4 * Userland daemon for idmap.
6 * Copyright (c) 2002 The Regents of the University of Michigan.
9 * Marius Aamodt Eriksen <marius@umich.edu>
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its
21 * contributors may be used to endorse or promote products derived
22 * from this software without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
25 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
26 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
31 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
32 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
33 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
34 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37 #include <sys/types.h>
40 #include <sys/socket.h>
44 #include "nfs_idmap.h"
65 #endif /* HAVE_CONFIG_H */
72 #define PIPEFS_DIR "/var/lib/nfs/rpc_pipefs/"
76 #define NFSD_DIR "/proc/net/rpc"
79 #ifndef NFS4NOBODY_USER
80 #define NFS4NOBODY_USER "nobody"
83 #ifndef NFS4NOBODY_GROUP
84 #define NFS4NOBODY_GROUP "nobody"
88 #define CONF_SAVE(w, f) do { \
100 char ic_path[PATH_MAX];
102 struct event ic_event;
105 TAILQ_ENTRY(idmap_client) ic_next;
108 TAILQ_HEAD(idmap_clientq, idmap_client);
110 static void dirscancb(int, short, void *);
111 static void clntscancb(int, short, void *);
112 static int nfsopen(struct idmap_client *);
113 static void nfscb(int, short, void *);
114 static void nfsdcb(int, short, void *);
115 static int validateascii(char *, u_int32_t);
116 static int addfield(char **, ssize_t *, char *);
117 static int getfield(char **, char *, size_t);
119 static void imconv(struct idmap_client *, struct idmap_msg *);
120 static void idtonameres(struct idmap_msg *);
121 static void nametoidres(struct idmap_msg *);
123 static int nfsdopen(char *);
124 static int nfsdopenone(struct idmap_client *, short, char *);
126 size_t strlcat(char *, const char *, size_t);
127 size_t strlcpy(char *, const char *, size_t);
128 ssize_t atomicio(ssize_t (*)(), int, void *, size_t);
129 int daemon(int, int);
131 static int verbose = 0;
132 static char domain[512];
133 static char pipefsdir[PATH_MAX];
134 static char *nobodyuser, *nobodygroup;
135 static uid_t nobodyuid;
136 static gid_t nobodygid;
137 static struct idmap_client nfsd_ic[2];
143 main(int argc, char **argv)
145 int fd = 0, opt, fg = 0, nfsdret = -1;
146 struct idmap_clientq icq;
147 struct event rootdirev, clntdirev;
148 struct event initialize;
152 char *xpipefsdir = NULL;
153 char *xdomain = NULL;
154 int serverstart = 1, clientstart = 1;
156 conf_path = _PATH_IDMAPDCONF;
157 nobodyuser = NFS4NOBODY_USER;
158 nobodygroup = NFS4NOBODY_GROUP;
159 strlcpy(pipefsdir, PIPEFS_DIR, sizeof(pipefsdir));
161 #define GETOPTSTR "vfd:p:U:G:c:CS"
162 opterr=0; /* Turn off error messages */
163 while ((opt = getopt(argc, argv, GETOPTSTR)) != -1) {
167 if (strchr(GETOPTSTR, optopt))
168 errx(1, "'-%c' option requires an argument.", optopt);
170 errx(1, "'-%c' is an invalid argument.", optopt);
175 if (stat(conf_path, &sb) == -1 && (errno == ENOENT || errno == EACCES)) {
176 warn("Skipping configuration file \"%s\"", conf_path);
179 verbose = conf_get_num("General", "Verbosity", 0);
180 CONF_SAVE(xpipefsdir, conf_get_str("General", "Pipefs-Directory"));
181 CONF_SAVE(xdomain, conf_get_str("General", "Domain"));
182 if (xpipefsdir != NULL)
183 strlcpy(pipefsdir, xpipefsdir, sizeof(pipefsdir));
185 strlcpy(domain, xdomain, sizeof(domain));
186 CONF_SAVE(nobodyuser, conf_get_str("Mapping", "Nobody-User"));
187 CONF_SAVE(nobodygroup, conf_get_str("Mapping", "Nobody-Group"));
190 while ((opt = getopt(argc, argv, GETOPTSTR)) != -1)
199 strlcpy(domain, optarg, sizeof(domain));
202 strlcpy(pipefsdir, optarg, sizeof(pipefsdir));
208 nobodygroup = optarg;
220 if (!serverstart && !clientstart)
