1cb5caa98Sdjl /*
2cb5caa98Sdjl * CDDL HEADER START
3cb5caa98Sdjl *
4cb5caa98Sdjl * The contents of this file are subject to the terms of the
5cb5caa98Sdjl * Common Development and Distribution License (the "License").
6cb5caa98Sdjl * You may not use this file except in compliance with the License.
7cb5caa98Sdjl *
8cb5caa98Sdjl * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9cb5caa98Sdjl * or http://www.opensolaris.org/os/licensing.
10cb5caa98Sdjl * See the License for the specific language governing permissions
11cb5caa98Sdjl * and limitations under the License.
12cb5caa98Sdjl *
13cb5caa98Sdjl * When distributing Covered Code, include this CDDL HEADER in each
14cb5caa98Sdjl * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15cb5caa98Sdjl * If applicable, add the following below this CDDL HEADER, with the
16cb5caa98Sdjl * fields enclosed by brackets "[]" replaced with your own identifying
17cb5caa98Sdjl * information: Portions Copyright [yyyy] [name of copyright owner]
18cb5caa98Sdjl *
19cb5caa98Sdjl * CDDL HEADER END
20cb5caa98Sdjl */
21cb5caa98Sdjl /*
22b57459abSJulian Pullen * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23cb5caa98Sdjl * Use is subject to license terms.
247d7551bcSMilan Jurik * Copyright 2012 Milan Jurik. All rights reserved.
25ab618543SJohn Levon * Copyright 2018 Joyent, Inc.
26fea136a0SMatt Barden * Copyright 2019 Nexenta Systems, Inc.
27cb5caa98Sdjl */
28cb5caa98Sdjl
29cb5caa98Sdjl #include <stdlib.h>
30cb5caa98Sdjl #include <alloca.h>
31cb5caa98Sdjl #include <signal.h>
32cb5caa98Sdjl #include <sys/stat.h>
33cb5caa98Sdjl #include <unistd.h>
34cb5caa98Sdjl #include <pthread.h>
35cb5caa98Sdjl #include <time.h>
36cb5caa98Sdjl #include <errno.h>
37cb5caa98Sdjl #include <door.h>
38cb5caa98Sdjl #include <zone.h>
39cb5caa98Sdjl #include <resolv.h>
40cb5caa98Sdjl #include <sys/socket.h>
41cb5caa98Sdjl #include <net/route.h>
42cb5caa98Sdjl #include <string.h>
43cb5caa98Sdjl #include <net/if.h>
44cb5caa98Sdjl #include <sys/stat.h>
45cb5caa98Sdjl #include <fcntl.h>
46cb5caa98Sdjl #include "nscd_common.h"
47cb5caa98Sdjl #include "nscd_door.h"
48cb5caa98Sdjl #include "nscd_config.h"
49cb5caa98Sdjl #include "nscd_switch.h"
50cb5caa98Sdjl #include "nscd_log.h"
51cb5caa98Sdjl #include "nscd_selfcred.h"
52cb5caa98Sdjl #include "nscd_frontend.h"
53cb5caa98Sdjl #include "nscd_admin.h"
54cb5caa98Sdjl
55cb5caa98Sdjl static void rts_mon(void);
56cb5caa98Sdjl static void keep_open_dns_socket(void);
57cb5caa98Sdjl
58cb5caa98Sdjl extern nsc_ctx_t *cache_ctx_p[];
59cb5caa98Sdjl
60cb5caa98Sdjl /*
61cb5caa98Sdjl * Current active Configuration data for the frontend component
62cb5caa98Sdjl */
63cb5caa98Sdjl static nscd_cfg_global_frontend_t frontend_cfg_g;
64cb5caa98Sdjl static nscd_cfg_frontend_t *frontend_cfg;
65cb5caa98Sdjl
66cb5caa98Sdjl static int max_servers = 0;
67cb5caa98Sdjl static int max_servers_set = 0;
68cb5caa98Sdjl static int per_user_is_on = 1;
69cb5caa98Sdjl
70cb5caa98Sdjl static char *main_execname;
71cb5caa98Sdjl static char **main_argv;
72cb5caa98Sdjl extern int _whoami;
73cb5caa98Sdjl extern long activity;
74cb5caa98Sdjl extern mutex_t activity_lock;
75cb5caa98Sdjl
76cb5caa98Sdjl static sema_t common_sema;
77cb5caa98Sdjl
78cb5caa98Sdjl static thread_key_t lookup_state_key;
79cb5caa98Sdjl static mutex_t create_lock = DEFAULTMUTEX;
80cb5caa98Sdjl static int num_servers = 0;
81cb5caa98Sdjl static thread_key_t server_key;
82cb5caa98Sdjl
83cb5caa98Sdjl /*
84cb5caa98Sdjl * Bind a TSD value to a server thread. This enables the destructor to
85cb5caa98Sdjl * be called if/when this thread exits. This would be a programming
86cb5caa98Sdjl * error, but better safe than sorry.
87cb5caa98Sdjl */
88cb5caa98Sdjl /*ARGSUSED*/
89cb5caa98Sdjl static void *
server_tsd_bind(void * arg)90cb5caa98Sdjl server_tsd_bind(void *arg)
91cb5caa98Sdjl {
92fea136a0SMatt Barden static void *value = "NON-NULL TSD";
93cb5caa98Sdjl
94ab618543SJohn Levon (void) thr_setname(thr_self(), "server_tsd_bind");
95ab618543SJohn Levon
96cb5caa98Sdjl /* disable cancellation to avoid hangs if server threads disappear */
97cb5caa98Sdjl (void) pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
98cb5caa98Sdjl (void) thr_setspecific(server_key, value);
99cb5caa98Sdjl (void) door_return(NULL, 0, NULL, 0);
100cb5caa98Sdjl
101cb5caa98Sdjl /* make lint happy */
102cb5caa98Sdjl return (NULL);
103cb5caa98Sdjl }
104cb5caa98Sdjl
105cb5caa98Sdjl /*
106cb5caa98Sdjl * Server threads are created here.
107cb5caa98Sdjl */
108cb5caa98Sdjl /*ARGSUSED*/
109cb5caa98Sdjl static void
server_create(door_info_t * dip)110cb5caa98Sdjl server_create(door_info_t *dip)
111cb5caa98Sdjl {
112cb5caa98Sdjl (void) mutex_lock(&create_lock);
113cb5caa98Sdjl if (++num_servers > max_servers) {
114cb5caa98Sdjl num_servers--;
115cb5caa98Sdjl (void) mutex_unlock(&create_lock);
116cb5caa98Sdjl return;
117cb5caa98Sdjl }
118cb5caa98Sdjl (void) mutex_unlock(&create_lock);
119cb5caa98Sdjl (void) thr_create(NULL, 0, server_tsd_bind, NULL,
120bf1e3beeSmichen THR_BOUND|THR_DETACHED, NULL);
121cb5caa98Sdjl }
122cb5caa98Sdjl
123cb5caa98Sdjl /*
124cb5caa98Sdjl * Server thread are destroyed here
125cb5caa98Sdjl */
126cb5caa98Sdjl /*ARGSUSED*/
127cb5caa98Sdjl static void
server_destroy(void * arg)128cb5caa98Sdjl server_destroy(void *arg)
129cb5caa98Sdjl {
130cb5caa98Sdjl (void) mutex_lock(&create_lock);
131cb5caa98Sdjl num_servers--;
132cb5caa98Sdjl (void) mutex_unlock(&create_lock);
133fea136a0SMatt Barden (void) thr_setspecific(server_key, NULL);
134cb5caa98Sdjl }
135cb5caa98Sdjl
136cb5caa98Sdjl /*
137cb5caa98Sdjl * get clearance
138cb5caa98Sdjl */
139cb5caa98Sdjl int
_nscd_get_clearance(sema_t * sema)140ab618543SJohn Levon _nscd_get_clearance(sema_t *sema)
141ab618543SJohn Levon {
142cb5caa98Sdjl if (sema_trywait(&common_sema) == 0) {
143cb5caa98Sdjl (void) thr_setspecific(lookup_state_key, NULL);
144cb5caa98Sdjl return (0);
145cb5caa98Sdjl }
146cb5caa98Sdjl
147cb5caa98Sdjl if (sema_trywait(sema) == 0) {
148cb5caa98Sdjl (void) thr_setspecific(lookup_state_key, (void*)1);
149cb5caa98Sdjl return (0);
150cb5caa98Sdjl }
151cb5caa98Sdjl
152cb5caa98Sdjl return (1);
153cb5caa98Sdjl }
154cb5caa98Sdjl
155cb5caa98Sdjl
156cb5caa98Sdjl /*
157cb5caa98Sdjl * release clearance
158cb5caa98Sdjl */
159cb5caa98Sdjl int
_nscd_release_clearance(sema_t * sema)160ab618543SJohn Levon _nscd_release_clearance(sema_t *sema)
161ab618543SJohn Levon {
162cb5caa98Sdjl int which;
163cb5caa98Sdjl
164cb5caa98Sdjl (void) thr_getspecific(lookup_state_key, (void**)&which);
165cb5caa98Sdjl if (which == 0) /* from common pool */ {
166cb5caa98Sdjl (void) sema_post(&common_sema);
167cb5caa98Sdjl return (0);
168cb5caa98Sdjl }
169cb5caa98Sdjl
170cb5caa98Sdjl (void) sema_post(sema);
171cb5caa98Sdjl return (1);
172cb5caa98Sdjl }
173cb5caa98Sdjl
174cb5caa98Sdjl static void
dozip(int signal __unused)175*30699046SRichard Lowe dozip(int signal __unused)
176cb5caa98Sdjl {
177cb5caa98Sdjl /* not much here */
178cb5caa98Sdjl }
179cb5caa98Sdjl
180940a40eaSsm /*
181940a40eaSsm * _nscd_restart_if_cfgfile_changed()
182940a40eaSsm * Restart if modification times of nsswitch.conf or resolv.conf have changed.
183940a40eaSsm *
184940a40eaSsm * If nsswitch.conf has changed then it is possible that sources for
185940a40eaSsm * various backends have changed and therefore the current cached
186940a40eaSsm * data may not be consistent with the new data sources. By
187940a40eaSsm * restarting the cache will be cleared and the new configuration will
188940a40eaSsm * be used.
189940a40eaSsm *
190940a40eaSsm * The check for resolv.conf is made as only the first call to
191940a40eaSsm * res_gethostbyname() or res_getaddrbyname() causes a call to
192940a40eaSsm * res_ninit() to occur which in turn parses resolv.conf. Therefore
193940a40eaSsm * to benefit from changes to resolv.conf nscd must be restarted when
194940a40eaSsm * resolv.conf is updated, removed or created. If res_getXbyY calls
195940a40eaSsm * are removed from NSS then this check could be removed.
