4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright (c) 1989, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
26 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
27 /* All Rights Reserved */
30 * University Copyright- Copyright (c) 1982, 1986, 1988
31 * The Regents of the University of California
34 * University Acknowledgment- Portions of this document are derived from
35 * software developed by the University of California, Berkeley, and its
40 * Copyright (c) 2012 by Delphix. All rights reserved.
44 #include <stdio_ext.h>
50 #include <netconfig.h>
54 #include <netinet/in.h>
55 #include <sys/param.h>
56 #include <sys/resource.h>
58 #include <sys/types.h>
60 #include <sys/sockio.h>
63 #include <rpcsvc/sm_inter.h>
64 #include <rpcsvc/nsm_addr.h>
69 #include <rpcsvc/daemon_utils.h>
70 #include <priv_utils.h>
74 #define home0 "/var/statmon"
75 #define current0 "/var/statmon/sm"
76 #define backup0 "/var/statmon/sm.bak"
77 #define state0 "/var/statmon/state"
79 #define home1 "statmon"
80 #define current1 "statmon/sm/"
81 #define backup1 "statmon/sm.bak/"
82 #define state1 "statmon/state"
85 * User and group IDs to run as. These are hardwired, rather than looked
86 * up at runtime, because they are very unlikely to change and because they
87 * provide some protection against bogus changes to the passwd and group
90 uid_t daemon_uid
= DAEMON_UID
;
91 gid_t daemon_gid
= DAEMON_GID
;
93 char STATE
[MAXPATHLEN
], CURRENT
[MAXPATHLEN
], BACKUP
[MAXPATHLEN
];
94 static char statd_home
[MAXPATHLEN
];
97 int regfiles_only
= 0; /* 1 => use symlinks in statmon, 0 => don't */
98 char hostname
[MAXHOSTNAMELEN
];
101 * These variables will be used to store all the
102 * alias names for the host, as well as the -a
103 * command line hostnames.
106 char **host_name
; /* store -a opts */
107 int addrix
; /* # of -a entries */
111 * The following 2 variables are meaningful
112 * only under a HA configuration.
113 * The path_name array is dynamically allocated in main() during
114 * command line argument processing for the -p options.
116 char **path_name
= NULL
; /* store -p opts */
117 int pathix
= 0; /* # of -p entries */
119 /* Global variables. Refer to sm_statd.h for description */
127 mutex_t name_addrlock
;
129 /* forward references */
130 static void set_statmon_owner(void);
131 static void copy_client_names(void);
132 static void one_statmon_owner(const char *);
133 static int nftw_owner(const char *, const struct stat
*, int, struct FTW
*);
139 * returns stat_fail to caller
141 * adds an entry to the monitor_q and the record_q
142 * This message is sent by the server lockd to the server
143 * statd, to indicate that a new client is to be monitored.
144 * It is also sent by the server lockd to the client statd
145 * to indicate that a new server is to be monitored.
147 * removes an entry from the monitor_q and the record_q
149 * removes all entries from a particular host from the
150 * monitor_q and the record_q. Our statd has this
153 * simulate a crash. removes everything from the
154 * record_q and the recovery_q, then calls statd_init()
155 * to restart things. This message is sent by the server
156 * lockd to the server statd to have all clients notified
157 * that they should reclaim locks.
159 * Sent by statd on server to statd on client during
160 * crash recovery. The client statd passes the info
161 * to its lockd so it can attempt to reclaim the locks
162 * held on the server.
164 * There are three main hash tables used to keep track of things.
166 * table that keeps track hosts statd must watch. If one of
167 * these hosts crashes, then any locks held by that host must
170 * used to keep track of all the hostname files stored in
171 * the directory /var/statmon/sm. These are client hosts who
172 * are holding or have held a lock at some point. Needed
173 * to determine if a file needs to be created for host in
176 * used to keep track hostnames during a recovery
178 * The entries are hashed based upon the name.
