xref: /illumos-gate/usr/src/lib/libc/port/gen/getxby_door.c (revision 1da57d55)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#include "lint.h"
#include <mtlib.h>
#include <sys/types.h>
#include <errno.h>
#include <pwd.h>
#include <nss_dbdefs.h>
#include <stdio.h>
#include <string.h>
#include <synch.h>
#include <sys/param.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdlib.h>
#include <getxby_door.h>
#include <sys/door.h>
#include <procfs.h>
#include <door.h>
#include <sys/mman.h>
#include "libc.h"
#include "tsd.h"
#include "base_conversion.h"

/* nss<->door hints */
static mutex_t	hints_lock = DEFAULTMUTEX;
static size_t	door_bsize = 0;
static size_t	door_nbsize = 0;
static int	proc_is_cache = -1;

/* library<->nscd door interaction apis */

/*
 *
 * Routine that actually performs the door call.
 * Note that we cache a file descriptor.  We do
 * the following to prevent disasters:
 *
 * 1) Never use 0,1 or 2; if we get this from the open
 *    we dup it upwards.
 *
 * 2) Set the close on exec flags so descriptor remains available
 *    to child processes.
 *
 * 3) Verify that the door is still the same one we had before
 *    by using door_info on the client side.
 *
 *	Note that we never close the file descriptor if it isn't one
 *	we allocated; we check this with door info.  The rather tricky
 *	logic is designed to be fast in the normal case (fd is already
 *	allocated and is ok) while handling the case where the application
 *	closed it underneath us or where the nscd dies or re-execs itself
 *	and we're a multi-threaded application.  Note that we cannot protect
 *	the application if it closes the fd and it is multi-threaded.
 *
 *  int _nsc_trydoorcall(void *dptr, size_t *bufsize, size_t *actualsize);
 *
 *      *dptr           IN: points to arg buffer OUT: points to results buffer
 *      *bufsize        IN: overall size of buffer OUT: overall size of buffer
 *      *actualsize     IN: size of call data OUT: size of return data
 *
 *  Note that *dptr may change if provided space as defined by *bufsize is
 *  inadequate.  In this case the door call mmaps more space and places
 *  the answer there and sets dptr to contain a pointer to the space, which
 *  should be freed with munmap.
 *
 *  Returns 0 if the door call reached the server, -1 if contact was not made.
 *
 */

/*
 * Max size for list of db names supported by the private nscd
 * No implied max here, any size will do, fixed size chosen to
 * reduce yet another malloc
 */

#define	BD_BUFSIZE	1024
#define	BD_SEP		','

typedef struct _nsc_door_t {
	int 		doorfd;
	mutex_t		door_lock;
	door_info_t 	doori;
} nsc_door_t;

static nsc_door_t	nsc_door[2] = {
	{ -1, DEFAULTMUTEX, { 0 } },		/* front (fattached) door */
	{ -1, DEFAULTMUTEX, { 0 } },		/* back (private) door */
};

/* assumed to be locked by using nsc_door[1] mutex */
static char	*nsc_db_buf = NULL;
static char	**nsc_db_list = NULL;

/*
 * Check for a valid and matching db in the list.
 * assume list is in the locked state.
 */

static int
_nsc_use_backdoor(char *db)
{
	char 	**ndb;

	if (db && nsc_db_buf != NULL && nsc_db_list != NULL) {
		for (ndb = nsc_db_list; *ndb; ndb++) {
			if (strcmp(db, *ndb) == 0)
				return (1);
		}
	}
	return (0);
}

/*
 * flush private db lists
 */
static void
_nsc_flush_private_db()
{
	if (nsc_db_buf != NULL) {
		libc_free((void *)nsc_db_buf);
		nsc_db_buf = NULL;
	}
	if (nsc_db_list != NULL) {
		libc_free((void *)nsc_db_list);
		nsc_db_list = NULL;
	}
}

/*
 * init/update nsc_db_buf given buff containing list of
 * db's to be processed by a private nscd.
 * This function assumes it has a well formed string from nscd.
 */

static int
_nsc_init_private_db(char *dblist)
{
	char	*cp, **lp;
	int	buflen = 0;
	int	arrlen = 0;

	if (dblist == NULL)
		return (0);

	/* reset db list */
	_nsc_flush_private_db();

