xref: /titanic_50/usr/src/cmd/fs.d/nfs/nfsmapid/nfsmapid.c (revision 8200fe25ffab8b2032d046c88710a949f361b700)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#pragma ident	"%Z%%M%	%I%	%E% SMI"

#include <stdio.h>
#include <stdlib.h>
#include <stropts.h>
#include <signal.h>
#include <fcntl.h>
#include <door.h>
#include <thread.h>
#include <priv_utils.h>
#include <locale.h>
#include <strings.h>
#include <syslog.h>
#include <unistd.h>
#include <nfs/nfs4.h>
#include <nfs/nfsid_map.h>
#include <rpcsvc/daemon_utils.h>
#include <arpa/nameser.h>
#include <nfs/nfssys.h>
#include <errno.h>
#include <pwd.h>
#include <grp.h>

extern struct group *_uncached_getgrgid_r(gid_t, struct group *, char *, int);
extern struct group *_uncached_getgrnam_r(const char *, struct group *,
    char *, int);
extern struct passwd *_uncached_getpwuid_r(uid_t, struct passwd *, char *, int);
extern struct passwd *_uncached_getpwnam_r(const char *, struct passwd *,
    char *, int);

/*
 * seconds to cache nfsmapid domain info
 */
#define	NFSCFG_DEFAULT_DOMAIN_TMOUT	(5 * 60)
#define	NFSMAPID_DOOR   "/var/run/nfsmapid_door"

extern void	nfsmapid_func(void *, char *, size_t, door_desc_t *, uint_t);

extern void	check_domain(int);
extern void	idmap_kcall(int);
extern void	open_diag_file(void);

size_t		pwd_buflen = 0;
size_t		grp_buflen = 0;
thread_t	sig_thread;
static char	*MyName;

/*
 * nfscfg_domain_tmout is used by nfsv4-test scripts to query
 * the nfsmapid daemon for the proper timeout. Don't delete !
 */
time_t		 nfscfg_domain_tmout = NFSCFG_DEFAULT_DOMAIN_TMOUT;

/*
 * Processing for daemonization
 */
static void
daemonize(void)
{
	switch (fork()) {
		case -1:
			perror("nfsmapid: can't fork");
			exit(2);
			/* NOTREACHED */
		case 0:		/* child */
			break;

		default:	/* parent */
			_exit(0);
	}

	if (chdir("/") < 0)
		syslog(LOG_ERR, gettext("chdir /: %m"));

	/*
	 * Close stdin, stdout, and stderr.
	 * Open again to redirect input+output
	 */
	(void) close(0);
	(void) close(1);
	(void) close(2);
	(void) open("/dev/null", O_RDONLY);
	(void) open("/dev/null", O_WRONLY);
	(void) dup(1);
	(void) setsid();
}

/* ARGSUSED */
static void *
sig_handler(void *arg)
{
	siginfo_t	si;
	sigset_t	sigset;
	struct timespec	tmout;
	int		ret;

	tmout.tv_nsec = 0;
	(void) sigemptyset(&sigset);
	(void) sigaddset(&sigset, SIGHUP);
	(void) sigaddset(&sigset, SIGTERM);
#ifdef	DEBUG
	(void) sigaddset(&sigset, SIGINT);
#endif

	/*CONSTCOND*/
	while (1) {
		tmout.tv_sec = nfscfg_domain_tmout;
		if ((ret = sigtimedwait(&sigset, &si, &tmout)) != 0) {
			/*
			 * EAGAIN: no signals arrived during timeout.
			 * check/update config files and continue.
			 */
			if (ret == -1 && errno == EAGAIN) {
				check_domain(0);
				continue;
			}

			switch (si.si_signo) {
				case SIGHUP:
					check_domain(1);
					break;
#ifdef DEBUG
				case SIGINT:
					exit(0);
#endif
				case SIGTERM:
				default:
					exit(si.si_signo);
			}
		}
	}
	/*NOTREACHED*/
	return (NULL);
}

/*
 * Thread initialization. Mask out all signals we want our
 * signal handler to handle for us from any other threads.
 */
static void
thr_init(void)
{
	sigset_t sigset;
	long	 thr_flags = (THR_NEW_LWP|THR_DAEMON|THR_SUSPENDED);

	/*
	 * Before we kick off any other threads, mask out desired
	 * signals from main thread so that any subsequent threads
	 * don't receive said signals.
	 */
	(void) thr_sigsetmask(NULL, NULL, &sigset);
	(void) sigaddset(&sigset, SIGHUP);
	(void) sigaddset(&sigset, SIGTERM);
#ifdef	DEBUG
	(void) sigaddset(&sigset, SIGINT);
#endif
	(void) thr_sigsetmask(SIG_SETMASK, &sigset, NULL);

	/*
	 * Create the signal handler thread suspended ! We do things
	 * this way at setup time to minimize the probability of
	 * introducing any race conditions _if_ the process were to
	 * get a SIGHUP signal while creating a new DNS query thread
	 * in get_dns_txt_domain().
	 */
	if (thr_create(NULL, 0, sig_handler, 0, thr_flags, &sig_thread)) {
		syslog(LOG_ERR,
			gettext("Failed to create signal handling thread"));
		exit(4);
	}
}

static void
daemon_init(void)
{
	struct passwd pwd;
	struct group grp;
	char *pwd_buf;
	char *grp_buf;

