dmake: do not set MAKEFLAGS=k

[unleashed/tickless.git] / usr / src / cmd / fm / fmd / common / fmd_rpc.c

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
 */

#include <sys/types.h>
#include <sys/fm/util.h>

#include <netdir.h>
#include <strings.h>
#include <alloca.h>
#include <limits.h>
#include <unistd.h>
#include <ucred.h>
#include <priv.h>

#include <fmd_rpc_api.h>
#include <fmd_rpc_adm.h>
#include <rpc/svc_mt.h>

#include <fmd_subr.h>
#include <fmd_error.h>
#include <fmd_thread.h>
#include <fmd_conf.h>
#include <fmd_api.h>
#include <fmd.h>

/*
 * Define range of transient RPC program numbers to use for transient bindings.
 * These are defined in the Solaris ONC+ Developer's Guide, Appendix B, but
 * are cleverly not defined in any ONC+ standard system header file.
 */
#define RPC_TRANS_MIN   0x40000000
#define RPC_TRANS_MAX   0x5fffffff

/*
 * We use our own private version of svc_create() which registers our services
 * only on loopback transports and enables an option whereby Solaris ucreds
 * are associated with each connection, permitting us to check privilege bits.
 */
static int
fmd_rpc_svc_create_local(void (*disp)(struct svc_req *, SVCXPRT *),
    rpcprog_t prog, rpcvers_t vers, uint_t ssz, uint_t rsz, int force)
{
        struct netconfig *ncp;
        struct netbuf buf;
        SVCXPRT *xprt;
        void *hdl;
        int fd, n = 0;

        char door[PATH_MAX];
        time_t tm;

        if ((hdl = setnetconfig()) == NULL) {
                fmd_error(EFMD_RPC_REG, "failed to iterate over "
                    "netconfig database: %s\n", nc_sperror());
                return (fmd_set_errno(EFMD_RPC_REG));
        }

        if (force)
                svc_unreg(prog, vers); /* clear stale rpcbind registrations */

        buf.buf = alloca(_SS_MAXSIZE);
        buf.maxlen = _SS_MAXSIZE;
        buf.len = 0;

        while ((ncp = getnetconfig(hdl)) != NULL) {
                if (strcmp(ncp->nc_protofmly, NC_LOOPBACK) != 0)
                        continue;

                if (!force && rpcb_getaddr(prog, vers, ncp, &buf, HOST_SELF)) {
                        (void) endnetconfig(hdl);
                        return (fmd_set_errno(EFMD_RPC_BOUND));
                }

                if ((fd = t_open(ncp->nc_device, O_RDWR, NULL)) == -1) {
                        fmd_error(EFMD_RPC_REG, "failed to open %s: %s\n",
                            ncp->nc_device, t_strerror(t_errno));
                        continue;
                }

                svc_fd_negotiate_ucred(fd); /* enable ucred option on xprt */

                if ((xprt = svc_tli_create(fd, ncp, NULL, ssz, rsz)) == NULL) {
                        (void) t_close(fd);
                        continue;
                }

                if (svc_reg(xprt, prog, vers, disp, ncp) == FALSE) {
                        fmd_error(EFMD_RPC_REG, "failed to register "
                            "rpc service on %s\n", ncp->nc_netid);
                        svc_destroy(xprt);
                        continue;
                }

                n++;
        }

        (void) endnetconfig(hdl);

        /*
         * If we failed to register services (n == 0) because rpcbind is down,
         * then check to see if the RPC door file exists before attempting an
         * svc_door_create(), which cleverly destroys any existing door file.
         * The RPC APIs have no stable errnos, so we use rpcb_gettime() as a
         * hack to determine if rpcbind itself is down.
         */
        if (!force && n == 0 && rpcb_gettime(HOST_SELF, &tm) == FALSE &&
            snprintf(door, sizeof (door), RPC_DOOR_RENDEZVOUS,
            prog, vers) > 0 && access(door, F_OK) == 0)
                return (fmd_set_errno(EFMD_RPC_BOUND));

        /*
         * Attempt to create a door server for the RPC program as well.  Limit
         * the maximum request size for the door transport to the receive size.
         */
        if ((xprt = svc_door_create(disp, prog, vers, ssz)) == NULL) {
                fmd_error(EFMD_RPC_REG, "failed to create door for "
                    "rpc service 0x%lx/0x%lx\n", prog, vers);
        } else {
                (void) svc_control(xprt, SVCSET_CONNMAXREC, &rsz);
                n++;
        }

        return (n);
}

static int
fmd_rpc_svc_init(void (*disp)(struct svc_req *, SVCXPRT *),
    const char *name, const char *path, const char *prop,
    rpcprog_t pmin, rpcprog_t pmax, rpcvers_t vers,
    uint_t sndsize, uint_t rcvsize, int force)
{
        rpcprog_t prog;
        char buf[16];
        FILE *fp;

        for (prog = pmin; prog <= pmax; prog++) {
                if (fmd_rpc_svc_create_local(disp, prog, vers,
                    sndsize, rcvsize, force) > 0) {
                        fmd_dprintf(FMD_DBG_RPC, "registered %s rpc service "
                            "as 0x%lx.%lx\n", name, prog, vers);