	/* rebuild fresh list */
	buflen = strlen(dblist) + 1;
	for (cp = dblist; *cp; cp++)
		if (*cp == BD_SEP)
			arrlen++;
	if (cp == dblist)
		return (0);
	arrlen += 2;
	nsc_db_buf = (char *)libc_malloc(buflen);
	if (nsc_db_buf == (char *)NULL)
		return (0);
	nsc_db_list = (char **)libc_malloc(arrlen * sizeof (char *));
	if (nsc_db_list == (char **)NULL) {
		libc_free((void *)nsc_db_buf);
		nsc_db_buf = NULL;
		return (0);
	}
	(void) memcpy(nsc_db_buf, dblist, buflen);
	lp = nsc_db_list;
	*lp++ = nsc_db_buf;
	for (cp = nsc_db_buf; *cp; ) {
		if (*cp == BD_SEP) {
			*cp++ = '\0';
			*lp++ = cp;
		} else
			cp++;
	}
	*lp = NULL;
	return (1);
}

/*
 * _nsc_initdoor_fp attempts to validate the given door and
 * confirm that it is still available for use.  The options are:
 *	Front door:
 *		If it's not open, attempt to open or error
 *		If it's open attempt to validate.
 *		If it's not validatable, reset fd and try again.
 *		Other wise it open and validated, return success
 *	Per user (back) door:
 *		This door is passed to the client through th front door
 *		attempt to validate it.  If it can't be validated, it
 *		must be reset. Then send a NSS_ALTRESET error, so nscd can
 *		forward another fd if desired.
 */

static nss_status_t
_nsc_initdoor_fp(nsc_door_t *dp)
{

	door_info_t 		my_door;

	if (dp == NULL) {
		errno = ENOTCONN;
		return (NSS_ERROR);
	}

	/*
	 * the first time in we try and open and validate the front door.
	 * A front door request may return an alternate private back door
	 * that the client should use instead.
	 *
	 * To validate a door the door must have been created with
	 * the name service door cookie. The front door is file
	 * attached, owned by root and readonly by user, group and
	 * other.  If any of these validations fail we refuse to use
	 * the door.  A back door is delivered from the front door
	 * via a door_desc_t, and have the same cooke notification.
	 */

	lmutex_lock(&dp->door_lock);

try_again:

	if (dp->doorfd == -1 && dp == &nsc_door[0]) {	/* open front door */
		int		tbc[3];
		int		i;

		dp->doorfd = open64(NAME_SERVICE_DOOR, O_RDONLY, 0);
		if (dp->doorfd == -1) {
			lmutex_unlock(&dp->door_lock);
			return (NSS_ERROR);
		}

		/*
		 * dup up the file descriptor if we have 0 - 2
		 * to avoid problems with shells stdin/out/err
		 */
		i = 0;

		while (dp->doorfd < 3) { /* we have a reserved fd */
			tbc[i++] = dp->doorfd;
			if ((dp->doorfd = dup(dp->doorfd)) < 0) {
				while (i--)
					(void) close(tbc[i]);
				dp->doorfd = -1;
				lmutex_unlock(&dp->door_lock);
				return (NSS_ERROR);
			}
		}

		while (i--)
			(void) close(tbc[i]);

		/*
		 * mark this door descriptor as close on exec
		 */
		(void) fcntl(dp->doorfd, F_SETFD, FD_CLOEXEC);
		if (__door_info(dp->doorfd, &dp->doori) < 0 ||
		    (dp->doori.di_attributes & DOOR_REVOKED) ||
		    dp->doori.di_data != (uintptr_t)NAME_SERVICE_DOOR_COOKIE) {
			/*
			 * we should close doorfd because we just opened it
			 */
			(void) close(dp->doorfd);
			dp->doorfd = -1;
			(void) memset((void *)&dp->doori,
			    '\0', sizeof (door_info_t));
			lmutex_unlock(&dp->door_lock);
			errno = ECONNREFUSED;
			return (NSS_ERROR);
		}
	} else {
		if (__door_info(dp->doorfd, &my_door) < 0 ||
		    my_door.di_data != (uintptr_t)NAME_SERVICE_DOOR_COOKIE ||
		    my_door.di_uniquifier != dp->doori.di_uniquifier) {
			/*
			 * don't close it -
			 * someone else has clobbered fd
			 */
			dp->doorfd = -1;
			(void) memset((void *)&dp->doori,
			    '\0', sizeof (door_info_t));
			if (dp == &nsc_door[1]) {	/* reset back door */
				/* flush invalid db list */
				_nsc_flush_private_db();
				lmutex_unlock(&dp->door_lock);
				return (NSS_ALTRESET);
			}
			goto try_again;
		}

