4 * Userland daemon for idmap.
6 * Copyright (c) 2002 The Regents of the University of Michigan.
9 * Marius Aamodt Eriksen <marius@umich.edu>
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its
21 * contributors may be used to endorse or promote products derived
22 * from this software without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
25 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
26 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
31 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
32 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
33 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
34 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37 #include <sys/types.h>
40 #include <sys/socket.h>
44 #include "nfs_idmap.h"
65 #endif /* HAVE_CONFIG_H */
72 #define PIPEFS_DIR "/var/lib/nfs/rpc_pipefs/"
76 #define NFSD_DIR "/proc/net/rpc"
79 #ifndef NFS4NOBODY_USER
80 #define NFS4NOBODY_USER "nobody"
83 #ifndef NFS4NOBODY_GROUP
84 #define NFS4NOBODY_GROUP "nobody"
88 #define CONF_SAVE(w, f) do { \
100 char ic_path[PATH_MAX];
102 struct event ic_event;
105 TAILQ_ENTRY(idmap_client) ic_next;
108 TAILQ_HEAD(idmap_clientq, idmap_client);
110 static void dirscancb(int, short, void *);
111 static void clntscancb(int, short, void *);
112 static void svrreopen(int, short, void *);
113 static int nfsopen(struct idmap_client *);
114 static void nfscb(int, short, void *);
115 static void nfsdcb(int, short, void *);
116 static int validateascii(char *, u_int32_t);
117 static int addfield(char **, ssize_t *, char *);
118 static int getfield(char **, char *, size_t);
120 static void imconv(struct idmap_client *, struct idmap_msg *);
121 static void idtonameres(struct idmap_msg *);
122 static void nametoidres(struct idmap_msg *);
124 static int nfsdopen(char *);
125 static int nfsdopenone(struct idmap_client *, short, char *);
126 static void nfsdreopen(void);
128 size_t strlcat(char *, const char *, size_t);
129 size_t strlcpy(char *, const char *, size_t);
130 ssize_t atomicio(ssize_t (*)(), int, void *, size_t);
131 void mydaemon(int, int);
132 void release_parent();
134 static int verbose = 0;
135 static char pipefsdir[PATH_MAX];
136 static char *nobodyuser, *nobodygroup;
137 static uid_t nobodyuid;
138 static gid_t nobodygid;
139 static struct idmap_client nfsd_ic[2];
145 flush_nfsd_cache(char *path, time_t now)
150 sprintf(stime, "%ld\n", now);
151 fd = open(path, O_RDWR);
154 write(fd, stime, strlen(stime));
160 flush_nfsd_idmap_cache(void)
162 time_t now = time(NULL);
165 ret = flush_nfsd_cache("/proc/net/rpc/nfs4.idtoname/flush", now);
168 ret = flush_nfsd_cache("/proc/net/rpc/nfs4.nametoid/flush", now);
173 main(int argc, char **argv)
175 int fd = 0, opt, fg = 0, nfsdret = -1;
176 struct idmap_clientq icq;
177 struct event rootdirev, clntdirev, svrdirev;
178 struct event initialize;
182 char *xpipefsdir = NULL;
183 int serverstart = 1, clientstart = 1;
186 conf_path = _PATH_IDMAPDCONF;
187 nobodyuser = NFS4NOBODY_USER;
188 nobodygroup = NFS4NOBODY_GROUP;
189 strlcpy(pipefsdir, PIPEFS_DIR, sizeof(pipefsdir));
191 #define GETOPTSTR "vfd:p:U:G:c:CS"
