xref: /titanic_50/usr/src/cmd/fs.d/nfs/statd/sm_svc.c (revision e1d3217b9afde782c4d3e946fda0e6ef36a61306)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 1989, 2010, Oracle and/or its affiliates. All rights reserved.
23  * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
24  */
25 
26 /*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
27 /*	  All Rights Reserved  	*/
28 
29 /*
30  * University Copyright- Copyright (c) 1982, 1986, 1988
31  * The Regents of the University of California
32  * All Rights Reserved
33  *
34  * University Acknowledgment- Portions of this document are derived from
35  * software developed by the University of California, Berkeley, and its
36  * contributors.
37  */
38 
39 /*
40  * Copyright (c) 2012 by Delphix. All rights reserved.
41  */
42 
43 #include <stdio.h>
44 #include <stdio_ext.h>
45 #include <stdlib.h>
46 #include <ftw.h>
47 #include <signal.h>
48 #include <string.h>
49 #include <syslog.h>
50 #include <netconfig.h>
51 #include <unistd.h>
52 #include <netdb.h>
53 #include <rpc/rpc.h>
54 #include <netinet/in.h>
55 #include <sys/param.h>
56 #include <sys/resource.h>
57 #include <sys/file.h>
58 #include <sys/types.h>
59 #include <sys/stat.h>
60 #include <sys/sockio.h>
61 #include <dirent.h>
62 #include <errno.h>
63 #include <rpcsvc/sm_inter.h>
64 #include <rpcsvc/nsm_addr.h>
65 #include <thread.h>
66 #include <synch.h>
67 #include <net/if.h>
68 #include <limits.h>
69 #include <rpcsvc/daemon_utils.h>
70 #include <priv_utils.h>
71 #include "sm_statd.h"
72 
73 
74 #define	home0		"/var/statmon"
75 #define	current0	"/var/statmon/sm"
76 #define	backup0		"/var/statmon/sm.bak"
77 #define	state0		"/var/statmon/state"
78 
79 #define	home1		"statmon"
80 #define	current1	"statmon/sm/"
81 #define	backup1		"statmon/sm.bak/"
82 #define	state1		"statmon/state"
83 
84 /*
85  * User and group IDs to run as.  These are hardwired, rather than looked
86  * up at runtime, because they are very unlikely to change and because they
87  * provide some protection against bogus changes to the passwd and group
88  * files.
89  */
90 uid_t	daemon_uid = DAEMON_UID;
91 gid_t	daemon_gid = DAEMON_GID;
92 
93 char STATE[MAXPATHLEN], CURRENT[MAXPATHLEN], BACKUP[MAXPATHLEN];
94 static char statd_home[MAXPATHLEN];
95 
96 int debug;
97 int regfiles_only = 0;		/* 1 => use symlinks in statmon, 0 => don't */
98 char hostname[MAXHOSTNAMELEN];
99 
100 /*
101  * These variables will be used to store all the
102  * alias names for the host, as well as the -a
103  * command line hostnames.
104  */
105 int host_name_count;
106 char **host_name; /* store -a opts */
107 int  addrix; /* # of -a entries */
108 
109 
110 /*
111  * The following 2 variables are meaningful
112  * only under a HA configuration.
113  * The path_name array is dynamically allocated in main() during
114  * command line argument processing for the -p options.
115  */
116 char **path_name = NULL;  /* store -p opts */
117 int  pathix = 0;  /* # of -p entries */
118 
119 /* Global variables.  Refer to sm_statd.h for description */
120 mutex_t crash_lock;
121 int die;
122 int in_crash;
123 cond_t crash_finish;
124 mutex_t sm_trylock;
125 rwlock_t thr_rwlock;
126 cond_t retrywait;
127 mutex_t name_addrlock;
128 
129 /* forward references */
130 static void set_statmon_owner(void);
131 static void copy_client_names(void);
132 static void one_statmon_owner(const char *);
133 static int nftw_owner(const char *, const struct stat *, int, struct FTW *);
134 
135 /*
136  * statd protocol
137  * 	commands:
138  * 		SM_STAT
139  * 			returns stat_fail to caller
140  * 		SM_MON
141  * 			adds an entry to the monitor_q and the record_q
142  *			This message is sent by the server lockd to the server
143  *			statd, to indicate that a new client is to be monitored.
