xref: /illumos-gate/usr/src/cmd/ldapcachemgr/cachemgr.c (revision fea136a04b3f86ab3ec31e4c157379030fee9ade)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  * Copyright 2019 Nexenta Systems, Inc.
25  */
26 
27 /*
28  * Simple doors ldap cache daemon
29  */
30 
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <signal.h>
34 #include <door.h>
35 #include <time.h>
36 #include <string.h>
37 #include <strings.h>
38 #include <libintl.h>
39 #include <sys/stat.h>
40 #include <sys/time.h>
41 #include <sys/wait.h>
42 #include <stdlib.h>
43 #include <errno.h>
44 #include <pthread.h>
45 #include <thread.h>
46 #include <stdarg.h>
47 #include <fcntl.h>
48 #include <assert.h>
49 #include <unistd.h>
50 #include <memory.h>
51 #include <sys/types.h>
52 #include <syslog.h>
53 #include <locale.h>	/* LC_ALL */
54 
55 #include <alloca.h>
56 #include <ucontext.h>
57 #include <stddef.h>	/* offsetof */
58 #include <priv.h>
59 
60 #include "getxby_door.h"
61 #include "cachemgr.h"
62 
63 static void	detachfromtty();
64 admin_t		current_admin;
65 static int	will_become_server;
66 
67 static void switcher(void *cookie, char *argp, size_t arg_size,
68 			door_desc_t *dp, uint_t n_desc);
69 static void usage(char *s);
70 static int cachemgr_set_lf(admin_t *ptr, char *logfile);
71 static int client_getadmin(admin_t *ptr);
72 static int setadmin(ldap_call_t *ptr);
73 static  int client_setadmin(admin_t *ptr);
74 static int client_showstats(admin_t *ptr);
75 static int is_root(int free_uc, char *dc_str, ucred_t **uc);
76 int is_root_or_all_privs(char *dc_str, ucred_t **ucp);
77 static void admin_modify(LineBuf *config_info, ldap_call_t *in);
78 
79 #ifdef SLP
80 int			use_slp = 0;
81 static unsigned int	refresh = 10800;	/* dynamic discovery interval */
82 #endif /* SLP */
83 
84 static ldap_stat_t *
getcacheptr(char * s)85 getcacheptr(char *s)
86 {
87 	static const char *caches[1] = {"ldap"};
88 
89 	if (strncmp(caches[0], s, strlen(caches[0])) == 0)
90 		return (&current_admin.ldap_stat);
91 
92 	return (NULL);
93 }
94 
95 char *
getcacheopt(char * s)96 getcacheopt(char *s)
97 {
98 	while (*s && *s != ',')
99 		s++;
100 	return ((*s == ',') ? (s + 1) : NULL);
101 }
102 
103 /*
104  *  This is here to prevent the ldap_cachemgr becomes
105  *  daemonlized to early to soon during boot time.
106  *  This causes problems during boot when automounter
107  *  and others try to use libsldap before ldap_cachemgr
108  *  finishes walking the server list.
109  */
110 static void
sig_ok_to_exit(int signo)111 sig_ok_to_exit(int signo)
112 {
113 	if (signo == SIGUSR1) {
114 		logit("sig_ok_to_exit(): parent exiting...\n");
115 		exit(0);
116 	} else {
117 		logit("sig_ok_to_exit(): invalid signal(%d) received.\n",
118 		    signo);
119 		syslog(LOG_ERR, gettext("ldap_cachemgr: "
120 		    "invalid signal(%d) received."), signo);
121 		exit(1);
122 	}
123 }
124 #define	LDAP_TABLES		1	/* ldap */
125 #define	TABLE_THREADS		10
126 #define	COMMON_THREADS		20
127 #define	CACHE_MISS_THREADS	(COMMON_THREADS + LDAP_TABLES * TABLE_THREADS)
128 #define	CACHE_HIT_THREADS	20
129 /*
130  * There is only one thread handling GETSTATUSCHANGE START from main nscd
131  * most of time. But it could happen that a main nscd is restarted, old main
132  * nscd's handling thread is still alive when new main nscd starts and sends
133  * START, or old main dies. STOP is not sent in both cases.
134  * The main nscd requires 2 threads to handle START and STOP. So max number
135  * of change threads is set to 4.
136  */
137 #define	MAX_CHG_THREADS		4
138 #define	MAX_SERVER_THREADS	(CACHE_HIT_THREADS + CACHE_MISS_THREADS + \
139 				MAX_CHG_THREADS)
140 
141 static sema_t common_sema;
142 static sema_t ldap_sema;
143 static thread_key_t lookup_state_key;
144 static int chg_threads_num = 0;
145 static mutex_t chg_threads_num_lock = DEFAULTMUTEX;
146 
147 static void
initialize_lookup_clearance()148 initialize_lookup_clearance()
149 {
150 	(void) thr_keycreate(&lookup_state_key, NULL);
151 	(void) sema_init(&common_sema, COMMON_THREADS, USYNC_THREAD, 0);
152 	(void) sema_init(&ldap_sema, TABLE_THREADS, USYNC_THREAD, 0);
153 }
154 
155 int
get_clearance(int callnumber)156 get_clearance(int callnumber)
157 {
158 	sema_t	*table_sema = NULL;
159 	char	*tab;
160 
161 	if (sema_trywait(&common_sema) == 0) {
162 		(void) thr_setspecific(lookup_state_key, NULL);
163 		return (0);
164 	}
165 
166 	switch (callnumber) {
167 		case GETLDAPCONFIG:
168 			tab = "ldap";
169 			table_sema = &ldap_sema;
170 			break;
171 		default:
172 			logit("Internal Error: get_clearance\n");
173 			break;
174 	}
175 
176 	if (sema_trywait(table_sema) == 0) {
177 		(void) thr_setspecific(lookup_state_key, (void*)1);
178 		return (0);
179 	}
180 
181 	if (current_admin.debug_level >= DBG_CANT_FIND) {
182 		logit("get_clearance: throttling load for %s table\n", tab);
183 	}
184 
185 	return (-1);
186 }
187 
188 int
release_clearance(int callnumber)189 release_clearance(int callnumber)
190 {
191 	int	which;
192 	sema_t	*table_sema = NULL;
193 
194 	(void) thr_getspecific(lookup_state_key, (void**)&which);
195 	if (which == 0) /* from common pool */ {
196 		(void) sema_post(&common_sema);
197 		return (0);
198 	}
199 
200 	switch (callnumber) {
201 		case GETLDAPCONFIG:
202 			table_sema = &ldap_sema;
203 			break;
204 		default:
205 			logit("Internal Error: release_clearance\n");
206 			break;
207 	}
208 	(void) sema_post(table_sema);
209 
210 	return (0);
211 }
212 
213 
214 static mutex_t		create_lock;
215 static int		num_servers = 0;
216 static thread_key_t	server_key;
217 
218 
219 /*
220  * Bind a TSD value to a server thread. This enables the destructor to
221  * be called if/when this thread exits.  This would be a programming error,
222  * but better safe than sorry.
223  */
224 
225 /*ARGSUSED*/
226 static void *
server_tsd_bind(void * arg)227 server_tsd_bind(void *arg)
228 {
229 	static void *value = "NON-NULL TSD";
230 
231 	/*
232 	 * disable cancellation to prevent hangs when server
233 	 * threads disappear
234 	 */
235 	(void) pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
236 	(void) thr_setspecific(server_key, value);
237 	(void) door_return(NULL, 0, NULL, 0);
238 
239 	return (value);
240 }
241 
242 /*
243  * Server threads are created here.
