/*
* if auditd isn't running, start it. Otherwise refresh.
* First check to see if c2audit is loaded via the auditon()
* system call, then check SMF state.
*/
static void
start_auditd()
{
int audit_state;
char *state;
if (auditon(A_GETCOND, (caddr_t)&audit_state,
sizeof (audit_state)) != 0)
exit(1);
if ((state = smf_get_state(AUDITD_FMRI)) == NULL) {
display_smf_error();
exit(1);
}
if (strcmp(SCF_STATE_STRING_ONLINE, state) != 0) {
if (smf_enable_instance(AUDITD_FMRI, 0) != 0) {
display_smf_error();
free(state);
exit(1);
}
} else {
if (smf_refresh_instance(AUDITD_FMRI) != 0) {
display_smf_error();
free(state);
exit(1);
}
}
free(state);
}
Status osEnabler( int inEnable, int inOneTime, int inQuiet )
{
Status theStatus;
DaemonOp theOp = inEnable == 1 ? sOpEnable : sOpDisable;
int theFlags = inOneTime == 1 ? SMF_TEMPORARY : 0;
if ( inQuiet == 0 )
{
writeInitialMessage( theOp );
}
if ( theOp == sOpEnable )
{
theStatus =
smf_enable_instance( sInstanceName, theFlags ) == SCF_SUCCESS ?
sStatusOK : sErrorGeneric;
}
else
{
theStatus =
smf_disable_instance( sInstanceName, theFlags ) == SCF_SUCCESS ?
sStatusOK : sErrorGeneric;
}
if ( inQuiet == 0 )
{
writeFinalMessage( theOp, theStatus );
}
return theStatus;
}
/*ARGSUSED*/
JNIEXPORT void JNICALL
Java_com_sun_dhcpmgr_bridge_Bridge_startup(
JNIEnv *env,
jobject obj)
{
char *s;
int ret;
/*
* We first get the current state of the server according to
* svc.startd; if it's "disabled", we can just enable it.
* In any other case, we want to send a refresh so that
* dependencies are re-evaluated, which will be the case if the
* service was marked enabled by the profile, yet the
* config file didn't exist to allow it to run.
*/
if ((s = smf_get_state(DHCP_SERVER_INST)) != NULL) {
if (strcmp(SCF_STATE_STRING_DISABLED, s) == 0)
ret = smf_enable_instance(DHCP_SERVER_INST, 0);
else
ret = smf_refresh_instance(DHCP_SERVER_INST);
free(s);
if (ret == 0)
return;
}
/* Something wasn't right, return exception with error from smf */
throw_bridge_exception(env, scf_strerror(scf_error()));
}
static int
set_svc_enable_cb(void *data, scf_walkinfo_t *wip)
{
uint8_t desired = *(uint8_t *)data;
const char *instname = wip->fmri;
if (desired) {
if (smf_enable_instance(instname, 0) == 0)
return (0);
} else {
if (smf_disable_instance(instname, 0) == 0)
return (0);
}
switch (scf_error()) {
case SCF_ERROR_INVALID_ARGUMENT:
uu_die(gettext("Error: \"%s\" is not a valid service "
"instance.\n"), instname);
break;
case SCF_ERROR_NOT_FOUND:
uu_die(gettext("Error: Service instance \"%s\" not found.\n"),
instname);
break;
default:
scfdie();
}
return (0);
}
/*
* Create a service instance. returns 0 if successful.
* If instance already exists enable it.
