root/usr/src/cmd/fs.d/smbclnt/smbiod-svc/smbiod-svc.c 
/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
 */

/*
 * SMBFS I/O Daemon (SMF service)
 */

#include <sys/types.h>
#include <sys/stat.h>
#include <sys/note.h>
#include <sys/queue.h>

#include <errno.h>
#include <fcntl.h>
#include <signal.h>
#include <stdarg.h>
#include <stdio.h>
#include <string.h>
#include <strings.h>
#include <stdlib.h>
#include <synch.h>
#include <time.h>
#include <unistd.h>
#include <ucred.h>
#include <wait.h>
#include <priv_utils.h>
#include <err.h>
#include <door.h>
#include <libscf.h>
#include <locale.h>
#include <thread.h>
#include <assert.h>

#include <netsmb/smb_lib.h>

static boolean_t d_flag = B_FALSE;

/* Keep a list of child processes. */
typedef struct _child {
        LIST_ENTRY(_child) list;
        pid_t pid;
        uid_t uid;
} child_t;
static LIST_HEAD(, _child) child_list = { 0 };
mutex_t cl_mutex = DEFAULTMUTEX;

static const char smbiod_path[] = "/usr/lib/smbfs/smbiod";
static const char door_path[] = SMBIOD_SVC_DOOR;

void svc_dispatch(void *cookie, char *argp, size_t argsz,
    door_desc_t *dp, uint_t n_desc);
static int cmd_start(uid_t uid, gid_t gid);
static int new_child(uid_t uid, gid_t gid);
static void svc_sigchld(void);
static void child_gone(uid_t, pid_t, int);
static void svc_cleanup(void);

static child_t *
child_find_by_pid(pid_t pid)
{
        child_t *cp;

        assert(MUTEX_HELD(&cl_mutex));
        LIST_FOREACH(cp, &child_list, list) {
                if (cp->pid == pid)
                        return (cp);
        }
        return (NULL);
}

static child_t *
child_find_by_uid(uid_t uid)
{
        child_t *cp;

        assert(MUTEX_HELD(&cl_mutex));
        LIST_FOREACH(cp, &child_list, list) {
                if (cp->uid == uid)
                        return (cp);
        }
        return (NULL);
}

/*
 * Find out if the service is already running.
 * Return: true, false.
 */
static boolean_t
already_running(void)
{
        door_info_t info;
        int fd, rc;

        if ((fd = open(door_path, O_RDONLY)) < 0)
                return (B_FALSE);

        rc = door_info(fd, &info);
        close(fd);
        if (rc < 0)
                return (B_FALSE);

        return (B_TRUE);
}

/*
 * This function will fork off a child process,
 * from which only the child will return.
 *
 * The parent exit status is taken as the SMF start method
 * success or failure, so the parent waits (via pipe read)
 * for the child to finish initialization before it exits.
 * Use SMF error codes only on exit.
 */
static int
daemonize_init(void)
{
        int pid, st;
        int pfds[2];

        chdir("/");

        if (pipe(pfds) < 0) {
                perror("pipe");
                exit(SMF_EXIT_ERR_FATAL);
        }
        if ((pid = fork1()) == -1) {
                perror("fork");
                exit(SMF_EXIT_ERR_FATAL);
        }

        /*
         * If we're the parent process, wait for either the child to send us
         * the appropriate exit status over the pipe or for the read to fail
         * (presumably with 0 for EOF if our child terminated abnormally).
         * If the read fails, exit with either the child's exit status if it
         * exited or with SMF_EXIT_ERR_FATAL if it died from a fatal signal.
         */
        if (pid != 0) {
                /* parent */
                close(pfds[1]);
                if (read(pfds[0], &st, sizeof (st)) == sizeof (st))
                        _exit(st);
                if (waitpid(pid, &st, 0) == pid && WIFEXITED(st))
                        _exit(WEXITSTATUS(st));
                _exit(SMF_EXIT_ERR_FATAL);
        }

        /* child */
        close(pfds[0]);

        return (pfds[1]);
}

static void
daemonize_fini(int pfd, int rc)
{
        /* Tell parent we're ready. */
        (void) write(pfd, &rc, sizeof (rc));
        close(pfd);
}

int
main(int argc, char **argv)
{
        sigset_t oldmask, tmpmask;
        struct sigaction sa;
        struct rlimit rl;
        int door_fd = -1, tmp_fd = -1, pfd = -1;
        int c, sig;
        int rc = SMF_EXIT_ERR_FATAL;
        boolean_t created = B_FALSE, attached = B_FALSE;

        /* set locale and text domain for i18n */
        (void) setlocale(LC_ALL, "");
        (void) textdomain(TEXT_DOMAIN);

        while ((c = getopt(argc, argv, "d")) != -1) {
                switch (c) {
                case 'd':
                        /* Do debug messages. */
                        d_flag = B_TRUE;
                        break;
                default:
                        fprintf(stderr, "Usage: %s [-d]\n", argv[0]);
                        return (SMF_EXIT_ERR_CONFIG);
                }
        }

        if (already_running()) {
                fprintf(stderr, "%s: already running", argv[0]);
                return (rc);
        }

