xref: /titanic_52/usr/src/cmd/dlmgmtd/dlmgmt_main.c (revision 16a0c3c7f1d0e9dd3cab8e12e029b4468597a433)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*
28  * The dlmgmtd daemon is started by the datalink-management SMF service.
29  * This daemon is used to manage <link name, linkid> mapping and the
30  * persistent datalink configuration.
31  *
32  * Today, the <link name, linkid> mapping and the persistent configuration
33  * of datalinks is kept in /etc/dladm/datalink.conf, and the daemon keeps
34  * a copy of the datalinks in the memory (see dlmgmt_id_avl and
35  * dlmgmt_name_avl). The active <link name, linkid> mapping is kept in
36  * /etc/svc/volatile/dladm cache file, so that the mapping can be recovered
37  * when dlmgmtd exits for some reason (e.g., when dlmgmtd is accidentally
38  * killed).
39  */
40 
41 #include <assert.h>
42 #include <errno.h>
43 #include <fcntl.h>
44 #include <priv.h>
45 #include <signal.h>
46 #include <stdlib.h>
47 #include <stdio.h>
48 #include <strings.h>
49 #include <syslog.h>
50 #include <zone.h>
51 #include <sys/dld.h>
52 #include <sys/dld_ioc.h>
53 #include <sys/param.h>
54 #include <sys/stat.h>
55 #include <unistd.h>
56 #include <libdladm_impl.h>
57 #include <libdlmgmt.h>
58 #include "dlmgmt_impl.h"
59 
60 const char		*progname;
61 boolean_t		debug;
62 static int		pfds[2];
63 /*
64  * This file descriptor to DLMGMT_DOOR cannot be in the libdladm
65  * handle because the door isn't created when the handle is created.
66  */
67 static int		dlmgmt_door_fd = -1;
68 
69 /*
70  * This libdladm handle is global so that dlmgmt_upcall_linkprop_init() can
71  * pass to libdladm.  The handle is opened with "ALL" privileges, before
72  * privileges are dropped in dlmgmt_drop_privileges().  It is not able to open
73  * DLMGMT_DOOR at that time as it hasn't been created yet.  This door in the
74  * handle is opened in the first call to dladm_door_fd().
75  */
76 dladm_handle_t		dld_handle = NULL;
77 
78 static void		dlmgmtd_exit(int);
79 static int		dlmgmt_init();
80 static void		dlmgmt_fini();
81 static int		dlmgmt_set_privileges();
82 
83 static int
84 dlmgmt_set_doorfd(boolean_t start)
85 {
86 	dld_ioc_door_t did;
87 	int err = 0;
88 
89 	assert(dld_handle != NULL);
90 
91 	did.did_start_door = start;
92 
93 	if (ioctl(dladm_dld_fd(dld_handle), DLDIOC_DOORSERVER, &did) == -1)
94 		err = errno;
95 
96 	return (err);
97 }
98 
99 static int
100 dlmgmt_door_init(void)
101 {
102 	int err = 0;
103 
104 	if ((dlmgmt_door_fd = door_create(dlmgmt_handler, NULL,
105 	    DOOR_REFUSE_DESC | DOOR_NO_CANCEL)) == -1) {
106 		err = errno;
107 		dlmgmt_log(LOG_ERR, "door_create() failed: %s",
108 		    strerror(err));
109 		return (err);
110 	}
111 	return (err);
112 }
113 
114 static void
115 dlmgmt_door_fini(void)
116 {
117 	if (dlmgmt_door_fd == -1)
118 		return;
119 
120 	if (door_revoke(dlmgmt_door_fd) == -1) {
121 		dlmgmt_log(LOG_WARNING, "door_revoke(%s) failed: %s",
122 		    DLMGMT_DOOR, strerror(errno));
123 	}
124 	(void) dlmgmt_set_doorfd(B_FALSE);
125 	dlmgmt_door_fd = -1;
126 }
127 
128 int
129 dlmgmt_door_attach(zoneid_t zoneid, char *rootdir)
130 {
131 	int	fd;
132 	int	err = 0;
133 	char	doorpath[MAXPATHLEN];
134 
135 	(void) snprintf(doorpath, sizeof (doorpath), "%s%s", rootdir,
136 	    DLMGMT_DOOR);
137 
138 	/*
139 	 * Create the door file for dlmgmtd.
