1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. 23 * 24 * Copyright 2018 Joyent, Inc. 25 */ 26 27 #include <assert.h> 28 #include <errno.h> 29 #include <memory.h> 30 #include <signal.h> 31 #include <stdlib.h> 32 #include <stdio.h> 33 #include <string.h> 34 #include <libintl.h> 35 #include <syslog.h> 36 #include <sys/door.h> 37 #include <sys/stat.h> 38 #include <sys/time.h> 39 #include <sys/types.h> 40 #include <sys/wait.h> 41 #include <synch.h> 42 #include <pthread.h> 43 #include <unistd.h> 44 #include <lber.h> 45 #include <ldap.h> 46 #include <ctype.h> /* tolower */ 47 #include <sys/socket.h> 48 #include <netinet/in.h> 49 #include <arpa/inet.h> 50 #include <ucred.h> 51 #include "cachemgr.h" 52 #include "solaris-priv.h" 53 #include "ns_connmgmt.h" 54 55 static rwlock_t ldap_lock = DEFAULTRWLOCK; 56 static int sighup_update = FALSE; 57 extern admin_t current_admin; 58 59 extern int is_root_or_all_privs(char *dc_str, ucred_t **ucp); 60 61 /* variables used for SIGHUP wakeup on sleep */ 62 static mutex_t sighuplock; 63 static cond_t cond; 64 65 /* refresh time statistics */ 66 static time_t prev_refresh_time = 0; 67 68 /* variables used for signaling parent process */ 69 static mutex_t sig_mutex; 70 static int signal_done = FALSE; 71 72 /* TCP connection timeout (in milliseconds) */ 73 static int tcptimeout = NS_DEFAULT_BIND_TIMEOUT * 1000; 74 75 #ifdef SLP 76 extern int use_slp; 77 #endif /* SLP */ 78 79 /* nis domain information */ 80 #define _NIS_FILTER "objectclass=nisDomainObject" 81 #define _NIS_DOMAIN "nisdomain" 82 83 #define CACHESLEEPTIME 600 84 /* 85 * server list refresh delay when in "no server" mode 86 * (1 second) 87 */ 88 #define REFRESH_DELAY_WHEN_NO_SERVER 1 89 90 typedef enum { 91 INFO_OP_CREATE = 0, 92 INFO_OP_DELETE = 1, 93 INFO_OP_REFRESH = 2, 94 INFO_OP_REFRESH_WAIT = 3, 95 INFO_OP_GETSERVER = 4, 96 INFO_OP_GETSTAT = 5, 97 INFO_OP_REMOVESERVER = 6 98 } info_op_t; 99 100 typedef enum { 101 INFO_RW_UNKNOWN = 0, 102 INFO_RW_READONLY = 1, 103 INFO_RW_WRITEABLE = 2 104 } info_rw_t; 105 106 typedef enum { 107 INFO_SERVER_JUST_INITED = -1, 108 INFO_SERVER_UNKNOWN = 0, 109 INFO_SERVER_CONNECTING = 1, 110 INFO_SERVER_UP = 2, 111 INFO_SERVER_ERROR = 3, 112 INFO_SERVER_REMOVED = 4 113 } info_server_t; 114 115 typedef enum { 116 INFO_STATUS_UNKNOWN = 0, 117 INFO_STATUS_ERROR = 1, 118 INFO_STATUS_NEW = 2, 119 INFO_STATUS_OLD = 3 120 } info_status_t; 121 122 typedef enum { 123 CACHE_OP_CREATE = 0, 124 CACHE_OP_DELETE = 1, 125 CACHE_OP_FIND = 2, 126 CACHE_OP_ADD = 3, 127 CACHE_OP_GETSTAT = 4 128 } cache_op_t; 129 130 typedef enum { 131 CACHE_MAP_UNKNOWN = 0, 132 CACHE_MAP_DN2DOMAIN = 1 133 } cache_type_t; 134 135 typedef struct server_info_ext { 136 char *addr; 137 char *hostname; 138 char *rootDSE_data; 139 char *errormsg; 140 info_rw_t type; 141 info_server_t server_status; 142 info_server_t prev_server_status; 143 info_status_t info_status; 144 ns_server_status_t change; 145 } server_info_ext_t; 146 147 typedef struct server_info { 148 struct server_info *next; 149 mutex_t mutex[2]; /* 0: current copy lock */ 150 /* 1: update copy lock */ 151 server_info_ext_t sinfo[2]; /* 0: current, 1: update copy */ 152 } server_info_t; 153 154 typedef struct cache_hash { 155 cache_type_t type; 156 char *from; 157 char *to; 158 struct cache_hash *next; 159 } cache_hash_t; 160 161 /* 162 * The status of a server to be removed. It can be up or down. 163 */ 164 typedef struct rm_svr { 165 char *addr; 166 int up; /* 1: up, 0: down */ 167 } rm_svr_t; 168 169 static int getldap_destroy_serverInfo(server_info_t *head); 170 static void test_server_change(server_info_t *head); 171 static void remove_server(char *addr); 172 static ns_server_status_t set_server_status(char *input, server_info_t *head); 173 static void create_buf_and_notify(char *input, ns_server_status_t st); 174 175 /* 176 * Load configuration 177 * The code was in signal handler getldap_revalidate 178 * It's moved out of the handler because it could cause deadlock 179 * return: 1 SUCCESS 180 * 0 FAIL 181 */ 182 static int 183 load_config() { 184 ns_ldap_error_t *error; 185 int rc = 1; 186 187 (void) __ns_ldap_setServer(TRUE); 188 189 (void) rw_wrlock(&ldap_lock); 190 if ((error = __ns_ldap_LoadConfiguration()) != NULL) { 191 logit("Error: Unable to read '%s': %s\n", 192 NSCONFIGFILE, error->message); 193 __ns_ldap_freeError(&error); 194 rc = 0; /* FAIL */ 195 } else 196 sighup_update = TRUE; 197 198 (void) rw_unlock(&ldap_lock); 199 200 return (rc); 201 } 202 203 /* 204 * Calculate a hash for a string 205 * Based on elf_hash algorithm, hash is case insensitive 206 * Uses tolower instead of _tolower because of I18N 207 */ 208 209 static unsigned long 210 getldap_hash(const char *str) 211 { 212 unsigned int hval = 0; 213 214 while (*str) { 215 unsigned int g; 216 217 hval = (hval << 4) + tolower(*str++); 218 if ((g = (hval & 0xf0000000)) != 0) 219 hval ^= g >> 24; 220 hval &= ~g; 221 } 222 return ((unsigned long)hval); 223 } 224 225 /* 226 * Remove a hash table entry. 227 * This function expects a lock in place when called. 228 */ 229 230 static cache_hash_t * 231 getldap_free_hash(cache_hash_t *p) 232 { 233 cache_hash_t *next; 234 235 p->type = CACHE_MAP_UNKNOWN; 236 if (p->from) 237 free(p->from); 238 if (p->to) 239 free(p->to); 240 next = p->next; 241 p->next = NULL; 242 free(p); 243 return (next); 244 } 245 246 /* 247 * Scan a hash table hit for a matching hash entry. 248 * This function expects a lock in place when called. 249 */ 250 static cache_hash_t * 251 getldap_scan_hash(cache_type_t type, char *from, 252 cache_hash_t *idx) 253 { 254 while (idx) { 255 if (idx->type == type && 256 strcasecmp(from, idx->from) == 0) { 257 return (idx); 258 } 259 idx = idx->next; 260 } 261 return ((cache_hash_t *)NULL); 262 } 263 264 /* 265 * Format and return the cache data statistics 266 */ 267 static int 268 getldap_get_cacheData_stat(int max, int current, char **output) 269 { 270 #define C_HEADER0 "Cache data information: " 271 #define C_HEADER1 " Maximum cache entries: " 272 #define C_HEADER2 " Number of cache entries: " 273 int hdr0_len = strlen(gettext(C_HEADER0)); 274 int hdr1_len = strlen(gettext(C_HEADER1)); 275 int hdr2_len = strlen(gettext(C_HEADER2)); 276 int len; 277 278 if (current_admin.debug_level >= DBG_ALL) { 279 logit("getldap_get_cacheData_stat()...\n"); 280 } 281 282 *output = NULL; 283 284 len = hdr0_len + hdr1_len + hdr2_len + 285 3 * strlen(DOORLINESEP) + 21; 286 *output = malloc(len); 287 if (*output == NULL) 288 return (-1); 289 290 (void) snprintf(*output, len, "%s%s%s%10d%s%s%10d%s", 291 gettext(C_HEADER0), DOORLINESEP, 292 gettext(C_HEADER1), max, DOORLINESEP, 293 gettext(C_HEADER2), current, DOORLINESEP); 294 295 return (NS_LDAP_SUCCESS); 296 } 297 298 static int 299 getldap_cache_op(cache_op_t op, cache_type_t type, 300 char *from, char **to) 301 { 302 #define CACHE_HASH_MAX 257 303 #define CACHE_HASH_MAX_ENTRY 256 304 static cache_hash_t *hashTbl[CACHE_HASH_MAX]; 305 cache_hash_t *next, *idx, *newp; 306 unsigned long hash; 307 static rwlock_t cache_lock = DEFAULTRWLOCK; 308 int i; 309 static int entry_num = 0; 310 311 if (current_admin.debug_level >= DBG_ALL) { 312 logit("getldap_cache_op()...\n"); 313 } 314 switch (op) { 315 case CACHE_OP_CREATE: 316 if (current_admin.debug_level >= DBG_ALL) { 317 logit("operation is CACHE_OP_CREATE...\n"); 318 } 319 (void) rw_wrlock(&cache_lock); 320 321 for (i = 0; i < CACHE_HASH_MAX; i++) { 322 hashTbl[i] = NULL; 323 } 324 entry_num = 0; 325 326 (void) rw_unlock(&cache_lock); 327 break; 328 329 case CACHE_OP_DELETE: 330 if (current_admin.debug_level >= DBG_ALL) { 331 logit("operation is CACHE_OP_DELETE...\n"); 332 } 333 (void) rw_wrlock(&cache_lock); 334 335 for (i = 0; i < CACHE_HASH_MAX; i++) { 336 next = hashTbl[i]; 337 while (next != NULL) { 338 next = getldap_free_hash(next); 339 } 340 hashTbl[i] = NULL; 341 } 342 entry_num = 0; 343 344 (void) rw_unlock(&cache_lock); 345 break; 346 347 case CACHE_OP_ADD: 348 if (current_admin.debug_level >= DBG_ALL) { 349 logit("operation is CACHE_OP_ADD...\n"); 350 } 351 if (from == NULL || to == NULL || *to == NULL) 352 return (-1); 353 hash = getldap_hash(from) % CACHE_HASH_MAX; 354 (void) rw_wrlock(&cache_lock); 355 idx = hashTbl[hash]; 356 /* 357 * replace old "to" value with new one 358 * if an entry with same "from" 359 * already exists 360 */ 361 if (idx) { 362 newp = getldap_scan_hash(type, from, idx); 363 if (newp) { 364 free(newp->to); 365 newp->to = strdup(*to); 366 (void) rw_unlock(&cache_lock); 367 return (NS_LDAP_SUCCESS); 368 } 369 } 370 371 if (entry_num > CACHE_HASH_MAX_ENTRY) { 372 (void) rw_unlock(&cache_lock); 373 return (-1); 374 } 375 376 newp = (cache_hash_t *)malloc(sizeof (cache_hash_t)); 377 if (newp == NULL) { 378 (void) rw_unlock(&cache_lock); 379 return (NS_LDAP_MEMORY); 380 } 381 newp->type = type; 382 newp->from = strdup(from); 383 newp->to = strdup(*to); 384 newp->next = idx; 385 hashTbl[hash] = newp; 386 entry_num++; 387 (void) rw_unlock(&cache_lock); 388 break; 389 390 case CACHE_OP_FIND: 391 if (current_admin.debug_level >= DBG_ALL) { 392 logit("operation is CACHE_OP_FIND...\n"); 393 } 394 if (from == NULL || to == NULL) 395 return (-1); 396 *to = NULL; 397 hash = getldap_hash(from) % CACHE_HASH_MAX; 398 (void) rw_rdlock(&cache_lock); 399 idx = hashTbl[hash]; 400 idx = getldap_scan_hash(type, from, idx); 401 if (idx) 402 *to = strdup(idx->to); 403 (void) rw_unlock(&cache_lock); 404 if (idx == NULL) 405 return (-1); 406 break; 407 408 case CACHE_OP_GETSTAT: 409 if (current_admin.debug_level >= DBG_ALL) { 410 logit("operation is CACHE_OP_GETSTAT...\n"); 411 } 412 if (to == NULL) 413 return (-1); 414 415 return (getldap_get_cacheData_stat(CACHE_HASH_MAX_ENTRY, 416 entry_num, to)); 417 break; 418 419 default: 420 logit("getldap_cache_op(): " 421 "invalid operation code (%d).\n", op); 422 return (-1); 423 break; 424 } 425 return (NS_LDAP_SUCCESS); 426 } 427 /* 428 * Function: sync_current_with_update_copy 429 * 430 * This function syncs up the 2 sinfo copies in info. 431 * 432 * The 2 copies are identical most of time. 433 * The update copy(sinfo[1]) could be different when 434 * getldap_serverInfo_refresh thread is refreshing the server list 435 * and calls getldap_get_rootDSE to update info. getldap_get_rootDSE 436 * calls sync_current_with_update_copy to sync up 2 copies before thr_exit. 437 * The calling sequence is 438 * getldap_serverInfo_refresh-> 439 * getldap_get_serverInfo_op(INFO_OP_CREATE,...)