144  *			It is also sent by the server lockd to the client statd
145  *			to indicate that a new server is to be monitored.
146  * 		SM_UNMON
147  * 			removes an entry from the monitor_q and the record_q
148  * 		SM_UNMON_ALL
149  * 			removes all entries from a particular host from the
150  * 			monitor_q and the record_q.  Our statd has this
151  * 			disabled.
152  * 		SM_SIMU_CRASH
153  * 			simulate a crash.  removes everything from the
154  * 			record_q and the recovery_q, then calls statd_init()
155  * 			to restart things.  This message is sent by the server
156  *			lockd to the server statd to have all clients notified
157  *			that they should reclaim locks.
158  * 		SM_NOTIFY
159  *			Sent by statd on server to statd on client during
160  *			crash recovery.  The client statd passes the info
161  *			to its lockd so it can attempt to reclaim the locks
162  *			held on the server.
163  *
164  * There are three main hash tables used to keep track of things.
165  * 	mon_table
166  * 		table that keeps track hosts statd must watch.  If one of
167  * 		these hosts crashes, then any locks held by that host must
168  * 		be released.
169  * 	record_table
170  * 		used to keep track of all the hostname files stored in
171  * 		the directory /var/statmon/sm.  These are client hosts who
172  *		are holding or have held a lock at some point.  Needed
173  *		to determine if a file needs to be created for host in
174  *		/var/statmon/sm.
175  *	recov_q
176  *		used to keep track hostnames during a recovery
177  *
178  * The entries are hashed based upon the name.
179  *
180  * There is a directory /var/statmon/sm which holds a file named
181  * for each host that is holding (or has held) a lock.  This is
182  * used during initialization on startup, or after a simulated
183  * crash.
184  */
185 
186 static void
187 sm_prog_1(rqstp, transp)
188 	struct svc_req *rqstp;
189 	SVCXPRT *transp;
190 {
191 	union {
192 		struct sm_name sm_stat_1_arg;
193 		struct mon sm_mon_1_arg;
194 		struct mon_id sm_unmon_1_arg;
195 		struct my_id sm_unmon_all_1_arg;
196 		struct stat_chge ntf_arg;
197 		struct reg1args reg1_arg;
198 	} argument;
199 
200 	union {
201 		sm_stat_res stat_resp;
202 		sm_stat	mon_resp;
203 		struct reg1res reg1_resp;
204 	} result;
205 
206 	bool_t (*xdr_argument)(), (*xdr_result)();
207 	char *(*local)();
208 
209 	/*
210 	 * Dispatch according to which protocol is being used:
211 	 *	NSM_ADDR_PROGRAM is the private lockd address
212 	 *		registration protocol.
213 	 *	SM_PROG is the normal statd (NSM) protocol.
214 	 */
215 	if (rqstp->rq_prog == NSM_ADDR_PROGRAM) {
216 		switch (rqstp->rq_proc) {
217 		case NULLPROC:
218 			svc_sendreply(transp, xdr_void, (caddr_t)NULL);
219 			return;
220 
221 		case NSMADDRPROC1_REG:
222 			xdr_argument = xdr_reg1args;
223 			xdr_result = xdr_reg1res;
224 			local = (char *(*)()) nsmaddrproc1_reg;
225 			break;
226 
227 		case NSMADDRPROC1_UNREG: /* Not impl. */
228 		default:
229 			svcerr_noproc(transp);
230 			return;
231 		}
232 	} else {
233 		/* Must be SM_PROG */
234 		switch (rqstp->rq_proc) {
235 		case NULLPROC:
236 			svc_sendreply(transp, xdr_void, (caddr_t)NULL);
237 			return;
238 
239 		case SM_STAT:
240 			xdr_argument = xdr_sm_name;
241 			xdr_result = xdr_sm_stat_res;
242 			local = (char *(*)()) sm_stat_svc;
