If validateascii is passed a string containing only non-zero 7bit
[nfs-utils.git] / utils / idmapd / idmapd.c
1 /*
2  *  idmapd.c
3  *
4  *  Userland daemon for idmap.
5  *
6  *  Copyright (c) 2002 The Regents of the University of Michigan.
7  *  All rights reserved.
8  *
9  *  Marius Aamodt Eriksen <marius@umich.edu>
10  *
11  *  Redistribution and use in source and binary forms, with or without
12  *  modification, are permitted provided that the following conditions
13  *  are met:
14  *
15  *  1. Redistributions of source code must retain the above copyright
16  *     notice, this list of conditions and the following disclaimer.
17  *  2. Redistributions in binary form must reproduce the above copyright
18  *     notice, this list of conditions and the following disclaimer in the
19  *     documentation and/or other materials provided with the distribution.
20  *  3. Neither the name of the University nor the names of its
21  *     contributors may be used to endorse or promote products derived
22  *     from this software without specific prior written permission.
23  *
24  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
25  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
26  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27  *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28  *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
29  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
30  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
31  *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
32  *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
33  *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
34  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35  */
36
37 #include <sys/types.h>
38 #include <sys/time.h>
39 #include <sys/poll.h>
40 #include <sys/socket.h>
41 #include <sys/stat.h>
42 #include <time.h>
43
44 #include "nfs_idmap.h"
45
46 #include <err.h>
47 #include <errno.h>
48 #include <event.h>
49 #include <fcntl.h>
50 #include <dirent.h>
51 #include <unistd.h>
52 #include <netdb.h>
53 #include <signal.h>
54 #include <stdio.h>
55 #include <stdlib.h>
56 #include <string.h>
57 #include <stdarg.h>
58 #include <pwd.h>
59 #include <grp.h>
60 #include <limits.h>
61 #include <ctype.h>
62 #include <nfsidmap.h>
63
64 #ifdef HAVE_CONFIG_H
65 #include "config.h"
66 #endif /* HAVE_CONFIG_H */
67
68 #include "xlog.h"
69 #include "cfg.h"
70 #include "queue.h"
71 #include "nfslib.h"
72
73 #ifndef PIPEFS_DIR
74 #define PIPEFS_DIR  "/var/lib/nfs/rpc_pipefs/"
75 #endif
76
77 #ifndef NFSD_DIR
78 #define NFSD_DIR  "/proc/net/rpc"
79 #endif
80
81 #ifndef CLIENT_CACHE_TIMEOUT_FILE
82 #define CLIENT_CACHE_TIMEOUT_FILE "/proc/sys/fs/nfs/idmap_cache_timeout"
83 #endif
84
85 #ifndef NFS4NOBODY_USER
86 #define NFS4NOBODY_USER "nobody"
87 #endif
88
89 #ifndef NFS4NOBODY_GROUP
90 #define NFS4NOBODY_GROUP "nobody"
91 #endif
92
93 /* From Niels */
94 #define CONF_SAVE(w, f) do {                    \
95         char *p = f;                            \
96         if (p != NULL)                          \
97                 (w) = p;                        \
98 } while (0)
99
100 #define IC_IDNAME 0
101 #define IC_IDNAME_CHAN  NFSD_DIR "/nfs4.idtoname/channel"
102 #define IC_IDNAME_FLUSH NFSD_DIR "/nfs4.idtoname/flush"
103
104 #define IC_NAMEID 1
105 #define IC_NAMEID_CHAN  NFSD_DIR "/nfs4.nametoid/channel"
106 #define IC_NAMEID_FLUSH NFSD_DIR "/nfs4.nametoid/flush"
107
108 struct idmap_client {
109         short                      ic_which;
110         char                       ic_clid[30];
111         char                      *ic_id;
112         char                       ic_path[PATH_MAX];
113         int                        ic_fd;
114         int                        ic_dirfd;
115         int                        ic_scanned;
116         struct event               ic_event;
117         TAILQ_ENTRY(idmap_client)  ic_next;
118 };
119 static struct idmap_client nfsd_ic[2] = {
120 {IC_IDNAME, "Server", "", IC_IDNAME_CHAN, -1, -1, 0},
121 {IC_NAMEID, "Server", "", IC_NAMEID_CHAN, -1, -1, 0},
122 };
123
124 TAILQ_HEAD(idmap_clientq, idmap_client);
125
126 static void dirscancb(int, short, void *);
127 static void clntscancb(int, short, void *);
128 static void svrreopen(int, short, void *);
129 static int  nfsopen(struct idmap_client *);
130 static void nfscb(int, short, void *);
131 static void nfsdcb(int, short, void *);
132 static int  validateascii(char *, u_int32_t);
133 static int  addfield(char **, ssize_t *, char *);
