xref: /illumos-gate/usr/src/cmd/fs.d/smbclnt/smbiod-svc/smbiod-svc.c (revision 6e6545bfaed3bab9ce836ee82d1abd8f2edba89a)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
24  */
25 
26 /*
27  * SMBFS I/O Daemon (SMF service)
28  */
29 
30 #include <sys/types.h>
31 #include <sys/stat.h>
32 #include <sys/note.h>
33 #include <sys/queue.h>
34 
35 #include <errno.h>
36 #include <fcntl.h>
37 #include <signal.h>
38 #include <stdarg.h>
39 #include <stdio.h>
40 #include <string.h>
41 #include <strings.h>
42 #include <stdlib.h>
43 #include <synch.h>
44 #include <time.h>
45 #include <unistd.h>
46 #include <ucred.h>
47 #include <wait.h>
48 #include <priv_utils.h>
49 #include <err.h>
50 #include <door.h>
51 #include <libscf.h>
52 #include <locale.h>
53 #include <thread.h>
54 #include <assert.h>
55 
56 #include <netsmb/smb_lib.h>
57 
58 static boolean_t d_flag = B_FALSE;
59 
60 /* Keep a list of child processes. */
61 typedef struct _child {
62 	LIST_ENTRY(_child) list;
63 	pid_t pid;
64 	uid_t uid;
65 } child_t;
66 static LIST_HEAD(, _child) child_list = { 0 };
67 mutex_t	cl_mutex = DEFAULTMUTEX;
68 
69 static const char smbiod_path[] = "/usr/lib/smbfs/smbiod";
70 static const char door_path[] = SMBIOD_SVC_DOOR;
71 
72 void svc_dispatch(void *cookie, char *argp, size_t argsz,
73     door_desc_t *dp, uint_t n_desc);
74 static int cmd_start(uid_t uid, gid_t gid);
75 static int new_child(uid_t uid, gid_t gid);
76 static void svc_sigchld(void);
77 static void child_gone(uid_t, pid_t, int);
78 static void svc_cleanup(void);
79 
80 static child_t *
81 child_find_by_pid(pid_t pid)
82 {
83 	child_t *cp;
84 
85 	assert(MUTEX_HELD(&cl_mutex));
86 	LIST_FOREACH(cp, &child_list, list) {
87 		if (cp->pid == pid)
88 			return (cp);
89 	}
90 	return (NULL);
91 }
92 
93 static child_t *
94 child_find_by_uid(uid_t uid)
95 {
96 	child_t *cp;
97 
98 	assert(MUTEX_HELD(&cl_mutex));
99 	LIST_FOREACH(cp, &child_list, list) {
100 		if (cp->uid == uid)
101 			return (cp);
102 	}
103 	return (NULL);
104 }
105 
106 /*
107  * Find out if the service is already running.
108  * Return: true, false.
109  */
110 static boolean_t
111 already_running(void)
112 {
113 	door_info_t info;
114 	int fd, rc;
115 
116 	if ((fd = open(door_path, O_RDONLY)) < 0)
117 		return (B_FALSE);
118 
119 	rc = door_info(fd, &info);
120 	close(fd);
121 	if (rc < 0)
122 		return (B_FALSE);
123 
124 	return (B_TRUE);
125 }
126 
127 /*
128  * This function will fork off a child process,
129  * from which only the child will return.
130  *
131  * The parent exit status is taken as the SMF start method
132  * success or failure, so the parent waits (via pipe read)
133  * for the child to finish initialization before it exits.
134  * Use SMF error codes only on exit.
135  */
136 static int
137 daemonize_init(void)
138 {
139 	int pid, st;
140 	int pfds[2];
141 
142 	chdir("/");
143 
144 	if (pipe(pfds) < 0) {
145 		perror("pipe");
146 		exit(SMF_EXIT_ERR_FATAL);
147 	}
148 	if ((pid = fork1()) == -1) {
149 		perror("fork");
150 		exit(SMF_EXIT_ERR_FATAL);
151 	}
152 
153 	/*
154 	 * If we're the parent process, wait for either the child to send us
155 	 * the appropriate exit status over the pipe or for the read to fail
156 	 * (presumably with 0 for EOF if our child terminated abnormally).
157 	 * If the read fails, exit with either the child's exit status if it
158 	 * exited or with SMF_EXIT_ERR_FATAL if it died from a fatal signal.
