/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License (the "License"). * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * Copyright 2019 Nexenta Systems, Inc. */ /* * Simple doors ldap cache daemon */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include /* LC_ALL */ #include #include #include /* offsetof */ #include #include "getxby_door.h" #include "cachemgr.h" static void detachfromtty(); admin_t current_admin; static int will_become_server; static void switcher(void *cookie, char *argp, size_t arg_size, door_desc_t *dp, uint_t n_desc); static void usage(char *s); static int cachemgr_set_lf(admin_t *ptr, char *logfile); static int client_getadmin(admin_t *ptr); static int setadmin(ldap_call_t *ptr); static int client_setadmin(admin_t *ptr); static int client_showstats(admin_t *ptr); static int is_root(int free_uc, char *dc_str, ucred_t **uc); int is_root_or_all_privs(char *dc_str, ucred_t **ucp); static void admin_modify(LineBuf *config_info, ldap_call_t *in); #ifdef SLP int use_slp = 0; static unsigned int refresh = 10800; /* dynamic discovery interval */ #endif /* SLP */ static ldap_stat_t * getcacheptr(char *s) { static const char *caches[1] = {"ldap"}; if (strncmp(caches[0], s, strlen(caches[0])) == 0) return (¤t_admin.ldap_stat); return (NULL); } char * getcacheopt(char *s) { while (*s && *s != ',') s++; return ((*s == ',') ? (s + 1) : NULL); } /* * This is here to prevent the ldap_cachemgr becomes * daemonlized to early to soon during boot time. * This causes problems during boot when automounter * and others try to use libsldap before ldap_cachemgr * finishes walking the server list. */ static void sig_ok_to_exit(int signo) { if (signo == SIGUSR1) { logit("sig_ok_to_exit(): parent exiting...\n"); exit(0); } else { logit("sig_ok_to_exit(): invalid signal(%d) received.\n", signo); syslog(LOG_ERR, gettext("ldap_cachemgr: " "invalid signal(%d) received."), signo); exit(1); } } #define LDAP_TABLES 1 /* ldap */ #define TABLE_THREADS 10 #define COMMON_THREADS 20 #define CACHE_MISS_THREADS (COMMON_THREADS + LDAP_TABLES * TABLE_THREADS) #define CACHE_HIT_THREADS 20 /* * There is only one thread handling GETSTATUSCHANGE START from main nscd * most of time. But it could happen that a main nscd is restarted, old main * nscd's handling thread is still alive when new main nscd starts and sends * START, or old main dies. STOP is not sent in both cases. * The main nscd requires 2 threads to handle START and STOP. So max number * of change threads is set to 4. */ #define MAX_CHG_THREADS 4 #define MAX_SERVER_THREADS (CACHE_HIT_THREADS + CACHE_MISS_THREADS + \ MAX_CHG_THREADS) static sema_t common_sema; static sema_t ldap_sema; static thread_key_t lookup_state_key; static int chg_threads_num = 0; static mutex_t chg_threads_num_lock = DEFAULTMUTEX; static void initialize_lookup_clearance() { (void) thr_keycreate(&lookup_state_key, NULL); (void) sema_init(&common_sema, COMMON_THREADS, USYNC_THREAD, 0); (void) sema_init(&ldap_sema, TABLE_THREADS, USYNC_THREAD, 0); } int get_clearance(int callnumber) { sema_t *table_sema = NULL; char *tab; if (sema_trywait(&common_sema) == 0) { (void) thr_setspecific(lookup_state_key, NULL); return (0); } switch (callnumber) { case GETLDAPCONFIG: tab = "ldap"; table_sema = &ldap_sema; break; default: logit("Internal Error: get_clearance\n"); break; } if (sema_trywait(table_sema) == 0) { (void) thr_setspecific(lookup_state_key, (void*)1); return (0); } if (current_admin.debug_level >= DBG_CANT_FIND) { logit("get_clearance: throttling load for %s table\n", tab); } return (-1); } int release_clearance(int callnumber) { int which; sema_t *table_sema = NULL; (void) thr_getspecific(lookup_state_key, (void**)&which); if (which == 0) /* from common pool */ { (void) sema_post(&common_sema); return (0); } switch (callnumber) { case GETLDAPCONFIG: table_sema = &ldap_sema; break; default: logit("Internal Error: release_clearance\n"); break; } (void) sema_post(table_sema); return (0); } static mutex_t create_lock; static int num_servers = 0; static thread_key_t server_key; /* * Bind a TSD value to a server thread. This enables the destructor to * be called if/when this thread exits. This would be a programming error, * but better safe than sorry. */ /*ARGSUSED*/ static void * server_tsd_bind(void *arg) { static void *value = "NON-NULL TSD"; /* * disable cancellation to prevent hangs when server * threads disappear */ (void) pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL); (void) thr_setspecific(server_key, value); (void) door_return(NULL, 0, NULL, 0); return (value); } /* * Server threads are created here. */ /*ARGSUSED*/ static void server_create(door_info_t *dip) { (void) mutex_lock(&create_lock); if (++num_servers > MAX_SERVER_THREADS) { num_servers--; (void) mutex_unlock(&create_lock); return; } (void) mutex_unlock(&create_lock); (void) thr_create(NULL, 