xref: /illumos-gate/usr/src/cmd/nscd/server.c (revision 65a89a64c60f3061bbe2381edaacc81660af9a95)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /*
30  * Simple doors name server cache daemon
31  */
32 
33 #include <stdio.h>
34 #include <signal.h>
35 #include <sys/door.h>
36 #include <sys/types.h>
37 #include <time.h>
38 #include <string.h>
39 #include <sys/stat.h>
40 #include <sys/time.h>
41 #include <sys/wait.h>
42 #include <sys/zone.h>
43 #include <stdlib.h>
44 #include <errno.h>
45 #include <pthread.h>
46 #include <thread.h>
47 #include <stdarg.h>
48 #include <fcntl.h>
49 #include <assert.h>
50 #include <unistd.h>
51 #include <memory.h>
52 #include <sys/socket.h>
53 #include <net/route.h>
54 #include <net/if.h>
55 #include <netinet/in.h>
56 #include <arpa/nameser.h>
57 #include <resolv.h>
58 #include <door.h>
59 #include "getxby_door.h"
60 #include "server_door.h"
61 #include "nscd.h"
62 /* Includes for filenames of databases */
63 #include <shadow.h>
64 #include <userdefs.h>
65 #include <netdb.h>
66 #include <nss_dbdefs.h>
67 #include <exec_attr.h>
68 #include <prof_attr.h>
69 #include <user_attr.h>
70 #include <ucred.h>
71 #include <priv.h>
72 #include <libscf.h>
73 
74 extern int 	optind;
75 extern int 	opterr;
76 extern int 	optopt;
77 extern char 	*optarg;
78 
79 static void switcher(void *, char *, size_t, door_desc_t *, uint_t);
80 static void rts_mon(void);
81 static void usage(char *);
82 static int nsc_calllen(nsc_call_t *);
83 static int client_getadmin(admin_t *);
84 static void getadmin(nsc_return_t *, int, nsc_call_t *);
85 static int setadmin(nsc_return_t *, int, nsc_call_t *);
86 static void client_killserver(void);
87 static int client_setadmin(admin_t *);
88 static void client_showstats(admin_t *);
89 static void detachfromtty(void);
90 
91 
92 admin_t	current_admin;
93 static int will_become_server;
94 
95 void
96 nsc_reaper(char *tbl_name, hash_t *tbl, nsc_stat_t *admin_ptr,
97     mutex_t *hash_lock)
98 {
99 	uint_t count;
100 	uint_t interval;
101 
102 	while (1) {
103 
104 		if (current_admin.debug_level >= DBG_ALL) {
105 			logit("reaper_%s: %d entries in cache\n",
106 			tbl_name, admin_ptr->nsc_entries);
107 		}
108 		if (admin_ptr->nsc_entries > 0) {
109 			count = reap_hash(tbl, admin_ptr, hash_lock,
110 			admin_ptr->nsc_pos_ttl);
111 			if (current_admin.debug_level >= DBG_ALL) {
112 				logit("reaper_%s: reaped %d entries\n",
113 				tbl_name, count);
114 			}
115 		} else {
116 			/*
117 			 * We set a minimum wait of 60 before checking again;
118 			 * we don't want to sleep for no time at all.
119 			 * We don't clamp it for the reaping itself, that is
120 			 * done in reap_hash, and with a different minimum.
121 			 */
122 			interval = admin_ptr->nsc_pos_ttl;
123 			if (interval < 60) interval = 60;
124 			if (current_admin.debug_level >= DBG_ALL) {
125 				logit(
126 				    "reaper_%s: Nothing to reap, sleep %d\n",
127 				    tbl_name, interval);
128 			}
129 			sleep(interval);
130 		}
131 	}
132 }
133 
134 nsc_stat_t *
135 getcacheptr(char *s)
136 {
137 	static const char *caches[7] = {"passwd", "group", "hosts", "ipnodes",
138 	    "exec_attr", "prof_attr", "user_attr" };
139 
140 	if (strncmp(caches[0], s, strlen(caches[0])) == 0)
141 		return (&current_admin.passwd);
142 
143 	if (strncmp(caches[1], s, strlen(caches[1])) == 0)
144 		return (&current_admin.group);
145 
146 	if (strncmp(caches[2], s, strlen(caches[2])) == 0)
147 		return (&current_admin.host);
148 
149 	if (strncmp(caches[3], s, strlen(caches[3])) == 0)
150 		return (&current_admin.node);
151 
152 	if (strncmp(caches[4], s, strlen(caches[4])) == 0)
153 		return (&current_admin.exec);
154 
155 	if (strncmp(caches[5], s, strlen(caches[5])) == 0)
156 		return (&current_admin.prof);
157 
158 	if (strncmp(caches[6], s, strlen(caches[6])) == 0)
159 		return (&current_admin.user);
160 
161 	return (NULL);
162 }
163 
164 static char *
165 getcacheopt(char *s)
166 {
167 	while (*s && *s != ',')
168 		s++;
169 	return ((*s == ',') ? (s + 1) : NULL);
170 }
171 
172 /*
173  *  routine to check if server is already running
174  */
175 
176 static int
177 nsc_ping(void)
178 {
179 	nsc_data_t data;
180 	nsc_data_t *dptr;
181 	int ndata;
182 	int adata;
183 
184 	data.nsc_call.nsc_callnumber = NULLCALL;
185 	ndata = sizeof (data);
186 	adata = sizeof (data);
187 	dptr = &data;
188 	return (_nsc_trydoorcall(&dptr, &ndata, &adata));
189 }
190 
191 static void
192 dozip(void)
193 {
194 	/* not much here */
195 }
196 
197 static void
198 keep_open_dns_socket(void)
199 {
200 	_res.options |= RES_STAYOPEN; /* just keep this udp socket open */
201 }
202 
203 /*
204  * declaring this causes the files backend to use hashing
205  * this is of course an utter hack, but provides a nice
206  * quiet back door to enable this feature for only the nscd.