196940a40eaSsm *
197940a40eaSsm */
19880b80bf0Smichen void
_nscd_restart_if_cfgfile_changed()19980b80bf0Smichen _nscd_restart_if_cfgfile_changed()
200cb5caa98Sdjl {
201cb5caa98Sdjl
20280b80bf0Smichen static mutex_t nsswitch_lock = DEFAULTMUTEX;
20380b80bf0Smichen static timestruc_t last_nsswitch_check = { 0 };
20480b80bf0Smichen static timestruc_t last_nsswitch_modified = { 0 };
205940a40eaSsm static timestruc_t last_resolv_modified = { -1, 0 };
20686f95553Smichen static mutex_t restarting_lock = DEFAULTMUTEX;
207ab618543SJohn Levon static int restarting = 0;
20886f95553Smichen int restart = 0;
20980b80bf0Smichen time_t now = time(NULL);
21080b80bf0Smichen char *me = "_nscd_restart_if_cfgfile_changed";
211cb5caa98Sdjl
212940a40eaSsm #define FLAG_RESTART_REQUIRED if (restarting == 0) {\
213940a40eaSsm (void) mutex_lock(&restarting_lock);\
214940a40eaSsm if (restarting == 0) {\
215940a40eaSsm restarting = 1;\
216940a40eaSsm restart = 1;\
217940a40eaSsm }\
218940a40eaSsm (void) mutex_unlock(&restarting_lock);\
219940a40eaSsm }
220940a40eaSsm
22186f95553Smichen if (restarting == 1)
22286f95553Smichen return;
22386f95553Smichen
22480b80bf0Smichen if (now - last_nsswitch_check.tv_sec < _NSC_FILE_CHECK_TIME)
225cb5caa98Sdjl return;
226cb5caa98Sdjl
227cb5caa98Sdjl (void) mutex_lock(&nsswitch_lock);
228cb5caa98Sdjl
22980b80bf0Smichen if (now - last_nsswitch_check.tv_sec >= _NSC_FILE_CHECK_TIME) {
230cb5caa98Sdjl struct stat nss_buf;
231cb5caa98Sdjl struct stat res_buf;
232cb5caa98Sdjl
23380b80bf0Smichen last_nsswitch_check.tv_sec = now;
23480b80bf0Smichen last_nsswitch_check.tv_nsec = 0;
235cb5caa98Sdjl
236cb5caa98Sdjl (void) mutex_unlock(&nsswitch_lock); /* let others continue */
237cb5caa98Sdjl
238cb5caa98Sdjl if (stat("/etc/nsswitch.conf", &nss_buf) < 0) {
23980b80bf0Smichen return;
24080b80bf0Smichen } else if (last_nsswitch_modified.tv_sec == 0) {
24180b80bf0Smichen last_nsswitch_modified = nss_buf.st_mtim;
24280b80bf0Smichen }
243cb5caa98Sdjl
24480b80bf0Smichen if (last_nsswitch_modified.tv_sec < nss_buf.st_mtim.tv_sec ||
24580b80bf0Smichen (last_nsswitch_modified.tv_sec == nss_buf.st_mtim.tv_sec &&
246940a40eaSsm last_nsswitch_modified.tv_nsec < nss_buf.st_mtim.tv_nsec)) {
247940a40eaSsm FLAG_RESTART_REQUIRED;
248940a40eaSsm }
249940a40eaSsm
250940a40eaSsm if (restart == 0) {
251940a40eaSsm if (stat("/etc/resolv.conf", &res_buf) < 0) {
252940a40eaSsm /* Unable to stat file, were we previously? */
253940a40eaSsm if (last_resolv_modified.tv_sec > 0) {
254940a40eaSsm /* Yes, it must have been removed. */
255940a40eaSsm FLAG_RESTART_REQUIRED;
256940a40eaSsm } else if (last_resolv_modified.tv_sec == -1) {
257940a40eaSsm /* No, then we've never seen it. */
258940a40eaSsm last_resolv_modified.tv_sec = 0;
259940a40eaSsm }
260940a40eaSsm } else if (last_resolv_modified.tv_sec == -1) {
261940a40eaSsm /* We've just started and file is present. */
262940a40eaSsm last_resolv_modified = res_buf.st_mtim;
263940a40eaSsm } else if (last_resolv_modified.tv_sec == 0) {
264940a40eaSsm /* Wasn't there at start-up. */
265940a40eaSsm FLAG_RESTART_REQUIRED;
266940a40eaSsm } else if (last_resolv_modified.tv_sec <
267940a40eaSsm res_buf.st_mtim.tv_sec ||
268940a40eaSsm (last_resolv_modified.tv_sec ==
269940a40eaSsm res_buf.st_mtim.tv_sec &&
270940a40eaSsm last_resolv_modified.tv_nsec <
271940a40eaSsm res_buf.st_mtim.tv_nsec)) {
272940a40eaSsm FLAG_RESTART_REQUIRED;
27386f95553Smichen }
27486f95553Smichen }
27586f95553Smichen
27686f95553Smichen if (restart == 1) {
277cb5caa98Sdjl char *fmri;
278cb5caa98Sdjl
279cb5caa98Sdjl /*
280cb5caa98Sdjl * if in self cred mode, kill the forker and
281cb5caa98Sdjl * child nscds
282cb5caa98Sdjl */
283cb5caa98Sdjl if (_nscd_is_self_cred_on(0, NULL)) {
284cb5caa98Sdjl _nscd_kill_forker();
285cb5caa98Sdjl _nscd_kill_all_children();
286cb5caa98Sdjl }
287cb5caa98Sdjl
288cb5caa98Sdjl /*
289cb5caa98Sdjl * time for restart
290cb5caa98Sdjl */
291cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_INFO)
292cb5caa98Sdjl (me, "nscd restart due to %s or %s change\n",
293bf1e3beeSmichen "/etc/nsswitch.conf", "resolv.conf");
294cb5caa98Sdjl /*
295cb5caa98Sdjl * try to restart under smf
296cb5caa98Sdjl */
297cb5caa98Sdjl if ((fmri = getenv("SMF_FMRI")) == NULL) {
298cb5caa98Sdjl /* not running under smf - reexec */
299cb5caa98Sdjl (void) execv(main_execname, main_argv);
300cb5caa98Sdjl exit(1); /* just in case */
301cb5caa98Sdjl }
302cb5caa98Sdjl
303cb5caa98Sdjl if (smf_restart_instance(fmri) == 0)
304cb5caa98Sdjl (void) sleep(10); /* wait a bit */
305cb5caa98Sdjl exit(1); /* give up waiting for resurrection */
306cb5caa98Sdjl }
307cb5caa98Sdjl
308cb5caa98Sdjl } else
309bf1e3beeSmichen (void) mutex_unlock(&nsswitch_lock);
310cb5caa98Sdjl }
311cb5caa98Sdjl
312cb5caa98Sdjl uid_t
_nscd_get_client_euid()313cb5caa98Sdjl _nscd_get_client_euid()
314cb5caa98Sdjl {
315cb5caa98Sdjl ucred_t *uc = NULL;
316cb5caa98Sdjl uid_t id;
317cb5caa98Sdjl char *me = "get_client_euid";
318cb5caa98Sdjl
319cb5caa98Sdjl if (door_ucred(&uc) != 0) {
320cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG)
321cb5caa98Sdjl (me, "door_ucred: %s\n", strerror(errno));
322cb5caa98Sdjl return ((uid_t)-1);
323cb5caa98Sdjl }
324cb5caa98Sdjl
325cb5caa98Sdjl id = ucred_geteuid(uc);
326cb5caa98Sdjl ucred_free(uc);
327cb5caa98Sdjl return (id);
328cb5caa98Sdjl }
329cb5caa98Sdjl
330bf1e3beeSmichen /*
331b57459abSJulian Pullen * Check to see if the door client's euid is 0 or if it has required_priv
3326392794bSMichen Chang * privilege. Return 0 if yes, -1 otherwise.
333b57459abSJulian Pullen * Supported values for required_priv are:
334b57459abSJulian Pullen * - NSCD_ALL_PRIV: for all zones privileges
335b57459abSJulian Pullen * - NSCD_READ_PRIV: for PRIV_FILE_DAC_READ privilege
336bf1e3beeSmichen */
337bf1e3beeSmichen int
_nscd_check_client_priv(int required_priv)338b57459abSJulian Pullen _nscd_check_client_priv(int required_priv)
339bf1e3beeSmichen {
340bf1e3beeSmichen int rc = 0;
341bf1e3beeSmichen ucred_t *uc = NULL;
342bf1e3beeSmichen const priv_set_t *eset;
343bf1e3beeSmichen char *me = "_nscd_check_client_read_priv";
344b57459abSJulian Pullen priv_set_t *zs; /* zone */
345bf1e3beeSmichen
346bf1e3beeSmichen if (door_ucred(&uc) != 0) {
347bf1e3beeSmichen _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR)
348bf1e3beeSmichen (me, "door_ucred: %s\n", strerror(errno));
349bf1e3beeSmichen return (-1);
350bf1e3beeSmichen }
3516392794bSMichen Chang
3526392794bSMichen Chang if (ucred_geteuid(uc) == 0) {
3536392794bSMichen Chang ucred_free(uc);
3546392794bSMichen Chang return (0);
3556392794bSMichen Chang }
3566392794bSMichen Chang
357bf1e3beeSmichen eset = ucred_getprivset(uc, PRIV_EFFECTIVE);
358b57459abSJulian Pullen switch (required_priv) {
359b57459abSJulian Pullen case NSCD_ALL_PRIV:
360b57459abSJulian Pullen zs = priv_str_to_set("zone", ",", NULL);
361b57459abSJulian Pullen if (!priv_isequalset(eset, zs)) {
362b57459abSJulian Pullen _NSCD_LOG(NSCD_LOG_FRONT_END,
363b57459abSJulian Pullen NSCD_LOG_LEVEL_ERROR)
364b57459abSJulian Pullen (me, "missing all zones privileges\n");
365b57459abSJulian Pullen rc = -1;
366b57459abSJulian Pullen }
367b57459abSJulian Pullen priv_freeset(zs);
368b57459abSJulian Pullen break;
369b57459abSJulian Pullen case NSCD_READ_PRIV:
370b57459abSJulian Pullen if (!priv_ismember(eset, PRIV_FILE_DAC_READ))
371b57459abSJulian Pullen rc = -1;
372b57459abSJulian Pullen break;
373b57459abSJulian Pullen default:
374b57459abSJulian Pullen _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR)
375b57459abSJulian Pullen (me, "unknown required_priv: %d\n", required_priv);
376b57459abSJulian Pullen rc = -1;
377b57459abSJulian Pullen break;
378b57459abSJulian Pullen }
379bf1e3beeSmichen ucred_free(uc);
380bf1e3beeSmichen return (rc);
381bf1e3beeSmichen }
382bf1e3beeSmichen
383cb5caa98Sdjl static void
N2N_check_priv(void * buf,char * dc_str)384cb5caa98Sdjl N2N_check_priv(
385cb5caa98Sdjl void *buf,
386cb5caa98Sdjl char *dc_str)
387cb5caa98Sdjl {
388cb5caa98Sdjl nss_pheader_t *phdr = (nss_pheader_t *)buf;
389cb5caa98Sdjl ucred_t *uc = NULL;
390cb5caa98Sdjl const priv_set_t *eset;
391cb5caa98Sdjl zoneid_t zoneid;
392cb5caa98Sdjl int errnum;
393cb5caa98Sdjl char *me = "N2N_check_priv";
394cb5caa98Sdjl
395cb5caa98Sdjl if (door_ucred(&uc) != 0) {
396cb5caa98Sdjl errnum = errno;
397cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG)
398cb5caa98Sdjl (me, "door_ucred: %s\n", strerror(errno));
399cb5caa98Sdjl
4007d7551bcSMilan Jurik NSCD_SET_STATUS(phdr, NSS_ERROR, errnum);
4017d7551bcSMilan Jurik return;
402cb5caa98Sdjl }
403cb5caa98Sdjl
404cb5caa98Sdjl eset = ucred_getprivset(uc, PRIV_EFFECTIVE);
405cb5caa98Sdjl zoneid = ucred_getzoneid(uc);
406cb5caa98Sdjl
407cb5caa98Sdjl if ((zoneid != GLOBAL_ZONEID && zoneid != getzoneid()) ||
408bf1e3beeSmichen eset != NULL ? !priv_ismember(eset, PRIV_SYS_ADMIN) :