*/
int
smb_smf_instance_create(smb_scfhandle_t *handle, char *serv_prefix,
char *inst_name)
{
char *instance;
int ret = SMBC_SMF_OK;
int sz;
if (handle == NULL) {
return (SMBC_SMF_SYSTEM_ERR);
}
if (!serv_prefix || !inst_name) {
return (SMBC_SMF_SYSTEM_ERR);
}
sz = strlen(serv_prefix) + strlen(inst_name) + 2;
instance = malloc(sz);
if (!instance) {
return (SMBC_SMF_SYSTEM_ERR);
}
(void) snprintf(instance, sz, "%s:%s", serv_prefix, inst_name);
handle->scf_instance = scf_instance_create(handle->scf_handle);
if (scf_service_get_instance(handle->scf_service, inst_name,
handle->scf_instance) != SCF_SUCCESS) {
if (scf_service_add_instance(handle->scf_service,
inst_name, handle->scf_instance) == SCF_SUCCESS) {
if (smf_enable_instance(instance, 0))
ret = SMBC_SMF_SYSTEM_ERR;
} else {
ret = SMBC_SMF_SYSTEM_ERR;
}
} else {
if (smf_enable_instance(instance, 0))
ret = SMBC_SMF_SYSTEM_ERR;
}
free(instance);
return (ret);
}
static int
create_instance(scf_handle_t *handle, scf_service_t *svc,
const char *instance_name, const char *kssl_entry, const char *command,
const char *username, char *inaddr_any_name)
{
int status = FAILURE;
char *buf;
boolean_t errflag = B_FALSE;
ssize_t max_fmri_len;
scf_instance_t *instance;
instance = scf_instance_create(handle);
if (instance == NULL) {
errflag = B_TRUE;
KSSL_DEBUG("scf_instance_create failed: %s\n",
scf_strerror(scf_error()));
goto out;
}
KSSL_DEBUG("scf_instance_create succeeded\n");
if (scf_service_get_instance(svc, inaddr_any_name, instance) == 0) {
/* Let the caller deal with the duplicate instance */
status = INSTANCE_ANY_EXISTS;
goto out;
}
if (scf_service_add_instance(svc, instance_name, instance) != 0) {
if (scf_error() == SCF_ERROR_EXISTS) {
/* Let the caller deal with the duplicate instance */
status = INSTANCE_OTHER_EXISTS;
goto out;
}
errflag = B_TRUE;
KSSL_DEBUG("scf_service_add_instance failed: %s\n",
scf_strerror(scf_error()));
goto out;
}
KSSL_DEBUG("scf_service_add_instance succeeded\n");
if ((add_pg_method(handle, instance, kssl_entry, "start",
command, username) != SUCCESS) ||
(add_pg_method(handle, instance, kssl_entry, "refresh",
command, username) != SUCCESS) ||
(add_pg_method(handle, instance, kssl_entry, "stop",
"", username) != SUCCESS)) {
scf_instance_destroy(instance);
return (status);
}
/* enabling the instance */
max_fmri_len = scf_limit(SCF_LIMIT_MAX_FMRI_LENGTH);
if ((buf = malloc(max_fmri_len + 1)) == NULL)
goto out;
if (scf_instance_to_fmri(instance, buf, max_fmri_len + 1) > 0) {
KSSL_DEBUG("instance_fmri=%s\n", buf);
if (smf_enable_instance(buf, 0) != 0) {
errflag = B_TRUE;
KSSL_DEBUG(
"smf_enable_instance failed: %s\n",
scf_strerror(scf_error()));
goto out;
}
status = SUCCESS;
}
out:
if (instance != NULL)
scf_instance_destroy(instance);
if (errflag)
(void) fprintf(stderr, gettext(
"Unexpected fatal libscf error: %s. Exiting.\n"),
scf_strerror(scf_error()));
return (status);
}
int
main(int argc, char *argv[])
{
int c; /* options character */
int type = 0; /* type of accounting */
int modified = 0; /* have we modified any properties? */
acctconf_t ac; /* current configuration */
char *typestr = NULL; /* type of accounting argument string */
char *enabled = NULL; /* enabled resources string */
char *disabled = NULL; /* disabled resources string */
char *file = NULL;
int Eflg = 0;
int Dflg = 0;
int rflg = 0;
int sflg = 0;
int xflg = 0;
int optcnt = 0;
int state;
const char *fmri; /* FMRI for this instance */
int err = 0;
setup_privs();
(void) setlocale(LC_ALL, "");
(void) textdomain(TEXT_DOMAIN);
(void) setpname(argv[0]);
for (; optind < argc; optind++) {
while ((c = getopt(argc, argv, OPTS)) != (int)EOF) {
switch (c) {
case 'd':
disabled = optarg;
break;
case 'e':
enabled = optarg;
break;
case 'D':
Dflg = 1;
optcnt++;
break;
case 'E':
Eflg = 1;
optcnt++;
break;
case 'f':
file = optarg;
optcnt++;
break;
case 'r':
rflg = 1;
optcnt++;
break;
case 's':
sflg = 1;
optcnt++;
break;
case 'x':
xflg = 1;
optcnt++;
break;
case '?':
default:
usage();
}
}
/*
* Permanently give up euid 0, egid 0 and privileges we
* don't need for the specified options.