221 errx(1, "it is illegal to specify both -C and -S");
223 strncat(pipefsdir, "/nfs", sizeof(pipefsdir));
225 if (domain[0] == '\0') {
229 if (gethostname(hname, sizeof(hname)) == -1)
230 errx(1, "Error getting hostname");
232 if ((he = gethostbyname(hname)) == NULL)
233 errx(1, "Error resolving hostname: %s", hname);
235 if ((c = strchr(he->h_name, '.')) == NULL || *++c == '\0')
236 errx(1, "Error resolving domain, "
237 "please use the -d switch");
239 strlcpy(domain, c, sizeof(domain));
242 if ((pw = getpwnam(nobodyuser)) == NULL)
243 errx(1, "Could not find user \"%s\"", nobodyuser);
244 nobodyuid = pw->pw_uid;
246 if ((gr = getgrnam(nobodygroup)) == NULL)
247 errx(1, "Could not find group \"%s\"", nobodygroup);
248 nobodygid = gr->gr_gid;
250 if (strlen(domain) == 0)
251 errx(1, "Invalid domain; please specify with -d switch");
254 warnx("Using domain \"%s\"", domain);
262 nfsdret = nfsdopen(NFSD_DIR);
265 struct timeval now = {
270 if ((fd = open(pipefsdir, O_RDONLY)) == -1)
271 err(1, "open(%s)", pipefsdir);
273 if (fcntl(fd, F_SETSIG, SIGUSR1) == -1)
274 err(1, "fcntl(%s)", pipefsdir);
275 if (fcntl(fd, F_NOTIFY,
276 DN_CREATE | DN_DELETE | DN_MODIFY | DN_MULTISHOT) == -1)
277 err(1, "fcntl(%s)", pipefsdir);
281 /* These events are persistent */
282 signal_set(&rootdirev, SIGUSR1, dirscancb, &icq);
283 signal_add(&rootdirev, NULL);
284 signal_set(&clntdirev, SIGUSR2, clntscancb, &icq);
285 signal_add(&clntdirev, NULL);
287 /* Fetch current state */
288 /* (Delay till start of event_dispatch to avoid possibly losing
289 * a SIGUSR1 between here and the call to event_dispatch().) */
290 evtimer_set(&initialize, dirscancb, &icq);
291 evtimer_add(&initialize, &now);
294 if (nfsdret != 0 && fd == 0)
295 errx(1, "Neither NFS client nor NFSd found");
303 dirscancb(int fd, short which, void *data)
306 struct dirent **ents;
307 struct idmap_client *ic;
309 struct idmap_clientq *icq = data;
311 nent = scandir(pipefsdir, &ents, NULL, alphasort);
313 warn("scandir(%s)", pipefsdir);
317 for (i = 0; i < nent; i++) {
318 if (ents[i]->d_reclen > 4 &&
319 strncmp(ents[i]->d_name, "clnt", 4) == 0) {
320 TAILQ_FOREACH(ic, icq, ic_next)
321 if (strcmp(ents[i]->d_name + 4, ic->ic_clid) == 0)
326 if ((ic = calloc(1, sizeof(*ic))) == NULL)
328 strlcpy(ic->ic_clid, ents[i]->d_name + 4,
329 sizeof(ic->ic_clid));
331 snprintf(path, sizeof(path), "%s/%s",
332 pipefsdir, ents[i]->d_name);
334 if ((ic->ic_dirfd = open(path, O_RDONLY, 0)) == -1) {
335 warn("open(%s)", path);
340 strlcat(path, "/idmap", sizeof(path));
341 strlcpy(ic->ic_path, path, sizeof(ic->ic_path));
344 warnx("New client: %s", ic->ic_clid);
346 if (nfsopen(ic) == -1) {
352 ic->ic_id = "Client";
354 TAILQ_INSERT_TAIL(icq, ic, ic_next);
361 TAILQ_FOREACH(ic, icq, ic_next) {
362 if (!ic->ic_scanned) {
363 event_del(&ic->ic_event);
366 TAILQ_REMOVE(icq, ic, ic_next);
368 warnx("Stale client: %s", ic->ic_clid);
369 warnx("\t-> closed %s", ic->ic_path);
379 clntscancb(int fd, short which, void *data)
381 struct idmap_clientq *icq = data;
382 struct idmap_client *ic;
384 TAILQ_FOREACH(ic, icq, ic_next)
385 if (ic->ic_fd == -1 && nfsopen(ic) == -1) {
387 TAILQ_REMOVE(icq, ic, ic_next);
393 nfsdcb(int fd, short which, void *data)
395 struct idmap_client *ic = data;
397 u_char buf[IDMAP_MAXMSGSZ + 1];
399 char *bp, typebuf[IDMAP_MAXMSGSZ],
400 buf1[IDMAP_MAXMSGSZ], authbuf[IDMAP_MAXMSGSZ], *p;
402 if (which != EV_READ)
405 if ((len = read(ic->ic_fd, buf, sizeof(buf))) == -1) {
407 warn("read(%s)", ic->ic_path);
411 /* Get rid of newline and terminate buffer*/
415 memset(&im, 0, sizeof(im));
417 /* Authentication name -- ignored for now*/
418 if (getfield(&bp, authbuf, sizeof(authbuf)) == -1)
421 if (getfield(&bp, typebuf, sizeof(typebuf)) == -1)
424 im.im_type = strcmp(typebuf, "user") == 0 ?
