diff options
Diffstat (limited to 'usr/src')
25 files changed, 429 insertions, 582 deletions
diff --git a/usr/src/cmd/idmap/idmap/Makefile b/usr/src/cmd/idmap/idmap/Makefile index fef261b9e9..9853236a44 100644 --- a/usr/src/cmd/idmap/idmap/Makefile +++ b/usr/src/cmd/idmap/idmap/Makefile @@ -19,11 +19,9 @@ # CDDL HEADER END # # -# Copyright 2007 Sun Microsystems, Inc. All rights reserved. +# Copyright 2009 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # -#ident "%Z%%M% %I% %E% SMI" -# PROG = idmap CLIENTOBJS = idmap.o idmap_engine.o @@ -67,6 +65,8 @@ clean: lint: lint_SRCS +LINTFLAGS += -erroff=E_NAME_DEF_NOT_USED2 + include ../../Makefile.targ diff --git a/usr/src/cmd/idmap/idmap/idmap.c b/usr/src/cmd/idmap/idmap/idmap.c index f24717f0f0..7f2ab276a5 100644 --- a/usr/src/cmd/idmap/idmap/idmap.c +++ b/usr/src/cmd/idmap/idmap/idmap.c @@ -19,11 +19,10 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ -#pragma ident "%Z%%M% %I% %E% SMI" #include <stdio.h> #include <stdlib.h> @@ -31,6 +30,7 @@ #include <strings.h> #include <errno.h> #include <limits.h> +#include <syslog.h> #include <sys/varargs.h> #include "idmap_engine.h" #include "idmap_priv.h" @@ -248,6 +248,7 @@ static int do_set_namemap(flag_t *f, int argc, char **argv, cmd_pos_t *pos); static int do_unset_namemap(flag_t *f, int argc, char **argv, cmd_pos_t *pos); static int do_get_namemap(flag_t *f, int argc, char **argv, cmd_pos_t *pos); + /* Command names and their hanlers to be passed to idmap_engine */ static cmd_ops_t commands[] = { @@ -313,6 +314,7 @@ static cmd_ops_t commands[] = { } }; + /* Print error message, possibly with a position */ /* printflike */ static void @@ -671,7 +673,6 @@ init_nm_command(char *user, char *passwd, char *auth, char *windomain, } if (namemaps.handle == NULL) { - idmap_log_stderr(LOG_INFO); stat = idmap_init_namemaps(handle, &namemaps.handle, user, passwd, auth, windomain, direction); if (stat != IDMAP_SUCCESS) { @@ -3477,6 +3478,21 @@ cleanup: } +/* printflike */ +void +/* LINTED E_FUNC_ARG_UNUSED */ +logger(int pri, const char *format, ...) +{ + va_list args; + + va_start(args, format); + + (void) vfprintf(stderr, format, args); + (void) fprintf(stderr, "\n"); + + va_end(args); +} + /* main function. Returns 1 for error, 0 otherwise */ int @@ -3488,6 +3504,9 @@ main(int argc, char *argv[]) (void) setlocale(LC_ALL, ""); (void) textdomain(TEXT_DOMAIN); + /* Redirect logging */ + idmap_set_logger(logger); + /* idmap_engine determines the batch_mode: */ rc = engine_init(sizeof (commands) / sizeof (cmd_ops_t), commands, diff --git a/usr/src/cmd/idmap/idmapd/dbutils.c b/usr/src/cmd/idmap/idmapd/dbutils.c index 4e3db282eb..c34d5bb31d 100644 --- a/usr/src/cmd/idmap/idmapd/dbutils.c +++ b/usr/src/cmd/idmap/idmapd/dbutils.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -1093,7 +1093,7 @@ load_cfg_in_state(lookup_state_t *state) UNLOCK_CONFIG(); return (IDMAP_SUCCESS); } - if (_idmapdstate.cfg->pgcfg.ds_name_mapping_enabled == FALSE) { + if (!_idmapdstate.cfg->pgcfg.ds_name_mapping_enabled) { UNLOCK_CONFIG(); return (IDMAP_SUCCESS); } diff --git a/usr/src/cmd/idmap/idmapd/idmap_config.c b/usr/src/cmd/idmap/idmapd/idmap_config.c index fb000d5f0d..b3859789c2 100644 --- a/usr/src/cmd/idmap/idmapd/idmap_config.c +++ b/usr/src/cmd/idmap/idmapd/idmap_config.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -107,13 +107,13 @@ generate_machine_sid(char **machine_sid) /* In the case of error, exists is set to FALSE anyway */ static int -prop_exists(idmap_cfg_handles_t *handles, char *name, bool_t *exists) +prop_exists(idmap_cfg_handles_t *handles, char *name, boolean_t *exists) { scf_property_t *scf_prop; scf_value_t *value; - *exists = FALSE; + *exists = B_FALSE; scf_prop = scf_property_create(handles->main); if (scf_prop == NULL) { @@ -130,7 +130,7 @@ prop_exists(idmap_cfg_handles_t *handles, char *name, bool_t *exists) } if (scf_pg_get_property(handles->config_pg, name, scf_prop) == 0) - *exists = TRUE; + *exists = B_TRUE; scf_value_destroy(value); scf_property_destroy(scf_prop); @@ -514,7 +514,7 @@ destruction: * If nothing has changed it returns 0 else 1 */ static int -update_bool(bool_t *value, bool_t *new, char *name) +update_bool(boolean_t *value, boolean_t *new, char *name) { if (*value == *new) return (0); @@ -692,11 +692,11 @@ static int compare_trusteddomainsinforest(ad_disc_domainsinforest_t *df1, ad_disc_domainsinforest_t *df2) { - int i, j; - int num_df1 = 0; - int num_df2 = 0; - int match; - int err; + int i, j; + int num_df1 = 0; + int num_df2 = 0; + boolean_t match; + int err; for (i = 0; df1[i].domain[0] != '\0'; i++) if (df1[i].trusted) @@ -711,14 +711,14 @@ compare_trusteddomainsinforest(ad_disc_domainsinforest_t *df1, for (i = 0; df1[i].domain[0] != '\0'; i++) { if (df1[i].trusted) { - match = FALSE; + match = B_FALSE; for (j = 0; df2[j].domain[0] != '\0'; j++) { if (df2[j].trusted && u8_strcmp(df1[i].domain, df2[i].domain, 0, U8_STRCMP_CI_LOWER, U8_UNICODE_LATEST, &err) == 0 && err == 0 && strcmp(df1[i].sid, df2[i].sid) == 0) { - match = TRUE; + match = B_TRUE; break; } } @@ -740,7 +740,7 @@ update_trusted_forest(idmap_trustedforest_t **value, int *num_value, idmap_trustedforest_t **new, int *num_new, char *name) { int i, j; - int match; + boolean_t match; if (*value == *new) /* Nothing to do */ @@ -750,7 +750,7 @@ update_trusted_forest(idmap_trustedforest_t **value, int *num_value, if (*num_value != *num_new) goto not_equal; for (i = 0; i < *num_value; i++) { - match = FALSE; + match = B_FALSE; for (j = 0; j < *num_new; j++) { if (strcmp((*value)[i].forest_name, (*new)[j].forest_name) == 0 && @@ -760,7 +760,7 @@ update_trusted_forest(idmap_trustedforest_t **value, int *num_value, compare_trusteddomainsinforest( (*value)[i].domains_in_forest, (*new)[i].domains_in_forest) == 0) { - match = TRUE; + match = B_TRUE; break; } } @@ -907,14 +907,14 @@ retry: */ (void) unlink(IDMAP_CACHEDIR "/ccache"); /* HUP is the refresh method, so re-read SMF config */ - (void) idmapdlog(LOG_INFO, "SMF refresh"); + idmapdlog(LOG_INFO, "SMF refresh"); rc = idmap_cfg_load(_idmapdstate.cfg, CFG_DISCOVER|CFG_LOG); if (rc < -1) { - (void) idmapdlog(LOG_ERR, "Fatal errors while reading " + idmapdlog(LOG_ERR, "Fatal errors while reading " "SMF properties"); exit(1); } else if (rc == -1) { - (void) idmapdlog(LOG_WARNING, "Various errors " + idmapdlog(LOG_WARNING, "Various errors " "re-loading configuration may cause AD lookups " "to fail"); } @@ -958,7 +958,7 @@ idmap_cfg_update_thread(void *arg) (void) ad_disc_SubnetChanged(ad_ctx); if (idmap_cfg_load(_idmapdstate.cfg, CFG_DISCOVER) < -1) { - (void) idmapdlog(LOG_ERR, "Fatal errors while reading " + idmapdlog(LOG_ERR, "Fatal errors while reading " "SMF properties"); exit(1); } @@ -1049,7 +1049,7 @@ idmap_cfg_load_smf(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg, int rc; uint8_t bool_val; char *str = NULL; - bool_t new_debug_mode; + boolean_t new_debug_mode; if (scf_pg_update(handles->config_pg) < 0) { idmapdlog(LOG_ERR, "scf_pg_update() failed: %s", @@ -1069,7 +1069,7 @@ idmap_cfg_load_smf(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg, errors++; if (_idmapdstate.debug_mode != new_debug_mode) { - if (_idmapdstate.debug_mode == FALSE) { + if (!_idmapdstate.debug_mode) { _idmapdstate.debug_mode = new_debug_mode; idmap_log_stderr(LOG_DEBUG); idmapdlog(LOG_DEBUG, "debug mode enabled"); @@ -1097,7 +1097,7 @@ idmap_cfg_load_smf(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg, else { (void) ad_disc_set_DomainName(handles->ad_ctx, pgcfg->domain_name); - pgcfg->domain_name_auto_disc = FALSE; + pgcfg->domain_name_auto_disc = B_FALSE; } rc = get_val_astring(handles, "default_domain", @@ -1122,10 +1122,10 @@ idmap_cfg_load_smf(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg, * property was set and the new config/domain_name property was * not set). */ - pgcfg->dflt_dom_set_in_smf = TRUE; + pgcfg->dflt_dom_set_in_smf = B_TRUE; if (pgcfg->default_domain == NULL) { - pgcfg->dflt_dom_set_in_smf = FALSE; + pgcfg->dflt_dom_set_in_smf = B_FALSE; if (pgcfg->domain_name != NULL) { pgcfg->default_domain = strdup(pgcfg->domain_name); @@ -1136,7 +1136,7 @@ idmap_cfg_load_smf(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg, } } else if (str != NULL) { pgcfg->default_domain = strdup(str); - pgcfg->dflt_dom_set_in_smf = TRUE; + pgcfg->dflt_dom_set_in_smf = B_TRUE; idmapdlog(LOG_WARNING, "The config/mapping_domain property is " "obsolete; support for it will be removed, " @@ -1168,7 +1168,7 @@ idmap_cfg_load_smf(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg, else { (void) ad_disc_set_DomainController(handles->ad_ctx, pgcfg->domain_controller); - pgcfg->domain_controller_auto_disc = FALSE; + pgcfg->domain_controller_auto_disc = B_FALSE; } rc = get_val_astring(handles, "forest_name", &pgcfg->forest_name); @@ -1177,7 +1177,7 @@ idmap_cfg_load_smf(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg, else { (void) ad_disc_set_ForestName(handles->ad_ctx, pgcfg->forest_name); - pgcfg->forest_name_auto_disc = FALSE; + pgcfg->forest_name_auto_disc = B_FALSE; } rc = get_val_astring(handles, "site_name", &pgcfg->site_name); @@ -1194,7 +1194,7 @@ idmap_cfg_load_smf(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg, else { (void) ad_disc_set_GlobalCatalog(handles->ad_ctx, pgcfg->global_catalog); - pgcfg->global_catalog_auto_disc = FALSE; + pgcfg->global_catalog_auto_disc = B_FALSE; } /* @@ -1208,7 +1208,7 @@ idmap_cfg_load_smf(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg, if (!bool_val) return (rc); - pgcfg->ds_name_mapping_enabled = TRUE; + pgcfg->ds_name_mapping_enabled = B_TRUE; rc = get_val_astring(handles, "ad_unixuser_attr", &pgcfg->ad_unixuser_attr); if (rc != 0) @@ -1273,7 +1273,7 @@ idmap_cfg_discover(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg) int i, j, k, l; char *forestname; int num_trusteddomains; - int new_forest; + boolean_t new_forest; int err; char *trusteddomain; idmap_ad_disc_ds_t *globalcatalog; @@ -1354,11 +1354,11 @@ idmap_cfg_discover(idmap_cfg_handles_t *handles, idmap_pg_config_t *pgcfg) } /* Is this a new forest? */ - new_forest = TRUE; + new_forest = B_TRUE; for (k = 0; k < j; k++) { if (strcasecmp(forestname, trustedforests[k].forest_name) == 0) { - new_forest = FALSE; + new_forest = B_FALSE; domainsinforest = trustedforests[k].domains_in_forest; break; @@ -1527,7 +1527,7 @@ idmap_cfg_load(idmap_cfg_t *cfg, int flags) &new_pgcfg.nldap_winname_attr, "nldap_winname_attr"); /* Props that can be discovered and set in SMF updated here */ - if (live_pgcfg->dflt_dom_set_in_smf == FALSE) + if (!live_pgcfg->dflt_dom_set_in_smf) changed += update_string(&live_pgcfg->default_domain, &new_pgcfg.default_domain, "default_domain"); diff --git a/usr/src/cmd/idmap/idmapd/idmap_config.h b/usr/src/cmd/idmap/idmapd/idmap_config.h index 3ca051facd..d8a6f4c810 100644 --- a/usr/src/cmd/idmap/idmapd/idmap_config.h +++ b/usr/src/cmd/idmap/idmapd/idmap_config.h @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -75,19 +75,19 @@ typedef struct idmap_pg_config { */ char *machine_sid; /* machine sid */ char *default_domain; /* default domain name */ - bool_t dflt_dom_set_in_smf; + boolean_t dflt_dom_set_in_smf; char *domain_name; /* AD domain name */ - int domain_name_auto_disc; + boolean_t domain_name_auto_disc; idmap_ad_disc_ds_t *domain_controller; /* domain controller hosts */ - int domain_controller_auto_disc; + boolean_t domain_controller_auto_disc; char *forest_name; /* forest name */ - int forest_name_auto_disc; + boolean_t forest_name_auto_disc; char *site_name; /* site name */ - int site_name_auto_disc; + boolean_t site_name_auto_disc; idmap_ad_disc_ds_t *global_catalog; /* global catalog hosts */ - int global_catalog_auto_disc; + boolean_t global_catalog_auto_disc; ad_disc_domainsinforest_t *domains_in_forest; ad_disc_trusteddomains_t @@ -103,8 +103,8 @@ typedef struct idmap_pg_config { char *ad_unixuser_attr; char *ad_unixgroup_attr; char *nldap_winname_attr; - bool_t ds_name_mapping_enabled; - bool_t eph_map_unres_sids; + boolean_t ds_name_mapping_enabled; + boolean_t eph_map_unres_sids; } idmap_pg_config_t; typedef struct idmap_cfg { diff --git a/usr/src/cmd/idmap/idmapd/idmapd.c b/usr/src/cmd/idmap/idmapd/idmapd.c index 1c51d0c4d8..b625c7df9a 100644 --- a/usr/src/cmd/idmap/idmapd/idmapd.c +++ b/usr/src/cmd/idmap/idmapd/idmapd.c @@ -19,11 +19,10 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ -#pragma ident "%Z%%M% %I% %E% SMI" /* * main() of idmapd(1M) @@ -40,7 +39,6 @@ #include <stropts.h> #include <netconfig.h> #include <sys/resource.h> /* rlimit */ -#include <syslog.h> #include <rpcsvc/daemon_utils.h> /* DAEMON_UID and DAEMON_GID */ #include <priv_utils.h> /* privileges */ #include <locale.h> @@ -61,6 +59,7 @@ static void term_handler(int); static void init_idmapd(); static void fini_idmapd(); + #define _RPCSVC_CLOSEDOWN 120 int _rpcsvcstate = _IDLE; /* Set when a request is serviced */ @@ -78,6 +77,24 @@ static uint32_t num_threads = 0; static pthread_key_t create_threads_key; static uint32_t max_threads = 40; + +/* + * The following structure determines where the log messages from idmapdlog() + * go to. It can be stderr (idmapd -d) and/or the real idmapdlog (idmapd). + * + * logstate.max_pri is integer cutoff necessary to silence low-priority + * messages to stderr. idmapdlog has its own means so there a boolean + * logstate.write_idmapdlog is enough. + * + * logstate.degraded is a mode used by idmapd in its degraded state. + */ + +static struct { + boolean_t write_syslog; + int max_pri; /* Max priority written to stderr */ + boolean_t degraded; +} logstate = {B_FALSE, LOG_DEBUG, B_FALSE}; + /* * Server door thread start routine. * @@ -183,9 +200,9 @@ term_handler(int sig) static void usr1_handler(int sig) { - bool_t saved_debug_mode = _idmapdstate.debug_mode; + boolean_t saved_debug_mode = _idmapdstate.debug_mode; - _idmapdstate.debug_mode = TRUE; + _idmapdstate.debug_mode = B_TRUE; idmap_log_stderr(LOG_DEBUG); print_idmapdstate(); @@ -281,7 +298,8 @@ main(int argc, char **argv) (void) setlocale(LC_ALL, ""); (void) textdomain(TEXT_DOMAIN); - idmap_log_syslog(TRUE); + idmap_set_logger(idmapdlog); + idmap_log_syslog(B_TRUE); idmap_log_stderr(_idmapdstate.daemon_mode ? -1 : LOG_DEBUG); if (is_system_labeled() && getzoneid() != GLOBAL_ZONEID) { @@ -308,7 +326,7 @@ main(int argc, char **argv) if (_idmapdstate.daemon_mode == TRUE) { if (daemonize_start() < 0) { - (void) idmapdlog(LOG_ERR, "unable to daemonize"); + idmapdlog(LOG_ERR, "unable to daemonize"); exit(-1); } } else @@ -491,7 +509,7 @@ degrade_svc(int poke_discovery, const char *reason) membar_producer(); degraded = 1; - idmap_log_degraded(TRUE); + idmap_log_degraded(B_TRUE); if ((fmri = get_fmri()) != NULL) (void) smf_degrade_instance(fmri, 0); @@ -511,33 +529,52 @@ restore_svc(void) membar_producer(); degraded = 0; - idmap_log_degraded(FALSE); + idmap_log_degraded(B_FALSE); idmapdlog(LOG_NOTICE, "Normal operation restored"); } -#if 0 + +/* printflike */ void -idmapdlog(int pri, const char *format, ...) -{ +idmapdlog(int pri, const char *format, ...) { va_list args; - va_start(args, format); - - if (_idmapdstate.debug_mode == TRUE || - _idmapdstate.daemon_mode == FALSE) { + if (pri <= logstate.max_pri) { + va_start(args, format); (void) vfprintf(stderr, format, args); (void) fprintf(stderr, "\n"); + va_end(args); } /* * We don't want to fill up the logs with useless messages when * we're degraded, but we still want to log. */ - if (degraded) + if (logstate.degraded) pri = LOG_DEBUG; - (void) vsyslog(pri, format, args); - va_end(args); + if (logstate.write_syslog) { + va_start(args, format); + vsyslog(pri, format, args); + va_end(args); + } +} + +void +idmap_log_stderr(int pri) +{ + logstate.max_pri = pri; +} + +void +idmap_log_syslog(boolean_t what) +{ + logstate.write_syslog = what; +} + +void +idmap_log_degraded(boolean_t what) +{ + logstate.degraded = what; } -#endif diff --git a/usr/src/cmd/idmap/idmapd/idmapd.h b/usr/src/cmd/idmap/idmapd/idmapd.h index 035212a15b..7edd028316 100644 --- a/usr/src/cmd/idmap/idmapd/idmapd.h +++ b/usr/src/cmd/idmap/idmapd/idmapd.h @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -35,9 +35,11 @@ #include <libintl.h> #include <strings.h> #include <sqlite/sqlite.h> +#include <syslog.h> #include <inttypes.h> #include "idmap_prot.h" #include "adutils.h" +#include "idmap_priv.h" #include "idmap_config.h" #include "libadutils.h" @@ -278,6 +280,11 @@ extern idmap_retcode lookup_name2sid(sqlite *, const char *, const char *, extern idmap_retcode lookup_wksids_name2sid(const char *, char **, char **, idmap_rid_t *, int *); + +extern void idmap_log_stderr(int); +extern void idmap_log_syslog(boolean_t); +extern void idmap_log_degraded(boolean_t); + #ifdef __cplusplus } #endif diff --git a/usr/src/cmd/idmap/idmapd/init.c b/usr/src/cmd/idmap/idmapd/init.c index 0a6d1ef046..2e60fb40f5 100644 --- a/usr/src/cmd/idmap/idmapd/init.c +++ b/usr/src/cmd/idmap/idmapd/init.