xref: /titanic_44/usr/src/cmd/cmd-inet/lib/nwamd/main.c (revision 2e107de79998f3036decec2454002940afb9a6ff)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*
28  * nwamd - NetWork Auto-Magic Daemon
29  */
30 
31 #include <fcntl.h>
32 #include <priv.h>
33 #include <pthread.h>
34 #include <pwd.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <string.h>
38 #include <signal.h>
39 #include <sys/stat.h>
40 #include <sys/types.h>
41 #include <sys/wait.h>
42 #include <syslog.h>
43 #include <unistd.h>
44 #include <locale.h>
45 #include <libintl.h>
46 #include <errno.h>
47 
48 #include "defines.h"
49 #include "structures.h"
50 #include "functions.h"
51 #include "variables.h"
52 
53 #define	TIMESPECGT(x, y)	((x.tv_sec > y.tv_sec) || \
54 	    ((x.tv_sec == y.tv_sec) && (x.tv_nsec > y.tv_nsec)))
55 
56 const char *OUR_FMRI = "svc:/network/physical:nwam";
57 const char *OUR_PG = "nwamd";
58 
59 boolean_t fg = B_FALSE;
60 boolean_t shutting_down;
61 sigset_t original_sigmask;
62 char zonename[ZONENAME_MAX];
63 pthread_mutex_t machine_lock = PTHREAD_MUTEX_INITIALIZER;
64 dladm_handle_t dld_handle = NULL;
65 
66 /*
67  * nwamd
68  *
69  * This is the Network Auto-Magic daemon.  For further high level information
70  * see the Network Auto-Magic project and the Approachability communities
71  * on opensolaris.org, and nwamd(1M).
72  *
73  * The general structure of the code is as a set of threads collecting
74  * system events which are fed into a state machine which alters system
75  * state based on configuration.
76  *
77  * signal management
78  * Due to being threaded, a simple set of signal handlers would not work
79  * very well for nwamd.  Instead nwamd blocks signals at startup and
80  * then starts a thread which sits in sigwait(2) waiting for signals.
81  * When a signal is received the signal handling thread dispatches it.
82  * It handles:
83  * - shutting down, done by creating an event which is passed through the
84  *   system allowing the various subsystems to do any necessary cleanup.
85  * - SIGALRM for timers.
86  * - SIGHUP for instance refresh, which tells us to look up various
87  *   properties from SMF(5).
88  *
89  * subprocess management
90  * nwamd starts several different subprocesses to manage the system.  Some
91  * of those start other processes (e.g. `ifconfig <if> dhcp` ends up starting
92  * dhcpagent if necessary).  Due to the way we manage signals if we started
93  * those up without doing anything special their signal mask would mostly
94  * block signals.  So we restore the signal mask when we start subprocesses.
95  * This is especially important with respect to DHCP as later when we exit
96  * we need to kill the dhcpagent process which we started; for details, see
97  * the block comment in state_machine.c in its cleanup() function.
98  */
99 
100 /*
101  * In this file there are several utility functions which might otherwise
102  * belong in util.c, but since they are only called from main(), they can
103  * live here as static functions:
104  * - syslog set-up
105  * - daemonizing
106  * - looking up SMF(5) properties
107  * - signal handling
108  * - managing privileges(5)
109  */
110 
111 static void
112 start_logging(void)
113 {
114 	openlog("nwamd", LOG_PID | LOG_NDELAY, LOG_DAEMON);
115 }
116 
117 static void
118 daemonize(void)
119 {
120 	pid_t pid;
121 
122 	/*
123 	 * A little bit of magic here.  By the first fork+setsid, we
124 	 * disconnect from our current controlling terminal and become
125 	 * a session group leader.  By forking again without calling
126 	 * setsid again, we make certain that we are not the session
127 	 * group leader and can never reacquire a controlling terminal.