207  */
208 void
209 __nss_use_files_hash(void)
210 {
211 
212 }
213 /*
214  *
215  *  The allocation of resources for cache lookups is an interesting
216  *  problem, and one that has caused several bugs in the beta release
217  *  of 2.5.  In particular, the introduction of a thottle to prevent
218  *  the creation of excessive numbers of LWPs in the case of a failed
219  *  name service has led to a denial of service problem when the
220  *  name service request rate exceeds the name service's ability
221  *  to respond.  As a result, I'm implementing the following
222  *  algorithm:
223  *
224  *  1) We cap the number of total threads.
225  *  2) We save CACHE_THREADS of those for cache lookups only.
226  *  3) We use a common pool of 2/3 of the remain threads that are used first
227  *  4) We save the remainder and allocate 1/3 of it for table specific lookups
228  *
229  *  The intent is to prevent the failure of a single name service from
230  *  causing denial of service, and to always have threads available for
231  *  cached lookups.  If a request comes in and the answer isn't in the
232  *  cache and we cannot get a thread, we simply return NOSERVER, forcing
233  *  the client to lookup the
234  *  data itself.  This will prevent the types of starvation seen
235  *  at UNC due to a single threaded DNS backend, and allows the cache
236  *  to eventually become filled.
237  *
238  */
239 
240 /* 7 tables: passwd, group, hosts, ipnodes, exec_attr, prof_attr, user_attr */
241 #define	NSCD_TABLES		7
242 #define	TABLE_THREADS		10
243 #define	COMMON_THREADS		20
244 #define	CACHE_MISS_THREADS	(COMMON_THREADS + NSCD_TABLES * TABLE_THREADS)
245 #define	CACHE_HIT_THREADS	20
246 #define	MAX_SERVER_THREADS	(CACHE_HIT_THREADS + CACHE_MISS_THREADS)
247 
248 static sema_t common_sema;
249 static sema_t passwd_sema;
250 static sema_t hosts_sema;
251 static sema_t nodes_sema;
252 static sema_t group_sema;
253 static sema_t exec_sema;
254 static sema_t prof_sema;
255 static sema_t user_sema;
256 static thread_key_t lookup_state_key;
257 
258 static void
259 initialize_lookup_clearance(void)
260 {
261 	thr_keycreate(&lookup_state_key, NULL);
262 	(void) sema_init(&common_sema, COMMON_THREADS, USYNC_THREAD, 0);
263 	(void) sema_init(&passwd_sema, TABLE_THREADS, USYNC_THREAD, 0);
264 	(void) sema_init(&hosts_sema, TABLE_THREADS, USYNC_THREAD, 0);
265 	(void) sema_init(&nodes_sema, TABLE_THREADS, USYNC_THREAD, 0);
266 	(void) sema_init(&group_sema, TABLE_THREADS, USYNC_THREAD, 0);
267 	(void) sema_init(&exec_sema, TABLE_THREADS, USYNC_THREAD, 0);
268 	(void) sema_init(&prof_sema, TABLE_THREADS, USYNC_THREAD, 0);
269 	(void) sema_init(&user_sema, TABLE_THREADS, USYNC_THREAD, 0);
270 }
271 
272 int
273 get_clearance(int callnumber)
274 {
275 	sema_t *table_sema = NULL;
276 	char *tab;
277 
278 	if (sema_trywait(&common_sema) == 0) {
279 		thr_setspecific(lookup_state_key, NULL);
280 		return (0);
281 	}
282 
283 	switch (MASKUPDATEBIT(callnumber)) {
284 
285 	case GETPWUID:
286 	case GETPWNAM:
287 		tab = "passwd";
288 		table_sema = &passwd_sema;
289 		break;
290 
291 	case GETGRNAM:
292 	case GETGRGID:
293 		tab = "group";
294 		table_sema = &group_sema;
295 		break;
296 
297 	case GETHOSTBYNAME:
298 	case GETHOSTBYADDR:
299 		tab = "hosts";
300 		table_sema = &hosts_sema;
301 		break;
302 
303 	case GETIPNODEBYNAME:
304 	case GETIPNODEBYADDR:
305 		tab = "ipnodes";
306 		table_sema = &nodes_sema;
307 		break;
308 	case GETEXECID:
309 		tab = "exec_attr";
310 		table_sema = &exec_sema;
311 		break;
312 
313 	case GETPROFNAM:
314 		tab = "prof_attr";
315 		table_sema = &prof_sema;
316 		break;
317 
318 	case GETUSERNAM:
319 		tab = "user_attr";
320 		table_sema = &user_sema;
321 		break;
322 
323 	}
324 
325 	if (sema_trywait(table_sema) == 0) {
326 		thr_setspecific(lookup_state_key, (void*)1);
327 		return (0);
328 	}
329 
330 	if (current_admin.debug_level >= DBG_CANT_FIND) {
331 		logit("get_clearance: throttling load for %s table\n", tab);
332 	}
333 	return (-1);
334 }
335 
336 int