140 	 */
141 	if ((fd = open(doorpath, O_CREAT|O_RDONLY, 0644)) == -1) {
142 		err = errno;
143 		dlmgmt_log(LOG_ERR, "open(%s) failed: %s", doorpath,
144 		    strerror(err));
145 		return (err);
146 	}
147 	(void) close(fd);
148 	if (chown(doorpath, UID_DLADM, GID_SYS) == -1)
149 		return (errno);
150 
151 	/*
152 	 * fdetach first in case a previous daemon instance exited
153 	 * ungracefully.
154 	 */
155 	(void) fdetach(doorpath);
156 	if (fattach(dlmgmt_door_fd, doorpath) != 0) {
157 		err = errno;
158 		dlmgmt_log(LOG_ERR, "fattach(%s) failed: %s", doorpath,
159 		    strerror(err));
160 	} else if (zoneid == GLOBAL_ZONEID) {
161 		if ((err = dlmgmt_set_doorfd(B_TRUE)) != 0) {
162 			dlmgmt_log(LOG_ERR, "cannot set kernel doorfd: %s",
163 			    strerror(err));
164 		}
165 	}
166 
167 	return (err);
168 }
169 
170 /*
171  * Create the /etc/svc/volatile/dladm/ directory if it doesn't exist, load the
172  * datalink.conf data for this zone, and create/attach the door rendezvous
173  * file.
174  */
175 int
176 dlmgmt_zone_init(zoneid_t zoneid)
177 {
178 	char	rootdir[MAXPATHLEN], tmpfsdir[MAXPATHLEN];
179 	int	err;
180 	struct stat statbuf;
181 
182 	if (zoneid == GLOBAL_ZONEID) {
183 		rootdir[0] = '\0';
184 	} else if (zone_getattr(zoneid, ZONE_ATTR_ROOT, rootdir,
185 	    sizeof (rootdir)) < 0) {
186 		return (errno);
187 	}
188 
189 	/*
190 	 * Create the DLMGMT_TMPFS_DIR directory.
191 	 */
192 	(void) snprintf(tmpfsdir, sizeof (tmpfsdir), "%s%s", rootdir,
193 	    DLMGMT_TMPFS_DIR);
194 	if (stat(tmpfsdir, &statbuf) < 0) {
195 		if (mkdir(tmpfsdir, (mode_t)0755) < 0)
196 			return (errno);
197 	} else if ((statbuf.st_mode & S_IFMT) != S_IFDIR) {
198 		return (ENOTDIR);
199 	}
200 
201 	if ((chmod(tmpfsdir, 0755) < 0) ||
202 	    (chown(tmpfsdir, UID_DLADM, GID_SYS) < 0)) {
203 		return (EPERM);
204 	}
205 
206 	if ((err = dlmgmt_db_init(zoneid)) != 0)
207 		return (err);
208 	return (dlmgmt_door_attach(zoneid, rootdir));
209 }
210 
211 /*
212  * Initialize each running zone.
213  */
214 static int
215 dlmgmt_allzones_init(void)
216 {
217 	int		err, i;
218 	zoneid_t	*zids = NULL;
219 	uint_t		nzids, nzids_saved;
220 
221 	if (zone_list(NULL, &nzids) != 0)
222 		return (errno);
223 again:
224 	nzids *= 2;
225 	if ((zids = malloc(nzids * sizeof (zoneid_t))) == NULL)
226 		return (errno);
227 	nzids_saved = nzids;
228 	if (zone_list(zids, &nzids) != 0) {
229 		free(zids);
230 		return (errno);
231 	}
232 	if (nzids > nzids_saved) {
233 		free(zids);
234 		goto again;
235 	}
236 
237 	for (i = 0; i < nzids; i++) {
238 		if ((err = dlmgmt_zone_init(zids[i])) != 0)
239 			break;
240 	}
241 	free(zids);
242 	return (err);
243 }
244 
245 static int
246 dlmgmt_init(void)
247 {
248 	int	err;
249 	char	*fmri, *c;
250 	char	filename[MAXPATHLEN];
251 
252 	if (dladm_open(&dld_handle) != DLADM_STATUS_OK) {
253 		dlmgmt_log(LOG_ERR, "dladm_open() failed");
254 		return (EPERM);
255 	}
256 
257 	if (signal(SIGTERM, dlmgmtd_exit) == SIG_ERR ||
258 	    signal(SIGINT, dlmgmtd_exit) == SIG_ERR) {
259 		err = errno;
260 		dlmgmt_log(LOG_ERR, "signal() for SIGTERM/INT failed: %s",
261 		    strerror(err));
262 		return (err);
263 	}
264 
265 	/*
266 	 * First derive the name of the cache file from the FMRI name. This
267 	 * cache name is used to keep active datalink configuration.
