4 * Userland daemon for idmap.
6 * Copyright (c) 2002 The Regents of the University of Michigan.
9 * Marius Aamodt Eriksen <marius@umich.edu>
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its
21 * contributors may be used to endorse or promote products derived
22 * from this software without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
25 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
26 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
31 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
32 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
33 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
34 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37 #include <sys/types.h>
40 #include <sys/socket.h>
44 #include "nfs_idmap.h"
67 #endif /* HAVE_CONFIG_H */
74 #define PIPEFS_DIR "/var/lib/nfs/rpc_pipefs/"
78 #define NFSD_DIR "/proc/net/rpc"
81 #ifndef NFS4NOBODY_USER
82 #define NFS4NOBODY_USER "nobody"
85 #ifndef NFS4NOBODY_GROUP
86 #define NFS4NOBODY_GROUP "nobody"
90 #define CONF_SAVE(w, f) do { \
97 #define IC_IDNAME_CHAN NFSD_DIR "/nfs4.idtoname/channel"
98 #define IC_IDNAME_FLUSH NFSD_DIR "/nfs4.idtoname/flush"
101 #define IC_NAMEID_CHAN NFSD_DIR "/nfs4.nametoid/channel"
102 #define IC_NAMEID_FLUSH NFSD_DIR "/nfs4.nametoid/flush"
104 struct idmap_client {
108 char ic_path[PATH_MAX];
112 struct event ic_event;
113 TAILQ_ENTRY(idmap_client) ic_next;
115 static struct idmap_client nfsd_ic[2] = {
116 {IC_IDNAME, "Server", "", IC_IDNAME_CHAN, -1, -1, 0},
117 {IC_NAMEID, "Server", "", IC_NAMEID_CHAN, -1, -1, 0},
120 TAILQ_HEAD(idmap_clientq, idmap_client);
122 static void dirscancb(int, short, void *);
123 static void clntscancb(int, short, void *);
124 static void svrreopen(int, short, void *);
125 static int nfsopen(struct idmap_client *);
126 static void nfscb(int, short, void *);
127 static void nfsdcb(int, short, void *);
128 static int validateascii(char *, u_int32_t);
129 static int addfield(char **, ssize_t *, char *);
130 static int getfield(char **, char *, size_t);
132 static void imconv(struct idmap_client *, struct idmap_msg *);
133 static void idtonameres(struct idmap_msg *);
134 static void nametoidres(struct idmap_msg *);
136 static int nfsdopen();
137 static int nfsdopenone(struct idmap_client *);
138 static void nfsdreopen(void);
140 size_t strlcat(char *, const char *, size_t);
141 size_t strlcpy(char *, const char *, size_t);
142 ssize_t atomicio(ssize_t (*)(), int, void *, size_t);
143 void mydaemon(int, int);
144 void release_parent();
146 static int verbose = 0;
147 static char pipefsdir[PATH_MAX];
148 static char *nobodyuser, *nobodygroup;
149 static uid_t nobodyuid;
150 static gid_t nobodygid;
156 flush_nfsd_cache(char *path, time_t now)
161 sprintf(stime, "%ld\n", now);
162 fd = open(path, O_RDWR);
165 write(fd, stime, strlen(stime));
171 flush_nfsd_idmap_cache(void)
173 time_t now = time(NULL);
176 ret = flush_nfsd_cache(IC_IDNAME_FLUSH, now);
179 ret = flush_nfsd_cache(IC_NAMEID_FLUSH, now);
184 msg_format(char *rtnbuff, int rtnbuffsize, int errval,
185 const char *fmt, va_list args)
190 vsnprintf(buff, sizeof(buff), fmt, args);
192 if ((n = strlen(buff)) > 0 && buff[n-1] == '\n')
195 snprintf(rtnbuff, rtnbuffsize, "%s: %s", buff, strerror(errval));
199 idmapd_warn(const char *fmt, ...)
