b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * This file and its contents are supplied under the terms of the
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Common Development and Distribution License ("CDDL"), version 1.0.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * You may only use this file in accordance with the terms of version
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * 1.0 of the CDDL.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * A full copy of the text of the CDDL should have accompanied this
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * source. A copy of the CDDL is also available via the Internet at
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * http://www.illumos.org/license/CDDL.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Copyright 2013 Nexenta Systems, Inc. All rights reserved.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * fork/exec a privileged helper to do the bind.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <stdio.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <string.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <unistd.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <errno.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <sys/types.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <sys/wait.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <sys/socket.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <sys/note.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <netinet/in.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <arpa/inet.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rossint
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rossksocket_bind_helper(int fd, struct sockaddr *addr, uint_t addrlen)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross{
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross char familystr[8];
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross char portstr[12];
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross char addrstr[INET6_ADDRSTRLEN];
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross char *argv[6];
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross const char *p;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross /* LINTED E_BAD_PTR_CAST_ALIGN */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross struct sockaddr_in *sin = (struct sockaddr_in *)addr;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross /* LINTED E_BAD_PTR_CAST_ALIGN */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)addr;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross int pid, err, stat;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross _NOTE(ARGUNUSED(addrlen));
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross (void) snprintf(familystr, sizeof (familystr), "%d", addr->sa_family);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross switch (addr->sa_family) {
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross case AF_INET:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross (void) snprintf(portstr, sizeof (portstr), "%d",
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross ntohs(sin->sin_port));
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross p = inet_ntop(AF_INET, &sin->sin_addr,
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross addrstr, sizeof (addrstr));
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross break;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross case AF_INET6:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross (void) snprintf(portstr, sizeof (portstr), "%d",
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross ntohs(sin6->sin6_port));
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross p = inet_ntop(AF_INET6, &sin6->sin6_addr,
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross addrstr, sizeof (addrstr));
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross break;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross default:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross p = NULL;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross break;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross }
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross if (p == NULL) {
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross err = errno;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross (void) fprintf(stdout, "ksocket_bind_helper, inet_ntop %s\n",
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross strerror(err));
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross return (err);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross }
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross (void) fprintf(stdout, "ksocket_bind_helper, "
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross "family=%s addr=%s port=%s\n",
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross familystr, addrstr, portstr);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross argv[0] = "/usr/bin/pfexec";
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross argv[1] = "/usr/lib/smbsrv/bind-helper";
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross argv[2] = familystr;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross argv[3] = addrstr;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross argv[4] = portstr;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross argv[5] = NULL;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross pid = vfork();
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross if (pid == -1) {
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross err = errno;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross perror("fork");
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross return (err);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross }
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross if (pid == 0) {
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross (void) dup2(fd, 0);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross (void) execv(argv[0], argv);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross err = errno;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross perror("execv");
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross return (err);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross }
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross err = waitpid(pid, &stat, 0);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross if (err == -1) {
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross err = errno;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross perror("waitpid");
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross return (err);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross }
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross if (WIFEXITED(stat)) {
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross err = WEXITSTATUS(stat);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross if (err == 0)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross return (0);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross (void) fprintf(stderr, "helper exit %d\n", err);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross }
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross return (EACCES);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross}