upstream/illumos/illumos-gate: comparison usr/src/cmd/dlmgmtd/dlmgmt

equal deleted inserted replaced

-:4bb212e117c7
+:3be00c4a6835
 */
 #include <assert.h>
 #include <errno.h>
 #include <fcntl.h>
-#include <priv_utils.h>
+#include <priv.h>
 #include <signal.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <strings.h>
 #include <syslog.h>
+#include <zone.h>
 #include <sys/dld.h>
 #include <sys/dld_ioc.h>
 #include <sys/param.h>
 #include <sys/stat.h>
 #include <unistd.h>
 * handle because the door isn't created when the handle is created.
 */
 static int		dlmgmt_door_fd = -1;
 /*
-* This libdladm handle is global so that dlmgmt_upcall_linkprop_init()
+* This libdladm handle is global so that dlmgmt_upcall_linkprop_init() can
-* can pass to libdladm.  The handle is opened during dlmgmt_init_privileges()
+* pass to libdladm.  The handle is opened with "ALL" privileges, before
-* with "ALL" privileges.  It is not able to open DLMGMT_DOOR at that time as
+* privileges are dropped in dlmgmt_drop_privileges().  It is not able to open
-* it hasn't been created yet.  This door in the handle is opened in the first
+* DLMGMT_DOOR at that time as it hasn't been created yet.  This door in the
-* call to dladm_door_fd().
+* handle is opened in the first call to dladm_door_fd().
 */
 dladm_handle_t		dld_handle = NULL;
 static void		dlmgmtd_exit(int);
 static int		dlmgmt_init();
 static void		dlmgmt_fini();
-static int		dlmgmt_init_privileges();
+static int		dlmgmt_set_privileges();
-static void		dlmgmt_fini_privileges();
 static int
 dlmgmt_set_doorfd(boolean_t start)
 {
 	dld_ioc_door_t did;
 	return (err);
 }
 static int
-dlmgmt_door_init()
+dlmgmt_door_init(void)
 {
-	int fd;
+	int err = 0;
-	int err;
-	/*
-	 * Create the door file for dlmgmtd.
-	 */
-	if ((fd = open(DLMGMT_DOOR, O_CREAT|O_RDONLY, 0644)) == -1) {
-		err = errno;
-		dlmgmt_log(LOG_ERR, "open(%s) failed: %s",
-		    DLMGMT_DOOR, strerror(err));
-		return (err);
-	}
-	(void) close(fd);
 	if ((dlmgmt_door_fd = door_create(dlmgmt_handler, NULL,
 	    DOOR_REFUSE_DESC | DOOR_NO_CANCEL)) == -1) {
 		err = errno;
 		dlmgmt_log(LOG_ERR, "door_create() failed: %s",
 		    strerror(err));
 		return (err);
 	}
-	/*
-	 * fdetach first in case a previous daemon instance exited
-	 * ungracefully.
-	 */
-	(void) fdetach(DLMGMT_DOOR);
-	if (fattach(dlmgmt_door_fd, DLMGMT_DOOR) != 0) {
-		err = errno;
-		dlmgmt_log(LOG_ERR, "fattach(%s) failed: %s",
-		    DLMGMT_DOOR, strerror(err));
-		goto fail;
-	}
-	if ((err = dlmgmt_set_doorfd(B_TRUE)) != 0) {
-		dlmgmt_log(LOG_ERR, "cannot set kernel doorfd: %s",
-		    strerror(err));
-		(void) fdetach(DLMGMT_DOOR);
-		goto fail;
-	}
-	return (0);
-fail:
-	(void) door_revoke(dlmgmt_door_fd);
-	dlmgmt_door_fd = -1;
 	return (err);
 }
 static void
-dlmgmt_door_fini()
+dlmgmt_door_fini(void)
 {
 	if (dlmgmt_door_fd == -1)
 		return;
 	if (door_revoke(dlmgmt_door_fd) == -1) {
 		dlmgmt_log(LOG_WARNING, "door_revoke(%s) failed: %s",
 		    DLMGMT_DOOR, strerror(errno));
 	}
-	(void) fdetach(DLMGMT_DOOR);
 	(void) dlmgmt_set_doorfd(B_FALSE);
-}
+	dlmgmt_door_fd = -1;
+}
+int
+dlmgmt_door_attach(zoneid_t zoneid, char *rootdir)
+{
+	int	fd;
+	int	err = 0;
+	char	doorpath[MAXPATHLEN];
+	(void) snprintf(doorpath, sizeof (doorpath), "%s%s", rootdir,
+	    DLMGMT_DOOR);
+	/*
+	 * Create the door file for dlmgmtd.
