int
diod_remapuser (Npfid *fid, Npstr *uname, u32 n_uname, Npstr *aname)
{
int ret = 0;
if (diod_conf_get_allsquash ()) {
char *squash = diod_conf_get_squashuser ();
Npuser *user = NULL;
if (!(user = np_uname2user (fid->conn->srv, squash))) {
ret = -1;
goto done;
}
if (fid->user)
np_user_decref (fid->user);
fid->user = user;
}
done:
return ret;
}
static void
_service_run (srvmode_t mode, int rfdno, int wfdno)
{
List l = diod_conf_get_listen ();
int nwthreads = diod_conf_get_nwthreads ();
int flags = diod_conf_get_debuglevel ();
uid_t euid = geteuid ();
int n;
ss.mode = mode;
ss.rfdno = rfdno;
ss.wfdno = wfdno;
ss.shutdown = 0;
ss.reload = 0;
_service_sigsetup ();
ss.fds = NULL;
ss.nfds = 0;
switch (mode) {
case SRV_FILEDES:
break;
case SRV_NORMAL:
case SRV_SOCKTEST:
if (!diod_sock_listen (l, &ss.fds, &ss.nfds))
msg_exit ("failed to set up listener");
#if WITH_RDMATRANS
ss.rdma = diod_rdma_create ();
diod_rdma_listen (ss.rdma);
#endif
break;
}
/* manipulate squash/runas users if not root */
if (euid != 0) {
if (diod_conf_get_allsquash ()) {
struct passwd *pw = getpwuid (euid);
char *su = diod_conf_get_squashuser ();
if (!pw)
msg_exit ("getpwuid on effective uid failed");
if (strcmp (pw->pw_name, su) != 0) {
if (strcmp (su, DFLT_SQUASHUSER) != 0)
msg ("changing squashuser '%s' to '%s' "
"since you are not root", su, pw->pw_name);
diod_conf_set_squashuser (pw->pw_name); /* fixes issue 41 */
}
} else { /* N.B. runasuser cannot be set in the config file */
uid_t ruid = diod_conf_get_runasuid ();
if (diod_conf_opt_runasuid () && ruid != euid)
msg ("changing runasuid %d to %d "
"since you are not root", ruid, euid);
diod_conf_set_runasuid (euid);
}
}
if (!diod_conf_get_foreground () && mode != SRV_FILEDES)
_daemonize (); /* implicit fork - no pthreads before this */
if (!diod_conf_get_foreground () && mode != SRV_FILEDES)
diod_log_set_dest (diod_conf_get_logdest ());
/* drop root */
if (euid == 0) {
if (diod_conf_get_allsquash ())
_become_user (diod_conf_get_squashuser (), -1, 1);
else if (diod_conf_opt_runasuid ())
_become_user (NULL, diod_conf_get_runasuid (), 1);
}
/* clear umask */
umask (0);
flags |= SRV_FLAGS_LOOSEFID; /* work around buggy clients */
flags |= SRV_FLAGS_AUTHCONN;
//flags |= SRV_FLAGS_FLUSHSIG; /* XXX temporarily off */
if (geteuid () == 0) {
flags |= SRV_FLAGS_SETFSID;
flags |= SRV_FLAGS_DAC_BYPASS;
if (_test_setgroups ())
flags |= SRV_FLAGS_SETGROUPS;
else
msg ("test_setgroups: groups are per-process (disabling)");
}
/* Process dumpable flag may have been cleared by uid manipulation above.
* Set it here, then maintain it in user.c::np_setfsid () as uids are
* further manipulated.