-> 440 * getldap_set_serverInfo-> 441 * getldap_get_rootDSE 442 * 443 * The original server_info_t has one copy of server info. When libsldap 444 * makes door call GETLDAPSERVER to get the server info and getldap_get_rootDSE 445 * is updating the server info, it would hit a unprotected window in 446 * getldap_rootDSE. The door call will not get server info and libsldap 447 * fails at making ldap connection. 448 * 449 * The new server_info_t provides GETLDAPSERVER thread with a current 450 * copy(sinfo[0]). getldap_get_rootDSE only works on the update copy(sinfo[1]) 451 * and syncs up 2 copies before thr_exit. This will close the window in 452 * getldap_get_rootDSE. 453 * 454 */ 455 static void 456 sync_current_with_update_copy(server_info_t *info) 457 { 458 if (current_admin.debug_level >= DBG_ALL) { 459 logit("sync_current_with_update_copy()...\n"); 460 } 461 462 (void) mutex_lock(&info->mutex[1]); 463 (void) mutex_lock(&info->mutex[0]); 464 465 if (info->sinfo[1].server_status == INFO_SERVER_UP && 466 info->sinfo[0].server_status != INFO_SERVER_UP) 467 info->sinfo[1].change = NS_SERVER_UP; 468 else if (info->sinfo[1].server_status != INFO_SERVER_UP && 469 info->sinfo[0].server_status == INFO_SERVER_UP) 470 info->sinfo[1].change = NS_SERVER_DOWN; 471 else 472 info->sinfo[1].change = 0; 473 474 475 /* free memory in current copy first */ 476 if (info->sinfo[0].addr) 477 free(info->sinfo[0].addr); 478 info->sinfo[0].addr = NULL; 479 480 if (info->sinfo[0].hostname) 481 free(info->sinfo[0].hostname); 482 info->sinfo[0].hostname = NULL; 483 484 if (info->sinfo[0].rootDSE_data) 485 free(info->sinfo[0].rootDSE_data); 486 info->sinfo[0].rootDSE_data = NULL; 487 488 if (info->sinfo[0].errormsg) 489 free(info->sinfo[0].errormsg); 490 info->sinfo[0].errormsg = NULL; 491 492 /* 493 * make current and update copy identical 494 */ 495 info->sinfo[0] = info->sinfo[1]; 496 497 /* 498 * getldap_get_server_stat() reads the update copy sinfo[1] 499 * so it can't be freed or nullified yet at this point. 500 * 501 * The sinfo[0] and sinfo[1] have identical string pointers. 502 * strdup the strings to avoid the double free problem. 503 * The strings of sinfo[1] are freed in 504 * getldap_get_rootDSE() and the strings of sinfo[0] 505 * are freed earlier in this function. If the pointers are the 506 * same, they will be freed twice. 507 */ 508 if (info->sinfo[1].addr) 509 info->sinfo[0].addr = strdup(info->sinfo[1].addr); 510 if (info->sinfo[1].hostname) 511 info->sinfo[0].hostname = strdup(info->sinfo[1].hostname); 512 if (info->sinfo[1].rootDSE_data) 513 info->sinfo[0].rootDSE_data = 514 strdup(info->sinfo[1].rootDSE_data); 515 if (info->sinfo[1].errormsg) 516 info->sinfo[0].errormsg = strdup(info->sinfo[1].errormsg); 517 518 (void) mutex_unlock(&info->mutex[0]); 519 (void) mutex_unlock(&info->mutex[1]); 520 521 } 522 523 static void * 524 getldap_get_rootDSE(void *arg) 525 { 526 server_info_t *serverInfo = (server_info_t *)arg; 527 char *rootDSE; 528 int exitrc = NS_LDAP_SUCCESS; 529 pid_t ppid; 530 int server_found = 0; 531 char errmsg[MAXERROR]; 532 ns_ldap_return_code rc; 533 ns_ldap_error_t *error = NULL; 534 535 if (current_admin.debug_level >= DBG_ALL) { 536 logit("getldap_get_rootDSE()....\n"); 537 } 538 539 /* initialize the server info element */ 540 (void) mutex_lock(&serverInfo->mutex[1]); 541 serverInfo->sinfo[1].type = INFO_RW_UNKNOWN; 542 serverInfo->sinfo[1].info_status = 543 INFO_STATUS_UNKNOWN; 544 /* 545 * When the sever list is refreshed over and over, 546 * this function is called each time it is refreshed. 547 * The previous server status of the update copy(sinfo[1]) 548 * is the status of the current copy 549 */ 550 (void) mutex_lock(&serverInfo->mutex[0]); 551 serverInfo->sinfo[1].prev_server_status = 552 serverInfo->sinfo[0].server_status; 553 (void) mutex_unlock(&serverInfo->mutex[0]); 554 555 serverInfo->sinfo[1].server_status = 556 INFO_SERVER_UNKNOWN; 557 if (serverInfo->sinfo[1].rootDSE_data) 558 free(serverInfo->sinfo[1].rootDSE_data); 559 serverInfo->sinfo[1].rootDSE_data = NULL; 560 if (serverInfo->sinfo[1].errormsg) 561 free(serverInfo->sinfo[1].errormsg); 562 serverInfo->sinfo[1].errormsg = NULL; 563 (void) mutex_unlock(&serverInfo->mutex[1]); 564 565 (void) mutex_lock(&serverInfo->mutex[1]); 566 serverInfo->sinfo[1].server_status = INFO_SERVER_CONNECTING; 567 (void) mutex_unlock(&serverInfo->mutex[1]); 568 569 /* 570 * WARNING: anon_fallback == 1 (last argument) means that when 571 * __ns_ldap_getRootDSE is unable to bind using the configured 572 * credentials, it will try to fall back to using anonymous, non-SSL 573 * mode of operation. 574 * 575 * This is for backward compatibility reasons - we might have machines 576 * in the field with broken configuration (invalid credentials) and we 577 * don't want them to be disturbed. 578 */ 579 if (rc = __ns_ldap_getRootDSE(serverInfo->sinfo[1].addr, 580 &rootDSE, 581 &error, 582 SA_ALLOW_FALLBACK) != NS_LDAP_SUCCESS) { 583 (void) mutex_lock(&serverInfo->mutex[1]); 584 serverInfo->sinfo[1].server_status = INFO_SERVER_ERROR; 585 serverInfo->sinfo[1].info_status = INFO_STATUS_ERROR; 586 if (error && error->message) { 587 serverInfo->sinfo[1].errormsg = strdup(error->message); 588 } else { 589 (void) snprintf(errmsg, sizeof (errmsg), "%s %s " 590 "(rc = %d)", gettext("Can not get the root DSE from" 591 " server"), serverInfo->sinfo[1].addr, rc); 592 serverInfo->sinfo[1].errormsg = strdup(errmsg); 593 } 594 595 if (error != NULL) { 596 (void) __ns_ldap_freeError(&error); 597 } 598 599 if (current_admin.debug_level >= DBG_ALL) { 600 logit("getldap_get_rootDSE: %s.\n", 601 serverInfo->sinfo[1].errormsg); 602 } 603 (void) mutex_unlock(&serverInfo->mutex[1]); 604 /* 605 * sync sinfo copies in the serverInfo. 606 * protected by mutex 607 */ 608 sync_current_with_update_copy(serverInfo); 609 thr_exit((void *) -1); 610 } 611 612 (void) mutex_lock(&serverInfo->mutex[1]); 613 614 /* assume writeable, i.e., can do modify */ 615 serverInfo->sinfo[1].type = INFO_RW_WRITEABLE; 616 serverInfo->sinfo[1].server_status = INFO_SERVER_UP; 617 serverInfo->sinfo[1].info_status = INFO_STATUS_NEW; 618 /* remove the last DOORLINESEP */ 619 *(rootDSE+strlen(rootDSE)-1) = '\0'; 620 serverInfo->sinfo[1].rootDSE_data = rootDSE; 621 622 server_found = 1; 623 624 (void) mutex_unlock(&serverInfo->mutex[1]); 625 626 /* 627 * sync sinfo copies in the serverInfo. 628 * protected by mutex 629 */ 630 sync_current_with_update_copy(serverInfo); 631 /* 632 * signal that the ldap_cachemgr parent process 633 * should exit now, if it is still waiting 634 */ 635 (void) mutex_lock(&sig_mutex); 636 if (signal_done == FALSE && server_found) { 637 ppid = getppid(); 638 (void) kill(ppid, SIGUSR1); 639 if (current_admin.debug_level >= DBG_ALL) { 640 logit("getldap_get_rootDSE(): " 641 "SIGUSR1 signal sent to " 642 "parent process(%ld).\n", ppid); 643 } 644 signal_done = TRUE; 645 } 646 (void) mutex_unlock(&sig_mutex); 647 648 thr_exit((void *) exitrc); 649 650 return ((void *) NULL); 651 } 652 653 static int 654 getldap_init_serverInfo(server_info_t **head) 655 { 656 char **servers = NULL; 657 int rc = 0, i, exitrc = NS_LDAP_SUCCESS; 658 ns_ldap_error_t *errorp = NULL; 659 server_info_t *info, *tail = NULL; 660 661 *head = NULL; 662 if (current_admin.debug_level >= DBG_ALL) { 663 logit("getldap_init_serverInfo()...\n"); 664 } 665 rc = __s_api_getServers(&servers, &errorp); 666 667 if (rc != NS_LDAP_SUCCESS) { 668 logit("getldap_init_serverInfo: " 669 "__s_api_getServers failed.\n"); 670 if (errorp) 671 __ns_ldap_freeError(&errorp); 672 return (-1); 673 } 674 for (i = 0; servers[i] != NULL; i++) { 675 info = (server_info_t *)calloc(1, sizeof (server_info_t)); 676 if (info == NULL) { 677 logit("getldap_init_serverInfo: " 678 "not enough memory.\n"); 679 exitrc = NS_LDAP_MEMORY; 680 break; 681 } 682 if (i == 0) { 683 *head = info; 684 tail = info; 685 } else { 686 tail->next = info; 687 tail = info; 688 } 689 690 info->sinfo[0].addr = strdup(servers[i]); 691 if (info->sinfo[0].addr == NULL) { 692 logit("getldap_init_serverInfo: " 693 "not enough memory.\n"); 694 exitrc = NS_LDAP_MEMORY; 695 break; 696 } 697 info->sinfo[1].addr = strdup(servers[i]); 698 if (info->sinfo[1].addr == NULL) { 699 logit("getldap_init_serverInfo: " 700 "not enough memory.\n"); 701 exitrc = NS_LDAP_MEMORY; 702 break; 703 } 704 705 info->sinfo[0].type = INFO_RW_UNKNOWN; 706 info->sinfo[1].type = INFO_RW_UNKNOWN; 707 info->sinfo[0].info_status = INFO_STATUS_UNKNOWN; 708 info->sinfo[1].info_status = INFO_STATUS_UNKNOWN; 709 info->sinfo[0].server_status = INFO_SERVER_UNKNOWN; 710 info->sinfo[1].server_status = INFO_SERVER_UNKNOWN; 711 712 /* 713 * Assume at startup or after the configuration 714 * profile is refreshed, all servers are good. 715 */ 716 info->sinfo[0].prev_server_status = 717 INFO_SERVER_UP; 718 info->sinfo[1].prev_server_status = 719 INFO_SERVER_UP; 720 info->sinfo[0].hostname = NULL; 721 info->sinfo[1].hostname = NULL; 722 info->sinfo[0].rootDSE_data = NULL; 723 info->sinfo[1].rootDSE_data = NULL; 724 info->sinfo[0].errormsg = NULL; 725 info->sinfo[1].errormsg = NULL; 726 info->next = NULL; 727 } 728 __s_api_free2dArray(servers); 729 if (exitrc != NS_LDAP_SUCCESS) { 730 if (head && *head) { 731 (void) getldap_destroy_serverInfo(*head); 732 *head = NULL; 733 } 734 } 735 return (exitrc); 736 } 737 738 static int 739 getldap_destroy_serverInfo(server_info_t *head) 740 { 741 server_info_t *info, *next; 742 743 if (current_admin.debug_level >= DBG_ALL) { 744 logit("getldap_destroy_serverInfo()...\n"); 745 } 746 747 if (head == NULL) { 748 logit("getldap_destroy_serverInfo: " 749 "invalid serverInfo list.\n"); 750 return (-1); 751 } 752 753 for (info = head; info; info = next) { 754 if (info->sinfo[0].addr) 755 free(info->sinfo[0].addr); 756 if (info->sinfo[1].addr) 757 free(info->sinfo[1].addr); 758 if (info->sinfo[0].hostname) 759 free(info->sinfo[0].hostname); 760 if (info->sinfo[1].hostname) 761 free(info->sinfo[1].hostname); 762 if (info->sinfo[0].rootDSE_data) 763 free(info->sinfo[0].rootDSE_data); 764 if (info->sinfo[1].rootDSE_data) 765 free(info->sinfo[1].rootDSE_data); 766 if (info->sinfo[0].errormsg) 767 free(info->sinfo[0].errormsg); 768 if (info->sinfo[1].errormsg) 769 free(info->sinfo[1].errormsg); 770 next = info->next; 771 free(info); 772 } 773 return (NS_LDAP_SUCCESS); 774 } 775 776 static int 777 getldap_set_serverInfo(server_info_t *head, int reset_bindtime, info_op_t op) 778 { 779 server_info_t *info; 780 int atleast1 = 0; 781 thread_t *tid; 782 int num_threads = 0, i, j; 783 void *status; 784 void **paramVal = NULL; 785 ns_ldap_error_t *error = NULL; 786 787 if (current_admin.debug_level >= DBG_ALL) { 788 logit("getldap_set_serverInfo()...