201 int errval = errno; /* save this! */
206 msg_format(buff, sizeof(buff), errval, fmt, args);
209 syslog(LOG_WARNING, "%s", buff);
213 idmapd_warnx(const char *fmt, ...)
218 vsyslog(LOG_WARNING, fmt, args);
223 idmapd_err(int eval, const char *fmt, ...)
225 int errval = errno; /* save this! */
230 msg_format(buff, sizeof(buff), errval, fmt, args);
233 syslog(LOG_ERR, "%s", buff);
238 idmapd_errx(int eval, const char *fmt, ...)
243 vsyslog(LOG_ERR, fmt, args);
249 main(int argc, char **argv)
251 int fd = 0, opt, fg = 0, nfsdret = -1;
252 struct idmap_clientq icq;
253 struct event rootdirev, clntdirev, svrdirev;
254 struct event initialize;
258 char *xpipefsdir = NULL;
259 int serverstart = 1, clientstart = 1;
263 conf_path = _PATH_IDMAPDCONF;
264 nobodyuser = NFS4NOBODY_USER;
265 nobodygroup = NFS4NOBODY_GROUP;
266 strlcpy(pipefsdir, PIPEFS_DIR, sizeof(pipefsdir));
268 if ((progname = strrchr(argv[0], '/')))
272 openlog(progname, LOG_PID, LOG_DAEMON);
274 #define GETOPTSTR "vfd:p:U:G:c:CS"
275 opterr=0; /* Turn off error messages */
276 while ((opt = getopt(argc, argv, GETOPTSTR)) != -1) {
280 if (strchr(GETOPTSTR, optopt))
281 errx(1, "'-%c' option requires an argument.", optopt);
283 errx(1, "'-%c' is an invalid argument.", optopt);
288 if (stat(conf_path, &sb) == -1 && (errno == ENOENT || errno == EACCES)) {
289 warn("Skipping configuration file \"%s\"", conf_path);
293 verbose = conf_get_num("General", "Verbosity", 0);
294 CONF_SAVE(xpipefsdir, conf_get_str("General", "Pipefs-Directory"));
295 if (xpipefsdir != NULL)
296 strlcpy(pipefsdir, xpipefsdir, sizeof(pipefsdir));
297 CONF_SAVE(nobodyuser, conf_get_str("Mapping", "Nobody-User"));
298 CONF_SAVE(nobodygroup, conf_get_str("Mapping", "Nobody-Group"));
301 while ((opt = getopt(argc, argv, GETOPTSTR)) != -1)
310 strlcpy(pipefsdir, optarg, sizeof(pipefsdir));
315 errx(1, "the -d, -U, and -G options have been removed;"
316 " please use the configuration file instead.");
327 if (!serverstart && !clientstart)
328 errx(1, "it is illegal to specify both -C and -S");
330 strncat(pipefsdir, "/nfs", sizeof(pipefsdir));
332 if ((pw = getpwnam(nobodyuser)) == NULL)
333 errx(1, "Could not find user \"%s\"", nobodyuser);
334 nobodyuid = pw->pw_uid;
336 if ((gr = getgrnam(nobodygroup)) == NULL)
337 errx(1, "Could not find group \"%s\"", nobodygroup);
338 nobodygid = gr->gr_gid;
340 nfs4_set_debug(verbose, idmapd_warnx);
341 if (conf_path == NULL)
342 conf_path = _PATH_IDMAPDCONF;
343 if (nfs4_init_name_mapping(conf_path))
344 errx(1, "Unable to create name to user id mappings.");
352 nfsdret = nfsdopen();
354 ret = flush_nfsd_idmap_cache();
357 "main: Failed to flush nfsd idmap cache\n");
362 struct timeval now = {
367 if ((fd = open(pipefsdir, O_RDONLY)) == -1)
368 idmapd_err(1, "main: open(%s)", pipefsdir);
370 if (fcntl(fd, F_SETSIG, SIGUSR1) == -1)
371 idmapd_err(1, "main: fcntl(%s)", pipefsdir);
373 if (fcntl(fd, F_NOTIFY,
374 DN_CREATE | DN_DELETE | DN_MODIFY | DN_MULTISHOT) == -1)
375 idmapd_err(1, "main: fcntl(%s)", pipefsdir);
379 /* These events are persistent */