243 			break;
244 
245 		case SM_MON:
246 			xdr_argument = xdr_mon;
247 			xdr_result = xdr_sm_stat_res;
248 			local = (char *(*)()) sm_mon_svc;
249 			break;
250 
251 		case SM_UNMON:
252 			xdr_argument = xdr_mon_id;
253 			xdr_result = xdr_sm_stat;
254 			local = (char *(*)()) sm_unmon_svc;
255 			break;
256 
257 		case SM_UNMON_ALL:
258 			xdr_argument = xdr_my_id;
259 			xdr_result = xdr_sm_stat;
260 			local = (char *(*)()) sm_unmon_all_svc;
261 			break;
262 
263 		case SM_SIMU_CRASH:
264 			xdr_argument = xdr_void;
265 			xdr_result = xdr_void;
266 			local = (char *(*)()) sm_simu_crash_svc;
267 			break;
268 
269 		case SM_NOTIFY:
270 			xdr_argument = xdr_stat_chge;
271 			xdr_result = xdr_void;
272 			local = (char *(*)()) sm_notify_svc;
273 			break;
274 
275 		default:
276 			svcerr_noproc(transp);
277 			return;
278 		}
279 	}
280 
281 	(void) memset(&argument, 0, sizeof (argument));
282 	if (!svc_getargs(transp, xdr_argument, (caddr_t)&argument)) {
283 		svcerr_decode(transp);
284 		return;
285 	}
286 
287 	(void) memset(&result, 0, sizeof (result));
288 	(*local)(&argument, &result);
289 	if (!svc_sendreply(transp, xdr_result, (caddr_t)&result)) {
290 		svcerr_systemerr(transp);
291 	}
292 
293 	if (!svc_freeargs(transp, xdr_argument, (caddr_t)&argument)) {
294 		syslog(LOG_ERR, "statd: unable to free arguments\n");
295 	}
296 }
297 
298 /*
299  * Remove all files under directory path_dir.
300  */
301 static int
302 remove_dir(path_dir)
303 char *path_dir;
304 {
305 	DIR	*dp;
306 	struct dirent   *dirp;
307 	char tmp_path[MAXPATHLEN];
308 
309 	if ((dp = opendir(path_dir)) == (DIR *)NULL) {
310 		if (debug)
311 		    syslog(LOG_ERR,
312 			"warning: open directory %s failed: %m\n", path_dir);
313 		return (1);
314 	}
315 
316 	while ((dirp = readdir(dp)) != NULL) {
317 		if (strcmp(dirp->d_name, ".") != 0 &&
318 			strcmp(dirp->d_name, "..") != 0) {
319 			if (strlen(path_dir) + strlen(dirp->d_name) +2 >
320 				MAXPATHLEN) {
321 
322 				syslog(LOG_ERR,
323 		"statd: remove dir %s/%s failed.  Pathname too long.\n",
324 				path_dir, dirp->d_name);
325 
326 				continue;
327 			}
328 			(void) strcpy(tmp_path, path_dir);
329 			(void) strcat(tmp_path, "/");
330 			(void) strcat(tmp_path, dirp->d_name);
331 			delete_file(tmp_path);
332 		}
333 	}
334 
335 	(void) closedir(dp);
336 	return (0);
337 }
338 
339 /*
340  * Copy all files from directory `from_dir' to directory `to_dir'.
341  * Symlinks, if any, are preserved.
342  */
343 void
344 copydir_from_to(from_dir, to_dir)
345 char *from_dir;
346 char *to_dir;
347 {
348 	int	n;
349 	DIR	*dp;
350 	struct dirent   *dirp;
351 	char rname[MAXNAMELEN + 1];
352 	char path[MAXPATHLEN+MAXNAMELEN+2];
353 
354 	if ((dp = opendir(from_dir)) == (DIR *)NULL) {
355 		if (debug)
356 		    syslog(LOG_ERR,
357 			"warning: open directory %s failed: %m\n", from_dir);
358 		return;
359 	}
360 
361 	while ((dirp = readdir(dp)) != NULL) {
362 		if (strcmp(dirp->d_name, ".") == 0 ||
363 			strcmp(dirp->d_name, "..") == 0) {
364 			continue;
365 		}
366 
367 		(void) strcpy(path, from_dir);
368 		(void) strcat(path, "/");
369 		(void) strcat(path, dirp->d_name);
370 
371 		if (is_symlink(path)) {
372 			/*
373 			 * Follow the link to get the referenced file name
374 			 * and make a new link for that file in to_dir.
