static int
repository_event_process(scf_propertygroup_t *pg)
{
boolean_t isrpc = B_FALSE;
int res;
/*
* Figure out it's a firewall capable instance and call ipfilter_update
* if it is.
*/
if (scf_pg_get_parent_instance(pg, inst) == -1) {
/* Not an error if pg doesn't belong to a valid instance */
if (scf_error() == SCF_ERROR_CONSTRAINT_VIOLATED) {
return (0);
}
syslog(LOG_ERR | LOG_DAEMON, "scf_pg_get_parent_instance "
"failed: %s\n", scf_strerror(scf_error()));
if (scf_error() == SCF_ERROR_CONNECTION_BROKEN)
repository_setup();
return (1);
}
if (scf_instance_to_fmri(inst, scratch_fmri, max_scf_fmri_size) == -1) {
syslog(LOG_ERR | LOG_DAEMON, "scf_instance_to_fmri "
"failed: %s\n", scf_strerror(scf_error()));
if (scf_error() == SCF_ERROR_CONNECTION_BROKEN)
repository_setup();
return (1);
}
if (strcmp(scratch_fmri, IPFILTER_FMRI) == 0) {
return (0);
}
isrpc = service_is_rpc(inst);
/*
* If it's not an event we're interested in, returns success.
*/
res = is_correct_event(scratch_fmri, pg, isrpc);
if (res == -1) {
syslog(LOG_ERR | LOG_DAEMON,
"is_correct_event failed for %s.\n", scratch_fmri);
return (1);
} else if (res == 0) {
return (0);
}
/*
* Proceed only if instance has firewall policy.
*/
res = instance_has_firewall(inst);
if (res == -1) {
syslog(LOG_ERR | LOG_DAEMON,
"instance_has_firewall failed for %s.\n", scratch_fmri);
return (1);
} else if (res == 0) {
return (0);
}
if (ipfilter_update(scratch_fmri) == -1) {
return (1);
}
return (0);
}
static int
create_instance(scf_handle_t *handle, scf_service_t *svc,
const char *instance_name, const char *kssl_entry, const char *command,
const char *username, char *inaddr_any_name)
{
int status = FAILURE;
char *buf;
boolean_t errflag = B_FALSE;
ssize_t max_fmri_len;
scf_instance_t *instance;
instance = scf_instance_create(handle);
if (instance == NULL) {
errflag = B_TRUE;
KSSL_DEBUG("scf_instance_create failed: %s\n",
scf_strerror(scf_error()));
goto out;
}
KSSL_DEBUG("scf_instance_create succeeded\n");
if (scf_service_get_instance(svc, inaddr_any_name, instance) == 0) {
/* Let the caller deal with the duplicate instance */
status = INSTANCE_ANY_EXISTS;
goto out;
}
if (scf_service_add_instance(svc, instance_name, instance) != 0) {
if (scf_error() == SCF_ERROR_EXISTS) {
/* Let the caller deal with the duplicate instance */
status = INSTANCE_OTHER_EXISTS;
goto out;
}
errflag = B_TRUE;
KSSL_DEBUG("scf_service_add_instance failed: %s\n",
scf_strerror(scf_error()));
goto out;
}
KSSL_DEBUG("scf_service_add_instance succeeded\n");
if ((add_pg_method(handle, instance, kssl_entry, "start",
command, username) != SUCCESS) ||
(add_pg_method(handle, instance, kssl_entry, "refresh",
command, username) != SUCCESS) ||
(add_pg_method(handle, instance, kssl_entry, "stop",
"", username) != SUCCESS)) {
scf_instance_destroy(instance);
return (status);
}
/* enabling the instance */
max_fmri_len = scf_limit(SCF_LIMIT_MAX_FMRI_LENGTH);
if ((buf = malloc(max_fmri_len + 1)) == NULL)
goto out;
if (scf_instance_to_fmri(instance, buf, max_fmri_len + 1) > 0) {
KSSL_DEBUG("instance_fmri=%s\n", buf);
if (smf_enable_instance(buf, 0) != 0) {
errflag = B_TRUE;
KSSL_DEBUG(
"smf_enable_instance failed: %s\n",
scf_strerror(scf_error()));
goto out;
}
status = SUCCESS;
}
out:
if (instance != NULL)
scf_instance_destroy(instance);
if (errflag)
(void) fprintf(stderr, gettext(
"Unexpected fatal libscf error: %s. Exiting.\n"),
scf_strerror(scf_error()));
return (status);
}
/*ARGSUSED*/
static int
list_callback(scf_handle_t *hin, scf_instance_t *inst, void *buf)
{
ssize_t max_name_length;
char *inst_name;
scf_simple_prop_t *prop = NULL, *prop2 = NULL;
const uint8_t *enabled;
const char *state, *restart_str;
max_name_length = scf_limit(SCF_LIMIT_MAX_NAME_LENGTH);
if ((inst_name = malloc(max_name_length + 1)) == NULL)
uu_die(gettext("Error: Out of memory.\n"));
/*
* Get the FMRI of the instance, and check if its delegated restarter
* is inetd.