192 opterr=0; /* Turn off error messages */
193 while ((opt = getopt(argc, argv, GETOPTSTR)) != -1) {
197 if (strchr(GETOPTSTR, optopt))
198 errx(1, "'-%c' option requires an argument.", optopt);
200 errx(1, "'-%c' is an invalid argument.", optopt);
205 if (stat(conf_path, &sb) == -1 && (errno == ENOENT || errno == EACCES)) {
206 warn("Skipping configuration file \"%s\"", conf_path);
209 verbose = conf_get_num("General", "Verbosity", 0);
210 CONF_SAVE(xpipefsdir, conf_get_str("General", "Pipefs-Directory"));
211 if (xpipefsdir != NULL)
212 strlcpy(pipefsdir, xpipefsdir, sizeof(pipefsdir));
213 CONF_SAVE(nobodyuser, conf_get_str("Mapping", "Nobody-User"));
214 CONF_SAVE(nobodygroup, conf_get_str("Mapping", "Nobody-Group"));
215 nfs4_init_name_mapping(conf_path);
218 while ((opt = getopt(argc, argv, GETOPTSTR)) != -1)
227 strlcpy(pipefsdir, optarg, sizeof(pipefsdir));
232 errx(1, "the -d, -U, and -G options have been removed;"
233 " please use the configuration file instead.");
244 if (!serverstart && !clientstart)
245 errx(1, "it is illegal to specify both -C and -S");
247 strncat(pipefsdir, "/nfs", sizeof(pipefsdir));
249 if ((pw = getpwnam(nobodyuser)) == NULL)
250 errx(1, "Could not find user \"%s\"", nobodyuser);
251 nobodyuid = pw->pw_uid;
253 if ((gr = getgrnam(nobodygroup)) == NULL)
254 errx(1, "Could not find group \"%s\"", nobodygroup);
255 nobodygid = gr->gr_gid;
263 nfsdret = nfsdopen(NFSD_DIR);
265 ret = flush_nfsd_idmap_cache();
267 errx(1, "Failed to flush nfsd idmap cache\n");
272 struct timeval now = {
277 if ((fd = open(pipefsdir, O_RDONLY)) == -1)
278 err(1, "open(%s)", pipefsdir);
280 if (fcntl(fd, F_SETSIG, SIGUSR1) == -1)
281 err(1, "fcntl(%s)", pipefsdir);
282 if (fcntl(fd, F_NOTIFY,
283 DN_CREATE | DN_DELETE | DN_MODIFY | DN_MULTISHOT) == -1)
284 err(1, "fcntl(%s)", pipefsdir);
288 /* These events are persistent */
289 signal_set(&rootdirev, SIGUSR1, dirscancb, &icq);
290 signal_add(&rootdirev, NULL);
291 signal_set(&clntdirev, SIGUSR2, clntscancb, &icq);
292 signal_add(&clntdirev, NULL);
293 signal_set(&svrdirev, SIGHUP, svrreopen, NULL);
294 signal_add(&svrdirev, NULL);
296 /* Fetch current state */
297 /* (Delay till start of event_dispatch to avoid possibly losing
298 * a SIGUSR1 between here and the call to event_dispatch().) */
299 evtimer_set(&initialize, dirscancb, &icq);
300 evtimer_add(&initialize, &now);
303 if (nfsdret != 0 && fd == 0)
304 errx(1, "Neither NFS client nor NFSd found");
308 if (event_dispatch() < 0)
309 errx(1, "event_dispatch: returns errno %d (%s)", errno, strerror(errno));
315 dirscancb(int fd, short which, void *data)
318 struct dirent **ents;
319 struct idmap_client *ic;
321 struct idmap_clientq *icq = data;
323 nent = scandir(pipefsdir, &ents, NULL, alphasort);
325 warn("scandir(%s)", pipefsdir);
329 for (i = 0; i < nent; i++) {
330 if (ents[i]->d_reclen > 4 &&
331 strncmp(ents[i]->d_name, "clnt", 4) == 0) {
332 TAILQ_FOREACH(ic, icq, ic_next)
333 if (strcmp(ents[i]->d_name + 4, ic->ic_clid) == 0)
338 if ((ic = calloc(1, sizeof(*ic))) == NULL)
340 strlcpy(ic->ic_clid, ents[i]->d_name + 4,
341 sizeof(ic->ic_clid));