425 IDMAP_TYPE_USER : IDMAP_TYPE_GROUP;
427 switch (ic->ic_which) {
429 im.im_conv = IDMAP_CONV_NAMETOID;
430 if (getfield(&bp, im.im_name, sizeof(im.im_name)) == -1)
434 im.im_conv = IDMAP_CONV_IDTONAME;
435 if (getfield(&bp, buf1, sizeof(buf1)) == -1)
437 if ((im.im_id = strtoul(buf1, (char **)NULL, 10)) == ULONG_MAX &&
443 warnx("Unknown which type %d", ic->ic_which);
453 /* Authentication name */
454 addfield(&bp, &bsiz, authbuf);
456 switch (ic->ic_which) {
459 p = im.im_type == IDMAP_TYPE_USER ? "user" : "group";
460 addfield(&bp, &bsiz, p);
462 addfield(&bp, &bsiz, im.im_name);
463 #define NFSD_EXPIRY 300 /* seconds */
465 snprintf(buf1, sizeof(buf1), "%lu", time(NULL) + NFSD_EXPIRY);
466 addfield(&bp, &bsiz, buf1);
468 snprintf(buf1, sizeof(buf1), "%u", im.im_id);
469 addfield(&bp, &bsiz, buf1);
471 //if (bsiz == sizeof(buf)) /* XXX */
478 p = im.im_type == IDMAP_TYPE_USER ? "user" : "group";
479 addfield(&bp, &bsiz, p);
481 snprintf(buf1, sizeof(buf1), "%u", im.im_id);
482 addfield(&bp, &bsiz, buf1);
484 snprintf(buf1, sizeof(buf1), "%lu", time(NULL) + NFSD_EXPIRY);
485 addfield(&bp, &bsiz, buf1);
487 addfield(&bp, &bsiz, im.im_name);
493 warnx("Unknown which type %d", ic->ic_which);
497 bsiz = sizeof(buf) - bsiz;
499 if (atomicio(write, ic->ic_fd, buf, bsiz) != bsiz && verbose > 0)
500 warn("write(%s)", ic->ic_path);
503 event_add(&ic->ic_event, NULL);
507 imconv(struct idmap_client *ic, struct idmap_msg *im)
509 switch (im->im_conv) {
510 case IDMAP_CONV_IDTONAME:
513 warnx("%s %s: (%s) id \"%d\" -> name \"%s\"",
514 ic->ic_id, ic->ic_clid,
515 im->im_type == IDMAP_TYPE_USER ? "user" : "group",
516 im->im_id, im->im_name);
518 case IDMAP_CONV_NAMETOID:
519 if (validateascii(im->im_name, sizeof(im->im_name)) == -1) {
520 im->im_status |= IDMAP_STATUS_INVALIDMSG;
525 warnx("%s %s: (%s) name \"%s\" -> id \"%d\"",
526 ic->ic_id, ic->ic_clid,
527 im->im_type == IDMAP_TYPE_USER ? "user" : "group",
528 im->im_name, im->im_id);
531 warnx("Invalid conversion type (%d) in message", im->im_conv);
532 im->im_status |= IDMAP_STATUS_INVALIDMSG;
538 nfscb(int fd, short which, void *data)
540 struct idmap_client *ic = data;
543 if (which != EV_READ)
546 if (atomicio(read, ic->ic_fd, &im, sizeof(im)) != sizeof(im)) {
548 warn("read(%s)", ic->ic_path);
556 if (atomicio(write, ic->ic_fd, &im, sizeof(im)) != sizeof(im))
557 warn("write(%s)", ic->ic_path);
559 event_add(&ic->ic_event, NULL);
565 return ((nfsdopenone(&nfsd_ic[0], IC_NAMEID, path) == 0 &&
566 nfsdopenone(&nfsd_ic[1], IC_IDNAME, path) == 0) ? 0 : -1);
570 nfsdopenone(struct idmap_client *ic, short which, char *path)
574 whichstr = which == IC_IDNAME ? "idtoname" : "nametoid";
575 snprintf(ic->ic_path, sizeof(ic->ic_path),
576 "%s/nfs4.%s/channel", path, whichstr);