337 release_clearance(int callnumber)
338 {
339 	int which;
340 
341 	sema_t *table_sema = NULL;
342 
343 	thr_getspecific(lookup_state_key, (void**)&which);
344 
345 	if (which == 0) /* from common pool */ {
346 		(void) sema_post(&common_sema);
347 		return (0);
348 	}
349 
350 	switch (MASKUPDATEBIT(callnumber)) {
351 
352 	case GETPWUID:
353 	case GETPWNAM:
354 		table_sema = &passwd_sema;
355 		break;
356 
357 	case GETGRNAM:
358 	case GETGRGID:
359 		table_sema = &group_sema;
360 		break;
361 
362 	case GETHOSTBYNAME:
363 	case GETHOSTBYADDR:
364 		table_sema = &hosts_sema;
365 		break;
366 
367 	case GETIPNODEBYNAME:
368 	case GETIPNODEBYADDR:
369 		table_sema = &nodes_sema;
370 		break;
371 
372 	case GETEXECID:
373 		table_sema = &exec_sema;
374 		break;
375 
376 	case GETPROFNAM:
377 		table_sema = &prof_sema;
378 		break;
379 
380 	case GETUSERNAM:
381 		table_sema = &user_sema;
382 		break;
383 	}
384 
385 	(void) sema_post(table_sema);
386 	return (0);
387 }
388 
389 
390 static mutex_t		create_lock;
391 static int		nscd_max_servers = MAX_SERVER_THREADS;
392 static int		num_servers = 0;
393 static thread_key_t	server_key;
394 
395 /*
396  * Bind a TSD value to a server thread. This enables the destructor to
397  * be called if/when this thread exits.  This would be a programming error,
398  * but better safe than sorry.
399  */
400 /*ARGSUSED*/
401 static void *
402 server_tsd_bind(void *arg)
403 {
404 	static void *value = 0;
405 
406 	/* disable cancellation to avoid hangs if server threads disappear */
407 	pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
408 	thr_setspecific(server_key, value);
409 	door_return(NULL, 0, NULL, 0);
410 
411 	/* make lint happy */
412 	return (NULL);
413 }
414 
415 /*
416  * Server threads are created here.
417  */
418 /*ARGSUSED*/
419 static void
420 server_create(door_info_t *dip)
421 {
422 	(void) mutex_lock(&create_lock);
423 	if (++num_servers > nscd_max_servers) {
424 		num_servers--;
425 		(void) mutex_unlock(&create_lock);
426 		return;
427 	}
428 	(void) mutex_unlock(&create_lock);
429 	thr_create(NULL, 0, server_tsd_bind, NULL, THR_BOUND|THR_DETACHED,
430 	    NULL);
431 }
432 
433 /*
434  * Server thread are destroyed here
435  */
436 /*ARGSUSED*/
437 static void
438 server_destroy(void *arg)
439 {
440 	(void) mutex_lock(&create_lock);
441 	num_servers--;
442 	(void) mutex_unlock(&create_lock);
443 }
444 
445 static char **saved_argv;
446 static char saved_execname[MAXPATHLEN];
447 
448 static void
449 save_execname()
450 {
451 	const char *name = getexecname();
452 
453 	saved_execname[0] = 0;
454 
455 	if (name[0] != '/') { /* started w/ relative path */
456 		(void) getcwd(saved_execname, MAXPATHLEN);
457 		strlcat(saved_execname, "/", MAXPATHLEN);
458 	}
459 	strlcat(saved_execname, name, MAXPATHLEN);
460 }
461 
462 int
463 main(int argc, char ** argv)
464 {
465 	int did;
466 	int opt;
467 	int errflg = 0;
468 	int showstats = 0;
469 	int doset = 0;
470 	int loaded_config_file = 0;
471 	struct stat buf;
472 	sigset_t myset;
473 	struct sigaction action;
474 
475 	/*
476 	 *  Special case non-root user  here - he can just print stats
477 	 */
478 
479 	if (geteuid()) {
480 		if (argc != 2 || strcmp(argv[1], "-g")) {
481 			(void) fprintf(stderr,
482 			    "Must be root to use any option other than "\
483 			    "-g.\n\n");
484 			usage(argv[0]);
485 		}
486 
487 		if ((nsc_ping() != SUCCESS) ||
488 		    (client_getadmin(&current_admin) != 0)) {
489 			(void) fprintf(stderr,
490 			    "%s doesn't appear to be running.\n", argv[0]);
491 			exit(1);
492 		}
493 		client_showstats(&current_admin);
494 		exit(0);
495 	}
496 
497 
498 
499 	/*
500 	 *  Determine if there is already a daemon running
501 	 */
502 
503 	will_become_server = (nsc_ping() != SUCCESS);
504 
505 	/*
506 	 *	process usual options
507 	 */
508 
509 	/*
510 	 *  load normal config file
511 	 */
512 
513 	if (will_become_server) {
514 		static const nsc_stat_t defaults = {
515 			0,	/* stats */
516 			0,	/* stats */
517 			0,	/* stats */
