1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 * Copyright 2012 Milan Jurik. All rights reserved. 25 * Copyright 2018 Joyent, Inc. 26 * Copyright 2019 Nexenta Systems, Inc. 27 */ 28 29 #include <stdlib.h> 30 #include <alloca.h> 31 #include <signal.h> 32 #include <sys/stat.h> 33 #include <unistd.h> 34 #include <pthread.h> 35 #include <time.h> 36 #include <errno.h> 37 #include <door.h> 38 #include <zone.h> 39 #include <resolv.h> 40 #include <sys/socket.h> 41 #include <net/route.h> 42 #include <string.h> 43 #include <net/if.h> 44 #include <sys/stat.h> 45 #include <fcntl.h> 46 #include "nscd_common.h" 47 #include "nscd_door.h" 48 #include "nscd_config.h" 49 #include "nscd_switch.h" 50 #include "nscd_log.h" 51 #include "nscd_selfcred.h" 52 #include "nscd_frontend.h" 53 #include "nscd_admin.h" 54 55 static void rts_mon(void); 56 static void keep_open_dns_socket(void); 57 58 extern nsc_ctx_t *cache_ctx_p[]; 59 60 /* 61 * Current active Configuration data for the frontend component 62 */ 63 static nscd_cfg_global_frontend_t frontend_cfg_g; 64 static nscd_cfg_frontend_t *frontend_cfg; 65 66 static int max_servers = 0; 67 static int max_servers_set = 0; 68 static int per_user_is_on = 1; 69 70 static char *main_execname; 71 static char **main_argv; 72 extern int _whoami; 73 extern long activity; 74 extern mutex_t activity_lock; 75 76 static sema_t common_sema; 77 78 static thread_key_t lookup_state_key; 79 static mutex_t create_lock = DEFAULTMUTEX; 80 static int num_servers = 0; 81 static thread_key_t server_key; 82 83 /* 84 * Bind a TSD value to a server thread. This enables the destructor to 85 * be called if/when this thread exits. This would be a programming 86 * error, but better safe than sorry. 87 */ 88 /*ARGSUSED*/ 89 static void * 90 server_tsd_bind(void *arg) 91 { 92 static void *value = "NON-NULL TSD"; 93 94 (void) thr_setname(thr_self(), "server_tsd_bind"); 95 96 /* disable cancellation to avoid hangs if server threads disappear */ 97 (void) pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL); 98 (void) thr_setspecific(server_key, value); 99 (void) door_return(NULL, 0, NULL, 0); 100 101 /* make lint happy */ 102 return (NULL); 103 } 104 105 /* 106 * Server threads are created here. 107 */ 108 /*ARGSUSED*/ 109 static void 110 server_create(door_info_t *dip) 111 { 112 (void) mutex_lock(&create_lock); 113 if (++num_servers > max_servers) { 114 num_servers--; 115 (void) mutex_unlock(&create_lock); 116 return; 117 } 118 (void) mutex_unlock(&create_lock); 119 (void) thr_create(NULL, 0, server_tsd_bind, NULL, 120 THR_BOUND|THR_DETACHED, NULL); 121 } 122 123 /* 124 * Server thread are destroyed here 125 */ 126 /*ARGSUSED*/ 127 static void 128 server_destroy(void *arg) 129 { 130 (void) mutex_lock(&create_lock); 131 num_servers--; 132 (void) mutex_unlock(&create_lock); 133 (void) thr_setspecific(server_key, NULL); 134 } 135 136 /* 137 * get clearance 138 */ 139 int 140 _nscd_get_clearance(sema_t *sema) 141 { 142 if (sema_trywait(&common_sema) == 0) { 143 (void) thr_setspecific(lookup_state_key, NULL); 144 return (0); 145 } 146 147 if (sema_trywait(sema) == 0) { 148 (void) thr_setspecific(lookup_state_key, (void*)1); 149 return (0); 150 } 151 152 return (1); 153 } 154 155 156 /* 157 * release clearance 158 */ 159 int 160 _nscd_release_clearance(sema_t *sema) 161 { 162 int which; 163 164 (void) thr_getspecific(lookup_state_key, (void**)&which); 165 if (which == 0) /* from common pool */ { 166 (void) sema_post(&common_sema); 167 return (0); 168 } 169 170 (void) sema_post(sema); 171 return (1); 172 } 173 174 static void 175 dozip(void) 176 { 177 /* not much here */ 178 } 179 180 /* 181 * _nscd_restart_if_cfgfile_changed() 182 * Restart if modification times of nsswitch.conf or resolv.conf have changed. 183 * 184 * If nsswitch.conf has changed then it is possible that sources for 185 * various backends have changed and therefore the current cached 186 * data may not be consistent with the new data sources. By 187 * restarting the cache will be cleared and the new configuration will 188 * be used. 189 * 190 * The check for resolv.conf is made as only the first call to 191 * res_gethostbyname() or res_getaddrbyname() causes a call to 192 * res_ninit() to occur which in turn parses resolv.conf. Therefore 193 * to benefit from changes to resolv.conf nscd must be restarted when 194 * resolv.conf is updated, removed or created. If res_getXbyY calls 195 * are removed from NSS then this check could be removed. 