6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * CDDL HEADER START
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * The contents of this file are subject to the terms of the
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * Common Development and Distribution License (the "License").
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * You may not use this file except in compliance with the License.
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * or http://www.opensolaris.org/os/licensing.
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * See the License for the specific language governing permissions
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * and limitations under the License.
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * When distributing Covered Code, include this CDDL HEADER in each
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * If applicable, add the following below this CDDL HEADER, with the
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * fields enclosed by brackets "[]" replaced with your own identifying
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * information: Portions Copyright [yyyy] [name of copyright owner]
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * CDDL HEADER END
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * Use is subject to license terms.
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * Communicate with and implement library backend (running in netcfgd) to
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * retrieve or change NWAM configuration.
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * Check if uid has proper auths. flags is used to check auths for
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * enable/disable of profiles and manipulation of Known WLANs.
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskeynwam_check_auths(uid_t uid, boolean_t write, uint64_t flags)
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey /* Enabling/disabling profile - need SELECT auth */
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey if (chkauthattr(AUTOCONF_SELECT_AUTH, pwd->pw_name) == 0)
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey } else if (flags & NWAM_FLAG_ENTITY_KNOWN_WLAN) {
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey /* Known WLAN activity - need WLAN auth */
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey if (chkauthattr(AUTOCONF_WLAN_AUTH, pwd->pw_name) == 0)
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * First, check for WRITE, since it implies READ. If this
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * auth is not present, and write is true, fail, otherwise
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * check for READ.
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey if (chkauthattr(AUTOCONF_WRITE_AUTH, pwd->pw_name) == 0) {
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskeynwam_create_backend_door_arg(nwam_backend_door_cmd_t cmd,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey const char *dbname, const char *objname, uint64_t flags,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * For a read request, we want the full buffer to be
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * available for the backend door to write to.
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * An update request may either specify an object list
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * (which we pack into the buffer immediately after the
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * backend door request) or may not specify an object
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * (signifying a request to create the container of the
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey /* Data immediately follows the descriptor */
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey dataptr = (caddr_t)arg + sizeof (nwam_backend_door_arg_t);
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey /* pack object list for update request, adjusting datalen */
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey if ((err = nwam_pack_object_list(obj, (char **)&dataptr,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey /* A remove request has no associated object list. */
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey (void) strlcpy(arg->nwbda_dbname, dbname, MAXPATHLEN);
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey (void) strlcpy(arg->nwbda_object, objname, NWAM_MAX_NAME_LEN);
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * If the arg datalen is non-zero, unpack the object list associated with
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * the backend door argument.
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskeynwam_read_object_from_backend_door_arg(nwam_backend_door_arg_t *arg,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey caddr_t dataptr = (caddr_t)arg + sizeof (nwam_backend_door_arg_t);
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey if ((err = nwam_unpack_object_list((char *)dataptr,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey arg->nwbda_datalen, objp)) != NWAM_SUCCESS)
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * If "dbname" and "name" are non-NULL, copy in the actual dbname
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * and name values from the door arg since both may have been changed
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * from case-insensitive to case-sensitive matches. They will be the
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * same length as they only differ in case.
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey if (dbname != NULL && strcmp(dbname, arg->nwbda_dbname) != 0)
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey (void) strlcpy(dbname, arg->nwbda_dbname, strlen(dbname) + 1);
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey if (name != NULL && strcmp(name, arg->nwbda_object) != 0)
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey (void) strlcpy(name, arg->nwbda_object, strlen(name) + 1);
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey/* ARGSUSED */
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskeynwam_backend_door_server(void *cookie, char *arg, size_t arg_size,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey /* LINTED: alignment */
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey nwam_backend_door_arg_t *req = (nwam_backend_door_arg_t *)arg;
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey /* Check arg size */
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey if (arg_size < sizeof (nwam_backend_door_arg_t)) {
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey sizeof (nwam_backend_door_arg_t), NULL, 0);
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey (void) door_return((char *)req, arg_size, NULL, 0);
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey /* Check auths */
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey if (req->nwbda_cmd == NWAM_BACKEND_DOOR_CMD_READ_REQ)
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey if ((err = nwam_check_auths(uid, write, req->nwbda_flags))
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey req->nwbda_cmd == NWAM_BACKEND_DOOR_CMD_UPDATE_REQ ?
