search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dmake: do not set MAKEFLAGS=k
[unleashed/tickless.git] / usr / src / cmd / hotplugd / hotplugd_door.c
blob231940cc79d3e57133193193bcce90db19c755b7
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <unistd.h>
30 #include <fcntl.h>
31 #include <errno.h>
32 #include <strings.h>
33 #include <alloca.h>
34 #include <door.h>
35 #include <pthread.h>
36 #include <synch.h>
37 #include <pwd.h>
38 #include <auth_list.h>
39 #include <auth_attr.h>
40 #include <bsm/adt.h>
41 #include <bsm/adt_event.h>
42 #include <sys/sunddi.h>
43 #include <sys/ddi_hp.h>
44 #include <libnvpair.h>
45 #include <libhotplug.h>
46 #include <libhotplug_impl.h>
47 #include "hotplugd_impl.h"
48
49 /*
50 * Buffer management for results.
51 */
52 typedef struct i_buffer {
53 uint64_t seqnum;
54 char *buffer;
55 struct i_buffer *next;
56 } i_buffer_t;
57
58 static uint64_t buffer_seqnum = 1;
59 static i_buffer_t *buffer_list = NULL;
60 static pthread_mutex_t buffer_lock = PTHREAD_MUTEX_INITIALIZER;
61
62 /*
63 * Door file descriptor.
64 */
65 static int door_fd = -1;
66
67 /*
68 * Function prototypes.
69 */
70 static void door_server(void *, char *, size_t, door_desc_t *, uint_t);
71 static int check_auth(ucred_t *, const char *);
72 static int cmd_getinfo(nvlist_t *, nvlist_t **);
73 static int cmd_changestate(nvlist_t *, nvlist_t **);
74 static int cmd_private(hp_cmd_t, nvlist_t *, nvlist_t **);
75 static void add_buffer(uint64_t, char *);
76 static void free_buffer(uint64_t);
77 static uint64_t get_seqnum(void);
78 static char *state_str(int);
79 static int audit_session(ucred_t *, adt_session_data_t **);
80 static void audit_changestate(ucred_t *, char *, char *, char *, int, int,
81 int);
82 static void audit_setprivate(ucred_t *, char *, char *, char *, char *,
83 int);
84
85 /*
86 * door_server_init()
87 *
88 * Create the door file, and initialize the door server.
89 */
90 boolean_t
91 door_server_init(void)
92 {
93 int fd;
94
95 /* Create the door file */
96 if ((fd = open(HOTPLUGD_DOOR, O_CREAT|O_EXCL|O_RDONLY, 0644)) == -1) {
97 if (errno == EEXIST) {
98 log_err("Door service is already running.\n");
99 } else {
100 log_err("Cannot open door file '%s': %s\n",
101 HOTPLUGD_DOOR, strerror(errno));
102 }
103 return (B_FALSE);
104 }
105 (void) close(fd);
106
107 /* Initialize the door service */
108 if ((door_fd = door_create(door_server, NULL,
109 DOOR_REFUSE_DESC | DOOR_NO_CANCEL)) == -1) {
110 log_err("Cannot create door service: %s\n", strerror(errno));
111 return (B_FALSE);
112 }
113
114 /* Cleanup stale door associations */
115 (void) fdetach(HOTPLUGD_DOOR);
116
117 /* Associate door service with door file */
118 if (fattach(door_fd, HOTPLUGD_DOOR) != 0) {
119 log_err("Cannot attach to door file '%s': %s\n", HOTPLUGD_DOOR,
120 strerror(errno));
121 (void) door_revoke(door_fd);
122 (void) fdetach(HOTPLUGD_DOOR);
123 door_fd = -1;
124 return (B_FALSE);
125 }
126
127 return (B_TRUE);
128 }
129
130 /*
131 * door_server_fini()
132 *
133 * Terminate and cleanup the door server.
