/*
* if auditd isn't running, start it. Otherwise refresh.
* First check to see if c2audit is loaded via the auditon()
* system call, then check SMF state.
*/
static void
start_auditd()
{
int audit_state;
char *state;
if (auditon(A_GETCOND, (caddr_t)&audit_state,
sizeof (audit_state)) != 0)
exit(1);
if ((state = smf_get_state(AUDITD_FMRI)) == NULL) {
display_smf_error();
exit(1);
}
if (strcmp(SCF_STATE_STRING_ONLINE, state) != 0) {
if (smf_enable_instance(AUDITD_FMRI, 0) != 0) {
display_smf_error();
free(state);
exit(1);
}
} else {
if (smf_refresh_instance(AUDITD_FMRI) != 0) {
display_smf_error();
free(state);
exit(1);
}
}
free(state);
}
/*ARGSUSED*/
JNIEXPORT void JNICALL
Java_com_sun_dhcpmgr_bridge_Bridge_startup(
JNIEnv *env,
jobject obj)
{
char *s;
int ret;
/*
* We first get the current state of the server according to
* svc.startd; if it's "disabled", we can just enable it.
* In any other case, we want to send a refresh so that
* dependencies are re-evaluated, which will be the case if the
* service was marked enabled by the profile, yet the
* config file didn't exist to allow it to run.
*/
if ((s = smf_get_state(DHCP_SERVER_INST)) != NULL) {
if (strcmp(SCF_STATE_STRING_DISABLED, s) == 0)
ret = smf_enable_instance(DHCP_SERVER_INST, 0);
else
ret = smf_refresh_instance(DHCP_SERVER_INST);
free(s);
if (ret == 0)
return;
}
/* Something wasn't right, return exception with error from smf */
throw_bridge_exception(env, scf_strerror(scf_error()));
}
/* Enables the location. */
static void
nwamd_loc_activate(const char *object_name)
{
char *enabled;
nlog(LOG_DEBUG, "nwamd_loc_activate: activating loc %s",
object_name);
/*
* Find currently enabled location and change its state to disabled
* if it is a manual location, or offline (if it is not).
* Only manual locations reach disabled, since conditional and
* system locations which are manually disabled simply revert to
* their conditions for activation.
*/
if ((enabled = malloc(NWAM_MAX_NAME_LEN)) != NULL &&
nwamd_lookup_string_property(NET_LOC_FMRI, NET_LOC_PG,
NET_LOC_SELECTED_PROP, enabled, NWAM_MAX_NAME_LEN) == 0) {
/* Only change state if current != new */
if (strcmp(enabled, object_name) != 0) {
boolean_t do_disable = B_FALSE;
nwamd_object_t eobj = nwamd_object_find
(NWAM_OBJECT_TYPE_LOC, enabled);
if (eobj == NULL) {
nlog(LOG_INFO, "nwamd_loc_activate: could not "
"find old location %s", enabled);
goto skip_disable;
}
/*
* Disable if the old location was manual, since the
* only way a manual location can deactivate is if
* it is disabled.
*/
do_disable =
(loc_get_activation_mode(eobj->nwamd_object_handle)
== (int64_t)NWAM_ACTIVATION_MODE_MANUAL);
nwamd_object_release(eobj);
if (do_disable) {
nlog(LOG_DEBUG, "nwamd_loc_activate: "
"disable needed for old location %s",
enabled);
nwamd_object_set_state
(NWAM_OBJECT_TYPE_LOC, enabled,
NWAM_STATE_DISABLED,
NWAM_AUX_STATE_MANUAL_DISABLE);
} else {
nlog(LOG_DEBUG, "nwamd_loc_activate: "
"offline needed for old location %s",
enabled);
nwamd_object_set_state
(NWAM_OBJECT_TYPE_LOC, enabled,
NWAM_STATE_OFFLINE,
NWAM_AUX_STATE_CONDITIONS_NOT_MET);
}
}
}
skip_disable:
free(enabled);
if (nwamd_set_string_property(NET_LOC_FMRI, NET_LOC_PG,
NET_LOC_SELECTED_PROP, object_name) == 0) {
char *state = smf_get_state(NET_LOC_FMRI);
nlog(LOG_INFO, "nwamd_loc_activate: set %s/%s to %s; "
"service is in %s state", NET_LOC_PG, NET_LOC_SELECTED_PROP,
object_name, state == NULL ? "unknown" : state);
free(state);
(void) smf_restore_instance(NET_LOC_FMRI);
if (smf_refresh_instance(NET_LOC_FMRI) == 0) {
(void) pthread_mutex_lock(&active_loc_mutex);
(void) strlcpy(active_loc, object_name,
sizeof (active_loc));
(void) pthread_mutex_unlock(&active_loc_mutex);
nwamd_object_set_state(NWAM_OBJECT_TYPE_LOC,
object_name,
NWAM_STATE_ONLINE, NWAM_AUX_STATE_ACTIVE);
} else {
nlog(LOG_ERR, "nwamd_loc_activate: "
"%s could not be refreshed", NET_LOC_FMRI);
nwamd_object_set_state(NWAM_OBJECT_TYPE_LOC,
object_name,
NWAM_STATE_MAINTENANCE,
NWAM_AUX_STATE_METHOD_FAILED);
}
}
}
/*
* mgmt_config_save2scf() saves main configuration to scf
* See also : mgmt_get_main_config()
*/
Boolean_t
mgmt_config_save2scf()
{
targ_scf_t *h = NULL;
scf_property_t *prop = NULL;
scf_value_t *value = NULL;
scf_iter_t *iter = NULL;
char pgname[64];
char passcode[32];
unsigned int outlen;
tgt_node_t *n = NULL;
tgt_node_t *pn = NULL;
tgt_node_t *tn = NULL;
scf_transaction_t *tx = NULL;
secret_list_t *sl_head;
secret_list_t *sl_tail;
h = mgmt_handle_init();
if (h == NULL)
return (False);
prop = scf_property_create(h->t_handle);
value = scf_value_create(h->t_handle);
iter = scf_iter_create(h->t_handle);
(void) pthread_mutex_lock(&scf_conf_mutex);
if (mgmt_transaction_start(h, "iscsitgt", "basic") == True) {
scf_pg_delete(h->t_pg);
mgmt_transaction_end(h);
}
if (mgmt_transaction_start(h, "passwords", "application") == True) {
scf_pg_delete(h->t_pg);
mgmt_transaction_end(h);
}
if (scf_iter_service_pgs_typed(iter, h->t_service, "configuration")
== -1) {
goto error;
}
tx = scf_transaction_create(h->t_handle);
while (scf_iter_next_pg(iter, h->t_pg) > 0) {
scf_transaction_start(tx, h->t_pg);
scf_pg_delete(h->t_pg);
scf_transaction_commit(tx);
}
scf_transaction_reset(tx);
scf_transaction_destroy(tx);
sl_head = (secret_list_t *)calloc(1, sizeof (secret_list_t));
sl_tail = sl_head;
if (mgmt_transaction_start(h, "iscsitgt", "basic") == True) {
for (n = main_config->x_child; n; n = n->x_sibling) {
if (strcmp(n->x_name,
XML_ELEMENT_CHAPSECRET) == 0) {
sl_tail->next = (secret_list_t *)
calloc(1, sizeof (secret_list_t));
sl_tail = sl_tail->next;
sl_tail->name = strdup("main");
sl_tail->secret = strdup(n->x_value);
continue;
}
/* so does the radius server secret */
if (strcmp(n->x_name,
XML_ELEMENT_RAD_SECRET) == 0) {
sl_tail->next = (secret_list_t *)
calloc(1, sizeof (secret_list_t));
sl_tail = sl_tail->next;
sl_tail->name = strdup("radius");
sl_tail->secret = strdup(n->x_value);
continue;
}
if (n->x_child == NULL) {
new_property(h, n);
}
}
new_property(h, main_config->x_attr);
n = tgt_node_alloc(ISCSI_MODIFY_AUTHNAME, String,
ISCSI_AUTH_MODIFY);
new_property(h, n);
tgt_node_free(n);
n = tgt_node_alloc(ISCSI_VALUE_AUTHNAME, String,
ISCSI_AUTH_VALUE);
new_property(h, n);
tgt_node_free(n);
mgmt_transaction_end(h);
}
/* now update target/initiator/tpgt information */
for (n = main_config->x_child; n; n = n->x_sibling) {
if (n->x_child == NULL)
continue;
snprintf(pgname, sizeof (pgname), "%s_%s", n->x_name,
n->x_value);
if (mgmt_transaction_start(h, pgname, "configuration")
== True) {
for (pn = n->x_child; pn; pn = pn->x_sibling) {
if (strcmp(pn->x_name,
XML_ELEMENT_CHAPSECRET) == 0) {
sl_tail->next = (secret_list_t *)
calloc(1, sizeof (secret_list_t));
sl_tail = sl_tail->next;
sl_tail->name = (char *)
calloc(1, strlen(n->x_value) + 3);
snprintf(sl_tail->name,
strlen(n->x_value) + 3,
"I_%s", n->x_value);