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey if ((req->nwbda_result = nwam_read_object_from_files_backend
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey (strlen(req->nwbda_dbname) > 0 ? req->nwbda_dbname : NULL,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey strlen(req->nwbda_object) > 0 ? req->nwbda_object : NULL,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey req->nwbda_flags, &newobj)) != NWAM_SUCCESS) {
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey if ((req->nwbda_result = nwam_pack_object_list(newobj,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey (char **)&dataptr, &datalen)) != NWAM_SUCCESS)
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey req->nwbda_result = nwam_update_object_in_files_backend(
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey req->nwbda_dbname[0] == 0 ? NULL : req->nwbda_dbname,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey req->nwbda_object[0] == 0 ? NULL : req->nwbda_object,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey nwam_record_audit_event(ucr, ADT_netcfg_update,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey req->nwbda_result = nwam_remove_object_from_files_backend
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey (strlen(req->nwbda_dbname) > 0 ? req->nwbda_dbname : NULL,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey strlen(req->nwbda_object) > 0 ? req->nwbda_object : NULL,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey nwam_record_audit_event(ucr, ADT_netcfg_update,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey (void) door_return((char *)req, arg_size, NULL, 0);
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey /* Create the door directory if it doesn't already exist */
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey if (mkdir(NWAM_DOOR_DIR, (mode_t)0755) < 0)
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey chown(NWAM_DOOR_DIR, UID_NETADM, GID_NETADM) < 0)
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey /* Do a low-overhead "touch" on the file that will be the door node. */
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW | O_NONBLOCK,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey /* Create the door. */
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey backend_door_fd = door_create(nwam_backend_door_server, NULL,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey /* Attach the door to the file. */
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey if (fattach(backend_door_fd, NWAM_BACKEND_DOOR_FILE) == -1) {
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskeynwam_backend_door_call(nwam_backend_door_cmd_t cmd, char *dbname,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey uchar_t reqbuf[NWAM_BACKEND_DOOR_ARG_SIZE];
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey /* LINTED: alignment */
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey nwam_backend_door_arg_t *req = (nwam_backend_door_arg_t *)&reqbuf;
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey if ((err = nwam_create_backend_door_arg(cmd, dbname, objname, flags,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey if (nwam_make_door_call(NWAM_BACKEND_DOOR_FILE, &backend_door_client_fd,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey if (cmd == NWAM_BACKEND_DOOR_CMD_READ_REQ) {
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey err = nwam_read_object_from_backend_door_arg(req, dbname,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey return (err == NWAM_SUCCESS ? reserr : err);
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * Read object specified by objname from backend dbname, retrieving an object
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * list representation.
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * If dbname is NULL, obj is a list of string arrays consisting of the list
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * of backend dbnames.
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * If objname is NULL, read all objects in the specified dbname and create
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * an object list containing a string array which represents each object.
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * Otherwise obj will point to a list of the properties for the object
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * specified by objname in the backend dbname.
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey/* ARGSUSED2 */
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskeynwam_read_object_from_backend(char *dbname, char *objname,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey nwam_error_t err = nwam_check_auths(getuid(), B_FALSE, flags);
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey return (nwam_backend_door_call(NWAM_BACKEND_DOOR_CMD_READ_REQ,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * Read in all objects from backend dbname and update object corresponding
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * to objname with properties recorded in proplist, writing the results to
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * the backend dbname.
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskeynwam_update_object_in_backend(char *dbname, char *objname,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey nwam_error_t err = nwam_check_auths(getuid(), B_TRUE, flags);
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey return (nwam_backend_door_call(NWAM_BACKEND_DOOR_CMD_UPDATE_REQ,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * Remove specified object from backend by reading in the list of objects,
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * removing objname and writing the remainder.
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey * If objname is NULL, remove the backend dbname.
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskeynwam_remove_object_from_backend(char *dbname, char *objname, uint64_t flags)
6ba597c56d749c61b4f783157f63196d7b2445f0Anurag S. Maskey nwam_error_t err = nwam_check_auths(getuid(), B_TRUE, flags);