17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 57c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 67c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 77c478bd9Sstevel@tonic-gate * with the License. 87c478bd9Sstevel@tonic-gate * 97c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 107c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 117c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 127c478bd9Sstevel@tonic-gate * and limitations under the License. 137c478bd9Sstevel@tonic-gate * 147c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 157c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 167c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 177c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 187c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 197c478bd9Sstevel@tonic-gate * 207c478bd9Sstevel@tonic-gate * CDDL HEADER END 217c478bd9Sstevel@tonic-gate */ 22*0ec57554Sraf 237c478bd9Sstevel@tonic-gate /* 24*0ec57554Sraf * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 257c478bd9Sstevel@tonic-gate * Use is subject to license terms. 267c478bd9Sstevel@tonic-gate */ 277c478bd9Sstevel@tonic-gate 287c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 297c478bd9Sstevel@tonic-gate 307c478bd9Sstevel@tonic-gate #include <sys/types.h> 317c478bd9Sstevel@tonic-gate #include <pwd.h> 327c478bd9Sstevel@tonic-gate #include <stdio.h> 337c478bd9Sstevel@tonic-gate #include <synch.h> 347c478bd9Sstevel@tonic-gate #include <sys/param.h> 357c478bd9Sstevel@tonic-gate #include <fcntl.h> 367c478bd9Sstevel@tonic-gate #include <unistd.h> 377c478bd9Sstevel@tonic-gate #include "ns_cache_door.h" 387c478bd9Sstevel@tonic-gate #include <door.h> 397c478bd9Sstevel@tonic-gate 407c478bd9Sstevel@tonic-gate #if defined(PIC) || defined(lint) 417c478bd9Sstevel@tonic-gate 427c478bd9Sstevel@tonic-gate /* 437c478bd9Sstevel@tonic-gate * 447c478bd9Sstevel@tonic-gate * Routine that actually performs the door call. 457c478bd9Sstevel@tonic-gate * Note that we cache a file descriptor. We do 467c478bd9Sstevel@tonic-gate * the following to prevent disasters: 477c478bd9Sstevel@tonic-gate * 487c478bd9Sstevel@tonic-gate * 1) Never use 0,1 or 2; if we get this from the open 497c478bd9Sstevel@tonic-gate * we dup it upwards. 507c478bd9Sstevel@tonic-gate * 517c478bd9Sstevel@tonic-gate * 2) Set the close on exec flags so descriptor remains available 527c478bd9Sstevel@tonic-gate * to child processes. 537c478bd9Sstevel@tonic-gate * 547c478bd9Sstevel@tonic-gate * 3) Verify that the door is still the same one we had before 557c478bd9Sstevel@tonic-gate * by using door_info on the client side. 567c478bd9Sstevel@tonic-gate * 577c478bd9Sstevel@tonic-gate * Note that we never close the file descriptor if it isn't one 587c478bd9Sstevel@tonic-gate * we allocated; we check this with door info. The rather tricky 597c478bd9Sstevel@tonic-gate * logic is designed to be fast in the normal case (fd is already 607c478bd9Sstevel@tonic-gate * allocated and is ok) while handling the case where the application 617c478bd9Sstevel@tonic-gate * closed it underneath us or where the nscd dies or re-execs itself 627c478bd9Sstevel@tonic-gate * and we're a multi-threaded application. Note that we cannot protect 637c478bd9Sstevel@tonic-gate * the application if it closes the fd and it is multi-threaded. 