4 * Copyright (c) 2000 The Regents of the University of Michigan.
7 * Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
8 * Copyright (c) 2002 Andy Adamson <andros@UMICH.EDU>.
9 * Copyright (c) 2002 Marius Aamodt Eriksen <marius@UMICH.EDU>.
10 * Copyright (c) 2002 J. Bruce Fields <bfields@UMICH.EDU>.
12 * Copyright (c) 2016, Intel Corporation.
14 * All rights reserved, all wrongs reversed.
16 * Redistribution and use in source and binary forms, with or without
17 * modification, are permitted provided that the following conditions
20 * 1. Redistributions of source code must retain the above copyright
21 * notice, this list of conditions and the following disclaimer.
22 * 2. Redistributions in binary form must reproduce the above copyright
23 * notice, this list of conditions and the following disclaimer in the
24 * documentation and/or other materials provided with the distribution.
25 * 3. Neither the name of the University nor the names of its
26 * contributors may be used to endorse or promote products derived
27 * from this software without specific prior written permission.
29 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
30 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
31 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
32 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
33 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
34 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
35 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
36 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
37 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
38 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
39 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
44 #include <sys/param.h>
45 #include <sys/types.h>
47 #include <sys/socket.h>
62 #include <linux/lustre/lustre_ver.h>
71 DIR *dir = opendir("/proc/self/fd");
76 while ((d = readdir(dir)) != NULL) {
78 long n = strtol(d->d_name, &endp, 10);
79 if (*endp != '\0' && n >= min && n != dfd)
84 int fd = sysconf(_SC_OPEN_MAX);
91 * mydaemon creates a pipe between the partent and child
92 * process. The parent process will wait until the
93 * child dies or writes a '1' on the pipe signaling
94 * that it started successfully.
96 int pipefds[2] = { -1, -1};
99 mydaemon(int nochdir, int noclose)
101 int pid, status, tempfd;
103 if (pipe(pipefds) < 0) {
104 printerr(LL_ERR, "%s: pipe() failed: errno %d (%s)\n",
105 __func__, errno, strerror(errno));
108 if ((pid = fork ()) < 0) {
109 printerr(LL_ERR, "%s: fork() failed: errno %d (%s)\n",
110 __func__, errno, strerror(errno));
116 * Parent. Wait for status from child.
119 if (read(pipefds[0], &status, 1) != 1)
127 if (chdir ("/") == -1) {
129 "%s: chdir() failed: errno %d (%s)\n",
130 __func__, errno, strerror(errno));
135 while (pipefds[1] <= 2) {
136 pipefds[1] = dup(pipefds[1]);
137 if (pipefds[1] < 0) {
138 printerr(LL_ERR, "%s: dup() failed: errno %d (%s)\n",
139 __func__, errno, strerror(errno));
145 tempfd = open("/dev/null", O_RDWR);
147 printerr(LL_ERR, "%s: open() failed: errno %d (%s)\n",
148 __func__, errno, strerror(errno));
162 ssize_t sret __attribute__ ((unused));
164 if (pipefds[1] > 0) {
165 sret = write(pipefds[1], &status, 1);
174 /* destroy krb5 machine creds */
176 /* cleanup allocated strings for realms */
177 gssd_cleanup_realms();
179 unlink(GSS_SOCKET_PATH);
180 printerr(LL_WARN, "exiting on signal %d\n", signal);
181 if (signal == SIGTERM)
190 /* don't exit on SIGHUP */
191 printerr(LL_WARN, "Received SIGHUP... Ignoring.\n");
195 usage(FILE *fp, char *progname)
197 fprintf(fp, "usage: %s [ -fnvmogkRsz ]\n",
199 fprintf(stderr, "-f - Run in foreground\n");
200 fprintf(stderr, "-g - Service MGS\n");
201 fprintf(stderr, "-k - Enable kerberos support\n");
202 fprintf(stderr, "-m - Service MDS\n");
203 fprintf(stderr, "-n - Don't establish kerberos credentials\n");
204 fprintf(stderr, "-o - Service OSS\n");
205 fprintf(stderr, "-R REALM - Kerberos Realm to use, instead of default\n");
206 #ifdef HAVE_OPENSSL_SSK
207 fprintf(stderr, "-s - Enable shared secret key support\n");
209 fprintf(stderr, "-v - Verbosity\n");
210 fprintf(stderr, "-z - Enable gssnull support\n");
216 main(int argc, char *argv[])
222 int must_srv_mds = 0, must_srv_oss = 0, must_srv_mgs = 0;
226 while ((opt = getopt(argc, argv, "fgkmnoR:svz")) != -1) {
236 usage(stdout, argv[0]);
256 #ifdef HAVE_OPENSSL_SSK
259 fprintf(stderr, "error: request for SSK but service "
260 "support not enabled\n");
261 usage(stderr, argv[0]);
271 usage(stderr, argv[0]);
276 if ((progname = strrchr(argv[0], '/')))
281 if (!sk_enabled && !krb_enabled && !null_enabled) {
282 #if LUSTRE_VERSION_CODE < OBD_OCD_VERSION(3, 0, 53, 0)
283 fprintf(stderr, "warning: no -k, -s, or -z option given, "
284 "assume -k for backward compatibility\n");
287 fprintf(stderr, "error: need one of -k, -s, or -z options\n");
288 usage(stderr, argv[0]);
293 if (realm && !krb_enabled) {
294 fprintf(stderr, "error: need -k option if -R is used\n");
295 usage(stderr, argv[0]);
298 initerr(progname, verbosity, fg);
300 /* For kerberos use gss mechanisms but ignore for sk and null */
304 if (gssd_check_mechs()) {
306 "ERROR: problem with gssapi library\n");
309 ret = gss_get_realm(realm);
311 printerr(LL_ERR, "ERROR: no Kerberos realm: %s\n",
315 printerr(LL_WARN, "Kerberos realm: %s\n", krb5_this_realm);
317 gssd_prepare_creds(must_srv_mgs, must_srv_mds,
320 "unable to obtain root (machine) credentials\n");
322 "do you have a keytab entry for <lustre_xxs>/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?\n");
331 * XXX: There is risk of memory leak for missing call
332 * cleanup_mapping() for SIGKILL and SIGSTOP.
334 signal(SIGINT, sig_die);
335 signal(SIGTERM, sig_die);
336 signal(SIGHUP, sig_hup);
341 gssd_init_unique(GSSD_SVC);
345 gssd_cleanup_realms();
346 printerr(LL_ERR, "svcgssd_run returned!\n");