*/
if (prctl (PR_SET_DUMPABLE, 1, 0, 0, 0) < 0)
err_exit ("prctl PR_SET_DUMPABLE failed");
if (!diod_conf_get_userdb ())
flags |= SRV_FLAGS_NOUSERDB;
if (!(ss.srv = np_srv_create (nwthreads, flags))) /* starts threads */
errn_exit (np_rerror (), "np_srv_create");
if (diod_init (ss.srv) < 0)
errn_exit (np_rerror (), "diod_init");
if ((n = pthread_create (&ss.t, NULL, _service_loop, NULL)))
errn_exit (n, "pthread_create _service_loop");
#if WITH_RDMATRANS
if ((n = pthread_create (&ss.rdma_t, NULL, _service_loop_rdma, NULL)))
errn_exit (n, "pthread_create _service_loop_rdma");
#endif
switch (mode) {
case SRV_FILEDES:
case SRV_SOCKTEST:
np_srv_wait_conncount (ss.srv, 1);
pthread_kill (ss.t, SIGUSR1);
break;
case SRV_NORMAL:
break;
}
if ((n = pthread_join (ss.t, NULL)))
errn_exit (n, "pthread_join _service_loop");
#if WITH_RDMATRANS
if ((n = pthread_join (ss.rdma_t, NULL)))
errn_exit (n, "pthread_join _service_loop_rdma");
#endif
diod_fini (ss.srv);
np_srv_destroy (ss.srv);
}
int
main(int argc, char **argv)
{
int c;
char *copt = NULL;
srvmode_t mode = SRV_NORMAL;
int rfdno = -1, wfdno = -1;
diod_log_init (argv[0]);
diod_conf_init ();
/* config file overrides defaults */
opterr = 0;
while ((c = GETOPT (argc, argv, OPTIONS, longopts)) != -1) {
switch (c) {
case 'c': /* --config-file PATH */
copt = optarg;
break;
default:
break;
}
}
diod_conf_init_config_file (copt);
/* Command line overrides config file.
*/
optind = 0;
opterr = 0;
while ((c = GETOPT (argc, argv, OPTIONS, longopts)) != -1) {
switch (c) {
case 'f': /* --foreground */
diod_conf_set_foreground (1);
break;
case 'r': /* --rfdno */
mode = SRV_FILEDES;
rfdno = strtoul (optarg, NULL, 10);
break;
case 'w': /* --wfdno */
mode = SRV_FILEDES;
wfdno = strtoul (optarg, NULL, 10);
break;
case 'd': /* --debug MASK */
diod_conf_set_debuglevel (strtoul (optarg, NULL, 0));
break;
case 'l': /* --listen HOST:PORT or /path/to/socket */
if (!diod_conf_opt_listen ())
diod_conf_clr_listen ();
if (!strchr (optarg, ':') && optarg[0] != '/')
usage ();
diod_conf_add_listen (optarg);
break;
case 't': /* --nwthreads INT */
diod_conf_set_nwthreads (strtoul (optarg, NULL, 10));
break;
case 'c': /* --config-file PATH */
break;
case 'e': /* --export PATH */
if (!diod_conf_opt_exports ())
diod_conf_clr_exports ();
diod_conf_add_exports (optarg);
break;
case 'E': /* --export-all */
diod_conf_set_exportall (1);
break;
case 'o': /* --export-ops opt,[opt,...] */
diod_conf_set_exportopts (optarg);
break;
case 'n': /* --no-auth */
diod_conf_set_auth_required (0);
break;
case 'p': /* --statfs-passthru */
diod_conf_set_statfs_passthru (0);
break;
case 'N': /* --no-userdb */
diod_conf_set_userdb (0);
break;
case 'S': /* --allsquash */
diod_conf_set_allsquash (1);
break;
case 'U': /* --squashuser USER */
diod_conf_set_squashuser (optarg);
break;
case 'u': { /* --runas-uid UID */
uid_t uid;
char *end;
errno = 0;
uid = strtoul (optarg, &end, 10);
if (errno != 0)
err_exit ("error parsing --runas-uid argument");
if (*end != '\0')
msg_exit ("error parsing --runas-uid argument");
diod_conf_set_runasuid (uid);
break;
}
case 's': /* --socktest */
mode = SRV_SOCKTEST;
break;
case 'L': /* --logdest DEST */
diod_conf_set_logdest (optarg);
diod_log_set_dest (optarg);
break;
default:
usage();
}
}
if (optind < argc)
usage();
if (diod_conf_opt_runasuid () && diod_conf_get_allsquash ())
msg_exit ("--runas-uid and allsquash cannot be used together");
if (mode == SRV_FILEDES && (rfdno == -1 || wfdno == -1))
msg_exit ("--rfdno,wfdno must be used together");
diod_conf_validate_exports ();
if (geteuid () == 0)
_setrlimit ();
_service_run (mode, rfdno, wfdno);
diod_conf_fini ();
diod_log_fini ();
exit (0);
}