*/
if (!(file || sflg)) {
if (setreuid(getuid(), getuid()) == -1 ||
setregid(getgid(), getgid()) == -1)
die(gettext("setreuid()/setregid() failed"));
(void) priv_set(PRIV_OFF, PRIV_PERMITTED,
PRIV_FILE_DAC_WRITE, NULL);
}
if (!(disabled || enabled || Dflg || Eflg || file || sflg ||
xflg))
(void) priv_set(PRIV_OFF, PRIV_PERMITTED,
PRIV_SYS_ACCT, PRIV_SYS_DL_CONFIG, NULL);
if (optind < argc) {
if (typestr != NULL) {
warn(gettext("illegal argument -- %s\n"),
argv[optind]);
usage();
} else {
typestr = argv[optind];
}
}
}
if (typestr != NULL) {
if (strcmp(typestr, "process") == 0 ||
strcmp(typestr, "proc") == 0)
type |= AC_PROC;
else if (strcmp(typestr, "task") == 0)
type |= AC_TASK;
else if (strcmp(typestr, "flow") == 0)
type |= AC_FLOW;
else if (strcmp(typestr, "net") == 0)
type |= AC_NET;
else {
warn(gettext("unknown accounting type -- %s\n"),
typestr);
usage();
}
} else
type = AC_PROC | AC_TASK | AC_FLOW | AC_NET;
/*
* Drop the DL config privilege if we are not working with
* net.
*/
if ((type & AC_NET) == 0) {
(void) priv_set(PRIV_OFF, PRIV_PERMITTED,
PRIV_SYS_DL_CONFIG, NULL);
}
/*
* check for invalid options
*/
if (optcnt > 1)
usage();
/*
* XXX For AC_NET, enabled/disabled should only be "basic" or
* "extended" - need to check it here.
*/
if ((enabled || disabled) && (rflg || Dflg || sflg || xflg || Eflg))
usage();
if ((file || xflg || Dflg || Eflg || enabled || disabled) &&
!typestr) {
warn(gettext("accounting type must be specified\n"));
usage();
}
if (rflg) {
printgroups(type);
return (E_SUCCESS);
}
/*
* If no arguments have been passed then just print out the current
* state and exit.
*/
if (!enabled && !disabled && !file &&
!Eflg && !rflg && !Dflg && !sflg && !xflg) {
aconf_print(stdout, type);
return (E_SUCCESS);
}
/* Open the libdladm handle */
if (dladm_open(&dld_handle) != DLADM_STATUS_OK)
die(gettext("failed to open dladm handle\n"));
/*
* smf(5) start method. The FMRI to operate on is retrieved from the
* SMF_FMRI environment variable that the restarter provides.
*/
if (sflg) {
if ((fmri = getenv("SMF_FMRI")) != NULL) {
int ret = aconf_setup(fmri);
dladm_close(dld_handle);
return (ret);
}
die(gettext("-s option should only be invoked by smf(5)\n"));
}
assert(type == AC_PROC || type == AC_TASK || type == AC_FLOW ||
type == AC_NET);
if ((type == AC_FLOW || type == AC_NET) && getzoneid() != GLOBAL_ZONEID)
die(gettext("%s accounting cannot be configured in "
"non-global zones\n"), ac_type_name(type));
fmri = aconf_type2fmri(type);
if (aconf_scf_init(fmri) == -1)
die(gettext("cannot connect to repository for %s\n"), fmri);
/*
* Since the sys_acct the privilege allows use of acctctl() regardless
* of the accounting type, we check the smf(5) authorizations granted
* to the user to determine whether the user is allowed to change the
* configuration for this particular accounting type.
*/
if (!aconf_have_smf_auths())
die(gettext("insufficient authorization to change %s extended "
"accounting configuration\n"), ac_type_name(type));
if (xflg) {
/*
* Turn off the specified accounting and close its file
*/
/*
* Stop net logging before turning it off so that the last
* set of logs can be written.