134 */
135 void
136 door_server_fini(void)
137 {
138 if (door_fd != -1) {
139 (void) door_revoke(door_fd);
140 (void) fdetach(HOTPLUGD_DOOR);
141 }
142
143 (void) unlink(HOTPLUGD_DOOR);
144 }
145
146 /*
147 * door_server()
148 *
149 * This routine is the handler which responds to each door call.
150 * Each incoming door call is expected to send a packed nvlist
151 * of arguments which describe the requested action. And each
152 * response is sent back as a packed nvlist of results.
153 *
154 * Results are always allocated on the heap. A global list of
155 * allocated result buffers is managed, and each one is tracked
156 * by a unique sequence number. The final step in the protocol
157 * is for the caller to send a short response using the sequence
158 * number when the buffer can be released.
159 */
160 /*ARGSUSED*/
161 static void
162 door_server(void *cookie, char *argp, size_t sz, door_desc_t *dp, uint_t ndesc)
163 {
164 nvlist_t *args = NULL;
165 nvlist_t *results = NULL;
166 hp_cmd_t cmd;
167 int rv;
168
169 dprintf("Door call: cookie=%p, argp=%p, sz=%d\n", cookie, (void *)argp,
170 sz);
171
172 /* Special case to free a results buffer */
173 if (sz == sizeof (uint64_t)) {
174 free_buffer(*(uint64_t *)(uintptr_t)argp);
175 (void) door_return(NULL, 0, NULL, 0);
176 return;
177 }
178
179 /* Unpack the arguments nvlist */
180 if (nvlist_unpack(argp, sz, &args, 0) != 0) {
181 log_err("Cannot unpack door arguments.\n");
182 rv = EINVAL;
183 goto fail;
184 }
185
186 /* Extract the requested command */
187 if (nvlist_lookup_int32(args, HPD_CMD, (int32_t *)&cmd) != 0) {
188 log_err("Cannot decode door command.\n");
189 rv = EINVAL;
190 goto fail;
191 }
192
193 /* Implement the command */
194 switch (cmd) {
195 case HP_CMD_GETINFO:
196 rv = cmd_getinfo(args, &results);
197 break;
198 case HP_CMD_CHANGESTATE:
199 rv = cmd_changestate(args, &results);
200 break;
201 case HP_CMD_SETPRIVATE:
202 case HP_CMD_GETPRIVATE:
203 rv = cmd_private(cmd, args, &results);
204 break;
205 default:
206 rv = EINVAL;
207 break;
208 }
209
210 /* The arguments nvlist is no longer needed */
211 nvlist_free(args);
212 args = NULL;
213
214 /*
215 * If an nvlist was constructed for the results,
216 * then pack the results nvlist and return it.
217 */
218 if (results != NULL) {
219 uint64_t seqnum;
220 char *buf = NULL;
221 size_t len = 0;
222
223 /* Add a sequence number to the results */
224 seqnum = get_seqnum();
225 if (nvlist_add_uint64(results, HPD_SEQNUM, seqnum) != 0) {
226 log_err("Cannot add sequence number.\n");
227 rv = EFAULT;
228 goto fail;
229 }
230
231 /* Pack the results nvlist */
232 if (nvlist_pack(results, &buf, &len,
233 NV_ENCODE_NATIVE, 0) != 0) {
234 log_err("Cannot pack door results.\n");
235 rv = EFAULT;
236 goto fail;
237 }
238
239 /* Link results buffer into list */
240 add_buffer(seqnum, buf);
241
242 /* The results nvlist is no longer needed */
243 nvlist_free(results);
244
245 /* Return the results */
246 (void) door_return(buf, len, NULL, 0);
247 return;
248 }
249
250 /* Return result code (when no nvlist) */
251 (void) door_return((char *)&rv, sizeof (int), NULL, 0);
252 return;
253
254 fail:
255 log_err("Door call failed (%s)\n", strerror(rv));
256 nvlist_free(args);
257 nvlist_free(results);
258 (void) door_return((char *)&rv, sizeof (int), NULL, 0);
259 }
260
261 /*
262 * check_auth()
263 *
264 * Perform an RBAC authorization check.