*/
if (scf_instance_to_fmri(inst, inst_name, max_name_length + 1) < 0)
return (SCF_FAILED);
if ((prop = scf_simple_prop_get(hin, inst_name, SCF_PG_GENERAL,
SCF_PROPERTY_RESTARTER)) == NULL)
goto out;
if ((restart_str = scf_simple_prop_next_ustring(prop)) == NULL)
goto out;
if (strstr(restart_str, INETADM_INETD_STR) == NULL)
goto out;
/* Free restarter prop so it can be reused below */
scf_simple_prop_free(prop);
/*
* We know that this instance is managed by inetd.
* Now get the enabled and state properties.
*/
if (((prop = scf_simple_prop_get(hin, inst_name, SCF_PG_GENERAL,
SCF_PROPERTY_ENABLED)) == NULL) ||
((enabled = scf_simple_prop_next_boolean(prop)) == NULL)) {
(void) uu_warn(gettext("Error: Instance %s is missing enabled "
"property.\n"), inst_name);
goto out;
}
if (((prop2 = scf_simple_prop_get(hin, inst_name, SCF_PG_RESTARTER,
SCF_PROPERTY_STATE)) == NULL) ||
((state = scf_simple_prop_next_astring(prop2)) == NULL)) {
(void) uu_warn(gettext("Error: Instance %s is missing state "
"property.\n"), inst_name);
goto out;
}
/* Print enabled/disabled, state, and FMRI for the instance. */
if (*enabled)
(void) printf("%-10s%-15s%s\n", INETADM_ENABLED_STR, state,
inst_name);
else
(void) printf("%-10s%-15s%s\n", INETADM_DISABLED_STR, state,
inst_name);
out:
free(inst_name);
scf_simple_prop_free(prop);
scf_simple_prop_free(prop2);
return (SCF_SUCCESS);
}
int
delete_instance(const char *instance_name)
{
int status = FAILURE;
char *buf;
boolean_t errflag = B_FALSE;
ssize_t max_fmri_len;
scf_scope_t *scope;
scf_service_t *svc;
scf_handle_t *handle;
scf_instance_t *instance;
handle = scf_handle_create(SCF_VERSION);
if (handle == NULL) {
errflag = B_TRUE;
KSSL_DEBUG("scf_handle_create failed: %s\n",
scf_strerror(scf_error()));
goto out1;
}
KSSL_DEBUG("scf_handle_create succeeded\n");
if (scf_handle_bind(handle) == -1) {
errflag = B_TRUE;
KSSL_DEBUG("scf_handle_bind failed: %s\n",
scf_strerror(scf_error()));
goto out1;
}
KSSL_DEBUG("scf_handle_bind succeeded\n");
if ((scope = scf_scope_create(handle)) == NULL) {
errflag = B_TRUE;
KSSL_DEBUG("scf_scope_create failed: %s\n",
scf_strerror(scf_error()));
goto out2;
}
KSSL_DEBUG("scf_scope_create succeeded\n");
if ((svc = scf_service_create(handle)) == NULL) {
errflag = B_TRUE;
KSSL_DEBUG("scf_service_create failed: %s\n",
scf_strerror(scf_error()));
goto out3;
}
KSSL_DEBUG("scf_service_create succeeded\n");
if (scf_handle_get_scope(handle, SCF_SCOPE_LOCAL, scope) == -1) {
errflag = B_TRUE;
KSSL_DEBUG("scf_handle_get_scope failed: %s\n",
scf_strerror(scf_error()));
goto out4;
}
KSSL_DEBUG("scf_handle_get_scope succeeded\n");
if (scf_scope_get_service(scope, SERVICE_NAME, svc) < 0) {
scf_error_t scf_errnum = scf_error();
if (scf_errnum != SCF_ERROR_NOT_FOUND) {
errflag = B_TRUE;
KSSL_DEBUG(
"ERROR scf_scope_get_service failed: %s\n",
scf_strerror(scf_errnum));
}
goto out4;
} else {
KSSL_DEBUG("scf_scope_get_service succeeded\n");
}
instance = scf_instance_create(handle);
if (instance == NULL) {
errflag = B_TRUE;
KSSL_DEBUG("scf_instance_create failed: %s\n",
scf_strerror(scf_error()));
goto out4;
}
if (scf_service_get_instance(svc, instance_name, instance) != 0) {
scf_error_t scf_errnum = scf_error();
if (scf_errnum == SCF_ERROR_NOT_FOUND) {
status = SUCCESS;
} else {
errflag = B_TRUE;
KSSL_DEBUG(
"ERROR scf_scope_get_service failed: %s\n",
scf_strerror(scf_errnum));
}
scf_instance_destroy(instance);
goto out4;
}
max_fmri_len = scf_limit(SCF_LIMIT_MAX_FMRI_LENGTH);
if ((buf = malloc(max_fmri_len + 1)) == NULL)
goto out4;
if (scf_instance_to_fmri(instance, buf, max_fmri_len + 1) > 0) {
char *state;
KSSL_DEBUG("instance_fmri=%s\n", buf);
state = smf_get_state(buf);
if (state)
KSSL_DEBUG("state=%s\n", state);
if (state && strcmp(state, "online") == 0) {
if (smf_disable_instance(buf, 0) != 0) {
errflag = B_TRUE;
KSSL_DEBUG(
"smf_disable_instance failed: %s\n",
scf_strerror(scf_error()));
} else {
/*
* Wait for some time till timeout to avoid
* a race with scf_instance_delete() below.