\n"); 789 } 790 791 if (head == NULL) { 792 logit("getldap_set_serverInfo: " 793 "invalid serverInfo list.\n"); 794 return (-1); 795 } 796 797 /* Get the bind timeout value */ 798 if (reset_bindtime == 1) { 799 tcptimeout = NS_DEFAULT_BIND_TIMEOUT * 1000; 800 (void) __ns_ldap_getParam(NS_LDAP_BIND_TIME_P, 801 ¶mVal, &error); 802 if (paramVal != NULL && *paramVal != NULL) { 803 /* convert to milliseconds */ 804 tcptimeout = **((int **)paramVal); 805 tcptimeout *= 1000; 806 (void) __ns_ldap_freeParam(¶mVal); 807 } 808 if (error) 809 (void) __ns_ldap_freeError(&error); 810 } 811 812 for (info = head; info; info = info->next) 813 num_threads++; 814 815 if (num_threads == 0) { 816 logit("getldap_set_serverInfo: " 817 "empty serverInfo list.\n"); 818 return (-1); 819 } 820 821 tid = (thread_t *) calloc(1, sizeof (thread_t) * num_threads); 822 if (tid == NULL) { 823 logit("getldap_set_serverInfo: " 824 "No memory to create thread ID list.\n"); 825 return (-1); 826 } 827 828 for (info = head, i = 0; info; info = info->next, i++) { 829 if (thr_create(NULL, 0, 830 (void *(*)(void*))getldap_get_rootDSE, 831 (void *)info, 0, &tid[i])) { 832 logit("getldap_set_serverInfo: " 833 "can not create thread %d.\n", i + 1); 834 for (j = 0; j < i; j++) 835 (void) thr_join(tid[j], NULL, NULL); 836 free(tid); 837 return (-1); 838 } 839 } 840 841 for (i = 0; i < num_threads; i++) { 842 if (thr_join(tid[i], NULL, &status) == 0) { 843 if ((int)status == NS_LDAP_SUCCESS) 844 atleast1 = 1; 845 } 846 } 847 848 free(tid); 849 850 if (op == INFO_OP_REFRESH) 851 test_server_change(head); 852 if (atleast1) { 853 return (NS_LDAP_SUCCESS); 854 } else 855 return (-1); 856 } 857 858 /* 859 * getldap_get_serverInfo processes the GETLDAPSERVER door request passed 860 * to this function from getldap_serverInfo_op(). 861 * input: 862 * a buffer containing an empty string (e.g., input[0]='\0';) or a string 863 * as the "input" in printf(input, "%s%s%s%s", req, addrtype, DOORLINESEP, 864 * addr); 865 * where addr is the address of a server and 866 * req is one of the following: 867 * NS_CACHE_NEW: send a new server address, addr is ignored. 868 * NS_CACHE_NORESP: send the next one, remove addr from list. 869 * NS_CACHE_NEXT: send the next one, keep addr on list. 870 * NS_CACHE_WRITE: send a non-replica server, if possible, if not, same 871 * as NS_CACHE_NEXT. 872 * addrtype: 873 * NS_CACHE_ADDR_IP: return server address as is, this is default. 874 * NS_CACHE_ADDR_HOSTNAME: return both server address and its FQDN format, 875 * only self credential case requires such format. 876 * output: 877 * a buffer containing server info in the following format: 878 * serveraddress DOORLINESEP [ serveraddress FQDN DOORLINESEP ] 879 * [ attr=value [DOORLINESEP attr=value ]...] 880 * For example: ( here | used as DOORLINESEP for visual purposes) 881 * 1) simple bind and sasl/DIGEST-MD5 bind : 882 * 1.2.3.4|supportedControl=1.1.1.1|supportedSASLmechanisms=EXTERNAL| 883 * supportedSASLmechanisms=GSSAPI 884 * 2) sasl/GSSAPI bind (self credential): 885 * 1.2.3.4|foo.sun.com|supportedControl=1.1.1.1| 886 * supportedSASLmechanisms=EXTERNAL|supportedSASLmechanisms=GSSAPI 887 * NOTE: caller should free this buffer when done using it 888 */ 889 static int 890 getldap_get_serverInfo(server_info_t *head, char *input, 891 char **output, int *svr_removed) 892 { 893 server_info_t *info = NULL; 894 server_info_t *server = NULL; 895 char *addr = NULL; 896 char *req = NULL; 897 char req_new[] = NS_CACHE_NEW; 898 char addr_type[] = NS_CACHE_ADDR_IP; 899 int matched = FALSE, len = 0, rc = 0; 900 char *ret_addr = NULL, *ret_addrFQDN = NULL; 901 char *new_addr = NULL; 902 pid_t pid; 903 904 if (current_admin.debug_level >= DBG_ALL) { 905 logit("getldap_get_serverInfo()...\n"); 906 } 907 908 if (input == NULL || output == NULL) { 909 logit("getldap_get_serverInfo: " 910 "No input or output buffer.\n"); 911 return (-1); 912 } 913 914 *output = NULL; 915 *svr_removed = FALSE; 916 917 if (head == NULL) { 918 logit("getldap_get_serverInfo: " 919 "invalid serverInfo list.\n"); 920 return (-1); 921 } 922 /* 923 * parse the input string to get req and addr, 924 * if input is empty, i.e., input[0] == '\0', 925 * treat it as an NS_CACHE_NEW request 926 */ 927 req = req_new; 928 if (input[0] != '\0') { 929 req = input; 930 /* Save addr type flag */ 931 addr_type[0] = input[1]; 932 input[strlen(NS_CACHE_NEW)] = '\0'; 933 /* skip acion type flag, addr type flag and DOORLINESEP */ 934 addr = input + strlen(DOORLINESEP) + strlen(NS_CACHE_NEW) 935 + strlen(NS_CACHE_ADDR_IP); 936 } 937 /* 938 * if NS_CACHE_NEW, 939 * or the server info is new, 940 * starts from the 941 * beginning of the list 942 */ 943 if ((strcmp(req, NS_CACHE_NEW) == 0) || 944 (head->sinfo[0].info_status == INFO_STATUS_NEW)) 945 matched = TRUE; 946 for (info = head; info; info = info->next) { 947 /* 948 * make sure the server info stays the same 949 * while the data is being processed 950 */ 951 952 /* 953 * This function is called to get server info list 954 * and pass it back to door call clients. 955 * Access the current copy (sinfo[0]) to get such 956 * information 957 */ 958 (void) mutex_lock(&info->mutex[0]); 959 960 if (matched == FALSE && 961 strcmp(info->sinfo[0].addr, addr) == 0) { 962 matched = TRUE; 963 if (strcmp(req, NS_CACHE_NORESP) == 0) { 964 if (chg_is_called_from_nscd_or_peruser_nscd( 965 "REMOVE SERVER", &pid) == 0) { 966 (void) mutex_unlock(&info->mutex[0]); 967 if (current_admin.debug_level >= 968 DBG_ALL) 969 logit("Only nscd can remove " 970 "servers. pid %ld", pid); 971 continue; 972 } 973 974 /* 975 * if the information is new, 976 * give this server one more chance 977 */ 978 if (info->sinfo[0].info_status == 979 INFO_STATUS_NEW && 980 info->sinfo[0].server_status == 981 INFO_SERVER_UP) { 982 server = info; 983 break; 984 } else { 985 /* 986 * it is recommended that 987 * before removing the 988 * server from the list, 989 * the server should be 990 * contacted one more time 991 * to make sure that it is 992 * really unavailable. 993 * For now, just trust the client 994 * (i.e., the sldap library) 995 * that it knows what it is 996 * doing and would not try 997 * to mess up the server 998 * list. 999 */ 1000 /* 1001 * Make a copy of addr to contact 1002 * it later. It's not doing it here 1003 * to avoid long wait and possible 1004 * recursion to contact an LDAP server. 1005 */ 1006 new_addr = strdup(info->sinfo[0].addr); 1007 if (new_addr) 1008 remove_server(new_addr); 1009 *svr_removed = TRUE; 1010 (void) mutex_unlock(&info->mutex[0]); 1011 break; 1012 } 1013 } else { 1014 /* 1015 * req == NS_CACHE_NEXT or NS_CACHE_WRITE 1016 */ 1017 (void) mutex_unlock(&info->mutex[0]); 1018 continue; 1019 } 1020 } 1021 1022 if (matched) { 1023 if (strcmp(req, NS_CACHE_WRITE) == 0) { 1024 if (info->sinfo[0].type == 1025 INFO_RW_WRITEABLE && 1026 info->sinfo[0].server_status == 1027 INFO_SERVER_UP) { 1028 server = info; 1029 break; 1030 } 1031 } else if (info->sinfo[0].server_status == 1032 INFO_SERVER_UP) { 1033 server = info; 1034 break; 1035 } 1036 } 1037 1038 (void) mutex_unlock(&info->mutex[0]); 1039 } 1040 1041 if (server) { 1042 if (strcmp(addr_type, NS_CACHE_ADDR_HOSTNAME) == 0) { 1043 /* 1044 * In SASL/GSSAPI case, a hostname is required for 1045 * Kerberos's service principal. 1046 * e.g. 1047 * ldap/foo.sun.com@SUN.COM 1048 */ 1049 if (server->sinfo[0].hostname == NULL) { 1050 rc = __s_api_ip2hostname(server->sinfo[0].addr, 1051 &server->sinfo[0].hostname); 1052 if (rc != NS_LDAP_SUCCESS) { 1053 (void) mutex_unlock(&info->mutex[0]); 1054 return (rc); 1055 } 1056 if (current_admin.debug_level >= DBG_ALL) { 1057 logit("getldap_get_serverInfo: " 1058 "%s is converted to %s\n", 1059 server->sinfo[0].addr, 1060 server->sinfo[0].hostname); 1061 } 1062 } 1063 ret_addr = server->sinfo[0].addr; 1064 ret_addrFQDN = server->sinfo[0].hostname; 1065 1066 } else 1067 ret_addr = server->sinfo[0].addr; 1068 1069 1070 len = strlen(ret_addr) + 1071 strlen(server->sinfo[0].rootDSE_data) + 1072 strlen(DOORLINESEP) + 1; 1073 if (ret_addrFQDN != NULL) 1074 len += strlen(ret_addrFQDN) + strlen(DOORLINESEP); 1075 *output = (char *)malloc(len); 1076 if (*output == NULL) { 1077 (void) mutex_unlock(&info->mutex[0]); 1078 return (NS_LDAP_MEMORY); 1079 } 1080 if (ret_addrFQDN == NULL) 1081 (void) snprintf(*output, len, "%s%s%s", 1082 ret_addr, DOORLINESEP, 1083 server->sinfo[0].rootDSE_data); 1084 else 1085 (void) snprintf(*output, len, "%s%s%s%s%s", 1086 ret_addr, DOORLINESEP, 1087 ret_addrFQDN, DOORLINESEP, 1088 server->sinfo[0].rootDSE_data); 1089 server->sinfo[0].info_status = INFO_STATUS_OLD; 1090 (void) mutex_unlock(&info->mutex[0]); 1091 return (NS_LDAP_SUCCESS); 1092 } 1093 else 1094 return (-99); 1095 } 1096 1097 /* 1098 * Format previous and next refresh time 1099 */ 1100 static int 1101 getldap_format_refresh_time(char **output, time_t *prev, time_t *next) 1102 { 1103 #define TIME_FORMAT "%Y/%m/%d %H:%M:%S" 1104 #define TIME_HEADER1 " Previous refresh time: " 1105 #define TIME_HEADER2 " Next refresh time: " 1106 int hdr1_len = strlen(gettext(TIME_HEADER1)); 1107 int hdr2_len = strlen(gettext(TIME_HEADER2)); 1108 struct tm tm; 1109 char nbuf[256]; 1110 char pbuf[256]; 1111 int len; 1112 1113 if (current_admin.debug_level >= DBG_ALL) { 1114 logit("getldap_format_refresh_time()...\n"); 1115 } 1116 1117 *output = NULL; 1118 1119 /* format the time of previous refresh */ 1120 if (*prev != 0) { 1121 (void) localtime_r(prev, &tm); 1122 (void) strftime(pbuf, sizeof (pbuf) - 1, TIME_FORMAT, &tm); 1123 } else { 1124 (void) strcpy(pbuf, gettext("NOT DONE")); 1125 } 1126 1127 /* format the time of next refresh */ 1128 if (*next != 0) { 1129 (void) localtime_r(next, &tm); 1130 (void) strftime(nbuf, sizeof (nbuf) - 1, TIME_FORMAT, &tm); 1131 } else { 1132 (void) strcpy(nbuf, gettext("NOT SET")); 1133 } 1134 1135 len = hdr1_len + hdr2_len + strlen(nbuf) + 1136 strlen(pbuf) + 2 * strlen(DOORLINESEP) + 1; 1137 1138 *output = malloc(len); 1139 if (*output == NULL) 1140 return (-1); 1141 1142 (void) snprintf(*output, len, "%s%s%s%s%s%s", 1143 gettext(TIME_HEADER1), pbuf, DOORLINESEP, 1144 gettext(TIME_HEADER2), nbuf, DOORLINESEP); 1145 1146 return (NS_LDAP_SUCCESS); 1147 } 1148 1149 /* 1150 * getldap_get_server_stat processes the GETSTAT request passed 1151 * to this function from getldap_serverInfo_op(). 