17c478bd9Sstevel@tonic-gate /* 2*814a60b1Sgtb * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 3*814a60b1Sgtb * Use is subject to license terms. 4*814a60b1Sgtb */ 5*814a60b1Sgtb 6*814a60b1Sgtb /* 77c478bd9Sstevel@tonic-gate * Usermode daemon which is responsible for sending kerberos credentials 87c478bd9Sstevel@tonic-gate * expiration warnings to the user, syslog or snmp (eventually), depending 97c478bd9Sstevel@tonic-gate * on how it is configured through /etc/krb5/warn.conf. 107c478bd9Sstevel@tonic-gate * the code in this file was borrowed from gssd.c 117c478bd9Sstevel@tonic-gate */ 127c478bd9Sstevel@tonic-gate 137c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 147c478bd9Sstevel@tonic-gate 157c478bd9Sstevel@tonic-gate #include <stdio.h> 167c478bd9Sstevel@tonic-gate #include <rpc/rpc.h> 177c478bd9Sstevel@tonic-gate #include <sys/syslog.h> 187c478bd9Sstevel@tonic-gate #include <sys/termios.h> 197c478bd9Sstevel@tonic-gate #include <unistd.h> 207c478bd9Sstevel@tonic-gate #include <sys/resource.h> 217c478bd9Sstevel@tonic-gate #include <sys/utsname.h> 227c478bd9Sstevel@tonic-gate #include <sys/systeminfo.h> 237c478bd9Sstevel@tonic-gate #include <stdlib.h> 247c478bd9Sstevel@tonic-gate #include <stropts.h> 257c478bd9Sstevel@tonic-gate #include <fcntl.h> 267c478bd9Sstevel@tonic-gate #include <strings.h> 277c478bd9Sstevel@tonic-gate #include <syslog.h> 287c478bd9Sstevel@tonic-gate #include <thread.h> 297c478bd9Sstevel@tonic-gate #include "kwarnd.h" 307c478bd9Sstevel@tonic-gate 317c478bd9Sstevel@tonic-gate #define MAXTHREADS 64 327c478bd9Sstevel@tonic-gate 337c478bd9Sstevel@tonic-gate int kwarnd_debug = 0; /* enable debugging printfs */ 347c478bd9Sstevel@tonic-gate 357c478bd9Sstevel@tonic-gate extern void kwarnprog_1(struct svc_req *, register SVCXPRT *); 367c478bd9Sstevel@tonic-gate static void usage(void); 377c478bd9Sstevel@tonic-gate static void detachfromtty(void); 387c478bd9Sstevel@tonic-gate extern int svc_create_local_service(void (*) (), 397c478bd9Sstevel@tonic-gate u_long, u_long, char *, char *); 407c478bd9Sstevel@tonic-gate extern void kwarnd_check_warning_list(void); 417c478bd9Sstevel@tonic-gate extern bool_t loadConfigFile(void); 427c478bd9Sstevel@tonic-gate 437c478bd9Sstevel@tonic-gate /* following declarations needed in rpcgen-generated code */ 447c478bd9Sstevel@tonic-gate int _rpcpmstart = 0; /* Started by a port monitor ? */ 457c478bd9Sstevel@tonic-gate int _rpcfdtype; /* Whether Stream or Datagram ? */ 467c478bd9Sstevel@tonic-gate int _rpcsvcdirty; /* Still serving ? */ 477c478bd9Sstevel@tonic-gate 487c478bd9Sstevel@tonic-gate int 497c478bd9Sstevel@tonic-gate main(argc, argv) 507c478bd9Sstevel@tonic-gate int argc; 517c478bd9Sstevel@tonic-gate char **argv; 527c478bd9Sstevel@tonic-gate { 537c478bd9Sstevel@tonic-gate register SVCXPRT *transp; 547c478bd9Sstevel@tonic-gate extern int optind; 557c478bd9Sstevel@tonic-gate int c; 567c478bd9Sstevel@tonic-gate char mname[FMNAMESZ + 1]; 577c478bd9Sstevel@tonic-gate int rpc_svc_mode = RPC_SVC_MT_AUTO; 587c478bd9Sstevel@tonic-gate