265 */
266 static int
267 check_auth(ucred_t *ucred, const char *auth)
268 {
269 struct passwd pwd;
270 uid_t euid;
271 char buf[MAXPATHLEN];
272 struct passwd *result;
273
274 euid = ucred_geteuid(ucred);
275
276 getpwuid_r(euid, &pwd, buf, sizeof (buf), &result);
277 if (!result || (chkauthattr(auth, result->pw_name) == 0)) {
278 log_info("Unauthorized door call.\n");
279 return (-1);
280 }
281
282 return (0);
283 }
284
285 /*
286 * cmd_getinfo()
287 *
288 * Implements the door command to get a hotplug information snapshot.
289 */
290 static int
291 cmd_getinfo(nvlist_t *args, nvlist_t **resultsp)
292 {
293 hp_node_t root;
294 nvlist_t *results;
295 char *path;
296 char *connection;
297 char *buf = NULL;
298 size_t len = 0;
299 uint_t flags;
300 int rv;
301
302 dprintf("cmd_getinfo:\n");
303
304 /* Get arguments */
305 if (nvlist_lookup_string(args, HPD_PATH, &path) != 0) {
306 dprintf("cmd_getinfo: invalid arguments.\n");
307 return (EINVAL);
308 }
309 if (nvlist_lookup_string(args, HPD_CONNECTION, &connection) != 0)
310 connection = NULL;
311 if (nvlist_lookup_uint32(args, HPD_FLAGS, (uint32_t *)&flags) != 0)
312 flags = 0;
313
314 /* Get and pack the requested snapshot */
315 if ((rv = getinfo(path, connection, flags, &root)) == 0) {
316 rv = hp_pack(root, &buf, &len);
317 hp_fini(root);
318 }
319 dprintf("cmd_getinfo: getinfo(): rv = %d, buf = %p.\n", rv,
320 (void *)buf);
321
322 /*
323 * If the above failed or there is no snapshot,
324 * then only return a status code.
325 */
326 if (rv != 0)
327 return (rv);
328 if (buf == NULL)
329 return (EFAULT);
330
331 /* Allocate nvlist for results */
332 if (nvlist_alloc(&results, NV_UNIQUE_NAME_TYPE, 0) != 0) {
333 dprintf("cmd_getinfo: nvlist_alloc() failed.\n");
334 free(buf);
335 return (ENOMEM);
336 }
337
338 /* Add snapshot and successful status to results */
339 if ((nvlist_add_int32(results, HPD_STATUS, 0) != 0) ||
340 (nvlist_add_byte_array(results, HPD_INFO,
341 (uchar_t *)buf, len) != 0)) {
342 dprintf("cmd_getinfo: nvlist add failure.\n");
343 nvlist_free(results);
344 free(buf);
345 return (ENOMEM);
346 }
347
348 /* Packed snapshot no longer needed */
349 free(buf);
350
351 /* Success */
352 *resultsp = results;
353 return (0);
354 }
355
356 /*
357 * cmd_changestate()
358 *
359 * Implements the door command to initate a state change operation.
360 *
361 * NOTE: requires 'modify' authorization.