sl_tail->secret = strdup(pn->x_value);
continue;
}
if (pn->x_child == NULL) {
/* normal property */
new_property(h, pn);
} else {
/* pn -> xxx-list */
new_value_list(h, pn);
}
tn = tgt_node_alloc(ISCSI_MODIFY_AUTHNAME,
String, ISCSI_AUTH_MODIFY);
new_property(h, tn);
tgt_node_free(tn);
tn = tgt_node_alloc(ISCSI_VALUE_AUTHNAME,
String, ISCSI_AUTH_VALUE);
new_property(h, tn);
tgt_node_free(tn);
}
mgmt_transaction_end(h);
}
}
if (mgmt_transaction_start(h, "passwords", "application") == True) {
while (sl_head != NULL) {
/* Here we use sl_tail as a temporari var */
sl_tail = sl_head->next;
if (sl_head->name) {
/* max length of encoded passwd is 24B */
sasl_encode64(sl_head->secret,
strlen(sl_head->secret), passcode,
sizeof (passcode), &outlen);
n = tgt_node_alloc(sl_head->name, String,
passcode);
new_property(h, n);
tgt_node_free(n);
}
if (sl_head->name)
free(sl_head->name);
if (sl_head->secret)
free(sl_head->secret);
free(sl_head);
sl_head = sl_tail;
}
n = tgt_node_alloc(ISCSI_READ_AUTHNAME, String,
ISCSI_AUTH_READ);
new_property(h, n);
tgt_node_free(n);
n = tgt_node_alloc(ISCSI_VALUE_AUTHNAME, String,
ISCSI_AUTH_VALUE);
new_property(h, n);
tgt_node_free(n);
n = tgt_node_alloc(ISCSI_MODIFY_AUTHNAME, String,
ISCSI_AUTH_MODIFY);
new_property(h, n);
tgt_node_free(n);
mgmt_transaction_end(h);
}
if (smf_refresh_instance(SA_TARGET_SVC_INSTANCE_FMRI) != 0)
goto error;
(void) pthread_mutex_unlock(&scf_conf_mutex);
scf_iter_destroy(iter);
scf_value_destroy(value);
scf_property_destroy(prop);
return (True);
error:
(void) pthread_mutex_unlock(&scf_conf_mutex);
scf_iter_destroy(iter);
scf_value_destroy(value);
scf_property_destroy(prop);
mgmt_handle_fini(h);
return (False);
}
conerr_t
smfu_set_property(char *fmri, char *pgname, char *propname, char *value)
{
conerr_t err = ce_ok;
scf_handle_t *scfhandle = handle_create();
scf_service_t *service = scf_service_create(scfhandle);
scf_instance_t *instance = scf_instance_create(scfhandle);
scf_propertygroup_t *pg = scf_pg_create(scfhandle);
scf_property_t *prop = scf_property_create(scfhandle);
scf_value_t *val = scf_value_create(scfhandle);
scf_transaction_t *tx = scf_transaction_create(scfhandle);
scf_transaction_entry_t *ent = scf_entry_create(scfhandle);
scf_type_t type;
if (scfhandle == NULL || service == NULL || instance == NULL ||
pg == NULL || prop == NULL || tx == NULL || ent == NULL ||
val == NULL) {
err = ce_nomem;
goto out;
}
if (scf_handle_decode_fmri(scfhandle, fmri, NULL, service, instance,
NULL, NULL, 0) != SCF_SUCCESS) {
rad_log(RL_ERROR, "couldn't decode '%s': %s\n", fmri,
scf_strerror(scf_error()));
err = maperr(scf_error());
goto out;
}
if (scf_instance_get_pg(instance, pgname, pg) != 0 ||
scf_pg_get_property(pg, propname, prop) != 0 ||
scf_property_type(prop, &type) != 0) {
rad_log(RL_ERROR, "couldn't get property: '%s/%s/%s': %s\n",
fmri, pgname, propname, scf_strerror(scf_error()));
err = maperr(scf_error());
goto out;
}
top:
if (scf_transaction_start(tx, pg) == -1 ||
scf_transaction_property_change(tx, ent, propname, type) != 0 ||
scf_value_set_from_string(val, type, value) != 0 ||
scf_entry_add_value(ent, val) != 0) {
rad_log(RL_ERROR, "couldn't set property: '%s/%s/%s': %s\n",
fmri, pgname, propname, scf_strerror(scf_error()));
err = maperr(scf_error());
goto out;
}
switch (scf_transaction_commit(tx)) {
/* success */
case 1:
if (smf_refresh_instance(fmri) != 0) {
err = maperr(scf_error());
goto out;
}
break;
/* retry */
case 0:
if (scf_pg_update(pg) != 0) {
err = maperr(scf_error());
goto out;
}
scf_transaction_reset(tx);
goto top;
default:
err = maperr(scf_error());
goto out;
}
out:
scf_entry_destroy(ent);
scf_transaction_destroy(tx);
scf_value_destroy(val);
scf_property_destroy(prop);
scf_pg_destroy(pg);
scf_instance_destroy(instance);
scf_service_destroy(service);
scf_handle_destroy(scfhandle);
return (err);
}
static int
modify_inst_props_cb(void *data, scf_walkinfo_t *wip)
{
int i, j;
char *value;
const char *fmri = wip->fmri;
scf_instance_t *inst = wip->inst;
inetd_prop_t *mod, *prop_table;
size_t numprops;
ssize_t max_val;
int64_t new_int;
int argc = ((arglist_t *)data)->argc;
char **argv = ((arglist_t *)data)->argv;
if ((max_val = scf_limit(SCF_LIMIT_MAX_VALUE_LENGTH)) < 0)
scfdie();
prop_table = get_prop_table(&numprops);
if ((mod = malloc(numprops * sizeof (inetd_prop_t))) == NULL)
uu_die(gettext("Error: Out of memory.\n"));
(void) memcpy(mod, prop_table, numprops * sizeof (inetd_prop_t));
/*
* For each property to be changed, look up the property name in the
* property table. Change each property in the mod array, and then
* write the entire thing back.
*/
for (i = 0; i < argc; i++) {
/* Separate argument into name and value pair */
if ((value = strchr(argv[i], '=')) == NULL)
uu_die(gettext("Error: Malformed name=value pair "
"\"%s\"\n"), argv[i]);
*value = '\0';
value++;
/* Find property name in array of properties */
for (j = 0; mod[j].ip_name != NULL; j++) {
if (strcmp(mod[j].ip_name, argv[i]) == 0)
break;
}
if (mod[j].ip_name == NULL)
uu_die(gettext("Error: \"%s\" is not a valid "
"property.\n"), argv[i]);
if (*value == '\0') {
if ((mod[j].ip_default) || (j == PT_ARG0_INDEX)) {
/* mark property for deletion */
mod[j].ip_error = IVE_INVALID;
/* return the '=' taken out above */
*(--value) = '=';
continue;
} else {
uu_die(gettext("\"%s\" is a mandatory "
"property and can not be deleted.\n"),
argv[i]);
}
}
switch (mod[j].ip_type) {
case INET_TYPE_INTEGER:
if (uu_strtoint(value, &new_int, sizeof (new_int), NULL,
NULL, NULL) == -1)
uu_die(gettext("Error: \"%s\" is not a valid "
"integer value.\n"), value);
mod[j].ip_value.iv_int = new_int;
break;
case INET_TYPE_STRING:
if (strlen(value) >= max_val) {
uu_die(gettext("Error: String value is longer "
"than %l characters.\n"), max_val);
} else if ((mod[j].ip_value.iv_string = strdup(value))
== NULL) {
uu_die(gettext("Error: Out of memory.\n"));
}
break;
case INET_TYPE_STRING_LIST:
if ((mod[j].ip_value.iv_string_list =
get_protos(value)) == NULL) {
if (errno == ENOMEM) {
uu_die(gettext(
"Error: Out of memory.\n"));
} else if (errno == E2BIG) {
uu_die(gettext(
"Error: String value in "
"%s property longer than "
"%l characters.\n"),
PR_PROTO_NAME, max_val);
} else {
uu_die(gettext(
"Error: No values "
"specified for %s "
"property.\n"),
PR_PROTO_NAME);
}
}
break;
case INET_TYPE_BOOLEAN:
if (strcasecmp(value, INETADM_TRUE_STR) == 0)
mod[j].ip_value.iv_boolean = B_TRUE;
else if (strcasecmp(value, INETADM_FALSE_STR) == 0)
mod[j].ip_value.iv_boolean = B_FALSE;
else
uu_die(gettext("Error: \"%s\" is not a valid "
"boolean value. (TRUE or FALSE)\n"), value);
}
/* mark property for modification */
mod[j].ip_error = IVE_VALID;
/* return the '=' taken out above */
*(--value) = '=';
}
commit_props(inst, mod, B_FALSE);
free(mod);
if (smf_refresh_instance(fmri) != 0)
uu_die(gettext("Error: Unable to refresh instance %s.\n"),
fmri);
return (0);
}