409bf1e3beeSmichen ucred_geteuid(uc) != 0) {
410cb5caa98Sdjl
411cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ALERT)
412cb5caa98Sdjl (me, "%s call failed(cred): caller pid %d, uid %d, "
413bf1e3beeSmichen "euid %d, zoneid %d\n", dc_str, ucred_getpid(uc),
414bf1e3beeSmichen ucred_getruid(uc), ucred_geteuid(uc), zoneid);
415cb5caa98Sdjl ucred_free(uc);
416cb5caa98Sdjl
4177d7551bcSMilan Jurik NSCD_SET_STATUS(phdr, NSS_ERROR, EACCES);
4187d7551bcSMilan Jurik return;
419cb5caa98Sdjl }
420cb5caa98Sdjl
421cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG)
422cb5caa98Sdjl (me, "nscd received %s cmd from pid %d, uid %d, "
423bf1e3beeSmichen "euid %d, zoneid %d\n", dc_str, ucred_getpid(uc),
424bf1e3beeSmichen ucred_getruid(uc), ucred_geteuid(uc), zoneid);
425cb5caa98Sdjl
426cb5caa98Sdjl ucred_free(uc);
427cb5caa98Sdjl
4287d7551bcSMilan Jurik NSCD_SET_STATUS_SUCCESS(phdr);
429cb5caa98Sdjl }
430cb5caa98Sdjl
431e37190e5Smichen void
_nscd_APP_check_cred(void * buf,pid_t * pidp,char * dc_str,int log_comp,int log_level)432e37190e5Smichen _nscd_APP_check_cred(
433cb5caa98Sdjl void *buf,
434cb5caa98Sdjl pid_t *pidp,
435e37190e5Smichen char *dc_str,
436e37190e5Smichen int log_comp,
437e37190e5Smichen int log_level)
438cb5caa98Sdjl {
439cb5caa98Sdjl nss_pheader_t *phdr = (nss_pheader_t *)buf;
440cb5caa98Sdjl ucred_t *uc = NULL;
441cb5caa98Sdjl uid_t ruid;
442cb5caa98Sdjl uid_t euid;
443e37190e5Smichen pid_t pid;
444cb5caa98Sdjl int errnum;
445e37190e5Smichen char *me = "_nscd_APP_check_cred";
446cb5caa98Sdjl
447cb5caa98Sdjl if (door_ucred(&uc) != 0) {
448cb5caa98Sdjl errnum = errno;
449e37190e5Smichen _NSCD_LOG(log_comp, NSCD_LOG_LEVEL_ERROR)
450cb5caa98Sdjl (me, "door_ucred: %s\n", strerror(errno));
451cb5caa98Sdjl
4527d7551bcSMilan Jurik NSCD_SET_STATUS(phdr, NSS_ERROR, errnum);
4537d7551bcSMilan Jurik return;
454cb5caa98Sdjl }
455cb5caa98Sdjl
456e37190e5Smichen NSCD_SET_STATUS_SUCCESS(phdr);
457e37190e5Smichen pid = ucred_getpid(uc);
458cb5caa98Sdjl if (NSS_PACKED_CRED_CHECK(buf, ruid = ucred_getruid(uc),
459bf1e3beeSmichen euid = ucred_geteuid(uc))) {
460e37190e5Smichen if (pidp != NULL) {
461e37190e5Smichen if (*pidp == (pid_t)-1)
462e37190e5Smichen *pidp = pid;
463e37190e5Smichen else if (*pidp != pid) {
464e37190e5Smichen NSCD_SET_STATUS(phdr, NSS_ERROR, EACCES);
465e37190e5Smichen }
466e37190e5Smichen }
467e37190e5Smichen } else {
468e37190e5Smichen NSCD_SET_STATUS(phdr, NSS_ERROR, EACCES);
469cb5caa98Sdjl }
470cb5caa98Sdjl
471cb5caa98Sdjl ucred_free(uc);
472cb5caa98Sdjl
473e37190e5Smichen if (NSCD_STATUS_IS_NOT_OK(phdr)) {
474e37190e5Smichen _NSCD_LOG(log_comp, log_level)
475e37190e5Smichen (me, "%s call failed: caller pid %d (input pid = %d), ruid %d, "
476bf1e3beeSmichen "euid %d, header ruid %d, header euid %d\n", dc_str,
477bf1e3beeSmichen pid, (pidp != NULL) ? *pidp : -1, ruid, euid,
478bf1e3beeSmichen ((nss_pheader_t *)(buf))->p_ruid,
479bf1e3beeSmichen ((nss_pheader_t *)(buf))->p_euid);
480e37190e5Smichen }
481cb5caa98Sdjl }
482cb5caa98Sdjl
483606f6aa3Smichen /* log error and return -1 when an invalid packed buffer header is found */
484606f6aa3Smichen static int
pheader_error(nss_pheader_t * phdr,uint32_t call_number)485606f6aa3Smichen pheader_error(nss_pheader_t *phdr, uint32_t call_number)
486606f6aa3Smichen {
487606f6aa3Smichen char *call_num_str;
488606f6aa3Smichen
489606f6aa3Smichen switch (call_number) {
490606f6aa3Smichen case NSCD_SEARCH:
491606f6aa3Smichen call_num_str = "NSCD_SEARCH";
492606f6aa3Smichen break;
493606f6aa3Smichen case NSCD_SETENT:
494606f6aa3Smichen call_num_str = "NSCD_SETENT";
495606f6aa3Smichen break;
496606f6aa3Smichen case NSCD_GETENT:
497606f6aa3Smichen call_num_str = "NSCD_GETENT";
498606f6aa3Smichen break;
499606f6aa3Smichen case NSCD_ENDENT:
500606f6aa3Smichen call_num_str = "NSCD_ENDENT";
501606f6aa3Smichen break;
502606f6aa3Smichen case NSCD_PUT:
503606f6aa3Smichen call_num_str = "NSCD_PUT";
504606f6aa3Smichen break;
505606f6aa3Smichen case NSCD_GETHINTS:
506606f6aa3Smichen call_num_str = "NSCD_GETHINTS";
507606f6aa3Smichen break;
508606f6aa3Smichen default:
509606f6aa3Smichen call_num_str = "UNKNOWN";
510606f6aa3Smichen break;
511606f6aa3Smichen }
512606f6aa3Smichen
513606f6aa3Smichen _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ALERT)
514606f6aa3Smichen ("pheader_error", "call number %s: invalid packed buffer header\n",
515bf1e3beeSmichen call_num_str);
516606f6aa3Smichen
517606f6aa3Smichen NSCD_SET_STATUS(phdr, NSS_ERROR, EINVAL);
518606f6aa3Smichen return (-1);
519606f6aa3Smichen }
520606f6aa3Smichen
521606f6aa3Smichen /*
522606f6aa3Smichen * Validate the header of a getXbyY or setent/getent/endent request.
523606f6aa3Smichen * Return 0 if good, -1 otherwise.
524606f6aa3Smichen *
525606f6aa3Smichen * A valid header looks like the following (size is arg_size, does
526606f6aa3Smichen * not include the output area):
527606f6aa3Smichen * +----------------------------------+ --
528606f6aa3Smichen * | nss_pheader_t (header fixed part)| ^
529606f6aa3Smichen * | | |
530606f6aa3Smichen * | pbufsiz, dbd,off, key_off, | len = sizeof(nss_pheader_t)
531606f6aa3Smichen * | data_off .... | |
532606f6aa3Smichen * | | v
533606f6aa3Smichen * +----------------------------------+ <----- dbd_off
534606f6aa3Smichen * | dbd (database description) | ^
535606f6aa3Smichen * | nss_dbd_t + up to 3 strings | |
536606f6aa3Smichen * | length = sizeof(nss_dbd_t) + | len = key_off - dbd_off
537606f6aa3Smichen * | length of 3 strings + | |
538606f6aa3Smichen * | length of padding | |
539606f6aa3Smichen * | (total length in multiple of 4) | v
540606f6aa3Smichen * +----------------------------------+ <----- key_off
541606f6aa3Smichen * | lookup key | ^
542606f6aa3Smichen * | nss_XbyY_key_t, content varies, | |
543606f6aa3Smichen * | based on database and lookup op | len = data_off - key_off
544606f6aa3Smichen * | length = data_off - key_off | |
545606f6aa3Smichen * | including padding, multiple of 4 | v
546606f6aa3Smichen * +----------------------------------+ <----- data_off (= arg_size)
547606f6aa3Smichen * | | ^
548606f6aa3Smichen * | area to hold results | |
549606f6aa3Smichen * | | len = data_len (= pbufsiz -
550606f6aa3Smichen * | | | data_off)
551606f6aa3Smichen * | | v
552606f6aa3Smichen * +----------------------------------+ <----- pbufsiz
553606f6aa3Smichen */
554606f6aa3Smichen static int
validate_pheader(void * argp,size_t arg_size,uint32_t call_number)555606f6aa3Smichen validate_pheader(
556606f6aa3Smichen void *argp,
557606f6aa3Smichen size_t arg_size,
558606f6aa3Smichen uint32_t call_number)
559606f6aa3Smichen {
560606f6aa3Smichen nss_pheader_t *phdr = (nss_pheader_t *)(void *)argp;
561606f6aa3Smichen nssuint_t l1, l2;
562606f6aa3Smichen
563606f6aa3Smichen /*
564606f6aa3Smichen * current version is NSCD_HEADER_REV, length of the fixed part
565606f6aa3Smichen * of the header must match the size of nss_pheader_t
566606f6aa3Smichen */
567606f6aa3Smichen if (phdr->p_version != NSCD_HEADER_REV ||
568bf1e3beeSmichen phdr->dbd_off != sizeof (nss_pheader_t))
569606f6aa3Smichen return (pheader_error(phdr, call_number));
570606f6aa3Smichen
571606f6aa3Smichen /*
572606f6aa3Smichen * buffer size and offsets must be in multiple of 4
573606f6aa3Smichen */
574606f6aa3Smichen if ((arg_size & 3) || (phdr->dbd_off & 3) || (phdr->key_off & 3) ||
575bf1e3beeSmichen (phdr->data_off & 3))
576606f6aa3Smichen return (pheader_error(phdr, call_number));
577606f6aa3Smichen
578606f6aa3Smichen /*
579606f6aa3Smichen * the input arg_size is the length of the request header
580606f6aa3Smichen * and should be less than NSCD_PHDR_MAXLEN
581606f6aa3Smichen */
582606f6aa3Smichen if (phdr->data_off != arg_size || arg_size > NSCD_PHDR_MAXLEN)
583606f6aa3Smichen return (pheader_error(phdr, call_number));
584606f6aa3Smichen
585606f6aa3Smichen /* get length of the dbd area */
586606f6aa3Smichen l1 = phdr->key_off - phdr-> dbd_off;
587606f6aa3Smichen
588606f6aa3Smichen /*
589606f6aa3Smichen * dbd area may contain padding, so length of dbd should
590606f6aa3Smichen * not be less than the length of the actual data
591606f6aa3Smichen */
592606f6aa3Smichen if (l1 < phdr->dbd_len)
593606f6aa3Smichen return (pheader_error(phdr, call_number));
594606f6aa3Smichen
595606f6aa3Smichen /* get length of the key area */
596606f6aa3Smichen l2 = phdr->data_off - phdr->key_off;
597606f6aa3Smichen
598606f6aa3Smichen /*
599606f6aa3Smichen * key area may contain padding, so length of key area should
600606f6aa3Smichen * not be less than the length of the actual data
601606f6aa3Smichen */
602606f6aa3Smichen if (l2 < phdr->key_len)
603606f6aa3Smichen return (pheader_error(phdr, call_number));
604606f6aa3Smichen
605606f6aa3Smichen /*
606606f6aa3Smichen * length of fixed part + lengths of dbd and key area = length of
607606f6aa3Smichen * the request header
608606f6aa3Smichen */
609606f6aa3Smichen if (sizeof (nss_pheader_t) + l1 + l2 != phdr->data_off)
610606f6aa3Smichen return (pheader_error(phdr, call_number));
611606f6aa3Smichen
612606f6aa3Smichen /* header length + data length = buffer length */
613606f6aa3Smichen if (phdr->data_off + phdr->data_len != phdr->pbufsiz)
614606f6aa3Smichen return (pheader_error(phdr, call_number));
615606f6aa3Smichen
616606f6aa3Smichen return (0);
617606f6aa3Smichen }
618606f6aa3Smichen
619606f6aa3Smichen /* log error and return -1 when an invalid nscd to nscd buffer is found */
620606f6aa3Smichen static int
N2Nbuf_error(nss_pheader_t * phdr,uint32_t call_number)621606f6aa3Smichen N2Nbuf_error(nss_pheader_t *phdr, uint32_t call_number)
622606f6aa3Smichen {
623606f6aa3Smichen char *call_num_str;
624606f6aa3Smichen
625606f6aa3Smichen switch (call_number) {
626606f6aa3Smichen case NSCD_PING:
627606f6aa3Smichen call_num_str = "NSCD_PING";
628606f6aa3Smichen break;
629606f6aa3Smichen
630606f6aa3Smichen case NSCD_IMHERE:
631606f6aa3Smichen call_num_str = "NSCD_IMHERE";
632606f6aa3Smichen break;
633606f6aa3Smichen
634606f6aa3Smichen case NSCD_PULSE:
635606f6aa3Smichen call_num_str = "NSCD_PULSE";
636606f6aa3Smichen break;
637606f6aa3Smichen
638606f6aa3Smichen case NSCD_FORK:
639606f6aa3Smichen call_num_str = "NSCD_FORK";
640606f6aa3Smichen break;
641606f6aa3Smichen
642606f6aa3Smichen case NSCD_KILL:
643606f6aa3Smichen call_num_str = "NSCD_KILL";
644606f6aa3Smichen break;
645606f6aa3Smichen
646606f6aa3Smichen case NSCD_REFRESH:
647606f6aa3Smichen call_num_str = "NSCD_REFRESH";
648606f6aa3Smichen break;
649606f6aa3Smichen
650606f6aa3Smichen case NSCD_GETPUADMIN:
651606f6aa3Smichen call_num_str = "NSCD_GETPUADMIN";
652606f6aa3Smichen break;
653606f6aa3Smichen
654606f6aa3Smichen case NSCD_GETADMIN:
655606f6aa3Smichen call_num_str = "NSCD_GETADMIN";
656606f6aa3Smichen break;
657606f6aa3Smichen
658606f6aa3Smichen case NSCD_SETADMIN:
659606f6aa3Smichen call_num_str = "NSCD_SETADMIN";
660606f6aa3Smichen break;
661606f6aa3Smichen
662606f6aa3Smichen case NSCD_KILLSERVER:
663606f6aa3Smichen call_num_str = "NSCD_KILLSERVER";
664606f6aa3Smichen break;
665606f6aa3Smichen default:
666606f6aa3Smichen call_num_str = "UNKNOWN";
667606f6aa3Smichen break;
668606f6aa3Smichen }
669606f6aa3Smichen
670606f6aa3Smichen _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ALERT)
671bf1e3beeSmichen ("N2Nbuf_error", "call number %s: invalid N2N buffer\n", call_num_str);
672606f6aa3Smichen
673606f6aa3Smichen NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
674bf1e3beeSmichen NSCD_DOOR_BUFFER_CHECK_FAILED);
675606f6aa3Smichen
676606f6aa3Smichen return (-1);
677606f6aa3Smichen }
678606f6aa3Smichen
679606f6aa3Smichen /*
680606f6aa3Smichen * Validate the buffer of an nscd to nscd request.
681606f6aa3Smichen * Return 0 if good, -1 otherwise.
682606f6aa3Smichen *
683606f6aa3Smichen * A valid buffer looks like the following (size is arg_size):
684606f6aa3Smichen * +----------------------------------+ --
685606f6aa3Smichen * | nss_pheader_t (header fixed part)| ^
686606f6aa3Smichen * | | |
687606f6aa3Smichen * | pbufsiz, dbd,off, key_off, | len = sizeof(nss_pheader_t)
688606f6aa3Smichen * | data_off .... | |
689606f6aa3Smichen * | | v
690606f6aa3Smichen * +----------------------------------+ <---dbd_off = key_off = data_off
691606f6aa3Smichen * | | ^
692606f6aa3Smichen * | input data/output data | |
693606f6aa3Smichen * | OR no data | len = data_len (= pbufsiz -
694606f6aa3Smichen * | | | data_off)
695606f6aa3Smichen * | | | len could be zero
696606f6aa3Smichen * | | v
697606f6aa3Smichen * +----------------------------------+ <--- pbufsiz
698606f6aa3Smichen */
699606f6aa3Smichen static int
validate_N2Nbuf(void * argp,size_t arg_size,uint32_t call_number)700606f6aa3Smichen validate_N2Nbuf(
701606f6aa3Smichen void *argp,
702606f6aa3Smichen size_t arg_size,
703606f6aa3Smichen uint32_t call_number)
704606f6aa3Smichen {
705606f6aa3Smichen nss_pheader_t *phdr = (nss_pheader_t *)(void *)argp;
706606f6aa3Smichen
707606f6aa3Smichen /*
708606f6aa3Smichen * current version is NSCD_HEADER_REV, length of the fixed part
709606f6aa3Smichen * of the header must match the size of nss_pheader_t
710606f6aa3Smichen */
711606f6aa3Smichen if (phdr->p_version != NSCD_HEADER_REV ||
712bf1e3beeSmichen phdr->dbd_off != sizeof (nss_pheader_t))
713606f6aa3Smichen return (N2Nbuf_error(phdr, call_number));
714606f6aa3Smichen
715606f6aa3Smichen /*
716606f6aa3Smichen * There are no dbd and key data, so the dbd, key, data
717606f6aa3Smichen * offsets should be equal
718606f6aa3Smichen */
719606f6aa3Smichen if (phdr->dbd_off != phdr->key_off ||
720bf1e3beeSmichen phdr->dbd_off != phdr->data_off)
721606f6aa3Smichen return (N2Nbuf_error(phdr, call_number));
722606f6aa3Smichen
723606f6aa3Smichen /*
724606f6aa3Smichen * the input arg_size is the buffer length and should
725606f6aa3Smichen * be less or equal than NSCD_N2NBUF_MAXLEN
726606f6aa3Smichen */
727606f6aa3Smichen if (phdr->pbufsiz != arg_size || arg_size > NSCD_N2NBUF_MAXLEN)
728606f6aa3Smichen return (N2Nbuf_error(phdr, call_number));
729606f6aa3Smichen
730606f6aa3Smichen /* header length + data length = buffer length */
731606f6aa3Smichen if (phdr->data_off + phdr->data_len != phdr->pbufsiz)
732606f6aa3Smichen return (N2Nbuf_error(phdr, call_number));
733606f6aa3Smichen
734606f6aa3Smichen return (0);
735606f6aa3Smichen }
736606f6aa3Smichen
737cb5caa98Sdjl static void
lookup(char * argp,size_t arg_size)738cb5caa98Sdjl lookup(char *argp, size_t arg_size)
739cb5caa98Sdjl {
740cb5caa98Sdjl nsc_lookup_args_t largs;
741cb5caa98Sdjl char space[NSCD_LOOKUP_BUFSIZE];
742cb5caa98Sdjl nss_pheader_t *phdr = (nss_pheader_t *)(void *)argp;
743cb5caa98Sdjl
744cb5caa98Sdjl NSCD_ALLOC_LOOKUP_BUFFER(argp, arg_size, phdr, space,
745bf1e3beeSmichen sizeof (space));
746cb5caa98Sdjl
747606f6aa3Smichen /*
748606f6aa3Smichen * make sure the first couple bytes of the data area is null,
749606f6aa3Smichen * so that bad strings in the packed header stop here
750606f6aa3Smichen */
751606f6aa3Smichen (void) memset((char *)phdr + phdr->data_off, 0, 16);
752606f6aa3Smichen
753cb5caa98Sdjl (void) memset(&largs, 0, sizeof (largs));
754cb5caa98Sdjl largs.buffer = argp;
755cb5caa98Sdjl largs.bufsize = arg_size;
756cb5caa98Sdjl nsc_lookup(&largs, 0);
757cb5caa98Sdjl
758cb5caa98Sdjl /*
759cb5caa98Sdjl * only the PUN needs to keep track of the
760cb5caa98Sdjl * activity count to determine when to
761cb5caa98Sdjl * terminate itself
762cb5caa98Sdjl */
763cb5caa98Sdjl if (_whoami == NSCD_CHILD) {
764cb5caa98Sdjl (void) mutex_lock(&activity_lock);
765cb5caa98Sdjl ++activity;
766cb5caa98Sdjl (void) mutex_unlock(&activity_lock);
767cb5caa98Sdjl }
768cb5caa98Sdjl
769cb5caa98Sdjl NSCD_SET_RETURN_ARG(phdr, arg_size);
770cb5caa98Sdjl (void) door_return(argp, arg_size, NULL, 0);
771cb5caa98Sdjl }
772cb5caa98Sdjl
773cb5caa98Sdjl static void
getent(char * argp,size_t arg_size)774cb5caa98Sdjl getent(char *argp, size_t arg_size)
775cb5caa98Sdjl {
776cb5caa98Sdjl char space[NSCD_LOOKUP_BUFSIZE];
777cb5caa98Sdjl nss_pheader_t *phdr = (nss_pheader_t *)(void *)argp;
778cb5caa98Sdjl
779bf1e3beeSmichen NSCD_ALLOC_LOOKUP_BUFFER(argp, arg_size, phdr, space, sizeof (space));
780cb5caa98Sdjl
781cb5caa98Sdjl nss_pgetent(argp, arg_size);
782cb5caa98Sdjl
783cb5caa98Sdjl NSCD_SET_RETURN_ARG(phdr, arg_size);
784cb5caa98Sdjl (void) door_return(argp, arg_size, NULL, 0);
785cb5caa98Sdjl }
786cb5caa98Sdjl
787cb5caa98Sdjl static int
is_db_per_user(void * buf,char * dblist)788cb5caa98Sdjl is_db_per_user(void *buf, char *dblist)
789cb5caa98Sdjl {
790cb5caa98Sdjl nss_pheader_t *phdr = (nss_pheader_t *)buf;
791cb5caa98Sdjl nss_dbd_t *pdbd;
792cb5caa98Sdjl char *dbname, *dbn;
793cb5caa98Sdjl int len;
794cb5caa98Sdjl
795cb5caa98Sdjl /* copy db name into a temp buffer */
796cb5caa98Sdjl pdbd = (nss_dbd_t *)((void *)((char *)buf + phdr->dbd_off));
797cb5caa98Sdjl dbname = (char *)pdbd + pdbd->o_name;
798cb5caa98Sdjl len = strlen(dbname);
799cb5caa98Sdjl dbn = alloca(len + 2);
800cb5caa98Sdjl (void) memcpy(dbn, dbname, len);
801cb5caa98Sdjl
802cb5caa98Sdjl /* check if <dbname> + ',' can be found in the dblist string */
803cb5caa98Sdjl dbn[len] = ',';
804cb5caa98Sdjl dbn[len + 1] = '\0';
805cb5caa98Sdjl if (strstr(dblist, dbn) != NULL)
806cb5caa98Sdjl return (1);
807cb5caa98Sdjl
808cb5caa98Sdjl /*
809cb5caa98Sdjl * check if <dbname> can be found in the last part
810cb5caa98Sdjl * of the dblist string
811cb5caa98Sdjl */
812cb5caa98Sdjl dbn[len] = '\0';
813cb5caa98Sdjl if (strstr(dblist, dbn) != NULL)
814cb5caa98Sdjl return (1);
815cb5caa98Sdjl
816cb5caa98Sdjl return (0);
817cb5caa98Sdjl }
818cb5caa98Sdjl
819cb5caa98Sdjl /*
820cb5caa98Sdjl * Check to see if all conditions are met for processing per-user
821cb5caa98Sdjl * requests. Returns 1 if yes, -1 if backend is not configured,
822cb5caa98Sdjl * 0 otherwise.