518 			0,	/* stats */
519 			0,	/* stats */
520 			0,	/* stats */
521 			0,	/* stats */
522 			211,	/* suggested size */
523 			1,	/* enabled */
524 			0,	/* invalidate cmd */
525 			600,	/* positive ttl */
526 			10, 	/* netative ttl */
527 			20,	/* keep hot */
528 			0,	/* old data not ok */
529 			1 };	/* check files */
530 
531 		current_admin.passwd = defaults;
532 		current_admin.group  = defaults;
533 		current_admin.host   = defaults;
534 		current_admin.node   = defaults;
535 		current_admin.exec   = defaults;
536 		current_admin.prof   = defaults;
537 		current_admin.user   = defaults;
538 
539 		current_admin.logfile[0] = '\0';
540 
541 		if (access("/etc/nscd.conf", R_OK) == 0) {
542 			if (nscd_parse(argv[0], "/etc/nscd.conf") < 0) {
543 				exit(1);
544 			}
545 			loaded_config_file++;
546 		}
547 	}
548 
549 	else {
550 		if (client_getadmin(&current_admin)) {
551 			(void) fprintf(stderr,
552 			    "Cannot contact nscd properly(?)\n");
553 			exit(1);
554 		}
555 
556 		current_admin.logfile[0] = '\0';
557 	}
558 
559 	while ((opt = getopt(argc, argv,
560 	    "S:Kf:c:ge:p:n:i:l:d:s:h:o:")) != EOF) {
561 		nsc_stat_t *cache;
562 		char *cacheopt;
563 
564 		switch (opt) {
565 
566 		case 'S':		/* undocumented feature */
567 			doset++;
568 			cache = getcacheptr(optarg);
569 			cacheopt = getcacheopt(optarg);
570 			if (!cache || !cacheopt) {
571 				errflg++;
572 				break;
573 			}
574 			if (strcmp(cacheopt, "yes") == 0)
575 			    cache->nsc_secure_mode = 1;
576 			else if (strcmp(cacheopt, "no") == 0)
577 			    cache->nsc_secure_mode = 0;
578 			else
579 			    errflg++;
580 			break;
581 
582 		case 'K':		/* undocumented feature */
583 			client_killserver();
584 			exit(0);
585 			break;
586 
587 		case 'f':
588 			doset++;
589 			loaded_config_file++;
590 			if (nscd_parse(argv[0], optarg) < 0) {
591 				exit(1);
592 			}
593 			break;
594 
595 		case 'g':
596 			showstats++;
597 			break;
598 
599 		case 'p':
600 			doset++;
601 			cache = getcacheptr(optarg);
602 			cacheopt = getcacheopt(optarg);
603 			if (!cache || !cacheopt) {
604 				errflg++;
605 				break;
606 			}
607 			cache->nsc_pos_ttl = atoi(cacheopt);
608 			break;
609 
610 		case 'n':
611 			doset++;
612 			cache = getcacheptr(optarg);
613 			cacheopt = getcacheopt(optarg);
614 			if (!cache || !cacheopt) {
615 				errflg++;
616 				break;
617 			}
618 			cache->nsc_neg_ttl = atoi(cacheopt);
619 			break;
620 
621 		case 'c':
622 			doset++;
623 			cache = getcacheptr(optarg);
624 			cacheopt = getcacheopt(optarg);
625 			if (!cache || !cacheopt) {
626 				errflg++;
627 				break;
628 			}
629 
630 			if (strcmp(cacheopt, "yes") == 0)
631 			    cache->nsc_check_files = 1;
632 			else if (strcmp(cacheopt, "no") == 0)
633 			    cache->nsc_check_files = 0;
634 			else
635 			    errflg++;
636 			break;
637 
638 
639 		case 'i':
640 			doset++;
641 			cache = getcacheptr(optarg);
642 			if (!cache) {
643 				errflg++;
644 				break;
645 			}
646 			cache->nsc_invalidate = 1;
647 			break;
648 
649 		case 'l':
650 			doset++;
651 			(void) strlcpy(current_admin.logfile, optarg, 128);
652 			break;
653 
654 		case 'd':
655 
656 			doset++;
657 			current_admin.debug_level = atoi(optarg);
658 			break;
659 
660 		case 's':
661 			doset++;
662 			cache = getcacheptr(optarg);
663 			cacheopt = getcacheopt(optarg);
664 			if (!cache || !cacheopt) {
665 				errflg++;
666 				break;
667 			}
668 
669 			cache->nsc_suggestedsize = atoi(cacheopt);
670 
671 			break;
672 
673 		case 'h':
674 			doset++;
675 			cache = getcacheptr(optarg);
676 			cacheopt = getcacheopt(optarg);
677 			if (!cache || !cacheopt) {
678 				errflg++;
679 				break;
680 			}
681 			cache->nsc_keephot = atoi(cacheopt);
682 			break;
683 
684 		case 'o':
685 			doset++;
686 			cache = getcacheptr(optarg);
687 			cacheopt = getcacheopt(optarg);
688 			if (!cache || !cacheopt) {
689 				errflg++;
690 				break;
691 			}
692 			if (strcmp(cacheopt, "yes") == 0)
693 			    cache->nsc_old_data_ok = 1;