		if (my_door.di_attributes & DOOR_REVOKED) {
			(void) close(dp->doorfd);	/* nscd exited .... */
			dp->doorfd = -1;	/* try and restart connection */
			(void) memset((void *)&dp->doori,
			    '\0', sizeof (door_info_t));
			if (dp == &nsc_door[1]) {	/* back door reset */
				/* flush invalid db list */
				_nsc_flush_private_db();
				lmutex_unlock(&dp->door_lock);
				return (NSS_ALTRESET);
			}
			goto try_again;
		}
	}

	lmutex_unlock(&dp->door_lock);
	return (NSS_SUCCESS);
}

/*
 * Try the door request once only, to the specified connection.
 * return the results or error.
 */

static nss_status_t
_nsc_try1door(nsc_door_t *dp, void **dptr, size_t *ndata,
			size_t *adata, int *pdesc)
{
	door_arg_t		param;
	int			ret;
	nss_pheader_t		*rp;

	ret = _nsc_initdoor_fp(dp);
	if (ret != NSS_SUCCESS)
		return (ret);

	param.rbuf = (char *)*dptr;
	param.rsize = *ndata;
	param.data_ptr = (char *)*dptr;
	param.data_size = *adata;
	param.desc_ptr = NULL;
	param.desc_num = 0;
	ret = __door_call(dp->doorfd, &param);
	if (ret < 0) {
		return (NSS_ERROR);
	}
	*adata = param.data_size;
	*ndata = param.rsize;
	*dptr = (void *)param.data_ptr;
	rp = (nss_pheader_t *)((void *)param.rbuf);
	if (pdesc != NULL && rp && rp->p_status == NSS_ALTRETRY &&
	    param.desc_ptr != NULL && param.desc_num > 0) {
		if ((param.desc_ptr->d_attributes & DOOR_DESCRIPTOR) &&
		    param.desc_ptr->d_data.d_desc.d_descriptor >= 0 &&
		    param.desc_ptr->d_data.d_desc.d_id != 0) {
			/* have an alt descriptor */
			*pdesc = param.desc_ptr->d_data.d_desc.d_descriptor;
			/* got a NSS_ALTRETRY command */
			return (NSS_ALTRETRY);
		}
		errno = EINVAL;
		return (NSS_ERROR);		/* other error? */
	}
	if (*adata == 0 || *dptr == NULL) {
		errno = ENOTCONN;
		return (NSS_ERROR);
	}

	if (rp->p_status == NSS_ALTRESET ||
	    rp->p_status == NSS_ALTRETRY ||
	    rp->p_status == NSS_TRYLOCAL)
		return (rp->p_status);

	return (NSS_SUCCESS);
}

/*
 * Backwards compatible API
 */

nss_status_t
_nsc_trydoorcall(void **dptr, size_t *ndata, size_t *adata)
{
	return (_nsc_try1door(&nsc_door[0], dptr, ndata, adata, NULL));
}

/*
 * Send the request to the designated door, based on the supplied db
 * Retry on the alternate door fd if possible.
 */

nss_status_t
_nsc_trydoorcall_ext(void **dptr, size_t *ndata, size_t *adata)
{
	int		ret = NSS_ALTRETRY;
	nsc_door_t	*frontd = &nsc_door[0];
	nsc_door_t	*backd = &nsc_door[1];
	int		fd;

	nss_pheader_t	*ph, ph_save;
	char		*dbl;
	char		*db = NULL;
	nss_dbd_t	*dbd;
	int		fb2frontd = 0;
	int		reset_frontd = 0;
	size_t		ndata_save = *ndata, adata_save = *adata;
	void		*dptr_save = *dptr;

	ph = (nss_pheader_t *)*dptr;
	dbd = (nss_dbd_t *)((void *)((char *)ph + ph->dbd_off));
	if (dbd->o_name != 0)
		db = (char *)dbd + dbd->o_name;

	/*
	 * save away a copy of the header, in case the request needs
	 * to be sent to nscd more than once. In that case, this
	 * original header can be copied back to the door buffer
	 * to replace the possibly changed header
	 */
	ph_save = *ph;

	while (ret == NSS_ALTRETRY || ret == NSS_ALTRESET) {
		/* try private (back) door first if it exists and applies */
		if (db != NULL && backd->doorfd > 0 && fb2frontd == 0 &&
		    _nsc_use_backdoor(db)) {
			ret = _nsc_try1door(backd, dptr, ndata, adata, NULL);
			if (ret == NSS_ALTRESET) {
				/*
				 * received NSS_ALTRESET command,
				 * retry on front door
				 */
				lmutex_lock(&backd->door_lock);
				backd->doorfd = -1;
				(void) memset((void *)&backd->doori,
				    '\0', sizeof (door_info_t));
				/* flush now invalid db list */
				_nsc_flush_private_db();
				lmutex_unlock(&backd->door_lock);
				continue;
			} else if (ret == NSS_ALTRETRY) {
				/*
				 * received NSS_ALTRETRY command,
				 * fall back and retry on front door
				 */
				fb2frontd = 1;
				if (*dptr != dptr_save)
					(void) munmap((void *)*dptr, *ndata);