380 signal_set(&rootdirev, SIGUSR1, dirscancb, &icq);
381 signal_add(&rootdirev, NULL);
382 signal_set(&clntdirev, SIGUSR2, clntscancb, &icq);
383 signal_add(&clntdirev, NULL);
384 signal_set(&svrdirev, SIGHUP, svrreopen, NULL);
385 signal_add(&svrdirev, NULL);
387 /* Fetch current state */
388 /* (Delay till start of event_dispatch to avoid possibly losing
389 * a SIGUSR1 between here and the call to event_dispatch().) */
390 evtimer_set(&initialize, dirscancb, &icq);
391 evtimer_add(&initialize, &now);
394 if (nfsdret != 0 && fd == 0)
395 idmapd_errx(1, "main: Neither NFS client nor NFSd found");
399 if (event_dispatch() < 0)
400 idmapd_errx(1, "main: event_dispatch returns errno %d (%s)",
401 errno, strerror(errno));
407 dirscancb(int fd, short which, void *data)
410 struct dirent **ents;
411 struct idmap_client *ic;
413 struct idmap_clientq *icq = data;
415 nent = scandir(pipefsdir, &ents, NULL, alphasort);
417 idmapd_warn("dirscancb: scandir(%s)", pipefsdir);
421 for (i = 0; i < nent; i++) {
422 if (ents[i]->d_reclen > 4 &&
423 strncmp(ents[i]->d_name, "clnt", 4) == 0) {
424 TAILQ_FOREACH(ic, icq, ic_next)
425 if (strcmp(ents[i]->d_name + 4, ic->ic_clid) == 0)
430 if ((ic = calloc(1, sizeof(*ic))) == NULL)
432 strlcpy(ic->ic_clid, ents[i]->d_name + 4,
433 sizeof(ic->ic_clid));
435 snprintf(path, sizeof(path), "%s/%s",
436 pipefsdir, ents[i]->d_name);
438 if ((ic->ic_dirfd = open(path, O_RDONLY, 0)) == -1) {
439 idmapd_warn("dirscancb: open(%s)", path);
444 strlcat(path, "/idmap", sizeof(path));
445 strlcpy(ic->ic_path, path, sizeof(ic->ic_path));
448 idmapd_warnx("New client: %s", ic->ic_clid);
450 if (nfsopen(ic) == -1) {
456 ic->ic_id = "Client";
458 TAILQ_INSERT_TAIL(icq, ic, ic_next);
465 TAILQ_FOREACH(ic, icq, ic_next) {
466 if (!ic->ic_scanned) {
467 event_del(&ic->ic_event);
470 TAILQ_REMOVE(icq, ic, ic_next);
472 idmapd_warnx("Stale client: %s", ic->ic_clid);
473 idmapd_warnx("\t-> closed %s", ic->ic_path);
483 svrreopen(int fd, short which, void *data)
489 clntscancb(int fd, short which, void *data)
491 struct idmap_clientq *icq = data;
492 struct idmap_client *ic;
494 TAILQ_FOREACH(ic, icq, ic_next)
495 if (ic->ic_fd == -1 && nfsopen(ic) == -1) {
497 TAILQ_REMOVE(icq, ic, ic_next);
503 nfsdcb(int fd, short which, void *data)
505 struct idmap_client *ic = data;
507 u_char buf[IDMAP_MAXMSGSZ + 1];
509 char *bp, typebuf[IDMAP_MAXMSGSZ],
510 buf1[IDMAP_MAXMSGSZ], authbuf[IDMAP_MAXMSGSZ], *p;
513 if (which != EV_READ)
516 if ((len = read(ic->ic_fd, buf, sizeof(buf))) == -1) {
517 idmapd_warnx("nfsdcb: read(%s) failed: errno %d (%s)",
518 ic->ic_path, errno, strerror(errno));
522 /* Get rid of newline and terminate buffer*/
526 memset(&im, 0, sizeof(im));
528 /* Authentication name -- ignored for now*/
529 if (getfield(&bp, authbuf, sizeof(authbuf)) == -1) {
530 idmapd_warnx("nfsdcb: bad authentication name in upcall\n");
533 if (getfield(&bp, typebuf, sizeof(typebuf)) == -1) {
534 idmapd_warnx("nfsdcb: bad type in upcall\n");
538 idmapd_warnx("nfsdcb: authbuf=%s authtype=%s",
541 im.im_type = strcmp(typebuf, "user") == 0 ?