1152 * output: 1153 * a buffer containing info for all the servers. 1154 * For each server, the data is in the following format: 1155 * server: server address or name, status: unknown|up|down|removed DOORLINESEP 1156 * for example: ( here | used as DOORLINESEP for visual purposes) 1157 * server: 1.2.3.4, status: down|server: 2.2.2.2, status: up| 1158 * NOTE: caller should free this buffer when done using it 1159 */ 1160 static int 1161 getldap_get_server_stat(server_info_t *head, char **output, 1162 time_t *prev, time_t *next) 1163 { 1164 #define S_HEADER "Server information: " 1165 #define S_FORMAT " server: %s, status: %s%s" 1166 #define S_ERROR " error message: %s%s" 1167 server_info_t *info = NULL; 1168 int header_len = strlen(gettext(S_HEADER)); 1169 int format_len = strlen(gettext(S_FORMAT)); 1170 int error_len = strlen(gettext(S_ERROR)); 1171 int len = header_len + strlen(DOORLINESEP); 1172 int len1 = 0; 1173 char *status, *output1 = NULL, *tmpptr; 1174 1175 *output = NULL; 1176 1177 if (current_admin.debug_level >= DBG_ALL) { 1178 logit("getldap_get_server_stat()...\n"); 1179 } 1180 1181 if (head == NULL) { 1182 logit("getldap_get_server_stat: " 1183 "invalid serverInfo list.\n"); 1184 return (-1); 1185 } 1186 1187 /* format previous and next refresh time */ 1188 (void) getldap_format_refresh_time(&output1, prev, next); 1189 if (output1 == NULL) 1190 return (-1); 1191 len += strlen(output1); 1192 len1 = len + strlen(DOORLINESEP) + 1; 1193 1194 *output = (char *)calloc(1, len1); 1195 if (*output == NULL) { 1196 free(output1); 1197 return (-1); 1198 } 1199 1200 /* insert header string and refresh time info */ 1201 (void) snprintf(*output, len1, "%s%s%s", 1202 gettext(S_HEADER), DOORLINESEP, output1); 1203 1204 for (info = head; info; info = info->next) { 1205 1206 /* 1207 * make sure the server info stays the same 1208 * while the data is being processed 1209 */ 1210 (void) mutex_lock(&info->mutex[1]); 1211 1212 /* 1213 * When the updating process is under way(getldap_get_rootDSE) 1214 * the update copy(sinfo[1] is the latest copy. 1215 * When the updating process 1216 * is done, the current copy (sinfo[0]) has the latest status, 1217 * which is still identical to the update copy. 1218 * So update copy has the latest status. 1219 * Use the update copy(sinfo[1]) to show status 1220 * (ldap_cachemgr -g). 1221 * 1222 */ 1223 1224 switch (info->sinfo[1].server_status) { 1225 case INFO_SERVER_UNKNOWN: 1226 status = gettext("UNKNOWN"); 1227 break; 1228 case INFO_SERVER_CONNECTING: 1229 status = gettext("CONNECTING"); 1230 break; 1231 case INFO_SERVER_UP: 1232 status = gettext("UP"); 1233 break; 1234 case INFO_SERVER_ERROR: 1235 status = gettext("ERROR"); 1236 break; 1237 case INFO_SERVER_REMOVED: 1238 status = gettext("REMOVED"); 1239 break; 1240 } 1241 1242 len += format_len + strlen(status) + 1243 strlen(info->sinfo[1].addr) + 1244 strlen(DOORLINESEP); 1245 if (info->sinfo[1].errormsg != NULL) 1246 len += error_len + 1247 strlen(info->sinfo[1].errormsg) + 1248 strlen(DOORLINESEP); 1249 1250 tmpptr = (char *)realloc(*output, len); 1251 if (tmpptr == NULL) { 1252 free(output1); 1253 free(*output); 1254 *output = NULL; 1255 (void) mutex_unlock(&info->mutex[1]); 1256 return (-1); 1257 } else 1258 *output = tmpptr; 1259 1260 /* insert server IP addr or name and status */ 1261 len1 = len - strlen(*output); 1262 (void) snprintf(*output + strlen(*output), len1, 1263 gettext(S_FORMAT), info->sinfo[1].addr, 1264 status, DOORLINESEP); 1265 /* insert error message if any */ 1266 len1 = len - strlen(*output); 1267 if (info->sinfo[1].errormsg != NULL) 1268 (void) snprintf(*output + strlen(*output), len1, 1269 gettext(S_ERROR), 1270 info->sinfo[1].errormsg, 1271 DOORLINESEP); 1272 1273 (void) mutex_unlock(&info->mutex[1]); 1274 1275 } 1276 1277 free(output1); 1278 return (NS_LDAP_SUCCESS); 1279 } 1280 1281 /* 1282 * Format and return the refresh time statistics 1283 */ 1284 static int 1285 getldap_get_refresh_stat(char **output) 1286 { 1287 #define R_HEADER0 "Configuration refresh information: " 1288 #define R_HEADER1 " Configured to NO REFRESH." 1289 int hdr0_len = strlen(gettext(R_HEADER0)); 1290 int hdr1_len = strlen(gettext(R_HEADER1)); 1291 int cache_ttl = -1, len = 0; 1292 time_t expire = 0; 1293 void **paramVal = NULL; 1294 ns_ldap_error_t *errorp = NULL; 1295 char *output1 = NULL; 1296 1297 if (current_admin.debug_level >= DBG_ALL) { 1298 logit("getldap_get_refresh_stat()...\n"); 1299 } 1300 1301 *output = NULL; 1302 1303 /* get configured cache TTL */ 1304 if ((__ns_ldap_getParam(NS_LDAP_CACHETTL_P, 1305 ¶mVal, &errorp) == NS_LDAP_SUCCESS) && 1306 paramVal != NULL && 1307 (char *)*paramVal != NULL) { 1308 cache_ttl = atol((char *)*paramVal); 1309 } else { 1310 if (errorp) 1311 __ns_ldap_freeError(&errorp); 1312 } 1313 (void) __ns_ldap_freeParam(¶mVal); 1314 1315 /* cound not get cache TTL */ 1316 if (cache_ttl == -1) 1317 return (-1); 1318 1319 if (cache_ttl == 0) { 1320 len = hdr0_len + hdr1_len + 1321 2 * strlen(DOORLINESEP) + 1; 1322 *output = malloc(len); 1323 if (*output == NULL) 1324 return (-1); 1325 (void) snprintf(*output, len, "%s%s%s%s", 1326 gettext(R_HEADER0), DOORLINESEP, 1327 gettext(R_HEADER1), DOORLINESEP); 1328 } else { 1329 1330 /* get configuration expiration time */ 1331 if ((__ns_ldap_getParam(NS_LDAP_EXP_P, 1332 ¶mVal, &errorp) == NS_LDAP_SUCCESS) && 1333 paramVal != NULL && 1334 (char *)*paramVal != NULL) { 1335 expire = (time_t)atol((char *)*paramVal); 1336 } else { 1337 if (errorp) 1338 __ns_ldap_freeError(&errorp); 1339 } 1340 1341 (void) __ns_ldap_freeParam(¶mVal); 1342 1343 /* cound not get expiration time */ 1344 if (expire == -1) 1345 return (-1); 1346 1347 /* format previous and next refresh time */ 1348 (void) getldap_format_refresh_time(&output1, 1349 &prev_refresh_time, &expire); 1350 if (output1 == NULL) 1351 return (-1); 1352 1353 len = hdr0_len + strlen(output1) + 1354 2 * strlen(DOORLINESEP) + 1; 1355 *output = malloc(len); 1356 if (*output == NULL) { 1357 free(output1); 1358 return (-1); 1359 } 1360 (void) snprintf(*output, len, "%s%s%s%s", 1361 gettext(R_HEADER0), DOORLINESEP, 1362 output1, DOORLINESEP); 1363 free(output1); 1364 } 1365 1366 return (NS_LDAP_SUCCESS); 1367 } 1368 1369 static int 1370 getldap_get_cacheTTL() 1371 { 1372 void **paramVal = NULL; 1373 ns_ldap_error_t *error; 1374 int rc = 0, cachettl; 1375 1376 1377 if (current_admin.debug_level >= DBG_ALL) { 1378 logit("getldap_get_cacheTTL()....\n"); 1379 } 1380 1381 if ((rc = __ns_ldap_getParam(NS_LDAP_CACHETTL_P, 1382 ¶mVal, &error)) != NS_LDAP_SUCCESS) { 1383 if (error != NULL && error->message != NULL) 1384 logit("Error: Unable to get configuration " 1385 "refresh TTL: %s\n", 1386 error->message); 1387 else { 1388 char *tmp; 1389 1390 __ns_ldap_err2str(rc, &tmp); 1391 logit("Error: Unable to get configuration " 1392 "refresh TTL: %s\n", tmp); 1393 } 1394 (void) __ns_ldap_freeParam(¶mVal); 1395 (void) __ns_ldap_freeError(&error); 1396 return (-1); 1397 } 1398 if (paramVal == NULL || (char *)*paramVal == NULL) 1399 return (-1); 1400 cachettl = atol((char *)*paramVal); 1401 (void) __ns_ldap_freeParam(¶mVal); 1402 return (cachettl); 1403 } 1404 1405 1406 /* 1407 * This function implements the adaptive server list refresh 1408 * algorithm used by ldap_cachemgr. The idea is to have the 1409 * refresh TTL adjust itself between maximum and minimum 1410 * values. If the server list has been walked three times 1411 * in a row without errors, the TTL will be doubled. This will 1412 * be done repeatedly until the maximum value is reached 1413 * or passed. If passed, the maximum value will be used. 1414 * If any time a server is found to be down/bad, either 1415 * after another server list walk or informed by libsldap via 1416 * the GETLDAPSERVER door calls, the TTL will be set to half 1417 * of its value, again repeatedly, but no less than the minimum 1418 * value. Also, at any time, if all the servers on the list 1419 * are found to be down/bad, the TTL will be set to minimum, 1420 * so that a "no-server" refresh loop should be entered to try 1421 * to find a good server as soon as possible. The caller 1422 * could check the no_gd_server flag for this situation. 1423 * The maximum and minimum values are initialized when the input 1424 * refresh_ttl is set to zero, this should occur during 1425 * ldap_cachemgr startup or every time the server list is 1426 * recreated after the configuration profile is refreshed 1427 * from an LDAP server. The maximum is set to the value of 1428 * the NS_LDAP_CACHETTL parameter (configuration profile 1429 * refresh TTL), but if it is zero (never refreshed) or can 1430 * not be retrieved, the maximum is set to the macro 1431 * REFRESHTTL_MAX (12 hours) defined below. The minimum is 1432 * set to REFRESHTTL_MIN, which is the TCP connection timeout 1433 * (tcptimeout) set via the LDAP API ldap_set_option() 1434 * with the new LDAP_X_OPT_CONNECT_TIMEOUT option plus 10 seconds. 1435 * This accounts for the maximum possible timeout value for an 1436 * LDAP TCP connect call.The first refresh TTL, initial value of 1437 * refresh_ttl, will be set to the smaller of the two, 1438 * REFRESHTTL_REGULAR (10 minutes) or (REFRESHTTL_MAX + REFRESHTTL_MIN)/2. 1439 * The idea is to have a low starting value and have the value 1440 * stay low if the network/server is unstable, but eventually 1441 * the value will move up to maximum and stay there if the 1442 * network/server is stable. 1443 */ 1444 static int 1445 getldap_set_refresh_ttl(server_info_t *head, int *refresh_ttl, 1446 int *no_gd_server) 1447 { 1448 #define REFRESHTTL_REGULAR 600 1449 #define REFRESHTTL_MAX 43200 1450 /* tcptimeout is in milliseconds */ 1451 #define REFRESHTTL_MIN (tcptimeout/1000) + 10 1452 #define UP_REFRESH_TTL_NUM 2 1453 1454 static mutex_t refresh_mutex; 1455 static int refresh_ttl_max = 0; 1456 static int refresh_ttl_min = 0; 1457 static int num_walked_ok = 0; 1458 int num_servers = 0; 1459 int num_good_servers = 0; 1460 int num_prev_good_servers = 0; 1461 server_info_t *info; 1462 1463 /* allow one thread at a time */ 1464 (void) mutex_lock(&refresh_mutex); 1465 1466 if (current_admin.debug_level >= DBG_ALL) { 1467 logit("getldap_set_refresh_ttl()...