				/*
				 * restore the buffer size and header
				 * data so that the front door will
				 * see the original request
				 */
				*ndata = ndata_save;
				*adata = adata_save;
				*dptr = dptr_save;
				ph =  (nss_pheader_t *)*dptr;
				*ph = ph_save;
				/*
				 * tell the front door server, this is
				 * a fallback call
				 */
				ph->p_status = NSS_ALTRETRY;
				continue;
			}

			/* return the result or error */
			break;
		}

		/* try the front door */
		fd = -1;
		ret = _nsc_try1door(frontd, dptr, ndata, adata, &fd);

		if (ret != NSS_ALTRETRY) {
			/*
			 * got a success or failure result.
			 * but front door should never send NSS_ALTRESET
			 */
			if (ret == NSS_ALTRESET)
				/* reset the front door */
				reset_frontd = 1;
			else
				/*
				 * not NSS_ALTRETRY and not NSS_ALTRESET
				 * return the result or error
				 */
				break;
		} else if (fb2frontd == 1) {
			/*
			 * front door should never send NSS_ALTRETRY
			 * in a fallback call. Reset the front door.
			 */
			reset_frontd = 1;
		}

		if (reset_frontd == 1) {
			lmutex_lock(&frontd->door_lock);
			frontd->doorfd = -1;
			(void) memset((void *)&frontd->doori,
			    '\0', sizeof (door_info_t));
			lmutex_unlock(&frontd->door_lock);
			/* error out */
			ret = NSS_ERROR;
			break;
		}

		/* process NSS_ALTRETRY request from front door */
		if (fd < 0)
			continue;	/* no new door given, try again */

		/* update and try alternate door */
		lmutex_lock(&backd->door_lock);
		if (backd->doorfd >= 0) {
			/* unexpected open alt door - clean up, continue */
			_nsc_flush_private_db();
			(void) close(backd->doorfd);
		}

		/* set up back door fd */
		backd->doorfd = fd;

		/* set up back door db list */
		ph =  (nss_pheader_t *)*dptr;
		dbl = ((char *)ph) + ph->data_off;

		if (_nsc_init_private_db(dbl) == 0) {
			/* could not init db list, try again */
			(void) close(backd->doorfd);
			backd->doorfd = -1;
			lmutex_unlock(&backd->door_lock);
			continue;
		}
		if (door_info(backd->doorfd, &backd->doori) < 0 ||
		    (backd->doori.di_attributes & DOOR_REVOKED) ||
		    backd->doori.di_data !=
		    (uintptr_t)NAME_SERVICE_DOOR_COOKIE) {
			/* doorfd bad, or must not really be open */
			(void) close(backd->doorfd);
			backd->doorfd = -1;
			(void) memset((void *)&backd->doori,
			    '\0', sizeof (door_info_t));
		}
		(void) fcntl(backd->doorfd, F_SETFD, FD_CLOEXEC);
		lmutex_unlock(&backd->door_lock);
		/* NSS_ALTRETRY new back door */
		if (*dptr != dptr_save)
			(void) munmap((void *)*dptr, *ndata);

		/*
		 * restore the buffer size and header
		 * data so that the back door will
		 * see the original request
		 */
		*ndata = ndata_save;
		*adata = adata_save;
		*dptr = dptr_save;
		ph =  (nss_pheader_t *)*dptr;
		*ph = ph_save;
	}
	return (ret);
}

/*
 * Get the current (but growable) buffer size for a NSS2 packet.
 * Heuristic algorithm used:
 *	1) Make sure it's at least NSS_BUFLEN_DOOR in length (16k default)
 *	2) if an incoming user buffer is > larger than the current size
 *	   Make the buffer at least NSS_BUFLEN_DOOR/2+user buffer size
 *	   This should account for any reasonable nss_pheader, keys
 *	   extended area etc.
 *	3) keep the prototype/debugging (private)NSS_BUFLEN option
 *	   to change any preconfigured value if needed(?)
 */

static size_t
_nsc_getdoorbsize(size_t min_size)
{
	if (!door_bsize) {
		lmutex_lock(&hints_lock);
		if (!door_bsize) {
			/* future work - get nscd hint & use hint size */
			door_bsize = ROUND_UP(door_bsize, NSS_BUFSIZ);
			if (door_bsize < NSS_BUFLEN_DOOR) {
				door_bsize = NSS_BUFLEN_DOOR;
			}
		}
		lmutex_unlock(&hints_lock);
	}
	if (min_size && door_bsize < (min_size + NSS_BUFLEN_DOOR/2)) {
		lmutex_lock(&hints_lock);
		if (door_bsize < (min_size + NSS_BUFLEN_DOOR/2)) {
			min_size += NSS_BUFLEN_DOOR;
			door_bsize = ROUND_UP(min_size, NSS_BUFSIZ);
		}
		lmutex_unlock(&hints_lock);
	}
	return (door_bsize);
}

static void
_nsc_freedbuf(void *arg)
{
	nss_XbyY_buf_t *tsdbuf = arg;

	if (tsdbuf != NULL && tsdbuf->buffer != NULL) {
		lfree(tsdbuf->buffer, (size_t)tsdbuf->buflen);
		tsdbuf->result = NULL;
		tsdbuf->buffer = NULL;
		tsdbuf->buflen = 0;
	}
}

/*
 * _nsc_getdoorbuf - return the client side per thread door buffer
 * Elsewhere, it is assumed that the header is 0'd upon return from here.
 */

int
_nsc_getdoorbuf(void **doorptr, size_t *bufsize)
{
	nss_XbyY_buf_t *tsdbuf;
	char *bp;
	size_t dsize;

	if (doorptr == NULL || bufsize == NULL)
		return (-1);

	/* Get thread specific pointer to door buffer */
	tsdbuf = tsdalloc(_T_DOORBUF, sizeof (nss_XbyY_buf_t), _nsc_freedbuf);
	if (tsdbuf == NULL)
		return (-1);

	/* if door buffer does not exist create it */
	if (tsdbuf->buffer == NULL) {
		dsize = _nsc_getdoorbsize(*bufsize);

		/* setup a door buffer with a total length of dsize */
		bp = lmalloc(dsize);
		if (bp == NULL)
			return (-1);
		tsdbuf->buffer = bp;
		tsdbuf->buflen = dsize;
	} else {
		/* check old buffer size and resize if needed */
		if (*bufsize) {
			dsize = _nsc_getdoorbsize(*bufsize);
			if (tsdbuf->buflen < dsize) {
				lfree(tsdbuf->buffer, (size_t)tsdbuf->buflen);
				bp = lmalloc(dsize);
				if (bp == NULL)
					return (-1);
				tsdbuf->buffer = bp;
				tsdbuf->buflen = dsize;
			}
		}
		/* freshly malloc'd door bufs are 0'd */
		/* 0 header for now.  Zero entire buf(?) TDB */
		(void) memset((void *)tsdbuf->buffer, 0,
		    (size_t)sizeof (nss_pheader_t));

	}
	*doorptr = (void *)tsdbuf->buffer;
	*bufsize = tsdbuf->buflen;
	return (0);
}

void
_nsc_resizedoorbuf(size_t bsize)
{
	/* signal to update if new door size is desired */
	lmutex_lock(&hints_lock);
	if (bsize > door_bsize && door_nbsize < bsize)
		door_nbsize = bsize;
	lmutex_unlock(&hints_lock);
}

/*
 * Check uid and /proc/PID/psinfo to see if this process is nscd
 * If it is set the appropriate flags and allow policy reconfiguration.
 */
int
_nsc_proc_is_cache()
{
	psinfo_t	pinfo;
	char		fname[128];
	int		ret;
	int		fd;

	if (proc_is_cache >= 0)
		return (proc_is_cache);
	lmutex_lock(&hints_lock);
	if (proc_is_cache >= 0) {
		lmutex_unlock(&hints_lock);
		return (proc_is_cache);
	}
	proc_is_cache = 0;
	/* It can't be nscd if it's not running as root... */
	if (getuid() != 0) {
		lmutex_unlock(&hints_lock);
		return (0);
	}
	ret = snprintf(fname, 128, "/proc/%d/psinfo", getpid());
	if (ret > 0 && ret < 128) {
		if ((fd = open(fname,  O_RDONLY)) >= 0) {
			ret = read(fd, &pinfo, sizeof (psinfo_t));
			(void) close(fd);
			if (ret == sizeof (psinfo_t) &&
			    (strcmp(pinfo.pr_fname, "nscd") == 0)) {
				/* process runs as root and is named nscd */
				/* that's good enough for now */
				proc_is_cache = 1;
			}
		}
	}
	lmutex_unlock(&hints_lock);
	return (proc_is_cache);
}