extern int _getuid(); 597c478bd9Sstevel@tonic-gate 607c478bd9Sstevel@tonic-gate 617c478bd9Sstevel@tonic-gate /* set locale and domain for internationalization */ 627c478bd9Sstevel@tonic-gate setlocale(LC_ALL, ""); 637c478bd9Sstevel@tonic-gate 647c478bd9Sstevel@tonic-gate #if !defined(TEXT_DOMAIN) 657c478bd9Sstevel@tonic-gate #define TEXT_DOMAIN "SYS_TEST" 667c478bd9Sstevel@tonic-gate #endif 677c478bd9Sstevel@tonic-gate 687c478bd9Sstevel@tonic-gate textdomain(TEXT_DOMAIN); 697c478bd9Sstevel@tonic-gate 707c478bd9Sstevel@tonic-gate /* 717c478bd9Sstevel@tonic-gate * take special note that "_getuid()" is called here. This is necessary 727c478bd9Sstevel@tonic-gate * since we must fake out the mechanism libraries calls to getuid() 737c478bd9Sstevel@tonic-gate * with a special routine that is provided as part of kwarnd. However, 747c478bd9Sstevel@tonic-gate * the call below MUST call the real getuid() to ensure it is running 757c478bd9Sstevel@tonic-gate * as root. 767c478bd9Sstevel@tonic-gate */ 777c478bd9Sstevel@tonic-gate 787c478bd9Sstevel@tonic-gate #ifdef DEBUG 797c478bd9Sstevel@tonic-gate (void) setuid(0); /* DEBUG: set ruid to root */ 80*814a60b1Sgtb #endif /* DEBUG */ 817c478bd9Sstevel@tonic-gate if (_getuid()) { 827c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 837c478bd9Sstevel@tonic-gate gettext("[%s] must be run as root\n"), argv[0]); 847c478bd9Sstevel@tonic-gate #ifdef DEBUG 857c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext(" warning only\n")); 86*814a60b1Sgtb #else /* !DEBUG */ 877c478bd9Sstevel@tonic-gate exit(1); 88*814a60b1Sgtb #endif /* DEBUG */ 897c478bd9Sstevel@tonic-gate } 907c478bd9Sstevel@tonic-gate 917c478bd9Sstevel@tonic-gate while ((c = getopt(argc, argv, "d")) != -1) 927c478bd9Sstevel@tonic-gate switch (c) { 937c478bd9Sstevel@tonic-gate case 'd': 947c478bd9Sstevel@tonic-gate /* turn on debugging */ 957c478bd9Sstevel@tonic-gate kwarnd_debug = 1; 967c478bd9Sstevel@tonic-gate break; 977c478bd9Sstevel@tonic-gate default: 987c478bd9Sstevel@tonic-gate usage(); 997c478bd9Sstevel@tonic-gate } 1007c478bd9Sstevel@tonic-gate 1017c478bd9Sstevel@tonic-gate if (optind != argc) { 1027c478bd9Sstevel@tonic-gate usage(); 1037c478bd9Sstevel@tonic-gate } 1047c478bd9Sstevel@tonic-gate 1057c478bd9Sstevel@tonic-gate /* 1067c478bd9Sstevel@tonic-gate * Started by inetd if name of module just below stream 1077c478bd9Sstevel@tonic-gate * head is either a sockmod or timod. 1087c478bd9Sstevel@tonic-gate */ 1097c478bd9Sstevel@tonic-gate if (!ioctl(0, I_LOOK, mname) && 1107c478bd9Sstevel@tonic-gate ((strcmp(mname, "sockmod") == 0) || 1117c478bd9Sstevel@tonic-gate (strcmp(mname, "timod") == 0))) { 1127c478bd9Sstevel@tonic-gate 1137c478bd9Sstevel@tonic-gate char *netid; 1147c478bd9Sstevel@tonic-gate struct netconfig *nconf; 1157c478bd9Sstevel@tonic-gate 1167c478bd9Sstevel@tonic-gate openlog("kwarnd", LOG_PID, LOG_DAEMON); 1177c478bd9Sstevel@tonic-gate 1187c478bd9Sstevel@tonic-gate if ((netid = getenv("NLSPROVIDER")) == NULL) { 1197c478bd9Sstevel@tonic-gate netid = "ticotsord"; 