0, server_tsd_bind, NULL, THR_BOUND|THR_DETACHED, NULL); } /* * Server thread are destroyed here */ /*ARGSUSED*/ static void server_destroy(void *arg) { (void) mutex_lock(&create_lock); num_servers--; (void) mutex_unlock(&create_lock); (void) thr_setspecific(server_key, NULL); } static void client_killserver(); int main(int argc, char ** argv) { int did; int opt; int errflg = 0; int showstats = 0; int doset = 0; int dofg = 0; struct stat buf; sigset_t myset; struct sigaction sighupaction; int debug_level = 0; /* setup for localization */ (void) setlocale(LC_ALL, ""); (void) textdomain(TEXT_DOMAIN); openlog("ldap_cachemgr", LOG_PID, LOG_DAEMON); if (chdir(NSLDAPDIRECTORY) < 0) { (void) fprintf(stderr, gettext("chdir(\"%s\") failed: %s\n"), NSLDAPDIRECTORY, strerror(errno)); exit(1); } /* * Correctly set file mode creation mask, so to make the new files * created for door calls being readable by all. */ (void) umask(0); /* * Special case non-root user here - he/she/they/it can just print * stats */ if (geteuid()) { if (argc != 2 || strcmp(argv[1], "-g")) { (void) fprintf(stderr, gettext("Must be root to use any option " "other than -g.\n\n")); usage(argv[0]); } if ((__ns_ldap_cache_ping() != NS_CACHE_SUCCESS) || (client_getadmin(¤t_admin) != 0)) { (void) fprintf(stderr, gettext("%s doesn't appear to be running.\n"), argv[0]); exit(1); } (void) client_showstats(¤t_admin); exit(0); } /* * Determine if there is already a daemon running */ will_become_server = (__ns_ldap_cache_ping() != NS_CACHE_SUCCESS); /* * load normal config file */ if (will_become_server) { static const ldap_stat_t defaults = { 0, /* stat */ DEFAULTTTL}; /* ttl */ current_admin.ldap_stat = defaults; (void) strcpy(current_admin.logfile, LOGFILE); } else { if (client_getadmin(¤t_admin)) { (void) fprintf(stderr, gettext("Cannot contact %s " "properly(?)\n"), argv[0]); exit(1); } } #ifndef SLP while ((opt = getopt(argc, argv, "fKgl:r:d:")) != EOF) { #else while ((opt = getopt(argc, argv, "fKgs:l:r:d:")) != EOF) { #endif /* SLP */ ldap_stat_t *cache; switch (opt) { case 'K': client_killserver(); exit(0); break; case 'g': showstats++; break; case 'f': dofg++; break; case 'r': doset++; cache = getcacheptr("ldap"); if (!optarg) { errflg++; break; } cache->ldap_ttl = atoi(optarg); break; case 'l': doset++; (void) strlcpy(current_admin.logfile, optarg, sizeof (current_admin.logfile)); break; case 'd': doset++; debug_level = atoi(optarg); break; #ifdef SLP case 's': /* undocumented: use dynamic (SLP) config */ use_slp = 1; break; #endif /* SLP */ default: errflg++; break; } } if (errflg) usage(argv[0]); /* * will not show statistics if no daemon running */ if (will_become_server && showstats) { (void) fprintf(stderr, gettext("%s doesn't appear to be running.\n"), argv[0]); exit(1); } if (!will_become_server) { if (showstats) { (void) client_showstats(¤t_admin); } if (doset) { current_admin.debug_level = debug_level; if (client_setadmin(¤t_admin) < 0) { (void) fprintf(stderr, gettext("Error during admin call\n")); exit(1); } } if (!showstats && !doset) { (void) fprintf(stderr, gettext("%s already running....use '%s " "-K' to stop\n"), argv[0], argv[0]); } exit(0); } /* * daemon from here on */ if (debug_level) { /* * we're debugging... */ if (strlen(current_admin.logfile) == 0) /* * no specified log file */ (void) strcpy(current_admin.logfile, LOGFILE); (void) cachemgr_set_lf(¤t_admin, current_admin.logfile); /* * validate the range of debug level number * and set the number to current_admin.debug_level */ if (cachemgr_set_dl(¤t_admin, debug_level) < 0) { /* * print error messages to the screen * cachemgr_set_dl prints msgs to cachemgr.log * only */ (void) fprintf(stderr, gettext("Incorrect Debug Level: %d\n" "It should be between %d and %d\n"), debug_level, DBG_OFF, MAXDEBUG); exit(-1); } } else { if (strlen(current_admin.logfile) == 0) (void) strcpy(current_admin.logfile, "/dev/null"); (void) cachemgr_set_lf(¤t_admin, current_admin.logfile); } if (dofg == 0) detachfromtty(argv[0]); /* * perform some initialization */ initialize_lookup_clearance(); if (getldap_init() != 0) exit(-1); /* * Establish our own server thread pool */ (void) door_server_create(server_create); if (thr_keycreate(&server_key, server_destroy) != 0) { logit("thr_keycreate() call failed\n"); syslog(LOG_ERR, gettext("ldap_cachemgr: thr_keycreate() call failed")); perror("thr_keycreate"); exit(-1); } /* * Create a door */ if ((did = door_create(switcher, LDAP_CACHE_DOOR_COOKIE, DOOR_UNREF | DOOR_REFUSE_DESC | DOOR_NO_CANCEL)) < 0) { logit("door_create() call failed\n"); syslog(LOG_ERR, gettext( "ldap_cachemgr: door_create() call failed")); perror("door_create"); exit(-1); } /* * bind to file system */ if (stat(LDAP_CACHE_DOOR, &buf) < 0) { int newfd; if ((newfd = creat(LDAP_CACHE_DOOR, 0444)) < 0) { logit("Cannot create %s:%s\n", LDAP_CACHE_DOOR, strerror(errno)); exit(1); } (void) close(newfd); } if (fattach(did, LDAP_CACHE_DOOR) < 