823cb5caa98Sdjl */
824cb5caa98Sdjl static int
need_per_user_door(void * buf,int whoami,uid_t uid,char ** dblist)825cb5caa98Sdjl need_per_user_door(void *buf, int whoami, uid_t uid, char **dblist)
826cb5caa98Sdjl {
827cb5caa98Sdjl nss_pheader_t *phdr = (nss_pheader_t *)buf;
828cb5caa98Sdjl
829cb5caa98Sdjl NSCD_SET_STATUS_SUCCESS(phdr);
830cb5caa98Sdjl
831cb5caa98Sdjl /* if already a per-user nscd, no need to get per-user door */
832cb5caa98Sdjl if (whoami == NSCD_CHILD)
833cb5caa98Sdjl return (0);
834cb5caa98Sdjl
835cb5caa98Sdjl /* forker shouldn't be asked */
836cb5caa98Sdjl if (whoami == NSCD_FORKER) {
837cb5caa98Sdjl NSCD_SET_STATUS(phdr, NSS_ERROR, ENOTSUP);
838cb5caa98Sdjl return (0);
839cb5caa98Sdjl }
840cb5caa98Sdjl
841cb5caa98Sdjl /* if door client is root, no need for a per-user door */
842cb5caa98Sdjl if (uid == 0)
843cb5caa98Sdjl return (0);
844cb5caa98Sdjl
845cb5caa98Sdjl /*
846cb5caa98Sdjl * if per-user lookup is not configured, no per-user
847cb5caa98Sdjl * door available
848cb5caa98Sdjl */
849cb5caa98Sdjl if (_nscd_is_self_cred_on(0, dblist) == 0)
850cb5caa98Sdjl return (-1);
851cb5caa98Sdjl
852cb5caa98Sdjl /*
853cb5caa98Sdjl * if per-user lookup is not configured for the db,
854cb5caa98Sdjl * don't bother
855cb5caa98Sdjl */
856cb5caa98Sdjl if (is_db_per_user(phdr, *dblist) == 0)
857cb5caa98Sdjl return (0);
858cb5caa98Sdjl
859cb5caa98Sdjl return (1);
860cb5caa98Sdjl }
861cb5caa98Sdjl
862cb5caa98Sdjl static void
if_selfcred_return_per_user_door(char * argp,size_t arg_size,door_desc_t * dp,int whoami)863cb5caa98Sdjl if_selfcred_return_per_user_door(char *argp, size_t arg_size,
864fa845c5dSToomas Soome door_desc_t *dp, int whoami)
865cb5caa98Sdjl {
866cb5caa98Sdjl nss_pheader_t *phdr = (nss_pheader_t *)((void *)argp);
867cb5caa98Sdjl char *dblist;
868cb5caa98Sdjl int door = -1;
869cb5caa98Sdjl int rc = 0;
870cb5caa98Sdjl door_desc_t desc;
871606f6aa3Smichen char *space;
872606f6aa3Smichen int len;
873cb5caa98Sdjl
874cb5caa98Sdjl /*
875cb5caa98Sdjl * check to see if self-cred is configured and
876cb5caa98Sdjl * need to return an alternate PUN door
877cb5caa98Sdjl */
878cb5caa98Sdjl if (per_user_is_on == 1) {
879cb5caa98Sdjl rc = need_per_user_door(argp, whoami,
880bf1e3beeSmichen _nscd_get_client_euid(), &dblist);
881cb5caa98Sdjl if (rc == -1)
882cb5caa98Sdjl per_user_is_on = 0;
883cb5caa98Sdjl }
884cb5caa98Sdjl if (rc <= 0) {
885cb5caa98Sdjl /*
886cb5caa98Sdjl * self-cred not configured, and no error detected,
887cb5caa98Sdjl * return to continue the door call processing
888cb5caa98Sdjl */
889cb5caa98Sdjl if (NSCD_STATUS_IS_OK(phdr))
890cb5caa98Sdjl return;
891cb5caa98Sdjl else
892cb5caa98Sdjl /*
893cb5caa98Sdjl * configured but error detected,
894cb5caa98Sdjl * stop the door call processing
895cb5caa98Sdjl */
896cb5caa98Sdjl (void) door_return(argp, phdr->data_off, NULL, 0);
897cb5caa98Sdjl }
898cb5caa98Sdjl
899cb5caa98Sdjl /* get the alternate PUN door */
900cb5caa98Sdjl _nscd_proc_alt_get(argp, &door);
901cb5caa98Sdjl if (NSCD_GET_STATUS(phdr) != NSS_ALTRETRY) {
902cb5caa98Sdjl (void) door_return(argp, phdr->data_off, NULL, 0);
903cb5caa98Sdjl }
904cb5caa98Sdjl
905cb5caa98Sdjl /* return the alternate door descriptor */
906606f6aa3Smichen len = strlen(dblist) + 1;
907606f6aa3Smichen space = alloca(arg_size + len);
908606f6aa3Smichen phdr->data_len = len;
909606f6aa3Smichen (void) memcpy(space, phdr, arg_size);
910606f6aa3Smichen (void) strncpy((char *)space + arg_size, dblist, len);
911cb5caa98Sdjl dp = &desc;
912cb5caa98Sdjl dp->d_attributes = DOOR_DESCRIPTOR;
913cb5caa98Sdjl dp->d_data.d_desc.d_descriptor = door;
914606f6aa3Smichen arg_size += len;
915606f6aa3Smichen (void) door_return(space, arg_size, dp, 1);
916cb5caa98Sdjl }
917cb5caa98Sdjl
918cb5caa98Sdjl /*ARGSUSED*/
919cb5caa98Sdjl static void
switcher(void * cookie,char * argp,size_t arg_size,door_desc_t * dp,uint_t n_desc)920cb5caa98Sdjl switcher(void *cookie, char *argp, size_t arg_size,
921cb5caa98Sdjl door_desc_t *dp, uint_t n_desc)
922cb5caa98Sdjl {
923cb5caa98Sdjl int iam;
924cb5caa98Sdjl pid_t ent_pid = -1;
925cb5caa98Sdjl nss_pheader_t *phdr = (nss_pheader_t *)((void *)argp);
926cb5caa98Sdjl void *uptr;
927606f6aa3Smichen int len;
928606f6aa3Smichen size_t buflen;
929cb5caa98Sdjl int callnum;
930cb5caa98Sdjl char *me = "switcher";
931cb5caa98Sdjl
932cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG)
933cb5caa98Sdjl (me, "switcher ...\n");
934cb5caa98Sdjl
935cb5caa98Sdjl if (argp == DOOR_UNREF_DATA) {
936cb5caa98Sdjl (void) printf("Door Slam... exiting\n");
937cb5caa98Sdjl exit(0);
938cb5caa98Sdjl }
939cb5caa98Sdjl
940cb5caa98Sdjl if (argp == NULL) { /* empty door call */
941cb5caa98Sdjl (void) door_return(NULL, 0, 0, 0); /* return the favor */
942cb5caa98Sdjl }
943cb5caa98Sdjl
944cb5caa98Sdjl /*
945cb5caa98Sdjl * need to restart if main nscd and config file(s) changed
946cb5caa98Sdjl */
947cb5caa98Sdjl if (_whoami == NSCD_MAIN)
94880b80bf0Smichen _nscd_restart_if_cfgfile_changed();
949cb5caa98Sdjl
950cb5caa98Sdjl if ((phdr->nsc_callnumber & NSCDV2CATMASK) == NSCD_CALLCAT_APP) {
951606f6aa3Smichen
952606f6aa3Smichen /* make sure the packed buffer header is good */
953606f6aa3Smichen if (validate_pheader(argp, arg_size,
954bf1e3beeSmichen phdr->nsc_callnumber) == -1)
955606f6aa3Smichen (void) door_return(argp, arg_size, NULL, 0);
956606f6aa3Smichen
957cb5caa98Sdjl switch (phdr->nsc_callnumber) {
958606f6aa3Smichen
959cb5caa98Sdjl case NSCD_SEARCH:
960cb5caa98Sdjl
961cb5caa98Sdjl /* if a fallback to main nscd, skip per-user setup */
962cb5caa98Sdjl if (phdr->p_status != NSS_ALTRETRY)
963cb5caa98Sdjl if_selfcred_return_per_user_door(argp, arg_size,
964bf1e3beeSmichen dp, _whoami);
965cb5caa98Sdjl lookup(argp, arg_size);
966cb5caa98Sdjl
967cb5caa98Sdjl break;
968cb5caa98Sdjl
969cb5caa98Sdjl case NSCD_SETENT:
970cb5caa98Sdjl
971e37190e5Smichen _nscd_APP_check_cred(argp, &ent_pid, "NSCD_SETENT",
972bf1e3beeSmichen NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ALERT);
973cb5caa98Sdjl if (NSCD_STATUS_IS_OK(phdr)) {
974cb5caa98Sdjl if_selfcred_return_per_user_door(argp, arg_size,
975bf1e3beeSmichen dp, _whoami);
976cb5caa98Sdjl nss_psetent(argp, arg_size, ent_pid);
977cb5caa98Sdjl }
978cb5caa98Sdjl break;
979cb5caa98Sdjl
980cb5caa98Sdjl case NSCD_GETENT:
981cb5caa98Sdjl
982cb5caa98Sdjl getent(argp, arg_size);
983cb5caa98Sdjl break;
984cb5caa98Sdjl
985cb5caa98Sdjl case NSCD_ENDENT:
986cb5caa98Sdjl
987cb5caa98Sdjl nss_pendent(argp, arg_size);
988cb5caa98Sdjl break;
989cb5caa98Sdjl
990cb5caa98Sdjl case NSCD_PUT:
991cb5caa98Sdjl
992cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR)
993cb5caa98Sdjl (me, "door call NSCD_PUT not supported yet\n");
994cb5caa98Sdjl
995cb5caa98Sdjl NSCD_SET_STATUS(phdr, NSS_ERROR, ENOTSUP);
996cb5caa98Sdjl break;
997cb5caa98Sdjl
998cb5caa98Sdjl case NSCD_GETHINTS:
999cb5caa98Sdjl
1000cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR)
1001cb5caa98Sdjl (me, "door call NSCD_GETHINTS not supported yet\n");
1002cb5caa98Sdjl
1003cb5caa98Sdjl NSCD_SET_STATUS(phdr, NSS_ERROR, ENOTSUP);
1004cb5caa98Sdjl break;
1005cb5caa98Sdjl
1006cb5caa98Sdjl default:
1007cb5caa98Sdjl
1008cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR)
1009cb5caa98Sdjl (me, "Unknown name service door call op %x\n",
