vs_main.c revision 911106dfb16696472af8c1b7b4c554a829354fa8
911106dfb16696472af8c1b7b4c554a829354fa8jm * CDDL HEADER START
911106dfb16696472af8c1b7b4c554a829354fa8jm * The contents of this file are subject to the terms of the
911106dfb16696472af8c1b7b4c554a829354fa8jm * Common Development and Distribution License (the "License").
911106dfb16696472af8c1b7b4c554a829354fa8jm * You may not use this file except in compliance with the License.
911106dfb16696472af8c1b7b4c554a829354fa8jm * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
911106dfb16696472af8c1b7b4c554a829354fa8jm * See the License for the specific language governing permissions
911106dfb16696472af8c1b7b4c554a829354fa8jm * and limitations under the License.
911106dfb16696472af8c1b7b4c554a829354fa8jm * When distributing Covered Code, include this CDDL HEADER in each
911106dfb16696472af8c1b7b4c554a829354fa8jm * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
911106dfb16696472af8c1b7b4c554a829354fa8jm * If applicable, add the following below this CDDL HEADER, with the
911106dfb16696472af8c1b7b4c554a829354fa8jm * fields enclosed by brackets "[]" replaced with your own identifying
911106dfb16696472af8c1b7b4c554a829354fa8jm * information: Portions Copyright [yyyy] [name of copyright owner]
911106dfb16696472af8c1b7b4c554a829354fa8jm * CDDL HEADER END
911106dfb16696472af8c1b7b4c554a829354fa8jm * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
911106dfb16696472af8c1b7b4c554a829354fa8jm * Use is subject to license terms.
911106dfb16696472af8c1b7b4c554a829354fa8jm#pragma ident "%Z%%M% %I% %E% SMI"
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand Daemon Program
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic int vscand_sigval = 0;
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic pthread_mutex_t vscand_cfg_mutex = PTHREAD_MUTEX_INITIALIZER;
911106dfb16696472af8c1b7b4c554a829354fa8jm/* virus log path */
911106dfb16696472af8c1b7b4c554a829354fa8jm/* user and group ids - default to 0 */
911106dfb16696472af8c1b7b4c554a829354fa8jm/* local function prototypes */
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void vscand_sig_handler(int);
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic int vscand_parse_args(int, char **);
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void vscand_get_uid_gid();
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic int vscand_init_file(char *, uid_t, gid_t, mode_t);
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void vscand_usage(char *);
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic int vscand_daemonize_init(void);
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void vscand_daemonize_fini(int, int);
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic int vscand_init(void);
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void vscand_fini(void);
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic int vscand_configure(void);
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic int vscand_kernel_bind(void);
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void vscand_kernel_unbind(void);
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic int vscand_kernel_enable(int);
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void vscand_kernel_disable(void);
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void vscand_error(const char *);
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic int vscand_get_viruslog(void);
911106dfb16696472af8c1b7b4c554a829354fa8jm * Enable libumem debugging by default on DEBUG builds.
911106dfb16696472af8c1b7b4c554a829354fa8jmconst char *
911106dfb16696472af8c1b7b4c554a829354fa8jmconst char *
911106dfb16696472af8c1b7b4c554a829354fa8jm * vs_sig_handler
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void
911106dfb16696472af8c1b7b4c554a829354fa8jm * main must return SMF return code (see smf_method (5)) if vscand
911106dfb16696472af8c1b7b4c554a829354fa8jm * is invoked directly by smf (see manifest: vscan.xml)
911106dfb16696472af8c1b7b4c554a829354fa8jm * Exit codes: SMF_EXIT_ERR_CONFIG - error
911106dfb16696472af8c1b7b4c554a829354fa8jm * SMF_EXIT_ERR_FATAL - fatal error
911106dfb16696472af8c1b7b4c554a829354fa8jm * SMF_EXIT_OK - success
911106dfb16696472af8c1b7b4c554a829354fa8jm mode_t door_mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
911106dfb16696472af8c1b7b4c554a829354fa8jm /* check if running in global zone; other zones not supported */
911106dfb16696472af8c1b7b4c554a829354fa8jm /* check for a Trusted Solaris environment; not supported */
911106dfb16696472af8c1b7b4c554a829354fa8jm vscand_error(gettext("Trusted Extensions not supported"));
911106dfb16696472af8c1b7b4c554a829354fa8jm /* Parse arguments */
911106dfb16696472af8c1b7b4c554a829354fa8jm * Initializetion of virus log and statistic door file
911106dfb16696472af8c1b7b4c554a829354fa8jm * MUST be done BEFORE vscand_daemonize_init resets uid/gid.