0) { if ((errno != EBUSY) || (fdetach(LDAP_CACHE_DOOR) < 0) || (fattach(did, LDAP_CACHE_DOOR) < 0)) { logit("fattach() call failed\n"); syslog(LOG_ERR, gettext( "ldap_cachemgr: fattach() call failed")); perror("fattach"); exit(2); } } /* catch SIGHUP revalid signals */ sighupaction.sa_handler = getldap_revalidate; sighupaction.sa_flags = 0; (void) sigemptyset(&sighupaction.sa_mask); (void) sigemptyset(&myset); (void) sigaddset(&myset, SIGHUP); if (sigaction(SIGHUP, &sighupaction, NULL) < 0) { logit("sigaction() call failed\n"); syslog(LOG_ERR, gettext("ldap_cachemgr: sigaction() call failed")); perror("sigaction"); exit(1); } if (thr_sigsetmask(SIG_BLOCK, &myset, NULL) < 0) { logit("thr_sigsetmask() call failed\n"); syslog(LOG_ERR, gettext("ldap_cachemgr: thr_sigsetmask() call failed")); perror("thr_sigsetmask"); exit(1); } /* * kick off revalidate threads only if ttl != 0 */ if (thr_create(NULL, 0, (void *(*)(void*))getldap_refresh, NULL, 0, NULL) != 0) { logit("thr_create() call failed\n"); syslog(LOG_ERR, gettext("ldap_cachemgr: thr_create() call failed")); perror("thr_create"); exit(1); } /* * kick off the thread which refreshes the server info */ if (thr_create(NULL, 0, (void *(*)(void*))getldap_serverInfo_refresh, NULL, 0, NULL) != 0) { logit("thr_create() call failed\n"); syslog(LOG_ERR, gettext("ldap_cachemgr: thr_create() call failed")); perror("thr_create"); exit(1); } /* * kick off the thread which cleans up waiting threads for * GETSTATUSCHANGE */ if (thr_create(NULL, 0, chg_cleanup_waiting_threads, NULL, 0, NULL) != 0) { logit("thr_create() chg_cleanup_waiting_threads call failed\n"); syslog(LOG_ERR, gettext("ldap_cachemgr: thr_create() " "chg_cleanup_waiting_threads call failed")); exit(1); } #ifdef SLP if (use_slp) { /* kick off SLP discovery thread */ if (thr_create(NULL, 0, (void *(*)(void *))discover, (void *)&refresh, 0, NULL) != 0) { logit("thr_create() call failed\n"); syslog(LOG_ERR, gettext("ldap_cachemgr: thr_create() " "call failed")); perror("thr_create"); exit(1); } } #endif /* SLP */ if (thr_sigsetmask(SIG_UNBLOCK, &myset, NULL) < 0) { logit("thr_sigsetmask() call failed\n"); syslog(LOG_ERR, gettext("ldap_cachemgr: the_sigsetmask() call failed")); perror("thr_sigsetmask"); exit(1); } /*CONSTCOND*/ while (1) { (void) pause(); } /* NOTREACHED */ /*LINTED E_FUNC_HAS_NO_RETURN_STMT*/ } /* * Before calling the alloca() function we have to be sure that we won't get * beyond the stack. Since we don't know the precise layout of the stack, * the address of an automatic of the function gives us a rough idea, plus/minus * a bit. We also need a bit more of stackspace after the call to be able * to call further functions. Even something as simple as making a system call * from within this function can take ~100 Bytes of stackspace. */ #define SAFETY_BUFFER 32 * 1024 /* 32KB */ static size_t get_data_size(LineBuf *config_info, int *err_code) { size_t configSize = sizeof (ldap_return_t); dataunion *buf = NULL; /* For the 'sizeof' purpose */ if (config_info->str != NULL && config_info->len >= sizeof (buf->data.ldap_ret.ldap_u.config)) { configSize = sizeof (buf->space) + config_info->len - sizeof (buf->data.ldap_ret.ldap_u.config); if (!stack_inbounds((char *)&buf - (configSize + SAFETY_BUFFER))) { /* * We do not have enough space on the stack * to accomodate the whole DUAProfile */ logit("The DUAProfile is too big. There is not enough " "space to process it. Ignoring it.\n"); syslog(LOG_ERR, gettext("ldap_cachemgr: The DUAProfile " "is too big. There is not enough space " "to process it. Ignoring it.")); *err_code = NS_CACHE_SERVERERROR; free(config_info->str); config_info->str = NULL; config_info->len = 0; configSize = sizeof (ldap_return_t); } } return (configSize); } /*ARGSUSED*/ static void switcher(void *cookie, char *argp, size_t arg_size, door_desc_t *dp, uint_t n_desc) { #define GETSIZE 1000 #define ALLOCATE 1001 ldap_call_t *ptr = (ldap_call_t *)argp; ucred_t *uc = NULL; LineBuf configInfo; dataunion *buf = NULL; /* * By default the size of a buffer to be passed down to a client * is equal to the size of the ldap_return_t structure. We need * a bigger buffer in a few cases. */ size_t configSize = sizeof (ldap_return_t); int ldapErrno = 0, state, callnumber; struct { void *begin; size_t size; uint8_t destroy; } dataSource; if (argp == DOOR_UNREF_DATA) { logit("Door Slam... invalid door param\n"); syslog(LOG_ERR, gettext("ldap_cachemgr: Door Slam... " "invalid door param")); (void) printf(gettext("Door Slam... invalid door param\n")); exit(0); } if (ptr == NULL) { /* empty door call */ (void) door_return(NULL, 0, 0, 0); /* return the favor */ } bzero(&dataSource, sizeof (dataSource)); /* * We presume that sizeof (ldap_return_t) bytes are always available * on the stack */ callnumber = ptr->ldap_callnumber; switch (callnumber) { case NULLCALL: /* * Just a 'ping'. Use the default size * of the buffer and