196 * 197 */ 198 void 199 _nscd_restart_if_cfgfile_changed() 200 { 201 202 static mutex_t nsswitch_lock = DEFAULTMUTEX; 203 static timestruc_t last_nsswitch_check = { 0 }; 204 static timestruc_t last_nsswitch_modified = { 0 }; 205 static timestruc_t last_resolv_modified = { -1, 0 }; 206 static mutex_t restarting_lock = DEFAULTMUTEX; 207 static int restarting = 0; 208 int restart = 0; 209 time_t now = time(NULL); 210 char *me = "_nscd_restart_if_cfgfile_changed"; 211 212 #define FLAG_RESTART_REQUIRED if (restarting == 0) {\ 213 (void) mutex_lock(&restarting_lock);\ 214 if (restarting == 0) {\ 215 restarting = 1;\ 216 restart = 1;\ 217 }\ 218 (void) mutex_unlock(&restarting_lock);\ 219 } 220 221 if (restarting == 1) 222 return; 223 224 if (now - last_nsswitch_check.tv_sec < _NSC_FILE_CHECK_TIME) 225 return; 226 227 (void) mutex_lock(&nsswitch_lock); 228 229 if (now - last_nsswitch_check.tv_sec >= _NSC_FILE_CHECK_TIME) { 230 struct stat nss_buf; 231 struct stat res_buf; 232 233 last_nsswitch_check.tv_sec = now; 234 last_nsswitch_check.tv_nsec = 0; 235 236 (void) mutex_unlock(&nsswitch_lock); /* let others continue */ 237 238 if (stat("/etc/nsswitch.conf", &nss_buf) < 0) { 239 return; 240 } else if (last_nsswitch_modified.tv_sec == 0) { 241 last_nsswitch_modified = nss_buf.st_mtim; 242 } 243 244 if (last_nsswitch_modified.tv_sec < nss_buf.st_mtim.tv_sec || 245 (last_nsswitch_modified.tv_sec == nss_buf.st_mtim.tv_sec && 246 last_nsswitch_modified.tv_nsec < nss_buf.st_mtim.tv_nsec)) { 247 FLAG_RESTART_REQUIRED; 248 } 249 250 if (restart == 0) { 251 if (stat("/etc/resolv.conf", &res_buf) < 0) { 252 /* Unable to stat file, were we previously? */ 253 if (last_resolv_modified.tv_sec > 0) { 254 /* Yes, it must have been removed. */ 255 FLAG_RESTART_REQUIRED; 256 } else if (last_resolv_modified.tv_sec == -1) { 257 /* No, then we've never seen it. */ 258 last_resolv_modified.tv_sec = 0; 259 } 260 } else if (last_resolv_modified.tv_sec == -1) { 261 /* We've just started and file is present. */ 262 last_resolv_modified = res_buf.st_mtim; 263 } else if (last_resolv_modified.tv_sec == 0) { 264 /* Wasn't there at start-up. */ 265 FLAG_RESTART_REQUIRED; 266 } else if (last_resolv_modified.tv_sec < 267 res_buf.st_mtim.tv_sec || 268 (last_resolv_modified.tv_sec == 269 res_buf.st_mtim.tv_sec && 270 last_resolv_modified.tv_nsec < 271 res_buf.st_mtim.tv_nsec)) { 272 FLAG_RESTART_REQUIRED; 273 } 274 } 275 276 if (restart == 1) { 277 char *fmri; 278 279 /* 280 * if in self cred mode, kill the forker and 281 * child nscds 282 */ 283 if (_nscd_is_self_cred_on(0, NULL)) { 284 _nscd_kill_forker(); 285 _nscd_kill_all_children(); 286 } 287 288 /* 289 * time for restart 290 */ 291 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_INFO) 292 (me, "nscd restart due to %s or %s change\n", 293 "/etc/nsswitch.conf", "resolv.conf"); 294 /* 295 * try to restart under smf 296 */ 297 if ((fmri = getenv("SMF_FMRI")) == NULL) { 298 /* not running under smf - reexec */ 299 (void) execv(main_execname, main_argv); 300 exit(1); /* just in case */ 301 } 302 303 if (smf_restart_instance(fmri) == 0) 304 (void) sleep(10); /* wait a bit */ 305 exit(1); /* give up waiting for resurrection */ 306 } 307 308 } else 309 (void) mutex_unlock(&nsswitch_lock); 310 } 311 312 uid_t 313 _nscd_get_client_euid() 314 { 315 ucred_t *uc = NULL; 316 uid_t id; 317 char *me = "get_client_euid"; 318 319 if (door_ucred(&uc) != 0) { 320 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG) 321 (me, "door_ucred: %s\n", strerror(errno)); 322 return ((uid_t)-1); 323 } 324 325 id = ucred_geteuid(uc); 326 ucred_free(uc); 327 return (id); 328 } 329 330 /* 331 * Check to see if the door client's euid is 0 or if it has required_priv 332 * privilege. Return 0 if yes, -1 otherwise. 333 * Supported values for required_priv are: 334 * - NSCD_ALL_PRIV: for all zones privileges 335 * - NSCD_READ_PRIV: for PRIV_FILE_DAC_READ privilege 336 */ 337 int 338 _nscd_check_client_priv(int required_priv) 339 { 340 int rc = 0; 341 ucred_t *uc = NULL; 342 const priv_set_t *eset; 343 char *me = "_nscd_check_client_read_priv"; 344 priv_set_t *zs; /* zone */ 345 346 if (door_ucred(&uc) != 0) { 347 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) 348 (me, "door_ucred: %s\n", strerror(errno)); 349 return (-1); 350 } 351 352 if (ucred_geteuid(uc) == 0) { 353 ucred_free(uc); 354 return (0); 355 } 356 357 eset = ucred_getprivset(uc, PRIV_EFFECTIVE); 358 switch (required_priv) { 359 case NSCD_ALL_PRIV: 360 zs = priv_str_to_set("zone", ",", NULL); 361 if (!priv_isequalset(eset, zs)) { 362 _NSCD_LOG(NSCD_LOG_FRONT_END, 363 NSCD_LOG_LEVEL_ERROR) 364 (me, "missing all zones privileges\n"); 365 rc = -1; 366 } 367 priv_freeset(zs); 368 break; 369 case NSCD_READ_PRIV: 370 if (!priv_ismember(eset, PRIV_FILE_DAC_READ)) 371 rc = -1; 372 break; 373 default: 374 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) 375 (me, "unknown required_priv: %d\n", required_priv); 376 rc = -1; 377 break; 378 } 379 ucred_free(uc); 380 return (rc); 381 } 382 383 static void 384 N2N_check_priv( 385 void *buf, 386 char *dc_str) 387 { 388 nss_pheader_t *phdr = (nss_pheader_t *)buf; 389 ucred_t *uc = NULL; 390 const priv_set_t *eset; 391 zoneid_t zoneid; 392 int errnum; 393 char *me = "N2N_check_priv"; 394 395 if (door_ucred(&uc) != 0) { 396 errnum = errno; 397 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG) 398 (me, "door_ucred: %s\n", strerror(errno)); 399 400 NSCD_SET_STATUS(phdr, NSS_ERROR, errnum); 401 return; 402 } 403 404 eset = ucred_getprivset(uc, PRIV_EFFECTIVE); 405 zoneid = ucred_getzoneid(uc); 406 407 if ((zoneid != GLOBAL_ZONEID && zoneid != getzoneid()) || 408 eset != NULL ? !priv_ismember(eset, PRIV_SYS_ADMIN) : 409 