343 snprintf(path, sizeof(path), "%s/%s",
344 pipefsdir, ents[i]->d_name);
346 if ((ic->ic_dirfd = open(path, O_RDONLY, 0)) == -1) {
347 warn("open(%s)", path);
352 strlcat(path, "/idmap", sizeof(path));
353 strlcpy(ic->ic_path, path, sizeof(ic->ic_path));
356 warnx("New client: %s", ic->ic_clid);
358 if (nfsopen(ic) == -1) {
364 ic->ic_id = "Client";
366 TAILQ_INSERT_TAIL(icq, ic, ic_next);
373 TAILQ_FOREACH(ic, icq, ic_next) {
374 if (!ic->ic_scanned) {
375 event_del(&ic->ic_event);
378 TAILQ_REMOVE(icq, ic, ic_next);
380 warnx("Stale client: %s", ic->ic_clid);
381 warnx("\t-> closed %s", ic->ic_path);
391 svrreopen(int fd, short which, void *data)
397 clntscancb(int fd, short which, void *data)
399 struct idmap_clientq *icq = data;
400 struct idmap_client *ic;
402 TAILQ_FOREACH(ic, icq, ic_next)
403 if (ic->ic_fd == -1 && nfsopen(ic) == -1) {
405 TAILQ_REMOVE(icq, ic, ic_next);
411 nfsdcb(int fd, short which, void *data)
413 struct idmap_client *ic = data;
415 u_char buf[IDMAP_MAXMSGSZ + 1];
417 char *bp, typebuf[IDMAP_MAXMSGSZ],
418 buf1[IDMAP_MAXMSGSZ], authbuf[IDMAP_MAXMSGSZ], *p;
420 if (which != EV_READ)
423 if ((len = read(ic->ic_fd, buf, sizeof(buf))) == -1) {
424 warnx("nfsdcb: read(%s) failed: errno %d (%s)",
425 ic->ic_path, errno, strerror(errno));
429 /* Get rid of newline and terminate buffer*/
433 memset(&im, 0, sizeof(im));
435 /* Authentication name -- ignored for now*/
436 if (getfield(&bp, authbuf, sizeof(authbuf)) == -1) {
437 warnx("nfsdcb: bad authentication name in upcall\n");
440 if (getfield(&bp, typebuf, sizeof(typebuf)) == -1) {
441 warnx("nfsdcb: bad type in upcall\n");
445 warnx("nfsdcb: authbuf=%s authtype=%s", authbuf, typebuf);
447 im.im_type = strcmp(typebuf, "user") == 0 ?
448 IDMAP_TYPE_USER : IDMAP_TYPE_GROUP;
450 switch (ic->ic_which) {
452 im.im_conv = IDMAP_CONV_NAMETOID;
453 if (getfield(&bp, im.im_name, sizeof(im.im_name)) == -1) {
454 warnx("nfsdcb: bad name in upcall\n");
459 im.im_conv = IDMAP_CONV_IDTONAME;
460 if (getfield(&bp, buf1, sizeof(buf1)) == -1) {
461 warnx("nfsdcb: bad id in upcall\n");
464 if ((im.im_id = strtoul(buf1, (char **)NULL, 10)) == ULONG_MAX &&
466 warnx("nfsdcb: id '%s' too big!\n", buf1);
472 warnx("Unknown which type %d", ic->ic_which);
482 /* Authentication name */
483 addfield(&bp, &bsiz, authbuf);
485 switch (ic->ic_which) {
488 p = im.im_type == IDMAP_TYPE_USER ? "user" : "group";
489 addfield(&bp, &bsiz, p);
491 addfield(&bp, &bsiz, im.im_name);
492 #define NFSD_EXPIRY 300 /* seconds */
494 snprintf(buf1, sizeof(buf1), "%lu", time(NULL) + NFSD_EXPIRY);
495 addfield(&bp, &bsiz, buf1);
497 snprintf(buf1, sizeof(buf1), "%u", im.im_id);
498 addfield(&bp, &bsiz, buf1);
500 //if (bsiz == sizeof(buf)) /* XXX */
507 p = im.im_type == IDMAP_TYPE_USER ? "user" : "group";
508 addfield(&bp, &bsiz, p);
510 snprintf(buf1, sizeof(buf1), "%u", im.im_id);
511 addfield(&bp, &bsiz, buf1);
513 snprintf(buf1, sizeof(buf1), "%lu", time(NULL) + NFSD_EXPIRY);
514 addfield(&bp, &bsiz, buf1);
516 addfield(&bp, &bsiz, im.im_name);
522 warnx("Unknown which type %d", ic->ic_which);
526 bsiz = sizeof(buf) - bsiz;