362 */
363 static int
364 cmd_changestate(nvlist_t *args, nvlist_t **resultsp)
365 {
366 hp_node_t root = NULL;
367 nvlist_t *results = NULL;
368 char *path, *connection;
369 ucred_t *uc = NULL;
370 uint_t flags;
371 int rv, state, old_state, status;
372
373 dprintf("cmd_changestate:\n");
374
375 /* Get arguments */
376 if ((nvlist_lookup_string(args, HPD_PATH, &path) != 0) ||
377 (nvlist_lookup_string(args, HPD_CONNECTION, &connection) != 0) ||
378 (nvlist_lookup_int32(args, HPD_STATE, &state) != 0)) {
379 dprintf("cmd_changestate: invalid arguments.\n");
380 return (EINVAL);
381 }
382 if (nvlist_lookup_uint32(args, HPD_FLAGS, (uint32_t *)&flags) != 0)
383 flags = 0;
384
385 /* Get caller's credentials */
386 if (door_ucred(&uc) != 0) {
387 log_err("Cannot get door credentials (%s)\n", strerror(errno));
388 return (EACCES);
389 }
390
391 /* Check authorization */
392 if (check_auth(uc, HP_MODIFY_AUTH) != 0) {
393 dprintf("cmd_changestate: access denied.\n");
394 audit_changestate(uc, HP_MODIFY_AUTH, path, connection,
395 state, -1, ADT_FAIL_VALUE_AUTH);
396 ucred_free(uc);
397 return (EACCES);
398 }
399
400 /* Perform the state change operation */
401 status = changestate(path, connection, state, flags, &old_state, &root);
402 dprintf("cmd_changestate: changestate() == %d\n", status);
403
404 /* Audit the operation */
405 audit_changestate(uc, HP_MODIFY_AUTH, path, connection, state,
406 old_state, status);
407
408 /* Caller's credentials no longer needed */
409 ucred_free(uc);
410
411 /*
412 * Pack the results into an nvlist if there is an error snapshot.
413 *
414 * If any error occurs while packing the results, the original
415 * error code from changestate() above is still returned.
416 */
417 if (root != NULL) {
418 char *buf = NULL;
419 size_t len = 0;
420
421 dprintf("cmd_changestate: results nvlist required.\n");
422
423 /* Pack and discard the error snapshot */
424 rv = hp_pack(root, &buf, &len);
425 hp_fini(root);
426 if (rv != 0) {
427 dprintf("cmd_changestate: hp_pack() failed (%s).\n",
428 strerror(rv));
429 return (status);
430 }
431
432 /* Allocate nvlist for results */
433 if (nvlist_alloc(&results, NV_UNIQUE_NAME_TYPE, 0) != 0) {
434 dprintf("cmd_changestate: nvlist_alloc() failed.\n");
435 free(buf);
436 return (status);
437 }
438
439 /* Add the results into the nvlist */
440 if ((nvlist_add_int32(results, HPD_STATUS, status) != 0) ||
441 (nvlist_add_byte_array(results, HPD_INFO, (uchar_t *)buf,
442 len) != 0)) {
443 dprintf("cmd_changestate: nvlist add failed.\n");
444 nvlist_free(results);
445 free(buf);
446 return (status);
447 }
448
449 *resultsp = results;
450 }
451
452 return (status);
453 }
454
455 /*
456 * cmd_private()
457 *
458 * Implementation of the door command to set or get bus private options.
459 *
460 * NOTE: requires 'modify' authorization for the 'set' command.
461 */
462 static int
463 cmd_private(hp_cmd_t cmd, nvlist_t *args, nvlist_t **resultsp)
464 {
465 nvlist_t *results = NULL;
466 ucred_t *uc = NULL;
467 char *path, *connection, *options;
468 char *values = NULL;
469 int status;
470
471 dprintf("cmd_private:\n");
472
473 /* Get caller's credentials */
474 if ((cmd == HP_CMD_SETPRIVATE) && (door_ucred(&uc) != 0)) {
475 log_err("Cannot get door credentials (%s)\n", strerror(errno));
476 return (EACCES);
477 }
478
479 /* Get arguments */
480 if ((nvlist_lookup_string(args, HPD_PATH, &path) != 0) ||
481 (nvlist_lookup_string(args, HPD_CONNECTION, &connection) != 0) ||
482 (nvlist_lookup_string(args, HPD_OPTIONS, &options) != 0)) {
483 dprintf("cmd_private: invalid arguments.\n");
484 return (EINVAL);
485 }
486