694 			else if (strcmp(cacheopt, "no") == 0)
695 			    cache->nsc_old_data_ok = 0;
696 			else
697 			    errflg++;
698 			break;
699 
700 		case 'e':
701 			doset++;
702 			cache = getcacheptr(optarg);
703 			cacheopt = getcacheopt(optarg);
704 			if (!cache || !cacheopt) {
705 				errflg++;
706 				break;
707 			}
708 			if (strcmp(cacheopt, "yes") == 0)
709 			    cache->nsc_enabled = 1;
710 			else if (strcmp(cacheopt, "no") == 0)
711 			    cache->nsc_enabled = 0;
712 			else
713 			    errflg++;
714 			break;
715 
716 		default:
717 			errflg++;
718 			break;
719 		}
720 
721 	}
722 
723 	if (errflg)
724 	    usage(argv[0]);
725 
726 	if (!will_become_server) {
727 
728 		if (showstats) {
729 			client_showstats(&current_admin);
730 		}
731 
732 		if (doset) {
733 			if (client_setadmin(&current_admin) < 0) {
734 				(void) fprintf(stderr,
735 					"Error during admin call\n");
736 				exit(1);
737 			}
738 		}
739 		if (!showstats && !doset) {
740 			(void) fprintf(stderr,
741 				"%s already running.... no admin specified\n",
742 				argv[0]);
743 		}
744 		exit(0);
745 	}
746 
747 	/*
748 	 *   daemon from here ou
749 	 */
750 
751 	if (!loaded_config_file) {
752 		(void) fprintf(stderr,
753 			"No configuration file specifed and /etc/nscd.conf" \
754 			"not present\n");
755 		exit(1);
756 	}
757 
758 	saved_argv = argv;
759 	save_execname();
760 
761 	if (current_admin.debug_level) {
762 		/* we're debugging... */
763 		if (strlen(current_admin.logfile) == 0)
764 		/* no specified log file */
765 			(void) strcpy(current_admin.logfile, "stderr");
766 		else
767 			(void) nscd_set_lf(&current_admin,
768 			    current_admin.logfile);
769 	} else {
770 		if (strlen(current_admin.logfile) == 0)
771 			(void) strcpy(current_admin.logfile, "/dev/null");
772 		(void) nscd_set_lf(&current_admin, current_admin.logfile);
773 		detachfromtty();
774 	}
775 
776 	/* perform some initialization */
777 	initialize_lookup_clearance();
778 	keep_open_dns_socket();
779 	getpw_init();
780 	getgr_init();
781 	gethost_init();
782 	getnode_init();
783 	getexec_init();
784 	getprof_init();
785 	getuser_init();
786 
787 	/* Establish our own server thread pool */
788 
789 	door_server_create(server_create);
790 	if (thr_keycreate(&server_key, server_destroy) != 0) {
791 		perror("thr_keycreate");
792 		exit(-1);
793 	}
794 
795 	/* Create a door */
796 
797 	if ((did = door_create(switcher, NAME_SERVICE_DOOR_COOKIE,
798 	    DOOR_UNREF | DOOR_REFUSE_DESC | DOOR_NO_CANCEL)) < 0) {
799 		perror("door_create");
800 		exit(-1);
801 	}
802 
803 	/* bind to file system */
804 
805 	if (stat(NAME_SERVICE_DOOR, &buf) < 0) {
806 		int newfd;
807 		if ((newfd = creat(NAME_SERVICE_DOOR, 0444)) < 0) {
808 			logit("Cannot create %s:%s\n",
809 				NAME_SERVICE_DOOR,
810 				strerror(errno));
811 			exit(1);
812 		}
813 		(void) close(newfd);
814 	}
815 
816 	if (fattach(did, NAME_SERVICE_DOOR) < 0) {
817 		if ((errno != EBUSY) ||
818 		    (fdetach(NAME_SERVICE_DOOR) <  0) ||
819 		    (fattach(did, NAME_SERVICE_DOOR) < 0)) {
820 			perror("door_attach");
821 			exit(2);
822 		}
823 	}
824 
825 	action.sa_handler = dozip;
826 	action.sa_flags = 0;
827 	(void) sigemptyset(&action.sa_mask);
828 	(void) sigemptyset(&myset);
829 	(void) sigaddset(&myset, SIGHUP);
830 
831 	if (sigaction(SIGHUP, &action, NULL) < 0) {
832 		perror("sigaction");
833 		exit(1);
834 	}
835 
836 	if (thr_sigsetmask(SIG_BLOCK, &myset, NULL) < 0) {
837 		perror("thr_sigsetmask");
838 		exit(1);
839 	}
840 
841 
842 	/*
843 	 *  kick off revalidate threads
844 	 */
845 
846 	if (thr_create(NULL, NULL,
847 		(void *(*)(void *))getpw_revalidate, 0, 0, NULL) != 0) {
848 		perror("thr_create");
849 		exit(1);
850 	}
851 
852 	if (thr_create(NULL, NULL,
853 		(void *(*)(void *))gethost_revalidate, 0, 0, NULL) != 0) {
854 		perror("thr_create");
855 		exit(1);
856 	}
857 
858 	if (thr_create(NULL, NULL,
859 		(void *(*)(void*))getnode_revalidate, 0, 0, NULL) != 0) {
860 		perror("thr_create");
861 		exit(1);
862 	}
863 
864 	if (thr_create(NULL, NULL,