134 static int  getfield(char **, char *, size_t);
135
136 static void imconv(struct idmap_client *, struct idmap_msg *);
137 static void idtonameres(struct idmap_msg *);
138 static void nametoidres(struct idmap_msg *);
139
140 static int nfsdopen(void);
141 static int nfsdopenone(struct idmap_client *);
142 static void nfsdreopen(void);
143
144 size_t  strlcat(char *, const char *, size_t);
145 size_t  strlcpy(char *, const char *, size_t);
146 ssize_t atomicio(ssize_t (*f) (int, void*, size_t),
147                  int, void *, size_t);
148 void    mydaemon(int, int);
149 void    release_parent(void);
150
151 static int verbose = 0;
152 #define DEFAULT_IDMAP_CACHE_EXPIRY 600 /* seconds */
153 static int cache_entry_expiration = 0;
154 static char pipefsdir[PATH_MAX];
155 static char *nobodyuser, *nobodygroup;
156 static uid_t nobodyuid;
157 static gid_t nobodygid;
158
159 /* Used by cfg.c */
160 char *conf_path;
161
162 static int
163 flush_nfsd_cache(char *path, time_t now)
164 {
165         int fd;
166         char stime[20];
167
168         sprintf(stime, "%ld\n", now);
169         fd = open(path, O_RDWR);
170         if (fd == -1)
171                 return -1;
172         write(fd, stime, strlen(stime));
173         close(fd);
174         return 0;
175 }
176
177 static int
178 flush_nfsd_idmap_cache(void)
179 {
180         time_t now = time(NULL);
181         int ret;
182
183         ret = flush_nfsd_cache(IC_IDNAME_FLUSH, now);
184         if (ret)
185                 return ret;
186         ret = flush_nfsd_cache(IC_NAMEID_FLUSH, now);
187         return ret;
188 }
189
190 int
191 main(int argc, char **argv)
192 {
193         int fd = 0, opt, fg = 0, nfsdret = -1;
194         struct idmap_clientq icq;
195         struct event rootdirev, clntdirev, svrdirev;
196         struct event initialize;
197         struct passwd *pw;
198         struct group *gr;
199         struct stat sb;
200         char *xpipefsdir = NULL;
201         int serverstart = 1, clientstart = 1;
202         int ret;
203         char *progname;
204
205         conf_path = _PATH_IDMAPDCONF;
206         nobodyuser = NFS4NOBODY_USER;
207         nobodygroup = NFS4NOBODY_GROUP;
208         strlcpy(pipefsdir, PIPEFS_DIR, sizeof(pipefsdir));
209
210         if ((progname = strrchr(argv[0], '/')))
211                 progname++;
212         else
213                 progname = argv[0];
214         xlog_open(progname);
215
216 #define GETOPTSTR "vfd:p:U:G:c:CS"
217         opterr=0; /* Turn off error messages */
218         while ((opt = getopt(argc, argv, GETOPTSTR)) != -1) {
219                 if (opt == 'c')
220                         conf_path = optarg;
221                 if (opt == '?') {
222                         if (strchr(GETOPTSTR, optopt))
223                                 errx(1, "'-%c' option requires an argument.", optopt);
224                         else
225                                 errx(1, "'-%c' is an invalid argument.", optopt);
226                 }
227         }
228         optind = 1;
229
230         if (stat(conf_path, &sb) == -1 && (errno == ENOENT || errno == EACCES)) {
231                 warn("Skipping configuration file \"%s\"", conf_path);
232                 conf_path = NULL;
233         } else {
234                 conf_init();
235                 verbose = conf_get_num("General", "Verbosity", 0);
236                 cache_entry_expiration = conf_get_num("General",
237                                 "Cache-Expiration", DEFAULT_IDMAP_CACHE_EXPIRY);
238                 CONF_SAVE(xpipefsdir, conf_get_str("General", "Pipefs-Directory"));
239                 if (xpipefsdir != NULL)
240                         strlcpy(pipefsdir, xpipefsdir, sizeof(pipefsdir));
241                 CONF_SAVE(nobodyuser, conf_get_str("Mapping", "Nobody-User"));
242                 CONF_SAVE(nobodygroup, conf_get_str("Mapping", "Nobody-Group"));
243         }
244
245         while ((opt = getopt(argc, argv, GETOPTSTR)) != -1)
246                 switch (opt) {
247                 case 'v':
248                         verbose++;
249                         break;
250                 case 'f':
251                         fg = 1;
252                         break;
253                 case 'p':
254                         strlcpy(pipefsdir, optarg, sizeof(pipefsdir));
255                         break;
256                 case 'd':
257                 case 'U':
258                 case 'G':
259                         errx(1, "the -d, -U, and -G options have been removed;"