911106dfb16696472af8c1b7b4c554a829354fa8jm * Only root can create the files in /var/log and /var/run.
911106dfb16696472af8c1b7b4c554a829354fa8jm if ((vscand_get_viruslog() != 0) ||
911106dfb16696472af8c1b7b4c554a829354fa8jm (vscand_init_file(vscand_vlog, root_uid, sys_gid, log_mode) != 0)) {
911106dfb16696472af8c1b7b4c554a829354fa8jm * Once we're done setting our global state up, set up signal handlers
911106dfb16696472af8c1b7b4c554a829354fa8jm * for ensuring orderly termination on SIGTERM. If we are starting in
911106dfb16696472af8c1b7b4c554a829354fa8jm * the foreground, we also use the same handler for SIGINT and SIGHUP.
911106dfb16696472af8c1b7b4c554a829354fa8jm (void) sigdelset(&set, SIGABRT); /* always unblocked for ASSERT() */
911106dfb16696472af8c1b7b4c554a829354fa8jm (void) sigaction(SIGHUP, &act, NULL); /* Refresh config */
911106dfb16696472af8c1b7b4c554a829354fa8jm if (vscand_init() != 0) {
911106dfb16696472af8c1b7b4c554a829354fa8jm * "pfd" is a pipe descriptor -- any fatal errors
911106dfb16696472af8c1b7b4c554a829354fa8jm * during subsequent initialization of the child
911106dfb16696472af8c1b7b4c554a829354fa8jm * process should be written to this pipe and the
911106dfb16696472af8c1b7b4c554a829354fa8jm * parent will report this error as the exit status.
911106dfb16696472af8c1b7b4c554a829354fa8jm if (vscand_init() != 0) {
911106dfb16696472af8c1b7b4c554a829354fa8jm /* Wait here until shutdown */
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand_parse_args -
911106dfb16696472af8c1b7b4c554a829354fa8jm * Routine to parse the arguments to the daemon program
911106dfb16696472af8c1b7b4c554a829354fa8jm * 'f' argument runs process in the foreground instead of as a daemon
911106dfb16696472af8c1b7b4c554a829354fa8jm return (-1);
911106dfb16696472af8c1b7b4c554a829354fa8jm return (0);
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand_usage
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand_get_uid_gid
911106dfb16696472af8c1b7b4c554a829354fa8jm * failure to access a uid/gid results in the default (0) being used.
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand_daemonize_init
911106dfb16696472af8c1b7b4c554a829354fa8jm * This function will fork off a child process, from which
911106dfb16696472af8c1b7b4c554a829354fa8jm * only the child will return.
911106dfb16696472af8c1b7b4c554a829354fa8jm * Reset process owner/group to daemon/sys. Root ownership is only
911106dfb16696472af8c1b7b4c554a829354fa8jm * required to initialize virus log file in /var/log
911106dfb16696472af8c1b7b4c554a829354fa8jm PRIV_PROC_AUDIT, PRIV_FILE_DAC_SEARCH, PRIV_FILE_DAC_READ,
911106dfb16696472af8c1b7b4c554a829354fa8jm vscand_error(gettext("failed to initialize privileges"));
911106dfb16696472af8c1b7b4c554a829354fa8jm * Block all signals prior to the fork and leave them blocked in the
911106dfb16696472af8c1b7b4c554a829354fa8jm * parent so we don't get in a situation where the parent gets SIGINT
911106dfb16696472af8c1b7b4c554a829354fa8jm * and returns non-zero exit status and the child is actually running.