128 	 */
129 	if ((pid = fork()) == (pid_t)-1) {
130 		syslog(LOG_ERR, "fork 1 failed");
131 		exit(EXIT_FAILURE);
132 	}
133 	if (pid != 0) {
134 		(void) wait(NULL);
135 		dprintf("child %ld exited, daemonizing", pid);
136 		_exit(0);
137 	}
138 	if (setsid() == (pid_t)-1) {
139 		syslog(LOG_ERR, "setsid");
140 		exit(EXIT_FAILURE);
141 	}
142 	if ((pid = fork()) == (pid_t)-1) {
143 		syslog(LOG_ERR, "fork 2 failed");
144 		exit(EXIT_FAILURE);
145 	}
146 	if (pid != 0) {
147 		_exit(0);
148 	}
149 	(void) chdir("/");
150 	(void) umask(022);
151 }
152 
153 /*
154  * Look up nwamd property values and set daemon variables appropriately.
155  * This function will be called on startup and via the signal handling
156  * thread on receiving a HUP (which occurs when the nwam service is
157  * refreshed).
158  */
159 static void
160 lookup_daemon_properties(void)
161 {
162 	boolean_t debug_set;
163 	uint64_t scan_interval;
164 	uint64_t idle_time;
165 	boolean_t strict_bssid_set;
166 
167 	if (lookup_boolean_property(OUR_PG, "debug", &debug_set) == 0)
168 		debug = debug_set;
169 	if (lookup_count_property(OUR_PG, "scan_interval", &scan_interval) == 0)
170 		wlan_scan_interval = scan_interval;
171 	if (lookup_count_property(OUR_PG, "idle_time", &idle_time) == 0)
172 		door_idle_time = idle_time;
173 	if (lookup_boolean_property(OUR_PG, "strict_bssid",
174 	    &strict_bssid_set) == 0)
175 		strict_bssid = strict_bssid_set;
176 	dprintf("Read daemon configuration properties.");
177 }
178 
179 /* ARGSUSED */
180 static void *
181 sighandler(void *arg)
182 {
183 	sigset_t sigset;
184 	int sig, err;
185 	uint32_t now;
186 
187 	(void) sigfillset(&sigset);
188 
189 	while (!shutting_down) {
190 		sig = sigwait(&sigset);
191 		dprintf("signal %d caught", sig);
192 		switch (sig) {
193 		case SIGALRM:
194 			/*
195 			 * We may have multiple interfaces with
196 			 * scheduled timers; walk the list and
197 			 * create a timer event for each one.
198 			 */
199 			timer_expire = TIMER_INFINITY;
200 			now = NSEC_TO_SEC(gethrtime());
201 			check_interface_timers(now);
202 			check_door_life(now);
203 			break;
204 		case SIGHUP:
205 			/*
206 			 * Refresh action - reread configuration properties.
207 			 */
208 			lookup_daemon_properties();
209 			/*
210 			 * Check if user restarted scanning.
211 			 */
212 			if (scan == 0 && wlan_scan_interval != 0) {
213 				err = pthread_create(&scan, NULL,
214 				    periodic_wireless_scan, NULL);
215 				if (err != 0) {
216 					syslog(LOG_NOTICE,
217 					    "pthread_create wireless scan: %s",
218 					    strerror(err));
219 				} else {
220 					dprintf("wireless scan thread: %d",
221 					    scan);
222 				}
223 			}
224 			break;
225 		case SIGINT:
226 			/*
227 			 * Undocumented "print debug status" signal.
228 			 */
229 			print_llp_status();
230 			print_interface_status();
231 			print_wireless_status();
232 			break;
233 		case SIGTHAW:
234 			/*
235 			 * It seems unlikely that this is helpful, but it can't
236 			 * hurt: when waking up from a sleep, check if the
237 			 * wireless interface is still viable.  There've been
238 			 * bugs in this area.
239 			 */
240 			if (pthread_mutex_lock(&machine_lock) == 0) {
241 				if (link_layer_profile != NULL &&
242 				    link_layer_profile->llp_type ==
243 				    IF_WIRELESS) {
244 					wireless_verify(
245 					    link_layer_profile->llp_lname);
246 				}
247 				(void) pthread_mutex_unlock(&machine_lock);
248 			}
249 			break;
250 		default:
251 			syslog(LOG_NOTICE, "%s received, shutting down",
252 			    strsignal(sig));
253 			shutting_down = B_TRUE;
254 			if (!np_queue_add_event(EV_SHUTDOWN, NULL)) {
255 				dprintf("could not allocate shutdown event");
256 				cleanup();
257 				exit(EXIT_FAILURE);
258 			}
259 			break;
260 		}
261 	}
262 	return (NULL);
263 }
264 
265 /* ARGSUSED */
266 static void
267 sigdummy(int sig)
268 {
269 }
270 
271 static void
272 init_signalhandling(void)
273 {
274 	struct sigaction act;
275 	pthread_attr_t attr;
276 	pthread_t sighand;
277 	int err;
278 	sigset_t new;
279 
280 	/*
281 	 * The default is to ignore, so we need a dummy handler.
