TRANSACTION;") + != IDMAP_SUCCESS) goto out; for (i = 0; i < batch.idmap_mapping_batch_len; i++) { @@ -373,9 +374,11 @@ idmap_get_mapped_ids_1_svc(idmap_mapping_batch batch, /* Commit if we have at least one successful update */ if (state.sid2pid_done == FALSE || state.pid2sid_done == FALSE) - (void) sql_exec_no_cb(cache, "COMMIT TRANSACTION;"); + (void) sql_exec_no_cb(cache, IDMAP_CACHENAME, + "COMMIT TRANSACTION;"); else - (void) sql_exec_no_cb(cache, "END TRANSACTION;"); + (void) sql_exec_no_cb(cache, IDMAP_CACHENAME, + "END TRANSACTION;"); out: cleanup_lookup_state(&state); @@ -519,8 +522,8 @@ idmap_list_mappings_1_svc(int64_t lastrowid, uint64_t limit, } /* Execute the SQL statement and update the return buffer */ - PROCESS_LIST_SVC_SQL(retcode, cache, sql, limit, list_mappings_cb, - result, result->mappings.mappings_len); + PROCESS_LIST_SVC_SQL(retcode, cache, IDMAP_CACHENAME, sql, limit, + list_mappings_cb, result, result->mappings.mappings_len); out: if (sql) @@ -679,8 +682,8 @@ idmap_list_namerules_1_svc(idmap_namerule rule, uint64_t lastrowid, } /* Execute the SQL statement and update the return buffer */ - PROCESS_LIST_SVC_SQL(retcode, db, sql, limit, list_namerules_cb, - result, result->rules.rules_len); + PROCESS_LIST_SVC_SQL(retcode, db, IDMAP_DBNAME, sql, limit, + list_namerules_cb, result, result->rules.rules_len); out: if (expr) @@ -701,36 +704,31 @@ verify_rules_auth(struct svc_req *rqstp) uid_t uid; char buf[1024]; struct passwd pwd; - const char *me = "verify_rules_auth"; if (svc_getcallerucred(rqstp->rq_xprt, &uc) != 0) { - idmapdlog(LOG_ERR, - "%s: svc_getcallerucred failed (errno=%d)", - me, errno); + idmapdlog(LOG_ERR, "svc_getcallerucred failed during " + "authorization (%s)", strerror(errno)); return (-1); } uid = ucred_geteuid(uc); if (uid == (uid_t)-1) { - idmapdlog(LOG_ERR, - "%s: ucred_geteuid failed (errno=%d)", - me, errno); + idmapdlog(LOG_ERR, "ucred_geteuid failed during " + "authorization (%s)", strerror(errno)); ucred_free(uc); return (-1); } if (getpwuid_r(uid, &pwd, buf, sizeof (buf)) == NULL) { - idmapdlog(LOG_ERR, - "%s: getpwuid_r(%u) failed (errno=%d)", - me, uid, errno); + idmapdlog(LOG_ERR, "getpwuid_r(%u) failed during " + "authorization (%s)", uid, strerror(errno)); ucred_free(uc); return (-1); } if (chkauthattr(IDMAP_RULES_AUTH, pwd.pw_name) != 1) { - idmapdlog(LOG_INFO, - "%s: %s does not have authorization.", - me, pwd.pw_name); + idmapdlog(LOG_INFO, "%s is not authorized (%s)", + pwd.pw_name, IDMAP_RULES_AUTH); ucred_free(uc); return (-1); } @@ -781,7 +779,7 @@ idmap_update_1_svc(idmap_update_batch batch, idmap_update_res *res, if (res->retcode != IDMAP_SUCCESS) goto out; - res->retcode = sql_exec_no_cb(db, "BEGIN TRANSACTION;"); + res->retcode = sql_exec_no_cb(db, IDMAP_DBNAME, "BEGIN TRANSACTION;"); if (res->retcode != IDMAP_SUCCESS) goto out; trans = TRUE; @@ -826,12 +824,14 @@ out: if (trans) { if (res->retcode == IDMAP_SUCCESS) { res->retcode = - sql_exec_no_cb(db, "COMMIT TRANSACTION;"); + sql_exec_no_cb(db, IDMAP_DBNAME, + "COMMIT TRANSACTION;"); if (res->retcode != IDMAP_SUCCESS) res->error_index = -2; } else - (void) sql_exec_no_cb(db, "ROLLBACK TRANSACTION;"); + (void) sql_exec_no_cb(db, IDMAP_DBNAME, + "ROLLBACK TRANSACTION;"); } res->retcode = idmap_stat4prot(res->retcode); |