ucred_geteuid(uc) != 0) { 410 411 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ALERT) 412 (me, "%s call failed(cred): caller pid %d, uid %d, " 413 "euid %d, zoneid %d\n", dc_str, ucred_getpid(uc), 414 ucred_getruid(uc), ucred_geteuid(uc), zoneid); 415 ucred_free(uc); 416 417 NSCD_SET_STATUS(phdr, NSS_ERROR, EACCES); 418 return; 419 } 420 421 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG) 422 (me, "nscd received %s cmd from pid %d, uid %d, " 423 "euid %d, zoneid %d\n", dc_str, ucred_getpid(uc), 424 ucred_getruid(uc), ucred_geteuid(uc), zoneid); 425 426 ucred_free(uc); 427 428 NSCD_SET_STATUS_SUCCESS(phdr); 429 } 430 431 void 432 _nscd_APP_check_cred( 433 void *buf, 434 pid_t *pidp, 435 char *dc_str, 436 int log_comp, 437 int log_level) 438 { 439 nss_pheader_t *phdr = (nss_pheader_t *)buf; 440 ucred_t *uc = NULL; 441 uid_t ruid; 442 uid_t euid; 443 pid_t pid; 444 int errnum; 445 char *me = "_nscd_APP_check_cred"; 446 447 if (door_ucred(&uc) != 0) { 448 errnum = errno; 449 _NSCD_LOG(log_comp, NSCD_LOG_LEVEL_ERROR) 450 (me, "door_ucred: %s\n", strerror(errno)); 451 452 NSCD_SET_STATUS(phdr, NSS_ERROR, errnum); 453 return; 454 } 455 456 NSCD_SET_STATUS_SUCCESS(phdr); 457 pid = ucred_getpid(uc); 458 if (NSS_PACKED_CRED_CHECK(buf, ruid = ucred_getruid(uc), 459 euid = ucred_geteuid(uc))) { 460 if (pidp != NULL) { 461 if (*pidp == (pid_t)-1) 462 *pidp = pid; 463 else if (*pidp != pid) { 464 NSCD_SET_STATUS(phdr, NSS_ERROR, EACCES); 465 } 466 } 467 } else { 468 NSCD_SET_STATUS(phdr, NSS_ERROR, EACCES); 469 } 470 471 ucred_free(uc); 472 473 if (NSCD_STATUS_IS_NOT_OK(phdr)) { 474 _NSCD_LOG(log_comp, log_level) 475 (me, "%s call failed: caller pid %d (input pid = %d), ruid %d, " 476 "euid %d, header ruid %d, header euid %d\n", dc_str, 477 pid, (pidp != NULL) ? *pidp : -1, ruid, euid, 478 ((nss_pheader_t *)(buf))->p_ruid, 479 ((nss_pheader_t *)(buf))->p_euid); 480 } 481 } 482 483 /* log error and return -1 when an invalid packed buffer header is found */ 484 static int 485 pheader_error(nss_pheader_t *phdr, uint32_t call_number) 486 { 487 char *call_num_str; 488 489 switch (call_number) { 490 case NSCD_SEARCH: 491 call_num_str = "NSCD_SEARCH"; 492 break; 493 case NSCD_SETENT: 494 call_num_str = "NSCD_SETENT"; 495 break; 496 case NSCD_GETENT: 497 call_num_str = "NSCD_GETENT"; 498 break; 499 case NSCD_ENDENT: 500 call_num_str = "NSCD_ENDENT"; 501 break; 502 case NSCD_PUT: 503 call_num_str = "NSCD_PUT"; 504 break; 505 case NSCD_GETHINTS: 506 call_num_str = "NSCD_GETHINTS"; 507 break; 508 default: 509 call_num_str = "UNKNOWN"; 510 break; 511 } 512 513 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ALERT) 514 ("pheader_error", "call number %s: invalid packed buffer header\n", 515 call_num_str); 516 517 NSCD_SET_STATUS(phdr, NSS_ERROR, EINVAL); 518 return (-1); 519 } 520 521 /* 522 * Validate the header of a getXbyY or setent/getent/endent request. 523 * Return 0 if good, -1 otherwise. 524 * 525 * A valid header looks like the following (size is arg_size, does 526 * not include the output area): 527 * +----------------------------------+ -- 528 * | nss_pheader_t (header fixed part)| ^ 529 * | | | 530 * | pbufsiz, dbd,off, key_off, | len = sizeof(nss_pheader_t) 531 * | data_off .... | | 532 * | | v 533 * +----------------------------------+ <----- dbd_off 534 * | dbd (database description) | ^ 535 * | nss_dbd_t + up to 3 strings | | 536 * | length = sizeof(nss_dbd_t) + | len = key_off - dbd_off 537 * | length of 3 strings + | | 538 * | length of padding | | 539 * | (total length in multiple of 4) | v 540 * +----------------------------------+ <----- key_off 541 * | lookup key | ^ 542 * | nss_XbyY_key_t, content varies, | | 543 * | based on database and lookup op | len = data_off - key_off 544 * | length = data_off - key_off | | 545 * | including padding, multiple of 4 | v 546 * +----------------------------------+ <----- data_off (= arg_size) 547 * | | ^ 548 * | area to hold results | | 549 * | | len = data_len (= pbufsiz - 550 * | | | data_off) 551 * | | v 552 * +----------------------------------+ <----- pbufsiz 553 */ 554 static int 555 validate_pheader( 556 void *argp, 557 size_t arg_size, 558 uint32_t call_number) 559 { 560 nss_pheader_t *phdr = (nss_pheader_t *)(void *)argp; 561 nssuint_t l1, l2; 562 563 /* 564 * current version is NSCD_HEADER_REV, length of the fixed part 565 * of the header must match the size of nss_pheader_t 566 */ 567 if (phdr->p_version != NSCD_HEADER_REV || 568 phdr->dbd_off != sizeof (nss_pheader_t)) 569 return (pheader_error(phdr, call_number)); 570 571 /* 572 * buffer size and offsets must be in multiple of 4 573 */ 574 if ((arg_size & 3) || (phdr->dbd_off & 3) || (phdr->key_off & 3) || 575 (phdr->data_off & 3)) 576 return (pheader_error(phdr, call_number)); 577 578 /* 579 * the input arg_size is the length of the request header 580 * and should be less than NSCD_PHDR_MAXLEN 581 */ 582 if (phdr->data_off != arg_size || arg_size > NSCD_PHDR_MAXLEN) 583 return (pheader_error(phdr, call_number)); 584 585 /* get length of the dbd area */ 586 l1 = phdr->key_off - phdr-> dbd_off; 587 588 /* 589 * dbd area may contain padding, so length of dbd should 590 * not be less than the length of the actual data 591 */ 592 if (l1 < phdr->dbd_len) 593 return (pheader_error(phdr, call_number)); 594 595 /* get length of the key area */ 596 l2 = phdr->data_off - phdr->key_off; 597 598 /* 599 * key area may contain padding, so length of key area should 600 * not be less than the length of the actual data 601 */ 602 if (l2 < phdr->key_len) 603 return (pheader_error(phdr, call_number)); 604 605 /* 606 * length of fixed part + lengths of dbd and key area = length of 607 * the request header 608 */ 609 if (sizeof (nss_pheader_t) + l1 + l2 != phdr->data_off) 610 return (pheader_error(phdr, call_number)); 611 612 /* header length + data length = buffer length */ 613 if (phdr->data_off + phdr->data_len != phdr->pbufsiz) 614 return (pheader_error(phdr, call_number)); 615 616 return (0); 617 } 618 619 /* log error and return -1 when an invalid nscd to nscd buffer is found */ 620 static int 621 N2Nbuf_error(nss_pheader_t *phdr, uint32_t call_number) 622 { 623 char *call_num_str; 624 625 switch (call_number) { 626 case NSCD_PING: 627 call_num_str = "NSCD_PING"; 628 break; 629 630 case NSCD_IMHERE: 631 call_num_str = "NSCD_IMHERE"; 632 break; 633 634 case NSCD_PULSE: 635 call_num_str = "NSCD_PULSE"; 636 break; 637 638 case NSCD_FORK: 639 call_num_str = "NSCD_FORK"; 640 break; 641 642 case NSCD_KILL: 643 call_num_str = "NSCD_KILL"; 644 break; 645 646 case NSCD_REFRESH: 647 call_num_str = "NSCD_REFRESH"; 648 break; 649 650 case NSCD_GETPUADMIN: 651 call_num_str = "NSCD_GETPUADMIN"; 652 break; 653 654 case NSCD_GETADMIN: 655 call_num_str = "NSCD_GETADMIN"; 656 break; 657 658 case NSCD_SETADMIN: 659 call_num_str = "NSCD_SETADMIN"; 660 break; 661 662 case NSCD_KILLSERVER: 663 call_num_str = "NSCD_KILLSERVER"; 664 break; 665 default: 666 call_num_str = "UNKNOWN"; 667 break; 668 } 669 670 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ALERT) 671 ("N2Nbuf_error", "call number %s: invalid N2N buffer\n", call_num_str); 672 673 NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, 674 NSCD_DOOR_BUFFER_CHECK_FAILED); 675 676 return (-1); 677 } 678 679 /* 680 * Validate the buffer of an nscd to nscd request. 681 * Return 0 if good, -1 otherwise. 682 * 683 * A valid buffer looks like the following (size is arg_size): 684 * +----------------------------------+ -- 685 * | nss_pheader_t (header fixed part)| ^ 686 * | | | 687 * | pbufsiz, dbd,off, key_off, | len = sizeof(nss_pheader_t) 688 * | data_off .... | | 689 * | | v 690 * +----------------------------------+ <---dbd_off = key_off = data_off 691 * | | ^ 692 * | input data/output data | | 693 * | OR no data | len = data_len (= pbufsiz - 694 * | | | data_off) 695 * | | | len could be zero 696 * | | v 697 * +----------------------------------+ <--- pbufsiz 698 */ 699 static int 700 validate_N2Nbuf( 701 void *argp, 702 size_t arg_size, 703 uint32_t call_number) 704 { 705 nss_pheader_t *phdr = (nss_pheader_t *)(void *)argp; 706 707 /* 708 * current version is NSCD_HEADER_REV, length of the fixed part 709 * of the header must match the size of nss_pheader_t 710 */ 711 if (phdr->p_version != NSCD_HEADER_REV || 712 phdr->dbd_off != sizeof (nss_pheader_t)) 713 return (N2Nbuf_error(phdr, call_number)); 714 715 /* 716 * There are no dbd and key data, so the dbd, key, data 717 * offsets should be equal 718 */ 719 if (phdr->dbd_off != phdr->key_off || 720 phdr->dbd_off != phdr->data_off) 721 return (N2Nbuf_error(phdr, call_number)); 722 723 /* 724 * the input arg_size is the buffer length and should 725 * be less or equal than NSCD_N2NBUF_MAXLEN 726 */ 727 if (phdr->pbufsiz != arg_size || arg_size > NSCD_N2NBUF_MAXLEN) 728 return (N2Nbuf_error(phdr, call_number)); 729 730 /* header length + data length = buffer length */ 731 if (phdr->data_off + phdr->data_len != phdr->pbufsiz) 732 return (N2Nbuf_error(phdr, call_number)); 733 734 return (0); 735 } 736 737 static void 738 lookup(char *argp, size_t arg_size) 739 { 740 nsc_lookup_args_t largs; 741 char space[NSCD_LOOKUP_BUFSIZE]; 742 nss_pheader_t *phdr = (nss_pheader_t *)(void *)argp; 743 744 NSCD_ALLOC_LOOKUP_BUFFER(argp, arg_size, phdr, space, 745 sizeof (space)); 746 747 /* 748 * make sure the first couple bytes of the data area is null, 749 * so that bad strings in the packed header stop here 750 */ 751 (void) memset((char *)phdr + phdr->data_off, 0, 16); 752 753 (void) memset(&largs, 0, sizeof (largs)); 754 largs.buffer = argp; 755 largs.bufsize = arg_size; 756 nsc_lookup(&largs, 0); 757 758 /* 759 * only the PUN needs to keep track of the 760 * activity count to determine when to 761 * terminate itself 762 */ 763 if (_whoami == NSCD_CHILD) { 764 (void) mutex_lock(&activity_lock); 765 ++activity; 766 (void) mutex_unlock(&activity_lock); 767 } 768 769 NSCD_SET_RETURN_ARG(phdr, arg_size); 770 (void) door_return(argp, arg_size, NULL, 0); 771 } 772 773 static void 774 getent(char *argp, size_t arg_size) 775 { 776 char space[NSCD_LOOKUP_BUFSIZE]; 777 nss_pheader_t *phdr = (nss_pheader_t *)(void *)argp; 778 779 