244  */
245 
246 /*ARGSUSED*/
247 static void
server_create(door_info_t * dip)248 server_create(door_info_t *dip)
249 {
250 	(void) mutex_lock(&create_lock);
251 	if (++num_servers > MAX_SERVER_THREADS) {
252 		num_servers--;
253 		(void) mutex_unlock(&create_lock);
254 		return;
255 	}
256 	(void) mutex_unlock(&create_lock);
257 	(void) thr_create(NULL, 0, server_tsd_bind, NULL,
258 	    THR_BOUND|THR_DETACHED, NULL);
259 }
260 
261 /*
262  * Server thread are destroyed here
263  */
264 
265 /*ARGSUSED*/
266 static void
server_destroy(void * arg)267 server_destroy(void *arg)
268 {
269 	(void) mutex_lock(&create_lock);
270 	num_servers--;
271 	(void) mutex_unlock(&create_lock);
272 	(void) thr_setspecific(server_key, NULL);
273 }
274 
275 static void		client_killserver();
276 
277 int
main(int argc,char ** argv)278 main(int argc, char ** argv)
279 {
280 	int			did;
281 	int			opt;
282 	int			errflg = 0;
283 	int			showstats = 0;
284 	int			doset = 0;
285 	int			dofg = 0;
286 	struct stat		buf;
287 	sigset_t		myset;
288 	struct sigaction	sighupaction;
289 	int			debug_level = 0;
290 
291 	/* setup for localization */
292 	(void) setlocale(LC_ALL, "");
293 	(void) textdomain(TEXT_DOMAIN);
294 
295 	openlog("ldap_cachemgr", LOG_PID, LOG_DAEMON);
296 
297 	if (chdir(NSLDAPDIRECTORY) < 0) {
298 		(void) fprintf(stderr, gettext("chdir(\"%s\") failed: %s\n"),
299 		    NSLDAPDIRECTORY, strerror(errno));
300 		exit(1);
301 	}
302 
303 	/*
304 	 * Correctly set file mode creation mask, so to make the new files
305 	 * created for door calls being readable by all.
306 	 */
307 	(void) umask(0);
308 
309 	/*
310 	 *  Special case non-root user here -	he/she/they/it can just print
311 	 *					stats
312 	 */
313 
314 	if (geteuid()) {
315 		if (argc != 2 || strcmp(argv[1], "-g")) {
316 			(void) fprintf(stderr,
317 			    gettext("Must be root to use any option "
318 			    "other than -g.\n\n"));
319 			usage(argv[0]);
320 		}
321 
322 		if ((__ns_ldap_cache_ping() != NS_CACHE_SUCCESS) ||
323 		    (client_getadmin(&current_admin) != 0)) {
324 			(void) fprintf(stderr,
325 			    gettext("%s doesn't appear to be running.\n"),
326 			    argv[0]);
327 			exit(1);
328 		}
329 		(void) client_showstats(&current_admin);
330 		exit(0);
331 	}
332 
333 
334 
335 	/*
336 	 *  Determine if there is already a daemon running
337 	 */
338 
339 	will_become_server = (__ns_ldap_cache_ping() != NS_CACHE_SUCCESS);
340 
341 	/*
342 	 *  load normal config file
343 	 */
344 
345 	if (will_become_server) {
346 		static const ldap_stat_t defaults = {
347 			0,		/* stat */
348 			DEFAULTTTL};	/* ttl */
349 
350 		current_admin.ldap_stat = defaults;
351 		(void) strcpy(current_admin.logfile, LOGFILE);
352 	} else {
353 		if (client_getadmin(&current_admin)) {
354 			(void) fprintf(stderr, gettext("Cannot contact %s "
355 			    "properly(?)\n"), argv[0]);
356 			exit(1);
357 		}
358 	}
359 
360 #ifndef SLP
361 	while ((opt = getopt(argc, argv, "fKgl:r:d:")) != EOF) {
362 #else
363 	while ((opt = getopt(argc, argv, "fKgs:l:r:d:")) != EOF) {
364 #endif /* SLP */
365 		ldap_stat_t	*cache;
366 
367 		switch (opt) {
368 		case 'K':
369 			client_killserver();
370 			exit(0);
371 			break;
372 		case 'g':
373 			showstats++;
374 			break;
375 		case 'f':
376 			dofg++;
377 			break;
378 		case 'r':
379 			doset++;
380 			cache = getcacheptr("ldap");
381 			if (!optarg) {
382 				errflg++;
383 				break;
384 			}
385 			cache->ldap_ttl = atoi(optarg);
386 			break;
387 		case 'l':
388 			doset++;
389 			(void) strlcpy(current_admin.logfile,
390 			    optarg, sizeof (current_admin.logfile));
391 			break;
392 		case 'd':
393 			doset++;
394 			debug_level = atoi(optarg);
395 			break;
396 #ifdef SLP
397 		case 's':	/* undocumented: use dynamic (SLP) config */
398 			use_slp = 1;
399 			break;
400 #endif /* SLP */
401 		default:
402 			errflg++;
403 			break;
404 		}
405 	}
406 
407 	if (errflg)
408 		usage(argv[0]);
409 
410 	/*
411 	 * will not show statistics if no daemon running
412 	 */
413 	if (will_become_server && showstats) {
414 		(void) fprintf(stderr,
415 		    gettext("%s doesn't appear to be running.\n"),
416 		    argv[0]);
417 		exit(1);
418 	}
419 
420 	if (!will_become_server) {
421 		if (showstats) {
422 			(void) client_showstats(&current_admin);
423 		}
424 		if (doset) {
425 			current_admin.debug_level = debug_level;
426 			if (client_setadmin(&current_admin) < 0) {
427 				(void) fprintf(stderr,
428 				    gettext("Error during admin call\n"));
429 				exit(1);
430 			}
431 		}
432 		if (!showstats && !doset) {
433 			(void) fprintf(stderr,
434 			gettext("%s already running....use '%s "
435 			    "-K' to stop\n"), argv[0], argv[0]);
436 		}
437 		exit(0);
438 	}
439 
440 	/*
441 	 *   daemon from here on
442 	 */
443 
444 	if (debug_level) {
445 		/*
446 		 * we're debugging...
447 		 */
448 		if (strlen(current_admin.logfile) == 0)
449 			/*
450 			 * no specified log file
451 			 */
452 			(void) strcpy(current_admin.logfile, LOGFILE);
453 		(void) cachemgr_set_lf(&current_admin, current_admin.logfile);
454 		/*
455 		 * validate the range of debug level number
456 		 * and set the number to current_admin.debug_level
457 		 */
458 		if (cachemgr_set_dl(&current_admin, debug_level) < 0) {
459 				/*
460 				 * print error messages to the screen
461 				 * cachemgr_set_dl prints msgs to cachemgr.log
462 				 * only
463 				 */
464 				(void) fprintf(stderr,
465 				gettext("Incorrect Debug Level: %d\n"
466 				"It should be between %d and %d\n"),
467 				    debug_level, DBG_OFF, MAXDEBUG);
468 			exit(-1);
469 		}
470 	} else {
471 		if (strlen(current_admin.logfile) == 0)
472 			(void) strcpy(current_admin.logfile, "/dev/null");
473 		(void) cachemgr_set_lf(&current_admin, current_admin.logfile);
474 	}
475 
476 	if (dofg == 0)
477 		detachfromtty(argv[0]);
478 
479 	/*
480 	 * perform some initialization
481 	 */
482 
483 	initialize_lookup_clearance();
484 
485 	if (getldap_init() != 0)
486 		exit(-1);
487 
488 	/*
489 	 * Establish our own server thread pool
490 	 */
491 
492 	(void) door_server_create(server_create);
493 	if (thr_keycreate(&server_key, server_destroy) != 0) {
494 		logit("thr_keycreate() call failed\n");
495 		syslog(LOG_ERR,
496 		    gettext("ldap_cachemgr: thr_keycreate() call failed"));
497 		perror("thr_keycreate");
498 		exit(-1);
499 	}
500 
501 	/*
502 	 * Create a door
503 	 */
504 
505 	if ((did = door_create(switcher, LDAP_CACHE_DOOR_COOKIE,
506 	    DOOR_UNREF | DOOR_REFUSE_DESC | DOOR_NO_CANCEL)) < 0) {
507 		logit("door_create() call failed\n");
508 		syslog(LOG_ERR, gettext(
509 		    "ldap_cachemgr: door_create() call failed"));
510 		perror("door_create");
511 		exit(-1);
512 	}
513 
514 	/*
515 	 * bind to file system
516 	 */
517 
518 	if (stat(LDAP_CACHE_DOOR, &buf) < 0) {
519 		int	newfd;
520 
521 		if ((newfd = creat(LDAP_CACHE_DOOR, 0444)) < 0) {