487 /* Check authorization */
488 if ((cmd == HP_CMD_SETPRIVATE) &&
489 (check_auth(uc, HP_MODIFY_AUTH) != 0)) {
490 dprintf("cmd_private: access denied.\n");
491 audit_setprivate(uc, HP_MODIFY_AUTH, path, connection, options,
492 ADT_FAIL_VALUE_AUTH);
493 ucred_free(uc);
494 return (EACCES);
495 }
496
497 /* Perform the operation */
498 status = private_options(path, connection, cmd, options, &values);
499 dprintf("cmd_private: private_options() == %d\n", status);
500
501 /* Audit the operation */
502 if (cmd == HP_CMD_SETPRIVATE) {
503 audit_setprivate(uc, HP_MODIFY_AUTH, path, connection, options,
504 status);
505 ucred_free(uc);
506 }
507
508 /* Construct an nvlist if values were returned */
509 if (values != NULL) {
510
511 /* Allocate nvlist for results */
512 if (nvlist_alloc(&results, NV_UNIQUE_NAME_TYPE, 0) != 0) {
513 dprintf("cmd_private: nvlist_alloc() failed.\n");
514 free(values);
515 return (ENOMEM);
516 }
517
518 /* Add values and status to the results */
519 if ((nvlist_add_int32(results, HPD_STATUS, status) != 0) ||
520 (nvlist_add_string(results, HPD_OPTIONS, values) != 0)) {
521 dprintf("cmd_private: nvlist add failed.\n");
522 nvlist_free(results);
523 free(values);
524 return (ENOMEM);
525 }
526
527 /* The values string is no longer needed */
528 free(values);
529
530 *resultsp = results;
531 }
532
533 return (status);
534 }
535
536 /*
537 * get_seqnum()
538 *
539 * Allocate the next unique sequence number for a results buffer.
540 */
541 static uint64_t
542 get_seqnum(void)
543 {
544 uint64_t seqnum;
545
546 (void) pthread_mutex_lock(&buffer_lock);
547
548 seqnum = buffer_seqnum++;
549
550 (void) pthread_mutex_unlock(&buffer_lock);
551
552 return (seqnum);
553 }
554
555 /*
556 * add_buffer()
557 *
558 * Link a results buffer into the list containing all buffers.
559 */
560 static void
561 add_buffer(uint64_t seqnum, char *buf)
562 {
563 i_buffer_t *node;
564
565 if ((node = (i_buffer_t *)malloc(sizeof (i_buffer_t))) == NULL) {
566 /* The consequence is a memory leak. */
567 log_err("Cannot allocate results buffer: %s\n",
568 strerror(errno));
569 return;
570 }
571
572 node->seqnum = seqnum;
573 node->buffer = buf;
574
575 (void) pthread_mutex_lock(&buffer_lock);
576
577 node->next = buffer_list;
578 buffer_list = node;
579
580 (void) pthread_mutex_unlock(&buffer_lock);
581 }
582
583 /*
584 * free_buffer()
585 *
586 * Remove a results buffer from the list containing all buffers.
587 */
588 static void
589 free_buffer(uint64_t seqnum)
590 {
591 i_buffer_t *node, *prev;
592
593 (void) pthread_mutex_lock(&buffer_lock);
594
595 prev = NULL;
596 node = buffer_list;
597
598 while (node) {
599 if (node->seqnum == seqnum) {
600 dprintf("Free buffer %lld\n", seqnum);
601 if (prev) {
602 prev->next = node->next;
603 } else {
604 buffer_list = node->next;
605 }
606 free(node->buffer);
607 free(node);
608 break;
609 }
610 prev = node;
611 node = node->next;
612 }
613
614 (void) pthread_mutex_unlock(&buffer_lock);
615 }
616
617 /*
618 * audit_session()
619 *
620 * Initialize an audit session.
621 */
622 static int
623 audit_session(ucred_t *ucred, adt_session_data_t **sessionp)
624 {
625 adt_session_data_t *session;
626
627 if (adt_start_session(&session, NULL, 0) != 0) {
628 log_err("Cannot start audit session.\n");
629 return (-1);
630 }
631
632 if (adt_set_from_ucred(session, ucred, ADT_NEW) != 0) {
633 log_err("Cannot set audit session from ucred.\n");
634 (void) adt_end_session(session);
635 return (-1);
636 }
637
638 *sessionp = session;
639 return (0);
640 }
641
642 /*
643 * audit_changestate()
644 *
645 * Audit a 'changestate' door command.