542 IDMAP_TYPE_USER : IDMAP_TYPE_GROUP;
544 switch (ic->ic_which) {
546 im.im_conv = IDMAP_CONV_NAMETOID;
547 if (getfield(&bp, im.im_name, sizeof(im.im_name)) == -1) {
548 idmapd_warnx("nfsdcb: bad name in upcall\n");
553 im.im_conv = IDMAP_CONV_IDTONAME;
554 if (getfield(&bp, buf1, sizeof(buf1)) == -1) {
555 idmapd_warnx("nfsdcb: bad id in upcall\n");
558 tmp = strtoul(buf1, (char **)NULL, 10);
559 im.im_id = (u_int32_t)tmp;
560 if ((tmp == ULONG_MAX && errno == ERANGE)
561 || (unsigned long)im.im_id != tmp) {
562 idmapd_warnx("nfsdcb: id '%s' too big!\n", buf1);
567 idmapd_warnx("nfsdcb: Unknown which type %d", ic->ic_which);
577 /* Authentication name */
578 addfield(&bp, &bsiz, authbuf);
580 switch (ic->ic_which) {
583 p = im.im_type == IDMAP_TYPE_USER ? "user" : "group";
584 addfield(&bp, &bsiz, p);
586 addfield(&bp, &bsiz, im.im_name);
587 #define NFSD_EXPIRY 300 /* seconds */
589 snprintf(buf1, sizeof(buf1), "%lu", time(NULL) + NFSD_EXPIRY);
590 addfield(&bp, &bsiz, buf1);
592 snprintf(buf1, sizeof(buf1), "%u", im.im_id);
593 addfield(&bp, &bsiz, buf1);
595 //if (bsiz == sizeof(buf)) /* XXX */
602 p = im.im_type == IDMAP_TYPE_USER ? "user" : "group";
603 addfield(&bp, &bsiz, p);
605 snprintf(buf1, sizeof(buf1), "%u", im.im_id);
606 addfield(&bp, &bsiz, buf1);
608 snprintf(buf1, sizeof(buf1), "%lu", time(NULL) + NFSD_EXPIRY);
609 addfield(&bp, &bsiz, buf1);
611 addfield(&bp, &bsiz, im.im_name);
617 idmapd_warnx("nfsdcb: Unknown which type %d", ic->ic_which);
621 bsiz = sizeof(buf) - bsiz;
623 if (atomicio(write, ic->ic_fd, buf, bsiz) != bsiz)
624 idmapd_warnx("nfsdcb: write(%s) failed: errno %d (%s)",
625 ic->ic_path, errno, strerror(errno));
628 event_add(&ic->ic_event, NULL);
632 imconv(struct idmap_client *ic, struct idmap_msg *im)
634 switch (im->im_conv) {
635 case IDMAP_CONV_IDTONAME:
638 idmapd_warnx("%s %s: (%s) id \"%d\" -> name \"%s\"",
639 ic->ic_id, ic->ic_clid,
640 im->im_type == IDMAP_TYPE_USER ? "user" : "group",
641 im->im_id, im->im_name);
643 case IDMAP_CONV_NAMETOID:
644 if (validateascii(im->im_name, sizeof(im->im_name)) == -1) {
645 im->im_status |= IDMAP_STATUS_INVALIDMSG;
650 idmapd_warnx("%s %s: (%s) name \"%s\" -> id \"%d\"",
651 ic->ic_id, ic->ic_clid,
652 im->im_type == IDMAP_TYPE_USER ? "user" : "group",
653 im->im_name, im->im_id);
656 idmapd_warnx("imconv: Invalid conversion type (%d) in message",
658 im->im_status |= IDMAP_STATUS_INVALIDMSG;