522 			logit("Cannot create %s:%s\n",
523 			    LDAP_CACHE_DOOR,
524 			    strerror(errno));
525 			exit(1);
526 		}
527 		(void) close(newfd);
528 	}
529 
530 	if (fattach(did, LDAP_CACHE_DOOR) < 0) {
531 		if ((errno != EBUSY) ||
532 		    (fdetach(LDAP_CACHE_DOOR) <  0) ||
533 		    (fattach(did, LDAP_CACHE_DOOR) < 0)) {
534 			logit("fattach() call failed\n");
535 			syslog(LOG_ERR, gettext(
536 			    "ldap_cachemgr: fattach() call failed"));
537 			perror("fattach");
538 			exit(2);
539 		}
540 	}
541 
542 	/* catch SIGHUP revalid signals */
543 	sighupaction.sa_handler = getldap_revalidate;
544 	sighupaction.sa_flags = 0;
545 	(void) sigemptyset(&sighupaction.sa_mask);
546 	(void) sigemptyset(&myset);
547 	(void) sigaddset(&myset, SIGHUP);
548 
549 	if (sigaction(SIGHUP, &sighupaction, NULL) < 0) {
550 		logit("sigaction() call failed\n");
551 		syslog(LOG_ERR,
552 		    gettext("ldap_cachemgr: sigaction() call failed"));
553 		perror("sigaction");
554 		exit(1);
555 	}
556 
557 	if (thr_sigsetmask(SIG_BLOCK, &myset, NULL) < 0) {
558 		logit("thr_sigsetmask() call failed\n");
559 		syslog(LOG_ERR,
560 		    gettext("ldap_cachemgr: thr_sigsetmask() call failed"));
561 		perror("thr_sigsetmask");
562 		exit(1);
563 	}
564 
565 	/*
566 	 *  kick off revalidate threads only if ttl != 0
567 	 */
568 
569 	if (thr_create(NULL, 0, (void *(*)(void*))getldap_refresh,
570 	    NULL, 0, NULL) != 0) {
571 		logit("thr_create() call failed\n");
572 		syslog(LOG_ERR,
573 		    gettext("ldap_cachemgr: thr_create() call failed"));
574 		perror("thr_create");
575 		exit(1);
576 	}
577 
578 	/*
579 	 *  kick off the thread which refreshes the server info
580 	 */
581 
582 	if (thr_create(NULL, 0, (void *(*)(void*))getldap_serverInfo_refresh,
583 	    NULL, 0, NULL) != 0) {
584 		logit("thr_create() call failed\n");
585 		syslog(LOG_ERR,
586 		    gettext("ldap_cachemgr: thr_create() call failed"));
587 		perror("thr_create");
588 		exit(1);
589 	}
590 
591 	/*
592 	 * kick off the thread which cleans up waiting threads for
593 	 * GETSTATUSCHANGE
594 	 */
595 
596 	if (thr_create(NULL, 0, chg_cleanup_waiting_threads,
597 	    NULL, 0, NULL) != 0) {
598 		logit("thr_create() chg_cleanup_waiting_threads call failed\n");
599 		syslog(LOG_ERR,
600 		    gettext("ldap_cachemgr: thr_create() "
601 		    "chg_cleanup_waiting_threads call failed"));
602 		exit(1);
603 	}
604 
605 #ifdef SLP
606 	if (use_slp) {
607 		/* kick off SLP discovery thread */
608 		if (thr_create(NULL, 0, (void *(*)(void *))discover,
609 		    (void *)&refresh, 0, NULL) != 0) {
610 			logit("thr_create() call failed\n");
611 			syslog(LOG_ERR, gettext("ldap_cachemgr: thr_create() "
612 			    "call failed"));
613 			perror("thr_create");
614 			exit(1);
615 		}
616 	}
617 #endif /* SLP */
618 
619 	if (thr_sigsetmask(SIG_UNBLOCK, &myset, NULL) < 0) {
620 		logit("thr_sigsetmask() call failed\n");
621 		syslog(LOG_ERR,
622 		    gettext("ldap_cachemgr: the_sigsetmask() call failed"));
623 		perror("thr_sigsetmask");
624 		exit(1);
625 	}
626 
627 	/*CONSTCOND*/
628 	while (1) {
629 		(void) pause();
630 	}
631 	/* NOTREACHED */
632 	/*LINTED E_FUNC_HAS_NO_RETURN_STMT*/
633 }
634 
635 
636 /*
637  * Before calling the alloca() function we have to be sure that we won't get
638  * beyond the stack. Since we don't know the precise layout of the stack,
639  * the address of an automatic of the function gives us a rough idea, plus/minus
640  * a bit. We also need a bit more of stackspace after the call to be able
641  * to call further functions. Even something as simple as making a system call
642  * from within this function can take ~100 Bytes of stackspace.
643  */
644 #define	SAFETY_BUFFER 32 * 1024 /* 32KB */
645 
646 static
647 size_t
648 get_data_size(LineBuf *config_info, int *err_code)
649 {
650 	size_t		configSize = sizeof (ldap_return_t);
651 	dataunion	*buf = NULL; /* For the 'sizeof' purpose */
652 
653 	if (config_info->str != NULL &&
654 	    config_info->len >= sizeof (buf->data.ldap_ret.ldap_u.config)) {
655 		configSize = sizeof (buf->space) +
656 		    config_info->len -
657 		    sizeof (buf->data.ldap_ret.ldap_u.config);
658 
659 		if (!stack_inbounds((char *)&buf -
660 		    (configSize + SAFETY_BUFFER))) {
661 			/*
662 			 * We do not have enough space on the stack
663 			 * to accomodate the whole DUAProfile
664 			 */
665 			logit("The DUAProfile is too big. There is not enough "
666 			    "space to process it. Ignoring it.\n");
667 			syslog(LOG_ERR, gettext("ldap_cachemgr: The DUAProfile "
668 			    "is too big. There is not enough space "
669 			    "to process it. Ignoring it."));
670 
671 			*err_code = NS_CACHE_SERVERERROR;
672 
673 			free(config_info->str);
674 			config_info->str = NULL;
675 			config_info->len = 0;
676 			configSize = sizeof (ldap_return_t);
677 		}
678 	}
679 
680 	return (configSize);
681 }
682 
683 /*ARGSUSED*/
684 static void
685 switcher(void *cookie, char *argp, size_t arg_size,
686     door_desc_t *dp, uint_t n_desc)
687 {
688 #define	GETSIZE 1000
689 #define	ALLOCATE 1001
690 
691 	ldap_call_t	*ptr = (ldap_call_t *)argp;
692 	ucred_t		*uc = NULL;
693 
694 	LineBuf		configInfo;
695 	dataunion	*buf = NULL;
696 
697 	/*
698 	 * By default the size of  a buffer to be passed down to a client
699 	 * is equal to the size of the ldap_return_t structure. We need
700 	 * a bigger buffer in a few cases.
701 	 */
702 	size_t		configSize = sizeof (ldap_return_t);
703 	int		ldapErrno = 0, state, callnumber;
704 	struct {
705 		void	*begin;
706 		size_t	size;
707 		uint8_t	destroy;
708 	} dataSource;
709 
710 	if (argp == DOOR_UNREF_DATA) {
711 		logit("Door Slam... invalid door param\n");
712 		syslog(LOG_ERR, gettext("ldap_cachemgr: Door Slam... "
713 		    "invalid door param"));
714 		(void) printf(gettext("Door Slam... invalid door param\n"));
715 		exit(0);
716 	}
717 
718 	if (ptr == NULL) { /* empty door call */
719 		(void) door_return(NULL, 0, 0, 0); /* return the favor */
720 	}
721 
722 	bzero(&dataSource, sizeof (dataSource));
723 
724 	/*
725 	 * We presume that sizeof (ldap_return_t) bytes are always available
726 	 * on the stack
727 	 */
728 	callnumber = ptr->ldap_callnumber;
729 
730 	switch (callnumber) {
731 		case NULLCALL:
732 			/*
733 			 * Just a 'ping'. Use the default size
734 			 * of the buffer and set the
735 			 * 'OK' error code.
736 			 */
737 			state = ALLOCATE;
738 			break;
739 		case GETLDAPCONFIG:
740 			/*
741 			 * Get the current LDAP configuration.
742 			 * Since this is dynamic data and its size can exceed
743 			 * the size of ldap_return_t, the next step will
744 			 * calculate how much space exactly is required.
745 			 */
746 			getldap_lookup(&configInfo, ptr);
747 
748 			state = GETSIZE;
749 			break;
750 		case GETADMINCRED:
751 			/*
752 			 * Get the current Admin Credentials (DN and password).