\n"); 1468 } 1469 1470 if (!head || !refresh_ttl || !no_gd_server) { 1471 logit("getldap_set_refresh_ttl: head is " 1472 "NULL or refresh_ttl is NULL or " 1473 "no_gd_server is NULL"); 1474 (void) mutex_unlock(&refresh_mutex); 1475 return (-1); 1476 } 1477 *no_gd_server = FALSE; 1478 1479 /* 1480 * init max. min. TTLs if first time through or a fresh one 1481 */ 1482 if (current_admin.debug_level >= DBG_SERVER_LIST_REFRESH) { 1483 logit("getldap_set_refresh_ttl:(1) refresh ttl is %d " 1484 "seconds\n", *refresh_ttl); 1485 } 1486 if (*refresh_ttl == 0) { 1487 num_walked_ok = 0; 1488 /* 1489 * init cache manager server list TTL: 1490 * 1491 * init the min. TTL to 1492 * REFRESHTTL_MIN ( 2*(TCP MSL) + 10 seconds) 1493 */ 1494 refresh_ttl_min = REFRESHTTL_MIN; 1495 1496 /* 1497 * try to set the max. TTL to 1498 * configuration refresh TTL (NS_LDAP_CACHETTL), 1499 * if error (-1), or never refreshed (0), 1500 * set it to REFRESHTTL_MAX (12 hours) 1501 */ 1502 refresh_ttl_max = getldap_get_cacheTTL(); 1503 if (current_admin.debug_level >= DBG_SERVER_LIST_REFRESH) { 1504 logit("getldap_set_refresh_ttl:(2) refresh ttl is %d " 1505 "seconds\n", *refresh_ttl); 1506 logit("getldap_set_refresh_ttl:(2) max ttl is %d, " 1507 "min ttl is %d seconds\n", 1508 refresh_ttl_max, refresh_ttl_min); 1509 } 1510 if (refresh_ttl_max <= 0) 1511 refresh_ttl_max = REFRESHTTL_MAX; 1512 else if (refresh_ttl_max < refresh_ttl_min) 1513 refresh_ttl_max = refresh_ttl_min; 1514 1515 /* 1516 * init the first TTL to the smaller of the two: 1517 * REFRESHTTL_REGULAR ( 10 minutes), 1518 * (refresh_ttl_max + refresh_ttl_min)/2 1519 */ 1520 *refresh_ttl = REFRESHTTL_REGULAR; 1521 if (*refresh_ttl > (refresh_ttl_max + refresh_ttl_min) / 2) 1522 *refresh_ttl = (refresh_ttl_max + refresh_ttl_min) / 2; 1523 if (current_admin.debug_level >= DBG_SERVER_LIST_REFRESH) { 1524 logit("getldap_set_refresh_ttl:(3) refresh ttl is %d " 1525 "seconds\n", *refresh_ttl); 1526 logit("getldap_set_refresh_ttl:(3) max ttl is %d, " 1527 "min ttl is %d seconds\n", 1528 refresh_ttl_max, refresh_ttl_min); 1529 } 1530 } 1531 1532 /* 1533 * get the servers statistics: 1534 * number of servers on list 1535 * number of good servers on list 1536 * number of pevious good servers on list 1537 */ 1538 for (info = head; info; info = info->next) { 1539 num_servers++; 1540 (void) mutex_lock(&info->mutex[0]); 1541 if (info->sinfo[0].server_status == INFO_SERVER_UP) 1542 num_good_servers++; 1543 /* 1544 * Server's previous status could be UNKNOWN 1545 * only between the very first and second 1546 * refresh. Treat that UNKNOWN status as up 1547 */ 1548 if (info->sinfo[0].prev_server_status 1549 == INFO_SERVER_UP || 1550 info->sinfo[0].prev_server_status 1551 == INFO_SERVER_UNKNOWN) 1552 num_prev_good_servers++; 1553 (void) mutex_unlock(&info->mutex[0]); 1554 } 1555 1556 /* 1557 * if the server list is walked three times in a row 1558 * without problems, double the refresh TTL but no more 1559 * than the max. refresh TTL 1560 */ 1561 if (num_good_servers == num_servers) { 1562 num_walked_ok++; 1563 if (num_walked_ok > UP_REFRESH_TTL_NUM) { 1564 1565 *refresh_ttl = *refresh_ttl * 2; 1566 if (*refresh_ttl > refresh_ttl_max) 1567 *refresh_ttl = refresh_ttl_max; 1568 1569 num_walked_ok = 0; 1570 } 1571 if (current_admin.debug_level >= DBG_SERVER_LIST_REFRESH) { 1572 logit("getldap_set_refresh_ttl:(4) refresh ttl is %d " 1573 "seconds\n", *refresh_ttl); 1574 } 1575 } else if (num_good_servers == 0) { 1576 /* 1577 * if no good server found, 1578 * set refresh TTL to miminum 1579 */ 1580 *refresh_ttl = refresh_ttl_min; 1581 *no_gd_server = TRUE; 1582 num_walked_ok = 0; 1583 if (current_admin.debug_level >= DBG_SERVER_LIST_REFRESH) { 1584 logit("getldap_set_refresh_ttl:(5) refresh ttl is %d " 1585 "seconds\n", *refresh_ttl); 1586 } 1587 } else if (num_prev_good_servers > num_good_servers) { 1588 /* 1589 * if more down/bad servers found, 1590 * decrease the refresh TTL by half 1591 * but no less than the min. refresh TTL 1592 */ 1593 *refresh_ttl = *refresh_ttl / 2; 1594 if (*refresh_ttl < refresh_ttl_min) 1595 *refresh_ttl = refresh_ttl_min; 1596 num_walked_ok = 0; 1597 logit("getldap_set_refresh_ttl:(6) refresh ttl is %d " 1598 "seconds\n", *refresh_ttl); 1599 1600 } 1601 1602 if (current_admin.debug_level >= DBG_SERVER_LIST_REFRESH) { 1603 logit("getldap_set_refresh_ttl:(7) refresh ttl is %d seconds\n", 1604 *refresh_ttl); 1605 } 1606 (void) mutex_unlock(&refresh_mutex); 1607 return (0); 1608 } 1609 1610 static int 1611 getldap_serverInfo_op(info_op_t op, char *input, char **output) 1612 { 1613 1614 static rwlock_t info_lock = DEFAULTRWLOCK; 1615 static rwlock_t info_lock_old = DEFAULTRWLOCK; 1616 static mutex_t info_mutex; 1617 static cond_t info_cond; 1618 static int creating = FALSE; 1619 static int refresh_ttl = 0; 1620 static int sec_to_refresh = 0; 1621 static int in_no_server_mode = FALSE; 1622 1623 static server_info_t *serverInfo = NULL; 1624 static server_info_t *serverInfo_old = NULL; 1625 server_info_t *serverInfo_1; 1626 int is_creating; 1627 int err, no_server_good = FALSE; 1628 int server_removed = FALSE; 1629 int fall_thru = FALSE; 1630 static struct timespec timeout; 1631 struct timespec new_timeout; 1632 struct timeval tp; 1633 static time_t prev_refresh = 0, next_refresh = 0; 1634 ns_server_status_t changed = 0; 1635 1636 (void) pthread_setname_np(pthread_self(), "getldap_serverinfo"); 1637 1638 if (current_admin.debug_level >= DBG_ALL) { 1639 logit("getldap_serverInfo_op()...\n"); 1640 } 1641 switch (op) { 1642 case INFO_OP_CREATE: 1643 if (current_admin.debug_level >= DBG_ALL) { 1644 logit("operation is INFO_OP_CREATE...\n"); 1645 } 1646 1647 /* 1648 * indicate that the server info is being 1649 * (re)created, so that the refresh thread 1650 * will not refresh the info list right 1651 * after the list got (re)created 1652 */ 1653 (void) mutex_lock(&info_mutex); 1654 is_creating = creating; 1655 creating = TRUE; 1656 (void) mutex_unlock(&info_mutex); 1657 1658 if (is_creating) 1659 break; 1660 /* 1661 * create an empty info list 1662 */ 1663 (void) getldap_init_serverInfo(&serverInfo_1); 1664 /* 1665 * exit if list not created 1666 */ 1667 if (serverInfo_1 == NULL) { 1668 (void) mutex_lock(&info_mutex); 1669 creating = FALSE; 1670 (void) mutex_unlock(&info_mutex); 1671 break; 1672 } 1673 /* 1674 * make the new server info available: 1675 * use writer lock here, so that the switch 1676 * is done after all the reader locks have 1677 * been released. 1678 */ 1679 (void) rw_wrlock(&info_lock); 1680 serverInfo = serverInfo_1; 1681 /* 1682 * if this is the first time 1683 * the server list is being created, 1684 * (i.e., serverInfo_old is NULL) 1685 * make the old list same as the new 1686 * so the GETSERVER code can do its work 1687 */ 1688 if (serverInfo_old == NULL) 1689 serverInfo_old = serverInfo_1; 1690 (void) rw_unlock(&info_lock); 1691 1692 /* 1693 * fill the new info list 1694 */ 1695 (void) rw_rdlock(&info_lock); 1696 /* reset bind time (tcptimeout) */ 1697 (void) getldap_set_serverInfo(serverInfo, 1, INFO_OP_CREATE); 1698 1699 (void) mutex_lock(&info_mutex); 1700 /* 1701 * set cache manager server list TTL, 1702 * set refresh_ttl to zero to indicate a fresh one 1703 */ 1704 refresh_ttl = 0; 1705 (void) getldap_set_refresh_ttl(serverInfo, 1706 &refresh_ttl, &no_server_good); 1707 sec_to_refresh = refresh_ttl; 1708 1709 /* statistics: previous refresh time */ 1710 if (gettimeofday(&tp, NULL) == 0) 1711 prev_refresh = tp.tv_sec; 1712 1713 creating = FALSE; 1714 1715 /* 1716 * if no server found or available, 1717 * tell the server info refresh thread 1718 * to start the "no-server" refresh loop 1719 * otherwise reset the in_no_server_mode flag 1720 */ 1721 if (no_server_good) { 1722 sec_to_refresh = 0; 1723 in_no_server_mode = TRUE; 1724 } else 1725 in_no_server_mode = FALSE; 1726 /* 1727 * awake the sleeping refresh thread 1728 */ 1729 (void) cond_signal(&info_cond); 1730 1731 (void) mutex_unlock(&info_mutex); 1732 (void) rw_unlock(&info_lock); 1733 1734 /* 1735 * delete the old server info 1736 */ 1737 (void) rw_wrlock(&info_lock_old); 1738 if (serverInfo_old != serverInfo) 1739 (void) getldap_destroy_serverInfo(serverInfo_old); 1740 /* 1741 * serverInfo_old needs to be the same as 1742 * serverinfo now. 1743 * it will be used by GETSERVER processing. 1744 */ 1745 serverInfo_old = serverInfo; 1746 (void) rw_unlock(&info_lock_old); 1747 break; 1748 case INFO_OP_DELETE: 1749 if (current_admin.debug_level >= DBG_ALL) { 1750 logit("operation is INFO_OP_DELETE...\n"); 1751 } 1752 /* 1753 * use writer lock here, so that the delete would 1754 * not start until all the reader locks have 1755 * been released. 1756 */ 1757 (void) rw_wrlock(&info_lock); 1758 if (serverInfo) 1759 (void) getldap_destroy_serverInfo(serverInfo); 1760 serverInfo = NULL; 1761 (void) rw_unlock(&info_lock); 1762 break; 1763 case INFO_OP_REFRESH: 1764 if (current_admin.debug_level >= DBG_SERVER_LIST_REFRESH) { 1765 logit("operation is INFO_OP_REFRESH...\n"); 1766 } 1767 /* 1768 * if server info is currently being 1769 * (re)created, do nothing 1770 */ 1771 (void) mutex_lock(&info_mutex); 1772 is_creating = creating; 1773 (void) mutex_unlock(&info_mutex); 1774 if (is_creating) 1775 break; 1776 1777 (void) rw_rdlock(&info_lock); 1778 if (serverInfo) { 1779 /* do not reset bind time (tcptimeout) */ 1780 (void) getldap_set_serverInfo(serverInfo, 0, 1781 INFO_OP_REFRESH); 1782 1783 (void) mutex_lock(&info_mutex); 1784 1785 /* statistics: previous refresh time */ 1786 if (gettimeofday(&tp, NULL) == 0) 1787 prev_refresh = tp.tv_sec; 1788 /* 1789 * set cache manager server list TTL 1790 */ 1791 (void) getldap_set_refresh_ttl(serverInfo, 1792 &refresh_ttl, &no_server_good); 1793 /* 1794 * if no good server found, 1795 * tell the server info refresh thread 1796 * to start the "no-server" refresh loop 1797 * otherwise reset the in_no_server_mode flag 1798 */ 1799 if (no_server_good) { 1800 in_no_server_mode = TRUE; 1801 sec_to_refresh = 0; 1802 } else { 1803 in_no_server_mode = FALSE; 1804 sec_to_refresh = refresh_ttl; 1805 } 1806 if (current_admin.debug_level >= 1807 DBG_SERVER_LIST_REFRESH) { 1808 logit("getldap_serverInfo_op(" 1809 "INFO_OP_REFRESH):" 1810 " seconds refresh: %d second(s)....\n", 1811 sec_to_refresh); 1812 } 1813 (void) mutex_unlock(&info_mutex); 1814 } 1815 (void) rw_unlock(&info_lock); 1816 1817 break; 1818 case INFO_OP_REFRESH_WAIT: 1819 if (current_admin.debug_level >= DBG_SERVER_LIST_REFRESH) { 1820 logit("operation is INFO_OP_REFRESH_WAIT...