159 	 */
160 	if (pid != 0) {
161 		/* parent */
162 		close(pfds[1]);
163 		if (read(pfds[0], &st, sizeof (st)) == sizeof (st))
164 			_exit(st);
165 		if (waitpid(pid, &st, 0) == pid && WIFEXITED(st))
166 			_exit(WEXITSTATUS(st));
167 		_exit(SMF_EXIT_ERR_FATAL);
168 	}
169 
170 	/* child */
171 	close(pfds[0]);
172 
173 	return (pfds[1]);
174 }
175 
176 static void
177 daemonize_fini(int pfd, int rc)
178 {
179 	/* Tell parent we're ready. */
180 	(void) write(pfd, &rc, sizeof (rc));
181 	close(pfd);
182 }
183 
184 int
185 main(int argc, char **argv)
186 {
187 	sigset_t oldmask, tmpmask;
188 	struct sigaction sa;
189 	struct rlimit rl;
190 	int door_fd = -1, tmp_fd = -1, pfd = -1;
191 	int c, sig;
192 	int rc = SMF_EXIT_ERR_FATAL;
193 	boolean_t created = B_FALSE, attached = B_FALSE;
194 
195 	/* set locale and text domain for i18n */
196 	(void) setlocale(LC_ALL, "");
197 	(void) textdomain(TEXT_DOMAIN);
198 
199 	while ((c = getopt(argc, argv, "d")) != -1) {
200 		switch (c) {
201 		case 'd':
202 			/* Do debug messages. */
203 			d_flag = B_TRUE;
204 			break;
205 		default:
206 			fprintf(stderr, "Usage: %s [-d]\n", argv[0]);
207 			return (SMF_EXIT_ERR_CONFIG);
208 		}
209 	}
210 
211 	if (already_running()) {
212 		fprintf(stderr, "%s: already running", argv[0]);
213 		return (rc);
214 	}
215 
216 	/*
217 	 * Raise the fd limit to max
218 	 * errors here are non-fatal
219 	 */
220 	if (getrlimit(RLIMIT_NOFILE, &rl) != 0) {
221 		fprintf(stderr, "getrlimit failed, err %d\n", errno);
222 	} else if (rl.rlim_cur < rl.rlim_max) {
223 		rl.rlim_cur = rl.rlim_max;
224 		if (setrlimit(RLIMIT_NOFILE, &rl) != 0)
225 			fprintf(stderr, "setrlimit "
226 			    "RLIMIT_NOFILE %d, err %d",
227 			    (int)rl.rlim_cur, errno);
228 	}
229 
230 	/*
231 	 * Want all signals blocked, as we're doing
232 	 * synchronous delivery via sigwait below.
233 	 */
234 	sigfillset(&tmpmask);
235 	sigprocmask(SIG_BLOCK, &tmpmask, &oldmask);
236 
237 	/*
238 	 * Do want SIGCHLD, and will waitpid().
239 	 */
240 	sa.sa_flags = SA_NOCLDSTOP;
241 	sa.sa_handler = SIG_DFL;
242 	sigemptyset(&sa.sa_mask);
243 	sigaction(SIGCHLD, &sa, NULL);
244 
245 	/*
246 	 * Daemonize, unless debugging.
247 	 */
248 	if (d_flag) {
249 		/* debug: run in foregound (not a service) */
250 		putenv("SMBFS_DEBUG=1");
251 	} else {
252 		/* Non-debug: start daemon in the background. */
253 		pfd = daemonize_init();
254 	}
255 
256 	/*
257 	 * Create directory for all smbiod doors.
258 	 */
259 	if ((mkdir(SMBIOD_RUNDIR, 0755) < 0) && errno != EEXIST) {
260 		perror(SMBIOD_RUNDIR);
261 		goto out;
262 	}
263 
264 	/*
265 	 * Create a file for the main service door.
266 	 */
267 	unlink(door_path);
268 	tmp_fd = open(door_path, O_RDWR|O_CREAT|O_EXCL, 0644);
269 	if (tmp_fd < 0) {
270 		perror(door_path);
271 		goto out;
272 	}
273 	close(tmp_fd);
274 	tmp_fd = -1;
275 	created = B_TRUE;
276 
277 	/* Setup the door service. */
278 	door_fd = door_create(svc_dispatch, NULL,
279 	    DOOR_REFUSE_DESC | DOOR_NO_CANCEL);
280 	if (door_fd == -1) {
281 		perror("svc door_create");
282 		goto out;
283 	}
284 	fdetach(door_path);
285 	if (fattach(door_fd, door_path) < 0) {
286 		fprintf(stderr, "%s: fattach failed, %s\n",
287 		    door_path, strerror(errno));
288 		goto out;
289 	}
290 	attached = B_TRUE;
291 
292 	/*
293 	 * Initializations done.  Tell start method we're up.