260                                 " please use the configuration file instead.");
261                 case 'C':
262                         serverstart = 0;
263                         break;
264                 case 'S':
265                         clientstart = 0;
266                         break;
267                 default:
268                         break;
269                 }
270
271         if (!serverstart && !clientstart)
272                 errx(1, "it is illegal to specify both -C and -S");
273
274         strncat(pipefsdir, "/nfs", sizeof(pipefsdir));
275
276         if ((pw = getpwnam(nobodyuser)) == NULL)
277                 errx(1, "Could not find user \"%s\"", nobodyuser);
278         nobodyuid = pw->pw_uid;
279
280         if ((gr = getgrnam(nobodygroup)) == NULL)
281                 errx(1, "Could not find group \"%s\"", nobodygroup);
282         nobodygid = gr->gr_gid;
283
284 #ifdef HAVE_NFS4_SET_DEBUG
285         nfs4_set_debug(verbose, xlog_warn);
286 #endif
287         if (conf_path == NULL)
288                 conf_path = _PATH_IDMAPDCONF;
289         if (nfs4_init_name_mapping(conf_path))
290                 errx(1, "Unable to create name to user id mappings.");
291
292         if (!fg)
293                 mydaemon(0, 0);
294
295         event_init();
296
297         if (verbose > 0)
298                 xlog_warn("Expiration time is %d seconds.",
299                              cache_entry_expiration);
300         if (serverstart) {
301                 nfsdret = nfsdopen();
302                 if (nfsdret == 0) {
303                         ret = flush_nfsd_idmap_cache();
304                         if (ret)
305                                 xlog_err("main: Failed to flush nfsd idmap cache\n: %s", strerror(errno));
306                 }
307         }
308
309         if (clientstart) {
310                 struct timeval now = {
311                         .tv_sec = 0,
312                         .tv_usec = 0,
313                 };
314
315                 if (cache_entry_expiration != DEFAULT_IDMAP_CACHE_EXPIRY) {
316                         int timeout_fd, len;
317                         char timeout_buf[12];
318                         if ((timeout_fd = open(CLIENT_CACHE_TIMEOUT_FILE,
319                                                O_RDWR)) == -1) {
320                                 xlog_warn("Unable to open '%s' to set "
321                                              "client cache expiration time "
322                                              "to %d seconds\n",
323                                              CLIENT_CACHE_TIMEOUT_FILE,
324                                              cache_entry_expiration);
325                         } else {
326                                 len = snprintf(timeout_buf, sizeof(timeout_buf),
327                                                "%d", cache_entry_expiration);
328                                 if ((write(timeout_fd, timeout_buf, len)) != len)
329                                         xlog_warn("Error writing '%s' to "
330                                                      "'%s' to set client "
331                                                      "cache expiration time\n",
332                                                      timeout_buf,
333                                                      CLIENT_CACHE_TIMEOUT_FILE);
334                                 close(timeout_fd);
335                         }
336                 }
337
338                 if ((fd = open(pipefsdir, O_RDONLY)) == -1)
339                         xlog_err("main: open(%s): %s", pipefsdir, strerror(errno));
340
341                 if (fcntl(fd, F_SETSIG, SIGUSR1) == -1)
342                         xlog_err("main: fcntl(%s): %s", pipefsdir, strerror(errno));
343
344                 if (fcntl(fd, F_NOTIFY,
345                         DN_CREATE | DN_DELETE | DN_MODIFY | DN_MULTISHOT) == -1)
346                         xlog_err("main: fcntl(%s): %s", pipefsdir, strerror(errno));
347
348                 TAILQ_INIT(&icq);
349
350                 /* These events are persistent */
351                 signal_set(&rootdirev, SIGUSR1, dirscancb, &icq);
352                 signal_add(&rootdirev, NULL);
353                 signal_set(&clntdirev, SIGUSR2, clntscancb, &icq);
354                 signal_add(&clntdirev, NULL);
355                 signal_set(&svrdirev, SIGHUP, svrreopen, NULL);
356                 signal_add(&svrdirev, NULL);
357
358                 /* Fetch current state */