375 			 */
376 			n = readlink(path, rname, MAXNAMELEN);
377 			if (n <= 0) {
378 				if (debug >= 2) {
379 				    (void) printf(
380 					"copydir_from_to: can't read link %s\n",
381 					path);
382 				}
383 				continue;
384 			}
385 			rname[n] = '\0';
386 
387 			(void) create_symlink(to_dir, rname, dirp->d_name);
388 		} else {
389 			/*
390 			 * Simply copy regular files to to_dir.
391 			 */
392 			(void) strcpy(path, to_dir);
393 			(void) strcat(path, "/");
394 			(void) strcat(path, dirp->d_name);
395 			(void) create_file(path);
396 		}
397 	}
398 
399 	(void) closedir(dp);
400 }
401 
402 static int
403 init_hostname(void)
404 {
405 	struct lifnum lifn;
406 	int sock;
407 
408 	if ((sock = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) {
409 		syslog(LOG_ERR, "statd:init_hostname, socket: %m");
410 		return (-1);
411 	}
412 
413 	lifn.lifn_family = AF_UNSPEC;
414 	lifn.lifn_flags = 0;
415 
416 	if (ioctl(sock, SIOCGLIFNUM, (char *)&lifn) < 0) {
417 		syslog(LOG_ERR,
418 		"statd:init_hostname, get number of interfaces, error: %m");
419 		close(sock);
420 		return (-1);
421 	}
422 
423 	host_name_count = lifn.lifn_count;
424 
425 	host_name = (char **)malloc(host_name_count * sizeof (char *));
426 	if (host_name == NULL) {
427 		perror("statd -a can't get ip configuration\n");
428 		close(sock);
429 		return (-1);
430 	}
431 	close(sock);
432 	return (0);
433 }
434 
435 int
436 main(int argc, char *argv[])
437 {
438 	int c;
439 	int ppid;
440 	extern char *optarg;
441 	int choice = 0;
442 	struct rlimit rl;
443 	int mode;
444 	int sz;
445 	int connmaxrec = RPC_MAXDATASIZE;
446 
447 	addrix = 0;
448 	pathix = 0;
449 
450 	(void) gethostname(hostname, MAXHOSTNAMELEN);
451 	if (init_hostname() < 0)
452 		exit(1);
453 
454 	while ((c = getopt(argc, argv, "Dd:a:G:p:rU:")) != EOF)
455 		switch (c) {
456 		case 'd':
457 			(void) sscanf(optarg, "%d", &debug);
458 			break;
459 		case 'D':
460 			choice = 1;
461 			break;
462 		case 'a':
463 			if (addrix < host_name_count) {
464 				if (strcmp(hostname, optarg) != 0) {
465 					sz = strlen(optarg);
466 					if (sz < MAXHOSTNAMELEN) {
467 						host_name[addrix] =
468 						    (char *)xmalloc(sz+1);
469 						if (host_name[addrix] !=
470 						    NULL) {
471 						(void) sscanf(optarg, "%s",
472 						    host_name[addrix]);
473 							addrix++;
474 						}
475 					} else
476 					(void) fprintf(stderr,
477 				    "statd: -a name of host is too long.\n");
478 				}
479 			} else
480 				(void) fprintf(stderr,
481 				    "statd: -a exceeding maximum hostnames\n");
482 			break;
483 		case 'U':
484 			(void) sscanf(optarg, "%d", &daemon_uid);
485 			break;
486 		case 'G':
487 			(void) sscanf(optarg, "%d", &daemon_gid);
488 			break;
489 		case 'p':
490 			if (strlen(optarg) < MAXPATHLEN) {
491 				/* If the path_name array has not yet	   */
492 				/* been malloc'ed, do that.  The array	   */
493 				/* should be big enough to hold all of the */
494 				/* -p options we might have.  An upper	   */
495 				/* bound on the number of -p options is	   */
496 				/* argc/2, because each -p option consumes */
497 				/* two arguments.  Here the upper bound	   */