865 		(void *(*)(void*))getgr_revalidate, 0, 0, NULL) != 0) {
866 		perror("thr_create");
867 		exit(1);
868 	}
869 
870 	if (thr_create(NULL, NULL,
871 	    (void *(*)(void*))getexec_revalidate, 0, 0, NULL) != 0) {
872 		perror("thr_create");
873 		exit(1);
874 	}
875 
876 	if (thr_create(NULL, NULL,
877 	    (void *(*)(void*))getprof_revalidate, 0, 0, NULL) != 0) {
878 		perror("thr_create");
879 		exit(1);
880 	}
881 
882 	if (thr_create(NULL, NULL,
883 	    (void *(*)(void*))getuser_revalidate, 0, 0, NULL) != 0) {
884 		perror("thr_create");
885 		exit(1);
886 	}
887 
888 	/*
889 	 *  kick off reaper threads
890 	 */
891 
892 	if (thr_create(NULL, NULL,
893 	    (void *(*)(void *))getpw_uid_reaper, 0, 0, NULL) != 0) {
894 		perror("thr_create");
895 		exit(1);
896 	}
897 
898 	if (thr_create(NULL, NULL,
899 	    (void *(*)(void *))getpw_nam_reaper, 0, 0, NULL) != 0) {
900 		perror("thr_create");
901 		exit(1);
902 	}
903 
904 	if (thr_create(NULL, NULL,
905 	    (void *(*)(void *))getgr_uid_reaper, 0, 0, NULL) != 0) {
906 		perror("thr_create");
907 		exit(1);
908 	}
909 
910 	if (thr_create(NULL, NULL,
911 	    (void *(*)(void *))getgr_nam_reaper, 0, 0, NULL) != 0) {
912 		perror("thr_create");
913 		exit(1);
914 	}
915 
916 
917 	if (thr_create(NULL, NULL,
918 	    (void *(*)(void *))gethost_nam_reaper, 0, 0, NULL) != 0) {
919 		perror("thr_create");
920 		exit(1);
921 	}
922 
923 	if (thr_create(NULL, NULL,
924 	    (void *(*)(void *))gethost_addr_reaper, 0, 0, NULL) != 0) {
925 		perror("thr_create");
926 		exit(1);
927 	}
928 
929 	if (thr_create(NULL, NULL,
930 	    (void *(*)(void *))getnode_nam_reaper, 0, 0, NULL) != 0) {
931 		perror("thr_create");
932 		exit(1);
933 	}
934 
935 	if (thr_create(NULL, NULL,
936 	    (void *(*)(void *))getnode_addr_reaper, 0, 0, NULL) != 0) {
937 		perror("thr_create");
938 		exit(1);
939 	}
940 
941 	if (thr_create(NULL, NULL,
942 	    (void *(*)(void *))getexec_reaper, 0, 0, NULL) != 0) {
943 		perror("thr_create");
944 		exit(1);
945 	}
946 
947 	if (thr_create(NULL, NULL,
948 	    (void *(*)(void *))getprof_reaper, 0, 0, NULL) != 0) {
949 		perror("thr_create");
950 		exit(1);
951 	}
952 
953 	if (thr_create(NULL, NULL,
954 	    (void *(*)(void *))getuser_reaper, 0, 0, NULL) != 0) {
955 		perror("thr_create");
956 		exit(1);
957 	}
958 
959 	/*
960 	 * kick off routing socket monitor thread
961 	 */
962 
963 	if (thr_create(NULL, NULL,
964 		(void *(*)(void *))rts_mon, 0, 0, NULL) != 0) {
965 		perror("thr_create");
966 		exit(1);
967 	}
968 
969 	if (thr_sigsetmask(SIG_UNBLOCK, &myset, NULL) < 0) {
970 		perror("thr_sigsetmask");
971 		return (1);
972 	}
973 
974 	for (;;) {
975 		(void) pause();
976 		logit("Reloading /etc/nscd.conf\n");
977 		nscd_parse(argv[0], "/etc/nscd.conf");
978 	}
979 }
980 
981 
982 /*ARGSUSED*/
983 static void
984 switcher(void *cookie, char *argp, size_t arg_size,
985     door_desc_t *dp, uint_t n_desc)
986 {
987 	union {
988 		nsc_data_t	data;
989 		char		space[8192];
990 	} u;
991 
992 	time_t now;
993 
994 	static time_t last_nsswitch_check;
995 	static time_t last_nsswitch_modified;
996 	static time_t last_resolv_modified;
997 
998 	static mutex_t nsswitch_lock;
999 
1000 	nsc_call_t *ptr = (nsc_call_t *)argp;
1001 
1002 	if (argp == DOOR_UNREF_DATA) {
1003 		(void) printf("Door Slam... exiting\n");
1004 		exit(0);
1005 	}
1006 
1007 	if (ptr == NULL) { /* empty door call */
1008 		(void) door_return(NULL, 0, 0, 0); /* return the favor */
1009 	}
1010 
1011 	now = time(NULL);
1012 
1013 	/*
1014 	 *  just in case check
1015 	 */
1016 
1017 	(void) mutex_lock(&nsswitch_lock);
1018 
1019 	if (now - last_nsswitch_check > 10) {
1020 		struct stat nss_buf;
1021 		struct stat res_buf;
1022 
1023 		last_nsswitch_check = now;
1024 
1025 		(void) mutex_unlock(&nsswitch_lock); /* let others continue */
1026 
1027 		/*
1028 		 *  This code keeps us from statting resolv.conf
1029 		 *  if it doesn't exist, yet prevents us from ignoring
1030 		 *  it if it happens to disappear later on for a bit.