                        /*
                         * To aid simulator scripts, save our RPC "digits" in
                         * the specified file for rendezvous with libfmd_adm.
                         */
                        if (path != NULL && (fp = fopen(path, "w")) != NULL) {
                                (void) fprintf(fp, "%ld\n", prog);
                                (void) fclose(fp);
                        }

                        (void) snprintf(buf, sizeof (buf), "%ld", prog);
                        (void) fmd_conf_setprop(fmd.d_conf, prop, buf);

                        return (0);
                }
        }

        return (-1); /* errno is set for us */
}

void
fmd_rpc_init(void)
{
        int err, prog, mode = RPC_SVC_MT_USER;
        uint64_t sndsize = 0, rcvsize = 0;
        const char *s;

        if (rpc_control(RPC_SVC_MTMODE_SET, &mode) == FALSE)
                fmd_panic("failed to enable user-MT rpc mode");

        (void) fmd_conf_getprop(fmd.d_conf, "rpc.sndsize", &sndsize);
        (void) fmd_conf_getprop(fmd.d_conf, "rpc.rcvsize", &rcvsize);

        /*
         * Infer whether we are the "default" fault manager or an alternate one
         * based on whether the initial setting of rpc.adm.prog is non-zero.
         */
        (void) fmd_conf_getprop(fmd.d_conf, "rpc.adm.prog", &prog);
        (void) fmd_conf_getprop(fmd.d_conf, "rpc.adm.path", &s);

        if (prog != 0) {
                err = fmd_rpc_svc_init(fmd_adm_1, "FMD_ADM", s, "rpc.adm.prog",
                    FMD_ADM, FMD_ADM, FMD_ADM_VERSION_1,
                    (uint_t)sndsize, (uint_t)rcvsize, TRUE);
        } else {
                err = fmd_rpc_svc_init(fmd_adm_1, "FMD_ADM", s, "rpc.adm.prog",
                    RPC_TRANS_MIN, RPC_TRANS_MAX, FMD_ADM_VERSION_1,
                    (uint_t)sndsize, (uint_t)rcvsize, FALSE);
        }

        if (err != 0)
                fmd_error(EFMD_EXIT, "failed to create rpc server bindings");

        if (fmd_thread_create(fmd.d_rmod, (fmd_thread_f *)svc_run, 0) == NULL)
                fmd_error(EFMD_EXIT, "failed to create rpc server thread");
}

void
fmd_rpc_fini(void)
{
        rpcprog_t prog;

        svc_exit(); /* force svc_run() threads to exit */

        (void) fmd_conf_getprop(fmd.d_conf, "rpc.adm.prog", &prog);
        svc_unreg(prog, FMD_ADM_VERSION_1);

        (void) fmd_conf_getprop(fmd.d_conf, "rpc.api.prog", &prog);
        svc_unreg(prog, FMD_API_VERSION_1);
}

/*
 * Utillity function to fetch the XPRT's ucred and determine if we should deny
 * the request.  For now, we implement a simple policy of rejecting any caller
 * who does not have the PRIV_SYS_ADMIN bit in their Effective privilege set,
 * unless the caller is loading a module, which requires all privileges.
 */
int
fmd_rpc_deny(struct svc_req *rqp)
{
        ucred_t *ucp = alloca(ucred_size());
        const priv_set_t *psp;

        if (!fmd.d_booted) {
                (void) pthread_mutex_lock(&fmd.d_fmd_lock);
                while (!fmd.d_booted)
                        (void) pthread_cond_wait(&fmd.d_fmd_cv,
                            &fmd.d_fmd_lock);
                (void) pthread_mutex_unlock(&fmd.d_fmd_lock);
        }

        if (svc_getcallerucred(rqp->rq_xprt, &ucp) != 0 ||
            (psp = ucred_getprivset(ucp, PRIV_EFFECTIVE)) == NULL)
                return (1); /* deny access if we can't get credentials */

#ifndef DEBUG
        /*
         * For convenience of testing, we only require all privileges for a
         * module load when running a non-DEBUG fault management daemon.
         */
        if (rqp->rq_proc == FMD_ADM_MODLOAD)
                return (!priv_isfullset(psp));
#endif
        return (!priv_ismember(psp, PRIV_SYS_ADMIN));
}