1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26 /*
27 * SMBFS I/O Daemon (SMF service)
28 */
29
30 #include <sys/types.h>
31 #include <sys/stat.h>
32 #include <sys/note.h>
33 #include <sys/queue.h>
34
35 #include <errno.h>
36 #include <fcntl.h>
37 #include <signal.h>
38 #include <stdarg.h>
39 #include <stdio.h>
40 #include <string.h>
41 #include <strings.h>
42 #include <stdlib.h>
43 #include <synch.h>
44 #include <time.h>
45 #include <unistd.h>
46 #include <ucred.h>
47 #include <wait.h>
48 #include <priv_utils.h>
49 #include <err.h>
50 #include <door.h>
51 #include <libscf.h>
52 #include <locale.h>
53 #include <thread.h>
54 #include <assert.h>
55
56 #include <netsmb/smb_lib.h>
57
58 static boolean_t d_flag = B_FALSE;
59
60 /* Keep a list of child processes. */
61 typedef struct _child {
62 LIST_ENTRY(_child) list;
63 pid_t pid;
64 uid_t uid;
65 } child_t;
66 static LIST_HEAD(, _child) child_list = { 0 };
67 mutex_t cl_mutex = DEFAULTMUTEX;
68
69 static const char smbiod_path[] = "/usr/lib/smbfs/smbiod";
70 static const char door_path[] = SMBIOD_SVC_DOOR;
71
72 void svc_dispatch(void *cookie, char *argp, size_t argsz,
73 door_desc_t *dp, uint_t n_desc);
74 static int cmd_start(uid_t uid, gid_t gid);
75 static int new_child(uid_t uid, gid_t gid);
76 static void svc_sigchld(void);
77 static void child_gone(uid_t, pid_t, int);
78 static void svc_cleanup(void);
79
80 static child_t *
81 child_find_by_pid(pid_t pid)
82 {
83 child_t *cp;
84
85 assert(MUTEX_HELD(&cl_mutex));
86 LIST_FOREACH(cp, &child_list, list) {
87 if (cp->pid == pid)
88 return (cp);
89 }
90 return (NULL);
91 }
92
93 static child_t *
94 child_find_by_uid(uid_t uid)
95 {
96 child_t *cp;
97
98 assert(MUTEX_HELD(&cl_mutex));
99 LIST_FOREACH(cp, &child_list, list) {
100 if (cp->uid == uid)
101 return (cp);
102 }
103 return (NULL);
104 }
105
106 /*
107 * Find out if the service is already running.
108 * Return: true, false.
109 */
110 static boolean_t
111 already_running(void)
112 {
113 door_info_t info;
114 int fd, rc;
115
116 if ((fd = open(door_path, O_RDONLY)) < 0)
117 return (B_FALSE);
118
119 rc = door_info(fd, &info);
120 close(fd);
121 if (rc < 0)
122 return (B_FALSE);
123
124 return (B_TRUE);
125 }
126
127 /*
128 * This function will fork off a child process,
129 * from which only the child will return.
130 *
131 * The parent exit status is taken as the SMF start method
132 * success or failure, so the parent waits (via pipe read)
133 * for the child to finish initialization before it exits.
134 * Use SMF error codes only on exit.
135 */
136 static int
137 daemonize_init(void)
138 {
139 int pid, st;
140 int pfds[2];
141
142 chdir("/");
143
144 if (pipe(pfds) < 0) {
145 perror("pipe");
146 exit(SMF_EXIT_ERR_FATAL);
147 }
148 if ((pid = fork1()) == -1) {
149 perror("fork");
150 exit(SMF_EXIT_ERR_FATAL);
151 }
152
153 /*
154 * If we're the parent process, wait for either the child to send us
155 * the appropriate exit status over the pipe or for the read to fail
156 * (presumably with 0 for EOF if our child terminated abnormally).
157 * If the read fails, exit with either the child's exit status if it
158 * exited or with SMF_EXIT_ERR_FATAL if it died from a fatal signal.