1031 		 */
1032 
1033 		if (last_resolv_modified >= 0) {
1034 			if (stat("/etc/resolv.conf", &res_buf) < 0) {
1035 				if (last_resolv_modified == 0)
1036 				    last_resolv_modified = -1;
1037 				else
1038 				    res_buf.st_mtime = last_resolv_modified;
1039 			} else if (last_resolv_modified == 0) {
1040 			    last_resolv_modified = res_buf.st_mtime;
1041 			}
1042 		}
1043 
1044 		if (stat("/etc/nsswitch.conf", &nss_buf) < 0) {
1045 
1046 			/*EMPTY*/;
1047 
1048 		} else if (last_nsswitch_modified == 0) {
1049 
1050 			last_nsswitch_modified = nss_buf.st_mtime;
1051 
1052 		} else if ((last_nsswitch_modified < nss_buf.st_mtime) ||
1053 		    ((last_resolv_modified > 0) &&
1054 		    (last_resolv_modified < res_buf.st_mtime))) {
1055 			static mutex_t exit_lock;
1056 			char *fmri;
1057 			/*
1058 			 * time for restart
1059 			 */
1060 			logit("nscd restart due to /etc/nsswitch.conf or "\
1061 				"resolv.conf change\n");
1062 			/*
1063 			 * try to restart under smf
1064 			 */
1065 			if ((fmri = getenv("SMF_FMRI")) == NULL) {
1066 				/* not running under smf - reexec */
1067 				execv(saved_execname, saved_argv);
1068 				exit(1); /* just in case */
1069 			}
1070 
1071 			mutex_lock(&exit_lock); /* prevent multiple restarts */
1072 			if (smf_restart_instance(fmri) == 0)
1073 				sleep(10); /* wait a bit */
1074 			exit(1); /* give up waiting for resurrection */
1075 		}
1076 
1077 	} else
1078 	    (void) mutex_unlock(&nsswitch_lock);
1079 
1080 	switch (ptr->nsc_callnumber) {
1081 
1082 	case NULLCALL:
1083 		u.data.nsc_ret.nsc_return_code = SUCCESS;
1084 		u.data.nsc_ret.nsc_bufferbytesused = sizeof (nsc_return_t);
1085 		break;
1086 
1087 
1088 	case GETPWNAM:
1089 		*(argp + arg_size - 1) = 0; /* FALLTHROUGH */
1090 	case GETPWUID:
1091 		getpw_lookup(&u.data.nsc_ret, sizeof (u), ptr, now);
1092 		break;
1093 
1094 	case GETGRNAM:
1095 		*(argp + arg_size - 1) = 0; /* FALLTHROUGH */
1096 	case GETGRGID:
1097 		getgr_lookup(&u.data.nsc_ret, sizeof (u), ptr, now);
1098 		break;
1099 
1100 	case GETHOSTBYNAME:
1101 		*(argp + arg_size - 1) = 0; /* FALLTHROUGH */
1102 	case GETHOSTBYADDR:
1103 		gethost_lookup(&u.data.nsc_ret, sizeof (u), ptr, now);
1104 		break;
1105 
1106 	case GETIPNODEBYNAME:
1107 		*(argp + arg_size - 1) = 0; /* FALLTHROUGH */
1108 	case GETIPNODEBYADDR:
1109 		getnode_lookup(&u.data.nsc_ret, sizeof (u), ptr, now);
1110 		break;
1111 
1112 	case GETEXECID:
1113 		*(argp + arg_size - 1) = 0;
1114 		getexec_lookup(&u.data.nsc_ret, sizeof (u), ptr, now);
1115 		break;
1116 
1117 	case GETPROFNAM:
1118 		*(argp + arg_size - 1) = 0;
1119 		getprof_lookup(&u.data.nsc_ret, sizeof (u), ptr, now);
1120 		break;
1121 
1122 	case GETUSERNAM:
1123 		*(argp + arg_size - 1) = 0;
1124 		getuser_lookup(&u.data.nsc_ret, sizeof (u), ptr, now);
1125 		break;
1126 
1127 	case GETADMIN:
1128 		getadmin(&u.data.nsc_ret, sizeof (u), ptr);
1129 		break;
1130 
1131 	case SETADMIN:
1132 	case KILLSERVER: {
1133 
1134 		ucred_t *uc = NULL;
1135 		const priv_set_t *eset;
1136 		zoneid_t zoneid;
1137 
1138 		if (door_ucred(&uc) != 0) {
1139 			perror("door_ucred");
1140 			u.data.nsc_ret.nsc_return_code = NOTFOUND;
1141 			break;
1142 		}
1143 
1144 		eset = ucred_getprivset(uc, PRIV_EFFECTIVE);
1145 		zoneid = ucred_getzoneid(uc);
1146 
1147 		if ((zoneid != GLOBAL_ZONEID && zoneid != getzoneid()) ||
1148 		    eset != NULL ? !priv_ismember(eset, PRIV_SYS_ADMIN) :
1149 		    ucred_geteuid(uc) != 0) {
1150 			logit("SETADMIN call failed(cred): caller pid %d, "
1151 			    "uid %d, euid %d, zoneid %d\n", ucred_getpid(uc),
1152 			    ucred_getruid(uc), ucred_geteuid(uc), zoneid);