+	 */
+	if ((fd = open(doorpath, O_CREAT|O_RDONLY, 0644)) == -1) {
+		err = errno;
+		dlmgmt_log(LOG_ERR, "open(%s) failed: %s", doorpath,
+		    strerror(err));
+		return (err);
+	}
+	(void) close(fd);
+	if (chown(doorpath, UID_DLADM, GID_SYS) == -1)
+		return (errno);
+	/*
+	 * fdetach first in case a previous daemon instance exited
+	 * ungracefully.
+	 */
+	(void) fdetach(doorpath);
+	if (fattach(dlmgmt_door_fd, doorpath) != 0) {
+		err = errno;
+		dlmgmt_log(LOG_ERR, "fattach(%s) failed: %s", doorpath,
+		    strerror(err));
+	} else if (zoneid == GLOBAL_ZONEID) {
+		if ((err = dlmgmt_set_doorfd(B_TRUE)) != 0) {
+			dlmgmt_log(LOG_ERR, "cannot set kernel doorfd: %s",
+			    strerror(err));
+		}
+	}
+	return (err);
+}
+/*
+* Create the /etc/svc/volatile/dladm/ directory if it doesn't exist, load the
+* datalink.conf data for this zone, and create/attach the door rendezvous
+* file.
+*/
+int
+dlmgmt_zone_init(zoneid_t zoneid)
+{
+	char	rootdir[MAXPATHLEN], tmpfsdir[MAXPATHLEN];
+	int	err;
+	struct stat statbuf;
+	if (zoneid == GLOBAL_ZONEID) {
+		rootdir[0] = '\0';
+	} else if (zone_getattr(zoneid, ZONE_ATTR_ROOT, rootdir,
+	    sizeof (rootdir)) < 0) {
+		return (errno);
+	}
+	/*
+	 * Create the DLMGMT_TMPFS_DIR directory.
+	 */
+	(void) snprintf(tmpfsdir, sizeof (tmpfsdir), "%s%s", rootdir,
+	    DLMGMT_TMPFS_DIR);
+	if (stat(tmpfsdir, &statbuf) < 0) {
+		if (mkdir(tmpfsdir, (mode_t)0755) < 0)
+			return (errno);
+	} else if ((statbuf.st_mode & S_IFMT) != S_IFDIR) {
+		return (ENOTDIR);
+	}
+	if ((chmod(tmpfsdir, 0755) < 0) ||
+	    (chown(tmpfsdir, UID_DLADM, GID_SYS) < 0)) {
+		return (EPERM);
+	}
+	if ((err = dlmgmt_db_init(zoneid)) != 0)
+		return (err);
+	return (dlmgmt_door_attach(zoneid, rootdir));
+}
+/*
+* Initialize each running zone.
+*/
 static int
-dlmgmt_init()
+dlmgmt_allzones_init(void)
 {
-	int err;
+	int		err, i;
+	zoneid_t	*zids = NULL;
+	uint_t		nzids, nzids_saved;
+	if (zone_list(NULL, &nzids) != 0)
+		return (errno);
+again:
+	nzids *= 2;
+	if ((zids = malloc(nzids * sizeof (zoneid_t))) == NULL)
+		return (errno);
+	nzids_saved = nzids;
+	if (zone_list(zids, &nzids) != 0) {
+		free(zids);
+		return (errno);
+	}
+	if (nzids > nzids_saved) {
+		free(zids);
+		goto again;
+	}
+	for (i = 0; i < nzids; i++) {
+		if ((err = dlmgmt_zone_init(zids[i])) != 0)
+			break;
+	}
+	free(zids);
+	return (err);
+}
+static int
+dlmgmt_init(void)
+{
+	int	err;
+	char	*fmri, *c;
+	char	filename[MAXPATHLEN];
+	if (dladm_open(&dld_handle) != DLADM_STATUS_OK) {
+		dlmgmt_log(LOG_ERR, "dladm_open() failed");
+		return (EPERM);
+	}
 	if (signal(SIGTERM, dlmgmtd_exit) == SIG_ERR ||
 	    signal(SIGINT, dlmgmtd_exit) == SIG_ERR) {
 		err = errno;
 		dlmgmt_log(LOG_ERR, "signal() for SIGTERM/INT failed: %s",
 		    strerror(err));
 		return (err);
 	}
-	if ((err = dlmgmt_linktable_init()) != 0)
+	/*
-		return (err);
+	 * First derive the name of the cache file from the FMRI name. This
+	 * cache name is used to keep active datalink configuration.