180 * There is a directory /var/statmon/sm which holds a file named
181 * for each host that is holding (or has held) a lock. This is
182 * used during initialization on startup, or after a simulated
187 sm_prog_1(rqstp
, transp
)
188 struct svc_req
*rqstp
;
192 struct sm_name sm_stat_1_arg
;
193 struct mon sm_mon_1_arg
;
194 struct mon_id sm_unmon_1_arg
;
195 struct my_id sm_unmon_all_1_arg
;
196 struct stat_chge ntf_arg
;
197 struct reg1args reg1_arg
;
201 sm_stat_res stat_resp
;
203 struct reg1res reg1_resp
;
206 bool_t (*xdr_argument
)(), (*xdr_result
)();
210 * Dispatch according to which protocol is being used:
211 * NSM_ADDR_PROGRAM is the private lockd address
212 * registration protocol.
213 * SM_PROG is the normal statd (NSM) protocol.
215 if (rqstp
->rq_prog
== NSM_ADDR_PROGRAM
) {
216 switch (rqstp
->rq_proc
) {
218 svc_sendreply(transp
, xdr_void
, (caddr_t
)NULL
);
221 case NSMADDRPROC1_REG
:
222 xdr_argument
= xdr_reg1args
;
223 xdr_result
= xdr_reg1res
;
224 local
= (char *(*)()) nsmaddrproc1_reg
;
227 case NSMADDRPROC1_UNREG
: /* Not impl. */
229 svcerr_noproc(transp
);
233 /* Must be SM_PROG */
234 switch (rqstp
->rq_proc
) {
236 svc_sendreply(transp
, xdr_void
, (caddr_t
)NULL
);
240 xdr_argument
= xdr_sm_name
;
241 xdr_result
= xdr_sm_stat_res
;
242 local
= (char *(*)()) sm_stat_svc
;
246 xdr_argument
= xdr_mon
;
247 xdr_result
= xdr_sm_stat_res
;
248 local
= (char *(*)()) sm_mon_svc
;
252 xdr_argument
= xdr_mon_id
;
253 xdr_result
= xdr_sm_stat
;
254 local
= (char *(*)()) sm_unmon_svc
;
258 xdr_argument
= xdr_my_id
;
259 xdr_result
= xdr_sm_stat
;
260 local
= (char *(*)()) sm_unmon_all_svc
;
264 xdr_argument
= xdr_void
;
265 xdr_result
= xdr_void
;
266 local
= (char *(*)()) sm_simu_crash_svc
;
270 xdr_argument
= xdr_stat_chge
;
271 xdr_result
= xdr_void
;
272 local
= (char *(*)()) sm_notify_svc
;
276 svcerr_noproc(transp
);
281 (void) memset(&argument
, 0, sizeof (argument
));
282 if (!svc_getargs(transp
, xdr_argument
, (caddr_t
)&argument
)) {
283 svcerr_decode(transp
);
287 (void) memset(&result
, 0, sizeof (result
));
288 (*local
)(&argument
, &result
);
289 if (!svc_sendreply(transp
, xdr_result
, (caddr_t
)&result
)) {
290 svcerr_systemerr(transp
);
293 if (!svc_freeargs(transp
, xdr_argument
, (caddr_t
)&argument
)) {
294 syslog(LOG_ERR
, "statd: unable to free arguments\n");
299 * Remove all files under directory path_dir.
307 char tmp_path
[MAXPATHLEN
];
309 if ((dp
= opendir(path_dir
)) == (DIR *)NULL
) {
312 "warning: open directory %s failed: %m\n", path_dir
);
316 while ((dirp
= readdir(dp
)) != NULL
) {
317 if (strcmp(dirp
->d_name
, ".") != 0 &&
318 strcmp(dirp
->d_name
, "..") != 0) {
319 if (strlen(path_dir
) + strlen(dirp
->d_name
) +2 >
323 "statd: remove dir %s/%s failed. Pathname too long.\n",
324 path_dir
, dirp
->d_name
);
328 (void) strcpy(tmp_path
, path_dir
);
329 (void) strcat(tmp_path
, "/");
330 (void) strcat(tmp_path
, dirp
->d_name
);
331 delete_file(tmp_path
);
340 * Copy all files from directory `from_dir' to directory `to_dir'.
341 * Symlinks, if any, are preserved.