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -303,7 +303,7 @@ print_idmapdstate() } idmapdlog(LOG_DEBUG, "ds_name_mapping_enabled=%s", - (pgcfg->ds_name_mapping_enabled == TRUE) ? "true" : "false"); + (pgcfg->ds_name_mapping_enabled) ? "true" : "false"); idmapdlog(LOG_DEBUG, "ad_unixuser_attr=%s", CHECK_NULL(pgcfg->ad_unixuser_attr)); idmapdlog(LOG_DEBUG, "ad_unixgroup_attr=%s", diff --git a/usr/src/cmd/idmap/idmapd/nldaputils.h b/usr/src/cmd/idmap/idmapd/nldaputils.h index ab349be1cb..bdd17fe2af 100644 --- a/usr/src/cmd/idmap/idmapd/nldaputils.h +++ b/usr/src/cmd/idmap/idmapd/nldaputils.h @@ -19,18 +19,15 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #ifndef _NLDAPUTILS_H #define _NLDAPUTILS_H -#pragma ident "%Z%%M% %I% %E% SMI" - #include <stdio.h> #include <stdlib.h> -#include <syslog.h> #include <stdarg.h> #include <synch.h> #include <thread.h> diff --git a/usr/src/lib/Makefile b/usr/src/lib/Makefile index 153635bd2d..7a74ff3d20 100644 --- a/usr/src/lib/Makefile +++ b/usr/src/lib/Makefile @@ -19,7 +19,7 @@ # CDDL HEADER END # # -# Copyright 2008 Sun Microsystems, Inc. All rights reserved. +# Copyright 2009 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # @@ -532,8 +532,8 @@ gss_mechs/mech_krb5: libgss libnsl libsocket libresolv pkcs11 libadt_jni: libbsm $(CLOSED_BUILD)libc: $(CLOSED)/lib/libc_i18n libast: libsocket -libadutils: libldap5 libidmap -nsswitch: libadutils +libadutils: libldap5 libresolv libsocket libnsl +nsswitch: libadutils libidmap libbsm: libtsol libcmd: libsum libast libsocket libnsl libcmdutils: libavl @@ -552,7 +552,7 @@ libdtrace_jni: libuutil libdtrace libefi: libuuid libfstyp: libnvpair libelfsign: libcryptoutil libkmf -libidmap: libnsl +libidmap: libadutils libldap5 libavl libsldap libinetcfg: libnsl libsocket libdlpi libiscsit: libc libnvpair libstmf libuuid libnsl libkmf: libcryptoutil pkcs11 openssl diff --git a/usr/src/lib/libadutils/Makefile.com b/usr/src/lib/libadutils/Makefile.com index bdb5668bd8..e4f524a09f 100644 --- a/usr/src/lib/libadutils/Makefile.com +++ b/usr/src/lib/libadutils/Makefile.com @@ -19,32 +19,43 @@ # CDDL HEADER END # # -# Copyright 2008 Sun Microsystems, Inc. All rights reserved. +# Copyright 2009 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # LIBRARY = libadutils.a VERS = .1 -OBJECTS = adutils.o -LINT_OBJECTS = adutils.o +OBJECTS = adutils.o addisc.o +LINT_OBJECTS = adutils.o addisc.o include ../../Makefile.lib LIBS = $(DYNLIB) $(LINTLIB) -LDLIBS += -lc -lldap -lidmap +LDLIBS += -lc -lldap -lresolv -lsocket -lnsl SRCDIR = ../common $(LINTLIB):= SRCS = $(SRCDIR)/$(LINTSRC) + IDMAP_PROT_DIR = $(SRC)/head/rpcsvc +IDMAP_PROT_X = $(IDMAP_PROT_DIR)/idmap_prot.x +IDMAP_PROT_H = $(IDMAP_PROT_DIR)/idmap_prot.h + CFLAGS += $(CCVERBOSE) -CPPFLAGS += -D_REENTRANT -I$(SRCDIR) -I$(SRC)/lib/libidmap/common \ - -I$(IDMAP_PROT_DIR) +CPPFLAGS += -D_REENTRANT -I$(SRCDIR) -I$(IDMAP_PROT_DIR) + +CLOBBERFILES += $(IDMAP_PROT_H) lint := OBJECTS = $(LINT_OBJECTS) .KEEP_STATE: -all: $(LIBS) +all: $(IDMAP_PROT_H) $(LIBS) + +$(IDMAP_PROT_H): $(IDMAP_PROT_X) + $(RM) $@; $(RPCGEN) -CMNh -o $@ $(IDMAP_PROT_X) lint: lintcheck +LINTFLAGS += -erroff=E_CONSTANT_CONDITION +LINTFLAGS64 += -erroff=E_CONSTANT_CONDITION + include ../../Makefile.targ diff --git a/usr/src/lib/libidmap/common/addisc.c b/usr/src/lib/libadutils/common/addisc.c index be49e53f41..5890129f72 100644 --- a/usr/src/lib/libidmap/common/addisc.c +++ b/usr/src/lib/libadutils/common/addisc.c @@ -20,11 +20,10 @@ */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ - /* * Active Directory Auto-Discovery. * @@ -100,6 +99,8 @@ #include <ldap.h> #include <sasl/sasl.h> #include <sys/u8_textprep.h> +#include <syslog.h> +#include "adutils_impl.h" #include "addisc.h" @@ -141,7 +142,7 @@ typedef struct ad_disc { struct __res_state res_state; int res_ninitted; ad_subnet_t *subnets; - int subnets_changed; + boolean_t subnets_changed; time_t subnets_last_check; ad_item_t domain_name; /* DNS hostname string */ ad_item_t domain_controller; /* Directory hostname and */ @@ -208,17 +209,17 @@ update_version(ad_item_t *item, int num, ad_item_t *param) -static int +static boolean_t is_valid(ad_item_t *item) { if (item->value != NULL) { if (item->state == AD_STATE_FIXED) - return (TRUE); + return (B_TRUE); if (item->state == AD_STATE_AUTO && (item->ttl == 0 || item->ttl > time(NULL))) - return (TRUE); + return (B_TRUE); } - return (FALSE); + return (B_FALSE); } @@ -256,10 +257,10 @@ update_item(ad_item_t *item, void *value, enum ad_item_state state, int ad_disc_compare_ds(idmap_ad_disc_ds_t *ds1, idmap_ad_disc_ds_t *ds2) { - int i, j; - int num_ds1; - int num_ds2; - int match; + int i, j; + int num_ds1; + int num_ds2; + boolean_t match; for (i = 0; ds1[i].host[0] != '\0'; i++) continue; @@ -271,11 +272,11 @@ ad_disc_compare_ds(idmap_ad_disc_ds_t *ds1, idmap_ad_disc_ds_t *ds2) return (1); for (i = 0; i < num_ds1; i++) { - match = FALSE; + match = B_FALSE; for (j = 0; j < num_ds2; j++) { if (strcmp(ds1[i].host, ds2[i].host) == 0 && ds1[i].port == ds2[i].port) { - match = TRUE; + match = B_TRUE; break; } } @@ -309,11 +310,11 @@ int ad_disc_compare_trusteddomains(ad_disc_trusteddomains_t *td1, ad_disc_trusteddomains_t *td2) { - int i, j; - int num_td1; - int num_td2; - int match; - int err; + int i, j; + int num_td1; + int num_td2; + boolean_t match; + int err; for (i = 0; td1[i].domain[0] != '\0'; i++) continue; @@ -327,12 +328,12 @@ ad_disc_compare_trusteddomains(ad_disc_trusteddomains_t *td1, return (1); for (i = 0; i < num_td1; i++) { - match = FALSE; + match = B_FALSE; for (j = 0; j < num_td2; j++) { if (u8_strcmp(td1[i].domain, td2[i].domain, 0, U8_STRCMP_CI_LOWER, U8_UNICODE_LATEST, &err) == 0 && err == 0) { - match = TRUE; + match = B_TRUE; break; } } @@ -368,11 +369,11 @@ int ad_disc_compare_domainsinforest(ad_disc_domainsinforest_t *df1, ad_disc_domainsinforest_t *df2) { - int i, j; - int num_df1; - int num_df2; - int match; - int err; + int i, j; + int num_df1; + int num_df2; + boolean_t match; + int err; for (i = 0; df1[i].domain[0] != '\0'; i++) continue; @@ -386,13 +387,13 @@ ad_disc_compare_domainsinforest(ad_disc_domainsinforest_t *df1, return (1); for (i = 0; i < num_df1; i++) { - match = FALSE; + match = B_FALSE; for (j = 0; j < num_df2; j++) { if (u8_strcmp(df1[i].domain, df2[i].domain, 0, U8_STRCMP_CI_LOWER, U8_UNICODE_LATEST, &err) == 0 && err == 0 && strcmp(df1[i].sid, df2[i].sid) == 0) { - match = TRUE; + match = B_TRUE; break; } } @@ -444,7 +445,7 @@ find_subnets() lifrp = &lifr; if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { - idmapdlog(LOG_ERR, "Failed to open IPv4 socket for " + logger(LOG_ERR, "Failed to open IPv4 socket for " "listing network interfaces (%s)", strerror(errno)); return (NULL); } @@ -452,7 +453,7 @@ find_subnets() lifn.lifn_family = AF_INET; lifn.lifn_flags = 0; if (ioctl(sock, SIOCGLIFNUM, (char *)&lifn) < 0) { - idmapdlog(LOG_ERR, + logger(LOG_ERR, "Failed to find the number of network interfaces (%s)", strerror(errno)); close(sock); @@ -460,7 +461,7 @@ find_subnets() } if (lifn.lifn_count < 1) { - idmapdlog(LOG_ERR, "No IPv4 network interfaces found"); + logger(LOG_ERR, "No IPv4 network interfaces found"); close(sock); return (NULL); } @@ -471,13 +472,13 @@ find_subnets() lifc.lifc_buf = malloc(lifc.lifc_len); if (lifc.lifc_buf == NULL) { - idmapdlog(LOG_ERR, "Out of memory"); + logger(LOG_ERR, "Out of memory"); close(sock); return (NULL); } if (ioctl(sock, SIOCGLIFCONF, (char *)&lifc) < 0) { - idmapdlog(LOG_ERR, "Failed to list network interfaces (%s)", + logger(LOG_ERR, "Failed to list network interfaces (%s)", strerror(errno)); free(lifc.lifc_buf); close(sock); @@ -522,7 +523,7 @@ cmpsubnets(ad_subnet_t *subnets1, ad_subnet_t *subnets2) { int num_subnets1; int num_subnets2; - int matched; + boolean_t matched; int i, j; for (i = 0; subnets1[i].subnet[0] != '\0'; i++) @@ -537,11 +538,11 @@ cmpsubnets(ad_subnet_t *subnets1, ad_subnet_t *subnets2) return (1); for (i = 0; i < num_subnets1; i++) { - matched = FALSE; + matched = B_FALSE; for (j = 0; j < num_subnets2; j++) { if (strcmp(subnets1[i].subnet, subnets2[j].subnet) == 0) { - matched = TRUE; + matched = B_TRUE; break; } } @@ -555,7 +556,7 @@ cmpsubnets(ad_subnet_t *subnets1, ad_subnet_t *subnets2) /* Convert a DN's DC components into a DNS domainname */ -static char * +char * DN_to_DNS(const char *dn_name) { char dns[DNS_MAX_NAME]; @@ -690,7 +691,6 @@ srv_query(res_state state, const char *svc_name, const char *dname, uint16_t class; uint32_t rttl; uint16_t size; - char *query_type; char namebuf[NS_MAXDNAME]; if (state == NULL) @@ -703,26 +703,33 @@ srv_query(res_state state, const char *svc_name, const char *dname, /* Search, querydomain or query */ if (rrname != NULL) { - query_type = "search"; *rrname = NULL; len = res_nsearch(state, svc_name, C_IN, T_SRV, msg.buf, sizeof (msg.buf)); + logger(LOG_DEBUG, "Searching DNS for SRV RRs named '%s'", + svc_name); + if (len < 0) { + logger(LOG_DEBUG, "DNS search for '%s' failed (%s)", + svc_name, hstrerror(state->res_h_errno)); + return (NULL); + } } else if (dname != NULL) { - query_type = "query"; len = res_nquerydomain(state, svc_name, dname, C_IN, T_SRV, msg.buf, sizeof (msg.buf)); - } - - idmapdlog(LOG_DEBUG, "%sing DNS for SRV RRs named '%s'", - query_type, svc_name); + logger(LOG_DEBUG, + "Querying DNS for SRV RRs named '%s' for '%s' ", + svc_name, dname); - if (len < 0) { - idmapdlog(LOG_DEBUG, "DNS %s for '%s' failed (%s)", - query_type, svc_name, hstrerror(state->res_h_errno)); - return (NULL); + if (len < 0) { + logger(LOG_DEBUG, + "DNS query for '%s' for '%s' failed (%s)", + svc_name, dname, hstrerror(state->res_h_errno)); + return (NULL); + } } + if (len > sizeof (msg.buf)) { - idmapdlog(LOG_ERR, "DNS query %ib message doesn't fit" + logger(LOG_ERR, "DNS query %ib message doesn't fit" " into %ib buffer", len, sizeof (msg.buf)); return (NULL); @@ -737,7 +744,7 @@ srv_query(res_state state, const char *svc_name, const char *dname, for (cnt = qdcount; cnt > 0; --cnt) { if ((len = dn_skipname(ptr, eom)) < 0) { - idmapdlog(LOG_ERR, "DNS query invalid message format"); + logger(LOG_ERR, "DNS query invalid message format"); return (NULL); } ptr += len + QFIXEDSZ; @@ -754,7 +761,7 @@ srv_query(res_state state, const char *svc_name, const char *dname, len = dn_expand(msg.buf, eom, ptr, namebuf, sizeof (namebuf)); if (len < 0) { - idmapdlog(LOG_ERR, "DNS query invalid message format"); + logger(LOG_ERR, "DNS query invalid message format"); return (NULL); } if (rrname != NULL && *rrname == NULL) @@ -765,7 +772,7 @@ srv_query(res_state state, const char *svc_name, const char *dname, NS_GET32(rttl, ptr); NS_GET16(size, ptr); if ((end = ptr + size) > eom) { - idmapdlog(LOG_ERR, "DNS query invalid message format"); + logger(LOG_ERR, "DNS query invalid message format"); return (NULL); } @@ -780,14 +787,14 @@ srv_query(res_state state, const char *svc_name, const char *dname, len = dn_expand(msg.buf, eom, ptr, srv->host, sizeof (srv->host)); if (len < 0) { - idmapdlog(LOG_ERR, "DNS query invalid SRV record"); + logger(LOG_ERR, "DNS query invalid SRV record"); return (NULL); } if (rttl < *ttl) *ttl = rttl; - idmapdlog(LOG_DEBUG, "Found %s %d IN SRV [%d][%d] %s:%d", + logger(LOG_DEBUG, "Found %s %d IN SRV [%d][%d] %s:%d", namebuf, rttl, srv->priority, srv->weight, srv->host, srv->port); @@ -804,23 +811,6 @@ srv_query(res_state state, const char *svc_name, const char *dname, } -static int -/* ARGSUSED */ -saslcallback(LDAP *ld, unsigned flags, void *defaults, void *prompts) -{ - sasl_interact_t *interact; - - if (prompts == NULL || flags != LDAP_SASL_INTERACTIVE) - return (LDAP_PARAM_ERROR); - - /* There should be no extra arguemnts for SASL/GSSAPI authentication */ - for (interact = prompts; interact->id != SASL_CB_LIST_END; interact++) { - interact->result = NULL; - interact->len = 0; - } - return (LDAP_SUCCESS); -} - /* * A utility function to bind to a Directory server */ @@ -839,7 +829,7 @@ ldap_lookup_init(idmap_ad_disc_ds_t *ds) for (i = 0; ds[i].host[0] != '\0'; i++) { ld = ldap_init(ds[i].host, ds[i].port); if (ld == NULL) { - idmapdlog(LOG_DEBUG, "Couldn't connect to " + logger(LOG_DEBUG, "Couldn't connect to " "AD DC %s:%d (%s)", ds[i].host, ds[i].port, strerror(errno)); @@ -866,7 +856,7 @@ ldap_lookup_init(idmap_ad_disc_ds_t *ds) if (rc == LDAP_SUCCESS) break; - idmapdlog(LOG_INFO, "LDAP SASL bind to %s:%d failed (%s)", + logger(LOG_INFO, "LDAP SASL bind to %s:%d failed (%s)", ds[i].host, ds[i].port, ldap_err2string(rc)); (void) ldap_unbind(ld); ld = NULL; @@ -875,6 +865,7 @@ ldap_lookup_init(idmap_ad_disc_ds_t *ds) } + /* * A utility function to get the value of some attribute of one of one * or more AD LDAP objects named by the dn_list; first found one wins. @@ -1009,77 +1000,6 @@ ldap_lookup_trusted_domains(LDAP **ld, idmap_ad_disc_ds_t *globalCatalog, return (trusted_domains); } -static int -decode_sid(BerValue *bval, char *sid_txt) -{ - int i, j; - uchar_t *v; - uint32_t a; - struct sid { - uchar_t version; - uchar_t sub_authority_count; - uint64_t authority; /* really, 48-bits */ - uint32_t sub_authorities[16]; - } sid; - char *ptr; - int len; - int rlen; - - - /* - * The binary format of a SID is as follows: - * - * byte #0: version, always 0x01 - * byte #1: RID count, always <= 0x0f - * bytes #2-#7: SID authority, big-endian 48-bit unsigned int - * - * followed by RID count RIDs, each a little-endian, unsigned - * 32-bit int. - */ - /* - * Sanity checks: must have at least one RID, version must be - * 0x01, and the length must be 8 + rid count * 4 - */ - if (bval->bv_len > 8 && bval->bv_val[0] == 0x01 && - bval->bv_len == 1 + 1 + 6 + bval->bv_val[1] * 4) { - v = (uchar_t *)bval->bv_val; - sid.version = v[0]; - sid.sub_authority_count = v[1]; - sid.authority = - /* big endian -- so start from the left */ - ((u_longlong_t)v[2] << 40) | - ((u_longlong_t)v[3] << 32) | - ((u_longlong_t)v[4] << 24) | - ((u_longlong_t)v[5] << 16) | - ((u_longlong_t)v[6] << 8) | - (u_longlong_t)v[7]; - for (i = 0; i < sid.sub_authority_count; i++) { - j = 8 + (i * 4); - /* little endian -- so start from the right */ - a = (v[j + 3] << 24) | (v[j + 2] << 16) | - (v[j + 1] << 8) | (v[j]); - sid.sub_authorities[i] = a; - } - - ptr = sid_txt; - len = AD_DISC_MAXSID; - rlen = snprintf(ptr, len, "S-1-%llu", sid.authority); - - ptr += rlen; - len -= rlen; - - for (i = 0; i < sid.sub_authority_count; i++) { - assert(len > 0); - rlen = snprintf( - ptr, len, "-%u", sid.sub_authorities[i]); - ptr += rlen; - len -= rlen; - } - assert(len > 0); - return (0); - } - return (-1); -} /* * This functions finds all the domains in a forest. @@ -1102,19 +1022,18 @@ ldap_lookup_domains_in_forest(LDAP **ld, idmap_ad_disc_ds_t *globalCatalogs) struct berval **sid_ber; int num = 0; ad_disc_domainsinforest_t *domains = NULL; + ad_disc_domainsinforest_t *tmp; int i; char *name; + adutils_sid_t sid; + char *sid_str; if (*ld == NULL) *ld = ldap_lookup_init(globalCatalogs); - if (*ld == NULL) { - idmapdlog(LOG_NOTICE, "Couldn't open and SASL bind LDAP " - "connections to any domain controllers; discovery of " - "some items will fail"); + if (*ld == NULL) return (NULL); - } root_attrs[0] = "namingContexts"; root_attrs[1] = NULL; @@ -1149,25 +1068,41 @@ ldap_lookup_domains_in_forest(LDAP **ld, idmap_ad_disc_ds_t *globalCatalogs) "objectSid"); if (sid_ber != NULL) { num++; - domains = realloc(domains, + tmp = realloc(domains, (num + 1) * sizeof (ad_disc_domainsinforest_t)); - if (domains == NULL) { + if (tmp == NULL) { + if (domains != NULL) + free(domains); ldap_value_free_len(sid_ber); ldap_msgfree(result); ldap_value_free(nc); return (NULL); } + domains = tmp; memset(&domains[num], 0, sizeof (ad_disc_domainsinforest_t)); - if (decode_sid(sid_ber[0], - domains[num - 1].sid) < 0) { + + if (adutils_getsid(sid_ber[0], &sid) + < 0) { + free(domains); + ldap_value_free_len(sid_ber); + ldap_msgfree(result); + ldap_value_free(nc); + return (NULL); + } + if ((sid_str = adutils_sid2txt(&sid)) + == NULL) { + free(domains); ldap_value_free_len(sid_ber); ldap_msgfree(result); ldap_value_free(nc); return (NULL); } + ldap_value_free_len(sid_ber); + strcpy(domains[num - 1].sid, sid_str); + free(sid_str); name = DN_to_DNS(nc[i]); if (name == NULL) { @@ -1328,7 +1263,7 @@ validate_DomainName(ad_disc_t ctx) free(srvname); if (dname == NULL) { - idmapdlog(LOG_ERR, "Out of memory"); + logger(LOG_ERR, "Out of memory"); return (NULL); } @@ -1343,7 +1278,7 @@ validate_DomainName(ad_disc_t ctx) char * -ad_disc_get_DomainName(ad_disc_t ctx, int *auto_discovered) +ad_disc_get_DomainName(ad_disc_t ctx, boolean_t *auto_discovered) { char *domain_name = NULL; ad_item_t *domain_name_item; @@ -1356,7 +1291,7 @@ ad_disc_get_DomainName(ad_disc_t ctx, int *auto_discovered) *auto_discovered = (domain_name_item->state == AD_STATE_AUTO); } else if (auto_discovered != NULL) - *auto_discovered = FALSE; + *auto_discovered = B_FALSE; return (domain_name); } @@ -1368,8 +1303,8 @@ validate_DomainController(ad_disc_t ctx, enum ad_disc_req req) { uint32_t ttl = 0; idmap_ad_disc_ds_t *domain_controller = NULL; - int validate_global = FALSE; - int validate_site = FALSE; + boolean_t validate_global = B_FALSE; + boolean_t validate_site = B_FALSE; ad_item_t *domain_name_item; ad_item_t *site_name_item = NULL; @@ -1382,13 +1317,13 @@ validate_DomainController(ad_disc_t ctx, enum ad_disc_req req) return (NULL); if (req == AD_DISC_GLOBAL) - validate_global = TRUE; + validate_global = B_TRUE; else { site_name_item = validate_SiteName(ctx); if (site_name_item != NULL) - validate_site = TRUE; + validate_site = B_TRUE; else if (req == AD_DISC_PREFER_SITE) - validate_global = TRUE; + validate_global = B_TRUE; } if (validate_global) { @@ -1449,7 +1384,7 @@ validate_DomainController(ad_disc_t ctx, enum ad_disc_req req) idmap_ad_disc_ds_t * ad_disc_get_DomainController(ad_disc_t ctx, enum ad_disc_req req, - int *auto_discovered) + boolean_t *auto_discovered) { ad_item_t *domain_controller_item; idmap_ad_disc_ds_t *domain_controller = NULL; @@ -1462,7 +1397,7 @@ ad_disc_get_DomainController(ad_disc_t ctx, enum ad_disc_req req, *auto_discovered = (domain_controller_item->state == AD_STATE_AUTO); } else if (auto_discovered != NULL) - *auto_discovered = FALSE; + *auto_discovered = B_FALSE; return (domain_controller); } @@ -1482,7 +1417,7 @@ validate_SiteName(ad_disc_t ctx) char *forest_name; int len; int i; - int update_required = FALSE; + boolean_t update_required = B_FALSE; ad_item_t *domain_controller_item; if (is_fixed(&ctx->site_name)) @@ -1498,12 +1433,12 @@ validate_SiteName(ad_disc_t ctx) ctx->subnets == NULL || ctx->subnets_changed) { subnets = find_subnets(); ctx->subnets_last_check = time(NULL); - update_required = TRUE; + update_required = B_TRUE; } else if (ctx->subnets_last_check + 60 < time(NULL)) { subnets = find_subnets(); ctx->subnets_last_check = time(NULL); if (cmpsubnets(ctx->subnets, subnets) != 0) - update_required = TRUE; + update_required = B_TRUE; } if (!update_required) { @@ -1573,7 +1508,7 @@ validate_SiteName(ad_disc_t ctx) } ctx->subnets = subnets; subnets = NULL; - ctx->subnets_changed = FALSE; + ctx->subnets_changed = B_FALSE; out: if (ld != NULL) @@ -1598,7 +1533,7 @@ out: char * -ad_disc_get_SiteName(ad_disc_t ctx, int *auto_discovered) +ad_disc_get_SiteName(ad_disc_t ctx, boolean_t *auto_discovered) { ad_item_t *site_name_item; char *site_name = NULL; @@ -1610,7 +1545,7 @@ ad_disc_get_SiteName(ad_disc_t ctx, int *auto_discovered) *auto_discovered = (site_name_item->state == AD_STATE_AUTO); } else if (auto_discovered != NULL) - *auto_discovered = FALSE; + *auto_discovered = B_FALSE; return (site_name); } @@ -1677,7 +1612,7 @@ validate_ForestName(ad_disc_t ctx) char * -ad_disc_get_ForestName(ad_disc_t ctx, int *auto_discovered) +ad_disc_get_ForestName(ad_disc_t ctx, boolean_t *auto_discovered) { ad_item_t *forest_name_item; char *forest_name = NULL; @@ -1690,7 +1625,7 @@ ad_disc_get_ForestName(ad_disc_t ctx, int *auto_discovered) *auto_discovered = (forest_name_item->state == AD_STATE_AUTO); } else if (auto_discovered != NULL) - *auto_discovered = FALSE; + *auto_discovered = B_FALSE; return (forest_name); } @@ -1702,8 +1637,8 @@ validate_GlobalCatalog(ad_disc_t ctx, enum ad_disc_req req) { idmap_ad_disc_ds_t *global_catalog = NULL; uint32_t ttl = 0; - int validate_global = FALSE; - int validate_site = FALSE; + boolean_t validate_global = B_FALSE; + boolean_t validate_site = B_FALSE; ad_item_t *forest_name_item; ad_item_t *site_name_item; @@ -1716,13 +1651,13 @@ validate_GlobalCatalog(ad_disc_t ctx, enum ad_disc_req req) return (NULL); if (req == AD_DISC_GLOBAL) - validate_global = TRUE; + validate_global = B_TRUE; else { site_name_item = validate_SiteName(ctx); if (site_name_item != NULL) - validate_site = TRUE; + validate_site = B_TRUE; else if (req == AD_DISC_PREFER_SITE) - validate_global = TRUE; + validate_global = B_TRUE; } if (validate_global) { @@ -1788,7 +1723,7 @@ validate_GlobalCatalog(ad_disc_t ctx, enum ad_disc_req req) idmap_ad_disc_ds_t * ad_disc_get_GlobalCatalog(ad_disc_t ctx, enum ad_disc_req req, - int *auto_discovered) + boolean_t *auto_discovered) { idmap_ad_disc_ds_t *global_catalog = NULL; ad_item_t *global_catalog_item; @@ -1801,7 +1736,7 @@ ad_disc_get_GlobalCatalog(ad_disc_t ctx, enum ad_disc_req req, *auto_discovered = (global_catalog_item->state == AD_STATE_AUTO); } else if (auto_discovered != NULL) - *auto_discovered = FALSE; + *auto_discovered = B_FALSE; return (global_catalog); } @@ -1871,7 +1806,7 @@ validate_TrustedDomains(ad_disc_t ctx) ad_disc_trusteddomains_t * -ad_disc_get_TrustedDomains(ad_disc_t ctx, int *auto_discovered) +ad_disc_get_TrustedDomains(ad_disc_t ctx, boolean_t *auto_discovered) { ad_disc_trusteddomains_t *trusted_domains = NULL; ad_item_t *trusted_domains_item; @@ -1884,7 +1819,7 @@ ad_disc_get_TrustedDomains(ad_disc_t ctx, int *auto_discovered) *auto_discovered = (trusted_domains_item->state == AD_STATE_AUTO); } else if (auto_discovered != NULL) - *auto_discovered = FALSE; + *auto_discovered = B_FALSE; return (trusted_domains); } @@ -1926,7 +1861,7 @@ validate_DomainsInForest(ad_disc_t ctx) ad_disc_domainsinforest_t * -ad_disc_get_DomainsInForest(ad_disc_t ctx, int *auto_discovered) +ad_disc_get_DomainsInForest(ad_disc_t ctx, boolean_t *auto_discovered) { ad_disc_domainsinforest_t *domains_in_forest = NULL; ad_item_t *domains_in_forest_item; @@ -1939,7 +1874,7 @@ ad_disc_get_DomainsInForest(ad_disc_t ctx, int *auto_discovered) *auto_discovered = (domains_in_forest_item->state == AD_STATE_AUTO); } else if (auto_discovered != NULL) - *auto_discovered = FALSE; + *auto_discovered = B_FALSE; return (domains_in_forest); } @@ -2080,17 +2015,17 @@ ad_disc_get_TTL(ad_disc_t ctx) return (ttl); } -int +boolean_t ad_disc_SubnetChanged(ad_disc_t ctx) { ad_subnet_t *subnets; if (ctx->subnets_changed || ctx->subnets == NULL) - return (TRUE); + return (B_TRUE); if ((subnets = find_subnets()) != NULL) { if (cmpsubnets(subnets, ctx->subnets) != 0) - ctx->subnets_changed = TRUE; + ctx->subnets_changed = B_TRUE; free(subnets); } diff --git a/usr/src/lib/libidmap/common/addisc.h b/usr/src/lib/libadutils/common/addisc.h index 6622965e23..2d6d1a2b47 100644 --- a/usr/src/lib/libidmap/common/addisc.h +++ b/usr/src/lib/libadutils/common/addisc.h @@ -20,16 +20,15 @@ */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #ifndef _ADINFO_H #define _ADINFO_H -#include "idmap_priv.h" #include "idmap_prot.h" -#include "idmap_impl.h" + #ifdef __cplusplus extern "C" { @@ -40,15 +39,15 @@ extern "C" { * another '-', and ridcount (max 15) 10-digit RIDs plus '-' in between, plus * a null. */ - -#define AD_DISC_MAXSID 185 +#define MAXSTRSID 185 +#define MAXDOMAINNAME 256 typedef struct ad_disc *ad_disc_t; typedef struct ad_disc_domains_in_forest { - char domain[AD_DISC_MAXHOSTNAME]; - char sid[AD_DISC_MAXSID]; + char domain[MAXDOMAINNAME]; + char sid[MAXSTRSID]; int trusted; /* This is not used by auto */ /* discovery. It is provided so that */ /* domains in a forest can be marked */ @@ -57,11 +56,10 @@ typedef struct ad_disc_domains_in_forest { typedef struct ad_disc_trusted_domains { - char domain[AD_DISC_MAXHOSTNAME]; + char domain[MAXDOMAINNAME]; int direction; } ad_disc_trusteddomains_t; - enum ad_disc_req { AD_DISC_PREFER_SITE = 0, /* Prefer Site specific version */ AD_DISC_SITE_SPECIFIC, /* Request Site specific version */ @@ -76,27 +74,27 @@ void ad_disc_fini(ad_disc_t); * The following routines auto discover the specific item */ char * -ad_disc_get_DomainName(ad_disc_t ctx, int *auto_discovered); +ad_disc_get_DomainName(ad_disc_t ctx, boolean_t *auto_discovered); idmap_ad_disc_ds_t * ad_disc_get_DomainController(ad_disc_t ctx, - enum ad_disc_req req, int *auto_discovered); + enum ad_disc_req req, boolean_t *auto_discovered); char * -ad_disc_get_SiteName(ad_disc_t ctx, int *auto_discovered); +ad_disc_get_SiteName(ad_disc_t ctx, boolean_t *auto_discovered); char * -ad_disc_get_ForestName(ad_disc_t ctx, int *auto_discovered); +ad_disc_get_ForestName(ad_disc_t ctx, boolean_t *auto_discovered); idmap_ad_disc_ds_t * ad_disc_get_GlobalCatalog(ad_disc_t ctx, enum ad_disc_req, - int *auto_discovered); + boolean_t *auto_discovered); ad_disc_trusteddomains_t * -ad_disc_get_TrustedDomains(ad_disc_t ctx, int *auto_discovered); +ad_disc_get_TrustedDomains(ad_disc_t ctx, boolean_t *auto_discovered); ad_disc_domainsinforest_t * -ad_disc_get_DomainsInForest(ad_disc_t ctx, int *auto_discovered); +ad_disc_get_DomainsInForest(ad_disc_t ctx, boolean_t *auto_discovered); /* @@ -131,7 +129,7 @@ void ad_disc_refresh(ad_disc_t); int ad_disc_unset(ad_disc_t ctx); /* This routine test for subnet changes */ -int ad_disc_SubnetChanged(ad_disc_t); +boolean_t ad_disc_SubnetChanged(ad_disc_t); /* This routine returns the Time To Live for auto discovered items */ int ad_disc_get_TTL(ad_disc_t); diff --git a/usr/src/lib/libadutils/common/adutils.c b/usr/src/lib/libadutils/common/adutils.c index d914f109d2..086e5338e4 100644 --- a/usr/src/lib/libadutils/common/adutils.c +++ b/usr/src/lib/libadutils/common/adutils.