647c478bd9Sstevel@tonic-gate * 657c478bd9Sstevel@tonic-gate * int _cache_trydoorcall(void *dptr, int *bufsize, int *actualsize); 667c478bd9Sstevel@tonic-gate * 677c478bd9Sstevel@tonic-gate * *dptr IN: points to arg buffer OUT: points to results buffer 687c478bd9Sstevel@tonic-gate * *bufsize IN: overall size of buffer OUT: overall size of buffer 697c478bd9Sstevel@tonic-gate * *actualsize IN: size of call data OUT: size of return data 707c478bd9Sstevel@tonic-gate * 717c478bd9Sstevel@tonic-gate * Note that *dptr may change if provided space as defined by *bufsize is 727c478bd9Sstevel@tonic-gate * inadequate. In this case the door call mmaps more space and places 737c478bd9Sstevel@tonic-gate * the answer there and sets dptr to contain a pointer to the space, which 747c478bd9Sstevel@tonic-gate * should be freed with munmap. 757c478bd9Sstevel@tonic-gate * 767c478bd9Sstevel@tonic-gate * Returns 0 if the door call reached the server, -1 if contact was not made. 777c478bd9Sstevel@tonic-gate * 787c478bd9Sstevel@tonic-gate */ 797c478bd9Sstevel@tonic-gate 807c478bd9Sstevel@tonic-gate extern int errno; 817c478bd9Sstevel@tonic-gate static mutex_t _door_lock = DEFAULTMUTEX; 827c478bd9Sstevel@tonic-gate 837c478bd9Sstevel@tonic-gate int 847c478bd9Sstevel@tonic-gate __ns_ldap_trydoorcall(ldap_data_t **dptr, int *ndata, int *adata) 857c478bd9Sstevel@tonic-gate { 867c478bd9Sstevel@tonic-gate static int doorfd = -1; 877c478bd9Sstevel@tonic-gate static door_info_t real_door; 887c478bd9Sstevel@tonic-gate door_info_t my_door; 897c478bd9Sstevel@tonic-gate door_arg_t param; 907c478bd9Sstevel@tonic-gate 917c478bd9Sstevel@tonic-gate /* 927c478bd9Sstevel@tonic-gate * the first time in we try and open and validate the door. 937c478bd9Sstevel@tonic-gate * the validations are that the door must have been 947c478bd9Sstevel@tonic-gate * created with the name service door cookie and 957c478bd9Sstevel@tonic-gate * that the file attached to the door is owned by root 967c478bd9Sstevel@tonic-gate * and readonly by user, group and other. If any of these 977c478bd9Sstevel@tonic-gate * validations fail we refuse to use the door. 987c478bd9Sstevel@tonic-gate */ 997c478bd9Sstevel@tonic-gate 1007c478bd9Sstevel@tonic-gate (void) mutex_lock(&_door_lock); 1017c478bd9Sstevel@tonic-gate 1027c478bd9Sstevel@tonic-gate try_again: 1037c478bd9Sstevel@tonic-gate 1047c478bd9Sstevel@tonic-gate if (doorfd == -1) { 1057c478bd9Sstevel@tonic-gate 1067c478bd9Sstevel@tonic-gate int tbc[3]; 1077c478bd9Sstevel@tonic-gate int i; 1087c478bd9Sstevel@tonic-gate if ((doorfd = open(LDAP_CACHE_DOOR, O_RDONLY, 0)) 1097c478bd9Sstevel@tonic-gate == -1) { 1107c478bd9Sstevel@tonic-gate (void) mutex_unlock(&_door_lock); 1117c478bd9Sstevel@tonic-gate return (NOSERVER); 1127c478bd9Sstevel@tonic-gate } 1137c478bd9Sstevel@tonic-gate 1147c478bd9Sstevel@tonic-gate /* 1157c478bd9Sstevel@tonic-gate * dup up the file descriptor if we have 0 - 2 1167c478bd9Sstevel@tonic-gate * to avoid problems with shells stdin/out/err 1177c478bd9Sstevel@tonic-gate */ 1187c478bd9Sstevel@tonic-gate i = 0; 1197c478bd9Sstevel@tonic-gate 1207c478bd9Sstevel@tonic-gate while (doorfd < 3) { /* we have a reserved fd */ 1217c478bd9Sstevel@tonic-gate tbc[i++] = doorfd; 1227c478bd9Sstevel@tonic-gate if ((doorfd = dup(doorfd)) < 0) { 1237c478bd9Sstevel@tonic-gate while (i--) 1247c478bd9Sstevel@tonic-gate (void) close(tbc[i]); 1257c478bd9Sstevel@tonic-gate doorfd = -1; 1267c478bd9Sstevel@tonic-gate (void) mutex_unlock(&_door_lock); 1277c478bd9Sstevel@tonic-gate return (NOSERVER); 1287c478bd9Sstevel@tonic-gate } 1297c478bd9Sstevel@tonic-gate } 1307c478bd9Sstevel@tonic-gate 1317c478bd9Sstevel@tonic-gate while (i--) 1327c478bd9Sstevel@tonic-gate (void) close(tbc[i]); 1337c478bd9Sstevel@tonic-gate 1347c478bd9Sstevel@tonic-gate /* 1357c478bd9Sstevel@tonic-gate * mark this door descriptor as close on exec 1367c478bd9Sstevel@tonic-gate */ 1377c478bd9Sstevel@tonic-gate (void) fcntl(doorfd, F_SETFD, FD_CLOEXEC); 138*0ec57554Sraf if (door_info(doorfd, &real_door) == -1 || 139*0ec57554Sraf (real_door.di_attributes & DOOR_REVOKED) || 140*0ec57554Sraf real_door.di_data != (uintptr_t)LDAP_CACHE_DOOR_COOKIE) { 1417c478bd9Sstevel@tonic-gate /* 1427c478bd9Sstevel@tonic-gate * we should close doorfd because we just opened it 1437c478bd9Sstevel@tonic-gate */ 1447c478bd9Sstevel@tonic-gate (void) close(doorfd); 1457c478bd9Sstevel@tonic-gate doorfd = -1; 1467c478bd9Sstevel@tonic-gate (void) mutex_unlock(&_door_lock); 1477c478bd9Sstevel@tonic-gate return (NOSERVER); 1487c478bd9Sstevel@tonic-gate } 149*0ec57554Sraf } else { 150*0ec57554Sraf if (door_info(doorfd, &my_door) == -1 || 151*0ec57554Sraf my_door.di_data != (uintptr_t)LDAP_CACHE_DOOR_COOKIE || 152*0ec57554Sraf my_door.di_uniquifier != real_door.di_uniquifier) { 153*0ec57554Sraf /* 154*0ec57554Sraf * don't close it - 155*0ec57554Sraf * someone else has clobbered fd 156*0ec57554Sraf */ 1577c478bd9Sstevel@tonic-gate doorfd = -1; 158*0ec57554Sraf goto try_again; 1597c478bd9Sstevel@tonic-gate } 1607c478bd9Sstevel@tonic-gate 1617c478bd9Sstevel@tonic-gate if (my_door.di_attributes & DOOR_REVOKED) { 1627c478bd9Sstevel@tonic-gate (void) close(doorfd); 1637c478bd9Sstevel@tonic-gate doorfd = -1; /* try and restart connection */ 1647c478bd9Sstevel@tonic-gate goto try_again; 1657c478bd9Sstevel@tonic-gate } 1667c478bd9Sstevel@tonic-gate } 1677c478bd9Sstevel@tonic-gate 1687c478bd9Sstevel@tonic-gate (void) mutex_unlock(&_door_lock); 1697c478bd9Sstevel@tonic-gate 1707c478bd9Sstevel@tonic-gate param.rbuf = (char *)*dptr; 1717c478bd9Sstevel@tonic-gate param.rsize = *ndata; 1727c478bd9Sstevel@tonic-gate param.data_ptr = (char *)*dptr; 1737c478bd9Sstevel@tonic-gate param.data_size = *adata; 1747c478bd9Sstevel@tonic-gate param.desc_ptr = NULL; 1757c478bd9Sstevel@tonic-gate param.desc_num = 0; 1767c478bd9Sstevel@tonic-gate if (door_call(doorfd, ¶m) == -1) { 1777c478bd9Sstevel@tonic-gate return (NOSERVER); 1787c478bd9Sstevel@tonic-gate } 1797c478bd9Sstevel@tonic-gate *adata = (int)param.data_size; 1807c478bd9Sstevel@tonic-gate *ndata = (int)param.rsize; 1817c478bd9Sstevel@tonic-gate *dptr = (ldap_data_t *)param.data_ptr; 1827c478bd9Sstevel@tonic-gate if (*adata == 0 || *dptr == NULL) { 1837c478bd9Sstevel@tonic-gate return (NOSERVER); 1847c478bd9Sstevel@tonic-gate } 1857c478bd9Sstevel@tonic-gate 1867c478bd9Sstevel@tonic-gate return ((*dptr)->ldap_ret.ldap_return_code); 1877c478bd9Sstevel@tonic-gate } 1887c478bd9Sstevel@tonic-gate 1897c478bd9Sstevel@tonic-gate /* 1907c478bd9Sstevel@tonic-gate * routine to check if server is already running 1917c478bd9Sstevel@tonic-gate */ 1927c478bd9Sstevel@tonic-gate 1937c478bd9Sstevel@tonic-gate int 1947c478bd9Sstevel@tonic-gate __ns_ldap_cache_ping() 1957c478bd9Sstevel@tonic-gate { 1967c478bd9Sstevel@tonic-gate ldap_data_t data; 1977c478bd9Sstevel@tonic-gate ldap_data_t *dptr; 1987c478bd9Sstevel@tonic-gate int ndata; 1997c478bd9Sstevel@tonic-gate int adata; 2007c478bd9Sstevel@tonic-gate 2017c478bd9Sstevel@tonic-gate data.ldap_call.ldap_callnumber = NULLCALL; 2027c478bd9Sstevel@tonic-gate ndata = sizeof (data); 2037c478bd9Sstevel@tonic-gate adata = sizeof (data); 2047c478bd9Sstevel@tonic-gate dptr = &data; 2057c478bd9Sstevel@tonic-gate return (__ns_ldap_trydoorcall(&dptr, &ndata, &adata)); 2067c478bd9Sstevel@tonic-gate } 2077c478bd9Sstevel@tonic-gate 2087c478bd9Sstevel@tonic-gate #endif /* PIC */ 209