*/
if (type & AC_NET) {
(void) priv_set(PRIV_ON, PRIV_EFFECTIVE,
PRIV_SYS_DL_CONFIG, NULL);
err = dladm_stop_usagelog(dld_handle,
DLADM_LOGTYPE_FLOW);
(void) priv_set(PRIV_OFF, PRIV_EFFECTIVE,
PRIV_SYS_DL_CONFIG, NULL);
if (err != DLADM_STATUS_OK) {
die(gettext("failed to stop logging network "
"information, error %d\n"), errno);
}
}
state = AC_OFF;
(void) priv_set(PRIV_ON, PRIV_EFFECTIVE, PRIV_SYS_ACCT, NULL);
if (acctctl(type | AC_STATE_SET, &state, sizeof (int)) == -1)
die(gettext("cannot disable %s accounting"),
ac_type_name(type));
if (acctctl(type | AC_FILE_SET, NULL, 0) == -1)
die(gettext("cannot close %s accounting file\n"),
ac_type_name(type));
(void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_SYS_ACCT, NULL);
if (aconf_set_bool(AC_PROP_STATE, B_FALSE) == -1)
die(gettext("cannot update %s property\n"),
AC_PROP_STATE);
if (aconf_set_string(AC_PROP_FILE, AC_STR_NONE) == -1)
die(gettext("cannot update %s property\n"),
AC_PROP_FILE);
modified++;
}
if (enabled || disabled) {
char *tracked, *untracked;
ac_res_t *buf;
/*
* Enable/disable resources
*/
if ((buf = malloc(AC_BUFSIZE)) == NULL)
die(gettext("not enough memory\n"));
(void) memset(buf, 0, AC_BUFSIZE);
if (acctctl(type | AC_RES_GET, buf, AC_BUFSIZE) == -1) {
free(buf);
die(gettext("cannot obtain list of resources\n"));
}
if (disabled) {
/*
* Stop net logging before turning it off so that the
* last set of logs can be written.
*/
if (type & AC_NET) {
(void) priv_set(PRIV_ON, PRIV_EFFECTIVE,
PRIV_SYS_DL_CONFIG, NULL);
err = dladm_stop_usagelog(dld_handle,
strcmp(disabled, "basic") == 0 ?
DLADM_LOGTYPE_LINK : DLADM_LOGTYPE_FLOW);
(void) priv_set(PRIV_OFF, PRIV_EFFECTIVE,
PRIV_SYS_DL_CONFIG, NULL);
if (err != DLADM_STATUS_OK) {
die(gettext("failed to stop logging "
"network information, error %d\n"),
errno);
}
}
str2buf(buf, disabled, AC_OFF, type);
} else if (enabled) {
str2buf(buf, enabled, AC_ON, type);
}
(void) priv_set(PRIV_ON, PRIV_EFFECTIVE, PRIV_SYS_ACCT, NULL);
if (acctctl(type | AC_RES_SET, buf, AC_BUFSIZE) == -1) {
free(buf);
die(gettext("cannot enable/disable %s accounting "
"resources\n"), ac_type_name(type));
}
(void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_SYS_ACCT, NULL);
tracked = buf2str(buf, AC_BUFSIZE, AC_ON, type);
untracked = buf2str(buf, AC_BUFSIZE, AC_OFF, type);
if (aconf_set_string(AC_PROP_TRACKED, tracked) == -1)
die(gettext("cannot update %s property\n"),
AC_PROP_TRACKED);
if (aconf_set_string(AC_PROP_UNTRACKED, untracked) == -1)
die(gettext("cannot update %s property\n"),
AC_PROP_UNTRACKED);
free(tracked);
free(untracked);
free(buf);
modified++;
}
if (file) {
/*
* Open new accounting file
*/
(void) priv_set(PRIV_ON, PRIV_EFFECTIVE, PRIV_SYS_ACCT, NULL);
if (open_exacct_file(file, type) == -1) {
dladm_close(dld_handle);
exit(E_ERROR);
}
if (aconf_set_string(AC_PROP_FILE, file) == -1)
die(gettext("cannot update %s property\n"),
AC_PROP_FILE);
state = AC_ON;
if (acctctl(type | AC_STATE_SET, &state, sizeof (int)) == -1)
die(gettext("cannot enable %s accounting"),
ac_type_name(type));
(void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_SYS_ACCT, NULL);
if (aconf_set_bool(AC_PROP_STATE, B_TRUE) == -1)
die(gettext("cannot update %s property\n"),
AC_PROP_STATE);
modified++;
}
/*
* Let's get network logging started. We do this after turning on
* accounting and opening the file so that we can start writing
* immediately.
*/
if (enabled && (type & AC_NET)) {
/*
* Default logging interval for AC_NET is
* ACCTADM_NET_LOG_INTERVAL.