\n"); 1821 } 1822 (void) cond_init(&info_cond, NULL, NULL); 1823 (void) mutex_lock(&info_mutex); 1824 err = 0; 1825 while (err != ETIME) { 1826 int sleeptime; 1827 /* 1828 * if need to go into the "no-server" refresh 1829 * loop, set timout value to 1830 * REFRESH_DELAY_WHEN_NO_SERVER 1831 */ 1832 if (sec_to_refresh == 0) { 1833 sec_to_refresh = refresh_ttl; 1834 timeout.tv_sec = time(NULL) + 1835 REFRESH_DELAY_WHEN_NO_SERVER; 1836 sleeptime = REFRESH_DELAY_WHEN_NO_SERVER; 1837 if (current_admin.debug_level >= 1838 DBG_SERVER_LIST_REFRESH) { 1839 logit("getldap_serverInfo_op(" 1840 "INFO_OP_REFRESH_WAIT):" 1841 " entering no-server " 1842 "refresh loop...\n"); 1843 } 1844 } else { 1845 timeout.tv_sec = time(NULL) + sec_to_refresh; 1846 sleeptime = sec_to_refresh; 1847 } 1848 timeout.tv_nsec = 0; 1849 1850 /* statistics: next refresh time */ 1851 next_refresh = timeout.tv_sec; 1852 1853 if (current_admin.debug_level >= 1854 DBG_SERVER_LIST_REFRESH) { 1855 logit("getldap_serverInfo_op(" 1856 "INFO_OP_REFRESH_WAIT):" 1857 " about to sleep for %d second(s)...\n", 1858 sleeptime); 1859 } 1860 err = cond_timedwait(&info_cond, 1861 &info_mutex, &timeout); 1862 } 1863 (void) cond_destroy(&info_cond); 1864 (void) mutex_unlock(&info_mutex); 1865 break; 1866 case INFO_OP_GETSERVER: 1867 if (current_admin.debug_level >= DBG_ALL) { 1868 logit("operation is INFO_OP_GETSERVER...\n"); 1869 } 1870 *output = NULL; 1871 /* 1872 * GETSERVER processing always use 1873 * serverInfo_old to retrieve server infomation. 1874 * serverInfo_old is equal to serverInfo 1875 * most of the time, except when a new 1876 * server list is being created. 1877 * This is why the check for is_creating 1878 * is needed below. 1879 */ 1880 (void) rw_rdlock(&info_lock_old); 1881 1882 if (serverInfo_old == NULL) { 1883 (void) rw_unlock(&info_lock_old); 1884 break; 1885 } else 1886 (void) getldap_get_serverInfo(serverInfo_old, 1887 input, output, &server_removed); 1888 (void) rw_unlock(&info_lock_old); 1889 1890 /* 1891 * Return here and let remove server thread do its job in 1892 * another thread. It executes INFO_OP_REMOVESERVER code later. 1893 */ 1894 if (server_removed) 1895 break; 1896 1897 fall_thru = TRUE; 1898 1899 /* FALL THROUGH */ 1900 1901 case INFO_OP_REMOVESERVER: 1902 /* 1903 * INFO_OP_GETSERVER and INFO_OP_REMOVESERVER share the 1904 * following code except (!fall thru) part. 1905 */ 1906 1907 /* 1908 * if server info is currently being 1909 * (re)created, do nothing 1910 */ 1911 1912 (void) mutex_lock(&info_mutex); 1913 is_creating = creating; 1914 (void) mutex_unlock(&info_mutex); 1915 if (is_creating) 1916 break; 1917 1918 if (!fall_thru) { 1919 if (current_admin.debug_level >= DBG_ALL) 1920 logit("operation is INFO_OP_REMOVESERVER...\n"); 1921 (void) rw_rdlock(&info_lock_old); 1922 changed = set_server_status(input, serverInfo_old); 1923 (void) rw_unlock(&info_lock_old); 1924 if (changed) 1925 create_buf_and_notify(input, changed); 1926 else 1927 break; 1928 } 1929 1930 /* 1931 * set cache manager server list TTL if necessary 1932 */ 1933 if (*output == NULL || changed) { 1934 (void) rw_rdlock(&info_lock); 1935 (void) mutex_lock(&info_mutex); 1936 1937 (void) getldap_set_refresh_ttl(serverInfo, 1938 &refresh_ttl, &no_server_good); 1939 1940 /* 1941 * if no good server found, need to go into 1942 * the "no-server" refresh loop 1943 * to find a server as soon as possible 1944 * otherwise reset the in_no_server_mode flag 1945 */ 1946 if (no_server_good) { 1947 /* 1948 * if already in no-server mode, 1949 * don't brother 1950 */ 1951 if (in_no_server_mode == FALSE) { 1952 sec_to_refresh = 0; 1953 in_no_server_mode = TRUE; 1954 (void) cond_signal(&info_cond); 1955 } 1956 (void) mutex_unlock(&info_mutex); 1957 (void) rw_unlock(&info_lock); 1958 break; 1959 } else { 1960 in_no_server_mode = FALSE; 1961 sec_to_refresh = refresh_ttl; 1962 } 1963 /* 1964 * if the refresh thread will be timed out 1965 * longer than refresh_ttl seconds, 1966 * wake it up to make it wait on the new 1967 * time out value 1968 */ 1969 new_timeout.tv_sec = time(NULL) + refresh_ttl; 1970 if (new_timeout.tv_sec < timeout.tv_sec) 1971 (void) cond_signal(&info_cond); 1972 1973 (void) mutex_unlock(&info_mutex); 1974 (void) rw_unlock(&info_lock); 1975 } 1976 break; 1977 case INFO_OP_GETSTAT: 1978 if (current_admin.debug_level >= DBG_ALL) { 1979 logit("operation is INFO_OP_GETSTAT...\n"); 1980 } 1981 *output = NULL; 1982 (void) rw_rdlock(&info_lock); 1983 if (serverInfo) { 1984 (void) getldap_get_server_stat(serverInfo, 1985 output, &prev_refresh, &next_refresh); 1986 } 1987 (void) rw_unlock(&info_lock); 1988 break; 1989 default: 1990 logit("getldap_serverInfo_op(): " 1991 "invalid operation code (%d).\n", op); 1992 return (-1); 1993 break; 1994 } 1995 return (NS_LDAP_SUCCESS); 1996 } 1997 1998 void 1999 getldap_serverInfo_refresh() 2000 { 2001 int always = 1; 2002 2003 if (current_admin.debug_level >= DBG_ALL) { 2004 logit("getldap_serverInfo_refresh()...\n"); 2005 } 2006 2007 /* create the server info list */ 2008 (void) getldap_serverInfo_op(INFO_OP_CREATE, NULL, NULL); 2009 2010 while (always) { 2011 /* 2012 * the operation INFO_OP_REFRESH_WAIT 2013 * causes this thread to wait until 2014 * it is time to do refresh, 2015 * see getldap_serverInfo_op() for details 2016 */ 2017 (void) getldap_serverInfo_op(INFO_OP_REFRESH_WAIT, NULL, NULL); 2018 (void) getldap_serverInfo_op(INFO_OP_REFRESH, NULL, NULL); 2019 } 2020 } 2021 2022 void 2023 getldap_getserver(LineBuf *config_info, ldap_call_t *in) 2024 { 2025 char req[] = "0"; 2026 2027 if (current_admin.debug_level >= DBG_ALL) { 2028 logit("getldap_getserver()...\n"); 2029 } 2030 2031 config_info->len = 0; 2032 2033 /* make sure the request is valid */ 2034 req[0] = (in->ldap_u.servername)[0]; 2035 if ((req[0] != '\0') && 2036 (strcmp(req, NS_CACHE_NEW) != 0) && 2037 (strcmp(req, NS_CACHE_NORESP) != 0) && 2038 (strcmp(req, NS_CACHE_NEXT) != 0) && 2039 (strcmp(req, NS_CACHE_WRITE) != 0)) { 2040 return; 2041 } 2042 2043 (void) getldap_serverInfo_op(INFO_OP_GETSERVER, 2044 in->ldap_u.domainname, &config_info->str); 2045 2046 if (config_info->str == NULL) 2047 return; 2048 2049 config_info->len = strlen(config_info->str) + 1; 2050 2051 if (current_admin.debug_level >= DBG_PROFILE_REFRESH) { 2052 /* Log server IP */ 2053 char *ptr, 2054 separator; 2055 ptr = strstr(config_info->str, DOORLINESEP); 2056 if (ptr) { 2057 separator = *ptr; 2058 *ptr = '\0'; 2059 logit("getldap_getserver: got server %s\n", 2060 config_info->str); 2061 *ptr = separator; 2062 } else 2063 logit("getldap_getserver: Missing %s." 2064 " Internal error\n", DOORLINESEP); 2065 } 2066 } 2067 2068 void 2069 getldap_get_cacheData(LineBuf *config_info, ldap_call_t *in) 2070 { 2071 char *instr = NULL; 2072 int datatype = CACHE_MAP_UNKNOWN; 2073 2074 if (current_admin.debug_level >= DBG_ALL) { 2075 logit("getldap_get_cacheData()...\n"); 2076 } 2077 2078 config_info->len = 0; 2079 config_info->str = NULL; 2080 2081 /* make sure the request is valid */ 2082 if (strncmp(in->ldap_u.servername, 2083 NS_CACHE_DN2DOMAIN, strlen(NS_CACHE_DN2DOMAIN)) == 0) 2084 datatype = CACHE_MAP_DN2DOMAIN; 2085 2086 if (datatype == CACHE_MAP_UNKNOWN) 2087 return; 2088 2089 instr = strstr(in->ldap_u.servername, DOORLINESEP); 2090 if (instr == NULL) 2091 return; 2092 instr += strlen(DOORLINESEP); 2093 if (*instr == '\0') 2094 return; 2095 2096 (void) getldap_cache_op(CACHE_OP_FIND, datatype, 2097 instr, &config_info->str); 2098 2099 if (config_info->str != NULL) { 2100 config_info->len = strlen(config_info->str) + 1; 2101 } 2102 } 2103 2104 int 2105 getldap_set_cacheData(ldap_call_t *in) 2106 { 2107 char *instr1 = NULL; 2108 char *instr2 = NULL; 2109 int datatype = CACHE_MAP_UNKNOWN; 2110 int rc = 0; 2111 2112 if (current_admin.debug_level >= DBG_ALL) { 2113 logit("getldap_set_cacheData()...\n"); 2114 } 2115 2116 /* make sure the request is valid */ 2117 if (strncmp(in->ldap_u.servername, 2118 NS_CACHE_DN2DOMAIN, strlen(NS_CACHE_DN2DOMAIN)) == 0) 2119 datatype = CACHE_MAP_DN2DOMAIN; 2120 2121 if (datatype == CACHE_MAP_UNKNOWN) 2122 return (-1); 2123 2124 instr1 = strstr(in->ldap_u.servername, DOORLINESEP); 2125 if (instr1 == NULL) 2126 return (-1); 2127 *instr1 = '\0'; 2128 instr1 += strlen(DOORLINESEP); 2129 if (*instr1 == '\0') 2130 return (-1); 2131 instr2 = strstr(instr1, DOORLINESEP); 2132 if (instr2 == NULL) 2133 return (-1); 2134 *instr2 = '\0'; 2135 instr2 += strlen(DOORLINESEP); 2136 if (*instr2 == '\0') 2137 return (-1); 2138 2139 rc = getldap_cache_op(CACHE_OP_ADD, datatype, 2140 instr1, &instr2); 2141 if (rc != NS_LDAP_SUCCESS) 2142 return (-1); 2143 2144 return (0); 2145 } 2146 2147 void 2148 getldap_get_cacheStat(LineBuf *stat_info) 2149 { 2150 char *foutstr = NULL; 2151 char *soutstr = NULL; 2152 char *coutstr = NULL; 2153 int infoSize; 2154 2155 if (current_admin.debug_level >= DBG_ALL) { 2156 logit("getldap_get_cacheStat()...\n"); 2157 } 2158 2159 stat_info->str = NULL; 2160 stat_info->len = 0; 2161 2162 /* get refersh statisitcs */ 2163 (void) getldap_get_refresh_stat(&foutstr); 2164 if (foutstr == NULL) 2165 return; 2166 2167 /* get server statisitcs */ 2168 (void) getldap_serverInfo_op(INFO_OP_GETSTAT, NULL, &soutstr); 2169 if (soutstr == NULL) { 2170 free(foutstr); 2171 return; 2172 } 2173 /* get cache data statisitcs */ 2174 (void) getldap_cache_op(CACHE_OP_GETSTAT, NULL, NULL, &coutstr); 2175 if (coutstr == NULL) { 2176 free(foutstr); 2177 free(soutstr); 2178 return; 2179 } 2180 2181 infoSize = strlen(foutstr) + strlen(soutstr) + strlen(coutstr) + 3; 2182 stat_info->str = calloc(infoSize, sizeof (char)); 2183 if (stat_info->str != NULL) { 2184 (void) strncpy(stat_info->str, 2185 foutstr, 2186 strlen(foutstr) + 1); 2187 (void) strncat(stat_info->str, 2188 soutstr, 2189 strlen(soutstr) + 1); 2190 (void) strncat(stat_info->str, 2191 coutstr, 2192 strlen(coutstr) + 1); 2193 stat_info->len = infoSize; 2194 } 2195 2196 free(foutstr); 2197 free(soutstr); 2198 free(coutstr); 2199 } 2200 2201 static int 2202 checkupdate(int sighup) 2203 { 2204 int value; 2205 2206 (void) rw_wrlock(&ldap_lock); 2207 value = sighup; 2208 (void) rw_unlock(&ldap_lock); 2209 2210 return (value == TRUE); 2211 } 2212 2213 2214 static int 2215 update_from_profile(int *change_status) 2216 { 2217 ns_ldap_result_t *result = NULL; 2218 char searchfilter[BUFSIZ]; 2219 ns_ldap_error_t *error; 2220 int rc; 2221 void **paramVal = NULL; 2222 ns_config_t *ptr = NULL; 2223 char *profile = NULL; 2224 char errstr[MAXERROR]; 2225 2226 if (current_admin.debug_level >= DBG_ALL) { 2227 logit("update_from_profile....