268 	 */
269 	if (debug) {
270 		(void) snprintf(cachefile, MAXPATHLEN, "%s/%s%s",
271 		    DLMGMT_TMPFS_DIR, progname, ".debug.cache");
272 	} else {
273 		if ((fmri = getenv("SMF_FMRI")) == NULL) {
274 			dlmgmt_log(LOG_ERR, "dlmgmtd is an smf(5) managed "
275 			    "service and should not be run from the command "
276 			    "line.");
277 			return (EINVAL);
278 		}
279 
280 		/*
281 		 * The FMRI name is in the form of
282 		 * svc:/service/service:instance.  We need to remove the
283 		 * prefix "svc:/" and replace '/' with '-'.  The cache file
284 		 * name is in the form of "service:instance.cache".
285 		 */
286 		if ((c = strchr(fmri, '/')) != NULL)
287 			c++;
288 		else
289 			c = fmri;
290 		(void) snprintf(filename, MAXPATHLEN, "%s.cache", c);
291 		c = filename;
292 		while ((c = strchr(c, '/')) != NULL)
293 			*c = '-';
294 
295 		(void) snprintf(cachefile, MAXPATHLEN, "%s/%s",
296 		    DLMGMT_TMPFS_DIR, filename);
297 	}
298 
299 	dlmgmt_linktable_init();
300 	if ((err = dlmgmt_door_init()) != 0)
301 		goto done;
302 
303 	/*
304 	 * Load datalink configuration and create dlmgmtd door files for all
305 	 * currently running zones.
306 	 */
307 	if ((err = dlmgmt_allzones_init()) != 0)
308 		dlmgmt_door_fini();
309 
310 done:
311 	if (err != 0)
312 		dlmgmt_linktable_fini();
313 	return (err);
314 }
315 
316 static void
317 dlmgmt_fini(void)
318 {
319 	dlmgmt_door_fini();
320 	dlmgmt_linktable_fini();
321 	if (dld_handle != NULL) {
322 		dladm_close(dld_handle);
323 		dld_handle = NULL;
324 	}
325 }
326 
327 /*
328  * This is called by the child process to inform the parent process to
329  * exit with the given return value.
330  */
331 static void
332 dlmgmt_inform_parent_exit(int rv)
333 {
334 	if (debug)
335 		return;
336 
337 	if (write(pfds[1], &rv, sizeof (int)) != sizeof (int)) {
338 		dlmgmt_log(LOG_WARNING,
339 		    "dlmgmt_inform_parent_exit() failed: %s", strerror(errno));
340 		(void) close(pfds[1]);
341 		exit(EXIT_FAILURE);
342 	}
343 	(void) close(pfds[1]);
344 }
345 
346 /*ARGSUSED*/
347 static void
348 dlmgmtd_exit(int signo)
349 {
350 	(void) close(pfds[1]);
351 	dlmgmt_fini();
352 	exit(EXIT_FAILURE);
353 }
354 
355 static void
356 usage(void)
357 {
358 	(void) fprintf(stderr, "Usage: %s [-d]\n", progname);
359 	exit(EXIT_FAILURE);
360 }
361 
362 /*
363  * Restrict privileges to only those needed.
364  */
365 int
366 dlmgmt_drop_privileges(void)
367 {
368 	priv_set_t	*pset;
369 	priv_ptype_t	ptype;
370 	zoneid_t	zoneid = getzoneid();
371 	int		err = 0;
372 
373 	if ((pset = priv_allocset()) == NULL)
374 		return (errno);
375 
376 	/*
377 	 * The global zone needs PRIV_PROC_FORK so that it can fork() when it
378 	 * issues db ops in non-global zones, PRIV_SYS_CONFIG to post
379 	 * sysevents, and PRIV_SYS_DL_CONFIG to initialize link properties in
380 	 * dlmgmt_upcall_linkprop_init().
381 	 *
382 	 * We remove all privileges from the permitted (and thus effective)
383 	 * set in the non-global zone.  When executing in a non-global zone,
384 	 * dlmgmtd only needs to read and write to files that it already owns.