1010bf1e3beeSmichen phdr->nsc_callnumber);
1011cb5caa98Sdjl
1012cb5caa98Sdjl NSCD_SET_STATUS(phdr, NSS_ERROR, EINVAL);
1013cb5caa98Sdjl break;
1014cb5caa98Sdjl }
1015cb5caa98Sdjl
1016cb5caa98Sdjl (void) door_return(argp, arg_size, NULL, 0);
1017cb5caa98Sdjl }
1018cb5caa98Sdjl
1019cb5caa98Sdjl iam = NSCD_MAIN;
1020cb5caa98Sdjl callnum = phdr->nsc_callnumber & ~NSCD_WHOAMI;
1021cb5caa98Sdjl if (callnum == NSCD_IMHERE ||
1022bf1e3beeSmichen callnum == NSCD_PULSE || callnum == NSCD_FORK)
1023cb5caa98Sdjl iam = phdr->nsc_callnumber & NSCD_WHOAMI;
1024cb5caa98Sdjl else
1025cb5caa98Sdjl callnum = phdr->nsc_callnumber;
1026cb5caa98Sdjl
1027cb5caa98Sdjl /* nscd -> nscd v2 calls */
1028606f6aa3Smichen
1029606f6aa3Smichen /* make sure the buffer is good */
1030606f6aa3Smichen if (validate_N2Nbuf(argp, arg_size, callnum) == -1)
1031606f6aa3Smichen (void) door_return(argp, arg_size, NULL, 0);
1032606f6aa3Smichen
1033cb5caa98Sdjl switch (callnum) {
1034cb5caa98Sdjl
1035cb5caa98Sdjl case NSCD_PING:
1036cb5caa98Sdjl NSCD_SET_STATUS_SUCCESS(phdr);
1037cb5caa98Sdjl break;
1038cb5caa98Sdjl
1039cb5caa98Sdjl case NSCD_IMHERE:
1040cb5caa98Sdjl _nscd_proc_iamhere(argp, dp, n_desc, iam);
1041cb5caa98Sdjl break;
1042cb5caa98Sdjl
1043cb5caa98Sdjl case NSCD_PULSE:
1044cb5caa98Sdjl N2N_check_priv(argp, "NSCD_PULSE");
1045cb5caa98Sdjl if (NSCD_STATUS_IS_OK(phdr))
1046cb5caa98Sdjl _nscd_proc_pulse(argp, iam);
1047cb5caa98Sdjl break;
1048cb5caa98Sdjl
1049cb5caa98Sdjl case NSCD_FORK:
1050cb5caa98Sdjl N2N_check_priv(argp, "NSCD_FORK");
1051cb5caa98Sdjl if (NSCD_STATUS_IS_OK(phdr))
1052cb5caa98Sdjl _nscd_proc_fork(argp, iam);
1053cb5caa98Sdjl break;
1054cb5caa98Sdjl
1055cb5caa98Sdjl case NSCD_KILL:
1056cb5caa98Sdjl N2N_check_priv(argp, "NSCD_KILL");
1057cb5caa98Sdjl if (NSCD_STATUS_IS_OK(phdr))
1058cb5caa98Sdjl exit(0);
1059cb5caa98Sdjl break;
1060cb5caa98Sdjl
1061cb5caa98Sdjl case NSCD_REFRESH:
1062606f6aa3Smichen N2N_check_priv(argp, "NSCD_REFRESH");
1063606f6aa3Smichen if (NSCD_STATUS_IS_OK(phdr)) {
1064606f6aa3Smichen if (_nscd_refresh() != NSCD_SUCCESS)
1065606f6aa3Smichen exit(1);
1066606f6aa3Smichen NSCD_SET_STATUS_SUCCESS(phdr);
1067606f6aa3Smichen }
1068cb5caa98Sdjl break;
1069cb5caa98Sdjl
1070cb5caa98Sdjl case NSCD_GETPUADMIN:
1071cb5caa98Sdjl
1072cb5caa98Sdjl if (_nscd_is_self_cred_on(0, NULL)) {
1073cb5caa98Sdjl _nscd_peruser_getadmin(argp, sizeof (nscd_admin_t));
1074cb5caa98Sdjl } else {
1075cb5caa98Sdjl NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
1076bf1e3beeSmichen NSCD_SELF_CRED_NOT_CONFIGURED);
1077cb5caa98Sdjl }
1078cb5caa98Sdjl break;
1079cb5caa98Sdjl
1080cb5caa98Sdjl case NSCD_GETADMIN:
1081cb5caa98Sdjl
1082cb5caa98Sdjl len = _nscd_door_getadmin((void *)argp);
1083cb5caa98Sdjl if (len == 0)
1084cb5caa98Sdjl break;
1085cb5caa98Sdjl
1086cb5caa98Sdjl /* size of door buffer not big enough, allocate one */
1087cb5caa98Sdjl NSCD_ALLOC_DOORBUF(NSCD_GETADMIN, len, uptr, buflen);
1088cb5caa98Sdjl
1089cb5caa98Sdjl /* copy packed header */
1090cb5caa98Sdjl *(nss_pheader_t *)uptr = *(nss_pheader_t *)((void *)argp);
1091cb5caa98Sdjl
1092cb5caa98Sdjl /* set new buffer size */
1093cb5caa98Sdjl ((nss_pheader_t *)uptr)->pbufsiz = buflen;
1094cb5caa98Sdjl
1095cb5caa98Sdjl /* try one more time */
1096cb5caa98Sdjl (void) _nscd_door_getadmin((void *)uptr);
1097cb5caa98Sdjl (void) door_return(uptr, buflen, NULL, 0);
1098cb5caa98Sdjl break;
1099cb5caa98Sdjl
1100cb5caa98Sdjl case NSCD_SETADMIN:
1101cb5caa98Sdjl N2N_check_priv(argp, "NSCD_SETADMIN");
1102cb5caa98Sdjl if (NSCD_STATUS_IS_OK(phdr))
1103cb5caa98Sdjl _nscd_door_setadmin(argp);
1104cb5caa98Sdjl break;
1105cb5caa98Sdjl
1106cb5caa98Sdjl case NSCD_KILLSERVER:
1107cb5caa98Sdjl N2N_check_priv(argp, "NSCD_KILLSERVER");
1108cb5caa98Sdjl if (NSCD_STATUS_IS_OK(phdr)) {
1109cb5caa98Sdjl /* also kill the forker nscd if one is running */
1110cb5caa98Sdjl _nscd_kill_forker();
1111cb5caa98Sdjl exit(0);
1112cb5caa98Sdjl }
1113cb5caa98Sdjl break;
1114cb5caa98Sdjl
1115cb5caa98Sdjl default:
1116cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR)
1117cb5caa98Sdjl (me, "Unknown name service door call op %d\n",
1118bf1e3beeSmichen phdr->nsc_callnumber);
1119cb5caa98Sdjl
1120cb5caa98Sdjl NSCD_SET_STATUS(phdr, NSS_ERROR, EINVAL);
1121cb5caa98Sdjl
1122cb5caa98Sdjl (void) door_return(argp, arg_size, NULL, 0);
1123cb5caa98Sdjl break;
1124cb5caa98Sdjl
1125cb5caa98Sdjl }
1126cb5caa98Sdjl (void) door_return(argp, arg_size, NULL, 0);
1127cb5caa98Sdjl }
1128cb5caa98Sdjl
1129cb5caa98Sdjl int
_nscd_setup_server(char * execname,char ** argv)1130cb5caa98Sdjl _nscd_setup_server(char *execname, char **argv)
1131cb5caa98Sdjl {
1132cb5caa98Sdjl
1133cb5caa98Sdjl int fd;
1134cb5caa98Sdjl int errnum;
1135cb5caa98Sdjl int bind_failed = 0;
113680b80bf0Smichen mode_t old_mask;
1137cb5caa98Sdjl struct stat buf;
1138cb5caa98Sdjl sigset_t myset;
1139cb5caa98Sdjl struct sigaction action;
1140cb5caa98Sdjl char *me = "_nscd_setup_server";
1141cb5caa98Sdjl
1142cb5caa98Sdjl main_execname = execname;
1143cb5caa98Sdjl main_argv = argv;
1144cb5caa98Sdjl
114582714199Ssdussud /* Any nscd process is to ignore SIGPIPE */
114682714199Ssdussud if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
114782714199Ssdussud errnum = errno;
114882714199Ssdussud _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR)
114982714199Ssdussud (me, "signal (SIGPIPE): %s\n", strerror(errnum));
115082714199Ssdussud return (-1);
115182714199Ssdussud }
115282714199Ssdussud
1153cb5caa98Sdjl keep_open_dns_socket();
1154cb5caa98Sdjl
1155cb5caa98Sdjl /*
1156cb5caa98Sdjl * the max number of server threads should be fixed now, so
1157cb5caa98Sdjl * set flag to indicate that no in-flight change is allowed
1158cb5caa98Sdjl */
1159cb5caa98Sdjl max_servers_set = 1;
1160cb5caa98Sdjl
1161cb5caa98Sdjl (void) thr_keycreate(&lookup_state_key, NULL);
1162bf1e3beeSmichen (void) sema_init(&common_sema, frontend_cfg_g.common_worker_threads,
1163bf1e3beeSmichen USYNC_THREAD, 0);
1164cb5caa98Sdjl
1165cb5caa98Sdjl /* Establish server thread pool */
1166cb5caa98Sdjl (void) door_server_create(server_create);
1167cb5caa98Sdjl if (thr_keycreate(&server_key, server_destroy) != 0) {
1168cb5caa98Sdjl errnum = errno;
1169cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR)
1170cb5caa98Sdjl (me, "thr_keycreate (server thread): %s\n",
1171bf1e3beeSmichen strerror(errnum));
1172cb5caa98Sdjl return (-1);
1173cb5caa98Sdjl }
1174cb5caa98Sdjl
1175cb5caa98Sdjl /* Create a door */
1176cb5caa98Sdjl if ((fd = door_create(switcher, NAME_SERVICE_DOOR_COOKIE,
1177cb5caa98Sdjl DOOR_UNREF | DOOR_NO_CANCEL)) < 0) {
1178cb5caa98Sdjl errnum = errno;
1179cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR)
1180cb5caa98Sdjl (me, "door_create: %s\n", strerror(errnum));
1181cb5caa98Sdjl return (-1);
1182cb5caa98Sdjl }
1183cb5caa98Sdjl
1184cb5caa98Sdjl /* if not main nscd, no more setup to do */
1185cb5caa98Sdjl if (_whoami != NSCD_MAIN)
1186cb5caa98Sdjl return (fd);
1187cb5caa98Sdjl
1188cb5caa98Sdjl /* bind to file system */
1189bf1e3beeSmichen if (is_system_labeled() && (getzoneid() == GLOBAL_ZONEID)) {
1190cb5caa98Sdjl if (stat(TSOL_NAME_SERVICE_DOOR, &buf) < 0) {
119180b80bf0Smichen int newfd;
119280b80bf0Smichen
119380b80bf0Smichen /* make sure the door will be readable by all */