282 	 */
283 	(void) memset(&act, 0, sizeof (act));
284 	act.sa_handler = sigdummy;
285 	act.sa_flags = SA_RESTART;
286 	(void) sigaction(SIGTHAW, &act, NULL);
287 
288 	(void) sigfillset(&new);
289 	(void) pthread_sigmask(SIG_BLOCK, &new, &original_sigmask);
290 	(void) pthread_attr_init(&attr);
291 	(void) pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
292 	if (err = pthread_create(&sighand, &attr, sighandler, NULL)) {
293 		syslog(LOG_ERR, "pthread_create system: %s", strerror(err));
294 		exit(EXIT_FAILURE);
295 	} else {
296 		dprintf("signal handler thread: %d", sighand);
297 	}
298 	(void) pthread_attr_destroy(&attr);
299 }
300 
301 static void
302 change_user_set_privs(void)
303 {
304 	priv_set_t *priv_set;
305 
306 	priv_set = priv_allocset();
307 	if (getppriv(PRIV_PERMITTED, priv_set) == -1) {
308 		dprintf("getppriv %s", strerror(errno));
309 	} else {
310 		char *p;
311 
312 		p = priv_set_to_str(priv_set, ',', 0);
313 		dprintf("started with privs %s", p != NULL ? p : "Unknown");
314 		free(p);
315 	}
316 	priv_freeset(priv_set);
317 
318 	/* always start with the basic set */
319 	priv_set = priv_str_to_set("basic", ",", NULL);
320 	if (priv_set == NULL) {
321 		syslog(LOG_ERR, "converting basic privilege set: %m");
322 		exit(EXIT_FAILURE);
323 	}
324 	(void) priv_addset(priv_set, PRIV_FILE_CHOWN_SELF);
325 	(void) priv_addset(priv_set, PRIV_FILE_DAC_READ);
326 	(void) priv_addset(priv_set, PRIV_FILE_DAC_WRITE);
327 	(void) priv_addset(priv_set, PRIV_NET_PRIVADDR);
328 	(void) priv_addset(priv_set, PRIV_NET_RAWACCESS);
329 	(void) priv_addset(priv_set, PRIV_PROC_AUDIT);
330 	(void) priv_addset(priv_set, PRIV_PROC_OWNER);
331 	(void) priv_addset(priv_set, PRIV_PROC_SETID);
332 	(void) priv_addset(priv_set, PRIV_SYS_CONFIG);
333 	(void) priv_addset(priv_set, PRIV_SYS_IP_CONFIG);
334 	(void) priv_addset(priv_set, PRIV_SYS_IPC_CONFIG);
335 	(void) priv_addset(priv_set, PRIV_SYS_NET_CONFIG);
336 	(void) priv_addset(priv_set, PRIV_SYS_RES_CONFIG);
337 	(void) priv_addset(priv_set, PRIV_SYS_RESOURCE);
338 
339 	if (setppriv(PRIV_SET, PRIV_INHERITABLE, priv_set) == -1) {
340 		syslog(LOG_ERR, "setppriv inheritable: %m");
341 		priv_freeset(priv_set);
342 		exit(EXIT_FAILURE);
343 	}
344 
345 	if (setppriv(PRIV_SET, PRIV_PERMITTED, priv_set) == -1) {
346 		syslog(LOG_ERR, "setppriv permitted: %m");
347 		priv_freeset(priv_set);
348 		exit(EXIT_FAILURE);
349 	}
350 
351 	if (setppriv(PRIV_SET, PRIV_EFFECTIVE, priv_set) == -1) {
352 		syslog(LOG_ERR, "setppriv effective: %m");
353 		priv_freeset(priv_set);
354 		exit(EXIT_FAILURE);
355 	}
356 
357 	priv_freeset(priv_set);
358 }
359 
360 static void
361 init_machine_mutex(void)
362 {
363 	pthread_mutexattr_t attrs;
364 
365 	(void) pthread_mutexattr_init(&attrs);
366 	(void) pthread_mutexattr_settype(&attrs, PTHREAD_MUTEX_ERRORCHECK);
