xref: /illumos-gate/usr/src/cmd/cmd-inet/usr.lib/ilbd/ilbd_support.c (revision 8119dad84d6416f13557b0ba8e2aaf9064cbcfd3) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <strings.h>
30 #include <unistd.h>
31 #include <stropts.h>
32 #include <sys/types.h>
33 #include <sys/socket.h>
34 #include <sys/stropts.h>
35 #include <sys/sockio.h>
36 #include <errno.h>
37 #include <sys/list.h>
38 #include <auth_attr.h>
39 #include <auth_list.h>
40 #include <secdb.h>
41 #include <libilb.h>
42 #include "libilb_impl.h"
43 #include "ilbd.h"
44 
45 /*
46  * logs error messages, either to stderr or syslog, depending on
47  * the -d option
48  */
49 static boolean_t	ilbd_debugging = B_FALSE;
50 
51 /* Socket to issue ioctl() to the kernel */
52 static	int	ksock = -1;
53 
54 void
55 ilbd_enable_debug(void)
56 {
57 	ilbd_debugging = B_TRUE;
58 }
59 
60 boolean_t
61 is_debugging_on(void)
62 {
63 	return (ilbd_debugging);
64 }
65 
66 /*
67  * All routines log to syslog, unless the daemon is running in
68  * the foreground, in which case the logging goes to stderr.
69  * The following logging functions are available:
70  *
71  *
72  *      logdebug(): A printf-like function for outputting debug messages
73  *      (messages at LOG_DEBUG) that are only of use to developers.
74  *
75  *      logerr(): A printf-like function for outputting error messages
76  *      (messages at LOG_ERR) from the daemon.
77  *
78  *      logperror*(): A set of functions used to output error messages
79  *      (messages at LOG_ERR); these automatically append strerror(errno)
80  *      and a newline to the message passed to them.
81  *
82  * NOTE: since the logging functions write to syslog, the messages passed
83  *      to them are not eligible for localization.  Thus, gettext() must
84  *      *not* be used.
85  *
86  */
87 /* PRINTFLIKE2 */
88 void
89 ilbd_log(int pri, const char *fmt, ...)
90 {
91 	va_list ap;
92 	va_start(ap, fmt);
93 
94 	if (ilbd_debugging == B_TRUE) {
95 		(void) vfprintf(stderr, fmt, ap);
96 		(void) fprintf(stderr, "\n");
97 	} else {
98 		vsyslog(pri, fmt, ap);
99 	}
100 	va_end(ap);
101 
102 }
103 
104 /* PRINTFLIKE1 */
105 void
106 logperror(const char *str)
107 {
108 	if (ilbd_debugging == B_TRUE)
109 		(void) fprintf(stderr, "%s: %s\n", str, strerror(errno));
110 	else
111 		syslog(LOG_ERR, "%s: %m", str);
112 }
113 
114 
115 ilb_status_t
116 ilbd_check_client_config_auth(const struct passwd *pwd)
117 {
118 	if (chkauthattr(NET_ILB_CONFIG_AUTH, pwd->pw_name) == 0) {
119 		logdebug("user %s is not authorized for"
120 		    " configuration operation", pwd->pw_name);
121 		return (ILB_STATUS_CFGAUTH);
122 	}
123 	return (ILB_STATUS_OK);
124 
125 }
126 
127 ilb_status_t
128 ilbd_check_client_enable_auth(const struct passwd *pwd)
129 {
130 	if (chkauthattr(NET_ILB_ENABLE_AUTH, pwd->pw_name) == 0) {
131 		logdebug("user %s is not authorized for"
132 		    " enable/disable operation", pwd->pw_name);
133 		return (ILB_STATUS_CFGAUTH);
134 	}
135 	return (ILB_STATUS_OK);
136 
137 }
138 
139 /*
140  * input param. "err" should be one of the errnos defined in
141  * /usr/include/sys/errno.h
142  * this list is NOT complete.