\n"); 2228 } 2229 do { 2230 (void) rw_wrlock(&ldap_lock); 2231 sighup_update = FALSE; 2232 (void) rw_unlock(&ldap_lock); 2233 2234 if ((rc = __ns_ldap_getParam(NS_LDAP_PROFILE_P, 2235 ¶mVal, &error)) != NS_LDAP_SUCCESS) { 2236 if (error != NULL && error->message != NULL) 2237 logit("Error: Unable to profile name: %s\n", 2238 error->message); 2239 else { 2240 char *tmp; 2241 2242 __ns_ldap_err2str(rc, &tmp); 2243 logit("Error: Unable to profile name: %s\n", 2244 tmp); 2245 } 2246 (void) __ns_ldap_freeParam(¶mVal); 2247 (void) __ns_ldap_freeError(&error); 2248 return (-1); 2249 } 2250 2251 if (paramVal && *paramVal) 2252 profile = strdup((char *)*paramVal); 2253 (void) __ns_ldap_freeParam(¶mVal); 2254 2255 if (profile == NULL) { 2256 return (-1); 2257 } 2258 2259 (void) snprintf(searchfilter, BUFSIZ, _PROFILE_FILTER, 2260 _PROFILE1_OBJECTCLASS, _PROFILE2_OBJECTCLASS, profile); 2261 2262 if ((rc = __ns_ldap_list(_PROFILE_CONTAINER, 2263 (const char *)searchfilter, NULL, 2264 NULL, NULL, 0, 2265 &result, &error, NULL, NULL)) != NS_LDAP_SUCCESS) { 2266 2267 /* 2268 * Is profile name the DEFAULTCONFIGNAME? 2269 * syslog Warning, otherwise syslog error. 2270 */ 2271 if (strcmp(profile, DEFAULTCONFIGNAME) == 0) { 2272 syslog(LOG_WARNING, 2273 "Ignoring attempt to refresh nonexistent " 2274 "default profile: %s.\n", 2275 profile); 2276 logit("Ignoring attempt to refresh nonexistent " 2277 "default profile: %s.\n", 2278 profile); 2279 } else if ((error != NULL) && 2280 (error->message != NULL)) { 2281 syslog(LOG_ERR, 2282 "Error: Unable to refresh profile:%s:" 2283 " %s\n", profile, error->message); 2284 logit("Error: Unable to refresh profile:" 2285 "%s:%s\n", profile, error->message); 2286 } else { 2287 syslog(LOG_ERR, "Error: Unable to refresh " 2288 "from profile:%s. (error=%d)\n", 2289 profile, rc); 2290 logit("Error: Unable to refresh from profile " 2291 "%s (error=%d)\n", profile, rc); 2292 } 2293 2294 (void) __ns_ldap_freeError(&error); 2295 (void) __ns_ldap_freeResult(&result); 2296 free(profile); 2297 return (-1); 2298 } 2299 free(profile); 2300 2301 2302 } while (checkupdate(sighup_update) == TRUE); 2303 2304 (void) rw_wrlock(&ldap_lock); 2305 2306 ptr = __ns_ldap_make_config(result); 2307 (void) __ns_ldap_freeResult(&result); 2308 2309 if (ptr == NULL) { 2310 logit("Error: __ns_ldap_make_config failed.\n"); 2311 (void) rw_unlock(&ldap_lock); 2312 return (-1); 2313 } 2314 2315 /* 2316 * cross check the config parameters 2317 */ 2318 if (__s_api_crosscheck(ptr, errstr, B_TRUE) == NS_SUCCESS) { 2319 /* 2320 * reset the local profile TTL 2321 */ 2322 if (ptr->paramList[NS_LDAP_CACHETTL_P].ns_pc) 2323 current_admin.ldap_stat.ldap_ttl = 2324 atol(ptr->paramList[NS_LDAP_CACHETTL_P].ns_pc); 2325 2326 if (current_admin.debug_level >= DBG_PROFILE_REFRESH) { 2327 logit("update_from_profile: reset profile TTL to %d" 2328 " seconds\n", 2329 current_admin.ldap_stat.ldap_ttl); 2330 logit("update_from_profile: expire time %ld " 2331 "seconds\n", 2332 ptr->paramList[NS_LDAP_EXP_P].ns_tm); 2333 } 2334 2335 /* set ptr as current_config if the config is changed */ 2336 chg_test_config_change(ptr, change_status); 2337 rc = 0; 2338 } else { 2339 __s_api_destroy_config(ptr); 2340 logit("Error: downloaded profile failed to pass " 2341 "crosscheck (%s).\n", errstr); 2342 syslog(LOG_ERR, "ldap_cachemgr: %s", errstr); 2343 rc = -1; 2344 } 2345 (void) rw_unlock(&ldap_lock); 2346 2347 return (rc); 2348 } 2349 2350 int 2351 getldap_init() 2352 { 2353 ns_ldap_error_t *error; 2354 struct timeval tp; 2355 ldap_get_chg_cookie_t cookie; 2356 2357 if (current_admin.debug_level >= DBG_ALL) { 2358 logit("getldap_init()...\n"); 2359 } 2360 2361 (void) __ns_ldap_setServer(TRUE); 2362 2363 (void) rw_wrlock(&ldap_lock); 2364 if ((error = __ns_ldap_LoadConfiguration()) != NULL) { 2365 logit("Error: Unable to read '%s': %s\n", 2366 NSCONFIGFILE, error->message); 2367 (void) fprintf(stderr, 2368 gettext("\nError: Unable to read '%s': %s\n"), 2369 NSCONFIGFILE, error->message); 2370 __ns_ldap_freeError(&error); 2371 (void) rw_unlock(&ldap_lock); 2372 return (-1); 2373 } 2374 (void) rw_unlock(&ldap_lock); 2375 2376 if (gettimeofday(&tp, NULL) == 0) { 2377 /* statistics: previous refresh time */ 2378 prev_refresh_time = tp.tv_sec; 2379 } 2380 2381 /* initialize the data cache */ 2382 (void) getldap_cache_op(CACHE_OP_CREATE, 2383 0, NULL, NULL); 2384 2385 cookie.mgr_pid = getpid(); 2386 cookie.seq_num = 0; 2387 chg_config_cookie_set(&cookie); 2388 return (0); 2389 } 2390 2391 static void 2392 perform_update(void) 2393 { 2394 ns_ldap_error_t *error = NULL; 2395 struct timeval tp; 2396 char buf[20]; 2397 int rc, rc1; 2398 int changed = 0; 2399 void **paramVal = NULL; 2400 ns_ldap_self_gssapi_config_t config; 2401 2402 if (current_admin.debug_level >= DBG_ALL) { 2403 logit("perform_update()...\n"); 2404 } 2405 2406 (void) __ns_ldap_setServer(TRUE); 2407 2408 if (gettimeofday(&tp, NULL) != 0) 2409 return; 2410 2411 rc = __ns_ldap_getParam(NS_LDAP_CACHETTL_P, ¶mVal, &error); 2412 2413 if (rc == NS_LDAP_SUCCESS && paramVal != NULL) { 2414 current_admin.ldap_stat.ldap_ttl = atol((char *)*paramVal); 2415 } 2416 2417 if (error != NULL) 2418 (void) __ns_ldap_freeError(&error); 2419 2420 if (paramVal != NULL) 2421 (void) __ns_ldap_freeParam(¶mVal); 2422 2423 if (current_admin.debug_level >= DBG_PROFILE_REFRESH) { 2424 logit("perform_update: current profile TTL is %d seconds\n", 2425 current_admin.ldap_stat.ldap_ttl); 2426 } 2427 2428 if (current_admin.ldap_stat.ldap_ttl > 0) { 2429 /* 2430 * set the profile TTL parameter, just 2431 * in case that the downloading of 2432 * the profile from server would fail 2433 */ 2434 2435 /* 2436 * NS_LDAP_EXP_P is a no op for __ns_ldap_setParam 2437 * It depends on NS_LDAP_CACHETTL_P to set it's value 2438 * Set NS_LDAP_CACHETTL_P here so NS_LDAP_EXP_P value 2439 * can be set. 2440 * NS_LDAP_CACHETTL_P value can be reset after the profile is 2441 * downloaded from the server, so is NS_LDAP_EXP_P. 2442 */ 2443 buf[19] = '\0'; /* null terminated the buffer */ 2444 if (__ns_ldap_setParam(NS_LDAP_CACHETTL_P, 2445 lltostr((long long)current_admin.ldap_stat.ldap_ttl, 2446 &buf[19]), 2447 &error) != NS_LDAP_SUCCESS) { 2448 logit("Error: __ns_ldap_setParam failed, status: %d " 2449 "message: %s\n", error->status, error->message); 2450 (void) __ns_ldap_freeError(&error); 2451 return; 2452 } 2453 2454 (void) rw_wrlock(&ldap_lock); 2455 sighup_update = FALSE; 2456 (void) rw_unlock(&ldap_lock); 2457 2458 do { 2459 rc = update_from_profile(&changed); 2460 if (rc != 0) { 2461 logit("Error: Unable to update from profile\n"); 2462 } 2463 } while (checkupdate(sighup_update) == TRUE); 2464 } else { 2465 rc = 0; 2466 } 2467 2468 /* 2469 * recreate the server info list 2470 */ 2471 if (rc == 0) { 2472 (void) getldap_serverInfo_op(INFO_OP_CREATE, NULL, NULL); 2473 2474 /* flush the data cache */ 2475 (void) getldap_cache_op(CACHE_OP_DELETE, 2476 0, NULL, NULL); 2477 2478 /* statistics: previous refresh time */ 2479 prev_refresh_time = tp.tv_sec; 2480 } 2481 rc1 = __ns_ldap_self_gssapi_config(&config); 2482 if (rc1 == NS_LDAP_SUCCESS) { 2483 if (config != NS_LDAP_SELF_GSSAPI_CONFIG_NONE) { 2484 rc1 = __ns_ldap_check_all_preq(0, 0, 0, config, &error); 2485 (void) __ns_ldap_freeError(&error); 2486 if (rc1 != NS_LDAP_SUCCESS) { 2487 logit("Error: Check on self credential " 2488 "prerquesites failed: %d\n", 2489 rc1); 2490 exit(rc1); 2491 } 2492 } 2493 } else { 2494 logit("Error: Failed to get self credential configuration %d\n", 2495 rc1); 2496 exit(rc1); 2497 } 2498 2499 if (!changed) 2500 return; 2501 2502 (void) rw_rdlock(&ldap_lock); 2503 if (((error = __ns_ldap_DumpConfiguration(NSCONFIGREFRESH)) != NULL) || 2504 ((error = __ns_ldap_DumpConfiguration(NSCREDREFRESH)) != NULL)) { 2505 logit("Error: __ns_ldap_DumpConfiguration failed, " 2506 "status: %d message: %s\n", error->status, error->message); 2507 __ns_ldap_freeError(&error); 2508 (void) rw_unlock(&ldap_lock); 2509 return; 2510 } 2511 if (rename(NSCONFIGREFRESH, NSCONFIGFILE) != 0) { 2512 logit("Error: unlink failed - errno: %s\n", strerror(errno)); 2513 syslog(LOG_ERR, "Unable to refresh profile, LDAP configuration" 2514 "files not written"); 2515 (void) rw_unlock(&ldap_lock); 2516 return; 2517 } 2518 if (rename(NSCREDREFRESH, NSCREDFILE) != 0) { 2519 /* 2520 * We probably have inconsistent configuration at this point. 2521 * If we were to create a backup file and rename it here, that 2522 * operation might also fail. Consequently there is no safe way 2523 * to roll back. 2524 */ 2525 logit("Error: unlink failed - errno: %s\n", strerror(errno)); 2526 syslog(LOG_ERR, "Unable to refresh profile consistently, " 2527 "LDAP configuration files inconsistent"); 2528 (void) rw_unlock(&ldap_lock); 2529 return; 2530 } 2531 2532 (void) rw_unlock(&ldap_lock); 2533 } 2534 2535 void 2536 getldap_refresh() 2537 { 2538 struct timespec timeout; 2539 int sleeptime; 2540 struct timeval tp; 2541 long expire = 0; 2542 void **paramVal = NULL; 2543 ns_ldap_error_t *errorp; 2544 int always = 1, err; 2545 int first_time = 1; 2546 int sig_done = 0; 2547 int dbg_level; 2548 2549 (void) pthread_setname_np(pthread_self(), "getldap_refresh"); 2550 2551 if (current_admin.debug_level >= DBG_ALL) { 2552 logit("getldap_refresh()...\n"); 2553 } 2554 2555 /* 2556 * wait for an available server 2557 */ 2558 while (sig_done == 0) { 2559 (void) mutex_lock(&sig_mutex); 2560 sig_done = signal_done; 2561 (void) mutex_unlock(&sig_mutex); 2562 } 2563 2564 (void) __ns_ldap_setServer(TRUE); 2565 while (always) { 2566 dbg_level = current_admin.debug_level; 2567 (void) rw_rdlock(&ldap_lock); 2568 sleeptime = current_admin.ldap_stat.ldap_ttl; 2569 if (dbg_level >= DBG_PROFILE_REFRESH) { 2570 logit("getldap_refresh: current profile TTL is %d " 2571 "seconds\n", current_admin.ldap_stat.ldap_ttl); 2572 } 2573 if (gettimeofday(&tp, NULL) == 0) { 2574 if ((__ns_ldap_getParam(NS_LDAP_EXP_P, 2575 ¶mVal, &errorp) == NS_LDAP_SUCCESS) && 2576 paramVal != NULL && 2577 (char *)*paramVal != NULL) { 2578 errno = 0; 2579 expire = atol((char *)*paramVal); 2580 (void) __ns_ldap_freeParam(¶mVal); 2581 if (errno == 0) { 2582 if (expire == 0) { 2583 first_time = 0; 2584 (void) rw_unlock(&ldap_lock); 2585 (void) cond_init(&cond, 2586 NULL, NULL); 2587 (void) mutex_lock(&sighuplock); 2588 timeout.tv_sec = 2589 CACHESLEEPTIME; 2590 timeout.tv_nsec = 0; 2591 if (dbg_level >= 2592 DBG_PROFILE_REFRESH) { 2593 logit("getldap_refresh:" 2594 "(1)about to sleep" 2595 " for %d seconds\n", 2596 CACHESLEEPTIME); 2597 } 2598 err = cond_reltimedwait(&cond, 2599 &sighuplock, &timeout); 2600 (void) cond_destroy(&cond); 2601 (void) mutex_unlock( 2602 &sighuplock); 2603 /* 2604 * if woke up by 2605 * getldap_revalidate(), 2606 * do update right away 2607 */ 2608 if (err == ETIME) 2609 continue; 2610 else { 2611 /* 2612 * if load 2613 * configuration failed 2614 * don't do update 2615 */ 2616 if (load_config()) 2617 perform_update 2618 (); 2619 continue; 2620 } 2621 } 2622 sleeptime = expire - tp.tv_sec; 2623 if (dbg_level >= DBG_PROFILE_REFRESH) { 2624 logit("getldap_refresh: expire " 2625 "time = %ld\n", expire); 2626 } 2627 2628 } 2629 } 2630 } 2631 2632 (void) rw_unlock(&ldap_lock); 2633 2634 /* 2635 * if this is the first time downloading 2636 * the profile or expire time already passed, 2637 * do not wait, do update 2638 */ 2639 if (first_time == 0 && sleeptime > 0) { 2640 if (dbg_level >= DBG_PROFILE_REFRESH) { 2641 logit("getldap_refresh: (2)about to sleep " 2642 "for %d seconds\n", sleeptime); 2643 } 2644 (void) cond_init(&cond, NULL, NULL); 2645 (void) mutex_lock(&sighuplock); 2646 timeout.tv_sec = sleeptime; 2647 timeout.tv_nsec = 0; 2648 err = cond_reltimedwait(&cond, 2649 &sighuplock, &timeout); 2650 (void) cond_destroy(&cond); 2651 (void) mutex_unlock(&sighuplock); 2652 } 2653 /* 2654 * if load concfiguration failed 2655 * don't do update 2656 */ 2657 if (load_config()) 2658 perform_update(); 2659 first_time = 0; 2660 } 2661 } 2662 2663 void 2664 getldap_revalidate() 2665 { 2666 if (current_admin.debug_level >= DBG_ALL) { 2667 logit("getldap_revalidate()...