367 	if (pthread_mutex_init(&machine_lock, &attrs) != 0) {
368 		syslog(LOG_ERR, "unable to set up machine lock");
369 		exit(EXIT_FAILURE);
370 	}
371 	(void) pthread_mutexattr_destroy(&attrs);
372 }
373 
374 int
375 main(int argc, char *argv[])
376 {
377 	int c;
378 	int scan_lev;
379 	struct np_event *e;
380 	enum np_event_type etype;
381 
382 	(void) setlocale(LC_ALL, "");
383 	(void) textdomain(TEXT_DOMAIN);
384 
385 	shutting_down = B_FALSE;
386 	start_logging();
387 	syslog(LOG_INFO, "nwamd pid %d started", getpid());
388 
389 	while ((c = getopt(argc, argv, "fs:")) != -1) {
390 		switch (c) {
391 			case 'f':
392 				fg = B_TRUE;
393 				break;
394 			case 's':
395 				scan_lev = atoi(optarg);
396 				if (scan_lev >= DLADM_WLAN_STRENGTH_VERY_WEAK &&
397 				    scan_lev <= DLADM_WLAN_STRENGTH_EXCELLENT) {
398 					wireless_scan_level = scan_lev;
399 				} else {
400 					syslog(LOG_ERR, "invalid signal "
401 					    "strength: %s", optarg);
402 				}
403 				break;
404 			default:
405 				syslog(LOG_ERR, "unrecognized option %c",
406 				    optopt);
407 				break;
408 		}
409 	}
410 
411 	lookup_daemon_properties();
412 
413 	/*
414 	 * The dladm handle *must* be opened before privileges are dropped
415 	 * by nwamd.  The device privilege requirements from
416 	 * /etc/security/device_policy may not be loaded yet.  These are
417 	 * loaded by svc:/system/filesystem/root, which comes online after
418 	 * svc:/network/physical.
419 	 */
420 	if (dladm_open(&dld_handle) != DLADM_STATUS_OK) {
421 		syslog(LOG_ERR, "failed to open dladm handle");
422 		exit(EXIT_FAILURE);
423 	}
424 
425 	change_user_set_privs();
426 
427 	if (!fg)
428 		daemonize();
429 
430 	initialize_llp();
431 
432 	init_signalhandling();
433 
434 	initialize_wireless();
435 
436 	lookup_zonename(zonename, sizeof (zonename));
437 
438 	init_machine_mutex();
439 
440 	initialize_interfaces();
441 
442 	llp_parse_config();
443 
444 	initialize_door();
445 
446 	(void) start_event_collection();
447 
448 	while ((e = np_queue_get_event()) != NULL) {
449 
450 		etype = e->npe_type;
451 		syslog(LOG_INFO, "got event type %s", npe_type_str(etype));
452 		if (etype == EV_SHUTDOWN)
453 			terminate_door();
454 		if (pthread_mutex_lock(&machine_lock) != 0) {
455 			syslog(LOG_ERR, "mutex lock");
456 			exit(EXIT_FAILURE);
457 		}
458 		state_machine(e);
459 		(void) pthread_mutex_unlock(&machine_lock);
460 		free_event(e);
461 		if (etype == EV_SHUTDOWN)
462 			break;
463 	}
464 	syslog(LOG_DEBUG, "terminating routing and scanning threads");
465 	(void) pthread_cancel(routing);
466 	(void) pthread_join(routing, NULL);
467 	if (scan != 0) {
468 		(void) pthread_cancel(scan);
469 		(void) pthread_join(scan, NULL);
470 	}
471 	dladm_close(dld_handle);
472 	syslog(LOG_INFO, "nwamd shutting down");
473 	return (EXIT_SUCCESS);
474 }
475