359                 /* (Delay till start of event_dispatch to avoid possibly losing
360                  * a SIGUSR1 between here and the call to event_dispatch().) */
361                 evtimer_set(&initialize, dirscancb, &icq);
362                 evtimer_add(&initialize, &now);
363         }
364
365         if (nfsdret != 0 && fd == 0)
366                 xlog_err("main: Neither NFS client nor NFSd found");
367
368         release_parent();
369
370         if (event_dispatch() < 0)
371                 xlog_err("main: event_dispatch returns errno %d (%s)",
372                             errno, strerror(errno));
373         /* NOTREACHED */
374         return 1;
375 }
376
377 static void
378 dirscancb(int fd, short which, void *data)
379 {
380         int nent, i;
381         struct dirent **ents;
382         struct idmap_client *ic, *nextic;
383         char path[PATH_MAX];
384         struct idmap_clientq *icq = data;
385
386         nent = scandir(pipefsdir, &ents, NULL, alphasort);
387         if (nent == -1) {
388                 xlog_warn("dirscancb: scandir(%s): %s", pipefsdir, strerror(errno));
389                 return;
390         }
391
392         for (i = 0;  i < nent; i++) {
393                 if (ents[i]->d_reclen > 4 &&
394                     strncmp(ents[i]->d_name, "clnt", 4) == 0) {
395                         TAILQ_FOREACH(ic, icq, ic_next)
396                             if (strcmp(ents[i]->d_name + 4, ic->ic_clid) == 0)
397                                     break;
398                         if (ic != NULL)
399                                 goto next;
400
401                         if ((ic = calloc(1, sizeof(*ic))) == NULL)
402                                 goto out;
403                         strlcpy(ic->ic_clid, ents[i]->d_name + 4,
404                             sizeof(ic->ic_clid));
405                         path[0] = '\0';
406                         snprintf(path, sizeof(path), "%s/%s",
407                             pipefsdir, ents[i]->d_name);
408
409                         if ((ic->ic_dirfd = open(path, O_RDONLY, 0)) == -1) {
410                                 xlog_warn("dirscancb: open(%s): %s", path, strerror(errno));
411                                 free(ic);
412                                 goto out;
413                         }
414
415                         strlcat(path, "/idmap", sizeof(path));
416                         strlcpy(ic->ic_path, path, sizeof(ic->ic_path));
417
418                         if (verbose > 0)
419                                 xlog_warn("New client: %s", ic->ic_clid);
420
421                         if (nfsopen(ic) == -1) {
422                                 close(ic->ic_dirfd);
423                                 free(ic);
424                                 goto out;
425                         }
426
427                         ic->ic_id = "Client";
428
429                         TAILQ_INSERT_TAIL(icq, ic, ic_next);
430
431                 next:
432                         ic->ic_scanned = 1;
433                 }
434         }
435
436         ic = TAILQ_FIRST(icq);
437         while(ic != NULL) {
438                 nextic=TAILQ_NEXT(ic, ic_next);
439                 if (!ic->ic_scanned) {
440                         event_del(&ic->ic_event);
441                         close(ic->ic_fd);
442                         close(ic->ic_dirfd);
443                         TAILQ_REMOVE(icq, ic, ic_next);
444                         if (verbose > 0) {
445                                 xlog_warn("Stale client: %s", ic->ic_clid);
446                                 xlog_warn("\t-> closed %s", ic->ic_path);
447                         }
448                         free(ic);
449                 } else
450                         ic->ic_scanned = 0;
451                 ic = nextic;
452         }
453
454 out:
455         for (i = 0;  i < nent; i++)
456                 free(ents[i]);
457         free(ents);
458         return;
459 }
460
461 static void
462 svrreopen(int fd, short which, void *data)
463 {
464         nfsdreopen();
465 }
466
467 static void
468 clntscancb(int fd, short which, void *data)
469 {
470         struct idmap_clientq *icq = data;
471         struct idmap_client *ic;
472
473         TAILQ_FOREACH(ic, icq, ic_next)
474                 if (ic->ic_fd == -1 && nfsopen(ic) == -1) {
475                         close(ic->ic_dirfd);
476                         TAILQ_REMOVE(icq, ic, ic_next);
477                         free(ic);