911106dfb16696472af8c1b7b4c554a829354fa8jm * In the child, restore the signal mask once we've done our setsid().
911106dfb16696472af8c1b7b4c554a829354fa8jm vscand_error(gettext("failed to create pipe for daemonize"));
911106dfb16696472af8c1b7b4c554a829354fa8jm * If we're the parent process, wait for either the child to send us
911106dfb16696472af8c1b7b4c554a829354fa8jm * the appropriate exit status over the pipe or for the read to fail
911106dfb16696472af8c1b7b4c554a829354fa8jm * (presumably with 0 for EOF if our child terminated abnormally).
911106dfb16696472af8c1b7b4c554a829354fa8jm * If the read fails, exit with either the child's exit status if it
911106dfb16696472af8c1b7b4c554a829354fa8jm * exited or with SMF_EXIT_ERR_FATAL if it died from a fatal signal.
911106dfb16696472af8c1b7b4c554a829354fa8jm if (pid != 0) {
911106dfb16696472af8c1b7b4c554a829354fa8jm if (read(pfds[0], &status, sizeof (status)) == sizeof (status))
911106dfb16696472af8c1b7b4c554a829354fa8jm if (waitpid(pid, &status, 0) == pid && WIFEXITED(status))
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand_daemonize_fini
911106dfb16696472af8c1b7b4c554a829354fa8jm * Now that we're running, if a pipe fd was specified, write an exit
911106dfb16696472af8c1b7b4c554a829354fa8jm * status to it to indicate that our parent process can safely detach.
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void
911106dfb16696472af8c1b7b4c554a829354fa8jm if (fd >= 0)
911106dfb16696472af8c1b7b4c554a829354fa8jm /* Restore standard file descriptors */
911106dfb16696472af8c1b7b4c554a829354fa8jm /* clear basic privileges not required by vscand */
911106dfb16696472af8c1b7b4c554a829354fa8jm __fini_daemon_priv(PRIV_PROC_FORK, PRIV_PROC_EXEC, PRIV_PROC_SESSION,
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand_init_file
911106dfb16696472af8c1b7b4c554a829354fa8jm * create specified file and set its uid, gid and mode
911106dfb16696472af8c1b7b4c554a829354fa8jmvscand_init_file(char *filepath, uid_t uid, gid_t gid, mode_t mode)
911106dfb16696472af8c1b7b4c554a829354fa8jm if ((fd = open(filepath, O_RDONLY | O_CREAT, mode)) == -1)
911106dfb16696472af8c1b7b4c554a829354fa8jm return (rc);
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand_init
911106dfb16696472af8c1b7b4c554a829354fa8jm * There are some requirements on the order in which the daemon
911106dfb16696472af8c1b7b4c554a829354fa8jm * initialization functions are called.
911106dfb16696472af8c1b7b4c554a829354fa8jm * - vscand_kernel_bind - bind to kernel module
911106dfb16696472af8c1b7b4c554a829354fa8jm * - vs_eng_init populates vs_icap data and thus vs_icap_init MUST be
911106dfb16696472af8c1b7b4c554a829354fa8jm * called before vs_eng_init
911106dfb16696472af8c1b7b4c554a829354fa8jm * - vscand_configure - load the configuration
911106dfb16696472af8c1b7b4c554a829354fa8jm * - vs_door_init - start vscan door server
911106dfb16696472af8c1b7b4c554a829354fa8jm * - vscand_kernel_enable - enable scan requests from kernel
911106dfb16696472af8c1b7b4c554a829354fa8jm return (-1);
911106dfb16696472af8c1b7b4c554a829354fa8jm if (vscand_configure() != 0) {
911106dfb16696472af8c1b7b4c554a829354fa8jm vscand_error(gettext("failed to initialize configuration"));
911106dfb16696472af8c1b7b4c554a829354fa8jm return (-1);
911106dfb16696472af8c1b7b4c554a829354fa8jm return (-1);
911106dfb16696472af8c1b7b4c554a829354fa8jm return (0);
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand_fini
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand_kernel_disable - should be called first to ensure that no
911106dfb16696472af8c1b7b4c554a829354fa8jm * more scan requests are initiated from the kernel module
911106dfb16696472af8c1b7b4c554a829354fa8jm * vs_door_fini - shouldn't be called until after the in-progress
911106dfb16696472af8c1b7b4c554a829354fa8jm * scans complete (vs_eng_fini waits for in progress scans)
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand_kernel_unbind - should be called last to tell the kernel module
911106dfb16696472af8c1b7b4c554a829354fa8jm * that vscand is shutdown.