664 nfscb(int fd, short which, void *data)
666 struct idmap_client *ic = data;
669 if (which != EV_READ)
672 if (atomicio(read, ic->ic_fd, &im, sizeof(im)) != sizeof(im)) {
674 idmapd_warn("nfscb: read(%s)", ic->ic_path);
682 if (atomicio(write, ic->ic_fd, &im, sizeof(im)) != sizeof(im))
683 idmapd_warn("nfscb: write(%s)", ic->ic_path);
685 event_add(&ic->ic_event, NULL);
689 nfsdreopen_one(struct idmap_client *ic)
694 idmapd_warnx("ReOpening %s", ic->ic_path);
696 if ((fd = open(ic->ic_path, O_RDWR, 0)) != -1) {
697 if ((ic->ic_event.ev_flags & EVLIST_INIT))
698 event_del(&ic->ic_event);
702 ic->ic_event.ev_fd = ic->ic_fd = fd;
703 event_set(&ic->ic_event, ic->ic_fd, EV_READ, nfsdcb, ic);
704 event_add(&ic->ic_event, NULL);
706 idmapd_warnx("nfsdreopen: Opening '%s' failed: errno %d (%s)",
707 ic->ic_path, errno, strerror(errno));
714 nfsdreopen_one(&nfsd_ic[IC_NAMEID]);
715 nfsdreopen_one(&nfsd_ic[IC_IDNAME]);
722 return ((nfsdopenone(&nfsd_ic[IC_NAMEID]) == 0 &&
723 nfsdopenone(&nfsd_ic[IC_IDNAME]) == 0) ? 0 : -1);
727 nfsdopenone(struct idmap_client *ic)
729 if ((ic->ic_fd = open(ic->ic_path, O_RDWR, 0)) == -1) {
731 idmapd_warnx("nfsdopenone: Opening %s failed: "
733 ic->ic_path, errno, strerror(errno));
737 event_set(&ic->ic_event, ic->ic_fd, EV_READ, nfsdcb, ic);
738 event_add(&ic->ic_event, NULL);
741 idmapd_warnx("Opened %s", ic->ic_path);
747 nfsopen(struct idmap_client *ic)
749 if ((ic->ic_fd = open(ic->ic_path, O_RDWR, 0)) == -1) {
752 fcntl(ic->ic_dirfd, F_SETSIG, SIGUSR2);
753 fcntl(ic->ic_dirfd, F_NOTIFY,
754 DN_CREATE | DN_DELETE | DN_MULTISHOT);
757 idmapd_warn("nfsopen: open(%s)", ic->ic_path);
761 event_set(&ic->ic_event, ic->ic_fd, EV_READ, nfscb, ic);
762 event_add(&ic->ic_event, NULL);
763 fcntl(ic->ic_dirfd, F_SETSIG, 0);
764 fcntl(ic->ic_dirfd, F_NOTIFY, 0);
766 idmapd_warnx("Opened %s", ic->ic_path);
773 idtonameres(struct idmap_msg *im)
775 char domain[NFS4_MAX_DOMAIN_LEN];
778 ret = nfs4_get_default_domain(NULL, domain, sizeof(domain));
779 switch (im->im_type) {
780 case IDMAP_TYPE_USER:
781 ret = nfs4_uid_to_name(im->im_id, domain, im->im_name,
782 sizeof(im->im_name));
784 if (strlen(nobodyuser) < sizeof(im->im_name))
785 strcpy(im->im_name, nobodyuser);
787 strcpy(im->im_name, NFS4NOBODY_USER);
790 case IDMAP_TYPE_GROUP:
791 ret = nfs4_gid_to_name(im->im_id, domain, im->im_name,
792 sizeof(im->im_name));