119480b80bf0Smichen old_mask = umask(0);
1195cb5caa98Sdjl if ((newfd = creat(TSOL_NAME_SERVICE_DOOR, 0444)) < 0) {
1196cb5caa98Sdjl errnum = errno;
1197cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END,
1198bf1e3beeSmichen NSCD_LOG_LEVEL_ERROR)
1199cb5caa98Sdjl (me, "Cannot create %s: %s\n",
1200bf1e3beeSmichen TSOL_NAME_SERVICE_DOOR,
1201bf1e3beeSmichen strerror(errnum));
1202cb5caa98Sdjl bind_failed = 1;
1203cb5caa98Sdjl }
120480b80bf0Smichen /* rstore the old file mode creation mask */
120580b80bf0Smichen (void) umask(old_mask);
1206cb5caa98Sdjl (void) close(newfd);
1207cb5caa98Sdjl }
1208cb5caa98Sdjl if (symlink(TSOL_NAME_SERVICE_DOOR, NAME_SERVICE_DOOR) != 0) {
1209cb5caa98Sdjl if (errno != EEXIST) {
1210cb5caa98Sdjl errnum = errno;
1211cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END,
1212bf1e3beeSmichen NSCD_LOG_LEVEL_ERROR)
1213cb5caa98Sdjl (me, "Cannot symlink %s: %s\n",
1214bf1e3beeSmichen NAME_SERVICE_DOOR, strerror(errnum));
1215cb5caa98Sdjl bind_failed = 1;
1216cb5caa98Sdjl }
1217cb5caa98Sdjl }
1218cb5caa98Sdjl } else if (stat(NAME_SERVICE_DOOR, &buf) < 0) {
121980b80bf0Smichen int newfd;
122080b80bf0Smichen
122180b80bf0Smichen /* make sure the door will be readable by all */
122280b80bf0Smichen old_mask = umask(0);
1223cb5caa98Sdjl if ((newfd = creat(NAME_SERVICE_DOOR, 0444)) < 0) {
1224cb5caa98Sdjl errnum = errno;
1225cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR)
1226cb5caa98Sdjl (me, "Cannot create %s: %s\n", NAME_SERVICE_DOOR,
1227bf1e3beeSmichen strerror(errnum));
1228cb5caa98Sdjl bind_failed = 1;
1229cb5caa98Sdjl }
123080b80bf0Smichen /* rstore the old file mode creation mask */
123180b80bf0Smichen (void) umask(old_mask);
1232cb5caa98Sdjl (void) close(newfd);
1233cb5caa98Sdjl }
1234cb5caa98Sdjl
1235cb5caa98Sdjl if (bind_failed == 1) {
1236cb5caa98Sdjl (void) door_revoke(fd);
1237cb5caa98Sdjl return (-1);
1238cb5caa98Sdjl }
1239cb5caa98Sdjl
1240cb5caa98Sdjl if (fattach(fd, NAME_SERVICE_DOOR) < 0) {
1241cb5caa98Sdjl if ((errno != EBUSY) ||
1242bf1e3beeSmichen (fdetach(NAME_SERVICE_DOOR) < 0) ||
1243bf1e3beeSmichen (fattach(fd, NAME_SERVICE_DOOR) < 0)) {
1244cb5caa98Sdjl errnum = errno;
1245bf1e3beeSmichen _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR)
1246cb5caa98Sdjl (me, "fattach: %s\n", strerror(errnum));
1247cb5caa98Sdjl (void) door_revoke(fd);
1248cb5caa98Sdjl return (-1);
1249cb5caa98Sdjl }
1250cb5caa98Sdjl }
1251cb5caa98Sdjl
1252cb5caa98Sdjl /*
1253cb5caa98Sdjl * kick off routing socket monitor thread
1254cb5caa98Sdjl */
1255fa845c5dSToomas Soome if (thr_create(NULL, 0,
1256bf1e3beeSmichen (void *(*)(void *))rts_mon, 0, 0, NULL) != 0) {
1257cb5caa98Sdjl errnum = errno;
1258cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR)
1259cb5caa98Sdjl (me, "thr_create (routing socket monitor): %s\n",
1260bf1e3beeSmichen strerror(errnum));
1261cb5caa98Sdjl
1262cb5caa98Sdjl (void) door_revoke(fd);
1263cb5caa98Sdjl return (-1);
1264cb5caa98Sdjl }
1265cb5caa98Sdjl
1266cb5caa98Sdjl /*
1267cb5caa98Sdjl * set up signal handler for SIGHUP
1268cb5caa98Sdjl */
1269cb5caa98Sdjl action.sa_handler = dozip;
1270cb5caa98Sdjl action.sa_flags = 0;
1271cb5caa98Sdjl (void) sigemptyset(&action.sa_mask);
1272cb5caa98Sdjl (void) sigemptyset(&myset);
1273cb5caa98Sdjl (void) sigaddset(&myset, SIGHUP);
1274cb5caa98Sdjl
1275cb5caa98Sdjl if (sigaction(SIGHUP, &action, NULL) < 0) {
1276cb5caa98Sdjl errnum = errno;
1277cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR)
1278cb5caa98Sdjl (me, "sigaction (SIGHUP): %s\n", strerror(errnum));
1279cb5caa98Sdjl
1280cb5caa98Sdjl (void) door_revoke(fd);
1281cb5caa98Sdjl return (-1);
1282cb5caa98Sdjl }
1283cb5caa98Sdjl
1284cb5caa98Sdjl return (fd);
1285cb5caa98Sdjl }
1286cb5caa98Sdjl
1287cb5caa98Sdjl int
_nscd_setup_child_server(int did)1288cb5caa98Sdjl _nscd_setup_child_server(int did)
1289cb5caa98Sdjl {
1290cb5caa98Sdjl
1291cb5caa98Sdjl int errnum;
1292cb5caa98Sdjl int fd;
1293cb5caa98Sdjl nscd_rc_t rc;
1294cb5caa98Sdjl char *me = "_nscd_setup_child_server";
1295cb5caa98Sdjl
1296cb5caa98Sdjl /* Re-establish our own server thread pool */
1297cb5caa98Sdjl (void) door_server_create(server_create);
1298cb5caa98Sdjl if (thr_keycreate(&server_key, server_destroy) != 0) {
1299cb5caa98Sdjl errnum = errno;
1300cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG)
1301cb5caa98Sdjl (me, "thr_keycreate failed: %s", strerror(errnum));
1302cb5caa98Sdjl return (-1);
1303cb5caa98Sdjl }
1304cb5caa98Sdjl
1305cb5caa98Sdjl /*
1306cb5caa98Sdjl * Create a new door.
1307cb5caa98Sdjl * Keep DOOR_REFUSE_DESC (self-cred nscds don't fork)
1308cb5caa98Sdjl */
1309cb5caa98Sdjl (void) close(did);
1310bf1e3beeSmichen if ((fd = door_create(switcher, NAME_SERVICE_DOOR_COOKIE,
1311bf1e3beeSmichen DOOR_REFUSE_DESC|DOOR_UNREF|DOOR_NO_CANCEL)) < 0) {
1312cb5caa98Sdjl errnum = errno;
1313cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG)
1314cb5caa98Sdjl (me, "door_create failed: %s", strerror(errnum));
1315cb5caa98Sdjl return (-1);
1316cb5caa98Sdjl }
1317cb5caa98Sdjl
1318cb5caa98Sdjl /*
1319cb5caa98Sdjl * kick off routing socket monitor thread
1320cb5caa98Sdjl */
1321fa845c5dSToomas Soome if (thr_create(NULL, 0,
1322bf1e3beeSmichen (void *(*)(void *))rts_mon, 0, 0, NULL) != 0) {
1323cb5caa98Sdjl errnum = errno;
1324cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR)
1325cb5caa98Sdjl (me, "thr_create (routing socket monitor): %s\n",
1326bf1e3beeSmichen strerror(errnum));
1327cb5caa98Sdjl (void) door_revoke(fd);
1328cb5caa98Sdjl return (-1);
1329cb5caa98Sdjl }
1330cb5caa98Sdjl
1331cb5caa98Sdjl /*
1332cb5caa98Sdjl * start monitoring the states of the name service clients
1333cb5caa98Sdjl */
1334cb5caa98Sdjl rc = _nscd_init_smf_monitor();
1335cb5caa98Sdjl if (rc != NSCD_SUCCESS) {
1336cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR)
1337cb5caa98Sdjl (me, "unable to start the SMF monitor (rc = %d)\n", rc);
1338cb5caa98Sdjl
1339cb5caa98Sdjl (void) door_revoke(fd);
1340cb5caa98Sdjl return (-1);
1341cb5caa98Sdjl }
1342cb5caa98Sdjl
1343cb5caa98Sdjl return (fd);
1344cb5caa98Sdjl }
1345cb5caa98Sdjl
1346cb5caa98Sdjl nscd_rc_t
_nscd_alloc_frontend_cfg()1347cb5caa98Sdjl _nscd_alloc_frontend_cfg()
1348cb5caa98Sdjl {
1349cb5caa98Sdjl frontend_cfg = calloc(NSCD_NUM_DB, sizeof (nscd_cfg_frontend_t));
1350cb5caa98Sdjl if (frontend_cfg == NULL)
1351cb5caa98Sdjl return (NSCD_NO_MEMORY);
1352cb5caa98Sdjl
1353cb5caa98Sdjl return (NSCD_SUCCESS);
1354cb5caa98Sdjl }
1355cb5caa98Sdjl
1356cb5caa98Sdjl
1357cb5caa98Sdjl /* ARGSUSED */
1358cb5caa98Sdjl nscd_rc_t
_nscd_cfg_frontend_notify(void * data,struct nscd_cfg_param_desc * pdesc,nscd_cfg_id_t * nswdb,nscd_cfg_flag_t dflag,nscd_cfg_error_t ** errorp,void * cookie)1359cb5caa98Sdjl _nscd_cfg_frontend_notify(
1360cb5caa98Sdjl void *data,
1361cb5caa98Sdjl struct nscd_cfg_param_desc *pdesc,
1362cb5caa98Sdjl nscd_cfg_id_t *nswdb,
1363cb5caa98Sdjl nscd_cfg_flag_t dflag,
1364cb5caa98Sdjl nscd_cfg_error_t **errorp,
1365cb5caa98Sdjl void *cookie)
1366cb5caa98Sdjl {
1367cb5caa98Sdjl void *dp;
1368cb5caa98Sdjl
1369cb5caa98Sdjl /*
1370cb5caa98Sdjl * At init time, the whole group of config params are received.
1371cb5caa98Sdjl * At update time, group or individual parameter value could
1372cb5caa98Sdjl * be received.
