usr.lib/ilbd/ilbd_support.c

	ilbd_support.c revision dbed73cbda2229fd1aa6dc5743993cae7f0a7ee9
/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#include <stdio.h>
#include <stdlib.h>
#include <strings.h>
#include <unistd.h>
#include <stropts.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stropts.h>
#include <sys/sockio.h>
#include <errno.h>
#include <sys/list.h>
#include <auth_attr.h>
#include <auth_list.h>
#include <secdb.h>
#include <libilb.h>
#include "libilb_impl.h"
#include "ilbd.h"

/*
 * logs error messages, either to stderr or syslog, depending on
 * the -d option
 */
static boolean_t    ilbd_debugging = B_FALSE;

/* Socket to issue ioctl() to the kernel */
static  int ksock = -1;

void
ilbd_enable_debug(void)
{
    ilbd_debugging = B_TRUE;
}

boolean_t
is_debugging_on(void)
{
    return (ilbd_debugging);
}

/*
 * All routines log to syslog, unless the daemon is running in
 * the foreground, in which case the logging goes to stderr.
 * The following logging functions are available:
 *
 *
 *      logdebug(): A printf-like function for outputting debug messages
 *      (messages at LOG_DEBUG) that are only of use to developers.
 *
 *      logerr(): A printf-like function for outputting error messages
 *      (messages at LOG_ERR) from the daemon.
 *
 *      logperror*(): A set of functions used to output error messages
 *      (messages at LOG_ERR); these automatically append strerror(errno)
 *      and a newline to the message passed to them.
 *
 * NOTE: since the logging functions write to syslog, the messages passed
 *      to them are not eligible for localization.  Thus, gettext() must
 *      *not* be used.
 *
 */
/* PRINTFLIKE2 */
void
ilbd_log(int pri, const char *fmt, ...)
{
    va_list ap;
    va_start(ap, fmt);

    if (ilbd_debugging == B_TRUE) {
        (void) vfprintf(stderr, fmt, ap);
        (void) fprintf(stderr, "\n");
    } else {
        vsyslog(pri, fmt, ap);
    }
    va_end(ap);

}

/* PRINTFLIKE1 */
void
logperror(const char *str)
{
    if (ilbd_debugging == B_TRUE)
        (void) fprintf(stderr, "%s: %s\n", str, strerror(errno));
    else
        syslog(LOG_ERR, "%s: %m", str);
}


ilb_status_t
ilbd_check_client_config_auth(const struct passwd *pwd)
{
    if (chkauthattr(NET_ILB_CONFIG_AUTH, pwd->pw_name) == 0) {
        logdebug("user %s is not authorized for"
            " configuration operation", pwd->pw_name);
        return (ILB_STATUS_CFGAUTH);
    }
    return (ILB_STATUS_OK);

}

ilb_status_t
ilbd_check_client_enable_auth(const struct passwd *pwd)
{
    if (chkauthattr(NET_ILB_ENABLE_AUTH, pwd->pw_name) == 0) {
        logdebug("user %s is not authorized for"
            " enable/disable operation", pwd->pw_name);
        return (ILB_STATUS_CFGAUTH);
    }
    return (ILB_STATUS_OK);

}

/*
 * input param. "err" should be one of the errnos defined in
 * /usr/include/sys/errno.h
 * this list is NOT complete.
 */
ilb_status_t
ilb_map_errno2ilbstat(int err)
{
    ilb_status_t    rc = ILB_STATUS_INTERNAL;

    switch (err) {
    case 0:
        rc = ILB_STATUS_OK; /* for completeness' sake */
        break;
    case EINVAL:
        rc = ILB_STATUS_EINVAL;
        break;
    case ENOENT:
        rc = ILB_STATUS_ENOENT;
        break;
    case ENOMEM:
        rc = ILB_STATUS_ENOMEM;
        break;
    case EINPROGRESS:
        rc = ILB_STATUS_INPROGRESS;
        break;
    case EEXIST:
        rc = ILB_STATUS_EEXIST;
        break;
    }
    return (rc);
}

static int
i_get_kcmd_sz(void *cmdp)
{
    int     sz;