478                 }
479 }
480
481 static void
482 nfsdcb(int fd, short which, void *data)
483 {
484         struct idmap_client *ic = data;
485         struct idmap_msg im;
486         u_char buf[IDMAP_MAXMSGSZ + 1];
487         size_t len;
488         ssize_t bsiz;
489         char *bp, typebuf[IDMAP_MAXMSGSZ],
490                 buf1[IDMAP_MAXMSGSZ], authbuf[IDMAP_MAXMSGSZ], *p;
491         unsigned long tmp;
492
493         if (which != EV_READ)
494                 goto out;
495
496         if ((len = read(ic->ic_fd, buf, sizeof(buf))) <= 0) {
497                 xlog_warn("nfsdcb: read(%s) failed: errno %d (%s)",
498                              ic->ic_path, len?errno:0, 
499                              len?strerror(errno):"End of File");
500                 goto out;
501         }
502
503         /* Get rid of newline and terminate buffer*/
504         buf[len - 1] = '\0';
505         bp = (char *)buf;
506
507         memset(&im, 0, sizeof(im));
508
509         /* Authentication name -- ignored for now*/
510         if (getfield(&bp, authbuf, sizeof(authbuf)) == -1) {
511                 xlog_warn("nfsdcb: bad authentication name in upcall\n");
512                 return;
513         }
514         if (getfield(&bp, typebuf, sizeof(typebuf)) == -1) {
515                 xlog_warn("nfsdcb: bad type in upcall\n");
516                 return;
517         }
518         if (verbose > 0)
519                 xlog_warn("nfsdcb: authbuf=%s authtype=%s",
520                              authbuf, typebuf);
521
522         im.im_type = strcmp(typebuf, "user") == 0 ?
523                 IDMAP_TYPE_USER : IDMAP_TYPE_GROUP;
524
525         switch (ic->ic_which) {
526         case IC_NAMEID:
527                 im.im_conv = IDMAP_CONV_NAMETOID;
528                 if (getfield(&bp, im.im_name, sizeof(im.im_name)) == -1) {
529                         xlog_warn("nfsdcb: bad name in upcall\n");
530                         return;
531                 }
532                 break;
533         case IC_IDNAME:
534                 im.im_conv = IDMAP_CONV_IDTONAME;
535                 if (getfield(&bp, buf1, sizeof(buf1)) == -1) {
536                         xlog_warn("nfsdcb: bad id in upcall\n");
537                         return;
538                 }
539                 tmp = strtoul(buf1, (char **)NULL, 10);
540                 im.im_id = (u_int32_t)tmp;
541                 if ((tmp == ULONG_MAX && errno == ERANGE)
542                                 || (unsigned long)im.im_id != tmp) {
543                         xlog_warn("nfsdcb: id '%s' too big!\n", buf1);
544                         return;
545                 }
546                 break;
547         default:
548                 xlog_warn("nfsdcb: Unknown which type %d", ic->ic_which);
549                 return;
550         }
551
552         imconv(ic, &im);
553
554         buf[0] = '\0';
555         bp = (char *)buf;
556         bsiz = sizeof(buf);
557
558         /* Authentication name */
559         addfield(&bp, &bsiz, authbuf);
560
561         switch (ic->ic_which) {
562         case IC_NAMEID:
563                 /* Type */
564                 p = im.im_type == IDMAP_TYPE_USER ? "user" : "group";
565                 addfield(&bp, &bsiz, p);
566                 /* Name */
567                 addfield(&bp, &bsiz, im.im_name);
568                 /* expiry */
569                 snprintf(buf1, sizeof(buf1), "%lu",
570                          time(NULL) + cache_entry_expiration);
571                 addfield(&bp, &bsiz, buf1);
572                 /* Note that we don't want to write the id if the mapping
573                  * failed; instead, by leaving it off, we write a negative
574                  * cache entry which will result in an error returned to
575                  * the client.  We don't want a chown or setacl referring
576                  * to an unknown user to result in giving permissions to
577                  * "nobody"! */
578                 if (im.im_status == IDMAP_STATUS_SUCCESS) {
579                         /* ID */
580                         snprintf(buf1, sizeof(buf1), "%u", im.im_id);
581                         addfield(&bp, &bsiz, buf1);
582
583                 }
584                 //if (bsiz == sizeof(buf)) /* XXX */
585
586                 bp[-1] = '\n';
587
588                 break;
589         case IC_IDNAME:
590                 /* Type */
591                 p = im.im_type == IDMAP_TYPE_USER ? "user" : "group";
592                 addfield(&bp, &bsiz, p);