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand_configure
911106dfb16696472af8c1b7b4c554a829354fa8jm return (-1);
911106dfb16696472af8c1b7b4c554a829354fa8jm vscand_error(gettext("configuration data error - types"));
911106dfb16696472af8c1b7b4c554a829354fa8jm return (-1);
911106dfb16696472af8c1b7b4c554a829354fa8jm /* Convert the maxfsize string from the configuration into bytes */
911106dfb16696472af8c1b7b4c554a829354fa8jm vscand_error(gettext("configuration data error - max-size"));
911106dfb16696472af8c1b7b4c554a829354fa8jm return (-1);
911106dfb16696472af8c1b7b4c554a829354fa8jm kconfig.vsc_allow = config.va_props.vp_maxsize_action ? 1LL : 0LL;
911106dfb16696472af8c1b7b4c554a829354fa8jm /* Send configuration update to kernel */
911106dfb16696472af8c1b7b4c554a829354fa8jm return (-1);
911106dfb16696472af8c1b7b4c554a829354fa8jm /* Tell vs_eng things have changed. */
911106dfb16696472af8c1b7b4c554a829354fa8jm /* Tell vs_stats things have changed */
911106dfb16696472af8c1b7b4c554a829354fa8jm return (0);
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand_get_state
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand_get_viruslog
911106dfb16696472af8c1b7b4c554a829354fa8jm if ((rc = vs_props_get(&props, propids)) != VS_ERR_NONE) {
911106dfb16696472af8c1b7b4c554a829354fa8jm return (-1);
911106dfb16696472af8c1b7b4c554a829354fa8jm (void) strlcpy(vscand_vlog, props.vp_vlog, sizeof (vscand_vlog));
911106dfb16696472af8c1b7b4c554a829354fa8jm return (0);
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand_viruslog
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand_kernel_bind
911106dfb16696472af8c1b7b4c554a829354fa8jm (void) snprintf(devname, MAXPATHLEN, "%s%d", VS_DRV_PATH, inst);
911106dfb16696472af8c1b7b4c554a829354fa8jm return (-1);
911106dfb16696472af8c1b7b4c554a829354fa8jm return (0);
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand_kernel_unbind
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand_kernel_enable
911106dfb16696472af8c1b7b4c554a829354fa8jm if (ioctl(vscand_kdrv_fd, VS_DRV_IOCTL_ENABLE, door_fd) < 0) {
911106dfb16696472af8c1b7b4c554a829354fa8jm return (-1);
911106dfb16696472af8c1b7b4c554a829354fa8jm return (0);
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand_kernel_disable
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand_kernel_config
911106dfb16696472af8c1b7b4c554a829354fa8jm return (-1);
911106dfb16696472af8c1b7b4c554a829354fa8jm if (ioctl(vscand_kdrv_fd, VS_DRV_IOCTL_CONFIG, conf) < 0) {
911106dfb16696472af8c1b7b4c554a829354fa8jm vscand_error(gettext("failed to send config to kernel"));
911106dfb16696472af8c1b7b4c554a829354fa8jm return (-1);
911106dfb16696472af8c1b7b4c554a829354fa8jm return (0);
911106dfb16696472af8c1b7b4c554a829354fa8jm * vscand_error
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void