        /*
         * Raise the fd limit to max
         * errors here are non-fatal
         */
        if (getrlimit(RLIMIT_NOFILE, &rl) != 0) {
                fprintf(stderr, "getrlimit failed, err %d\n", errno);
        } else if (rl.rlim_cur < rl.rlim_max) {
                rl.rlim_cur = rl.rlim_max;
                if (setrlimit(RLIMIT_NOFILE, &rl) != 0)
                        fprintf(stderr, "setrlimit "
                            "RLIMIT_NOFILE %d, err %d",
                            (int)rl.rlim_cur, errno);
        }

        /*
         * Want all signals blocked, as we're doing
         * synchronous delivery via sigwait below.
         */
        sigfillset(&tmpmask);
        sigprocmask(SIG_BLOCK, &tmpmask, &oldmask);

        /*
         * Do want SIGCHLD, and will waitpid().
         */
        sa.sa_flags = SA_NOCLDSTOP;
        sa.sa_handler = SIG_DFL;
        sigemptyset(&sa.sa_mask);
        sigaction(SIGCHLD, &sa, NULL);

        /*
         * Daemonize, unless debugging.
         */
        if (d_flag) {
                /* debug: run in foregound (not a service) */
                putenv("SMBFS_DEBUG=1");
        } else {
                /* Non-debug: start daemon in the background. */
                pfd = daemonize_init();
        }

        /*
         * Create directory for all smbiod doors.
         */
        if ((mkdir(SMBIOD_RUNDIR, 0755) < 0) && errno != EEXIST) {
                perror(SMBIOD_RUNDIR);
                goto out;
        }

        /*
         * Create a file for the main service door.
         */
        unlink(door_path);
        tmp_fd = open(door_path, O_RDWR|O_CREAT|O_EXCL, 0644);
        if (tmp_fd < 0) {
                perror(door_path);
                goto out;
        }
        close(tmp_fd);
        tmp_fd = -1;
        created = B_TRUE;

        /* Setup the door service. */
        door_fd = door_create(svc_dispatch, NULL,
            DOOR_REFUSE_DESC | DOOR_NO_CANCEL);
        if (door_fd == -1) {
                perror("svc door_create");
                goto out;
        }
        fdetach(door_path);
        if (fattach(door_fd, door_path) < 0) {
                fprintf(stderr, "%s: fattach failed, %s\n",
                    door_path, strerror(errno));
                goto out;
        }
        attached = B_TRUE;

        /*
         * Initializations done.  Tell start method we're up.
         */
        rc = SMF_EXIT_OK;
        if (pfd != -1) {
                daemonize_fini(pfd, rc);
                pfd = -1;
        }

        /*
         * Main thread just waits for signals.
         */
again:
        sig = sigwait(&tmpmask);
        if (d_flag)
                fprintf(stderr, "main: sig=%d\n", sig);
        switch (sig) {
        case SIGINT:
        case SIGTERM:
                /*
                 * The whole process contract gets a SIGTERM
                 * at once.  Give children a chance to exit
                 * so we can do normal SIGCHLD cleanup.
                 * Prevent new door_open calls.
                 */
                fdetach(door_path);
                attached = B_FALSE;
                alarm(2);
                goto again;
        case SIGALRM:
                break;  /* normal termination */
        case SIGCHLD:
                svc_sigchld();
                goto again;
        case SIGCONT:
                goto again;
        default:
                /* Unexpected signal. */
                fprintf(stderr, "svc_main: unexpected sig=%d\n", sig);
                break;
        }

out:
        if (attached)
                fdetach(door_path);
        if (door_fd != -1)
                door_revoke(door_fd);
        if (created)
                unlink(door_path);

        /* NB: door threads gone now. */
        svc_cleanup();

        /* If startup error, report to parent. */
        if (pfd != -1)
                daemonize_fini(pfd, rc);

        return (rc);
}

/*ARGSUSED*/
void
svc_dispatch(void *cookie, char *argp, size_t argsz,
    door_desc_t *dp, uint_t n_desc)
{
        ucred_t *ucred = NULL;
        uid_t uid;
        gid_t gid;
        int32_t cmd, rc;

        /*
         * Allow a NULL arg call to check if this
         * daemon is running.  Just return zero.
         */
        if (argp == NULL) {
                rc = 0;
                goto out;
        }

        /*
         * Get the caller's credentials.
         * (from client side of door)
         */
        if (door_ucred(&ucred) != 0) {
                rc = EACCES;
                goto out;
        }
        uid = ucred_getruid(ucred);
        gid = ucred_getrgid(ucred);

