xref: /titanic_41/usr/src/cmd/lvm/rpc.metamhd/mhd_init.c (revision d24234c24aeaca4ca56ee3ac2794507968f274c4) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include "mhd_local.h"
27 
28 #include <grp.h>
29 #include <pwd.h>
30 #include <signal.h>
31 #include <stdio_ext.h>
32 #include <syslog.h>
33 #include <netdir.h>
34 #include <netdb.h>
35 #include <sys/resource.h>
36 #include <sys/priocntl.h>
37 #include <sys/rtpriocntl.h>
38 #include <sys/utsname.h>
39 
40 extern	void	nc_perror(const char *msg);
41 
42 /* daemon name */
43 static char	*myname = "rpc.metamhd";
44 
45 /*
46  * reset and exit daemon
47  */
48 void
49 mhd_exit(
50 	int	eval
51 )
52 {
53 	/* log exit */
54 	mhd_eprintf("exiting with %d\n", eval);
55 
56 	/* exit with value */
57 	exit(eval);
58 }
59 
60 /*
61  * signal catchers
62  */
63 static void
64 mhd_catcher(
65 	int	sig
66 )
67 {
68 	char	buf[128];
69 	char	*msg;
70 
71 	/* log signal */
72 	if ((msg = strsignal(sig)) == NULL) {
73 		(void) sprintf(buf, "unknown signal %d", sig);
74 		msg = buf;
75 	}
76 	mhd_eprintf("%s\n", msg);
77 
78 	/* let default handler do it's thing */
79 	(void) sigset(sig, SIG_DFL);
80 	if (kill(getpid(), sig) != 0) {
81 		mhd_perror("kill(getpid())");
82 		mhd_exit(-sig);
83 	}
84 }
85 
86 /*
87  * initialize daemon
88  */
89 static int
90 mhd_setup(
91 	mhd_error_t	*mhep
92 )
93 {
94 	struct rlimit	rlimit;
95 	pcinfo_t	pcinfo;
96 	pcparms_t	pcparms;
97 	rtparms_t	*rtparmsp = (rtparms_t *)pcparms.pc_clparms;
98 
99 	/* catch common signals */
100 	if ((sigset(SIGHUP, mhd_catcher) == SIG_ERR) ||
101 	    (sigset(SIGINT, mhd_catcher) == SIG_ERR) ||
102 	    (sigset(SIGABRT, mhd_catcher) == SIG_ERR) ||
103 	    (sigset(SIGBUS, mhd_catcher) == SIG_ERR) ||
104 	    (sigset(SIGSEGV, mhd_catcher) == SIG_ERR) ||
105 	    (sigset(SIGPIPE, mhd_catcher) == SIG_ERR) ||
106 	    (sigset(SIGTERM, mhd_catcher) == SIG_ERR)) {
107 		return (mhd_error(mhep, errno, "sigset"));
108 	}
109 
110 	/* ignore SIGHUP (used in mhd_cv_timedwait) */
111 	if (sigset(SIGALRM, SIG_IGN) == SIG_ERR) {
112 		return (mhd_error(mhep, errno, "sigset"));
113 	}
114 
115 	/* increase number of file descriptors */
116 	(void) memset(&rlimit, 0, sizeof (rlimit));
117 	if (getrlimit(RLIMIT_NOFILE, &rlimit) != 0)
118 		return (mhd_error(mhep, errno, "getrlimit(RLIMIT_NOFILE)"));
119 	rlimit.rlim_cur = rlimit.rlim_max = 1024;
120 	if (setrlimit(RLIMIT_NOFILE, &rlimit) != 0)
121 		return (mhd_error(mhep, errno, "setrlimit(RLIMIT_NOFILE)"));
122 	(void) enable_extended_FILE_stdio(-1, -1);
123 
124 	/* set default RT priority */
125 	(void) memset(&pcinfo, 0, sizeof (pcinfo));
126 	(void) strncpy(pcinfo.pc_clname, "RT", sizeof (pcinfo.pc_clname));
127 	if (priocntl(0, 0, PC_GETCID, (caddr_t)&pcinfo) < 0)
128 		return (mhd_error(mhep, errno, "priocntl(PC_GETCID): \"RT\""));
129 	(void) memset(&pcparms, 0, sizeof (pcparms));
130 	pcparms.pc_cid = pcinfo.pc_cid;
131 	rtparmsp->rt_pri = RT_NOCHANGE;
132 	rtparmsp->rt_tqsecs = (ulong_t)RT_NOCHANGE;
133 	rtparmsp->rt_tqnsecs = RT_NOCHANGE;
134 	if (priocntl(P_PID, getpid(), PC_SETPARMS, (caddr_t)&pcparms) != 0)
135 		return (mhd_error(mhep, errno, "priocntl(PC_SETPARMS)"));
136 
137 	/* return success */
138 	return (0);
139 }
140 
141 /*
142  * (re)initalize daemon
143  */
144 static int
145 mhd_init_daemon(
146 	mhd_error_t	*mhep
147 )
148 {
149 	static int	already = 0;
150 
151 	/* setup */
152 	if (! already) {
153 		if (mhd_setup(mhep) != 0)
154 			return (-1);
155 		openlog(myname, LOG_CONS, LOG_DAEMON);
156 		already = 1;
157 	}
158 
159 	/* return success */
160 	return (0);
161 }
162 
163 /*
164  * get my nodename
165  */
166 static char *
167 mynodename()
168 {
169 	static struct utsname	myuname;
170 	static int		done = 0;
171 
172 	if (! done) {
173 		if (uname(&myuname) == -1) {
174 			mhd_perror("uname");
175 			assert(0);
176 		}
177 		done = 1;
178 	}
179 	return (myuname.nodename);
180 }
181 
182 /*
183  * check for trusted host and user
184  */
185 static int
186 check_host(
187 	struct svc_req		*rqstp		/* RPC stuff */
188 )
189 {