753 			 * Since this is dynamic data and its size can exceed
754 			 * the size of ldap_return_t, the next step will
755 			 * calculate how much space exactly is required.
756 			 */
757 			getldap_admincred(&configInfo, ptr);
758 
759 			state = GETSIZE;
760 			break;
761 		case GETLDAPSERVER:
762 			/*
763 			 * Get the root DSE for a next server in the list.
764 			 * Since this is dynamic data and its size can exceed
765 			 * the size of ldap_return_t, the next step will
766 			 * calculate how much space exactly is required.
767 			 */
768 			getldap_getserver(&configInfo, ptr);
769 
770 			state = GETSIZE;
771 			break;
772 		case GETCACHESTAT:
773 			/*
774 			 * Get the cache stattistics.
775 			 * Since this is dynamic data and its size can exceed
776 			 * the size of ldap_return_t, the next step will
777 			 * calculate how much space exactly is required.
778 			 */
779 			getldap_get_cacheStat(&configInfo);
780 
781 			state = GETSIZE;
782 			break;
783 		case GETADMIN:
784 			/*
785 			 * Get current configuration and statistics.
786 			 * The size of the statistics structure is less then
787 			 * sizeof (ldap_return_t). So specify the source
788 			 * where to take the info and proceed with the memory
789 			 * allocation.
790 			 */
791 			state = ALLOCATE;
792 
793 			if (ldapErrno == 0) {
794 				dataSource.begin = &current_admin;
795 				dataSource.size = sizeof (current_admin);
796 				dataSource.destroy = 0;
797 			}
798 			break;
799 		case KILLSERVER:
800 			/*
801 			 * Process the request and proceed with the default
802 			 * buffer allocation.
803 			 */
804 			if (is_root(1, "KILLSERVER", &uc))
805 				exit(0);
806 
807 			ldapErrno = -1;
808 			state = ALLOCATE;
809 			break;
810 		case SETADMIN:
811 			/*
812 			 * Process the request and proceed with the default
813 			 * buffer allocation.
814 			 */
815 			if (is_root(1, "SETADMIN", &uc))
816 				ldapErrno = setadmin(ptr);
817 			else
818 				ldapErrno = -1;
819 
820 			state = ALLOCATE;
821 			break;
822 		case GETCACHE:
823 			/*
824 			 * Get the cache stattistics.
825 			 * Since this is dynamic data and its size can exceed
826 			 * the size of ldap_return_t, the next step will
827 			 * calculate how much space exactly is required.
828 			 */
829 			getldap_get_cacheData(&configInfo, ptr);
830 
831 			state = GETSIZE;
832 			break;
833 		case SETCACHE:
834 			/*
835 			 * Process the request and proceed with the default
836 			 * buffer allocation.
837 			 */
838 			if (is_root(0, "SETCACHE", &uc) &&
839 			    is_called_from_nscd(ucred_getpid(uc))) {
840 				ldapErrno = getldap_set_cacheData(ptr);
841 				current_admin.ldap_stat.ldap_numbercalls++;
842 			} else
843 				ldapErrno = -1;
844 
845 			if (uc != NULL)
846 				ucred_free(uc);
847 			state = ALLOCATE;
848 			break;
849 		case ADMINMODIFY:
850 			admin_modify(&configInfo, ptr);
851 
852 			state = GETSIZE;
853 			break;
854 		case GETSTATUSCHANGE:
855 			/*
856 			 * Process the request and proceed with the default
857 			 * buffer allocation.
858 			 */
859 			(void) mutex_lock(&chg_threads_num_lock);
860 			chg_threads_num++;
861 			if (chg_threads_num > MAX_CHG_THREADS) {
862 				chg_threads_num--;
863 				(void) mutex_unlock(&chg_threads_num_lock);
864 				ldapErrno = CHG_EXCEED_MAX_THREADS;
865 				state = ALLOCATE;
866 				break;
867 			}
868 			(void) mutex_unlock(&chg_threads_num_lock);
869 
870 			if (is_root(0, "GETSTATUSCHANGE", &uc) &&
871 			    is_called_from_nscd(ucred_getpid(uc))) {
872 				ldapErrno = chg_get_statusChange(
873 				    &configInfo, ptr, ucred_getpid(uc));
874 				state = GETSIZE;
875 			} else {
876 				ldapErrno = -1;
877 				state = ALLOCATE;
878 			}
879 			if (uc != NULL)
880 				ucred_free(uc);
881 
882 			(void) mutex_lock(&chg_threads_num_lock);
883 			chg_threads_num--;
884 			(void) mutex_unlock(&chg_threads_num_lock);
885 			break;
886 		default:
887 			/*
888 			 * This means an unknown request type. Proceed with
889 			 * the default buffer allocation.
890 			 */
891 			logit("Unknown ldap service door call op %d\n",
892 			    ptr->ldap_callnumber);
893 			ldapErrno = -99;
894 
895 			state = ALLOCATE;
896 			break;
897 	}
898 
899 	switch (state) {
900 		case GETSIZE:
901 			/*
902 			 * This stage calculates how much data will be
903 			 * passed down to the client, checks if there is
904 			 * enough space on the stack to accommodate the data,
905 			 * increases the value of the configSize variable
906 			 * if necessary and specifies the data source.
907 			 * In case of any error occurred ldapErrno will be set
908 			 * appropriately.
909 			 */
910 			if (configInfo.str == NULL) {
911 				ldapErrno = -1;
912 			}
913 
914 			configSize = get_data_size(&configInfo, &ldapErrno);
915 
916 			if (ldapErrno == 0) {
917 				dataSource.begin = configInfo.str;
918 				dataSource.size = configInfo.len;
919 				dataSource.destroy = 1;
920 			}
921 
922 			current_admin.ldap_stat.ldap_numbercalls++;
923 			/* FALLTHRU */
924 		case ALLOCATE:
925 			/*
926 			 * Allocate a buffer of the calculated (or default) size
927 			 * and proceed with populating it with data.
928 			 */
929 			buf = (dataunion *) alloca(configSize);
930 
931 			/*
932 			 * Set a return code and, if a data source is specified,
933 			 * copy data from the source to the buffer.
934 			 */
935 			buf->data.ldap_ret.ldap_errno = ldapErrno;
936 			buf->data.ldap_ret.ldap_return_code = ldapErrno;
937 			buf->data.ldap_ret.ldap_bufferbytesused = configSize;
938 
939 			if (dataSource.begin != NULL) {
940 				(void) memcpy(buf->data.ldap_ret.ldap_u.config,
941 				    dataSource.begin,
942 				    dataSource.size);
943 				if (dataSource.destroy) {
944 					free(dataSource.begin);
945 				}
946 			}
947 
948 	}
949 	(void) door_return((char *)&buf->data,
950 	    buf->data.ldap_ret.ldap_bufferbytesused,
951 	    NULL,
952 	    0);
953 #undef	GETSIZE
954 #undef	ALLOCATE
955 }
956 
957 static void
958 usage(char *s)
959 {
960 	(void) fprintf(stderr,
961 	    gettext("Usage: %s [-d debug_level] [-l logfilename]\n"), s);
962 	(void) fprintf(stderr, gettext("	[-K] "
963 	    "[-r revalidate_interval] "));
964 #ifndef SLP
965 	(void) fprintf(stderr, gettext("	[-g]\n"));
966 #else
967 	(void) fprintf(stderr, gettext("	[-g] [-s]\n"));
968 #endif /* SLP */
969 	exit(1);
970 }
971 
972 
973 static int	logfd = -1;
974 
975 static int
976 cachemgr_set_lf(admin_t *ptr, char *logfile)
977 {
978 	int	newlogfd;
979 
980 	/*
981 	 *  we don't really want to try and open the log file
982 	 *  /dev/null since that will fail w/ our security fixes
983 	 */
984 
985 	if (logfile == NULL || *logfile == 0) {
986 		/*EMPTY*/;
987 	} else if (strcmp(logfile, "/dev/null") == 0) {
988 		(void) strcpy(current_admin.logfile, "/dev/null");
989 		(void) close(logfd);
990 		logfd = -1;
991 	} else {
992 		if ((newlogfd =
993 		    open(logfile, O_EXCL|O_WRONLY|O_CREAT, 0644)) < 0) {
994 			/*
995 			 * File already exists... now we need to get cute
996 			 * since opening a file in a world-writeable directory
997 			 * safely is hard = it could be a hard link or a
998 			 * symbolic link to a system file.