498 				/* is supposing that all the command line  */
499 				/* arguments are -p options, which would   */
500 				/* actually never be the case.		   */
501 				if (path_name == NULL) {
502 					size_t sz = (argc/2) * sizeof (char *);
503 
504 					path_name = (char **)malloc(sz);
505 					if (path_name == NULL) {
506 						(void) fprintf(stderr,
507 						"statd: malloc failed\n");
508 						exit(1);
509 					}
510 					(void) memset(path_name, 0, sz);
511 				}
512 				path_name[pathix] = optarg;
513 				pathix++;
514 			} else {
515 				(void) fprintf(stderr,
516 				"statd: -p pathname is too long.\n");
517 			}
518 			break;
519 		case 'r':
520 			regfiles_only = 1;
521 			break;
522 		default:
523 			(void) fprintf(stderr,
524 			"statd [-d level] [-D]\n");
525 			return (1);
526 		}
527 
528 	if (choice == 0) {
529 		(void) strcpy(statd_home, home0);
530 		(void) strcpy(CURRENT, current0);
531 		(void) strcpy(BACKUP, backup0);
532 		(void) strcpy(STATE, state0);
533 	} else {
534 		(void) strcpy(statd_home, home1);
535 		(void) strcpy(CURRENT, current1);
536 		(void) strcpy(BACKUP, backup1);
537 		(void) strcpy(STATE, state1);
538 	}
539 	if (debug)
540 		(void) printf("debug is on, create entry: %s, %s, %s\n",
541 		    CURRENT, BACKUP, STATE);
542 
543 	if (getrlimit(RLIMIT_NOFILE, &rl))
544 		(void) printf("statd: getrlimit failed. \n");
545 
546 	/* Set maxfdlimit current soft limit */
547 	rl.rlim_cur = rl.rlim_max;
548 	if (setrlimit(RLIMIT_NOFILE, &rl) != 0)
549 		syslog(LOG_ERR, "statd: unable to set RLIMIT_NOFILE to %d\n",
550 		    rl.rlim_cur);
551 
552 	(void) enable_extended_FILE_stdio(-1, -1);
553 
554 	if (!debug) {
555 		ppid = fork();
556 		if (ppid == -1) {
557 			(void) fprintf(stderr, "statd: fork failure\n");
558 			(void) fflush(stderr);
559 			abort();
560 		}
561 		if (ppid != 0) {
562 			exit(0);
563 		}
564 		closefrom(0);
565 		(void) open("/dev/null", O_RDONLY);
566 		(void) open("/dev/null", O_WRONLY);
567 		(void) dup(1);
568 		(void) setsid();
569 		openlog("statd", LOG_PID, LOG_DAEMON);
570 	}
571 
572 	(void) _create_daemon_lock(STATD, daemon_uid, daemon_gid);
573 	/*
574 	 * establish our lock on the lock file and write our pid to it.
575 	 * exit if some other process holds the lock, or if there's any
576 	 * error in writing/locking the file.
577 	 */
578 	ppid = _enter_daemon_lock(STATD);
579 	switch (ppid) {
580 	case 0:
581 		break;
582 	case -1:
583 		syslog(LOG_ERR, "error locking for %s: %s", STATD,
584 		    strerror(errno));
585 		exit(2);
586 	default:
587 		/* daemon was already running */
588 		exit(0);
589 	}
590 
591 	/* Get other aliases from each interface. */
592 	merge_hosts();
593 
594 	/* Get all of the configured IP addresses. */
595 	merge_ips();
596 
597 	/*
598 	 * Set to automatic mode such that threads are automatically
599 	 * created
600 	 */
601 	mode = RPC_SVC_MT_AUTO;
602 	if (!rpc_control(RPC_SVC_MTMODE_SET, &mode)) {
603 		syslog(LOG_ERR,
604 		    "statd:unable to set automatic MT mode.");
605 		exit(1);
606 	}
607 
608 	/*
609 	 * Set non-blocking mode and maximum record size for
610 	 * connection oriented RPC transports.