646 */
647 static void
648 audit_changestate(ucred_t *ucred, char *auth, char *path, char *connection,
649 int new_state, int old_state, int result)
650 {
651 adt_session_data_t *session;
652 adt_event_data_t *event;
653 int pass_fail, fail_reason;
654
655 if (audit_session(ucred, &session) != 0)
656 return;
657
658 if ((event = adt_alloc_event(session, ADT_hotplug_state)) == NULL) {
659 (void) adt_end_session(session);
660 return;
661 }
662
663 if (result == 0) {
664 pass_fail = ADT_SUCCESS;
665 fail_reason = ADT_SUCCESS;
666 } else {
667 pass_fail = ADT_FAILURE;
668 fail_reason = result;
669 }
670
671 event->adt_hotplug_state.auth_used = auth;
672 event->adt_hotplug_state.device_path = path;
673 event->adt_hotplug_state.connection = connection;
674 event->adt_hotplug_state.new_state = state_str(new_state);
675 event->adt_hotplug_state.old_state = state_str(old_state);
676
677 /* Put the event */
678 if (adt_put_event(event, pass_fail, fail_reason) != 0)
679 log_err("Cannot put audit event.\n");
680
681 adt_free_event(event);
682 (void) adt_end_session(session);
683 }
684
685 /*
686 * audit_setprivate()
687 *
688 * Audit a 'set private' door command.
689 */
690 static void
691 audit_setprivate(ucred_t *ucred, char *auth, char *path, char *connection,
692 char *options, int result)
693 {
694 adt_session_data_t *session;
695 adt_event_data_t *event;
696 int pass_fail, fail_reason;
697
698 if (audit_session(ucred, &session) != 0)
699 return;
700
701 if ((event = adt_alloc_event(session, ADT_hotplug_set)) == NULL) {
702 (void) adt_end_session(session);
703 return;
704 }
705
706 if (result == 0) {
707 pass_fail = ADT_SUCCESS;
708 fail_reason = ADT_SUCCESS;
709 } else {
710 pass_fail = ADT_FAILURE;
711 fail_reason = result;
712 }
713
714 event->adt_hotplug_set.auth_used = auth;
715 event->adt_hotplug_set.device_path = path;
716 event->adt_hotplug_set.connection = connection;
717 event->adt_hotplug_set.options = options;
718
719 /* Put the event */
720 if (adt_put_event(event, pass_fail, fail_reason) != 0)
721 log_err("Cannot put audit event.\n");
722
723 adt_free_event(event);
724 (void) adt_end_session(session);
725 }
726
727 /*
728 * state_str()
729 *
730 * Convert a state from integer to string.
731 */
732 static char *
733 state_str(int state)
734 {
735 switch (state) {
736 case DDI_HP_CN_STATE_EMPTY:
737 return ("EMPTY");
738 case DDI_HP_CN_STATE_PRESENT:
739 return ("PRESENT");
740 case DDI_HP_CN_STATE_POWERED:
741 return ("POWERED");
742 case DDI_HP_CN_STATE_ENABLED:
743 return ("ENABLED");
744 case DDI_HP_CN_STATE_PORT_EMPTY:
745 return ("PORT-EMPTY");
746 case DDI_HP_CN_STATE_PORT_PRESENT:
747 return ("PORT-PRESENT");
748 case DDI_HP_CN_STATE_OFFLINE:
749 return ("OFFLINE");
750 case DDI_HP_CN_STATE_ATTACHED:
751 return ("ATTACHED");
752 case DDI_HP_CN_STATE_MAINTENANCE:
753 return ("MAINTENANCE");
754 case DDI_HP_CN_STATE_ONLINE:
755 return ("ONLINE");
756 default:
757 return ("UNKNOWN");
758 }
759 }
unleashed repo fork