999 			 *
1000 			 */
1001 			struct stat	before;
1002 
1003 			if (lstat(logfile, &before) < 0) {
1004 				logit("Cannot open new logfile \"%s\": %sn",
1005 				    logfile, strerror(errno));
1006 				return (-1);
1007 			}
1008 			if (S_ISREG(before.st_mode) &&	/* no symbolic links */
1009 			    (before.st_nlink == 1) &&	/* no hard links */
1010 			    (before.st_uid == 0)) {	/* owned by root */
1011 				if ((newlogfd =
1012 				    open(logfile,
1013 				    O_APPEND|O_WRONLY, 0644)) < 0) {
1014 					logit("Cannot open new logfile "
1015 					    "\"%s\": %s\n",
1016 					    logfile, strerror(errno));
1017 					return (-1);
1018 				}
1019 			} else {
1020 				logit("Cannot use specified logfile "
1021 				    "\"%s\": file is/has links or isn't "
1022 				    "owned by root\n", logfile);
1023 				return (-1);
1024 			}
1025 		}
1026 		(void) strlcpy(ptr->logfile, logfile, sizeof (ptr->logfile));
1027 		(void) close(logfd);
1028 		logfd = newlogfd;
1029 		logit("Starting ldap_cachemgr, logfile %s\n", logfile);
1030 	}
1031 	return (0);
1032 }
1033 
1034 /*PRINTFLIKE1*/
1035 void
1036 logit(char *format, ...)
1037 {
1038 	static mutex_t	loglock;
1039 	struct timeval	tv;
1040 	char		buffer[BUFSIZ];
1041 	va_list		ap;
1042 
1043 	va_start(ap, format);
1044 
1045 	if (logfd >= 0) {
1046 		int	safechars;
1047 
1048 		(void) gettimeofday(&tv, NULL);
1049 		(void) ctime_r(&tv.tv_sec, buffer, BUFSIZ);
1050 		(void) snprintf(buffer+19, BUFSIZE, ".%.4ld	",
1051 		    tv.tv_usec/100);
1052 		safechars = sizeof (buffer) - 30;
1053 		if (vsnprintf(buffer+25, safechars, format, ap) > safechars)
1054 			(void) strcat(buffer, "...\n");
1055 		(void) mutex_lock(&loglock);
1056 		(void) write(logfd, buffer, strlen(buffer));
1057 		(void) mutex_unlock(&loglock);
1058 	}
1059 	va_end(ap);
1060 }
1061 
1062 
1063 static int
1064 client_getadmin(admin_t *ptr)
1065 {
1066 	dataunion		u;
1067 	ldap_data_t	*dptr;
1068 	int		ndata;
1069 	int		adata;
1070 
1071 	u.data.ldap_call.ldap_callnumber = GETADMIN;
1072 	ndata = sizeof (u);
1073 	adata = sizeof (u.data);
1074 	dptr = &u.data;
1075 
1076 	if (__ns_ldap_trydoorcall(&dptr, &ndata, &adata) != NS_CACHE_SUCCESS) {
1077 		return (-1);
1078 	}
1079 	(void) memcpy(ptr, dptr->ldap_ret.ldap_u.buff, sizeof (*ptr));
1080 
1081 	return (0);
1082 }
1083 
1084 
1085 static int
1086 setadmin(ldap_call_t *ptr)
1087 {
1088 	admin_t	*new;
1089 
1090 	new = (admin_t *)ptr->ldap_u.domainname;
1091 
1092 	/*
1093 	 *  global admin stuff
1094 	 */
1095 
1096 	if ((cachemgr_set_lf(&current_admin, new->logfile) < 0) ||
1097 	    cachemgr_set_dl(&current_admin, new->debug_level) < 0) {
1098 		return (-1);
1099 	}
1100 
1101 	if (cachemgr_set_ttl(&current_admin.ldap_stat,
1102 	    "ldap",
1103 	    new->ldap_stat.ldap_ttl) < 0) {
1104 		return (-1);
1105 	}
1106 
1107 	return (0);
1108 }
1109 
1110 
1111 static void
1112 client_killserver()
1113 {
1114 	dataunion		u;
1115 	ldap_data_t		*dptr;
1116 	int			ndata;
1117 	int			adata;
1118 
1119 	u.data.ldap_call.ldap_callnumber = KILLSERVER;
1120 	ndata = sizeof (u);
1121 	adata = sizeof (ldap_call_t);
1122 	dptr = &u.data;
1123 
1124 	__ns_ldap_trydoorcall(&dptr, &ndata, &adata);
1125 }
1126 
1127 
1128 static int
1129 client_setadmin(admin_t *ptr)
1130 {
1131 	dataunion		u;
1132 	ldap_data_t		*dptr;
1133 	int			ndata;
1134 	int			adata;
1135 
1136 	u.data.ldap_call.ldap_callnumber = SETADMIN;
1137 	(void) memcpy(u.data.ldap_call.ldap_u.domainname, ptr, sizeof (*ptr));
1138 	ndata = sizeof (u);
1139 	adata = sizeof (*ptr);
1140 	dptr = &u.data;
1141 
1142 	if (__ns_ldap_trydoorcall(&dptr, &ndata, &adata) != NS_CACHE_SUCCESS) {
1143 		return (-1);
1144 	}
1145 
1146 	return (0);
1147 }
1148 
1149 static int
1150 client_showstats(admin_t *ptr)
1151 {
1152 	dataunion	u;
1153 	ldap_data_t	*dptr;
1154 	int		ndata;
1155 	int		adata;
1156 	char		*rbuf, *sptr, *rest;
1157 
1158 	/*
1159 	 * print admin data
1160 	 */
1161 	(void) printf(gettext("\ncachemgr configuration:\n"));
1162 	(void) printf(gettext("server debug level %10d\n"), ptr->debug_level);
1163 	(void) printf(gettext("server log file\t\"%s\"\n"), ptr->logfile);
1164 	(void) printf(gettext("number of calls to ldapcachemgr %10d\n"),
1165 	    ptr->ldap_stat.ldap_numbercalls);
1166 
1167 	/*
1168 	 * get cache data statistics
1169 	 */
1170 	u.data.ldap_call.ldap_callnumber = GETCACHESTAT;
1171 	ndata = sizeof (u);
1172 	adata = sizeof (ldap_call_t);
1173 	dptr = &u.data;
1174 
1175 	if (__ns_ldap_trydoorcall(&dptr, &ndata, &adata) != NS_CACHE_SUCCESS) {
1176 		(void) printf(
1177 		    gettext("\nCache data statistics not available!\n"));
1178 		return (0);
1179 	}
1180 
1181 	/*
1182 	 * print cache data statistics line by line
1183 	 */
1184 	(void) printf(gettext("\ncachemgr cache data statistics:\n"));
1185 	rbuf = dptr->ldap_ret.ldap_u.buff;
1186 	sptr = strtok_r(rbuf, DOORLINESEP, &rest);
1187 	for (;;) {
1188 		(void) printf("%s\n", sptr);
1189 		sptr = strtok_r(NULL, DOORLINESEP, &rest);
1190 		if (sptr == NULL)
1191 			break;
1192 	}
1193 	return (0);
1194 }
1195 
1196 
1197 /*
1198  * detach from tty
1199  */
1200 static void
1201 detachfromtty(char *pgm)
1202 {
1203 	int	status;
1204 	pid_t	pid, wret;
1205 
1206 	(void) close(0);
1207 	(void) close(1);
1208 	/*
1209 	 * Block the SIGUSR1 signal
1210 	 * just in case that the child
1211 	 * process may run faster than
1212 	 * the parent process and
1213 	 * send this signal before
1214 	 * the signal handler is ready
1215 	 * in the parent process.
1216 	 * This error will cause the parent
1217 	 * to exit with the User Signal 1
1218 	 * exit code (144).