294 	 */
295 	rc = SMF_EXIT_OK;
296 	if (pfd != -1) {
297 		daemonize_fini(pfd, rc);
298 		pfd = -1;
299 	}
300 
301 	/*
302 	 * Main thread just waits for signals.
303 	 */
304 again:
305 	sig = sigwait(&tmpmask);
306 	if (d_flag)
307 		fprintf(stderr, "main: sig=%d\n", sig);
308 	switch (sig) {
309 	case SIGINT:
310 	case SIGTERM:
311 		/*
312 		 * The whole process contract gets a SIGTERM
313 		 * at once.  Give children a chance to exit
314 		 * so we can do normal SIGCHLD cleanup.
315 		 * Prevent new door_open calls.
316 		 */
317 		fdetach(door_path);
318 		attached = B_FALSE;
319 		alarm(2);
320 		goto again;
321 	case SIGALRM:
322 		break;	/* normal termination */
323 	case SIGCHLD:
324 		svc_sigchld();
325 		goto again;
326 	case SIGCONT:
327 		goto again;
328 	default:
329 		/* Unexpected signal. */
330 		fprintf(stderr, "svc_main: unexpected sig=%d\n", sig);
331 		break;
332 	}
333 
334 out:
335 	if (attached)
336 		fdetach(door_path);
337 	if (door_fd != -1)
338 		door_revoke(door_fd);
339 	if (created)
340 		unlink(door_path);
341 
342 	/* NB: door threads gone now. */
343 	svc_cleanup();
344 
345 	/* If startup error, report to parent. */
346 	if (pfd != -1)
347 		daemonize_fini(pfd, rc);
348 
349 	return (rc);
350 }
351 
352 /*ARGSUSED*/
353 void
354 svc_dispatch(void *cookie, char *argp, size_t argsz,
355     door_desc_t *dp, uint_t n_desc)
356 {
357 	ucred_t *ucred = NULL;
358 	uid_t uid;
359 	gid_t gid;
360 	int32_t cmd, rc;
361 
362 	/*
363 	 * Allow a NULL arg call to check if this
364 	 * daemon is running.  Just return zero.
365 	 */
366 	if (argp == NULL) {
367 		rc = 0;
368 		goto out;
369 	}
370 
371 	/*
372 	 * Get the caller's credentials.
373 	 * (from client side of door)
374 	 */
375 	if (door_ucred(&ucred) != 0) {
376 		rc = EACCES;
377 		goto out;
378 	}
379 	uid = ucred_getruid(ucred);
380 	gid = ucred_getrgid(ucred);
381 
382 	/*
383 	 * Arg is just an int command code.
384 	 * Reply is also an int.
385 	 */
386 	if (argsz != sizeof (cmd)) {
387 		rc = EINVAL;
388 		goto out;
389 	}
390 	bcopy(argp, &cmd, sizeof (cmd));
391 	switch (cmd) {
392 	case SMBIOD_START:
393 		rc = cmd_start(uid, gid);
394 		break;
395 	default:
396 		rc = EINVAL;
397 		goto out;
398 	}
399 
400 out:
401 	if (ucred != NULL)
402 		ucred_free(ucred);
403 
404 	door_return((void *)&rc, sizeof (rc), NULL, 0);
405 }
406 
407 /*
408  * Start a per-user smbiod, if not already running.
409  */
410 int
411 cmd_start(uid_t uid, gid_t gid)
412 {
413 	char door_file[64];
414 	child_t *cp;
415 	int pid, fd = -1;
416 
417 	mutex_lock(&cl_mutex);
418 	cp = child_find_by_uid(uid);
419 	if (cp != NULL) {
420 		/* This UID already has an IOD. */
421 		mutex_unlock(&cl_mutex);
422 		if (d_flag) {
423 			fprintf(stderr, "cmd_start: uid %d"
424 			    " already has an iod\n", uid);
425 		}
426 		return (0);
427 	}
428 
429 	/*
430 	 * OK, create a new child.
431 	 */
432 	cp = malloc(sizeof (*cp));
433 	if (cp == NULL) {
434 		mutex_unlock(&cl_mutex);
435 		return (ENOMEM);
436 	}
437 	cp->pid = 0; /* update below */
438 	cp->uid = uid;
439 	LIST_INSERT_HEAD(&child_list, cp, list);
440 	mutex_unlock(&cl_mutex);
441 
442 	/*
443 	 * The child will not have permission to create or
444 	 * destroy files in SMBIOD_RUNDIR so do that here.