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -35,6 +35,7 @@ #include <errno.h> #include <assert.h> #include <limits.h> +#include <syslog.h> #include <sys/u8_textprep.h> #include <sys/varargs.h> #include "libadutils.h" @@ -67,12 +68,13 @@ static binary_attrs_t binattrs[] = { }; +adutils_logger logger = syslog; + + void -adutils_set_log(int pri, bool_t syslog, bool_t degraded) +adutils_set_logger(adutils_logger funct) { - idmap_log_stderr(pri); - idmap_log_syslog(syslog); - idmap_log_degraded(degraded); + logger = funct; } @@ -83,8 +85,9 @@ static char * adutils_dns2dn(const char *dns) { - int nameparts; - return (ldap_dns_to_dn((char *)dns, &nameparts)); + int num_parts; + + return (ldap_dns_to_dn((char *)dns, &num_parts)); } @@ -95,122 +98,15 @@ adutils_dns2dn(const char *dns) char * adutils_dn2dns(const char *dn) { - char **rdns = NULL; - char **attrs = NULL; - char **labels = NULL; - char *dns = NULL; - char **rdn, **attr, **label; - int maxlabels = 5; - int nlabels = 0; - int dnslen; - - /* - * There is no reverse of ldap_dns_to_dn() in our libldap, so we - * have to do the hard work here for now. - */ - - /* - * This code is much too liberal: it looks for "dc" attributes - * in all RDNs of the DN. In theory this could cause problems - * if people were to use "dc" in nodes other than the root of - * the tree, but in practice noone, least of all Active - * Directory, does that. - * - * On the other hand, this code is much too conservative: it - * does not make assumptions about ldap_explode_dn(), and _that_ - * is the true for looking at every attr of every RDN. - * - * Since we only ever look at dc and those must be DNS labels, - * at least until we get around to supporting IDN here we - * shouldn't see escaped labels from AD nor from libldap, though - * the spec (RFC2253) does allow libldap to escape things that - * don't need escaping -- if that should ever happen then - * libldap will need a spanking, and we can take care of that. - */ - - /* Explode a DN into RDNs */ - if ((rdns = ldap_explode_dn(dn, 0)) == NULL) - return (NULL); - - labels = calloc(maxlabels + 1, sizeof (char *)); - label = labels; - - for (rdn = rdns; *rdn != NULL; rdn++) { - if (attrs != NULL) - ldap_value_free(attrs); - - /* Explode each RDN, look for DC attr, save val as DNS label */ - if ((attrs = ldap_explode_rdn(rdn[0], 0)) == NULL) - goto done; - - for (attr = attrs; *attr != NULL; attr++) { - if (strncasecmp(*attr, "dc=", 3) != 0) - continue; - - /* Found a DNS label */ - labels[nlabels++] = strdup((*attr) + 3); - - if (nlabels == maxlabels) { - char **tmp; - tmp = realloc(labels, - sizeof (char *) * (maxlabels + 1)); - - if (tmp == NULL) - goto done; - - labels = tmp; - labels[nlabels] = NULL; - } - - /* There should be just one DC= attr per-RDN */ - break; - } - } - - /* - * Got all the labels, now join with '.' - * - * We need room for nlabels - 1 periods ('.'), one nul - * terminator, and the strlen() of each label. - */ - dnslen = nlabels; - for (label = labels; *label != NULL; label++) - dnslen += strlen(*label); - - if ((dns = malloc(dnslen)) == NULL) - goto done; - - *dns = '\0'; - - for (label = labels; *label != NULL; label++) { - (void) strlcat(dns, *label, dnslen); - /* - * NOTE: the last '.' won't be appended -- there's no room - * for it! - */ - (void) strlcat(dns, ".", dnslen); - } - -done: - if (labels != NULL) { - for (label = labels; *label != NULL; label++) - free(*label); - free(labels); - } - if (attrs != NULL) - ldap_value_free(attrs); - if (rdns != NULL) - ldap_value_free(rdns); - - return (dns); + return (DN_to_DNS(dn)); } + /* * Convert a binary SID in a BerValue to a adutils_sid_t */ -static int -getsid(BerValue *bval, adutils_sid_t *sidp) +adutils_getsid(BerValue *bval, adutils_sid_t *sidp) { int i, j; uchar_t *v; @@ -258,9 +154,8 @@ getsid(BerValue *bval, adutils_sid_t *sidp) /* * Convert a adutils_sid_t to S-1-... */ -static char * -sid2txt(adutils_sid_t *sidp) +adutils_sid2txt(adutils_sid_t *sidp) { int rlen, i, len; char *str, *cp; @@ -462,7 +357,7 @@ convert_bval2sid(BerValue *bval, uint32_t *rid) { adutils_sid_t sid; - if (getsid(bval, &sid) < 0) + if (adutils_getsid(bval, &sid) < 0) return (NULL); /* @@ -472,7 +367,7 @@ convert_bval2sid(BerValue *bval, uint32_t *rid) */ if (rid != NULL && sid.authority == 5 && sid.sub_authority_count == 5) *rid = sid.sub_authorities[--sid.sub_authority_count]; - return (sid2txt(&sid)); + return (adutils_sid2txt(&sid)); } @@ -517,7 +412,6 @@ adutils_bv_name2str(BerValue *bval) } /*ARGSUSED*/ -static int saslcallback(LDAP *ld, unsigned flags, void *defaults, void *prompts) { @@ -671,7 +565,7 @@ open_conn(adutils_host_t *adh, int timeoutsecs) /* Open and bind an LDAP connection */ adh->ld = ldap_init(adh->host, adh->port); if (adh->ld == NULL) { - idmapdlog(LOG_INFO, "ldap_init() to server " + logger(LOG_INFO, "ldap_init() to server " "%s port %d failed. (%s)", adh->host, adh->port, strerror(errno)); goto out; @@ -690,12 +584,12 @@ open_conn(adutils_host_t *adh, int timeoutsecs) if (rc != LDAP_SUCCESS) { (void) ldap_unbind(adh->ld); adh->ld = NULL; - idmapdlog(LOG_INFO, "ldap_sasl_interactive_bind_s() to server " + logger(LOG_INFO, "ldap_sasl_interactive_bind_s() to server " "%s port %d failed. (%s)", adh->host, adh->port, ldap_err2string(rc)); } - idmapdlog(LOG_DEBUG, "Using global catalog server %s:%d", + logger(LOG_DEBUG, "Using global catalog server %s:%d", adh->host, adh->port); out: @@ -789,7 +683,7 @@ retry: goto retry; out: - idmapdlog(LOG_NOTICE, "Couldn't open an LDAP connection to any global " + logger(LOG_NOTICE, "Couldn't open an LDAP connection to any global " "catalog server!"); return (NULL); } @@ -1420,7 +1314,7 @@ get_adobject_batch(adutils_host_t *adh, struct timeval *timeout) if (adh->dead) { num = adh->num_requests; (void) pthread_mutex_unlock(&adh->lock); - idmapdlog(LOG_DEBUG, + logger(LOG_DEBUG, "AD ldap_result error - %d queued requests", num); return (-1); } @@ -1458,7 +1352,7 @@ get_adobject_batch(adutils_host_t *adh, struct timeval *timeout) } else { num = adh->num_requests; (void) pthread_mutex_unlock(&adh->lock); - idmapdlog(LOG_DEBUG, + logger(LOG_DEBUG, "AD cannot find message ID (%d) " "- %d queued requests", msgid, num); @@ -1489,7 +1383,7 @@ get_adobject_batch(adutils_host_t *adh, struct timeval *timeout) rc = add_entry(adh, que, res); (void) pthread_mutex_unlock(&adh->lock); if (rc < 0) { - idmapdlog(LOG_DEBUG, + logger(LOG_DEBUG, "Failed to queue entry by " "message ID (%d) " "- %d queued requests", @@ -1500,7 +1394,7 @@ get_adobject_batch(adutils_host_t *adh, struct timeval *timeout) } else { num = adh->num_requests; (void) pthread_mutex_unlock(&adh->lock); - idmapdlog(LOG_DEBUG, + logger(LOG_DEBUG, "AD cannot find message ID (%d) " "- %d queued requests", msgid, num); @@ -1736,7 +1630,7 @@ adutils_lookup_batch_add(adutils_query_state_t *state, if (dead) { if (lrc != LDAP_SUCCESS) - idmapdlog(LOG_DEBUG, + logger(LOG_DEBUG, "AD ldap_search_ext error (%s) " "- %d queued requests", ldap_err2string(lrc), num); diff --git a/usr/src/lib/libadutils/common/adutils_impl.h b/usr/src/lib/libadutils/common/adutils_impl.h index 530e3a2ca3..3c9de84ba3 100644 --- a/usr/src/lib/libadutils/common/adutils_impl.h +++ b/usr/src/lib/libadutils/common/adutils_impl.h @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -32,7 +32,6 @@ #include <ldap.h> #include <pthread.h> #include "addisc.h" -#include "idmap_priv.h" #include "idmap_prot.h" #include "libadutils.h" @@ -43,13 +42,6 @@ extern "C" { #define ADUTILS_SEARCH_TIMEOUT 3 #define ADUTILS_LDAP_OPEN_TIMEOUT 1 -/* - * Maximum string SID size. 4 bytes for "S-1-", 15 for 2^48 (max authority), - * another '-', and ridcount (max 15) 10-digit RIDs plus '-' in between, plus - * a null. - */ -#define MAXSID 185 -#define MAXDOMAINNAME 256 typedef struct adutils_sid { uchar_t version; @@ -62,7 +54,7 @@ struct adutils_host; struct known_domain { char name[MAXDOMAINNAME]; - char sid[MAXSID]; + char sid[MAXSTRSID]; }; @@ -154,6 +146,20 @@ struct adutils_query_state { adutils_q_t queries[1]; /* array of query results */ }; +/* Private routines */ + +char *DN_to_DNS(const char *dn_name); + +int adutils_getsid(BerValue *bval, adutils_sid_t *sidp); + +char *adutils_sid2txt(adutils_sid_t *sidp); + +int saslcallback(LDAP *ld, unsigned flags, void *defaults, void *prompts); + +/* Global logger function */ + +extern adutils_logger logger; + #ifdef __cplusplus } #endif diff --git a/usr/src/lib/libadutils/common/libadutils.h b/usr/src/lib/libadutils/common/libadutils.h index 8f88e2d27a..be05c3912f 100644 --- a/usr/src/lib/libadutils/common/libadutils.h +++ b/usr/src/lib/libadutils/common/libadutils.h @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -129,6 +129,9 @@ typedef enum adutils_ad_partition { * */ +typedef void (*adutils_logger)(int, const char *, ...); + + extern adutils_rc adutils_ad_alloc(adutils_ad_t **new_ad, const char *default_domain, adutils_ad_partition_t part); @@ -138,8 +141,6 @@ extern adutils_rc adutils_add_ds(adutils_ad_t *ad, extern adutils_rc adutils_add_domain(adutils_ad_t *ad, const char *domain_name, const char *domain_sid); -extern void adutils_set_log(int pri, bool_t syslog, - bool_t degraded); extern void adutils_freeresult(adutils_result_t **result); extern adutils_rc adutils_lookup(adutils_ad_t *ad, const char *searchfilter, @@ -178,6 +179,7 @@ extern int adutils_lookup_check_domain( extern int adutils_lookup_check_sid_prefix( adutils_query_state_t *state, const char *sid); +extern void adutils_set_logger(adutils_logger logger); #ifdef __cplusplus } diff --git a/usr/src/lib/libadutils/common/mapfile-vers b/usr/src/lib/libadutils/common/mapfile-vers index da06606624..1328c7e74c 100644 --- a/usr/src/lib/libadutils/common/mapfile-vers +++ b/usr/src/lib/libadutils/common/mapfile-vers @@ -19,7 +19,7 @@ # CDDL HEADER END # # -# Copyright 2008 Sun Microsystems, Inc. All rights reserved. +# Copyright 2009 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # @@ -45,7 +45,27 @@ SUNWprivate { adutils_ad_free; adutils_add_ds; adutils_add_domain; - adutils_set_log; + adutils_set_logger; + ad_disc_fini; + ad_disc_init; + ad_disc_get_DomainName; + ad_disc_set_DomainName; + ad_disc_compare_ds; + ad_disc_compare_trusteddomains; + ad_disc_compare_domainsinforest; + ad_disc_SubnetChanged; + ad_disc_get_GlobalCatalog; + ad_disc_set_GlobalCatalog; + ad_disc_get_TTL; + ad_disc_set_ForestName; + ad_disc_get_ForestName; + ad_disc_get_DomainController; + ad_disc_set_DomainController; + ad_disc_set_SiteName; + ad_disc_refresh; + ad_disc_get_SiteName; + ad_disc_get_TrustedDomains; + ad_disc_get_DomainsInForest; local: *; }; diff --git a/usr/src/lib/libidmap/Makefile.com b/usr/src/lib/libidmap/Makefile.com index 5611d3211c..262be28278 100644 --- a/usr/src/lib/libidmap/Makefile.com +++ b/usr/src/lib/libidmap/Makefile.com @@ -19,21 +19,21 @@ # CDDL HEADER END # # -# Copyright 2008 Sun Microsystems, Inc. All rights reserved. +# Copyright 2009 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # LIBRARY = libidmap.a VERS = .1 -OBJECTS = idmap_xdr.o utils.o idmap_api.o namemaps.o addisc.o idmap_cache.o -LINT_OBJECTS = utils.o idmap_api.o namemaps.o addisc.o idmap_cache.o +OBJECTS = idmap_xdr.o utils.o idmap_api.o namemaps.o idmap_cache.o +LINT_OBJECTS = utils.o idmap_api.o namemaps.o idmap_cache.o include ../../Makefile.lib LIBS = $(DYNLIB) $(LINTLIB) -LDLIBS += -lc -lnsl -lldap -lresolv -lsldap -lsocket -lavl +LDLIBS += -lc -lldap -lsldap -lavl -ladutils -lnsl CPPFLAGS += -I$(SRC)/lib/libsldap/common SRCDIR = ../common @@ -43,16 +43,18 @@ IDMAP_PROT_DIR = $(SRC)/head/rpcsvc IDMAP_PROT_X = $(IDMAP_PROT_DIR)/idmap_prot.x IDMAP_PROT_H = $(IDMAP_PROT_DIR)/idmap_prot.h +ADUTILS_DIR = $(SRC)/lib/libadutils/common + CFLAGS += $(CCVERBOSE) -CPPFLAGS += -D_REENTRANT -I$(SRCDIR) -I$(IDMAP_PROT_DIR) -#CPPFLAGS += -D_REENTRANT -I$(SRCDIR) +CPPFLAGS += -D_REENTRANT -I$(SRCDIR) -I$(IDMAP_PROT_DIR) -I$(ADUTILS_DIR) + CLOBBERFILES += $(IDMAP_PROT_H) $(SRCDIR)/idmap_xdr.c lint := OBJECTS = $(LINT_OBJECTS) .KEEP_STATE: -all: $(LIBS) +all: $(IDMAP_PROT_H) $(LIBS) $(IDMAP_PROT_H): $(IDMAP_PROT_X) $(RM) $@; $(RPCGEN) -CMNh -o $@ $(IDMAP_PROT_X) diff --git a/usr/src/lib/libidmap/common/idmap.h b/usr/src/lib/libidmap/common/idmap.h index 0851ac976a..f22fc43092 100644 --- a/usr/src/lib/libidmap/common/idmap.h +++ b/usr/src/lib/libidmap/common/idmap.h @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -53,7 +53,8 @@ typedef struct idmap_handle idmap_handle_t; /* Opaque "get-mapping" handle */ typedef struct idmap_get_handle idmap_get_handle_t; - +/* Logger prototype which is based on syslog */ +typedef void (*idmap_logger)(int, const char *, ...); /* * Setup API @@ -130,6 +131,9 @@ extern idmap_stat idmap_getgidbywinname(const char *, const char *, int, gid_t *); +/* Logger */ +extern void idmap_set_logger(idmap_logger funct); + #ifdef __cplusplus } #endif diff --git a/usr/src/lib/libidmap/common/idmap_api.c b/usr/src/lib/libidmap/common/idmap_api.c index 0fe0d8f418..a4a0b274ff 100644 --- a/usr/src/lib/libidmap/common/idmap_api.c +++ b/usr/src/lib/libidmap/common/idmap_api.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -45,24 +45,6 @@ /*LINTLIBRARY*/ -/* - * The following structure determines where the log messages from idmapdlog() - * go to. It can be stderr (idmap, idmapd -d) and/or syslog (idmapd). - * - * logstate.max_pri is integer cutoff necessary to silence low-priority - * messages to stderr. Syslog has its own means so there a boolean - * logstate.write_syslog is enough. - * - * logstate.degraded is a mode used by idmapd in its degraded state. - */ - -static struct { - bool_t write_syslog; - int max_pri; /* Max priority written to stderr */ - bool_t degraded; -} logstate = {FALSE, LOG_DEBUG, FALSE}; - - static struct timeval TIMEOUT = { 25, 0 }; static int idmap_stat2errno(idmap_stat); @@ -2566,45 +2548,3 @@ idmap_getwinnamebygid(gid_t gid, int flag, char **name, char **domain) { return (idmap_getwinnamebypid(gid, 0, flag, name, domain)); } - - -/* printflike */ -void -idmapdlog(int pri, const char *format, ...) { - va_list args; - - va_start(args, format); - if (pri <= logstate.max_pri) { - (void) vfprintf(stderr, format, args); - (void) fprintf(stderr, "\n"); - } - - /* - * We don't want to fill up the logs with useless messages when - * we're degraded, but we still want to log. - */ - if (logstate.degraded) - pri = LOG_DEBUG; - - if (logstate.write_syslog) - (void) vsyslog(pri, format, args); - va_end(args); -} - -void -idmap_log_stderr(int pri) -{ - logstate.max_pri = pri; -} - -void -idmap_log_syslog(bool_t what) -{ - logstate.write_syslog = what; -} - -void -idmap_log_degraded(bool_t what) -{ - logstate.degraded = what; -} diff --git a/usr/src/lib/libidmap/common/idmap_impl.h b/usr/src/lib/libidmap/common/idmap_impl.h index dfbfb5a072..854a5911d6 100644 --- a/usr/src/lib/libidmap/common/idmap_impl.h +++ b/usr/src/lib/libidmap/common/idmap_impl.h @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -33,12 +33,11 @@ #include <rpc/xdr.h> #include <libscf.h> -#include <syslog.h> #include <resolv.h> #include "idmap_prot.h" #include "idmap_priv.h" -#include "addisc.h" + #ifdef __cplusplus diff --git a/usr/src/lib/libidmap/common/idmap_priv.h b/usr/src/lib/libidmap/common/idmap_priv.h index e08bd732f3..8b2e200977 100644 --- a/usr/src/lib/libidmap/common/idmap_priv.h +++ b/usr/src/lib/libidmap/common/idmap_priv.h @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -30,10 +30,8 @@ #ifndef _IDMAP_PRIV_H #define _IDMAP_PRIV_H -#pragma ident "%Z%%M% %I% %E% SMI" #include <libscf.h> -#include <syslog.h> #include <resolv.h> #include "idmap.h" @@ -214,22 +212,6 @@ extern idmap_stat idmap_getext_sidbygid(idmap_get_handle_t *, gid_t, int, char **, idmap_rid_t *, idmap_info *, idmap_stat *); - -/* logging */ -extern void idmapdlog(int, const char *, ...); - -/* - * The maximal priority to be logged to stderr: set to -1 to suppress - * stderr logging completely. - */ -extern void idmap_log_stderr(int); - -/* write log messages to syslog? */ -extern void idmap_log_syslog(bool_t); - -/* write log messages to syslog? */ -extern void idmap_log_degraded(bool_t); - #ifdef __cplusplus } #endif diff --git a/usr/src/lib/libidmap/common/mapfile-vers b/usr/src/lib/libidmap/common/mapfile-vers index 905cc8b64f..11b7b464cd 100644 --- a/usr/src/lib/libidmap/common/mapfile-vers +++ b/usr/src/lib/libidmap/common/mapfile-vers @@ -19,7 +19,7 @@ # CDDL HEADER END # # -# Copyright 2008 Sun Microsystems, Inc. All rights reserved. +# Copyright 2009 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # @@ -83,36 +83,13 @@ SUNWprivate { idmap_getext_pidbysid; idmap_getext_gidbysid; idmap_getext_sidbyuid; - idmapdlog; - idmap_log_stderr; - idmap_log_syslog; - idmap_log_degraded; idmap_set_namemap; idmap_unset_namemap; idmap_get_namemap; idmap_init_namemaps; idmap_fini_namemaps; idmap_cache_get_data; - ad_disc_fini; - ad_disc_init; - ad_disc_get_DomainName; - ad_disc_set_DomainName; - ad_disc_compare_ds; - ad_disc_compare_trusteddomains; - ad_disc_compare_domainsinforest; - ad_disc_SubnetChanged; - ad_disc_get_GlobalCatalog; - ad_disc_set_GlobalCatalog; - ad_disc_get_TTL; - ad_disc_set_ForestName; - ad_disc_get_ForestName; - ad_disc_get_DomainController; - ad_disc_set_DomainController; - ad_disc_set_SiteName; - ad_disc_refresh; - ad_disc_get_SiteName; - ad_disc_get_TrustedDomains; - ad_disc_get_DomainsInForest; + idmap_set_logger; local: *; }; diff --git a/usr/src/lib/libidmap/common/namemaps.c b/usr/src/lib/libidmap/common/namemaps.c index ce43ece4ce..95e47ddd6c 100644 --- a/usr/src/lib/libidmap/common/namemaps.c +++ b/usr/src/lib/libidmap/common/namemaps.