577 if ((ic->ic_fd = open(ic->ic_path, O_RDWR, 0)) == -1) {
578 warn("%s", ic->ic_path);
582 event_set(&ic->ic_event, ic->ic_fd, EV_READ, nfsdcb, ic);
583 event_add(&ic->ic_event, NULL);
585 ic->ic_which = which;
586 ic->ic_id = "Server";
587 strlcpy(ic->ic_clid, domain, sizeof(ic->ic_clid));
590 warnx("Opened %s", ic->ic_path);
596 nfsopen(struct idmap_client *ic)
598 if ((ic->ic_fd = open(ic->ic_path, O_RDWR, 0)) == -1) {
601 fcntl(ic->ic_dirfd, F_SETSIG, SIGUSR2);
602 fcntl(ic->ic_dirfd, F_NOTIFY,
603 DN_CREATE | DN_DELETE | DN_MULTISHOT);
606 warn("open(%s)", ic->ic_path);
610 event_set(&ic->ic_event, ic->ic_fd, EV_READ, nfscb, ic);
611 event_add(&ic->ic_event, NULL);
612 fcntl(ic->ic_dirfd, F_SETSIG, 0);
613 fcntl(ic->ic_dirfd, F_NOTIFY, 0);
615 warnx("Opened %s", ic->ic_path);
621 static int write_name(char *dest, char *localname, char *domain, size_t len)
623 if (strlen(localname) + 1 + strlen(domain) + 1 > len) {
624 return -ENOMEM; /* XXX: Is there an -ETOOLONG? */
626 strcpy(dest, localname);
628 strcat(dest, domain);
633 idtonameres(struct idmap_msg *im)
637 switch (im->im_type) {
638 case IDMAP_TYPE_USER:
639 ret = nfs4_uid_to_name(im->im_id, domain, im->im_name,
640 sizeof(im->im_name));
642 write_name(im->im_name, nobodyuser, domain,
643 sizeof(im->im_name));
645 case IDMAP_TYPE_GROUP:
646 ret = nfs4_gid_to_name(im->im_id, domain, im->im_name,
647 sizeof(im->im_name));
649 write_name(im->im_name, nobodygroup, domain,
650 sizeof(im->im_name));
653 /* XXX Hack? would rather return failure instead of writing nobody
654 * as above, but kernel seems not to deal well with that as of
656 im->im_status = IDMAP_STATUS_SUCCESS;
660 nametoidres(struct idmap_msg *im)
664 switch (im->im_type) {
665 case IDMAP_TYPE_USER:
666 ret = nfs4_name_to_uid(im->im_name, &im->im_id);
668 im->im_id = nobodyuid;
670 case IDMAP_TYPE_GROUP:
671 ret = nfs4_name_to_gid(im->im_name, &im->im_id);
673 im->im_id = nobodygid;
676 /* XXX Hack? would rather return failure instead of writing nobody
677 * as above, but kernel seems not to deal well with that as of
679 im->im_status = IDMAP_STATUS_SUCCESS;
683 validateascii(char *string, u_int32_t len)
687 for (i = 0; i < len; i++) {
688 if (string[i] == '\0')
691 if (string[i] & 0x80)
695 if (string[i] != '\0')
702 addfield(char **bpp, ssize_t *bsizp, char *fld)
705 ssize_t bsiz = *bsizp;
707 while ((ch = *fld++) != '\0' && bsiz > 0) {
714 bp += snprintf(bp, bsiz, "\\%03o", ch);
725 if (bsiz < 1 || ch != '\0')
738 getfield(char **bpp, char *fld, size_t fldsz)
743 while ((bp = strsep(bpp, " ")) != NULL && bp[0] == '\0')
746 if (bp == NULL || bp[0] == '\0' || bp[0] == '\n')
749 while (*bp != '\0' && fldsz > 1) {
751 if ((n = sscanf(bp, "\\%03o", &val)) != 1)