1207c478bd9Sstevel@tonic-gate } 1217c478bd9Sstevel@tonic-gate 1227c478bd9Sstevel@tonic-gate if ((nconf = getnetconfigent(netid)) == NULL) { 1237c478bd9Sstevel@tonic-gate syslog(LOG_ERR, gettext("cannot get transport info")); 1247c478bd9Sstevel@tonic-gate exit(1); 1257c478bd9Sstevel@tonic-gate } 1267c478bd9Sstevel@tonic-gate 1277c478bd9Sstevel@tonic-gate if (strcmp(mname, "sockmod") == 0) { 1287c478bd9Sstevel@tonic-gate if (ioctl(0, I_POP, 0) || ioctl(0, I_PUSH, "timod")) { 1297c478bd9Sstevel@tonic-gate syslog(LOG_ERR, 1307c478bd9Sstevel@tonic-gate gettext("could not get the " 1317c478bd9Sstevel@tonic-gate "right module")); 1327c478bd9Sstevel@tonic-gate exit(1); 1337c478bd9Sstevel@tonic-gate } 1347c478bd9Sstevel@tonic-gate } 1357c478bd9Sstevel@tonic-gate 1367c478bd9Sstevel@tonic-gate /* XXX - is nconf even needed here? */ 1377c478bd9Sstevel@tonic-gate if ((transp = svc_tli_create(0, nconf, NULL, 0, 0)) == NULL) { 1387c478bd9Sstevel@tonic-gate syslog(LOG_ERR, gettext("cannot create server handle")); 1397c478bd9Sstevel@tonic-gate exit(1); 1407c478bd9Sstevel@tonic-gate } 1417c478bd9Sstevel@tonic-gate 1427c478bd9Sstevel@tonic-gate /* 1437c478bd9Sstevel@tonic-gate * We use a NULL nconf because KWARNPROG has already been 1447c478bd9Sstevel@tonic-gate * registered with rpcbind. 1457c478bd9Sstevel@tonic-gate */ 1467c478bd9Sstevel@tonic-gate if (!svc_reg(transp, KWARNPROG, KWARNVERS, kwarnprog_1, NULL)) { 1477c478bd9Sstevel@tonic-gate syslog(LOG_ERR, 1487c478bd9Sstevel@tonic-gate gettext("unable to register " 1497c478bd9Sstevel@tonic-gate "(KWARNPROG, KWARNVERS)")); 1507c478bd9Sstevel@tonic-gate exit(1); 1517c478bd9Sstevel@tonic-gate } 1527c478bd9Sstevel@tonic-gate 1537c478bd9Sstevel@tonic-gate if (nconf) 1547c478bd9Sstevel@tonic-gate freenetconfigent(nconf); 1557c478bd9Sstevel@tonic-gate } else { 1567c478bd9Sstevel@tonic-gate 1577c478bd9Sstevel@tonic-gate if (!kwarnd_debug) 1587c478bd9Sstevel@tonic-gate detachfromtty(); 1597c478bd9Sstevel@tonic-gate 1607c478bd9Sstevel@tonic-gate openlog("kwarnd", LOG_PID, LOG_DAEMON); 1617c478bd9Sstevel@tonic-gate 1627c478bd9Sstevel@tonic-gate if (svc_create_local_service(kwarnprog_1, KWARNPROG, KWARNVERS, 1637c478bd9Sstevel@tonic-gate "netpath", "kwarnd") == 0) { 1647c478bd9Sstevel@tonic-gate syslog(LOG_ERR, gettext("unable to create service")); 1657c478bd9Sstevel@tonic-gate exit(1); 1667c478bd9Sstevel@tonic-gate } 1677c478bd9Sstevel@tonic-gate } 1687c478bd9Sstevel@tonic-gate 1697c478bd9Sstevel@tonic-gate 1707c478bd9Sstevel@tonic-gate if (kwarnd_debug) { 1717c478bd9Sstevel@tonic-gate fprintf(stderr, 1727c478bd9Sstevel@tonic-gate gettext("kwarnd start: \n")); 1737c478bd9Sstevel@tonic-gate } 1747c478bd9Sstevel@tonic-gate 1757c478bd9Sstevel@tonic-gate (void) signal(SIGCHLD, SIG_IGN); 1767c478bd9Sstevel@tonic-gate 1777c478bd9Sstevel@tonic-gate if (thr_create(NULL, 0, 1787c478bd9Sstevel@tonic-gate (void *(*)(void *))kwarnd_check_warning_list, NULL, 1797c478bd9Sstevel@tonic-gate THR_DETACHED | THR_DAEMON | THR_NEW_LWP, 1807c478bd9Sstevel@tonic-gate NULL)) { 1817c478bd9Sstevel@tonic-gate