set the * 'OK' error code. */ state = ALLOCATE; break; case GETLDAPCONFIG: /* * Get the current LDAP configuration. * Since this is dynamic data and its size can exceed * the size of ldap_return_t, the next step will * calculate how much space exactly is required. */ getldap_lookup(&configInfo, ptr); state = GETSIZE; break; case GETADMINCRED: /* * Get the current Admin Credentials (DN and password). * Since this is dynamic data and its size can exceed * the size of ldap_return_t, the next step will * calculate how much space exactly is required. */ getldap_admincred(&configInfo, ptr); state = GETSIZE; break; case GETLDAPSERVER: /* * Get the root DSE for a next server in the list. * Since this is dynamic data and its size can exceed * the size of ldap_return_t, the next step will * calculate how much space exactly is required. */ getldap_getserver(&configInfo, ptr); state = GETSIZE; break; case GETCACHESTAT: /* * Get the cache stattistics. * Since this is dynamic data and its size can exceed * the size of ldap_return_t, the next step will * calculate how much space exactly is required. */ getldap_get_cacheStat(&configInfo); state = GETSIZE; break; case GETADMIN: /* * Get current configuration and statistics. * The size of the statistics structure is less then * sizeof (ldap_return_t). So specify the source * where to take the info and proceed with the memory * allocation. */ state = ALLOCATE; if (ldapErrno == 0) { dataSource.begin = ¤t_admin; dataSource.size = sizeof (current_admin); dataSource.destroy = 0; } break; case KILLSERVER: /* * Process the request and proceed with the default * buffer allocation. */ if (is_root(1, "KILLSERVER", &uc)) exit(0); ldapErrno = -1; state = ALLOCATE; break; case SETADMIN: /* * Process the request and proceed with the default * buffer allocation. */ if (is_root(1, "SETADMIN", &uc)) ldapErrno = setadmin(ptr); else ldapErrno = -1; state = ALLOCATE; break; case GETCACHE: /* * Get the cache stattistics. * Since this is dynamic data and its size can exceed * the size of ldap_return_t, the next step will * calculate how much space exactly is required. */ getldap_get_cacheData(&configInfo, ptr); state = GETSIZE; break; case SETCACHE: /* * Process the request and proceed with the default * buffer allocation. */ if (is_root(0, "SETCACHE", &uc) && is_called_from_nscd(ucred_getpid(uc))) { ldapErrno = getldap_set_cacheData(ptr); current_admin.ldap_stat.ldap_numbercalls++; } else ldapErrno = -1; if (uc != NULL) ucred_free(uc); state = ALLOCATE; break; case ADMINMODIFY: admin_modify(&configInfo, ptr); state = GETSIZE; break; case GETSTATUSCHANGE: /* * Process the request and proceed with the default * buffer allocation. */ (void) mutex_lock(&chg_threads_num_lock); chg_threads_num++; if (chg_threads_num > MAX_CHG_THREADS) { chg_threads_num--; (void) mutex_unlock(&chg_threads_num_lock); ldapErrno = CHG_EXCEED_MAX_THREADS; state = ALLOCATE; break; } (void) mutex_unlock(&chg_threads_num_lock); if (is_root(0, "GETSTATUSCHANGE", &uc) && is_called_from_nscd(ucred_getpid(uc))) { ldapErrno = chg_get_statusChange( &configInfo, ptr, ucred_getpid(uc)); state = GETSIZE; } else { ldapErrno = -1; state = ALLOCATE; } if (uc != NULL) ucred_free(uc); (void) mutex_lock(&chg_threads_num_lock); chg_threads_num--; (void) mutex_unlock(&chg_threads_num_lock); break; default: /* * This means an unknown request type. Proceed with * the default buffer allocation. */ logit("Unknown ldap service door call op %d\n", ptr->ldap_callnumber); ldapErrno = -99; state = ALLOCATE; break; } switch (state) { case GETSIZE: /* * This stage calculates how much data will be * passed down to the client, checks if there is * enough space on the stack to accommodate the data, * increases the value of the configSize variable * if necessary and specifies the data source. * In case of any error occurred ldapErrno will be set * appropriately. */ if (configInfo.str == NULL) { ldapErrno = -1; } configSize = get_data_size(&configInfo, &ldapErrno); if (ldapErrno == 0) { dataSource.begin = configInfo.str; dataSource.size = configInfo.len; dataSource.destroy = 1; } current_admin.ldap_stat.ldap_numbercalls++; /* FALLTHRU */ case ALLOCATE: /* * Allocate a buffer of the calculated (or default) size * and proceed with populating it with data. */ buf = (dataunion *) alloca(configSize); /* * Set a return code and, if a data source is specified, * copy data from the source to the buffer. */ buf->data.ldap_ret.ldap_errno = ldapErrno; buf->data.ldap_ret.ldap_return_code = ldapErrno; buf->data.ldap_ret.ldap_bufferbytesused = configSize; if (dataSource.begin != NULL) { (void) memcpy(buf->data.ldap_ret.ldap_u.config, dataSource.begin, dataSource.size); if (dataSource.destroy) { free(dataSource.begin); } } } (void) door_return((char *)&buf->data, buf->data.ldap_ret.ldap_bufferbytesused, NULL, 0); #undef GETSIZE #undef ALLOCATE } static void usage(char *s) { (void) fprintf(stderr, gettext("Usage: %s [-d debug_level] [-l logfilename]\n"), s); (void) fprintf(stderr, gettext(" [-K] " "[-r revalidate_interval] ")); #ifndef SLP (void) fprintf(stderr, gettext(" [-g]\n")); #else (void) fprintf(stderr, gettext(" [-g] [-s]\n")); #endif /* SLP */ exit(1); } static int logfd = -1; static int cachemgr_set_lf(admin_t *ptr, char *logfile) { int newlogfd; /* * we don't really want to try and open the log file * /dev/null since that will fail w/ our security fixes */ if (logfile == NULL || *logfile == 0) { /*EMPTY*/; } else if (strcmp(logfile, "/dev/null") == 0) { (void) strcpy(current_admin.logfile, "/dev/null"); (void) close(logfd); logfd = -1; } else { if ((newlogfd = open(logfile, O_EXCL|O_WRONLY|O_CREAT, 0644)) < 0) { /* * File already exists... now we need to get cute * since opening a file in a world-writeable directory * safely is hard = it could be a hard link or a * symbolic link to a system file. * */ struct stat before; if (lstat(logfile, &before) < 0) { logit("Cannot open new logfile \"%s\": %sn", logfile, strerror(errno)); return (-1); } if (S_ISREG(before.st_mode) && /* no symbolic links */ (before.st_nlink == 1) && /* no hard links */ (before.st_uid == 0)) { /* owned by root */ if ((newlogfd = open(logfile, O_APPEND|O_WRONLY, 0644)) < 0) { logit("Cannot open new logfile " "\"%s\": %s\n", logfile, strerror(errno)); return (-1); } } else { logit("Cannot use specified logfile " "\"%s\": file is/has links or isn't " "owned by root\n", logfile); return (-1); } } (void) strlcpy(ptr->logfile, logfile, sizeof (ptr->logfile)); (void) close(logfd); logfd = newlogfd; logit("Starting ldap_cachemgr, logfile %s\n", logfile); } return (0); } /*PRINTFLIKE1*/ void logit(char *format, ...) { static mutex_t loglock; struct timeval tv; char buffer[BUFSIZ]; va_list ap; va_start(ap, format); if (logfd >= 0) { int safechars; (void) gettimeofday(&tv, NULL); (void) ctime_r(&tv.tv_sec, buffer, BUFSIZ); (void) snprintf(buffer+19, BUFSIZE, ".%.4ld ", tv.tv_usec/100); safechars = sizeof (buffer) - 30; if (vsnprintf(buffer+25, safechars, format, ap) > safechars) (void) strcat(buffer, "...\n"); (void) mutex_lock(&loglock); (void) write(logfd, buffer, strlen(buffer)); (void) mutex_unlock(&loglock); } va_end(ap); } static int client_getadmin(admin_t *ptr) { dataunion u; ldap_data_t *dptr; int ndata; int adata; u.data.ldap_call.ldap_callnumber = GETADMIN; ndata = sizeof (u); adata = sizeof (u.data); dptr = &u.data; if (__ns_ldap_trydoorcall(&dptr, &ndata, &adata) != NS_CACHE_SUCCESS) { return (-1); } (void) memcpy(ptr, dptr->ldap_ret.ldap_u.buff, sizeof (*ptr)); return (0); } static int setadmin(ldap_call_t *ptr) { admin_t *new; new = (admin_t *)ptr->ldap_u.domainname; /* * global admin stuff */ if ((cachemgr_set_lf(¤t_admin, new->logfile) < 0) || cachemgr_set_dl(¤t_admin, new->debug_level) < 0) { return (-1); } if (cachemgr_set_ttl(¤t_admin.ldap_stat, "ldap", new->ldap_stat.ldap_ttl) < 0) { return (-1); } return (0); } static void client_killserver() { dataunion u; ldap_data_t *dptr; int ndata; int adata; u.data.ldap_call.ldap_callnumber = KILLSERVER; ndata = sizeof (u); adata = sizeof (ldap_call_t); dptr = &u.data; __ns_ldap_trydoorcall(&dptr, &ndata, &adata); } static int client_setadmin(admin_t *ptr) { dataunion u; ldap_data_t *dptr; int ndata; int adata; u.data.ldap_call.ldap_callnumber = SETADMIN; (void) memcpy(u.data.ldap_call.ldap_u.domainname, ptr, sizeof (*ptr)); ndata = sizeof (u); adata = sizeof (*ptr); dptr = &u.data; if (__ns_ldap_trydoorcall(&dptr, &ndata, &adata) != NS_CACHE_SUCCESS) { return (-1); } return (0); } static int client_showstats(admin_t *ptr) { dataunion u; ldap_data_t *dptr; int ndata; int adata; char *rbuf, *sptr, *rest; /* * print admin data */ (void) printf(gettext("\ncachemgr configuration:\n")); (void) printf(gettext("server debug level %10d\n"), ptr->debug_level); (void) printf(gettext("server log file\t\"%s\"\n"), ptr->logfile); (void) printf(gettext("number of calls to ldapcachemgr %10d\n"), ptr->ldap_stat.ldap_numbercalls); /* * get cache data statistics */ u.data.ldap_call.ldap_callnumber = GETCACHESTAT; ndata = sizeof (u); adata = sizeof (ldap_call_t); dptr = &u.data; if (__ns_ldap_trydoorcall(&dptr, &ndata, &adata) != NS_CACHE_SUCCESS) { (void) printf( gettext("\nCache data statistics not available!\n")); return (0); } /* * print cache data statistics line by line */ (void) printf(gettext("\ncachemgr cache data statistics:\n")); rbuf = dptr->ldap_ret.ldap_u.buff; sptr = strtok_r(rbuf, DOORLINESEP, &rest); for (;;) { (void) printf("%s\n", sptr); sptr = strtok_r(NULL, DOORLINESEP, &rest); if (sptr == NULL) break; } return (0); } /* * detach from tty */ static void detachfromtty(char *pgm) { int status; pid_t pid, wret; (void) close(0); (void) close(1); /* * Block the SIGUSR1 signal * just in case that the child * process may run faster than * the parent process and * send this signal before * the signal handler is ready * in the parent process. * This error will cause the parent * to exit with the User Signal 1 * exit code (144). */ (void) sighold(SIGUSR1); pid = fork1(); switch (pid) { case (pid_t)-1: logit("detachfromtty(): fork1() call failed\n"); (void) fprintf(stderr, gettext("%s: fork1() call failed.