-	if ((err = dlmgmt_db_init()) != 0 || (err = dlmgmt_door_init()) != 0)
+	 */
+	if (debug) {
+		(void) snprintf(cachefile, MAXPATHLEN, "%s/%s%s",
+		    DLMGMT_TMPFS_DIR, progname, ".debug.cache");
+	} else {
+		if ((fmri = getenv("SMF_FMRI")) == NULL) {
+			dlmgmt_log(LOG_ERR, "dlmgmtd is an smf(5) managed "
+			    "service and should not be run from the command "
+			    "line.");
+			return (EINVAL);
+		}
+		/*
+		 * The FMRI name is in the form of
+		 * svc:/service/service:instance.  We need to remove the
+		 * prefix "svc:/" and replace '/' with '-'.  The cache file
+		 * name is in the form of "service:instance.cache".
+		 */
+		if ((c = strchr(fmri, '/')) != NULL)
+			c++;
+		else
+			c = fmri;
+		(void) snprintf(filename, MAXPATHLEN, "%s.cache", c);
+		c = filename;
+		while ((c = strchr(c, '/')) != NULL)
+			*c = '-';
+		(void) snprintf(cachefile, MAXPATHLEN, "%s/%s",
+		    DLMGMT_TMPFS_DIR, filename);
+	}
+	dlmgmt_linktable_init();
+	if ((err = dlmgmt_door_init()) != 0)
+		goto done;
+	/*
+	 * Load datalink configuration and create dlmgmtd door files for all
+	 * currently running zones.
+	 */
+	if ((err = dlmgmt_allzones_init()) != 0)
+		dlmgmt_door_fini();
+done:
+	if (err != 0)
 		dlmgmt_linktable_fini();
 	return (err);
 }
 static void
-dlmgmt_fini()
+dlmgmt_fini(void)
 {
 	dlmgmt_door_fini();
 	dlmgmt_linktable_fini();
+	if (dld_handle != NULL) {
+		dladm_close(dld_handle);
+		dld_handle = NULL;
+	}
 }
 /*
 * This is called by the child process to inform the parent process to
 * exit with the given return value.
 static void
 dlmgmtd_exit(int signo)
 {
 	(void) close(pfds[1]);
 	dlmgmt_fini();
-	dlmgmt_fini_privileges();
 	exit(EXIT_FAILURE);
 }
 static void
 usage(void)
 	(void) fprintf(stderr, "Usage: %s [-d]\n", progname);
 	exit(EXIT_FAILURE);
 }
 /*
-* Set the uid of this daemon to the "dladm" user. Finish the following
+* Restrict privileges to only those needed.
-* operations before setuid() because they need root privileges:
+*/
-*
+int
-*    - create the /etc/svc/volatile/dladm directory;
+dlmgmt_drop_privileges(void)
-*    - change its uid/gid to "dladm"/"sys";
+{
-*    - open the dld control node
+	priv_set_t	*pset;
+	priv_ptype_t	ptype;
+	zoneid_t	zoneid = getzoneid();
+	int		err = 0;
+	if ((pset = priv_allocset()) == NULL)
+		return (errno);
+	/*
+	 * The global zone needs PRIV_PROC_FORK so that it can fork() when it
+	 * issues db ops in non-global zones, PRIV_SYS_CONFIG to post
+	 * sysevents, and PRIV_SYS_DL_CONFIG to initialize link properties in
+	 * dlmgmt_upcall_linkprop_init().
+	 *
+	 * We remove all privileges from the permitted (and thus effective)
+	 * set in the non-global zone.  When executing in a non-global zone,
+	 * dlmgmtd only needs to read and write to files that it already owns.