1219 	 */
1220 	(void) sighold(SIGUSR1);
1221 	pid = fork1();
1222 	switch (pid) {
1223 		case (pid_t)-1:
1224 			logit("detachfromtty(): fork1() call failed\n");
1225 			(void) fprintf(stderr,
1226 			    gettext("%s: fork1() call failed.\n"),
1227 			    pgm);
1228 			syslog(LOG_ERR,
1229 			    gettext("ldap_cachemgr: fork1() call failed."));
1230 			exit(1);
1231 			break;
1232 		case 0:
1233 			/*
1234 			 * child process does not
1235 			 * need to worry about
1236 			 * the SIGUSR1 signal
1237 			 */
1238 			(void) sigrelse(SIGUSR1);
1239 			(void) close(2);
1240 			break;
1241 		default:
1242 			/*
1243 			 * Wait forever until the child process
1244 			 * has exited, or has signalled that at
1245 			 * least one server in the server list
1246 			 * is up.
1247 			 */
1248 			if (signal(SIGUSR1, sig_ok_to_exit) == SIG_ERR) {
1249 				logit("detachfromtty(): "
1250 				    "can't set up signal handler to "
1251 				    " catch SIGUSR1.\n");
1252 				(void) fprintf(stderr,
1253 				    gettext("%s: signal() call failed.\n"),
1254 				    pgm);
1255 				syslog(LOG_ERR, gettext("ldap_cachemgr: "
1256 				    "can't set up signal handler to "
1257 				    " catch SIGUSR1."));
1258 				exit(1);
1259 			}
1260 
1261 			/*
1262 			 * now unblock the SIGUSR1 signal
1263 			 * to handle the pending or
1264 			 * soon to arrive SIGUSR1 signal
1265 			 */
1266 			(void) sigrelse(SIGUSR1);
1267 			wret = waitpid(pid, &status, 0);
1268 
1269 			if (wret == -1) {
1270 				logit("detachfromtty(): "
1271 				    "waitpid() call failed\n");
1272 				(void) fprintf(stderr,
1273 				    gettext("%s: waitpid() call failed.\n"),
1274 				    pgm);
1275 				syslog(LOG_ERR,
1276 				    gettext("ldap_cachemgr: waitpid() "
1277 				    "call failed."));
1278 				exit(1);
1279 			}
1280 			if (wret != pid) {
1281 				logit("detachfromtty(): "
1282 				    "waitpid() returned %ld when "
1283 				    "child pid was %ld\n",
1284 				    wret, pid);
1285 				(void) fprintf(stderr,
1286 				    gettext(
1287 				    "%s: waitpid() returned %ld when "
1288 				    "child pid was %ld.\n"),
1289 				    pgm, wret, pid);
1290 				syslog(LOG_ERR,
1291 				    gettext("ldap_cachemgr: waitpid() "
1292 				    "returned different "
1293 				    "child pid."));
1294 				exit(1);
1295 			}
1296 
1297 			/* evaluate return status */
1298 			if (WIFEXITED(status)) {
1299 				if (WEXITSTATUS(status) == 0) {
1300 					exit(0);
1301 				}
1302 				logit("detachfromtty(): "
1303 				    "child failed (rc = %d).\n",
1304 				    WEXITSTATUS(status));
1305 				(void) fprintf(stderr,
1306 				    gettext("%s: failed. Please see "
1307 				    "syslog for details.\n"),
1308 				    pgm);
1309 				syslog(LOG_ERR,
1310 				    gettext("ldap_cachemgr: failed "
1311 				    "(rc = %d)."),
1312 				    WEXITSTATUS(status));
1313 			} else if (WIFSIGNALED(status)) {
1314 				logit("detachfromtty(): "
1315 				    "child terminated by signal %d.\n",
1316 				    WTERMSIG(status));
1317 				(void) fprintf(stderr,
1318 				gettext("%s: terminated by signal %d.\n"),
1319 				    pgm, WTERMSIG(status));
1320 				syslog(LOG_ERR,
1321 				    gettext("ldap_cachemgr: terminated by "
1322 				    "signal %d.\n"),
1323 				    WTERMSIG(status));
1324 			} else if (WCOREDUMP(status)) {
1325 				logit("detachfromtty(): child core dumped.\n"),
1326 				    (void) fprintf(stderr,
1327 				    gettext("%s: core dumped.\n"),
1328 				    pgm);
1329 				syslog(LOG_ERR,
1330 				    gettext("ldap_cachemgr: "
1331 				    "core dumped.\n"));
1332 			}
1333 
1334 			exit(1);
1335 	}
1336 	(void) setsid();
1337 	if (open("/dev/null", O_RDWR, 0) != -1) {
1338 		(void) dup(0);
1339 		(void) dup(0);
1340 	}
1341 }
1342 
1343 /*
1344  * Check if the door client's euid is 0
1345  *
1346  * We could check for some privilege or re-design the interfaces that
1347  * lead to is_root() being called so that we rely on SMF and RBAC, but
1348  * we need this check only for dealing with undocumented-but-possibly-
1349  * used interfaces.  Anything beyond checking for euid == 0 here would
1350  * be overkill considering that those are undocumented interfaces.
1351  *
1352  * If free_uc is 0, the caller is responsible for freeing *ucp.
1353  *
1354  * return - 0 euid != 0
1355  *          1 euid == 0
1356  */
1357 static int
1358 is_root(int free_uc, char *dc_str, ucred_t **ucp)
1359 {
1360 	int	rc;
1361 
1362 	if (door_ucred(ucp) != 0) {
1363 		rc = errno;
1364 		logit("door_ucred() call failed %s\n", strerror(rc));
1365 		syslog(LOG_ERR, gettext("ldap_cachemgr: door_ucred() call %s "
1366 		    "failed %s"), strerror(rc));
1367 		return (0);
1368 	}
1369 
1370 
1371 	if (ucred_geteuid(*ucp) != 0) {
1372 
1373 		if (current_admin.debug_level >= DBG_CANT_FIND)
1374 			logit("%s call failed(cred): caller pid %ld, uid %u, "
1375 			    "euid %u (if uid or euid is %u, it may be "
1376 			    "unavailable)\n", dc_str, ucred_getpid(*ucp),
1377 			    ucred_getruid(*ucp), ucred_geteuid(*ucp), -1);
1378 
1379 		rc = 0;
1380 	} else {
1381 
1382 		if (current_admin.debug_level >= DBG_ALL)
1383 			logit("received %s call from pid %ld, uid %u, euid %u "
1384 			    "(if uid or euid is %u, it may be unavailable)\n",
1385 			    dc_str, ucred_getpid(*ucp), ucred_getruid(*ucp),
1386 			    ucred_geteuid(*ucp), -1);
1387 		rc = 1;
1388 	}
1389 
1390 	if (free_uc)
1391 		ucred_free(*ucp);
1392 
1393 	return (rc);
1394 }
1395 
1396 /*
1397  * Check if pid is nscd
1398  *
1399  * Input: pid - process id of the door client that calls ldap_cachemgr
1400  *
1401  * Return: 0 - No
1402  *         1 - Yes
1403  */
1404 
1405 int
1406 is_called_from_nscd(pid_t pid)
1407 {
1408 	static mutex_t	_door_lock = DEFAULTMUTEX;
1409 	static	int	doorfd = -1;
1410 	int		match;
1411 	door_info_t	my_door;
1412 
1413 	/*
1414 	 * the first time in we try and open and validate the door.
1415 	 * the validations are that the door must have been
1416 	 * created with the door cookie and
1417 	 * that the file attached to the door is owned by root
1418 	 * and readonly by user, group and other.  If any of these
1419 	 * validations fail we refuse to use the door.
1420 	 */
1421 
1422 	(void) mutex_lock(&_door_lock);
1423 
1424 try_again:
1425 
1426 	if (doorfd == -1) {
1427 
1428 		if ((doorfd = open(NAME_SERVICE_DOOR, O_RDONLY, 0))
1429 		    == -1) {
1430 			(void) mutex_unlock(&_door_lock);
1431 			return (0);
1432 		}
1433 
1434 		if (door_info(doorfd, &my_door) == -1 ||
1435 		    (my_door.di_attributes & DOOR_REVOKED) ||
1436 		    my_door.di_data != (uintptr_t)NAME_SERVICE_DOOR_COOKIE) {
1437 			/*
1438 			 * we should close doorfd because we just opened it
1439 			 */
1440 			(void) close(doorfd);
1441 			doorfd = -1;
1442 			(void) mutex_unlock(&_door_lock);
1443 			return (0);
1444 		}
1445 	} else {
1446 		/*
1447 		 * doorfd is cached. Double check just in case
1448 		 * the door server is restarted or is down.