syslog(LOG_ERR, 1827c478bd9Sstevel@tonic-gate gettext("unable to create cache_cleanup thread")); 1837c478bd9Sstevel@tonic-gate exit(1); 1847c478bd9Sstevel@tonic-gate } 1857c478bd9Sstevel@tonic-gate 1867c478bd9Sstevel@tonic-gate if (!loadConfigFile()) { 1877c478bd9Sstevel@tonic-gate syslog(LOG_ERR, gettext("could not read config file\n")); 1887c478bd9Sstevel@tonic-gate exit(1); 1897c478bd9Sstevel@tonic-gate } 1907c478bd9Sstevel@tonic-gate 1917c478bd9Sstevel@tonic-gate if (!rpc_control(RPC_SVC_MTMODE_SET, &rpc_svc_mode)) { 1927c478bd9Sstevel@tonic-gate syslog(LOG_ERR, gettext("unable to set automatic MT mode")); 1937c478bd9Sstevel@tonic-gate exit(1); 1947c478bd9Sstevel@tonic-gate } 1957c478bd9Sstevel@tonic-gate 1967c478bd9Sstevel@tonic-gate svc_run(); 1977c478bd9Sstevel@tonic-gate abort(); 1987c478bd9Sstevel@tonic-gate /*NOTREACHED*/ 1997c478bd9Sstevel@tonic-gate #ifdef lint 2007c478bd9Sstevel@tonic-gate return (1); 2017c478bd9Sstevel@tonic-gate #endif 2027c478bd9Sstevel@tonic-gate } 2037c478bd9Sstevel@tonic-gate 2047c478bd9Sstevel@tonic-gate static void 2057c478bd9Sstevel@tonic-gate usage(void) 2067c478bd9Sstevel@tonic-gate { 2077c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext("usage: kwarnd [-d]\n")); 2087c478bd9Sstevel@tonic-gate exit(1); 2097c478bd9Sstevel@tonic-gate } 2107c478bd9Sstevel@tonic-gate 2117c478bd9Sstevel@tonic-gate 2127c478bd9Sstevel@tonic-gate /* 2137c478bd9Sstevel@tonic-gate * detach from tty 2147c478bd9Sstevel@tonic-gate */ 2157c478bd9Sstevel@tonic-gate static void 2167c478bd9Sstevel@tonic-gate detachfromtty(void) 2177c478bd9Sstevel@tonic-gate { 2187c478bd9Sstevel@tonic-gate switch (fork()) { 2197c478bd9Sstevel@tonic-gate case -1: 2207c478bd9Sstevel@tonic-gate perror(gettext("kwarnd: can not fork")); 2217c478bd9Sstevel@tonic-gate exit(1); 2227c478bd9Sstevel@tonic-gate /*NOTREACHED*/ 2237c478bd9Sstevel@tonic-gate case 0: 2247c478bd9Sstevel@tonic-gate break; 2257c478bd9Sstevel@tonic-gate default: 2267c478bd9Sstevel@tonic-gate exit(0); 2277c478bd9Sstevel@tonic-gate } 2287c478bd9Sstevel@tonic-gate 2297c478bd9Sstevel@tonic-gate /* 2307c478bd9Sstevel@tonic-gate * Close existing file descriptors, open "/dev/null" as 2317c478bd9Sstevel@tonic-gate * standard input, output, and error, and detach from 2327c478bd9Sstevel@tonic-gate * controlling terminal. 2337c478bd9Sstevel@tonic-gate */ 2347c478bd9Sstevel@tonic-gate closefrom(0); 2357c478bd9Sstevel@tonic-gate (void) open("/dev/null", O_RDONLY); 2367c478bd9Sstevel@tonic-gate (void) open("/dev/null", O_WRONLY); 2377c478bd9Sstevel@tonic-gate (void) dup(1); 2387c478bd9Sstevel@tonic-gate (void) setsid(); 2397c478bd9Sstevel@tonic-gate } 2407c478bd9Sstevel@tonic-gate 2417c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 2427c478bd9Sstevel@tonic-gate int 2437c478bd9Sstevel@tonic-gate kwarnprog_1_freeresult(SVCXPRT *transport, xdrproc_t xdr_res, caddr_t res) 2447c478bd9Sstevel@tonic-gate { 2457c478bd9Sstevel@tonic-gate xdr_free(xdr_res, res); 2467c478bd9Sstevel@tonic-gate return (1); 2477c478bd9Sstevel@tonic-gate } 248