    switch (((ilb_rule_cmd_t *)cmdp)->cmd) {
    case ILB_DESTROY_RULE:
    case ILB_ENABLE_RULE:
    case ILB_DISABLE_RULE:
        sz = sizeof (ilb_name_cmd_t);
        break;
    case ILB_CREATE_RULE:
    case ILB_LIST_RULE:
        sz = sizeof (ilb_rule_cmd_t);
        break;
    case ILB_NUM_RULES:
        sz = sizeof (ilb_num_rules_cmd_t);
        break;
    case ILB_NUM_SERVERS:
        sz = sizeof (ilb_num_servers_cmd_t);
        break;
    case ILB_ADD_SERVERS: {
        ilb_servers_info_cmd_t *kcmd = (ilb_servers_info_cmd_t *)cmdp;

        sz = sizeof (*kcmd) + ((kcmd->num_servers - 1) *
            sizeof (kcmd->servers));
        break;
    }
    case ILB_RULE_NAMES: {
        ilb_rule_names_cmd_t *kcmd = (ilb_rule_names_cmd_t *)cmdp;

        sz = sizeof (*kcmd) +
            ((kcmd->num_names - 1) * sizeof (kcmd->buf));
        break;
    }
    case ILB_DEL_SERVERS:
    case ILB_ENABLE_SERVERS:
    case ILB_DISABLE_SERVERS: {
        ilb_servers_cmd_t *kcmd = (ilb_servers_cmd_t *)cmdp;

        sz = sizeof (*kcmd) +
            ((kcmd->num_servers - 1) * sizeof (kcmd->servers));
        break;
    }
    default: sz = -1;
        break;
    }
    return (sz);
}

/*
 * parameter 'sz' is optional (indicated by == 0); if it's not set
 * we try to derive it from cmdp->cmd
 */
ilb_status_t
do_ioctl(void *cmdp, ssize_t sz)
{
    struct strioctl ioc;
    int     i_rc;

    if (ksock == -1) {
        ksock = socket(AF_INET, SOCK_DGRAM, 0);
        if (ksock == -1) {
            logperror("do_ioctl: AF_INET socket call"
                "  failed");
            return (ILB_STATUS_INTERNAL);
        }
    }

    (void) memset(&ioc, 0, sizeof (ioc));
    ioc.ic_cmd = SIOCILB;
    ioc.ic_timout = 0;
    ioc.ic_dp = cmdp;

    if (sz == 0) {
        sz = i_get_kcmd_sz(cmdp);

        if (sz == -1) {
            logdebug("do_ioctl: unknown command");
            return (ILB_STATUS_INVAL_CMD);
        }
    }

    ioc.ic_len = sz;

    i_rc = ioctl(ksock, I_STR, (caddr_t)&ioc);
    if (i_rc == -1) {
        logdebug("do_ioctl: SIOCILB ioctl (%d) failed: %s",
            *(ilb_cmd_t *)cmdp, strerror(errno));
        return (ilb_map_errno2ilbstat(errno));
    }

    return (ILB_STATUS_OK);
}

/*
 * Create an OK reply to a client request.  It is assumed that the passed
 * in buffer is large enough to hold the reply.
 */
void
ilbd_reply_ok(uint32_t *rbuf, size_t *rbufsz)
{
    ilb_comm_t *ic = (ilb_comm_t *)rbuf;

    ic->ic_cmd = ILBD_CMD_OK;
    /* Default is one exchange of request/response. */
    ic->ic_flags = ILB_COMM_END;
    *rbufsz = sizeof (ilb_comm_t);
}

/*
 * Create an error reply to a client request.  It is assumed that the passed
 * in buffer is large enough to hold the reply.
 */
void
ilbd_reply_err(uint32_t *rbuf, size_t *rbufsz, ilb_status_t status)
{
    ilb_comm_t *ic = (ilb_comm_t *)rbuf;

    ic->ic_cmd = ILBD_CMD_ERROR;
    /* Default is one exchange of request/response. */
    ic->ic_flags = ILB_COMM_END;
    *(ilb_status_t *)&ic->ic_data = status;
    *rbufsz = sizeof (ilb_comm_t) + sizeof (ilb_status_t);
}