        /*
         * Arg is just an int command code.
         * Reply is also an int.
         */
        if (argsz != sizeof (cmd)) {
                rc = EINVAL;
                goto out;
        }
        bcopy(argp, &cmd, sizeof (cmd));
        switch (cmd) {
        case SMBIOD_START:
                rc = cmd_start(uid, gid);
                break;
        default:
                rc = EINVAL;
                goto out;
        }

out:
        if (ucred != NULL)
                ucred_free(ucred);

        door_return((void *)&rc, sizeof (rc), NULL, 0);
}

/*
 * Start a per-user smbiod, if not already running.
 */
int
cmd_start(uid_t uid, gid_t gid)
{
        char door_file[64];
        child_t *cp;
        int pid, fd = -1;

        mutex_lock(&cl_mutex);
        cp = child_find_by_uid(uid);
        if (cp != NULL) {
                /* This UID already has an IOD. */
                mutex_unlock(&cl_mutex);
                if (d_flag) {
                        fprintf(stderr, "cmd_start: uid %d"
                            " already has an iod\n", uid);
                }
                return (0);
        }

        /*
         * OK, create a new child.
         */
        cp = malloc(sizeof (*cp));
        if (cp == NULL) {
                mutex_unlock(&cl_mutex);
                return (ENOMEM);
        }
        cp->pid = 0; /* update below */
        cp->uid = uid;
        LIST_INSERT_HEAD(&child_list, cp, list);
        mutex_unlock(&cl_mutex);

        /*
         * The child will not have permission to create or
         * destroy files in SMBIOD_RUNDIR so do that here.
         */
        snprintf(door_file, sizeof (door_file),
            SMBIOD_USR_DOOR, cp->uid);
        unlink(door_file);
        fd = open(door_file, O_RDWR|O_CREAT|O_EXCL, 0600);
        if (fd < 0) {
                perror(door_file);
                goto errout;
        }
        if (fchown(fd, uid, gid) < 0) {
                perror(door_file);
                goto errout;
        }
        close(fd);
        fd = -1;

        if ((pid = fork1()) == -1) {
                perror("fork");
                goto errout;
        }
        if (pid == 0) {
                (void) new_child(uid, gid);
                _exit(1);
        }
        /* parent */
        cp->pid = pid;

        if (d_flag) {
                fprintf(stderr, "cmd_start: uid %d new iod, pid %d\n",
                    uid, pid);
        }

        return (0);

errout:
        if (fd != -1)
                close(fd);
        mutex_lock(&cl_mutex);
        LIST_REMOVE(cp, list);
        mutex_unlock(&cl_mutex);
        free(cp);
        return (errno);
}

/*
 * Assume the passed credentials (from the door client),
 * drop any extra privileges, and exec the per-user iod.
 */
static int
new_child(uid_t uid, gid_t gid)
{
        char *argv[2];
        int flags, rc;

        flags = PU_RESETGROUPS | PU_LIMITPRIVS | PU_INHERITPRIVS;
        rc = __init_daemon_priv(flags, uid, gid, PRIV_NET_ACCESS, NULL);
        if (rc != 0)
                return (errno);

        argv[0] = "smbiod";
        argv[1] = NULL;
        (void) execv(smbiod_path, argv);
        return (errno);
}

static void
svc_sigchld(void)
{
        child_t *cp;
        pid_t pid;
        int err, status, found = 0;

        mutex_lock(&cl_mutex);

        while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {

                found++;
                if (d_flag)
                        fprintf(stderr, "svc_sigchld: pid %d\n", (int)pid);

                cp = child_find_by_pid(pid);
                if (cp == NULL) {
                        fprintf(stderr, "Unknown pid %d\n", (int)pid);
                        continue;
                }
                child_gone(cp->uid, cp->pid, status);
                LIST_REMOVE(cp, list);
                free(cp);
        }
        err = errno;

        mutex_unlock(&cl_mutex);

        /* ECHILD is the normal end of loop. */
        if (pid < 0 && err != ECHILD)
                fprintf(stderr, "svc_sigchld: waitpid err %d\n", err);
        if (found == 0)
                fprintf(stderr, "svc_sigchld: no children?\n");
}

static void
child_gone(uid_t uid, pid_t pid, int status)
{
        char door_file[64];
        int x;

        if (d_flag)
                fprintf(stderr, "child_gone: uid %d pid %d\n",
                    uid, (int)pid);

        snprintf(door_file, sizeof (door_file),
            SMBIOD_RUNDIR "/%d", uid);
        unlink(door_file);

        if (WIFEXITED(status)) {
                x = WEXITSTATUS(status);
                if (x != 0) {
                        fprintf(stderr,
                            "uid %d, pid %d exit %d\n",
                            uid, (int)pid, x);
                }
        }
        if (WIFSIGNALED(status)) {
                x = WTERMSIG(status);
                fprintf(stderr,
                    "uid %d, pid %d signal %d\n",
                    uid, (int)pid, x);
        }
}

/*
 * Final cleanup before exit.  Unlink child doors, etc.
 * Called while single threaded, so no locks needed here.
 * The list is normally empty by now due to svc_sigchld
 * calls during shutdown.  But in case there were any
 * straglers, do cleanup here.  Don't bother freeing any
 * list elements here, as we're exiting.
 */
static void
svc_cleanup(void)
{
        child_t *cp;

        LIST_FOREACH(cp, &child_list, list) {
                child_gone(cp->uid, cp->pid, 0);
        }
}