794 if (strlen(nobodygroup) < sizeof(im->im_name))
795 strcpy(im->im_name, nobodygroup);
797 strcpy(im->im_name, NFS4NOBODY_GROUP);
802 im->im_status = IDMAP_STATUS_SUCCESS;
806 nametoidres(struct idmap_msg *im)
812 /* XXX: nobody fallbacks shouldn't always happen:
813 * server id -> name should be OK
814 * client name -> id should be OK
815 * but not otherwise */
816 /* XXX: move nobody stuff to library calls
817 * (nfs4_get_nobody_user(domain), nfs4_get_nobody_group(domain)) */
818 /* XXX: should make this call higher up in the call chain (so we'd
819 * have a chance on looking up server/whatever. */
820 switch (im->im_type) {
821 case IDMAP_TYPE_USER:
822 ret = nfs4_name_to_uid(im->im_name, &uid);
823 im->im_id = (u_int32_t) uid;
825 im->im_id = nobodyuid;
827 case IDMAP_TYPE_GROUP:
828 ret = nfs4_name_to_gid(im->im_name, &gid);
829 im->im_id = (u_int32_t) gid;
831 im->im_id = nobodygid;
835 im->im_status = IDMAP_STATUS_SUCCESS;
839 validateascii(char *string, u_int32_t len)
843 for (i = 0; i < len; i++) {
844 if (string[i] == '\0')
847 if (string[i] & 0x80)
851 if (string[i] != '\0')
858 addfield(char **bpp, ssize_t *bsizp, char *fld)
861 ssize_t bsiz = *bsizp;
863 while ((ch = *fld++) != '\0' && bsiz > 0) {
870 bp += snprintf(bp, bsiz, "\\%03o", ch);
881 if (bsiz < 1 || ch != '\0')
894 getfield(char **bpp, char *fld, size_t fldsz)
899 while ((bp = strsep(bpp, " ")) != NULL && bp[0] == '\0')
902 if (bp == NULL || bp[0] == '\0' || bp[0] == '\n')
905 while (*bp != '\0' && fldsz > 1) {
907 if ((n = sscanf(bp, "\\%03o", &val)) != 1)
927 * mydaemon creates a pipe between the partent and child
928 * process. The parent process will wait until the
929 * child dies or writes a '1' on the pipe signaling
930 * that it started successfully.
932 int pipefds[2] = { -1, -1};
935 mydaemon(int nochdir, int noclose)
937 int pid, status, tempfd;
939 if (pipe(pipefds) < 0)
940 err(1, "mydaemon: pipe() failed: errno %d", errno);
942 if ((pid = fork ()) < 0)
943 err(1, "mydaemon: fork() failed: errno %d", errno);
947 * Parent. Wait for status from child.
950 if (read(pipefds[0], &status, 1) != 1)
958 if (chdir ("/") == -1)
959 err(1, "mydaemon: chdir() failed: errno %d", errno);
962 while (pipefds[1] <= 2) {
963 pipefds[1] = dup(pipefds[1]);
965 err(1, "mydaemon: dup() failed: errno %d", errno);
969 tempfd = open("/dev/null", O_RDWR);
983 if (pipefds[1] > 0) {
984 write(pipefds[1], &status, 1);