\n"), pgm); syslog(LOG_ERR, gettext("ldap_cachemgr: fork1() call failed.")); exit(1); break; case 0: /* * child process does not * need to worry about * the SIGUSR1 signal */ (void) sigrelse(SIGUSR1); (void) close(2); break; default: /* * Wait forever until the child process * has exited, or has signalled that at * least one server in the server list * is up. */ if (signal(SIGUSR1, sig_ok_to_exit) == SIG_ERR) { logit("detachfromtty(): " "can't set up signal handler to " " catch SIGUSR1.\n"); (void) fprintf(stderr, gettext("%s: signal() call failed.\n"), pgm); syslog(LOG_ERR, gettext("ldap_cachemgr: " "can't set up signal handler to " " catch SIGUSR1.")); exit(1); } /* * now unblock the SIGUSR1 signal * to handle the pending or * soon to arrive SIGUSR1 signal */ (void) sigrelse(SIGUSR1); wret = waitpid(pid, &status, 0); if (wret == -1) { logit("detachfromtty(): " "waitpid() call failed\n"); (void) fprintf(stderr, gettext("%s: waitpid() call failed.\n"), pgm); syslog(LOG_ERR, gettext("ldap_cachemgr: waitpid() " "call failed.")); exit(1); } if (wret != pid) { logit("detachfromtty(): " "waitpid() returned %ld when " "child pid was %ld\n", wret, pid); (void) fprintf(stderr, gettext( "%s: waitpid() returned %ld when " "child pid was %ld.\n"), pgm, wret, pid); syslog(LOG_ERR, gettext("ldap_cachemgr: waitpid() " "returned different " "child pid.")); exit(1); } /* evaluate return status */ if (WIFEXITED(status)) { if (WEXITSTATUS(status) == 0) { exit(0); } logit("detachfromtty(): " "child failed (rc = %d).\n", WEXITSTATUS(status)); (void) fprintf(stderr, gettext("%s: failed. Please see " "syslog for details.\n"), pgm); syslog(LOG_ERR, gettext("ldap_cachemgr: failed " "(rc = %d)."), WEXITSTATUS(status)); } else if (WIFSIGNALED(status)) { logit("detachfromtty(): " "child terminated by signal %d.\n", WTERMSIG(status)); (void) fprintf(stderr, gettext("%s: terminated by signal %d.\n"), pgm, WTERMSIG(status)); syslog(LOG_ERR, gettext("ldap_cachemgr: terminated by " "signal %d.\n"), WTERMSIG(status)); } else if (WCOREDUMP(status)) { logit("detachfromtty(): child core dumped.\n"), (void) fprintf(stderr, gettext("%s: core dumped.\n"), pgm); syslog(LOG_ERR, gettext("ldap_cachemgr: " "core dumped.\n")); } exit(1); } (void) setsid(); if (open("/dev/null", O_RDWR, 0) != -1) { (void) dup(0); (void) dup(0); } } /* * Check if the door client's euid is 0 * * We could check for some privilege or re-design the interfaces that * lead to is_root() being called so that we rely on SMF and RBAC, but * we need this check only for dealing with undocumented-but-possibly- * used interfaces. Anything beyond checking for euid == 0 here would * be overkill considering that those are undocumented interfaces. * * If free_uc is 0, the caller is responsible for freeing *ucp. * * return - 0 euid != 0 * 1 euid == 0 */ static int is_root(int free_uc, char *dc_str, ucred_t **ucp) { int rc; if (door_ucred(ucp) != 0) { rc = errno; logit("door_ucred() call failed %s\n", strerror(rc)); syslog(LOG_ERR, gettext("ldap_cachemgr: door_ucred() call %s " "failed %s"), strerror(rc)); return (0); } if (ucred_geteuid(*ucp) != 0) { if (current_admin.debug_level >= DBG_CANT_FIND) logit("%s call failed(cred): caller pid %ld, uid %u, " "euid %u (if uid or euid is %u, it may be " "unavailable)\n", dc_str, ucred_getpid(*ucp), ucred_getruid(*ucp), ucred_geteuid(*ucp), -1); rc = 0; } else { if (current_admin.debug_level >= DBG_ALL) logit("received %s call from pid %ld, uid %u, euid %u " "(if uid or euid is %u, it may be unavailable)\n", dc_str, ucred_getpid(*ucp), ucred_getruid(*ucp), ucred_geteuid(*ucp), -1); rc = 1; } if (free_uc) ucred_free(*ucp); return (rc); } /* * Check if pid is nscd * * Input: pid - process id of the door client that calls ldap_cachemgr * * Return: 0 - No * 1 - Yes */ int is_called_from_nscd(pid_t pid) { static mutex_t _door_lock = DEFAULTMUTEX; static int doorfd = -1; int match; door_info_t my_door; /* * the first time in we try and open and validate the door. * the validations are that the door must have been * created with the door cookie and * that the file attached to the door is owned by root * and readonly by user, group and other. If any of these * validations fail we refuse to use the door. */ (void) mutex_lock(&_door_lock); try_again: if (doorfd == -1) { if ((doorfd = open(NAME_SERVICE_DOOR, O_RDONLY, 0)) == -1) { (void) mutex_unlock(&_door_lock); return (0); } if (door_info(doorfd, &my_door) == -1 || (my_door.di_attributes & DOOR_REVOKED) || my_door.di_data != (uintptr_t)NAME_SERVICE_DOOR_COOKIE) { /* * we should close doorfd because we