NSCD_ALLOC_LOOKUP_BUFFER(argp, arg_size, phdr, space, sizeof (space)); 780 781 nss_pgetent(argp, arg_size); 782 783 NSCD_SET_RETURN_ARG(phdr, arg_size); 784 (void) door_return(argp, arg_size, NULL, 0); 785 } 786 787 static int 788 is_db_per_user(void *buf, char *dblist) 789 { 790 nss_pheader_t *phdr = (nss_pheader_t *)buf; 791 nss_dbd_t *pdbd; 792 char *dbname, *dbn; 793 int len; 794 795 /* copy db name into a temp buffer */ 796 pdbd = (nss_dbd_t *)((void *)((char *)buf + phdr->dbd_off)); 797 dbname = (char *)pdbd + pdbd->o_name; 798 len = strlen(dbname); 799 dbn = alloca(len + 2); 800 (void) memcpy(dbn, dbname, len); 801 802 /* check if <dbname> + ',' can be found in the dblist string */ 803 dbn[len] = ','; 804 dbn[len + 1] = '\0'; 805 if (strstr(dblist, dbn) != NULL) 806 return (1); 807 808 /* 809 * check if <dbname> can be found in the last part 810 * of the dblist string 811 */ 812 dbn[len] = '\0'; 813 if (strstr(dblist, dbn) != NULL) 814 return (1); 815 816 return (0); 817 } 818 819 /* 820 * Check to see if all conditions are met for processing per-user 821 * requests. Returns 1 if yes, -1 if backend is not configured, 822 * 0 otherwise. 823 */ 824 static int 825 need_per_user_door(void *buf, int whoami, uid_t uid, char **dblist) 826 { 827 nss_pheader_t *phdr = (nss_pheader_t *)buf; 828 829 NSCD_SET_STATUS_SUCCESS(phdr); 830 831 /* if already a per-user nscd, no need to get per-user door */ 832 if (whoami == NSCD_CHILD) 833 return (0); 834 835 /* forker shouldn't be asked */ 836 if (whoami == NSCD_FORKER) { 837 NSCD_SET_STATUS(phdr, NSS_ERROR, ENOTSUP); 838 return (0); 839 } 840 841 /* if door client is root, no need for a per-user door */ 842 if (uid == 0) 843 return (0); 844 845 /* 846 * if per-user lookup is not configured, no per-user 847 * door available 848 */ 849 if (_nscd_is_self_cred_on(0, dblist) == 0) 850 return (-1); 851 852 /* 853 * if per-user lookup is not configured for the db, 854 * don't bother 855 */ 856 if (is_db_per_user(phdr, *dblist) == 0) 857 return (0); 858 859 return (1); 860 } 861 862 static void 863 if_selfcred_return_per_user_door(char *argp, size_t arg_size, 864 door_desc_t *dp, int whoami) 865 { 866 nss_pheader_t *phdr = (nss_pheader_t *)((void *)argp); 867 char *dblist; 868 int door = -1; 869 int rc = 0; 870 door_desc_t desc; 871 char *space; 872 int len; 873 874 /* 875 * check to see if self-cred is configured and 876 * need to return an alternate PUN door 877 */ 878 if (per_user_is_on == 1) { 879 rc = need_per_user_door(argp, whoami, 880 _nscd_get_client_euid(), &dblist); 881 if (rc == -1) 882 per_user_is_on = 0; 883 } 884 if (rc <= 0) { 885 /* 886 * self-cred not configured, and no error detected, 887 * return to continue the door call processing 888 */ 889 if (NSCD_STATUS_IS_OK(phdr)) 890 return; 891 else 892 /* 893 * configured but error detected, 894 * stop the door call processing 895 */ 896 (void) door_return(argp, phdr->data_off, NULL, 0); 897 } 898 899 /* get the alternate PUN door */ 900 _nscd_proc_alt_get(argp, &door); 901 if (NSCD_GET_STATUS(phdr) != NSS_ALTRETRY) { 902 (void) door_return(argp, phdr->data_off, NULL, 0); 903 } 904 905 /* return the alternate door descriptor */ 906 len = strlen(dblist) + 1; 907 space = alloca(arg_size + len); 908 phdr->data_len = len; 909 (void) memcpy(space, phdr, arg_size); 910 (void) strncpy((char *)space + arg_size, dblist, len); 911 dp = &desc; 912 dp->d_attributes = DOOR_DESCRIPTOR; 913 dp->d_data.d_desc.d_descriptor = door; 914 arg_size += len; 915 (void) door_return(space, arg_size, dp, 1); 916 } 917 918 /*ARGSUSED*/ 919 static void 920 switcher(void *cookie, char *argp, size_t arg_size, 921 door_desc_t *dp, uint_t n_desc) 922 { 923 int iam; 924 pid_t ent_pid = -1; 925 nss_pheader_t *phdr = (nss_pheader_t *)((void *)argp); 926 void *uptr; 927 int len; 928 size_t buflen; 929 int callnum; 930 char *me = "switcher"; 931 932 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG) 933 (me, "switcher ...\n"); 934 935 if (argp == DOOR_UNREF_DATA) { 936 (void) printf("Door Slam... exiting\n"); 937 exit(0); 938 } 939 940 if (argp == NULL) { /* empty door call */ 941 (void) door_return(NULL, 0, 0, 0); /* return the favor */ 942 } 943 944 /* 945 * need to restart if main nscd and config file(s) changed 946 */ 947 if (_whoami == NSCD_MAIN) 948 _nscd_restart_if_cfgfile_changed(); 949 950 if ((phdr->nsc_callnumber & NSCDV2CATMASK) == NSCD_CALLCAT_APP) { 951 952 /* make sure the packed buffer header is good */ 953 if (validate_pheader(argp, arg_size, 954 phdr->nsc_callnumber) == -1) 955 (void) door_return(argp, arg_size, NULL, 0); 956 957 switch (phdr->nsc_callnumber) { 958 959 case NSCD_SEARCH: 960 961 /* if a fallback to main nscd, skip per-user setup */ 962 if (phdr->p_status != NSS_ALTRETRY) 963 if_selfcred_return_per_user_door(argp, arg_size, 964 dp, _whoami); 965 lookup(argp, arg_size); 966 967 break; 968 969 case NSCD_SETENT: 970 971 _nscd_APP_check_cred(argp, &ent_pid, "NSCD_SETENT", 972 NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ALERT); 973 if (NSCD_STATUS_IS_OK(phdr)) { 974 if_selfcred_return_per_user_door(argp, arg_size, 975 dp, _whoami); 976 