593                 /* ID */
594                 snprintf(buf1, sizeof(buf1), "%u", im.im_id);
595                 addfield(&bp, &bsiz, buf1);
596                 /* expiry */
597                 snprintf(buf1, sizeof(buf1), "%lu",
598                          time(NULL) + cache_entry_expiration);
599                 addfield(&bp, &bsiz, buf1);
600                 /* Note we're ignoring the status field in this case; we'll
601                  * just map to nobody instead. */
602                 /* Name */
603                 addfield(&bp, &bsiz, im.im_name);
604
605                 bp[-1] = '\n';
606
607                 break;
608         default:
609                 xlog_warn("nfsdcb: Unknown which type %d", ic->ic_which);
610                 return;
611         }
612
613         bsiz = sizeof(buf) - bsiz;
614
615         if (atomicio((void*)write, ic->ic_fd, buf, bsiz) != bsiz)
616                 xlog_warn("nfsdcb: write(%s) failed: errno %d (%s)",
617                              ic->ic_path, errno, strerror(errno));
618
619 out:
620         event_add(&ic->ic_event, NULL);
621 }
622
623 static void
624 imconv(struct idmap_client *ic, struct idmap_msg *im)
625 {
626         switch (im->im_conv) {
627         case IDMAP_CONV_IDTONAME:
628                 idtonameres(im);
629                 if (verbose > 1)
630                         xlog_warn("%s %s: (%s) id \"%d\" -> name \"%s\"",
631                             ic->ic_id, ic->ic_clid,
632                             im->im_type == IDMAP_TYPE_USER ? "user" : "group",
633                             im->im_id, im->im_name);
634                 break;
635         case IDMAP_CONV_NAMETOID:
636                 if (validateascii(im->im_name, sizeof(im->im_name)) == -1) {
637                         im->im_status |= IDMAP_STATUS_INVALIDMSG;
638                         return;
639                 }
640                 nametoidres(im);
641                 if (verbose > 1)
642                         xlog_warn("%s %s: (%s) name \"%s\" -> id \"%d\"",
643                             ic->ic_id, ic->ic_clid,
644                             im->im_type == IDMAP_TYPE_USER ? "user" : "group",
645                             im->im_name, im->im_id);
646                 break;
647         default:
648                 xlog_warn("imconv: Invalid conversion type (%d) in message",
649                              im->im_conv);
650                 im->im_status |= IDMAP_STATUS_INVALIDMSG;
651                 break;
652         }
653 }
654
655 static void
656 nfscb(int fd, short which, void *data)
657 {
658         struct idmap_client *ic = data;
659         struct idmap_msg im;
660
661         if (which != EV_READ)
662                 goto out;
663
664         if (atomicio(read, ic->ic_fd, &im, sizeof(im)) != sizeof(im)) {
665                 if (verbose > 0)
666                         xlog_warn("nfscb: read(%s): %s", ic->ic_path, strerror(errno));
667                 if (errno == EPIPE)
668                         return;
669                 goto out;
670         }
671
672         imconv(ic, &im);
673
674         /* XXX: I don't like ignoring this error in the id->name case,
675          * but we've never returned it, and I need to check that the client
676          * can handle it gracefully before starting to return it now. */
677
678         if (im.im_status == IDMAP_STATUS_LOOKUPFAIL)
679                 im.im_status = IDMAP_STATUS_SUCCESS;
680
681         if (atomicio((void*)write, ic->ic_fd, &im, sizeof(im)) != sizeof(im))
682                 xlog_warn("nfscb: write(%s): %s", ic->ic_path, strerror(errno));
683 out:
684         event_add(&ic->ic_event, NULL);
685 }
686
687 static void
688 nfsdreopen_one(struct idmap_client *ic)
689 {
690         int fd;
691
692         if (verbose > 0)
693                 xlog_warn("ReOpening %s", ic->ic_path);
694
695         if ((fd = open(ic->ic_path, O_RDWR, 0)) != -1) {
696                 if ((ic->ic_event.ev_flags & EVLIST_INIT))
697                         event_del(&ic->ic_event);
698                 if (ic->ic_fd != -1)
699                         close(ic->ic_fd);
700
701                 ic->ic_event.ev_fd = ic->ic_fd = fd;
702                 event_set(&ic->ic_event, ic->ic_fd, EV_READ, nfsdcb, ic);
703                 event_add(&ic->ic_event, NULL);
704         } else {
705                 xlog_warn("nfsdreopen: Opening '%s' failed: errno %d (%s)",
706                         ic->ic_path, errno, strerror(errno));
707         }
708 }
709
710 static void
711 nfsdreopen()