159 */
160 if (pid != 0) {
161 /* parent */
162 close(pfds[1]);
163 if (read(pfds[0], &st, sizeof (st)) == sizeof (st))
164 _exit(st);
165 if (waitpid(pid, &st, 0) == pid && WIFEXITED(st))
166 _exit(WEXITSTATUS(st));
167 _exit(SMF_EXIT_ERR_FATAL);
168 }
169
170 /* child */
171 close(pfds[0]);
172
173 return (pfds[1]);
174 }
175
176 static void
177 daemonize_fini(int pfd, int rc)
178 {
179 /* Tell parent we're ready. */
180 (void) write(pfd, &rc, sizeof (rc));
181 close(pfd);
182 }
183
184 int
185 main(int argc, char **argv)
186 {
187 sigset_t oldmask, tmpmask;
188 struct sigaction sa;
189 struct rlimit rl;
190 int door_fd = -1, tmp_fd = -1, pfd = -1;
191 int c, sig;
192 int rc = SMF_EXIT_ERR_FATAL;
193 boolean_t created = B_FALSE, attached = B_FALSE;
194
195 /* set locale and text domain for i18n */
196 (void) setlocale(LC_ALL, "");
197 (void) textdomain(TEXT_DOMAIN);
198
199 while ((c = getopt(argc, argv, "d")) != -1) {
200 switch (c) {
201 case 'd':
202 /* Do debug messages. */
203 d_flag = B_TRUE;
204 break;
205 default:
206 fprintf(stderr, "Usage: %s [-d]\n", argv[0]);
207 return (SMF_EXIT_ERR_CONFIG);
208 }
209 }
210
211 if (already_running()) {
212 fprintf(stderr, "%s: already running", argv[0]);
213 return (rc);
214 }
215
216 /*
217 * Raise the fd limit to max
218 * errors here are non-fatal
219 */
220 if (getrlimit(RLIMIT_NOFILE, &rl) != 0) {
221 fprintf(stderr, "getrlimit failed, err %d\n", errno);
222 } else if (rl.rlim_cur < rl.rlim_max) {
223 rl.rlim_cur = rl.rlim_max;
224 if (setrlimit(RLIMIT_NOFILE, &rl) != 0)
225 fprintf(stderr, "setrlimit "
226 "RLIMIT_NOFILE %d, err %d",
227 (int)rl.rlim_cur, errno);
228 }
229
230 /*
231 * Want all signals blocked, as we're doing
232 * synchronous delivery via sigwait below.
233 */
234 sigfillset(&tmpmask);
235 sigprocmask(SIG_BLOCK, &tmpmask, &oldmask);
236
237 /*
238 * Do want SIGCHLD, and will waitpid().
239 */
240 sa.sa_flags = SA_NOCLDSTOP;
241 sa.sa_handler = SIG_DFL;
242 sigemptyset(&sa.sa_mask);
243 sigaction(SIGCHLD, &sa, NULL);
244
245 /*
246 * Daemonize, unless debugging.
247 */
248 if (d_flag) {
249 /* debug: run in foregound (not a service) */
250 putenv("SMBFS_DEBUG=1");
251 } else {
252 /* Non-debug: start daemon in the background. */
253 pfd = daemonize_init();
254 }
255
256 /*
257 * Create directory for all smbiod doors.
258 */
259 if ((mkdir(SMBIOD_RUNDIR, 0755) < 0) && errno != EEXIST) {
260 perror(SMBIOD_RUNDIR);
261 goto out;
262 }
263
264 /*
265 * Create a file for the main service door.
266 */
267 unlink(door_path);
268 tmp_fd = open(door_path, O_RDWR|O_CREAT|O_EXCL, 0644);
269 if (tmp_fd < 0) {
270 perror(door_path);
271 goto out;
272 }
273 close(tmp_fd);
274 tmp_fd = -1;
275 created = B_TRUE;
276
277 /* Setup the door service. */
278 door_fd = door_create(svc_dispatch, NULL,
279 DOOR_REFUSE_DESC | DOOR_NO_CANCEL);
280 if (door_fd == -1) {
281 perror("svc door_create");
282 goto out;
283 }
284 fdetach(door_path);
285 if (fattach(door_fd, door_path) < 0) {
286 fprintf(stderr, "%s: fattach failed, %s\n",
287 door_path, strerror(errno));
288 goto out;
289 }
290 attached = B_TRUE;
291
292 /*
293 * Initializations done. Tell start method we're up.