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -29,10 +29,28 @@ #include <sasl/sasl.h> #include <libintl.h> #include <strings.h> +#include <syslog.h> +#include "addisc.h" +#include "libadutils.h" #include "idmap_impl.h" #include "ns_sldap.h" +/* + * syslog is the default logger. + * It can be overwritten by supplying a logger + * with idmap_set_logger() + */ +idmap_logger logger = syslog; + + +void +idmap_set_logger(idmap_logger funct) +{ + logger = funct; + adutils_set_logger(funct); +} + /* From adutils.c: */ @@ -107,7 +125,7 @@ string2auth(const char *from, ns_auth_t *na) na->saslmech = NS_LDAP_SASL_DIGEST_MD5; na->saslopt = NS_LDAP_SASLOPT_NONE; } else { - idmapdlog(LOG_ERR, + logger(LOG_ERR, gettext("Invalid authentication method \"%s\" specified\n"), from); return (IDMAP_ERR_ARG); @@ -179,7 +197,7 @@ idmap_open_ad_conn(idmap_nm_handle_t *adh) /* Open and bind an LDAP connection */ adh->ad = ldap_init(adh->ad_host, adh->ad_port); if (adh->ad == NULL) { - idmapdlog(LOG_INFO, "ldap_init() to server " + logger(LOG_INFO, "ldap_init() to server " "%s port %d failed. (%s)", CHECK_NULL(adh->ad_host), adh->ad_port, strerror(errno)); rc = IDMAP_ERR_INTERNAL; @@ -199,7 +217,7 @@ idmap_open_ad_conn(idmap_nm_handle_t *adh) if (ldap_rc != LDAP_SUCCESS) { (void) ldap_unbind(adh->ad); adh->ad = NULL; - idmapdlog(LOG_INFO, "ldap_sasl_interactive_bind_s() to server " + logger(LOG_INFO, "ldap_sasl_interactive_bind_s() to server " "%s port %d failed. (%s)", CHECK_NULL(adh->ad_host), adh->ad_port, ldap_err2string(ldap_rc)); rc = IDMAP_ERR_INTERNAL; @@ -231,7 +249,7 @@ idmap_init_ad(idmap_nm_handle_t *p) ad_ctx = ad_disc_init(); if (ad_ctx == NULL) { - idmapdlog(LOG_ERR, + logger(LOG_ERR, gettext("AD autodiscovery initialization failed")); return (IDMAP_ERR_INTERNAL); } @@ -241,7 +259,7 @@ idmap_init_ad(idmap_nm_handle_t *p) /* Based on the supplied or default domain, find the proper AD: */ if (ad_disc_set_DomainName(ad_ctx, p->windomain)) { rc = IDMAP_ERR_INTERNAL; - idmapdlog(LOG_ERR, + logger(LOG_ERR, gettext("Setting a domain name \"%s\" for autodiscovery" " failed, most likely not enough memory"), p->windomain); goto cleanup; @@ -250,7 +268,7 @@ idmap_init_ad(idmap_nm_handle_t *p) dc = ad_disc_get_DomainController(ad_ctx, AD_DISC_GLOBAL, NULL); if (dc == NULL) { rc = IDMAP_ERR_ARG; - idmapdlog(LOG_ERR, + logger(LOG_ERR, gettext("A domain controller for the " "domain \"%s\" not found."), p->windomain); goto cleanup; @@ -347,7 +365,7 @@ idmap_init_namemaps(idmap_handle_t *handle, idmap_nm_handle_t **adh, rc = idmap_get_prop_str(handle, PROP_DEFAULT_DOMAIN, &p->default_domain); if (rc != IDMAP_SUCCESS) { - idmapdlog(LOG_ERR, + logger(LOG_ERR, gettext("Error obtaining default domain from idmapd (%s)"), idmap_stat2string(NULL, rc)); goto cleanup; @@ -356,7 +374,7 @@ idmap_init_namemaps(idmap_handle_t *handle, idmap_nm_handle_t **adh, rc = idmap_get_prop_str(handle, PROP_AD_UNIXUSER_ATTR, &p->ad_unixuser_attr); if (rc != IDMAP_SUCCESS) { - idmapdlog(LOG_ERR, + logger(LOG_ERR, gettext("Error obtaining AD unixuser attribute (%s)"), idmap_stat2string(NULL, rc)); goto cleanup; @@ -365,7 +383,7 @@ idmap_init_namemaps(idmap_handle_t *handle, idmap_nm_handle_t **adh, rc = idmap_get_prop_str(handle, PROP_AD_UNIXGROUP_ATTR, &p->ad_unixgroup_attr); if (rc != IDMAP_SUCCESS) { - idmapdlog(LOG_ERR, + logger(LOG_ERR, gettext("Error obtaining AD unixgroup attribute (%s)"), idmap_stat2string(NULL, rc)); goto cleanup; @@ -375,7 +393,7 @@ idmap_init_namemaps(idmap_handle_t *handle, idmap_nm_handle_t **adh, rc = idmap_get_prop_str(handle, PROP_NLDAP_WINNAME_ATTR, &p->nldap_winname_attr); if (rc != IDMAP_SUCCESS) { - idmapdlog(LOG_ERR, + logger(LOG_ERR, gettext("Error obtaining AD unixgroup attribute (%s)"), idmap_stat2string(NULL, rc)); goto cleanup; @@ -394,7 +412,7 @@ idmap_init_namemaps(idmap_handle_t *handle, idmap_nm_handle_t **adh, goto cleanup; } } else if (direction == IDMAP_DIRECTION_W2U) { - idmapdlog(LOG_ERR, + logger(LOG_ERR, gettext("Windows domain not given and idmapd daemon" " didn't provide a default one")); rc = IDMAP_ERR_ARG; @@ -572,7 +590,7 @@ unixname2dn(idmap_nm_handle_t *p, char *unixname, int is_user, char **dn, if (rc_ns == NS_LDAP_NOTFOUND) { - idmapdlog(LOG_ERR, is_user ? gettext("User \"%s\" not found.") + logger(LOG_ERR, is_user ? gettext("User \"%s\" not found.") : gettext("Group %s not found."), unixname); return (IDMAP_ERR_NOTFOUND); } else if (rc_ns != NS_LDAP_SUCCESS) { @@ -580,12 +598,12 @@ unixname2dn(idmap_nm_handle_t *p, char *unixname, int is_user, char **dn, if (errorp != NULL) { (void) __ns_ldap_err2str(errorp->status, &msg); } - idmapdlog(LOG_ERR, gettext("Ldap list failed (%s)."), msg); + logger(LOG_ERR, gettext("Ldap list failed (%s)."), msg); return (IDMAP_ERR_ARG); } if (res == NULL) { - idmapdlog(LOG_ERR, gettext("User %s not found"), unixname); + logger(LOG_ERR, gettext("User %s not found"), unixname); return (IDMAP_ERR_ARG); } @@ -602,7 +620,7 @@ unixname2dn(idmap_nm_handle_t *p, char *unixname, int is_user, char **dn, if (dn != NULL) { attrs = __ns_ldap_getAttr(&res->entry[0], "dn"); if (attrs == NULL || attrs[0] == NULL) { - idmapdlog(LOG_ERR, gettext("dn for %s not found"), + logger(LOG_ERR, gettext("dn for %s not found"), unixname); return (IDMAP_ERR_ARG); } @@ -662,7 +680,7 @@ winname2dn(idmap_nm_handle_t *p, char *winname, free(filter); if (ldap_rc != LDAP_SUCCESS) { - idmapdlog(LOG_ERR, + logger(LOG_ERR, "Ldap query to server %s port %d failed. (%s)", p->ad_host, p->ad_port, ldap_err2string(ldap_rc)); (void) ldap_msgfree(results); @@ -709,7 +727,7 @@ winname2dn(idmap_nm_handle_t *p, char *winname, } if (*dn == NULL) { - idmapdlog(LOG_ERR, + logger(LOG_ERR, *is_wuser == IDMAP_YES ? gettext("User %s@%s not found") : *is_wuser == IDMAP_NO ? gettext("Group %s@%s not found") : gettext("%s@%s not found"), winname, p->windomain); @@ -753,7 +771,7 @@ idmap_ad_set(idmap_nm_handle_t *p, char *dn, char *attr, char *value) ldap_rc = ldap_modify_s(p->ad, dn, mods); if (ldap_rc != LDAP_SUCCESS) { - idmapdlog(LOG_ERR, + logger(LOG_ERR, "Ldap modify of %s, attribute %s failed. (%s)", dn, attr, ldap_err2string(ldap_rc)); rc = IDMAP_ERR_INTERNAL; @@ -827,7 +845,7 @@ idmap_nldap_set(idmap_nm_handle_t *p, ns_cred_t *nsc, char *dn, char *attr, if (errorp != NULL) { (void) __ns_ldap_err2str(errorp->status, &msg); } - idmapdlog(LOG_ERR, gettext("__ns_ldap_addAttr/rep/delAttr" + logger(LOG_ERR, gettext("__ns_ldap_addAttr/rep/delAttr" " failed (%s)"), msg); return (IDMAP_ERR_ARG); } @@ -847,7 +865,7 @@ idmap_set_namemap(idmap_nm_handle_t *p, char *winname, char *unixname, if (direction == IDMAP_DIRECTION_W2U) { if (!p->is_ad) { rc = IDMAP_ERR_ARG; - idmapdlog(LOG_ERR, + logger(LOG_ERR, gettext("AD namemaps aren't set up.")); goto cleanup; } @@ -870,7 +888,7 @@ idmap_set_namemap(idmap_nm_handle_t *p, char *winname, char *unixname, if (!p->is_nldap) { rc = IDMAP_ERR_ARG; - idmapdlog(LOG_ERR, + logger(LOG_ERR, gettext("Native ldap namemaps aren't set up.")); goto cleanup; } @@ -937,7 +955,7 @@ idmap_unset_namemap(idmap_nm_handle_t *p, char *winname, char *unixname, if (direction == IDMAP_DIRECTION_W2U) { if (!p->is_ad) { rc = IDMAP_ERR_ARG; - idmapdlog(LOG_ERR, + logger(LOG_ERR, gettext("AD namemaps aren't set up.")); goto cleanup; } @@ -955,7 +973,7 @@ idmap_unset_namemap(idmap_nm_handle_t *p, char *winname, char *unixname, } else { /* direction == IDMAP_DIRECTION_U2W */ if (!p->is_nldap) { rc = IDMAP_ERR_ARG; - idmapdlog(LOG_ERR, + logger(LOG_ERR, gettext("Native ldap namemaps aren't set up.")); goto cleanup; } @@ -994,7 +1012,7 @@ idmap_get_namemap(idmap_nm_handle_t *p, int *is_source_ad, char **winname, if (p->is_ad == NULL) { rc = IDMAP_ERR_ARG; - idmapdlog(LOG_ERR, + logger(LOG_ERR, gettext("AD namemaps are not active.")); goto cleanup; /* In future maybe resolve winname and try nldap? */ @@ -1003,7 +1021,7 @@ idmap_get_namemap(idmap_nm_handle_t *p, int *is_source_ad, char **winname, rc = winname2dn(p, *winname, is_wuser, &dn, unixuser, unixgroup); if (rc != IDMAP_SUCCESS) { - idmapdlog(LOG_ERR, + logger(LOG_ERR, gettext("Winname %s@%s not found in AD."), *winname, p->windomain); } @@ -1015,7 +1033,7 @@ idmap_get_namemap(idmap_nm_handle_t *p, int *is_source_ad, char **winname, if (p->is_nldap == NULL) { rc = IDMAP_ERR_ARG; - idmapdlog(LOG_ERR, + logger(LOG_ERR, gettext("Native ldap namemaps aren't active.")); goto cleanup; /* In future maybe resolve unixname and try AD? */ @@ -1032,7 +1050,7 @@ idmap_get_namemap(idmap_nm_handle_t *p, int *is_source_ad, char **winname, rc = unixname2dn(p, unixname, is_user, NULL, winname, windomain); if (rc != IDMAP_SUCCESS) { - idmapdlog(LOG_ERR, + logger(LOG_ERR, gettext("%s %s not found in native ldap."), is_user == IDMAP_YES ? "UNIX user" : "UNIX group", unixname); diff --git a/usr/src/lib/nsswitch/ad/common/ad_common.c b/usr/src/lib/nsswitch/ad/common/ad_common.c index 749e269165..4aab4e7320 100644 --- a/usr/src/lib/nsswitch/ad/common/ad_common.c +++ b/usr/src/lib/nsswitch/ad/common/ad_common.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -158,7 +158,6 @@ nssad_cfg_create(const char *domain) free(cp); return (NULL); } - adutils_set_log(-1, TRUE, FALSE); if ((cp->ad_ctx = ad_disc_init()) == NULL) goto errout; if ((cp->props.domain_name = strdup(domain)) == NULL) |