344 copydir_from_to(from_dir
, to_dir
)
351 char rname
[MAXNAMELEN
+ 1];
352 char path
[MAXPATHLEN
+MAXNAMELEN
+2];
354 if ((dp
= opendir(from_dir
)) == (DIR *)NULL
) {
357 "warning: open directory %s failed: %m\n", from_dir
);
361 while ((dirp
= readdir(dp
)) != NULL
) {
362 if (strcmp(dirp
->d_name
, ".") == 0 ||
363 strcmp(dirp
->d_name
, "..") == 0) {
367 (void) strcpy(path
, from_dir
);
368 (void) strcat(path
, "/");
369 (void) strcat(path
, dirp
->d_name
);
371 if (is_symlink(path
)) {
373 * Follow the link to get the referenced file name
374 * and make a new link for that file in to_dir.
376 n
= readlink(path
, rname
, MAXNAMELEN
);
380 "copydir_from_to: can't read link %s\n",
387 (void) create_symlink(to_dir
, rname
, dirp
->d_name
);
390 * Simply copy regular files to to_dir.
392 (void) strcpy(path
, to_dir
);
393 (void) strcat(path
, "/");
394 (void) strcat(path
, dirp
->d_name
);
395 (void) create_file(path
);
408 if ((sock
= socket(AF_INET6
, SOCK_DGRAM
, 0)) < 0) {
409 syslog(LOG_ERR
, "statd:init_hostname, socket: %m");
413 lifn
.lifn_family
= AF_UNSPEC
;
416 if (ioctl(sock
, SIOCGLIFNUM
, (char *)&lifn
) < 0) {
418 "statd:init_hostname, get number of interfaces, error: %m");
423 host_name_count
= lifn
.lifn_count
;
425 host_name
= (char **)malloc(host_name_count
* sizeof (char *));
426 if (host_name
== NULL
) {
427 perror("statd -a can't get ip configuration\n");
436 main(int argc
, char *argv
[])
445 int connmaxrec
= RPC_MAXDATASIZE
;
450 (void) gethostname(hostname
, MAXHOSTNAMELEN
);
451 if (init_hostname() < 0)
454 while ((c
= getopt(argc
, argv
, "Dd:a:G:p:rU:")) != EOF
)
457 (void) sscanf(optarg
, "%d", &debug
);
463 if (addrix
< host_name_count
) {
464 if (strcmp(hostname
, optarg
) != 0) {
466 if (sz
< MAXHOSTNAMELEN
) {
468 (char *)xmalloc(sz
+1);
469 if (host_name
[addrix
] !=
471 (void) sscanf(optarg
, "%s",
476 (void) fprintf(stderr
,
477 "statd: -a name of host is too long.\n");
480 (void) fprintf(stderr
,
481 "statd: -a exceeding maximum hostnames\n");
484 (void) sscanf(optarg
, "%d", &daemon_uid
);
487 (void) sscanf(optarg
, "%d", &daemon_gid
);
490 if (strlen(optarg
) < MAXPATHLEN
) {
491 /* If the path_name array has not yet */
492 /* been malloc'ed, do that. The array */
493 /* should be big enough to hold all of the */
494 /* -p options we might have. An upper */
495 /* bound on the number of -p options is */
496 /* argc/2, because each -p option consumes */
497 /* two arguments. Here the upper bound */
498 /* is supposing that all the command line */
499 /* arguments are -p options, which would */
500 /* actually never be the case. */
501 if (path_name
== NULL
) {
502 size_t sz
= (argc
/2) * sizeof (char *);
504 path_name
= (char **)malloc(sz
);
505 if (path_name
== NULL
) {
506 (void) fprintf(stderr
,
507 "statd: malloc failed\n");
510 (void) memset(path_name
, 0, sz
);
512 path_name
[pathix
] = optarg
;
515 (void) fprintf(stderr
,
516 "statd: -p pathname is too long.\n");
523 (void) fprintf(stderr
,
524 "statd [-d level] [-D]\n");
529 (void) strcpy(statd_home
, home0
);
530 (void) strcpy(CURRENT
, current0
);
531 (void) strcpy(BACKUP
, backup0
);
532 (void) strcpy(STATE
, state0
);
534 (void) strcpy(statd_home
, home1
);
535 (void) strcpy(CURRENT
, current1
);
536 (void) strcpy(BACKUP
, backup1
);
537 (void) strcpy(STATE
, state1
);
540 (void) printf("debug is on, create entry: %s, %s, %s\n",
541 CURRENT
, BACKUP
, STATE
);
543 if (getrlimit(RLIMIT_NOFILE
, &rl
))
544 (void) printf("statd: getrlimit failed. \n");
546 /* Set maxfdlimit current soft limit */
547 rl
.rlim_cur
= rl
.rlim_max
;
548 if (setrlimit(RLIMIT_NOFILE
, &rl
) != 0)
549 syslog(LOG_ERR
, "statd: unable to set RLIMIT_NOFILE to %d\n",
552 (void) enable_extended_FILE_stdio(-1, -1);
557 (void) fprintf(stderr
, "statd: fork failure\n");
558 (void) fflush(stderr
);
565 (void) open("/dev/null", O_RDONLY
);
566 (void) open("/dev/null", O_WRONLY
);
569 openlog("statd", LOG_PID
, LOG_DAEMON
);
572 (void) _create_daemon_lock(STATD
, daemon_uid
, daemon_gid
);
574 * establish our lock on the lock file and write our pid to it.