+	 */
+	priv_emptyset(pset);
+	if (zoneid == GLOBAL_ZONEID) {
+		ptype = PRIV_EFFECTIVE;
+		if (priv_addset(pset, PRIV_PROC_FORK) == -1 ||
+		    priv_addset(pset, PRIV_SYS_CONFIG) == -1 ||
+		    priv_addset(pset, PRIV_SYS_DL_CONFIG) == -1)
+			err = errno;
+	} else {
+		ptype = PRIV_PERMITTED;
+	}
+	if (err == 0 && setppriv(PRIV_SET, ptype, pset) == -1)
+		err = errno;
+done:
+	priv_freeset(pset);
+	return (err);
+}
+int
+dlmgmt_elevate_privileges(void)
+{
+	priv_set_t	*privset;
+	int		err = 0;
+	if ((privset = priv_str_to_set("zone", ",", NULL)) == NULL)
+		return (errno);
+	if (setppriv(PRIV_SET, PRIV_EFFECTIVE, privset) == -1)
+		err = errno;
+	priv_freeset(privset);
+	return (err);
+}
+/*
+* Set the uid of this daemon to the "dladm" user and drop privileges to only
+* those needed.
 */
 static int
-dlmgmt_init_privileges()
+dlmgmt_set_privileges(void)
 {
-	struct stat	statbuf;
+	int err;
-	/*
+	(void) setgroups(0, NULL);
-	 * Create the DLMGMT_TMPFS_DIR directory.
+	if (setegid(GID_SYS) == -1 || seteuid(UID_DLADM) == -1)
-	 */
+		err = errno;
-	if (stat(DLMGMT_TMPFS_DIR, &statbuf) < 0) {
+	else
-		if (mkdir(DLMGMT_TMPFS_DIR, (mode_t)0755) < 0)
+		err = dlmgmt_drop_privileges();
-			return (errno);
+done:
-	} else {
+	return (err);
-		if ((statbuf.st_mode & S_IFMT) != S_IFDIR)
-			return (ENOTDIR);
-	}
-	if ((chmod(DLMGMT_TMPFS_DIR, 0755) < 0) ||
-	    (chown(DLMGMT_TMPFS_DIR, UID_DLADM, GID_SYS) < 0)) {
-		return (EPERM);
-	}
-	/*
-	 * When dlmgmtd is started at boot, "ALL" privilege is required
-	 * to open the dld control node.  The door isn't created yet.
-	 */
-	if (dladm_open(&dld_handle) != DLADM_STATUS_OK) {
-		dlmgmt_log(LOG_ERR, "dladm_open() failed");
-		return (EPERM);
-	}
-	/*
-	 * We need PRIV_SYS_DL_CONFIG for the DLDIOC_DOORSERVER ioctl,
-	 * and PRIV_SYS_CONFIG to post sysevents.
-	 */
-	if (__init_daemon_priv(PU_RESETGROUPS|PU_CLEARLIMITSET, UID_DLADM,
-	    GID_SYS, PRIV_SYS_DL_CONFIG, PRIV_SYS_CONFIG, NULL) == -1) {
-		dladm_close(dld_handle);
-		dld_handle = NULL;
-		return (EPERM);
-	}
-	return (0);
-}
-static void
-dlmgmt_fini_privileges()
-{
-	if (dld_handle != NULL) {
-		dladm_close(dld_handle);
-		dld_handle = NULL;
-	}
 }
 /*
 * Keep the pfds fd open, close other fds.
 */
 }
 int
 main(int argc, char *argv[])
 {
-	int		opt;
+	int opt, err;
 	progname = strrchr(argv[0], '/');
 	if (progname != NULL)
 		progname++;
 	else
 	}
 	if (!debug && !dlmgmt_daemonize())
 		return (EXIT_FAILURE);
-	if ((errno = dlmgmt_init_privileges()) != 0) {
+	if ((err = dlmgmt_init()) != 0) {
-		dlmgmt_log(LOG_ERR, "dlmgmt_init_privileges() failed: %s",
+		dlmgmt_log(LOG_ERR, "unable to initialize daemon: %s",
-		    strerror(errno));
+		    strerror(err));
 		goto child_out;
-	}
+	} else if ((err = dlmgmt_set_privileges()) != 0) {
+		dlmgmt_log(LOG_ERR, "unable to set daemon privileges: %s",
-	if (dlmgmt_init() != 0) {
+		    strerror(err));
-		dlmgmt_fini_privileges();
+		dlmgmt_fini();
 		goto child_out;
 	}
 	/*
 	 * Inform the parent process that it can successfully exit.

changeset 10616	3be00c4a6835
parent 9107	a47dcdb19715
child 11537	8eca52188202