611 	 */
612 	if (!rpc_control(RPC_SVC_CONNMAXREC_SET, &connmaxrec)) {
613 		syslog(LOG_INFO, "unable to set maximum RPC record size");
614 	}
615 
616 	if (!svc_create(sm_prog_1, SM_PROG, SM_VERS, "netpath")) {
617 		syslog(LOG_ERR,
618 	    "statd: unable to create (SM_PROG, SM_VERS) for netpath.");
619 		exit(1);
620 	}
621 
622 	if (!svc_create(sm_prog_1, NSM_ADDR_PROGRAM, NSM_ADDR_V1, "netpath")) {
623 		syslog(LOG_ERR,
624 	"statd: unable to create (NSM_ADDR_PROGRAM, NSM_ADDR_V1) for netpath.");
625 	}
626 
627 	/*
628 	 * Make sure /var/statmon and any alternate (-p) statmon
629 	 * directories exist and are owned by daemon.  Then change our uid
630 	 * to daemon.  The uid change is to prevent attacks against local
631 	 * daemons that trust any call from a local root process.
632 	 */
633 
634 	set_statmon_owner();
635 
636 	/*
637 	 *
638 	 * statd now runs as a daemon rather than root and can not
639 	 * dump core under / because of the permission. It is
640 	 * important that current working directory of statd be
641 	 * changed to writable directory /var/statmon so that it
642 	 * can dump the core upon the receipt of the signal.
643 	 * One still need to set allow_setid_core to non-zero in
644 	 * /etc/system to get the core dump.
645 	 *
646 	 */
647 
648 	if (chdir(statd_home) < 0) {
649 		syslog(LOG_ERR, "can't chdir %s: %m", statd_home);
650 		exit(1);
651 	}
652 
653 	copy_client_names();
654 
655 	rwlock_init(&thr_rwlock, USYNC_THREAD, NULL);
656 	mutex_init(&crash_lock, USYNC_THREAD, NULL);
657 	mutex_init(&name_addrlock, USYNC_THREAD, NULL);
658 	cond_init(&crash_finish, USYNC_THREAD, NULL);
659 	cond_init(&retrywait, USYNC_THREAD, NULL);
660 	sm_inithash();
661 	die = 0;
662 	/*
663 	 * This variable is set to ensure that an sm_crash
664 	 * request will not be done at the same time
665 	 * when a statd_init is being done, since sm_crash
666 	 * can reset some variables that statd_init will be using.
667 	 */
668 	in_crash = 1;
669 	statd_init();
670 
671 	if (debug)
672 		(void) printf("Starting svc_run\n");
673 	svc_run();
674 	syslog(LOG_ERR, "statd: svc_run returned\n");
675 	/* NOTREACHED */
676 	thr_exit((void *) 1);
677 	return (0);
678 
679 }
680 
681 /*
682  * Make sure the ownership of the statmon directories is correct, then
683  * change our uid to match.  If the top-level directories (/var/statmon, -p
684  * arguments) don't exist, they are created first.  The sm and sm.bak
685  * directories are not created here, but if they already exist, they are
686  * chowned to the correct uid, along with anything else in the
687  * directories.
688  */
689 
690 static void
691 set_statmon_owner(void)
692 {
693 	int i;
694 	boolean_t can_do_mlp;
695 
696 	/*
697 	 * Recursively chown/chgrp /var/statmon and the alternate paths,
698 	 * creating them if necessary.
699 	 */
700 	one_statmon_owner(statd_home);
701 	for (i = 0; i < pathix; i++) {
702 		char alt_path[MAXPATHLEN];
703 
704 		snprintf(alt_path, MAXPATHLEN, "%s/statmon", path_name[i]);
705 		one_statmon_owner(alt_path);
706 	}
707 
708 	can_do_mlp = priv_ineffect(PRIV_NET_BINDMLP);
709 	if (__init_daemon_priv(PU_RESETGROUPS|PU_CLEARLIMITSET,
710 	    daemon_uid, daemon_gid, can_do_mlp ? PRIV_NET_BINDMLP : NULL,
711 	    NULL) == -1) {
712 		syslog(LOG_ERR, "can't run unprivileged: %m");
713 		exit(1);
714 	}
715 
716 	__fini_daemon_priv(PRIV_PROC_EXEC, PRIV_PROC_SESSION,
717 	    PRIV_FILE_LINK_ANY, PRIV_PROC_INFO, (char *)NULL);
718 }
719 
720 /*
721  * Copy client names from the alternate statmon directories into
722  * /var/statmon.  The top-level (statmon) directories should already
723  * exist, though the sm and sm.bak directories might not.