nss_psetent(argp, arg_size, ent_pid); 977 } 978 break; 979 980 case NSCD_GETENT: 981 982 getent(argp, arg_size); 983 break; 984 985 case NSCD_ENDENT: 986 987 nss_pendent(argp, arg_size); 988 break; 989 990 case NSCD_PUT: 991 992 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) 993 (me, "door call NSCD_PUT not supported yet\n"); 994 995 NSCD_SET_STATUS(phdr, NSS_ERROR, ENOTSUP); 996 break; 997 998 case NSCD_GETHINTS: 999 1000 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) 1001 (me, "door call NSCD_GETHINTS not supported yet\n"); 1002 1003 NSCD_SET_STATUS(phdr, NSS_ERROR, ENOTSUP); 1004 break; 1005 1006 default: 1007 1008 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) 1009 (me, "Unknown name service door call op %x\n", 1010 phdr->nsc_callnumber); 1011 1012 NSCD_SET_STATUS(phdr, NSS_ERROR, EINVAL); 1013 break; 1014 } 1015 1016 (void) door_return(argp, arg_size, NULL, 0); 1017 } 1018 1019 iam = NSCD_MAIN; 1020 callnum = phdr->nsc_callnumber & ~NSCD_WHOAMI; 1021 if (callnum == NSCD_IMHERE || 1022 callnum == NSCD_PULSE || callnum == NSCD_FORK) 1023 iam = phdr->nsc_callnumber & NSCD_WHOAMI; 1024 else 1025 callnum = phdr->nsc_callnumber; 1026 1027 /* nscd -> nscd v2 calls */ 1028 1029 /* make sure the buffer is good */ 1030 if (validate_N2Nbuf(argp, arg_size, callnum) == -1) 1031 (void) door_return(argp, arg_size, NULL, 0); 1032 1033 switch (callnum) { 1034 1035 case NSCD_PING: 1036 NSCD_SET_STATUS_SUCCESS(phdr); 1037 break; 1038 1039 case NSCD_IMHERE: 1040 _nscd_proc_iamhere(argp, dp, n_desc, iam); 1041 break; 1042 1043 case NSCD_PULSE: 1044 N2N_check_priv(argp, "NSCD_PULSE"); 1045 if (NSCD_STATUS_IS_OK(phdr)) 1046 _nscd_proc_pulse(argp, iam); 1047 break; 1048 1049 case NSCD_FORK: 1050 N2N_check_priv(argp, "NSCD_FORK"); 1051 if (NSCD_STATUS_IS_OK(phdr)) 1052 _nscd_proc_fork(argp, iam); 1053 break; 1054 1055 case NSCD_KILL: 1056 N2N_check_priv(argp, "NSCD_KILL"); 1057 if (NSCD_STATUS_IS_OK(phdr)) 1058 exit(0); 1059 break; 1060 1061 case NSCD_REFRESH: 1062 N2N_check_priv(argp, "NSCD_REFRESH"); 1063 if (NSCD_STATUS_IS_OK(phdr)) { 1064 if (_nscd_refresh() != NSCD_SUCCESS) 1065 exit(1); 1066 NSCD_SET_STATUS_SUCCESS(phdr); 1067 } 1068 break; 1069 1070 case NSCD_GETPUADMIN: 1071 1072 if (_nscd_is_self_cred_on(0, NULL)) { 1073 _nscd_peruser_getadmin(argp, sizeof (nscd_admin_t)); 1074 } else { 1075 NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, 1076 NSCD_SELF_CRED_NOT_CONFIGURED); 1077 } 1078 break; 1079 1080 case NSCD_GETADMIN: 1081 1082 len = _nscd_door_getadmin((void *)argp); 1083 if (len == 0) 1084 break; 1085 1086 /* size of door buffer not big enough, allocate one */ 1087 NSCD_ALLOC_DOORBUF(NSCD_GETADMIN, len, uptr, buflen); 1088 1089 /* copy packed header */ 1090 *(nss_pheader_t *)uptr = *(nss_pheader_t *)((void *)argp); 1091 1092 /* set new buffer size */ 1093 ((nss_pheader_t *)uptr)->pbufsiz = buflen; 1094 1095 /* try one more time */ 1096 (void) _nscd_door_getadmin((void *)uptr); 1097 (void) door_return(uptr, buflen, NULL, 0); 1098 break; 1099 1100 case NSCD_SETADMIN: 1101 N2N_check_priv(argp, "NSCD_SETADMIN"); 1102 if (NSCD_STATUS_IS_OK(phdr)) 1103 _nscd_door_setadmin(argp); 1104 break; 1105 1106 case NSCD_KILLSERVER: 1107 N2N_check_priv(argp, "NSCD_KILLSERVER"); 1108 if (NSCD_STATUS_IS_OK(phdr)) { 1109 /* also kill the forker nscd if one is running */ 1110 _nscd_kill_forker(); 1111 exit(0); 1112 } 1113 break; 1114 1115 default: 1116 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) 1117 (me, "Unknown name service door call op %d\n", 1118 phdr->nsc_callnumber); 1119 1120 NSCD_SET_STATUS(phdr, NSS_ERROR, EINVAL); 1121 1122 (void) door_return(argp, arg_size, NULL, 0); 1123 break; 1124 1125 } 1126 (void) door_return(argp, arg_size, NULL, 0); 1127 } 1128 1129 int 1130 _nscd_setup_server(char *execname, char **argv) 1131 { 1132 1133 int fd; 1134 int errnum; 1135 int bind_failed = 0; 1136 mode_t old_mask; 1137 struct stat buf; 1138 sigset_t myset; 1139 struct sigaction action; 1140 char *me = "_nscd_setup_server"; 1141 1142 main_execname = execname; 1143 main_argv = argv; 1144 1145 /* Any nscd process is to ignore SIGPIPE */ 1146 if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) { 1147 errnum = errno; 1148 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) 1149 (me, "signal (SIGPIPE): %s\n", strerror(errnum)); 1150 return (-1); 1151 } 1152 1153 keep_open_dns_socket(); 1154 1155 /* 1156 * the max number of server threads should be fixed now, so 1157 * set flag to indicate that no in-flight change is allowed 1158 */ 1159 max_servers_set = 1; 1160 1161 (void) thr_keycreate(&lookup_state_key, NULL); 1162 (void) sema_init(&common_sema, frontend_cfg_g.common_worker_threads, 1163 USYNC_THREAD, 0); 1164 1165 /* Establish server thread pool */ 1166 (void) door_server_create(server_create); 1167 if (thr_keycreate(&server_key, server_destroy) != 0) { 1168 errnum = errno; 1169 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) 1170 (me, "thr_keycreate (server thread): %s\n", 1171 strerror(errnum)); 1172 return (-1); 1173 } 1174 1175 /* Create a door */ 1176 if ((fd = door_create(switcher, NAME_SERVICE_DOOR_COOKIE, 1177 DOOR_UNREF | DOOR_NO_CANCEL)) < 0) { 1178 errnum = errno; 1179 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) 1180 (me, "door_create: %s\n", strerror(errnum)); 1181 return (-1); 1182 } 1183 1184 /* if not main nscd, no more setup to do */ 1185 if (_whoami != NSCD_MAIN) 1186 return (fd); 1187 1188 /* bind to file system */ 1189 if (is_system_labeled() && (getzoneid() == GLOBAL_ZONEID)) { 1190 if (stat(TSOL_NAME_SERVICE_DOOR, &buf) < 0) { 1191 int newfd; 1192 1193 /* make sure the door will be readable by all */ 1194 old_mask = umask(0); 1195 if ((newfd = creat(TSOL_NAME_SERVICE_DOOR, 0444)) < 0) { 1196 errnum = errno; 1197 _NSCD_LOG(NSCD_LOG_FRONT_END, 1198 NSCD_LOG_LEVEL_ERROR) 1199 (me, "Cannot create %s: %s\n", 1200 TSOL_NAME_SERVICE_DOOR, 1201 strerror(errnum)); 1202 bind_failed = 1; 1203 } 1204 /* rstore the old file mode creation mask */ 1205 (void) umask(old_mask); 1206 (void) close(newfd); 1207 } 1208 if (symlink(TSOL_NAME_SERVICE_DOOR, NAME_SERVICE_DOOR) != 0) { 1209 if (errno != EEXIST) { 1210 errnum = errno; 1211 _NSCD_LOG(NSCD_LOG_FRONT_END, 1212 NSCD_LOG_LEVEL_ERROR) 1213 (me, "Cannot symlink %s: %s\n", 1214 NAME_SERVICE_DOOR, strerror(errnum)); 1215 bind_failed = 1; 1216 } 1217 } 1218 } else if (stat(NAME_SERVICE_DOOR, &buf) < 0) { 1219 int newfd; 1220 1221 /* make sure the door will be readable by all */ 1222 old_mask = umask(0); 1223 if ((newfd = creat(NAME_SERVICE_DOOR, 0444)) < 0) { 1224 errnum = errno; 1225 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) 1226 (me, "Cannot create %s: %s\n", NAME_SERVICE_DOOR, 1227 strerror(errnum)); 1228 bind_failed = 1; 1229 } 1230 /* rstore the old file mode creation mask */ 1231 (void) umask(old_mask); 1232 (void) close(newfd); 1233 } 1234 1235 if (bind_failed == 1) { 1236 (void) door_revoke(fd); 1237 return (-1); 1238 } 1239 1240 if (fattach(fd, NAME_SERVICE_DOOR) < 0) { 1241 if ((errno != EBUSY) || 1242 (fdetach(NAME_SERVICE_DOOR) < 0) || 1243 (fattach(fd, NAME_SERVICE_DOOR) < 0)) { 1244 errnum = errno; 1245 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) 1246 (me, "fattach: %s\n", strerror(errnum)); 1247 (void) door_revoke(fd); 1248 return (-1); 1249 } 1250 } 1251 1252 /* 1253 * kick off routing socket monitor thread 1254 */ 1255 if (thr_create(NULL, 0, 1256 (void *(*)(void *))rts_mon, 0, 0, NULL) != 0) { 1257 errnum = errno; 1258 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) 1259 (me, "thr_create (routing socket monitor): %s\n", 1260 strerror(errnum)); 1261 1262 (void) door_revoke(fd); 1263 return (-1); 1264 } 1265 1266 /* 1267 * set up signal handler for SIGHUP 1268 */ 1269 action.sa_handler = dozip; 1270 action.sa_flags = 0; 1271 (void) sigemptyset(&action.sa_mask); 1272 (void) sigemptyset(&myset); 1273 (void) sigaddset(&myset, SIGHUP); 1274 1275 if (sigaction(SIGHUP, &action, NULL) < 0) { 1276 errnum = errno; 1277 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) 1278 (me, "sigaction (SIGHUP): %s\n", strerror(errnum)); 1279 1280 (void) door_revoke(fd); 1281 return (-1); 1282 } 1283 1284 return (fd); 1285 } 1286 1287 int 1288 _nscd_setup_child_server(int did) 1289 { 1290 1291 int errnum; 1292 int fd; 1293 nscd_rc_t rc; 1294 char *me = "_nscd_setup_child_server"; 1295 1296 /* Re-establish our own server thread pool */ 1297 (void) door_server_create(server_create); 1298 if (thr_keycreate(&server_key, server_destroy) != 0) { 1299 errnum = errno; 1300 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG) 1301 (me, "thr_keycreate failed: %s", strerror(errnum)); 1302 return (-1); 1303 } 1304 1305 /* 1306 * Create a new door. 1307 * Keep DOOR_REFUSE_DESC (self-cred nscds don't fork) 1308 */ 1309 (void) close(did); 1310 if ((fd = door_create(switcher, NAME_SERVICE_DOOR_COOKIE, 1311 DOOR_REFUSE_DESC|DOOR_UNREF|DOOR_NO_CANCEL)) < 0) { 1312 errnum = errno; 1313 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG) 1314 (me, "door_create failed: %s", strerror(errnum)); 1315 return (-1); 1316 } 1317 1318 /* 1319 * kick off routing socket monitor thread 1320 */ 1321 if (thr_create(NULL, 0, 1322 (void *(*)(void *))rts_mon, 0, 0, NULL) != 0) { 1323 errnum = errno; 1324 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) 1325 (me, "thr_create (routing socket monitor): %s\n", 1326 strerror(errnum)); 1327 (void) door_revoke(fd); 1328 return (-1); 1329 } 1330 1331 /* 1332 * start monitoring the states of the name service clients 1333 */ 1334 rc = _nscd_init_smf_monitor(); 1335 if (rc != NSCD_SUCCESS) { 1336 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) 1337 (me, "unable to start the SMF monitor (rc = %d)\n", rc); 1338 1339 (void) door_revoke(fd); 1340 return (-1); 1341 } 1342 1343 return (fd); 1344 } 1345 1346 nscd_rc_t 1347 _nscd_alloc_frontend_cfg() 1348 { 1349 frontend_cfg = calloc(NSCD_NUM_DB, sizeof (nscd_cfg_frontend_t)); 1350 if (frontend_cfg == NULL) 1351 return (NSCD_NO_MEMORY); 1352 1353 return (NSCD_SUCCESS); 1354 } 1355 1356 1357 /* ARGSUSED */ 1358 nscd_rc_t 1359 _nscd_cfg_frontend_notify( 1360 void *data, 1361 struct nscd_cfg_param_desc *pdesc, 1362 nscd_cfg_id_t *nswdb, 1363 nscd_cfg_flag_t dflag, 1364 nscd_cfg_error_t **errorp, 1365 void *cookie) 1366 { 1367 void *dp; 1368 1369 /* 1370 * At init time, the whole group of config params are received. 