575 * exit if some other process holds the lock, or if there's any
576 * error in writing/locking the file.
578 ppid
= _enter_daemon_lock(STATD
);
583 syslog(LOG_ERR
, "error locking for %s: %s", STATD
,
587 /* daemon was already running */
591 /* Get other aliases from each interface. */
594 /* Get all of the configured IP addresses. */
598 * Set to automatic mode such that threads are automatically
601 mode
= RPC_SVC_MT_AUTO
;
602 if (!rpc_control(RPC_SVC_MTMODE_SET
, &mode
)) {
604 "statd:unable to set automatic MT mode.");
609 * Set non-blocking mode and maximum record size for
610 * connection oriented RPC transports.
612 if (!rpc_control(RPC_SVC_CONNMAXREC_SET
, &connmaxrec
)) {
613 syslog(LOG_INFO
, "unable to set maximum RPC record size");
616 if (!svc_create(sm_prog_1
, SM_PROG
, SM_VERS
, "netpath")) {
618 "statd: unable to create (SM_PROG, SM_VERS) for netpath.");
622 if (!svc_create(sm_prog_1
, NSM_ADDR_PROGRAM
, NSM_ADDR_V1
, "netpath")) {
624 "statd: unable to create (NSM_ADDR_PROGRAM, NSM_ADDR_V1) for netpath.");
628 * Make sure /var/statmon and any alternate (-p) statmon
629 * directories exist and are owned by daemon. Then change our uid
630 * to daemon. The uid change is to prevent attacks against local
631 * daemons that trust any call from a local root process.
638 * statd now runs as a daemon rather than root and can not
639 * dump core under / because of the permission. It is
640 * important that current working directory of statd be
641 * changed to writable directory /var/statmon so that it
642 * can dump the core upon the receipt of the signal.
643 * One still need to set allow_setid_core to non-zero in
644 * /etc/system to get the core dump.
648 if (chdir(statd_home
) < 0) {
649 syslog(LOG_ERR
, "can't chdir %s: %m", statd_home
);
655 rwlock_init(&thr_rwlock
, USYNC_THREAD
, NULL
);
656 mutex_init(&crash_lock
, USYNC_THREAD
, NULL
);
657 mutex_init(&name_addrlock
, USYNC_THREAD
, NULL
);
658 cond_init(&crash_finish
, USYNC_THREAD
, NULL
);
659 cond_init(&retrywait
, USYNC_THREAD
, NULL
);
663 * This variable is set to ensure that an sm_crash
664 * request will not be done at the same time
665 * when a statd_init is being done, since sm_crash
666 * can reset some variables that statd_init will be using.
672 (void) printf("Starting svc_run\n");
674 syslog(LOG_ERR
, "statd: svc_run returned\n");
676 thr_exit((void *) 1);
682 * Make sure the ownership of the statmon directories is correct, then
683 * change our uid to match. If the top-level directories (/var/statmon, -p
684 * arguments) don't exist, they are created first. The sm and sm.bak
685 * directories are not created here, but if they already exist, they are
686 * chowned to the correct uid, along with anything else in the
691 set_statmon_owner(void)
694 boolean_t can_do_mlp
;
697 * Recursively chown/chgrp /var/statmon and the alternate paths,
698 * creating them if necessary.