712 {
713         nfsdreopen_one(&nfsd_ic[IC_NAMEID]);
714         nfsdreopen_one(&nfsd_ic[IC_IDNAME]);
715         return;
716 }
717
718 static int
719 nfsdopen(void)
720 {
721         return ((nfsdopenone(&nfsd_ic[IC_NAMEID]) == 0 &&
722                     nfsdopenone(&nfsd_ic[IC_IDNAME]) == 0) ? 0 : -1);
723 }
724
725 static int
726 nfsdopenone(struct idmap_client *ic)
727 {
728         if ((ic->ic_fd = open(ic->ic_path, O_RDWR, 0)) == -1) {
729                 if (verbose > 0)
730                         xlog_warn("nfsdopenone: Opening %s failed: "
731                                 "errno %d (%s)",
732                                 ic->ic_path, errno, strerror(errno));
733                 return (-1);
734         }
735
736         event_set(&ic->ic_event, ic->ic_fd, EV_READ, nfsdcb, ic);
737         event_add(&ic->ic_event, NULL);
738
739         if (verbose > 0)
740                 xlog_warn("Opened %s", ic->ic_path);
741
742         return (0);
743 }
744
745 static int
746 nfsopen(struct idmap_client *ic)
747 {
748         if ((ic->ic_fd = open(ic->ic_path, O_RDWR, 0)) == -1) {
749                 switch (errno) {
750                 case ENOENT:
751                         fcntl(ic->ic_dirfd, F_SETSIG, SIGUSR2);
752                         fcntl(ic->ic_dirfd, F_NOTIFY,
753                             DN_CREATE | DN_DELETE | DN_MULTISHOT);
754                         break;
755                 default:
756                         xlog_warn("nfsopen: open(%s): %s", ic->ic_path, strerror(errno));
757                         return (-1);
758                 }
759         } else {
760                 event_set(&ic->ic_event, ic->ic_fd, EV_READ, nfscb, ic);
761                 event_add(&ic->ic_event, NULL);
762                 fcntl(ic->ic_dirfd, F_SETSIG, 0);
763                 fcntl(ic->ic_dirfd, F_NOTIFY, 0);
764                 if (verbose > 0)
765                         xlog_warn("Opened %s", ic->ic_path);
766         }
767
768         return (0);
769 }
770
771 static void
772 idtonameres(struct idmap_msg *im)
773 {
774         char domain[NFS4_MAX_DOMAIN_LEN];
775         int ret = 0;
776
777         ret = nfs4_get_default_domain(NULL, domain, sizeof(domain));
778         switch (im->im_type) {
779         case IDMAP_TYPE_USER:
780                 ret = nfs4_uid_to_name(im->im_id, domain, im->im_name,
781                                 sizeof(im->im_name));
782                 if (ret) {
783                         if (strlen(nobodyuser) < sizeof(im->im_name))
784                                 strcpy(im->im_name, nobodyuser);
785                         else
786                                 strcpy(im->im_name, NFS4NOBODY_USER);
787                 }
788                 break;
789         case IDMAP_TYPE_GROUP:
790                 ret = nfs4_gid_to_name(im->im_id, domain, im->im_name,
791                                 sizeof(im->im_name));
792                 if (ret) {
793                         if (strlen(nobodygroup) < sizeof(im->im_name))
794                                 strcpy(im->im_name, nobodygroup);
795                         else
796                                 strcpy(im->im_name, NFS4NOBODY_GROUP);
797                 }
798                 break;
799         }
800         if (ret)
801                 im->im_status = IDMAP_STATUS_LOOKUPFAIL;
802         else
803                 im->im_status = IDMAP_STATUS_SUCCESS;
804 }
805
806 static void
807 nametoidres(struct idmap_msg *im)
808 {
809         uid_t uid;
810         gid_t gid;
811         int ret = 0;
812
813         /* XXX: move nobody stuff to library calls
814          * (nfs4_get_nobody_user(domain), nfs4_get_nobody_group(domain)) */
815
816         im->im_status = IDMAP_STATUS_SUCCESS;
817
818         switch (im->im_type) {
819         case IDMAP_TYPE_USER:
820                 ret = nfs4_name_to_uid(im->im_name, &uid);
821                 im->im_id = (u_int32_t) uid;
822                 if (ret) {
823                         im->im_status = IDMAP_STATUS_LOOKUPFAIL;
824                         im->im_id = nobodyuid;
825                 }
826                 return;
827         case IDMAP_TYPE_GROUP:
828                 ret = nfs4_name_to_gid(im->im_name, &gid);
829                 im->im_id = (u_int32_t) gid;
830                 if (ret) {
831                         im->im_status = IDMAP_STATUS_LOOKUPFAIL;
832                         im->im_id = nobodygid;
833                 }
834                 return;
835         }
836 }
837
838 static int