1371 * At update time, group or individual parameter value could 1372 * be received. 1373 */ 1374 1375 if (_nscd_cfg_flag_is_set(dflag, NSCD_CFG_DFLAG_INIT) || 1376 _nscd_cfg_flag_is_set(dflag, NSCD_CFG_DFLAG_GROUP)) { 1377 /* 1378 * group data is received, copy in the 1379 * entire strcture 1380 */ 1381 if (_nscd_cfg_flag_is_set(pdesc->pflag, NSCD_CFG_PFLAG_GLOBAL)) 1382 frontend_cfg_g = *(nscd_cfg_global_frontend_t *)data; 1383 else 1384 frontend_cfg[nswdb->index] = 1385 *(nscd_cfg_frontend_t *)data; 1386 1387 } else { 1388 /* 1389 * individual paramater is received: copy in the 1390 * parameter value. 1391 */ 1392 if (_nscd_cfg_flag_is_set(pdesc->pflag, NSCD_CFG_PFLAG_GLOBAL)) 1393 dp = (char *)&frontend_cfg_g + pdesc->p_offset; 1394 else 1395 dp = (char *)&frontend_cfg[nswdb->index] + 1396 pdesc->p_offset; 1397 (void) memcpy(dp, data, pdesc->p_size); 1398 } 1399 1400 return (NSCD_SUCCESS); 1401 } 1402 1403 /* ARGSUSED */ 1404 nscd_rc_t 1405 _nscd_cfg_frontend_verify( 1406 void *data, 1407 struct nscd_cfg_param_desc *pdesc, 1408 nscd_cfg_id_t *nswdb, 1409 nscd_cfg_flag_t dflag, 1410 nscd_cfg_error_t **errorp, 1411 void **cookie) 1412 { 1413 1414 char *me = "_nscd_cfg_frontend_verify"; 1415 1416 /* 1417 * if max. number of server threads is set and in effect, 1418 * don't allow changing of the frontend configuration 1419 */ 1420 if (max_servers_set) { 1421 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_INFO) 1422 (me, "changing of the frontend configuration not allowed now"); 1423 1424 return (NSCD_CFG_CHANGE_NOT_ALLOWED); 1425 } 1426 1427 return (NSCD_SUCCESS); 1428 } 1429 1430 /* ARGSUSED */ 1431 nscd_rc_t 1432 _nscd_cfg_frontend_get_stat( 1433 void **stat, 1434 struct nscd_cfg_stat_desc *sdesc, 1435 nscd_cfg_id_t *nswdb, 1436 nscd_cfg_flag_t *dflag, 1437 void (**free_stat)(void *stat), 1438 nscd_cfg_error_t **errorp) 1439 { 1440 return (NSCD_SUCCESS); 1441 } 1442 1443 void 1444 _nscd_init_cache_sema(sema_t *sema, char *cache_name) 1445 { 1446 int i, j; 1447 char *dbn; 1448 1449 if (max_servers == 0) 1450 max_servers = frontend_cfg_g.common_worker_threads + 1451 frontend_cfg_g.cache_hit_threads; 1452 1453 for (i = 0; i < NSCD_NUM_DB; i++) { 1454 1455 dbn = NSCD_NSW_DB_NAME(i); 1456 if (strcasecmp(dbn, cache_name) == 0) { 1457 j = frontend_cfg[i].worker_thread_per_nsw_db; 1458 (void) sema_init(sema, j, USYNC_THREAD, 0); 1459 max_servers += j; 1460 break; 1461 } 1462 } 1463 } 1464 1465 /* 1466 * Monitor the routing socket. Address lists stored in the ipnodes 1467 * cache are sorted based on destination address selection rules, 1468 * so when things change that could affect that sorting (interfaces 1469 * go up or down, flags change, etc.), we clear that cache so the 1470 * list will be re-ordered the next time the hostname is resolved. 1471 */ 1472 static void 1473 rts_mon(void) 1474 { 1475 int rt_sock, rdlen, idx; 1476 union { 1477 struct { 1478 struct rt_msghdr rtm; 1479 struct sockaddr_storage addrs[RTA_NUMBITS]; 1480 } r; 1481 struct if_msghdr ifm; 1482 struct ifa_msghdr ifam; 1483 } mbuf; 1484 struct ifa_msghdr *ifam = &mbuf.ifam; 1485 char *me = "rts_mon"; 1486 1487 (void) thr_setname(thr_self(), me); 1488 1489 rt_sock = socket(PF_ROUTE, SOCK_RAW, 0); 1490 if (rt_sock < 0) { 1491 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) 1492 (me, "Failed to open routing socket: %s\n", strerror(errno)); 1493 thr_exit(0); 1494 } 1495 1496 for (;;) { 1497 rdlen = read(rt_sock, &mbuf, sizeof (mbuf)); 1498 if (rdlen <= 0) { 1499 if (rdlen == 0 || (errno != EINTR && errno != EAGAIN)) { 1500 _NSCD_LOG(NSCD_LOG_FRONT_END, 1501 NSCD_LOG_LEVEL_ERROR) 1502 (me, "routing socket read: %s\n", 1503 strerror(errno)); 1504 thr_exit(0); 1505 } 1506 continue; 1507 } 1508 if (ifam->ifam_version != RTM_VERSION) { 1509 _NSCD_LOG(NSCD_LOG_FRONT_END, 1510 NSCD_LOG_LEVEL_ERROR) 1511 (me, "rx unknown version (%d) on " 1512 "routing socket.\n", 1513 ifam->ifam_version); 1514 continue; 1515 } 1516 switch (ifam->ifam_type) { 1517 case RTM_NEWADDR: 1518 case RTM_DELADDR: 1519 /* if no ipnodes cache, then nothing to do */ 1520 idx = get_cache_idx("ipnodes"); 1521 if (cache_ctx_p[idx] == NULL || 1522 cache_ctx_p[idx]->reaper_on != nscd_true) 1523 break; 1524 nsc_invalidate(cache_ctx_p[idx], NULL, NULL); 1525 break; 1526 case RTM_ADD: 1527 case RTM_DELETE: 1528 case RTM_CHANGE: 1529 case RTM_GET: 1530 case RTM_LOSING: 1531 case RTM_REDIRECT: 1532 case RTM_MISS: 1533 case RTM_LOCK: 1534 case RTM_OLDADD: 1535 case RTM_OLDDEL: 1536 case RTM_RESOLVE: 1537 case RTM_IFINFO: 1538 case RTM_CHGADDR: 1539 case RTM_FREEADDR: 1540 break; 1541 default: 1542 _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) 1543 (me, "rx unknown msg type (%d) on routing socket.\n", 1544 ifam->ifam_type); 1545 break; 1546 } 1547 } 1548 } 1549 1550 static void 1551 keep_open_dns_socket(void) 1552 { 1553 _res.options |= RES_STAYOPEN; /* just keep this udp socket open */ 1554 } 1555