	/*
	 * passwd/group reentrant interfaces limits
	 */
	pwd_buflen = (size_t)sysconf(_SC_GETPW_R_SIZE_MAX);
	grp_buflen = (size_t)sysconf(_SC_GETGR_R_SIZE_MAX);

	/*
	 * MT initialization is done first so that if there is the
	 * need to fire an additional thread to continue to query
	 * DNS, that thread is started off with the main thread's
	 * sigmask.
	 */
	thr_init();

	/*
	 * Determine nfsmapid domain.
	 */
	check_domain(0);

	/*
	 * In the case of nfsmapid running diskless, it is important
	 * to get the initial connections to the nameservices
	 * established to prevent problems like opening a devfs
	 * node to contact a nameservice being blocked by the
	 * resolution of an active devfs lookup.
	 * First issue a set*ent to "open" the databases and then
	 * get an entry and finally lookup a bogus entry to trigger
	 * any lazy opens.
	 */
	setpwent();
	setgrent();
	(void) getpwent();
	(void) getgrent();
	if ((pwd_buf = malloc(pwd_buflen)) == NULL)
		return;

	(void) _uncached_getpwnam_r("NF21dmvP", &pwd, pwd_buf, pwd_buflen);
	(void) _uncached_getpwuid_r(1181794, &pwd, pwd_buf, pwd_buflen);

	if ((grp_buf = realloc(pwd_buf, grp_buflen)) == NULL) {
		free(pwd_buf);
		return;
	}

	(void) _uncached_getgrnam_r("NF21dmvP", &grp, grp_buf, grp_buflen);
	(void) _uncached_getgrgid_r(1181794, &grp, grp_buf, grp_buflen);
	free(grp_buf);
}

static int
start_svcs(void)
{
	int doorfd = -1;
#ifdef DEBUG
	int dfd;
#endif

	if ((doorfd = door_create(nfsmapid_func, NULL,
	    DOOR_REFUSE_DESC | DOOR_NO_CANCEL)) == -1) {
		syslog(LOG_ERR, "Unable to create door: %m\n");
		return (1);
	}

#ifdef DEBUG
	/*
	 * Create a file system path for the door
	 */
	if ((dfd = open(NFSMAPID_DOOR, O_RDWR|O_CREAT|O_TRUNC,
				S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) {
		syslog(LOG_ERR, "Unable to open %s: %m\n", NFSMAPID_DOOR);
		(void) close(doorfd);
		return (1);
	}

	/*
	 * Clean up any stale associations
	 */
	(void) fdetach(NFSMAPID_DOOR);

	/*
	 * Register in namespace to pass to the kernel to door_ki_open
	 */
	if (fattach(doorfd, NFSMAPID_DOOR) == -1) {
		syslog(LOG_ERR, "Unable to fattach door: %m\n");
		(void) close(dfd);
		(void) close(doorfd);
		return (1);
	}
	(void) close(dfd);
#endif

	/*
	 * Now that we're actually running, go
	 * ahead and flush the kernel flushes
	 * Pass door name to kernel for door_ki_open
	 */
	idmap_kcall(doorfd);

	/*
	 * Wait for incoming calls
	 */
	/*CONSTCOND*/
	while (1)
		(void) pause();

	syslog(LOG_ERR, gettext("Door server exited"));
	return (10);
}

/* ARGSUSED */
int
main(int argc, char **argv)
{
	MyName = argv[0];

	(void) setlocale(LC_ALL, "");
	(void) textdomain(TEXT_DOMAIN);

	/* _check_services() framework setup */
	(void) _create_daemon_lock(NFSMAPID, DAEMON_UID, DAEMON_GID);

	/*
	 * Open diag file in /var/run while we've got the perms
	 */
	open_diag_file();

	/*
	 * Initialize the daemon to basic + sys_nfs
	 */
#ifndef	DEBUG
	if (__init_daemon_priv(PU_RESETGROUPS|PU_CLEARLIMITSET,
	    DAEMON_UID, DAEMON_GID, PRIV_SYS_NFS, (char *)NULL) == -1) {
		(void) fprintf(stderr, gettext("%s PRIV_SYS_NFS privilege "
			"missing\n"), MyName);
		exit(1);
	}
#endif

	/*
	 * Take away a subset of basic, while this is not the absolute
	 * minimum, it is important that it is unique among other
	 * daemons to insure that we get a unique cred that will
	 * result in a unique open_owner.  If not, we run the risk
	 * of a diskless client deadlocking with a thread holding
	 * the open_owner seqid lock while upcalling the daemon.
	 * XXX This restriction will go away once we stop holding
	 * XXX open_owner lock across rfscalls!
	 */
	(void) priv_set(PRIV_OFF, PRIV_PERMITTED,
		PRIV_FILE_LINK_ANY, PRIV_PROC_SESSION,
		(char *)NULL);

#ifndef DEBUG
	daemonize();
	switch (_enter_daemon_lock(NFSMAPID)) {
		case 0:
			break;

		case -1:
			syslog(LOG_ERR, "error locking for %s: %s", NFSMAPID,
			    strerror(errno));
			exit(3);

		default:
			/* daemon was already running */
			exit(0);
	}
#endif
	openlog(MyName, LOG_PID | LOG_NDELAY, LOG_DAEMON);

	/* Initialize daemon subsystems */
	daemon_init();

	/* start services */
	return (start_svcs());
}