*/
wait_till_to(buf);
}
}
}
if (scf_instance_delete(instance) != 0) {
errflag = B_TRUE;
KSSL_DEBUG(
"ERROR scf_instance_delete failed: %s\n",
scf_strerror(scf_error()));
goto out4;
} else {
KSSL_DEBUG("deleted %s\n", instance_name);
}
status = SUCCESS;
out4:
scf_service_destroy(svc);
out3:
scf_scope_destroy(scope);
out2:
(void) scf_handle_unbind(handle);
out1:
if (handle != NULL)
scf_handle_destroy(handle);
if (errflag)
(void) fprintf(stderr, gettext(
"Unexpected fatal libscf error: %s. Exiting.\n"),
scf_strerror(scf_error()));
return (status);
}
static void
modify_prop(const scf_instance_t *inst, const char *pg, const char *prop,
scf_type_t type, void *value)
{
scf_transaction_t *tx;
scf_transaction_entry_t *ent;
scf_propertygroup_t *gpg;
scf_property_t *eprop;
scf_value_t *v;
int ret, create = 0;
char *fmri;
ssize_t max_fmri_len;
if ((gpg = scf_pg_create(h)) == NULL ||
(eprop = scf_property_create(h)) == NULL ||
(v = scf_value_create(h)) == NULL)
scfdie();
/* Get the property group or create it if it is missing. */
if (scf_instance_get_pg(inst, pg, gpg) == -1) {
if (scf_error() != SCF_ERROR_NOT_FOUND)
scfdie();
max_fmri_len = scf_limit(SCF_LIMIT_MAX_FMRI_LENGTH);
if ((fmri = malloc(max_fmri_len + 1)) == NULL)
uu_die(gettext("Error: Out of memory.\n"));
if (scf_instance_to_fmri(inst, fmri, max_fmri_len + 1) < 0)
scfdie();
syslog(LOG_NOTICE, "inetadm: Property group \"%s\" missing "
"from \"%s\", attempting to add it.\n", pg, fmri);
free(fmri);
if (scf_instance_add_pg(inst, pg, SCF_GROUP_FRAMEWORK, 0,
gpg) == -1) {
switch (scf_error()) {
case SCF_ERROR_EXISTS:
break;
case SCF_ERROR_PERMISSION_DENIED:
uu_die(gettext("Error: Permission denied.\n"));
default:
scfdie();
}
}
}
if (scf_pg_get_property(gpg, prop, eprop) == -1) {
if (scf_error() != SCF_ERROR_NOT_FOUND)
scfdie();
create = 1;
}
if ((tx = scf_transaction_create(h)) == NULL ||
(ent = scf_entry_create(h)) == NULL)
scfdie();
do {
uu_list_t *sv_list;
if (scf_transaction_start(tx, gpg) == -1) {
if (scf_error() != SCF_ERROR_PERMISSION_DENIED)
scfdie();
uu_die(gettext("Error: Permission denied.\n"));
}
/* Modify the property or create it if it is missing */
if (create)
ret = scf_transaction_property_new(tx, ent, prop, type);
else
ret = scf_transaction_property_change_type(tx, ent,
prop, type);
if (ret == -1)
scfdie();
switch (type) {
case SCF_TYPE_BOOLEAN:
scf_value_set_boolean(v, *(uint8_t *)value);
break;
case SCF_TYPE_INTEGER:
scf_value_set_integer(v, *(int64_t *)value);
break;
case SCF_TYPE_ASTRING:
if (strcmp(prop, PR_PROTO_NAME) == 0) {
add_proto_list(ent, h, (char **)value,
&sv_list);
} else if (scf_value_set_astring(v, value) == -1) {
scfdie();
}
break;
default:
uu_die(gettext("Error: Internal inetadm error"));
}
if ((strcmp(prop, PR_PROTO_NAME) != 0) &&
(scf_entry_add_value(ent, v) == -1))
scfdie();
ret = scf_transaction_commit(tx);
if (ret == -1) {
if (scf_error() != SCF_ERROR_PERMISSION_DENIED)
scfdie();
uu_die(gettext("Error: Permission denied.\n"));
}
scf_transaction_reset(tx);
if (ret == 0) {
if (scf_pg_update(gpg) == -1)
scfdie();
}
if (strcmp(prop, PR_PROTO_NAME) == 0)
remove_proto_list(ent, sv_list);
} while (ret == 0);
scf_value_destroy(v);
scf_entry_destroy(ent);
scf_transaction_destroy(tx);
scf_property_destroy(eprop);
scf_pg_destroy(gpg);
}