1449 		 */
1450 		if (door_info(doorfd, &my_door) == -1 ||
1451 		    my_door.di_data != (uintptr_t)NAME_SERVICE_DOOR_COOKIE) {
1452 			/*
1453 			 * don't close it -
1454 			 * someone else has clobbered fd
1455 			 */
1456 			doorfd = -1;
1457 			goto try_again;
1458 		}
1459 
1460 		if (my_door.di_attributes & DOOR_REVOKED) {
1461 			(void) close(doorfd);
1462 			doorfd = -1;	/* try and restart connection */
1463 			goto try_again;
1464 		}
1465 	}
1466 
1467 	/*
1468 	 * door descriptor exists and is valid
1469 	 */
1470 	if (pid == my_door.di_target)
1471 		match = 1;
1472 	else
1473 		match = 0;
1474 
1475 	(void) mutex_unlock(&_door_lock);
1476 
1477 	return (match);
1478 
1479 }
1480 
1481 /*
1482  * new_attr(name, value)
1483  *
1484  * create a new LDAP attribute to be sent to the server
1485  */
1486 static ns_ldap_attr_t *
1487 new_attr(char *name, char *value)
1488 {
1489 	ns_ldap_attr_t *tmp;
1490 
1491 	tmp = malloc(sizeof (*tmp));
1492 	if (tmp != NULL) {
1493 		tmp->attrname = name;
1494 		tmp->attrvalue = (char **)calloc(2, sizeof (char *));
1495 		if (tmp->attrvalue == NULL) {
1496 			free(tmp);
1497 			return (NULL);
1498 		}
1499 		tmp->attrvalue[0] = value;
1500 		tmp->value_count = 1;
1501 	}
1502 
1503 	return (tmp);
1504 }
1505 
1506 /*
1507  * Convert the flatten ldap attributes in a ns_ldap_attr_t back
1508  * to an ns_ldap_attr_t array.
1509  *
1510  * strlist->ldap_offsets[] contains offsets to strings:
1511  * "dn", <dn value>, <attr 1>, <attrval 1>, ... <attr n>, <attrval n>
1512  * where n is (strlist->ldap_count/2 -1).
1513  * The output ns_ldap_attr_t array has a size of (strlist->ldap_count/2)
1514  * the first (strlist->ldap_count/2 -1) contains all the attribute data,
1515  * the last one is a NULL pointer. DN will be extracted out and pointed
1516  * to by *dn.
1517  */
1518 static ns_ldap_attr_t **
1519 str2attrs(ldap_strlist_t *strlist, char **dn)
1520 {
1521 	int		c;
1522 	int		i;
1523 	int		j;
1524 	ns_ldap_attr_t	**ret;
1525 
1526 	c = strlist->ldap_count;
1527 	ret = calloc(c/2, sizeof (ns_ldap_attr_t *));
1528 	if (ret == NULL)
1529 		return (NULL);
1530 	*dn = (char *)strlist + strlist->ldap_offsets[1];
1531 
1532 	/*
1533 	 * skip the first 'dn'/<dn value> pair, for all other attr type/value
1534 	 * pairs, get pointers to the attr type (offset [i]) and attr value
1535 	 * (offset [i+1]) and put in ns_ldap_attr_t at ret[j]
1536 	 */
1537 	for (i = 2, j = 0; i < c; i = i + 2, j++) {
1538 		ret[j] = new_attr((char *)strlist + strlist->ldap_offsets[i],
1539 		    (char *)strlist + strlist->ldap_offsets[i + 1]);
1540 	}
1541 	return (ret);
1542 }
1543 
1544 static int
1545 get_admin_dn(ns_cred_t *credp, int *status, ns_ldap_error_t **errorp)
1546 {
1547 	void	**paramVal = NULL;
1548 	int	rc;
1549 
1550 	/* get bind DN for shadow update */
1551 	rc = __ns_ldap_getParam(NS_LDAP_ADMIN_BINDDN_P,
1552 	    &paramVal, errorp);
1553 	if (rc != NS_LDAP_SUCCESS)
1554 		return (rc);
1555 
1556 	if (paramVal == NULL || *paramVal == NULL) {
1557 		rc = NS_LDAP_CONFIG;
1558 		*status = NS_CONFIG_NOTALLOW;
1559 		if (paramVal != NULL)
1560 			(void) __ns_ldap_freeParam(&paramVal);
1561 		return (rc);
1562 	}
1563 	credp->cred.unix_cred.userID = strdup((char *)*paramVal);
1564 	(void) __ns_ldap_freeParam(&paramVal);
1565 	if (credp->cred.unix_cred.userID == NULL)
1566 		return (NS_LDAP_MEMORY);
1567 
1568 	return (NS_LDAP_SUCCESS);
1569 }
1570 
1571 /*
1572  * admin_modify() does a privileged modify within the ldap_cachemgr daemon
1573  * process using the admin DN/password configured with parameters
1574  * NS_LDAP_ADMIN_BINDDN and NS_LDAP_ADMIN_BINDPASSWD. It will only
1575  * be done if NS_LDAP_ENABLE_SHADOW_UPDATE is set to TRUE.
1576  *
1577  * The input ldap_call_t (*in) contains LDAP shadowAccount attributes to
1578  * be modified. The data is a flatten ns_ldap_attr_t arrary stored in
1579  * the strlist element of the input ldap_call_t.
1580  * The output will be in LineBuf (*config_info), an ldap_admin_mod_result_t
1581  * structure that contains error code, error status, and error message.
1582  */
1583 static void
1584 admin_modify(LineBuf *config_info, ldap_call_t *in)
1585 {
1586 	int		rc = NS_LDAP_SUCCESS;
1587 	int		authstried = 0;
1588 	int		shadow_enabled = 0;
1589 	char		*dn = NULL;
1590 	char		**certpath = NULL;
1591 	char		**enable_shadow = NULL;
1592 	ns_auth_t	**app;
1593 	ns_auth_t	**authpp = NULL;
1594 	ns_auth_t	*authp = NULL;
1595 	ns_cred_t	*credp = NULL;
1596 	char		buffer[MAXERROR];
1597 	const int	rlen = offsetof(ldap_admin_mod_result_t, msg);
1598 	int		mlen = 0;
1599 	const int	msgmax = MAXERROR - rlen;
1600 	int		status = 0;
1601 	ucred_t		*uc = NULL;
1602 	ldap_strlist_t	*strlist;
1603 	ns_ldap_attr_t	**attrs = NULL;
1604 	ns_ldap_error_t *error = NULL;
1605 	ldap_admin_mod_result_t *result;
1606 
1607 	(void) memset((char *)config_info, 0, sizeof (LineBuf));
1608 
1609 	/* only root or an ALL privs user can do admin modify */
1610 	if (is_root_or_all_privs("ADMINMODIFY", &uc) == 0) {
1611 		mlen = snprintf(buffer, msgmax, "%s",
1612 		    gettext("shadow update by a non-root and no ALL privilege "
1613 		    "user not allowed"));
1614 		rc = NS_LDAP_CONFIG;
1615 		goto out;
1616 	}
1617 
1618 	/* check to see if shadow update is enabled */
1619 	rc = __ns_ldap_getParam(NS_LDAP_ENABLE_SHADOW_UPDATE_P,
1620 	    (void ***)&enable_shadow, &error);
1621 	if (rc != NS_LDAP_SUCCESS)
1622 		goto out;
1623 	if (enable_shadow != NULL && *enable_shadow != NULL) {
1624 		shadow_enabled = (*(int *)enable_shadow[0] ==
1625 		    NS_LDAP_ENABLE_SHADOW_UPDATE_TRUE);
1626 	}
1627 	if (enable_shadow != NULL)
1628 		(void) __ns_ldap_freeParam((void ***)&enable_shadow);
1629 	if (shadow_enabled == 0) {
1630 		rc = NS_LDAP_CONFIG;
1631 		status = NS_CONFIG_NOTALLOW;
1632 		mlen = snprintf(buffer, msgmax, "%s",
1633 		    gettext("shadow update not enabled"));
1634 		goto out;
1635 	}
1636 
1637 	/* convert attributes in string buffer into an ldap attribute array */
1638 	strlist = &in->ldap_u.strlist;
1639 	attrs = str2attrs(strlist, &dn);
1640 	if (attrs == NULL || *attrs == NULL || dn == NULL || *dn == '\0') {
1641 		rc = NS_LDAP_INVALID_PARAM;
1642 		goto out;
1643 	}
1644 
1645 	if ((credp = (ns_cred_t *)calloc(1, sizeof (ns_cred_t))) == NULL) {
1646 		rc = NS_LDAP_MEMORY;
1647 		goto out;
1648 	}
1649 
1650 	/* get host certificate path, if one is configured */
1651 	rc = __ns_ldap_getParam(NS_LDAP_HOST_CERTPATH_P,
1652 	    (void ***)&certpath, &error);
1653 	if (rc != NS_LDAP_SUCCESS)
1654 		goto out;
1655 	if (certpath != NULL && *certpath != NULL) {
1656 		credp->hostcertpath = strdup(*certpath);
1657 		if (credp->hostcertpath == NULL)
1658 			rc = NS_LDAP_MEMORY;
1659 	}
1660 	if (certpath != NULL)
1661 		(void) __ns_ldap_freeParam((void ***)&certpath);
1662 	if (rc != NS_LDAP_SUCCESS)
1663 		goto out;
1664 
1665 	/* Load the service specific authentication method */
1666 	rc = __ns_ldap_getServiceAuthMethods("passwd-cmd", &authpp,
1667 	    &error);
1668 	if (rc != NS_LDAP_SUCCESS) {
1669 		if (credp->hostcertpath != NULL)
1670 			free(credp->hostcertpath);
1671 		goto out;
1672 	}
1673 
1674 	/*
1675 	 * if authpp is null, there is no serviceAuthenticationMethod
1676 	 * try default authenticationMethod
1677 	 */
1678 	if (authpp == NULL) {
1679 		rc = __ns_ldap_getParam(NS_LDAP_AUTH_P, (void ***)&authpp,
1680 		    &error);
1681 		if (rc != NS_LDAP_SUCCESS)
1682 			goto out;
1683 	}
1684 
1685 	/*
1686 	 * if authpp is still null, then can not authenticate, syslog
1687 	 * error message and return error
1688 	 */
1689 	if (authpp == NULL) {
1690 		rc = NS_LDAP_CONFIG;
1691 		mlen = snprintf(buffer, msgmax, "%s",
1692 		    gettext("No legal LDAP authentication method configured"));
1693 		goto out;
1694 	}
1695 
1696 	/*
1697 	 * Walk the array and try all authentication methods in order except
1698 	 * for "none".