190 	struct authsys_parms	*sys_credp;
191 	SVCXPRT			*transp = rqstp->rq_xprt;
192 	struct netconfig	*nconfp = NULL;
193 	struct nd_hostservlist	*hservlistp = NULL;
194 	int			i;
195 	int			rval = -1;
196 
197 	/* check for root */
198 	/*LINTED*/
199 	sys_credp = (struct authsys_parms *)rqstp->rq_clntcred;
200 	assert(sys_credp != NULL);
201 	if (sys_credp->aup_uid != 0)
202 		goto out;
203 
204 	/* get hostnames */
205 	if (transp->xp_netid == NULL) {
206 		mhd_eprintf("transp->xp_netid == NULL\n");
207 		goto out;
208 	}
209 	if ((nconfp = getnetconfigent(transp->xp_netid)) == NULL) {
210 #ifdef	DEBUG
211 		nc_perror("getnetconfigent(transp->xp_netid)");
212 #endif
213 		goto out;
214 	}
215 	if ((__netdir_getbyaddr_nosrv(nconfp, &hservlistp, &transp->xp_rtaddr)
216 	    != 0) || (hservlistp == NULL)) {
217 #ifdef	DEBUG
218 		netdir_perror("netdir_getbyaddr(transp->xp_rtaddr)");
219 #endif
220 		goto out;
221 	}
222 
223 	/* check hostnames */
224 	for (i = 0; (i < hservlistp->h_cnt); ++i) {
225 		struct nd_hostserv	*hservp = &hservlistp->h_hostservs[i];
226 		char			*hostname = hservp->h_host;
227 
228 		/* localhost is OK */
229 		if (strcmp(hostname, mynodename()) == 0) {
230 			rval = 0;
231 			goto out;
232 		}
233 
234 		/* check for remote root access */
235 		if (ruserok(hostname, 1, "root", "root") == 0) {
236 			rval = 0;
237 			goto out;
238 		}
239 	}
240 
241 	/* cleanup, return success */
242 out:
243 	if (hservlistp != NULL)
244 		netdir_free(hservlistp, ND_HOSTSERVLIST);
245 	if (nconfp != NULL)
246 		Free(nconfp);
247 	return (rval);
248 }
249 
250 /*
251  * check for user in local group 14
252  */
253 static int
254 check_gid14(
255 	uid_t		uid
256 )
257 {
258 	struct passwd	*pwp;
259 	struct group	*grp;
260 	char		**namep;
261 
262 	/* get user info, check default GID */
263 	if ((pwp = getpwuid(uid)) == NULL)
264 		return (-1);
265 	if (pwp->pw_gid == METAMHD_GID)
266 		return (0);
267 
268 	/* check in group */
269 	if ((grp = getgrgid(METAMHD_GID)) == NULL)
270 		return (-1);
271 	for (namep = grp->gr_mem; ((*namep != NULL) && (**namep != '\0'));
272 	    ++namep) {
273 		if (strcmp(*namep, pwp->pw_name) == 0)
274 			return (0);
275 	}
276 	return (-1);
277 }
278 
279 /*
280  * check AUTH_SYS
281  */
282 static int
283 check_sys(
284 	struct svc_req		*rqstp,		/* RPC stuff */
285 	int			amode,		/* R_OK | W_OK */
286 	mhd_error_t		*mhep		/* returned status */
287 )
288 {
289 	static mutex_t		mx = DEFAULTMUTEX;
290 	struct authsys_parms	*sys_credp;
291 
292 	/* for read, anything is OK */
293 	if (! (amode & W_OK))
294 		return (0);
295 
296 	/* single thread (not really needed if daemon stays single threaded) */
297 	(void) mutex_lock(&mx);
298 
299 	/* check for remote root or METAMHD_GID */
300 	/*LINTED*/
301 	sys_credp = (struct authsys_parms *)rqstp->rq_clntcred;
302 	if ((check_gid14(sys_credp->aup_uid) == 0) ||
303 	    (check_host(rqstp) == 0)) {
304 		(void) mutex_unlock(&mx);
305 		return (0);
306 	}
307 
308 	/* return failure */
309 	(void) mutex_unlock(&mx);
310 	return (mhd_error(mhep, EACCES, myname));
311 }
312 
313 /*
314  * setup RPC service
315  *
316  * if can't authenticate return < 0
317  * if any other error return > 0
318  */
319 int
320 mhd_init(
321 	struct svc_req	*rqstp,		/* RPC stuff */
322 	int		amode,		/* R_OK | W_OK */
323 	mhd_error_t	*mhep		/* returned status */
324 )
325 {
326 	SVCXPRT		*transp = rqstp->rq_xprt;
327 
328 	/*
329 	 * initialize
330 	 */
331 	(void) memset(mhep, 0, sizeof (*mhep));
332 
333 	/*
334 	 * check credentials
335 	 */
336 	switch (rqstp->rq_cred.oa_flavor) {
337 
338 	/* UNIX flavor */
339 	case AUTH_SYS:
340 	{
341 		if (check_sys(rqstp, amode, mhep) != 0)
342 			return (1);	/* error */
343 		break;
344 	}
345 
346 	/* can't authenticate anything else */
347 	default:
348 		svcerr_weakauth(transp);
349 		return (-1);		/* weak authentication */
350 
351 	}
352 
353 	/*
354 	 * (re)initialize
355 	 */
356 	if (mhd_init_daemon(mhep) != 0)
357 		return (1);		/* error */
358 
359 	/* return success */
360 	return (0);
361 }
362