1373cb5caa98Sdjl */
1374cb5caa98Sdjl
1375cb5caa98Sdjl if (_nscd_cfg_flag_is_set(dflag, NSCD_CFG_DFLAG_INIT) ||
1376bf1e3beeSmichen _nscd_cfg_flag_is_set(dflag, NSCD_CFG_DFLAG_GROUP)) {
1377cb5caa98Sdjl /*
1378cb5caa98Sdjl * group data is received, copy in the
1379cb5caa98Sdjl * entire strcture
1380cb5caa98Sdjl */
1381bf1e3beeSmichen if (_nscd_cfg_flag_is_set(pdesc->pflag, NSCD_CFG_PFLAG_GLOBAL))
1382bf1e3beeSmichen frontend_cfg_g = *(nscd_cfg_global_frontend_t *)data;
1383cb5caa98Sdjl else
1384cb5caa98Sdjl frontend_cfg[nswdb->index] =
1385bf1e3beeSmichen *(nscd_cfg_frontend_t *)data;
1386cb5caa98Sdjl
1387cb5caa98Sdjl } else {
1388cb5caa98Sdjl /*
1389cb5caa98Sdjl * individual paramater is received: copy in the
1390cb5caa98Sdjl * parameter value.
1391cb5caa98Sdjl */
1392bf1e3beeSmichen if (_nscd_cfg_flag_is_set(pdesc->pflag, NSCD_CFG_PFLAG_GLOBAL))
1393cb5caa98Sdjl dp = (char *)&frontend_cfg_g + pdesc->p_offset;
1394cb5caa98Sdjl else
1395cb5caa98Sdjl dp = (char *)&frontend_cfg[nswdb->index] +
1396bf1e3beeSmichen pdesc->p_offset;
1397cb5caa98Sdjl (void) memcpy(dp, data, pdesc->p_size);
1398cb5caa98Sdjl }
1399cb5caa98Sdjl
1400cb5caa98Sdjl return (NSCD_SUCCESS);
1401cb5caa98Sdjl }
1402cb5caa98Sdjl
1403cb5caa98Sdjl /* ARGSUSED */
1404cb5caa98Sdjl nscd_rc_t
_nscd_cfg_frontend_verify(void * data,struct nscd_cfg_param_desc * pdesc,nscd_cfg_id_t * nswdb,nscd_cfg_flag_t dflag,nscd_cfg_error_t ** errorp,void ** cookie)1405cb5caa98Sdjl _nscd_cfg_frontend_verify(
1406cb5caa98Sdjl void *data,
1407cb5caa98Sdjl struct nscd_cfg_param_desc *pdesc,
1408cb5caa98Sdjl nscd_cfg_id_t *nswdb,
1409cb5caa98Sdjl nscd_cfg_flag_t dflag,
1410cb5caa98Sdjl nscd_cfg_error_t **errorp,
1411cb5caa98Sdjl void **cookie)
1412cb5caa98Sdjl {
1413cb5caa98Sdjl
1414cb5caa98Sdjl char *me = "_nscd_cfg_frontend_verify";
1415cb5caa98Sdjl
1416cb5caa98Sdjl /*
1417cb5caa98Sdjl * if max. number of server threads is set and in effect,
1418cb5caa98Sdjl * don't allow changing of the frontend configuration
1419cb5caa98Sdjl */
1420cb5caa98Sdjl if (max_servers_set) {
1421cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_INFO)
1422cb5caa98Sdjl (me, "changing of the frontend configuration not allowed now");
1423cb5caa98Sdjl
1424cb5caa98Sdjl return (NSCD_CFG_CHANGE_NOT_ALLOWED);
1425cb5caa98Sdjl }
1426cb5caa98Sdjl
1427cb5caa98Sdjl return (NSCD_SUCCESS);
1428cb5caa98Sdjl }
1429cb5caa98Sdjl
1430cb5caa98Sdjl /* ARGSUSED */
1431cb5caa98Sdjl nscd_rc_t
_nscd_cfg_frontend_get_stat(void ** stat,struct nscd_cfg_stat_desc * sdesc,nscd_cfg_id_t * nswdb,nscd_cfg_flag_t * dflag,void (** free_stat)(void * stat),nscd_cfg_error_t ** errorp)1432cb5caa98Sdjl _nscd_cfg_frontend_get_stat(
1433cb5caa98Sdjl void **stat,
1434cb5caa98Sdjl struct nscd_cfg_stat_desc *sdesc,
1435cb5caa98Sdjl nscd_cfg_id_t *nswdb,
1436cb5caa98Sdjl nscd_cfg_flag_t *dflag,
1437cb5caa98Sdjl void (**free_stat)(void *stat),
1438cb5caa98Sdjl nscd_cfg_error_t **errorp)
1439cb5caa98Sdjl {
1440cb5caa98Sdjl return (NSCD_SUCCESS);
1441cb5caa98Sdjl }
1442cb5caa98Sdjl
1443cb5caa98Sdjl void
_nscd_init_cache_sema(sema_t * sema,char * cache_name)1444cb5caa98Sdjl _nscd_init_cache_sema(sema_t *sema, char *cache_name)
1445cb5caa98Sdjl {
1446cb5caa98Sdjl int i, j;
1447cb5caa98Sdjl char *dbn;
1448cb5caa98Sdjl
1449cb5caa98Sdjl if (max_servers == 0)
1450cb5caa98Sdjl max_servers = frontend_cfg_g.common_worker_threads +
1451bf1e3beeSmichen frontend_cfg_g.cache_hit_threads;
1452cb5caa98Sdjl
1453cb5caa98Sdjl for (i = 0; i < NSCD_NUM_DB; i++) {
1454cb5caa98Sdjl
1455cb5caa98Sdjl dbn = NSCD_NSW_DB_NAME(i);
1456cb5caa98Sdjl if (strcasecmp(dbn, cache_name) == 0) {
1457cb5caa98Sdjl j = frontend_cfg[i].worker_thread_per_nsw_db;
1458cb5caa98Sdjl (void) sema_init(sema, j, USYNC_THREAD, 0);
1459cb5caa98Sdjl max_servers += j;
1460cb5caa98Sdjl break;
1461cb5caa98Sdjl }
1462cb5caa98Sdjl }
1463cb5caa98Sdjl }
1464cb5caa98Sdjl
1465cb5caa98Sdjl /*
1466cb5caa98Sdjl * Monitor the routing socket. Address lists stored in the ipnodes
1467cb5caa98Sdjl * cache are sorted based on destination address selection rules,
1468cb5caa98Sdjl * so when things change that could affect that sorting (interfaces
1469cb5caa98Sdjl * go up or down, flags change, etc.), we clear that cache so the
1470cb5caa98Sdjl * list will be re-ordered the next time the hostname is resolved.
1471cb5caa98Sdjl */
1472cb5caa98Sdjl static void
rts_mon(void)1473cb5caa98Sdjl rts_mon(void)
1474cb5caa98Sdjl {
1475cb5caa98Sdjl int rt_sock, rdlen, idx;
1476cb5caa98Sdjl union {
1477cb5caa98Sdjl struct {
1478cb5caa98Sdjl struct rt_msghdr rtm;
1479cb5caa98Sdjl struct sockaddr_storage addrs[RTA_NUMBITS];
1480cb5caa98Sdjl } r;
1481cb5caa98Sdjl struct if_msghdr ifm;
1482cb5caa98Sdjl struct ifa_msghdr ifam;
1483cb5caa98Sdjl } mbuf;
1484cb5caa98Sdjl struct ifa_msghdr *ifam = &mbuf.ifam;
1485cb5caa98Sdjl char *me = "rts_mon";
1486cb5caa98Sdjl
1487ab618543SJohn Levon (void) thr_setname(thr_self(), me);
1488ab618543SJohn Levon
1489cb5caa98Sdjl rt_sock = socket(PF_ROUTE, SOCK_RAW, 0);
1490cb5caa98Sdjl if (rt_sock < 0) {
1491cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR)
1492cb5caa98Sdjl (me, "Failed to open routing socket: %s\n", strerror(errno));
1493cb5caa98Sdjl thr_exit(0);
1494cb5caa98Sdjl }
1495cb5caa98Sdjl
1496cb5caa98Sdjl for (;;) {
1497cb5caa98Sdjl rdlen = read(rt_sock, &mbuf, sizeof (mbuf));
1498cb5caa98Sdjl if (rdlen <= 0) {
1499cb5caa98Sdjl if (rdlen == 0 || (errno != EINTR && errno != EAGAIN)) {
1500cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END,
1501bf1e3beeSmichen NSCD_LOG_LEVEL_ERROR)
1502cb5caa98Sdjl (me, "routing socket read: %s\n",
1503bf1e3beeSmichen strerror(errno));
1504cb5caa98Sdjl thr_exit(0);
1505cb5caa98Sdjl }
1506cb5caa98Sdjl continue;
1507cb5caa98Sdjl }
1508cb5caa98Sdjl if (ifam->ifam_version != RTM_VERSION) {
1509cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END,
1510bf1e3beeSmichen NSCD_LOG_LEVEL_ERROR)
1511cb5caa98Sdjl (me, "rx unknown version (%d) on "
1512bf1e3beeSmichen "routing socket.\n",
1513bf1e3beeSmichen ifam->ifam_version);
1514cb5caa98Sdjl continue;
1515cb5caa98Sdjl }
1516cb5caa98Sdjl switch (ifam->ifam_type) {
1517cb5caa98Sdjl case RTM_NEWADDR:
1518cb5caa98Sdjl case RTM_DELADDR:
1519cb5caa98Sdjl /* if no ipnodes cache, then nothing to do */
1520cb5caa98Sdjl idx = get_cache_idx("ipnodes");
1521cb5caa98Sdjl if (cache_ctx_p[idx] == NULL ||
1522bf1e3beeSmichen cache_ctx_p[idx]->reaper_on != nscd_true)
1523cb5caa98Sdjl break;
1524cb5caa98Sdjl nsc_invalidate(cache_ctx_p[idx], NULL, NULL);
1525cb5caa98Sdjl break;
1526cb5caa98Sdjl case RTM_ADD:
1527cb5caa98Sdjl case RTM_DELETE:
1528cb5caa98Sdjl case RTM_CHANGE:
1529cb5caa98Sdjl case RTM_GET:
1530cb5caa98Sdjl case RTM_LOSING:
1531cb5caa98Sdjl case RTM_REDIRECT:
1532cb5caa98Sdjl case RTM_MISS:
1533cb5caa98Sdjl case RTM_LOCK:
1534cb5caa98Sdjl case RTM_OLDADD:
1535cb5caa98Sdjl case RTM_OLDDEL:
1536cb5caa98Sdjl case RTM_RESOLVE:
1537cb5caa98Sdjl case RTM_IFINFO:
15381cb875aeSCathy Zhou case RTM_CHGADDR:
15391cb875aeSCathy Zhou case RTM_FREEADDR:
1540cb5caa98Sdjl break;
1541cb5caa98Sdjl default:
1542cb5caa98Sdjl _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR)
1543cb5caa98Sdjl (me, "rx unknown msg type (%d) on routing socket.\n",
1544cb5caa98Sdjl ifam->ifam_type);
1545cb5caa98Sdjl break;
1546cb5caa98Sdjl }
1547cb5caa98Sdjl }
1548cb5caa98Sdjl }
1549cb5caa98Sdjl
1550cb5caa98Sdjl static void
keep_open_dns_socket(void)1551cb5caa98Sdjl keep_open_dns_socket(void)
1552cb5caa98Sdjl {
1553cb5caa98Sdjl _res.options |= RES_STAYOPEN; /* just keep this udp socket open */
1554cb5caa98Sdjl }
1555