143  */
144 ilb_status_t
145 ilb_map_errno2ilbstat(int err)
146 {
147 	ilb_status_t	rc = ILB_STATUS_INTERNAL;
148 
149 	switch (err) {
150 	case 0:
151 		rc = ILB_STATUS_OK; /* for completeness' sake */
152 		break;
153 	case EINVAL:
154 		rc = ILB_STATUS_EINVAL;
155 		break;
156 	case ENOENT:
157 		rc = ILB_STATUS_ENOENT;
158 		break;
159 	case ENOMEM:
160 		rc = ILB_STATUS_ENOMEM;
161 		break;
162 	case EINPROGRESS:
163 		rc = ILB_STATUS_INPROGRESS;
164 		break;
165 	case EEXIST:
166 		rc = ILB_STATUS_EEXIST;
167 		break;
168 	}
169 	return (rc);
170 }
171 
172 static int
173 i_get_kcmd_sz(void *cmdp)
174 {
175 	int		sz;
176 
177 	switch (((ilb_rule_cmd_t *)cmdp)->cmd) {
178 	case ILB_DESTROY_RULE:
179 	case ILB_ENABLE_RULE:
180 	case ILB_DISABLE_RULE:
181 		sz = sizeof (ilb_name_cmd_t);
182 		break;
183 	case ILB_CREATE_RULE:
184 	case ILB_LIST_RULE:
185 		sz = sizeof (ilb_rule_cmd_t);
186 		break;
187 	case ILB_NUM_RULES:
188 		sz = sizeof (ilb_num_rules_cmd_t);
189 		break;
190 	case ILB_NUM_SERVERS:
191 		sz = sizeof (ilb_num_servers_cmd_t);
192 		break;
193 	case ILB_ADD_SERVERS: {
194 		ilb_servers_info_cmd_t *kcmd = (ilb_servers_info_cmd_t *)cmdp;
195 
196 		sz = sizeof (*kcmd) + ((kcmd->num_servers - 1) *
197 		    sizeof (kcmd->servers));
198 		break;
199 	}
200 	case ILB_RULE_NAMES: {
201 		ilb_rule_names_cmd_t *kcmd = (ilb_rule_names_cmd_t *)cmdp;
202 
203 		sz = sizeof (*kcmd) +
204 		    ((kcmd->num_names - 1) * sizeof (kcmd->buf));
205 		break;
206 	}
207 	case ILB_DEL_SERVERS:
208 	case ILB_ENABLE_SERVERS:
209 	case ILB_DISABLE_SERVERS: {
210 		ilb_servers_cmd_t *kcmd = (ilb_servers_cmd_t *)cmdp;
211 
212 		sz = sizeof (*kcmd) +
213 		    ((kcmd->num_servers - 1) * sizeof (kcmd->servers));
214 		break;
215 	}
216 	default: sz = -1;
217 		break;
218 	}
219 	return (sz);
220 }
221 
222 /*
223  * parameter 'sz' is optional (indicated by == 0); if it's not set
224  * we try to derive it from cmdp->cmd
225  */
226 ilb_status_t
227 do_ioctl(void *cmdp, ssize_t sz)
228 {
229 	struct strioctl	ioc;
230 	int		i_rc;
231 
232 	if (ksock == -1) {
233 		ksock = socket(AF_INET, SOCK_DGRAM, 0);
234 		if (ksock == -1) {
235 			logperror("do_ioctl: AF_INET socket call"
236 			    "  failed");
237 			return (ILB_STATUS_INTERNAL);
238 		}
239 	}
240 
241 	(void) memset(&ioc, 0, sizeof (ioc));
242 	ioc.ic_cmd = SIOCILB;
243 	ioc.ic_timout = 0;
244 	ioc.ic_dp = cmdp;
245 
246 	if (sz == 0) {
247 		sz = i_get_kcmd_sz(cmdp);
248 
249 		if (sz == -1) {
250 			logdebug("do_ioctl: unknown command");
251 			return (ILB_STATUS_INVAL_CMD);
252 		}
253 	}
254 
255 	ioc.ic_len = sz;
256 
257 	i_rc = ioctl(ksock, I_STR, (caddr_t)&ioc);
258 	if (i_rc == -1) {
259 		logdebug("do_ioctl: SIOCILB ioctl (%d) failed: %s",
260 		    *(ilb_cmd_t *)cmdp, strerror(errno));
261 		return (ilb_map_errno2ilbstat(errno));
262 	}
263 
264 	return (ILB_STATUS_OK);
265 }
266 
267 /*
268  * Create an OK reply to a client request.  It is assumed that the passed
269  * in buffer is large enough to hold the reply.
270  */
271 void
272 ilbd_reply_ok(uint32_t *rbuf, size_t *rbufsz)
273 {
274 	ilb_comm_t *ic = (ilb_comm_t *)rbuf;
275 
276 	ic->ic_cmd = ILBD_CMD_OK;
277 	/* Default is one exchange of request/response. */
278 	ic->ic_flags = ILB_COMM_END;
279 	*rbufsz = sizeof (ilb_comm_t);
280 }
281 
282 /*
283  * Create an error reply to a client request.  It is assumed that the passed
284  * in buffer is large enough to hold the reply.
285  */
286 void
287 ilbd_reply_err(uint32_t *rbuf, size_t *rbufsz, ilb_status_t status)
288 {
289 	ilb_comm_t *ic = (ilb_comm_t *)rbuf;
290 
291 	ic->ic_cmd = ILBD_CMD_ERROR;
292 	/* Default is one exchange of request/response. */
293 	ic->ic_flags = ILB_COMM_END;
294 	*(ilb_status_t *)&ic->ic_data = status;
295 	*rbufsz = sizeof (ilb_comm_t) + sizeof (ilb_status_t);
296 }
297