just opened it */ (void) close(doorfd); doorfd = -1; (void) mutex_unlock(&_door_lock); return (0); } } else { /* * doorfd is cached. Double check just in case * the door server is restarted or is down. */ if (door_info(doorfd, &my_door) == -1 || my_door.di_data != (uintptr_t)NAME_SERVICE_DOOR_COOKIE) { /* * don't close it - * someone else has clobbered fd */ doorfd = -1; goto try_again; } if (my_door.di_attributes & DOOR_REVOKED) { (void) close(doorfd); doorfd = -1; /* try and restart connection */ goto try_again; } } /* * door descriptor exists and is valid */ if (pid == my_door.di_target) match = 1; else match = 0; (void) mutex_unlock(&_door_lock); return (match); } /* * new_attr(name, value) * * create a new LDAP attribute to be sent to the server */ static ns_ldap_attr_t * new_attr(char *name, char *value) { ns_ldap_attr_t *tmp; tmp = malloc(sizeof (*tmp)); if (tmp != NULL) { tmp->attrname = name; tmp->attrvalue = (char **)calloc(2, sizeof (char *)); if (tmp->attrvalue == NULL) { free(tmp); return (NULL); } tmp->attrvalue[0] = value; tmp->value_count = 1; } return (tmp); } /* * Convert the flatten ldap attributes in a ns_ldap_attr_t back * to an ns_ldap_attr_t array. * * strlist->ldap_offsets[] contains offsets to strings: * "dn", , , , ... , * where n is (strlist->ldap_count/2 -1). * The output ns_ldap_attr_t array has a size of (strlist->ldap_count/2) * the first (strlist->ldap_count/2 -1) contains all the attribute data, * the last one is a NULL pointer. DN will be extracted out and pointed * to by *dn. */ static ns_ldap_attr_t ** str2attrs(ldap_strlist_t *strlist, char **dn) { int c; int i; int j; ns_ldap_attr_t **ret; c = strlist->ldap_count; ret = calloc(c/2, sizeof (ns_ldap_attr_t *)); if (ret == NULL) return (NULL); *dn = (char *)strlist + strlist->ldap_offsets[1]; /* * skip the first 'dn'/ pair, for all other attr type/value * pairs, get pointers to the attr type (offset [i]) and attr value * (offset [i+1]) and put in ns_ldap_attr_t at ret[j] */ for (i = 2, j = 0; i < c; i = i + 2, j++) { ret[j] = new_attr((char *)strlist + strlist->ldap_offsets[i], (char *)strlist + strlist->ldap_offsets[i + 1]); } return (ret); } static int get_admin_dn(ns_cred_t *credp, int *status, ns_ldap_error_t **errorp) { void **paramVal = NULL; int rc; /* get bind DN for shadow update */ rc = __ns_ldap_getParam(NS_LDAP_ADMIN_BINDDN_P, ¶mVal, errorp); if (rc != NS_LDAP_SUCCESS) return (rc); if (paramVal == NULL || *paramVal == NULL) { rc = NS_LDAP_CONFIG; *status = NS_CONFIG_NOTALLOW; if (paramVal != NULL) (void) __ns_ldap_freeParam(¶mVal); return (rc); } credp->cred.unix_cred.userID = strdup((char *)*paramVal); (void) __ns_ldap_freeParam(¶mVal); if (credp->cred.unix_cred.userID == NULL) return (NS_LDAP_MEMORY); return (NS_LDAP_SUCCESS); } /* * admin_modify() does a privileged modify within the ldap_cachemgr daemon * process using the admin DN/password configured with parameters * NS_LDAP_ADMIN_BINDDN and NS_LDAP_ADMIN_BINDPASSWD. It will only * be done if NS_LDAP_ENABLE_SHADOW_UPDATE is set to TRUE. * * The input ldap_call_t (*in) contains LDAP shadowAccount attributes to * be modified. The data is a flatten ns_ldap_attr_t arrary stored in * the strlist element of the input ldap_call_t. * The output will be in LineBuf (*config_info), an ldap_admin_mod_result_t * structure that contains error code, error status, and error message. */ static void admin_modify(LineBuf *config_info, ldap_call_t *in) { int rc = NS_LDAP_SUCCESS; int authstried = 0; int shadow_enabled = 0; char *dn = NULL; char **certpath = NULL; char **enable_shadow = NULL; ns_auth_t **app; ns_auth_t **authpp = NULL; ns_auth_t *authp = NULL; ns_cred_t *credp = NULL; char buffer[MAXERROR]; const int rlen = offsetof(ldap_admin_mod_result_t, msg); int mlen = 0; const int msgmax = MAXERROR - rlen; int status = 0; ucred_t *uc = NULL; ldap_strlist_t *strlist; ns_ldap_attr_t **attrs = NULL; ns_ldap_error_t *error = NULL; ldap_admin_mod_result_t *result; (void) memset((char *)config_info, 0, sizeof (LineBuf)); /* only root or an ALL privs user can do admin modify */ if (is_root_or_all_privs("ADMINMODIFY", &uc) == 0) { mlen = snprintf(buffer, msgmax, "%s", gettext("shadow update by a non-root and no ALL privilege " "user not allowed")); rc = NS_LDAP_CONFIG; goto out; } /* check to see if shadow update is enabled */ rc = __ns_ldap_getParam(NS_LDAP_ENABLE_SHADOW_UPDATE_P, (void ***)&enable_shadow, &error); if (rc != NS_LDAP_SUCCESS) goto out; if (enable_shadow != NULL && *enable_shadow != NULL) { shadow_enabled = (*(int *)enable_shadow[0] == NS_LDAP_ENABLE_SHADOW_UPDATE_TRUE); } if (enable_shadow != NULL) (void) __ns_ldap_freeParam((void ***)&enable_shadow); if (shadow_enabled == 0) { rc = NS_LDAP_CONFIG; status = NS_CONFIG_NOTALLOW; mlen = snprintf(buffer, msgmax, "%s", gettext("shadow update not enabled")); goto out; } /* convert attributes in string buffer into an ldap attribute array */ strlist = &in->ldap_u.strlist; attrs = str2attrs(strlist, &dn); if (attrs == NULL || *attrs == NULL || dn == NULL || *dn == '\0') { rc = NS_LDAP_INVALID_PARAM; goto out; } if ((credp = (ns_cred_t *)calloc(1, sizeof (ns_cred_t))) == NULL) { rc = NS_LDAP_MEMORY; goto out; } /* get host certificate path, if one is configured */ rc = __ns_ldap_getParam(NS_LDAP_HOST_CERTPATH_P, (void ***)&certpath, &error); if (rc != NS_LDAP_SUCCESS) goto out; if (certpath != NULL && *certpath != NULL) { credp->hostcertpath = strdup(*certpath); if (credp->hostcertpath == NULL) rc = NS_LDAP_MEMORY; } if (certpath != NULL) (void) __ns_ldap_freeParam((void ***)&certpath); if (rc != NS_LDAP_SUCCESS) goto out; /* Load the service specific authentication method */ rc = __ns_ldap_getServiceAuthMethods("passwd-cmd", &authpp, &error); if (rc != NS_LDAP_SUCCESS) { if (credp->hostcertpath != NULL) free(credp->hostcertpath); goto out; } /* * if authpp is null, there is no serviceAuthenticationMethod * try default authenticationMethod */ if (authpp == NULL) { rc = __ns_ldap_getParam(NS_LDAP_AUTH_P, (void ***)&authpp, &error); if (rc != NS_LDAP_SUCCESS) goto out; } /* * if authpp is still null, then can not authenticate, syslog * error message and return error */ if (authpp == NULL) { rc = NS_LDAP_CONFIG; mlen = snprintf(buffer, msgmax, "%s", gettext("No legal LDAP authentication method configured")); goto out; } /* * Walk the array and try all authentication methods in order except * for "none". */ for (app = authpp; *app; app++) { authp = *app; if (authp->type == NS_LDAP_AUTH_NONE) continue; authstried++; credp->auth.type = authp->type; credp->auth.tlstype = authp->tlstype; credp->auth.saslmech = authp->saslmech; credp->auth.saslopt = authp->saslopt; /* * For GSSAPI, host credential will be used. No admin * DN is needed. For other authentication methods, * we need to set admin. */ if (credp->auth.saslmech != NS_LDAP_SASL_GSSAPI) { if ((rc = get_admin_dn(credp, &status, &error)) != NS_LDAP_SUCCESS) { if (error != NULL) goto out; if (status == NS_CONFIG_NOTALLOW) { mlen = snprintf(buffer, msgmax, "%s", gettext("Admin bind DN not " "configured")); goto out; } } } rc = __ns_ldap_repAttr(NS_ADMIN_SHADOW_UPDATE, dn, (const ns_ldap_attr_t * const *)attrs, credp, 0, &error); if (rc == NS_LDAP_SUCCESS) goto out; /* * Other errors might need to be added to this list, for * the current supported mechanisms this is sufficient. */ if (rc == NS_LDAP_INTERNAL && error->pwd_mgmt.status == NS_PASSWD_GOOD && (error->status == LDAP_INAPPROPRIATE_AUTH || error->status == LDAP_INVALID_CREDENTIALS)) goto out; /* * If there is error related to password policy, * return it to caller. */ if (rc == NS_LDAP_INTERNAL && error->pwd_mgmt.status != NS_PASSWD_GOOD) { rc = NS_LDAP_CONFIG; status = NS_CONFIG_NOTALLOW; (void) __ns_ldap_freeError(&error); mlen = snprintf(buffer, msgmax, "%s", gettext("update failed due to " "password policy on server (%d)"), error->pwd_mgmt.status); goto out; } /* we don't really care about the error, just clean it up */ if (error) (void) __ns_ldap_freeError(&error); } if (authstried == 0) { rc = NS_LDAP_CONFIG; mlen = snprintf(buffer, msgmax, "%s", gettext("No legal LDAP authentication method configured")); goto out; } rc = NS_LDAP_OP_FAILED; out: if (credp != NULL) (void) __ns_ldap_freeCred(&credp); if (authpp != NULL) (void) __ns_ldap_freeParam((void ***)&authpp); if (error != NULL) { mlen = snprintf(buffer, msgmax, "%s", error->message); status = error->status; (void) __ns_ldap_freeError(&error); } if (attrs != NULL) { int i; for (i = 0; attrs[i]; i++) { free(attrs[i]->attrvalue); free(attrs[i]); } } config_info->len = rlen + mlen + 1; config_info->str = malloc(config_info->len); if (config_info->str == NULL) { config_info->len = 0; return; } result = (ldap_admin_mod_result_t *)config_info->str; result->ns_err = rc; result->status = status; if (mlen != 0) { result->msg_size = mlen + 1; (void) strcpy(config_info->str + rlen, buffer); } } /* * Check to see if the door client's euid is 0 or if it has ALL zone privilege. * return - 0 No or error * 1 Yes */ int is_root_or_all_privs(char *dc_str, ucred_t **ucp) { const priv_set_t *ps; /* door client */ priv_set_t *zs; /* zone */ int rc = 0; *ucp = NULL; /* no more to do if door client's euid is 0 */ if (is_root(0, dc_str, ucp) == 1) { ucred_free(*ucp); return (1); } /* error if couldn't get the ucred_t */ if (*ucp == NULL) return (0); if ((ps = ucred_getprivset(*ucp, PRIV_EFFECTIVE)) != NULL) { zs = priv_str_to_set("zone", ",", NULL); if (priv_isequalset(ps, zs)) rc = 1; /* has all zone privs */ else { if (current_admin.debug_level >= DBG_CANT_FIND) logit("%s call failed (no all zone privs): " "caller pid %ld, uid %u, euid %u " "(if uid or euid is %u, it may " "be unavailable)\n", dc_str, ucred_getpid(*ucp), ucred_getruid(*ucp), ucred_geteuid(*ucp), -1); } priv_freeset(zs); } ucred_free(*ucp); return (rc); }