294 */
295 rc = SMF_EXIT_OK;
296 if (pfd != -1) {
297 daemonize_fini(pfd, rc);
298 pfd = -1;
299 }
300
301 /*
302 * Main thread just waits for signals.
303 */
304 again:
305 sig = sigwait(&tmpmask);
306 if (d_flag)
307 fprintf(stderr, "main: sig=%d\n", sig);
308 switch (sig) {
309 case SIGINT:
310 case SIGTERM:
311 /*
312 * The whole process contract gets a SIGTERM
313 * at once. Give children a chance to exit
314 * so we can do normal SIGCHLD cleanup.
315 * Prevent new door_open calls.
316 */
317 fdetach(door_path);
318 attached = B_FALSE;
319 alarm(2);
320 goto again;
321 case SIGALRM:
322 break; /* normal termination */
323 case SIGCHLD:
324 svc_sigchld();
325 goto again;
326 case SIGCONT:
327 goto again;
328 default:
329 /* Unexpected signal. */
330 fprintf(stderr, "svc_main: unexpected sig=%d\n", sig);
331 break;
332 }
333
334 out:
335 if (attached)
336 fdetach(door_path);
337 if (door_fd != -1)
338 door_revoke(door_fd);
339 if (created)
340 unlink(door_path);
341
342 /* NB: door threads gone now. */
343 svc_cleanup();
344
345 /* If startup error, report to parent. */
346 if (pfd != -1)
347 daemonize_fini(pfd, rc);
348
349 return (rc);
350 }
351
352 /*ARGSUSED*/
353 void
354 svc_dispatch(void *cookie, char *argp, size_t argsz,
355 door_desc_t *dp, uint_t n_desc)
356 {
357 ucred_t *ucred = NULL;
358 uid_t uid;
359 gid_t gid;
360 int32_t cmd, rc;
361
362 /*
363 * Allow a NULL arg call to check if this
364 * daemon is running. Just return zero.
365 */
366 if (argp == NULL) {
367 rc = 0;
368 goto out;
369 }
370
371 /*
372 * Get the caller's credentials.
373 * (from client side of door)
374 */
375 if (door_ucred(&ucred) != 0) {
376 rc = EACCES;
377 goto out;
378 }
379 uid = ucred_getruid(ucred);
380 gid = ucred_getrgid(ucred);
381
382 /*
383 * Arg is just an int command code.
384 * Reply is also an int.
385 */
386 if (argsz != sizeof (cmd)) {
387 rc = EINVAL;
388 goto out;
389 }
390 bcopy(argp, &cmd, sizeof (cmd));
391 switch (cmd) {
392 case SMBIOD_START:
393 rc = cmd_start(uid, gid);
394 break;
395 default:
396 rc = EINVAL;
397 goto out;
398 }
399
400 out:
401 if (ucred != NULL)
402 ucred_free(ucred);
403
404 door_return((void *)&rc, sizeof (rc), NULL, 0);
405 }
406
407 /*
408 * Start a per-user smbiod, if not already running.
409 */
410 int
411 cmd_start(uid_t uid, gid_t gid)
412 {
413 char door_file[64];
414 child_t *cp;
415 int pid, fd = -1;
416
417 mutex_lock(&cl_mutex);
418 cp = child_find_by_uid(uid);
419 if (cp != NULL) {
420 /* This UID already has an IOD. */
421 mutex_unlock(&cl_mutex);
422 if (d_flag) {
423 fprintf(stderr, "cmd_start: uid %d"
424 " already has an iod\n", uid);
425 }
426 return (0);
427 }
428
429 /*
430 * OK, create a new child.
431 */
432 cp = malloc(sizeof (*cp));
433 if (cp == NULL) {
434 mutex_unlock(&cl_mutex);
435 return (ENOMEM);
436 }
437 cp->pid = 0; /* update below */
438 cp->uid = uid;
439 LIST_INSERT_HEAD(&child_list, cp, list);
440 mutex_unlock(&cl_mutex);
441
442 /*
443 * The child will not have permission to create or
444 * destroy files in SMBIOD_RUNDIR so do that here.