*/
(void) priv_set(PRIV_ON, PRIV_EFFECTIVE,
PRIV_SYS_DL_CONFIG, NULL);
err = dladm_start_usagelog(dld_handle,
strcmp(enabled, "basic") == 0 ?
DLADM_LOGTYPE_LINK : DLADM_LOGTYPE_FLOW,
ACCTADM_NET_LOG_INTERVAL);
(void) priv_set(PRIV_OFF, PRIV_EFFECTIVE,
PRIV_SYS_DL_CONFIG, NULL);
if (err != DLADM_STATUS_OK) {
die(gettext("failed to start logging "
"network information, error %d\n"),
errno);
}
}
if (Dflg) {
/*
* Disable accounting
*/
/*
* Stop net logging before turning it off so that the last
* set of logs can be written.
*/
if (type & AC_NET) {
(void) priv_set(PRIV_ON, PRIV_EFFECTIVE,
PRIV_SYS_DL_CONFIG, NULL);
err = dladm_stop_usagelog(dld_handle,
DLADM_LOGTYPE_FLOW);
(void) priv_set(PRIV_OFF, PRIV_EFFECTIVE,
PRIV_SYS_DL_CONFIG, NULL);
if (err != DLADM_STATUS_OK) {
die(gettext("failed to stop logging "
"network information, error %d\n"), errno);
}
}
state = AC_OFF;
(void) priv_set(PRIV_ON, PRIV_EFFECTIVE, PRIV_SYS_ACCT, NULL);
if (acctctl(type | AC_STATE_SET, &state, sizeof (int)) == -1)
die(gettext("cannot disable %s accounting"),
ac_type_name(type));
(void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_SYS_ACCT, NULL);
if (aconf_set_bool(AC_PROP_STATE, B_FALSE) == -1)
die(gettext("cannot update %s property\n"),
AC_PROP_STATE);
modified++;
}
if (Eflg) {
/*
* Enable accounting
*/
/*
* Let's get network logging started.
*/
if (type & AC_NET) {
/*
* Default logging interval for AC_NET is
* ACCTADM_NET_LOG_INTERVAL.
*/
(void) priv_set(PRIV_ON, PRIV_EFFECTIVE,
PRIV_SYS_DL_CONFIG, NULL);
err = dladm_start_usagelog(dld_handle,
DLADM_LOGTYPE_FLOW, ACCTADM_NET_LOG_INTERVAL);
(void) priv_set(PRIV_OFF, PRIV_EFFECTIVE,
PRIV_SYS_DL_CONFIG, NULL);
if (err != DLADM_STATUS_OK) {
die(gettext("failed to start logging "
"network information, error %d\n"), errno);
}
}
state = AC_ON;
(void) priv_set(PRIV_ON, PRIV_EFFECTIVE, PRIV_SYS_ACCT, NULL);
if (acctctl(type | AC_STATE_SET, &state, sizeof (int)) == -1)
die(gettext("cannot enable %s accounting"),
ac_type_name(type));
(void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_SYS_ACCT, NULL);
if (aconf_set_bool(AC_PROP_STATE, B_TRUE) == -1)
die(gettext("cannot update %s property\n"),
AC_PROP_STATE);
modified++;
}
(void) priv_set(PRIV_OFF, PRIV_PERMITTED, PRIV_SYS_ACCT, NULL);
if (modified) {
char *smf_state;
if (aconf_save() == -1)
die(gettext("cannot save %s accounting "
"configuration\n"), ac_type_name(type));
/*
* Enable or disable the instance depending on the effective
* configuration. If the effective configuration results in
* extended accounting being 'on', the instance is enabled so
* the configuration is applied at the next boot.
*/
smf_state = smf_get_state(fmri);
aconf_init(&ac, type);
if (ac.state == AC_ON ||
strcmp(ac.file, AC_STR_NONE) != 0 ||
strcmp(ac.tracked, AC_STR_NONE) != 0) {
if (strcmp(smf_state, SCF_STATE_STRING_ONLINE) != 0)
if (smf_enable_instance(fmri, 0) == -1)
die(gettext("cannot enable %s\n"),
fmri);
} else {
if (strcmp(smf_state, SCF_STATE_STRING_ONLINE) == 0)
if (smf_disable_instance(fmri, 0) == -1)
die(gettext("cannot disable %s\n"),
fmri);
}
free(smf_state);
}
aconf_scf_fini();
dladm_close(dld_handle);
return (E_SUCCESS);
}