528 if (atomicio(write, ic->ic_fd, buf, bsiz) != bsiz)
529 warnx("nfsdcb: write(%s) failed: errno %d (%s)",
530 ic->ic_path, errno, strerror(errno));
533 event_add(&ic->ic_event, NULL);
537 imconv(struct idmap_client *ic, struct idmap_msg *im)
539 switch (im->im_conv) {
540 case IDMAP_CONV_IDTONAME:
543 warnx("%s %s: (%s) id \"%d\" -> name \"%s\"",
544 ic->ic_id, ic->ic_clid,
545 im->im_type == IDMAP_TYPE_USER ? "user" : "group",
546 im->im_id, im->im_name);
548 case IDMAP_CONV_NAMETOID:
549 if (validateascii(im->im_name, sizeof(im->im_name)) == -1) {
550 im->im_status |= IDMAP_STATUS_INVALIDMSG;
555 warnx("%s %s: (%s) name \"%s\" -> id \"%d\"",
556 ic->ic_id, ic->ic_clid,
557 im->im_type == IDMAP_TYPE_USER ? "user" : "group",
558 im->im_name, im->im_id);
561 warnx("Invalid conversion type (%d) in message", im->im_conv);
562 im->im_status |= IDMAP_STATUS_INVALIDMSG;
568 nfscb(int fd, short which, void *data)
570 struct idmap_client *ic = data;
573 if (which != EV_READ)
576 if (atomicio(read, ic->ic_fd, &im, sizeof(im)) != sizeof(im)) {
578 warn("read(%s)", ic->ic_path);
586 if (atomicio(write, ic->ic_fd, &im, sizeof(im)) != sizeof(im))
587 warn("write(%s)", ic->ic_path);
589 event_add(&ic->ic_event, NULL);
593 nfsdreopen_one(struct idmap_client *ic)
598 warnx("ReOpening %s", ic->ic_path);
599 if ((fd = open(ic->ic_path, O_RDWR, 0)) != -1) {
602 ic->ic_event.ev_fd = ic->ic_fd = fd;
603 event_set(&ic->ic_event, ic->ic_fd, EV_READ, nfsdcb, ic);
604 event_add(&ic->ic_event, NULL);
606 warnx("nfsdreopen: Opening '%s' failed: errno %d (%s)",
607 ic->ic_path, errno, strerror(errno));
612 * Note: nfsdreopen assumes nfsdopen has already been called
617 nfsdreopen_one(&nfsd_ic[IC_NAMEID]);
618 nfsdreopen_one(&nfsd_ic[IC_IDNAME]);
625 return ((nfsdopenone(&nfsd_ic[0], IC_NAMEID, path) == 0 &&
626 nfsdopenone(&nfsd_ic[1], IC_IDNAME, path) == 0) ? 0 : -1);
630 nfsdopenone(struct idmap_client *ic, short which, char *path)
634 whichstr = which == IC_IDNAME ? "idtoname" : "nametoid";
635 snprintf(ic->ic_path, sizeof(ic->ic_path),
636 "%s/nfs4.%s/channel", path, whichstr);
637 if ((ic->ic_fd = open(ic->ic_path, O_RDWR, 0)) == -1) {
639 warnx("Opening %s failed: errno %d (%s)",
640 ic->ic_path, errno, strerror(errno));
644 event_set(&ic->ic_event, ic->ic_fd, EV_READ, nfsdcb, ic);
645 event_add(&ic->ic_event, NULL);
647 ic->ic_which = which;
648 ic->ic_id = "Server";
649 strlcpy(ic->ic_clid, "Server", strlen("Server"));
652 warnx("Opened %s", ic->ic_path);
658 nfsopen(struct idmap_client *ic)
660 if ((ic->ic_fd = open(ic->ic_path, O_RDWR, 0)) == -1) {
663 fcntl(ic->ic_dirfd, F_SETSIG, SIGUSR2);
664 fcntl(ic->ic_dirfd, F_NOTIFY,
665 DN_CREATE | DN_DELETE | DN_MULTISHOT);
668 warn("open(%s)", ic->ic_path);
672 event_set(&ic->ic_event, ic->ic_fd, EV_READ, nfscb, ic);
673 event_add(&ic->ic_event, NULL);
674 fcntl(ic->ic_dirfd, F_SETSIG, 0);
675 fcntl(ic->ic_dirfd, F_NOTIFY, 0);
677 warnx("Opened %s", ic->ic_path);
683 static int write_name(char *dest, char *localname, char *domain, size_t len)
685 if (strlen(localname) + 1 + strlen(domain) + 1 > len) {
686 return -ENOMEM; /* XXX: Is there an -ETOOLONG? */
688 strcpy(dest, localname);