839 validateascii(char *string, u_int32_t len)
840 {
841         int i;
842
843         for (i = 0; i < len; i++) {
844                 if (string[i] == '\0')
845                         break;
846
847                 if (string[i] & 0x80)
848                         return (-1);
849         }
850
851         if ((i >= len) || string[i] != '\0')
852                 return (-1);
853
854         return (i + 1);
855 }
856
857 static int
858 addfield(char **bpp, ssize_t *bsizp, char *fld)
859 {
860         char ch, *bp = *bpp;
861         ssize_t bsiz = *bsizp;
862
863         while ((ch = *fld++) != '\0' && bsiz > 0) {
864                 switch(ch) {
865                 case ' ':
866                 case '\t':
867                 case '\n':
868                 case '\\':
869                         if (bsiz >= 4) {
870                                 bp += snprintf(bp, bsiz, "\\%03o", ch);
871                                 bsiz -= 4;
872                         }
873                         break;
874                 default:
875                         *bp++ = ch;
876                         bsiz--;
877                         break;
878                 }
879         }
880
881         if (bsiz < 1 || ch != '\0')
882                 return (-1);
883
884         *bp++ = ' ';
885         bsiz--;
886
887         *bpp = bp;
888         *bsizp = bsiz;
889
890         return (0);
891 }
892
893 static int
894 getfield(char **bpp, char *fld, size_t fldsz)
895 {
896         char *bp;
897         u_int val, n;
898
899         while ((bp = strsep(bpp, " ")) != NULL && bp[0] == '\0')
900                 ;
901
902         if (bp == NULL || bp[0] == '\0' || bp[0] == '\n')
903                 return (-1);
904
905         while (*bp != '\0' && fldsz > 1) {
906                 if (*bp == '\\') {
907                         if ((n = sscanf(bp, "\\%03o", &val)) != 1)
908                                 return (-1);
909                         if (val > (char)-1)
910                                 return (-1);
911                         *fld++ = (char)val;
912                         bp += 4;
913                 } else {
914                         *fld++ = *bp;
915                         bp++;
916                 }
917                 fldsz--;
918         }
919
920         if (*bp != '\0')
921                 return (-1);
922         *fld = '\0';
923
924         return (0);
925 }
926 /*
927  * mydaemon creates a pipe between the partent and child
928  * process. The parent process will wait until the
929  * child dies or writes a '1' on the pipe signaling
930  * that it started successfully.
931  */
932 int pipefds[2] = { -1, -1};
933
934 void
935 mydaemon(int nochdir, int noclose)
936 {
937         int pid, status, tempfd;
938
939         if (pipe(pipefds) < 0)
940                 err(1, "mydaemon: pipe() failed: errno %d", errno);
941
942         if ((pid = fork ()) < 0)
943                 err(1, "mydaemon: fork() failed: errno %d", errno);
944
945         if (pid != 0) {
946                 /*
947                  * Parent. Wait for status from child.
948                  */
949                 close(pipefds[1]);
950                 if (read(pipefds[0], &status, 1) != 1)
951                         exit(1);
952                 exit (0);
953         }
954         /* Child.       */
955         close(pipefds[0]);
956         setsid ();
957         if (nochdir == 0) {
958                 if (chdir ("/") == -1)
959                         err(1, "mydaemon: chdir() failed: errno %d", errno);
960         }
961
962         while (pipefds[1] <= 2) {
963                 pipefds[1] = dup(pipefds[1]);
964                 if (pipefds[1] < 0)
965                         err(1, "mydaemon: dup() failed: errno %d", errno);
966         }
967
968         if (noclose == 0) {
969                 tempfd = open("/dev/null", O_RDWR);
970                 if (tempfd < 0)
971                         tempfd = open("/", O_RDONLY);
972                 if (tempfd >= 0) {
973                         dup2(tempfd, 0);
974                         dup2(tempfd, 1);
975                         dup2(tempfd, 2);
976                         closeall(3);
977                 } else
978                         closeall(0);
979         }
980
981         return;
982 }
983 void
984 release_parent(void)
985 {
986         int status;
987
988         if (pipefds[1] > 0) {
989                 write(pipefds[1], &status, 1);
990                 close(pipefds[1]);
991                 pipefds[1] = -1;
992         }
993 }