724  */
725 
726 static void
727 copy_client_names()
728 {
729 	int i;
730 	char buf[MAXPATHLEN+SM_MAXPATHLEN];
731 
732 	/*
733 	 * Copy all clients from alternate paths to /var/statmon/sm
734 	 * Remove the files in alternate directory when copying is done.
735 	 */
736 	for (i = 0; i < pathix; i++) {
737 		/*
738 		 * If the alternate directories do not exist, create it.
739 		 * If they do exist, just do the copy.
740 		 */
741 		snprintf(buf, sizeof (buf), "%s/statmon/sm", path_name[i]);
742 		if ((mkdir(buf, SM_DIRECTORY_MODE)) == -1) {
743 			if (errno != EEXIST) {
744 				syslog(LOG_ERR,
745 				    "can't mkdir %s: %m\n", buf);
746 				continue;
747 			}
748 			copydir_from_to(buf, CURRENT);
749 			(void) remove_dir(buf);
750 		}
751 
752 		(void) snprintf(buf, sizeof (buf), "%s/statmon/sm.bak",
753 		    path_name[i]);
754 		if ((mkdir(buf, SM_DIRECTORY_MODE)) == -1) {
755 			if (errno != EEXIST) {
756 				syslog(LOG_ERR,
757 				    "can't mkdir %s: %m\n", buf);
758 				continue;
759 			}
760 			copydir_from_to(buf, BACKUP);
761 			(void) remove_dir(buf);
762 		}
763 	}
764 }
765 
766 /*
767  * Create the given directory if it doesn't already exist.  Set the user
768  * and group to daemon for the directory and anything under it.
769  */
770 
771 static void
772 one_statmon_owner(const char *dir)
773 {
774 	if ((mkdir(dir, SM_DIRECTORY_MODE)) == -1) {
775 		if (errno != EEXIST) {
776 			syslog(LOG_ERR, "can't mkdir %s: %m",
777 			    dir);
778 			return;
779 		}
780 	}
781 
782 	if (debug)
783 		printf("Setting owner for %s\n", dir);
784 
785 	if (nftw(dir, nftw_owner, MAX_FDS, FTW_PHYS) != 0) {
786 		syslog(LOG_WARNING, "error setting owner for %s: %m",
787 		    dir);
788 	}
789 }
790 
791 /*
792  * Set the user and group to daemon for the given file or directory.  If
793  * it's a directory, also makes sure that it is mode 755.
794  * Generates a syslog message but does not return an error if there were
795  * problems.
796  */
797 
798 /*ARGSUSED3*/
799 static int
800 nftw_owner(const char *path, const struct stat *statp, int info,
801 	struct FTW *ftw)
802 {
803 	if (!(info == FTW_F || info == FTW_D))
804 		return (0);
805 
806 	/*
807 	 * Some older systems might have mode 777 directories.  Fix that.
808 	 */
809 
810 	if (info == FTW_D && (statp->st_mode & (S_IWGRP | S_IWOTH)) != 0) {
811 		mode_t newmode = (statp->st_mode & ~(S_IWGRP | S_IWOTH)) &
812 		    S_IAMB;
813 
814 		if (debug)
815 			printf("chmod %03o %s\n", newmode, path);
816 		if (chmod(path, newmode) < 0) {
817 			int error = errno;
818 
819 			syslog(LOG_WARNING, "can't chmod %s to %03o: %m",
820 			    path, newmode);
821 			if (debug)
822 				printf("  FAILED: %s\n", strerror(error));
823 		}
824 	}
825 
826 	/* If already owned by daemon, don't bother changing. */
827 	if (statp->st_uid == daemon_uid &&
828 	    statp->st_gid == daemon_gid)
829 		return (0);
830 
831 	if (debug)
832 		printf("lchown %s daemon:daemon\n", path);
833 	if (lchown(path, daemon_uid, daemon_gid) < 0) {
834 		int error = errno;
835 
836 		syslog(LOG_WARNING, "can't chown %s to daemon: %m",
837 		    path);
838 		if (debug)
839 			printf("  FAILED: %s\n", strerror(error));
840 	}
841 
842 	return (0);
843 }
844