690 strcat(dest, domain);
695 idtonameres(struct idmap_msg *im)
697 char domain[NFS4_MAX_DOMAIN_LEN];
700 ret = nfs4_get_default_domain(NULL, domain, sizeof(domain));
701 switch (im->im_type) {
702 case IDMAP_TYPE_USER:
703 ret = nfs4_uid_to_name(im->im_id, domain, im->im_name,
704 sizeof(im->im_name));
706 write_name(im->im_name, nobodyuser, domain,
707 sizeof(im->im_name));
709 case IDMAP_TYPE_GROUP:
710 ret = nfs4_gid_to_name(im->im_id, domain, im->im_name,
711 sizeof(im->im_name));
713 write_name(im->im_name, nobodygroup, domain,
714 sizeof(im->im_name));
718 im->im_status = IDMAP_STATUS_SUCCESS;
722 nametoidres(struct idmap_msg *im)
726 /* XXX: nobody fallbacks shouldn't always happen:
727 * server id -> name should be OK
728 * client name -> id should be OK
729 * but not otherwise */
730 /* XXX: move nobody stuff to library calls
731 * (nfs4_get_nobody_user(domain), nfs4_get_nobody_group(domain)) */
732 /* XXX: should make this call higher up in the call chain (so we'd
733 * have a chance on looking up server/whatever. */
734 switch (im->im_type) {
735 case IDMAP_TYPE_USER:
736 ret = nfs4_name_to_uid(im->im_name, &im->im_id);
738 im->im_id = nobodyuid;
740 case IDMAP_TYPE_GROUP:
741 ret = nfs4_name_to_gid(im->im_name, &im->im_id);
743 im->im_id = nobodygid;
747 im->im_status = IDMAP_STATUS_SUCCESS;
751 validateascii(char *string, u_int32_t len)
755 for (i = 0; i < len; i++) {
756 if (string[i] == '\0')
759 if (string[i] & 0x80)
763 if (string[i] != '\0')
770 addfield(char **bpp, ssize_t *bsizp, char *fld)
773 ssize_t bsiz = *bsizp;
775 while ((ch = *fld++) != '\0' && bsiz > 0) {
782 bp += snprintf(bp, bsiz, "\\%03o", ch);
793 if (bsiz < 1 || ch != '\0')
806 getfield(char **bpp, char *fld, size_t fldsz)
811 while ((bp = strsep(bpp, " ")) != NULL && bp[0] == '\0')
814 if (bp == NULL || bp[0] == '\0' || bp[0] == '\n')
817 while (*bp != '\0' && fldsz > 1) {
819 if ((n = sscanf(bp, "\\%03o", &val)) != 1)
839 * mydaemon creates a pipe between the partent and child
840 * process. The parent process will wait until the
841 * child dies or writes a '1' on the pipe signaling
842 * that it started successfully.
844 int pipefds[2] = { -1, -1};
847 mydaemon(int nochdir, int noclose)
849 int pid, status, tempfd, fdmax, filedes;
851 if (pipe(pipefds) < 0)
852 err(1, "mydaemon: pipe() failed: errno %d (%s)\n", errno, strerror(errno));
854 if ((pid = fork ()) < 0)
855 err(1, "mydaemon: fork() failed: errno %d (%s)\n", errno, strerror(errno));
859 * Parent. Wait for status from child.
862 if (read(pipefds[0], &status, 1) != 1)
870 if (chdir ("/") == -1)
871 err(1, "mydaemon: chdir() failed: errno %d (%s)\n", errno, strerror(errno));
874 while (pipefds[1] <= 2) {
875 pipefds[1] = dup(pipefds[1]);
877 err(1, "mydaemon: dup() failed: errno %d (%s)\n", errno, strerror(errno));
881 tempfd = open("/dev/null", O_RDWR);
882 close(0); dup2(tempfd, 0);
883 close(1); dup2(tempfd, 1);
884 close(2); dup2(tempfd, 2);
885 fdmax = sysconf (_SC_OPEN_MAX);
886 for (filedes = 3; filedes < fdmax; filedes++)
887 if (filedes != pipefds[1])
898 if (pipefds[1] > 0) {
899 write(pipefds[1], &status, 1);