385 	 */
386 	priv_emptyset(pset);
387 	if (zoneid == GLOBAL_ZONEID) {
388 		ptype = PRIV_EFFECTIVE;
389 		if (priv_addset(pset, PRIV_PROC_FORK) == -1 ||
390 		    priv_addset(pset, PRIV_SYS_CONFIG) == -1 ||
391 		    priv_addset(pset, PRIV_SYS_DL_CONFIG) == -1)
392 			err = errno;
393 	} else {
394 		ptype = PRIV_PERMITTED;
395 	}
396 	if (err == 0 && setppriv(PRIV_SET, ptype, pset) == -1)
397 		err = errno;
398 done:
399 	priv_freeset(pset);
400 	return (err);
401 }
402 
403 int
404 dlmgmt_elevate_privileges(void)
405 {
406 	priv_set_t	*privset;
407 	int		err = 0;
408 
409 	if ((privset = priv_str_to_set("zone", ",", NULL)) == NULL)
410 		return (errno);
411 	if (setppriv(PRIV_SET, PRIV_EFFECTIVE, privset) == -1)
412 		err = errno;
413 	priv_freeset(privset);
414 	return (err);
415 }
416 
417 /*
418  * Set the uid of this daemon to the "dladm" user and drop privileges to only
419  * those needed.
420  */
421 static int
422 dlmgmt_set_privileges(void)
423 {
424 	int err;
425 
426 	(void) setgroups(0, NULL);
427 	if (setegid(GID_SYS) == -1 || seteuid(UID_DLADM) == -1)
428 		err = errno;
429 	else
430 		err = dlmgmt_drop_privileges();
431 done:
432 	return (err);
433 }
434 
435 /*
436  * Keep the pfds fd open, close other fds.
437  */
438 /*ARGSUSED*/
439 static int
440 closefunc(void *arg, int fd)
441 {
442 	if (fd != pfds[1])
443 		(void) close(fd);
444 	return (0);
445 }
446 
447 static boolean_t
448 dlmgmt_daemonize(void)
449 {
450 	pid_t pid;
451 	int rv;
452 
453 	if (pipe(pfds) < 0) {
454 		(void) fprintf(stderr, "%s: pipe() failed: %s\n",
455 		    progname, strerror(errno));
456 		exit(EXIT_FAILURE);
457 	}
458 
459 	if ((pid = fork()) == -1) {
460 		(void) fprintf(stderr, "%s: fork() failed: %s\n",
461 		    progname, strerror(errno));
462 		exit(EXIT_FAILURE);
463 	} else if (pid > 0) { /* Parent */
464 		(void) close(pfds[1]);
465 
466 		/*
467 		 * Read the child process's return value from the pfds.
468 		 * If the child process exits unexpected, read() returns -1.
469 		 */
470 		if (read(pfds[0], &rv, sizeof (int)) != sizeof (int)) {
471 			(void) kill(pid, SIGKILL);
472 			rv = EXIT_FAILURE;
473 		}
474 
475 		(void) close(pfds[0]);
476 		exit(rv);
477 	}
478 
479 	/* Child */
480 	(void) close(pfds[0]);
481 	(void) setsid();
482 
483 	/*
484 	 * Close all files except pfds[1].
485 	 */
486 	(void) fdwalk(closefunc, NULL);
487 	(void) chdir("/");
488 	openlog(progname, LOG_PID, LOG_DAEMON);
489 	return (B_TRUE);
490 }
491 
492 int
493 main(int argc, char *argv[])
494 {
495 	int opt, err;
496 
497 	progname = strrchr(argv[0], '/');
498 	if (progname != NULL)
499 		progname++;
500 	else
501 		progname = argv[0];
502 
503 	/*
504 	 * Process options.
505 	 */
506 	while ((opt = getopt(argc, argv, "d")) != EOF) {
507 		switch (opt) {
508 		case 'd':
509 			debug = B_TRUE;
510 			break;
511 		default:
512 			usage();
513 		}
514 	}
515 
516 	if (!debug && !dlmgmt_daemonize())
517 		return (EXIT_FAILURE);
518 
519 	if ((err = dlmgmt_init()) != 0) {
520 		dlmgmt_log(LOG_ERR, "unable to initialize daemon: %s",
521 		    strerror(err));
522 		goto child_out;
523 	} else if ((err = dlmgmt_set_privileges()) != 0) {
524 		dlmgmt_log(LOG_ERR, "unable to set daemon privileges: %s",
525 		    strerror(err));
526 		dlmgmt_fini();
527 		goto child_out;
528 	}
529 
530 	/*
531 	 * Inform the parent process that it can successfully exit.
532 	 */
533 	dlmgmt_inform_parent_exit(EXIT_SUCCESS);
534 
535 	for (;;)
536 		(void) pause();
537 
538 child_out:
539 	/* return from main() forcibly exits an MT process */
540 	dlmgmt_inform_parent_exit(EXIT_FAILURE);
541 	return (EXIT_FAILURE);
542 }
543