1699 	 */
1700 	for (app = authpp; *app; app++) {
1701 		authp = *app;
1702 		if (authp->type == NS_LDAP_AUTH_NONE)
1703 			continue;
1704 		authstried++;
1705 		credp->auth.type = authp->type;
1706 		credp->auth.tlstype = authp->tlstype;
1707 		credp->auth.saslmech = authp->saslmech;
1708 		credp->auth.saslopt = authp->saslopt;
1709 
1710 		/*
1711 		 * For GSSAPI, host credential will be used. No admin
1712 		 * DN is needed. For other authentication methods,
1713 		 * we need to set admin.
1714 		 */
1715 		if (credp->auth.saslmech != NS_LDAP_SASL_GSSAPI) {
1716 			if ((rc = get_admin_dn(credp, &status,
1717 			    &error)) != NS_LDAP_SUCCESS) {
1718 				if (error != NULL)
1719 					goto out;
1720 				if (status == NS_CONFIG_NOTALLOW) {
1721 					mlen = snprintf(buffer, msgmax, "%s",
1722 					    gettext("Admin bind DN not "
1723 					    "configured"));
1724 					goto out;
1725 				}
1726 			}
1727 		}
1728 
1729 		rc = __ns_ldap_repAttr(NS_ADMIN_SHADOW_UPDATE, dn,
1730 		    (const ns_ldap_attr_t * const *)attrs,
1731 		    credp, 0, &error);
1732 		if (rc == NS_LDAP_SUCCESS)
1733 			goto out;
1734 
1735 		/*
1736 		 * Other errors might need to be added to this list, for
1737 		 * the current supported mechanisms this is sufficient.
1738 		 */
1739 		if (rc == NS_LDAP_INTERNAL &&
1740 		    error->pwd_mgmt.status == NS_PASSWD_GOOD &&
1741 		    (error->status == LDAP_INAPPROPRIATE_AUTH ||
1742 		    error->status == LDAP_INVALID_CREDENTIALS))
1743 			goto out;
1744 
1745 		/*
1746 		 * If there is error related to password policy,
1747 		 * return it to caller.
1748 		 */
1749 		if (rc == NS_LDAP_INTERNAL &&
1750 		    error->pwd_mgmt.status != NS_PASSWD_GOOD) {
1751 			rc = NS_LDAP_CONFIG;
1752 			status = NS_CONFIG_NOTALLOW;
1753 			(void) __ns_ldap_freeError(&error);
1754 			mlen = snprintf(buffer, msgmax, "%s",
1755 			    gettext("update failed due to "
1756 			    "password policy on server (%d)"),
1757 			    error->pwd_mgmt.status);
1758 			goto out;
1759 		}
1760 
1761 		/* we don't really care about the error, just clean it up */
1762 		if (error)
1763 			(void) __ns_ldap_freeError(&error);
1764 	}
1765 	if (authstried == 0) {
1766 		rc = NS_LDAP_CONFIG;
1767 		mlen = snprintf(buffer, msgmax, "%s",
1768 		    gettext("No legal LDAP authentication method configured"));
1769 		goto out;
1770 	}
1771 
1772 	rc = NS_LDAP_OP_FAILED;
1773 
1774 out:
1775 	if (credp != NULL)
1776 		(void) __ns_ldap_freeCred(&credp);
1777 
1778 	if (authpp != NULL)
1779 		(void) __ns_ldap_freeParam((void ***)&authpp);
1780 
1781 	if (error != NULL) {
1782 		mlen = snprintf(buffer, msgmax, "%s", error->message);
1783 		status = error->status;
1784 		(void) __ns_ldap_freeError(&error);
1785 	}
1786 
1787 	if (attrs != NULL) {
1788 		int i;
1789 		for (i = 0; attrs[i]; i++) {
1790 			free(attrs[i]->attrvalue);
1791 			free(attrs[i]);
1792 		}
1793 	}
1794 
1795 	config_info->len = rlen + mlen + 1;
1796 	config_info->str = malloc(config_info->len);
1797 	if (config_info->str == NULL) {
1798 		config_info->len = 0;
1799 		return;
1800 	}
1801 	result = (ldap_admin_mod_result_t *)config_info->str;
1802 	result->ns_err = rc;
1803 	result->status = status;
1804 	if (mlen != 0) {
1805 		result->msg_size = mlen + 1;
1806 		(void) strcpy(config_info->str + rlen, buffer);
1807 	}
1808 }
1809 
1810 /*
1811  * Check to see if the door client's euid is 0 or if it has ALL zone privilege.
1812  * return - 0 No or error
1813  *          1 Yes
1814  */
1815 int
1816 is_root_or_all_privs(char *dc_str, ucred_t **ucp)
1817 {
1818 	const priv_set_t *ps;	/* door client */
1819 	priv_set_t *zs;		/* zone */
1820 	int rc = 0;
1821 
1822 	*ucp = NULL;
1823 
1824 	/* no more to do if door client's euid is 0 */
1825 	if (is_root(0, dc_str, ucp) == 1) {
1826 		ucred_free(*ucp);
1827 		return (1);
1828 	}
1829 
1830 	/* error if couldn't get the ucred_t */
1831 	if (*ucp == NULL)
1832 		return (0);
1833 
1834 	if ((ps = ucred_getprivset(*ucp, PRIV_EFFECTIVE)) != NULL) {
1835 		zs = priv_str_to_set("zone", ",", NULL);
1836 		if (priv_isequalset(ps, zs))
1837 			rc = 1; /* has all zone privs */
1838 		else {
1839 			if (current_admin.debug_level >= DBG_CANT_FIND)
1840 				logit("%s call failed (no all zone privs): "
1841 				    "caller pid %ld, uid %u, euid %u "
1842 				    "(if uid or euid is %u, it may "
1843 				    "be unavailable)\n", dc_str,
1844 				    ucred_getpid(*ucp), ucred_getruid(*ucp),
1845 				    ucred_geteuid(*ucp), -1);
1846 		}
1847 		priv_freeset(zs);
1848 	}
1849 
1850 	ucred_free(*ucp);
1851 	return (rc);
1852 }
1853