445 */
446 snprintf(door_file, sizeof (door_file),
447 SMBIOD_USR_DOOR, cp->uid);
448 unlink(door_file);
449 fd = open(door_file, O_RDWR|O_CREAT|O_EXCL, 0600);
450 if (fd < 0) {
451 perror(door_file);
452 goto errout;
453 }
454 if (fchown(fd, uid, gid) < 0) {
455 perror(door_file);
456 goto errout;
457 }
458 close(fd);
459 fd = -1;
460
461 if ((pid = fork1()) == -1) {
462 perror("fork");
463 goto errout;
464 }
465 if (pid == 0) {
466 (void) new_child(uid, gid);
467 _exit(1);
468 }
469 /* parent */
470 cp->pid = pid;
471
472 if (d_flag) {
473 fprintf(stderr, "cmd_start: uid %d new iod, pid %d\n",
474 uid, pid);
475 }
476
477 return (0);
478
479 errout:
480 if (fd != -1)
481 close(fd);
482 mutex_lock(&cl_mutex);
483 LIST_REMOVE(cp, list);
484 mutex_unlock(&cl_mutex);
485 free(cp);
486 return (errno);
487 }
488
489 /*
490 * Assume the passed credentials (from the door client),
491 * drop any extra privileges, and exec the per-user iod.
492 */
493 static int
494 new_child(uid_t uid, gid_t gid)
495 {
496 char *argv[2];
497 int flags, rc;
498
499 flags = PU_RESETGROUPS | PU_LIMITPRIVS | PU_INHERITPRIVS;
500 rc = __init_daemon_priv(flags, uid, gid, PRIV_NET_ACCESS, NULL);
501 if (rc != 0)
502 return (errno);
503
504 argv[0] = "smbiod";
505 argv[1] = NULL;
506 (void) execv(smbiod_path, argv);
507 return (errno);
508 }
509
510 static void
511 svc_sigchld(void)
512 {
513 child_t *cp;
514 pid_t pid;
515 int err, status, found = 0;
516
517 mutex_lock(&cl_mutex);
518
519 while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
520
521 found++;
522 if (d_flag)
523 fprintf(stderr, "svc_sigchld: pid %d\n", (int)pid);
524
525 cp = child_find_by_pid(pid);
526 if (cp == NULL) {
527 fprintf(stderr, "Unknown pid %d\n", (int)pid);
528 continue;
529 }
530 child_gone(cp->uid, cp->pid, status);
531 LIST_REMOVE(cp, list);
532 free(cp);
533 }
534 err = errno;
535
536 mutex_unlock(&cl_mutex);
537
538 /* ECHILD is the normal end of loop. */
539 if (pid < 0 && err != ECHILD)
540 fprintf(stderr, "svc_sigchld: waitpid err %d\n", err);
541 if (found == 0)
542 fprintf(stderr, "svc_sigchld: no children?\n");
543 }
544
545 static void
546 child_gone(uid_t uid, pid_t pid, int status)
547 {
548 char door_file[64];
549 int x;
550
551 if (d_flag)
552 fprintf(stderr, "child_gone: uid %d pid %d\n",
553 uid, (int)pid);
554
555 snprintf(door_file, sizeof (door_file),
556 SMBIOD_RUNDIR "/%d", uid);
557 unlink(door_file);
558
559 if (WIFEXITED(status)) {
560 x = WEXITSTATUS(status);
561 if (x != 0) {
562 fprintf(stderr,
563 "uid %d, pid %d exit %d",
564 uid, (int)pid, x);
565 }
566 }
567 if (WIFSIGNALED(status)) {
568 x = WTERMSIG(status);
569 fprintf(stderr,
570 "uid %d, pid %d signal %d",
571 uid, (int)pid, x);
572 }
573 }
574
575 /*
576 * Final cleanup before exit. Unlink child doors, etc.
577 * Called while single threaded, so no locks needed here.
578 * The list is normally empty by now due to svc_sigchld
579 * calls during shutdown. But in case there were any
580 * straglers, do cleanup here. Don't bother freeing any
581 * list elements here, as we're exiting.
582 */
583 static void
584 svc_cleanup(void)
585 {
586 child_t *cp;
587
588 LIST_FOREACH(cp, &child_list, list) {
589 child_gone(cp->uid, cp->pid, 0);
590 }
591 }