445 	 */
446 	snprintf(door_file, sizeof (door_file),
447 	    SMBIOD_USR_DOOR, cp->uid);
448 	unlink(door_file);
449 	fd = open(door_file, O_RDWR|O_CREAT|O_EXCL, 0600);
450 	if (fd < 0) {
451 		perror(door_file);
452 		goto errout;
453 	}
454 	if (fchown(fd, uid, gid) < 0) {
455 		perror(door_file);
456 		goto errout;
457 	}
458 	close(fd);
459 	fd = -1;
460 
461 	if ((pid = fork1()) == -1) {
462 		perror("fork");
463 		goto errout;
464 	}
465 	if (pid == 0) {
466 		(void) new_child(uid, gid);
467 		_exit(1);
468 	}
469 	/* parent */
470 	cp->pid = pid;
471 
472 	if (d_flag) {
473 		fprintf(stderr, "cmd_start: uid %d new iod, pid %d\n",
474 		    uid, pid);
475 	}
476 
477 	return (0);
478 
479 errout:
480 	if (fd != -1)
481 		close(fd);
482 	mutex_lock(&cl_mutex);
483 	LIST_REMOVE(cp, list);
484 	mutex_unlock(&cl_mutex);
485 	free(cp);
486 	return (errno);
487 }
488 
489 /*
490  * Assume the passed credentials (from the door client),
491  * drop any extra privileges, and exec the per-user iod.
492  */
493 static int
494 new_child(uid_t uid, gid_t gid)
495 {
496 	char *argv[2];
497 	int flags, rc;
498 
499 	flags = PU_RESETGROUPS | PU_LIMITPRIVS | PU_INHERITPRIVS;
500 	rc = __init_daemon_priv(flags, uid, gid, PRIV_NET_ACCESS, NULL);
501 	if (rc != 0)
502 		return (errno);
503 
504 	argv[0] = "smbiod";
505 	argv[1] = NULL;
506 	(void) execv(smbiod_path, argv);
507 	return (errno);
508 }
509 
510 static void
511 svc_sigchld(void)
512 {
513 	child_t *cp;
514 	pid_t pid;
515 	int err, status, found = 0;
516 
517 	mutex_lock(&cl_mutex);
518 
519 	while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
520 
521 		found++;
522 		if (d_flag)
523 			fprintf(stderr, "svc_sigchld: pid %d\n", (int)pid);
524 
525 		cp = child_find_by_pid(pid);
526 		if (cp == NULL) {
527 			fprintf(stderr, "Unknown pid %d\n", (int)pid);
528 			continue;
529 		}
530 		child_gone(cp->uid, cp->pid, status);
531 		LIST_REMOVE(cp, list);
532 		free(cp);
533 	}
534 	err = errno;
535 
536 	mutex_unlock(&cl_mutex);
537 
538 	/* ECHILD is the normal end of loop. */
539 	if (pid < 0 && err != ECHILD)
540 		fprintf(stderr, "svc_sigchld: waitpid err %d\n", err);
541 	if (found == 0)
542 		fprintf(stderr, "svc_sigchld: no children?\n");
543 }
544 
545 static void
546 child_gone(uid_t uid, pid_t pid, int status)
547 {
548 	char door_file[64];
549 	int x;
550 
551 	if (d_flag)
552 		fprintf(stderr, "child_gone: uid %d pid %d\n",
553 		    uid, (int)pid);
554 
555 	snprintf(door_file, sizeof (door_file),
556 	    SMBIOD_RUNDIR "/%d", uid);
557 	unlink(door_file);
558 
559 	if (WIFEXITED(status)) {
560 		x = WEXITSTATUS(status);
561 		if (x != 0) {
562 			fprintf(stderr,
563 			    "uid %d, pid %d exit %d\n",
564 			    uid, (int)pid, x);
565 		}
566 	}
567 	if (WIFSIGNALED(status)) {
568 		x = WTERMSIG(status);
569 		fprintf(stderr,
570 		    "uid %d, pid %d signal %d\n",
571 		    uid, (int)pid, x);
572 	}
573 }
574 
575 /*
576  * Final cleanup before exit.  Unlink child doors, etc.
577  * Called while single threaded, so no locks needed here.
578  * The list is normally empty by now due to svc_sigchld
579  * calls during shutdown.  But in case there were any
580  * straglers, do cleanup here.  Don't bother freeing any
581  * list elements here, as we're exiting.
582  */
583 static void
584 svc_cleanup(void)
585 {
586 	child_t *cp;
587 
588 	LIST_FOREACH(cp, &child_list, list) {
589 		child_gone(cp->uid, cp->pid, 0);
590 	}
591 }
592