700 one_statmon_owner(statd_home
);
701 for (i
= 0; i
< pathix
; i
++) {
702 char alt_path
[MAXPATHLEN
];
704 snprintf(alt_path
, MAXPATHLEN
, "%s/statmon", path_name
[i
]);
705 one_statmon_owner(alt_path
);
708 can_do_mlp
= priv_ineffect(PRIV_NET_BINDMLP
);
709 if (__init_daemon_priv(PU_RESETGROUPS
|PU_CLEARLIMITSET
,
710 daemon_uid
, daemon_gid
, can_do_mlp
? PRIV_NET_BINDMLP
: NULL
,
712 syslog(LOG_ERR
, "can't run unprivileged: %m");
716 __fini_daemon_priv(PRIV_PROC_EXEC
, PRIV_PROC_SESSION
,
717 PRIV_FILE_LINK_ANY
, PRIV_PROC_INFO
, (char *)NULL
);
721 * Copy client names from the alternate statmon directories into
722 * /var/statmon. The top-level (statmon) directories should already
723 * exist, though the sm and sm.bak directories might not.
730 char buf
[MAXPATHLEN
+SM_MAXPATHLEN
];
733 * Copy all clients from alternate paths to /var/statmon/sm
734 * Remove the files in alternate directory when copying is done.
736 for (i
= 0; i
< pathix
; i
++) {
738 * If the alternate directories do not exist, create it.
739 * If they do exist, just do the copy.
741 snprintf(buf
, sizeof (buf
), "%s/statmon/sm", path_name
[i
]);
742 if ((mkdir(buf
, SM_DIRECTORY_MODE
)) == -1) {
743 if (errno
!= EEXIST
) {
745 "can't mkdir %s: %m\n", buf
);
748 copydir_from_to(buf
, CURRENT
);
749 (void) remove_dir(buf
);
752 (void) snprintf(buf
, sizeof (buf
), "%s/statmon/sm.bak",
754 if ((mkdir(buf
, SM_DIRECTORY_MODE
)) == -1) {
755 if (errno
!= EEXIST
) {
757 "can't mkdir %s: %m\n", buf
);
760 copydir_from_to(buf
, BACKUP
);
761 (void) remove_dir(buf
);
767 * Create the given directory if it doesn't already exist. Set the user
768 * and group to daemon for the directory and anything under it.
772 one_statmon_owner(const char *dir
)
774 if ((mkdir(dir
, SM_DIRECTORY_MODE
)) == -1) {
775 if (errno
!= EEXIST
) {
776 syslog(LOG_ERR
, "can't mkdir %s: %m",
783 printf("Setting owner for %s\n", dir
);
785 if (nftw(dir
, nftw_owner
, MAX_FDS
, FTW_PHYS
) != 0) {
786 syslog(LOG_WARNING
, "error setting owner for %s: %m",
792 * Set the user and group to daemon for the given file or directory. If
793 * it's a directory, also makes sure that it is mode 755.
794 * Generates a syslog message but does not return an error if there were
800 nftw_owner(const char *path
, const struct stat
*statp
, int info
,
803 if (!(info
== FTW_F
|| info
== FTW_D
))
807 * Some older systems might have mode 777 directories. Fix that.
810 if (info
== FTW_D
&& (statp
->st_mode
& (S_IWGRP
| S_IWOTH
)) != 0) {
811 mode_t newmode
= (statp
->st_mode
& ~(S_IWGRP
| S_IWOTH
)) &
815 printf("chmod %03o %s\n", newmode
, path
);
816 if (chmod(path
, newmode
) < 0) {
819 syslog(LOG_WARNING
, "can't chmod %s to %03o: %m",
822 printf(" FAILED: %s\n", strerror(error
));
826 /* If already owned by daemon, don't bother changing. */
827 if (statp
->st_uid
== daemon_uid
&&
828 statp
->st_gid
== daemon_gid
)
832 printf("lchown %s daemon:daemon\n", path
);
833 if (lchown(path
, daemon_uid
, daemon_gid
) < 0) {
836 syslog(LOG_WARNING
, "can't chown %s to daemon: %m",
839 printf(" FAILED: %s\n", strerror(error
));