\n"); 2668 } 2669 /* block signal SIGHUP */ 2670 (void) sighold(SIGHUP); 2671 2672 /* now awake the sleeping refresh thread */ 2673 (void) cond_signal(&cond); 2674 2675 /* release signal SIGHUP */ 2676 (void) sigrelse(SIGHUP); 2677 2678 } 2679 2680 void 2681 getldap_admincred(LineBuf *config_info, ldap_call_t *in) 2682 { 2683 ns_ldap_error_t *error; 2684 ldap_config_out_t *cout; 2685 ucred_t *uc = NULL; 2686 2687 if (current_admin.debug_level >= DBG_ALL) { 2688 logit("getldap_admincred()...\n"); 2689 } 2690 /* check privileges */ 2691 if (is_root_or_all_privs("GETADMINCRED", &uc) == 0) { 2692 logit("admin credential requested by a non-root and no ALL " 2693 "privilege user not allowed"); 2694 config_info->str = NULL; 2695 config_info->len = 0; 2696 } else { 2697 (void) rw_rdlock(&ldap_lock); 2698 if ((error = __ns_ldap_LoadDoorInfo(config_info, 2699 in->ldap_u.domainname, NULL, 1)) != NULL) { 2700 if (error != NULL && error->message != NULL) 2701 logit("Error: ldap_lookup: %s\n", 2702 error->message); 2703 (void) __ns_ldap_freeError(&error); 2704 2705 config_info->str = NULL; 2706 config_info->len = 0; 2707 } 2708 /* set change cookie */ 2709 cout = (ldap_config_out_t *)config_info->str; 2710 if (cout) 2711 cout->cookie = chg_config_cookie_get(); 2712 (void) rw_unlock(&ldap_lock); 2713 } 2714 } 2715 2716 void 2717 getldap_lookup(LineBuf *config_info, ldap_call_t *in) 2718 { 2719 ns_ldap_error_t *error; 2720 ldap_config_out_t *cout; 2721 2722 if (current_admin.debug_level >= DBG_ALL) { 2723 logit("getldap_lookup()...\n"); 2724 } 2725 (void) rw_rdlock(&ldap_lock); 2726 if ((error = __ns_ldap_LoadDoorInfo(config_info, 2727 in->ldap_u.domainname, NULL, 0)) != NULL) { 2728 if (error != NULL && error->message != NULL) 2729 logit("Error: ldap_lookup: %s\n", error->message); 2730 (void) __ns_ldap_freeError(&error); 2731 2732 config_info->str = NULL; 2733 config_info->len = 0; 2734 } 2735 /* set change cookie */ 2736 cout = (ldap_config_out_t *)config_info->str; 2737 if (cout) 2738 cout->cookie = chg_config_cookie_get(); 2739 (void) rw_unlock(&ldap_lock); 2740 } 2741 /* 2742 * It creates the header and data stream to be door returned and notify 2743 * chg_get_statusChange() threads. 2744 * This is called after all getldap_get_rootDSE() threads are joined. 2745 */ 2746 void 2747 test_server_change(server_info_t *head) 2748 { 2749 server_info_t *info; 2750 int len = 0, num = 0, ds_len = 0, new_len = 0, tlen = 0; 2751 char *tmp_buf = NULL, *ptr = NULL, *status = NULL; 2752 ldap_get_change_out_t *cout; 2753 2754 ds_len = strlen(DOORLINESEP); 2755 2756 for (info = head; info; info = info->next) { 2757 (void) mutex_lock(&info->mutex[0]); 2758 if (info->sinfo[0].change != 0) { 2759 /* "9.9.9.9|NS_SERVER_CHANGE_UP|" */ 2760 len += 2 * ds_len + strlen(info->sinfo[0].addr) + 2761 strlen(NS_SERVER_CHANGE_UP); 2762 num++; 2763 } 2764 (void) mutex_unlock(&info->mutex[0]); 2765 } 2766 2767 if (len == 0) 2768 return; 2769 2770 len++; /* '\0' */ 2771 2772 tlen = sizeof (ldap_get_change_out_t) - sizeof (int) + len; 2773 if ((tmp_buf = malloc(tlen)) == NULL) 2774 return; 2775 2776 cout = (ldap_get_change_out_t *)tmp_buf; 2777 cout->type = NS_STATUS_CHANGE_TYPE_SERVER; 2778 /* cout->cookie is set by chg_notify_statusChange */ 2779 cout->server_count = num; 2780 cout->data_size = len; 2781 2782 /* Create IP|UP or DOWN|IP|UP or DOWN| ... */ 2783 ptr = cout->data; 2784 new_len = len; 2785 for (info = head; info; info = info->next) { 2786 (void) mutex_lock(&info->mutex[0]); 2787 if (info->sinfo[0].change == 0) { 2788 (void) mutex_unlock(&info->mutex[0]); 2789 continue; 2790 } 2791 2792 if (info->sinfo[0].change == NS_SERVER_UP) 2793 status = NS_SERVER_CHANGE_UP; 2794 else if (info->sinfo[0].change == NS_SERVER_DOWN) 2795 status = NS_SERVER_CHANGE_DOWN; 2796 else { 2797 syslog(LOG_WARNING, gettext("Bad change value %d"), 2798 info->sinfo[0].change); 2799 (void) mutex_unlock(&info->mutex[0]); 2800 free(tmp_buf); 2801 return; 2802 } 2803 2804 if ((snprintf(ptr, new_len, "%s%s%s%s", 2805 info->sinfo[0].addr, DOORLINESEP, 2806 status, DOORLINESEP)) >= new_len) { 2807 (void) mutex_unlock(&info->mutex[0]); 2808 break; 2809 } 2810 new_len -= strlen(ptr); 2811 ptr += strlen(ptr); 2812 2813 (void) mutex_unlock(&info->mutex[0]); 2814 } 2815 (void) chg_notify_statusChange(tmp_buf); 2816 } 2817 /* 2818 * It creates the header and data stream to be door returned and notify 2819 * chg_get_statusChange() threads. 2820 * This is called in removing server case. 2821 */ 2822 static void 2823 create_buf_and_notify(char *input, ns_server_status_t st) 2824 { 2825 rm_svr_t *rms = (rm_svr_t *)input; 2826 char *tmp_buf, *ptr, *status; 2827 int len, tlen; 2828 ldap_get_change_out_t *cout; 2829 2830 /* IP|UP or DOWN| */ 2831 len = 2 * strlen(DOORLINESEP) + strlen(rms->addr) + 2832 strlen(NS_SERVER_CHANGE_UP) + 1; 2833 2834 tlen = sizeof (ldap_get_change_out_t) - sizeof (int) + len; 2835 2836 if ((tmp_buf = malloc(tlen)) == NULL) 2837 return; 2838 2839 cout = (ldap_get_change_out_t *)tmp_buf; 2840 cout->type = NS_STATUS_CHANGE_TYPE_SERVER; 2841 /* cout->cookie is set by chg_notify_statusChange */ 2842 cout->server_count = 1; 2843 cout->data_size = len; 2844 2845 /* Create IP|DOWN| */ 2846 ptr = cout->data; 2847 if (st == NS_SERVER_UP) 2848 status = NS_SERVER_CHANGE_UP; 2849 else if (st == NS_SERVER_DOWN) 2850 status = NS_SERVER_CHANGE_DOWN; 2851 2852 (void) snprintf(ptr, len, "%s%s%s%s", 2853 rms->addr, DOORLINESEP, status, DOORLINESEP); 2854 2855 (void) chg_notify_statusChange(tmp_buf); 2856 2857 } 2858 2859 /* 2860 * Return: 0 server is down, 1 server is up 2861 */ 2862 static int 2863 contact_server(char *addr) 2864 { 2865 char *rootDSE = NULL; 2866 ns_ldap_error_t *error = NULL; 2867 int rc; 2868 2869 if (__ns_ldap_getRootDSE(addr, &rootDSE, &error, 2870 SA_ALLOW_FALLBACK) != NS_LDAP_SUCCESS) { 2871 if (current_admin.debug_level >= DBG_ALL) 2872 logit("get rootDSE %s failed. %s", addr, 2873 error->message ? error->message : ""); 2874 rc = 0; 2875 } else 2876 rc = 1; 2877 2878 if (rootDSE) 2879 free(rootDSE); 2880 if (error) 2881 (void) __ns_ldap_freeError(&error); 2882 2883 return (rc); 2884 } 2885 2886 /* 2887 * The thread is spawned to do contact_server() so it won't be blocking 2888 * getldap_serverInfo_op(INFO_OP_GETSERVER, ...) case. 2889 * After contact_server() is done, it calls 2890 * getldap_serverInfo_op(INFO_OP_REMOVESERVER, ...) to return to the remaining 2891 * program flow. It's meant to maintain the original program flow yet be 2892 * non-blocking when it's contacting server. 2893 */ 2894 static void * 2895 remove_server_thread(void *arg) 2896 { 2897 char *addr = (char *)arg, *out = NULL; 2898 int up; 2899 rm_svr_t rms; 2900 2901 (void) pthread_setname_np(pthread_self(), "remove_server"); 2902 2903 up = contact_server(addr); 2904 2905 rms.addr = addr; 2906 rms.up = up; 2907 2908 (void) getldap_serverInfo_op(INFO_OP_REMOVESERVER, (char *)&rms, &out); 2909 2910 free(addr); 2911 2912 thr_exit(NULL); 2913 return (NULL); 2914 } 2915 /* 2916 * addr is allocated and is freed by remove_server_thread 2917 * It starts a thread to contact server and remove server to avoid long wait 2918 * or recursion. 2919 */ 2920 static void 2921 remove_server(char *addr) 2922 { 2923 if (thr_create(NULL, 0, remove_server_thread, 2924 (void *)addr, THR_BOUND|THR_DETACHED, NULL) != 0) { 2925 free(addr); 2926 syslog(LOG_ERR, "thr_create failed for remove_server_thread"); 2927 } 2928 } 2929 /* 2930 * Compare the server_status and mark it up or down accordingly. 2931 * This is called in removing server case. 2932 */ 2933 static ns_server_status_t 2934 set_server_status(char *input, server_info_t *head) 2935 { 2936 rm_svr_t *rms = (rm_svr_t *)input; 2937 ns_server_status_t changed = 0; 2938 server_info_t *info; 2939 2940 for (info = head; info != NULL; info = info->next) { 2941 (void) mutex_lock(&info->mutex[0]); 2942 if (strcmp(info->sinfo[0].addr, rms->addr) == 0) { 2943 if (info->sinfo[0].server_status == INFO_SERVER_UP && 2944 rms->up == FALSE) { 2945 info->sinfo[0].prev_server_status = 2946 info->sinfo[0].server_status; 2947 info->sinfo[0].server_status = 2948 INFO_SERVER_ERROR; 2949 info->sinfo[0].change = NS_SERVER_DOWN; 2950 changed = NS_SERVER_DOWN; 2951 2952 } else if (info->sinfo[0].server_status == 2953 INFO_SERVER_ERROR && rms->up == TRUE) { 2954 /* 2955 * It should be INFO_SERVER_UP, but check here 2956 */ 2957 info->sinfo[0].prev_server_status = 2958 info->sinfo[0].server_status; 2959 info->sinfo[0].server_status = 2960 INFO_SERVER_UP; 2961 info->sinfo[0].change = NS_SERVER_UP; 2962 changed = NS_SERVER_UP; 2963 } 2964 (void) mutex_unlock(&info->mutex[0]); 2965 break; 2966 } 2967 (void) mutex_unlock(&info->mutex[0]); 2968 } 2969 if (changed) { 2970 /* ldap_cachemgr -g option looks up [1] */ 2971 (void) mutex_lock(&info->mutex[1]); 2972 info->sinfo[1].prev_server_status = 2973 info->sinfo[1].server_status; 2974 if (changed == NS_SERVER_DOWN) 2975 info->sinfo[1].server_status = INFO_SERVER_ERROR; 2976 else if (changed == NS_SERVER_UP) 2977 info->sinfo[1].server_status = INFO_SERVER_UP; 2978 (void) mutex_unlock(&info->mutex[1]); 2979 } 2980 return (changed); 2981 } 2982