4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
23 * Copyright 1999-2002 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
27 #pragma ident "%Z%%M% %I% %E% SMI"
29 #include "med_local.h"
38 #include <sys/resource.h>
39 #include <sys/priocntl.h>
40 #include <sys/rtpriocntl.h>
41 #include <sys/utsname.h>
43 extern void nc_perror(const char *msg
);
46 static char *medname
= MED_SERVNAME
;
49 * reset and exit daemon
56 med_err_t status
= med_null_err
;
58 if (med_db_finit(&status
))
59 medde_perror(&status
, "med_db_finit");
62 med_eprintf("exiting with %d\n", eval
);
80 if ((msg
= strsignal(sig
)) == NULL
) {
81 (void) sprintf(buf
, "unknown signal %d", sig
);
84 med_eprintf("%s\n", msg
);
86 /* let default handler do it's thing */
87 (void) sigset(sig
, SIG_DFL
);
88 if (kill(getpid(), sig
) != 0) {
89 med_perror("kill(getpid())");
102 /* catch common signals */
103 if ((sigset(SIGHUP
, med_catcher
) == SIG_ERR
) ||
104 (sigset(SIGINT
, med_catcher
) == SIG_ERR
) ||
105 (sigset(SIGABRT
, med_catcher
) == SIG_ERR
) ||
106 (sigset(SIGBUS
, med_catcher
) == SIG_ERR
) ||
107 (sigset(SIGSEGV
, med_catcher
) == SIG_ERR
) ||
108 (sigset(SIGPIPE
, med_catcher
) == SIG_ERR
) ||
109 (sigset(SIGTERM
, med_catcher
) == SIG_ERR
)) {
110 return (med_error(medep
, errno
, "sigset"));
113 /* ignore SIGALRM (used in med_cv_timedwait) */
114 if (sigset(SIGALRM
, SIG_IGN
) == SIG_ERR
) {
115 return (med_error(medep
, errno
, "sigset"));
123 * (re)initalize daemon
130 static int already
= 0;
134 if (med_setup(medep
) != 0)
136 openlog(medname
, LOG_CONS
, LOG_DAEMON
);
150 static struct utsname myuname
;
154 if (uname(&myuname
) == -1) {
160 return (myuname
.nodename
);
164 * check for trusted host and user
168 struct svc_req
*rqstp
/* RPC stuff */
171 struct authsys_parms
*sys_credp
;
172 SVCXPRT
*transp
= rqstp
->rq_xprt
;
173 struct netconfig
*nconfp
= NULL
;
174 struct nd_hostservlist
*hservlistp
= NULL
;
177 char *inplace
= NULL
;
181 sys_credp
= (struct authsys_parms
*)rqstp
->rq_clntcred
;
182 assert(sys_credp
!= NULL
);
183 if (sys_credp
->aup_uid
!= 0)
187 if (transp
->xp_netid
== NULL
) {
188 med_eprintf("transp->xp_netid == NULL\n");
191 if ((nconfp
= getnetconfigent(transp
->xp_netid
)) == NULL
) {
193 nc_perror("getnetconfigent(transp->xp_netid)");
197 if ((__netdir_getbyaddr_nosrv(nconfp
, &hservlistp
, &transp
->xp_rtaddr
)
198 != 0) || (hservlistp
== NULL
)) {
200 netdir_perror("netdir_getbyaddr(transp->xp_rtaddr)");
205 /* check hostnames */
206 for (i
= 0; (i
< hservlistp
->h_cnt
); ++i
) {
207 struct nd_hostserv
*hservp
= &hservlistp
->h_hostservs
[i
];
208 char *hostname
= hservp
->h_host
;
210 inplace
= strdup(hostname
);
211 sdssc_cm_nm2nid(inplace
);
212 if (strcmp(inplace
, hostname
)) {
215 * If the names are now different it indicates
216 * that hostname was converted to a nodeid. This
217 * will only occur if hostname is part of the same
218 * cluster that the current node is in.
219 * If the machine is not running in a cluster than
220 * sdssc_cm_nm2nid is a noop which leaves inplace
227 /* localhost is OK */
228 if (strcmp(hostname
, mynode()) == 0) {
233 if (strcmp(hostname
, "localhost") == 0) {
238 /* check for remote root access */
239 if (ruserok(hostname
, 1, "root", "root") == 0) {
245 /* cleanup, return success */
249 if (hservlistp
!= NULL
)
250 netdir_free(hservlistp
, ND_HOSTSERVLIST
);
257 * check for user in local group 14
268 /* get user info, check default GID */
269 if ((pwp
= getpwuid(uid
)) == NULL
)
271 if (pwp
->pw_gid
== MED_GID
)
275 if ((grp
= getgrgid(MED_GID
)) == NULL
)
277 for (namep
= grp
->gr_mem
; ((*namep
!= NULL
) && (**namep
!= '\0'));
279 if (strcmp(*namep
, pwp
->pw_name
) == 0)
290 struct svc_req
*rqstp
, /* RPC stuff */
291 int amode
, /* R_OK | W_OK */
292 med_err_t
*medep
/* returned status */
296 static mutex_t mx
= DEFAULTMUTEX
;
297 #endif /* _REENTRANT */
298 struct authsys_parms
*sys_credp
;
300 /* for read, anything is OK */
301 if (! (amode
& W_OK
))
305 /* single thread (not really needed if daemon stays single threaded) */
307 #endif /* _REENTRANT */
309 /* check for remote root or METAMED_GID */
311 sys_credp
= (struct authsys_parms
*)rqstp
->rq_clntcred
;
312 if ((check_gid14(sys_credp
->aup_uid
) == 0) ||
313 (check_host(rqstp
) == 0)) {
316 #endif /* _REENTRANT */
323 #endif /* _REENTRANT */
324 return (med_error(medep
, EACCES
, medname
));
330 * if can't authenticate return < 0
331 * if any other error return > 0
335 struct svc_req
*rqstp
, /* RPC stuff */
336 int amode
, /* R_OK | W_OK */
337 med_err_t
*medep
/* returned status */
340 SVCXPRT
*transp
= rqstp
->rq_xprt
;
345 (void) memset(medep
, 0, sizeof (*medep
));
347 if (sdssc_bind_library() == SDSSC_ERROR
) {
348 (void) med_error(medep
, EACCES
,
349 "can't bind to cluster library");
356 switch (rqstp
->rq_cred
.oa_flavor
) {
361 if (check_sys(rqstp
, amode
, medep
) != 0)
362 return (1); /* error */
366 /* can't authenticate anything else */
368 svcerr_weakauth(transp
);
369 return (-1); /* weak authentication */
376 if (med_init_daemon(medep
) != 0)
377 return (1); /* error */