1153 			u.data.nsc_ret.nsc_return_code = NOTFOUND;
1154 			ucred_free(uc);
1155 			break;
1156 		}
1157 
1158 		if (ptr->nsc_callnumber == KILLSERVER) {
1159 			logit("Nscd received KILLSERVER cmd from pid %d, "
1160 			    "uid %d, euid %d, zoneid %d\n", ucred_getpid(uc),
1161 			    ucred_getruid(uc), ucred_geteuid(uc), zoneid);
1162 			exit(0);
1163 		} else {
1164 			if (setadmin(&u.data.nsc_ret, sizeof (u), ptr) != 0)
1165 				logit("SETADMIN call failed\n");
1166 		}
1167 		ucred_free(uc);
1168 		break;
1169 	}
1170 
1171 	default:
1172 		logit("Unknown name service door call op %d\n",
1173 		    ptr->nsc_callnumber);
1174 		u.data.nsc_ret.nsc_return_code = -1;
1175 		u.data.nsc_ret.nsc_bufferbytesused = sizeof (nsc_return_t);
1176 		break;
1177 
1178 	}
1179 	door_return((char *)&u.data, u.data.nsc_ret.nsc_bufferbytesused,
1180 	    NULL, 0);
1181 }
1182 
1183 /*
1184  * Monitor the routing socket.  Address lists stored in the ipnodes
1185  * cache are sorted based on destination address selection rules,
1186  * so when things change that could affect that sorting (interfaces
1187  * go up or down, flags change, etc.), we clear that cache so the
1188  * list will be re-ordered the next time the hostname is resolved.
1189  */
1190 static void
1191 rts_mon(void)
1192 {
1193 	int	rt_sock, rdlen;
1194 	union {
1195 		struct {
1196 			struct rt_msghdr rtm;
1197 			struct sockaddr_storage addrs[RTA_NUMBITS];
1198 		} r;
1199 		struct if_msghdr ifm;
1200 		struct ifa_msghdr ifam;
1201 	} mbuf;
1202 	struct ifa_msghdr *ifam = &mbuf.ifam;
1203 
1204 	rt_sock = socket(PF_ROUTE, SOCK_RAW, 0);
1205 	if (rt_sock < 0) {
1206 		logit("Failed to open routing socket: %s\n", strerror(errno));
1207 		thr_exit(0);
1208 	}
1209 
1210 	for (;;) {
1211 		rdlen = read(rt_sock, &mbuf, sizeof (mbuf));
1212 		if (rdlen <= 0) {
1213 			if (rdlen == 0 || (errno != EINTR && errno != EAGAIN)) {
1214 				logit("routing socket read: %s\n",
1215 				    strerror(errno));
1216 				thr_exit(0);
1217 			}
1218 			continue;
1219 		}
1220 		if (ifam->ifam_version != RTM_VERSION) {
1221 			logit("rx unknown version (%d) on routing socket.\n",
1222 			    ifam->ifam_version);
1223 			continue;
1224 		}
1225 		switch (ifam->ifam_type) {
1226 		case RTM_NEWADDR:
1227 		case RTM_DELADDR:
1228 			getnode_name_invalidate();
1229 			break;
1230 		case RTM_ADD:
1231 		case RTM_DELETE:
1232 		case RTM_CHANGE:
1233 		case RTM_GET:
1234 		case RTM_LOSING:
1235 		case RTM_REDIRECT:
1236 		case RTM_MISS:
1237 		case RTM_LOCK:
1238 		case RTM_OLDADD:
1239 		case RTM_OLDDEL:
1240 		case RTM_RESOLVE:
1241 		case RTM_IFINFO:
1242 			break;
1243 		default:
1244 			logit("rx unknown msg type (%d) on routing socket.\n",
1245 			    ifam->ifam_type);
1246 			break;
1247 		}
1248 	}
1249 }
1250 
1251 static void
1252 usage(char *s)
1253 {
1254 	(void) fprintf(stderr,
1255 		"Usage: %s [-d debug_level] [-l logfilename]\n", s);
1256 	(void) fprintf(stderr,
1257 		"	[-p cachename,positive_time_to_live]\n");
1258 	(void) fprintf(stderr,
1259 		"	[-n cachename,negative_time_to_live]\n");
1260 	(void) fprintf(stderr,
1261 		"	[-i cachename] [-s cachename,suggestedsize]\n");
1262 
1263 	(void) fprintf(stderr,
1264 		"	[-h cachename,keep_hot_count] "\
1265 		"[-o cachename,\"yes\"|\"no\"]\n");
1266 
1267 	(void) fprintf(stderr,
1268 		"	[-e cachename,\"yes\"|\"no\"] [-g] " \
1269 		"[-c cachename,\"yes\"|\"no\"]\n");
1270 
1271 	(void) fprintf(stderr,
1272 		"	[-f configfilename] \n");
1273 
1274 	(void) fprintf(stderr,
1275 		"\n	Supported caches: passwd, group, hosts, ipnodes\n");
1276 
1277 	(void) fprintf(stderr,
1278 		"         exec_attr, prof_attr, and user_attr.\n");
1279 
1280 	exit(1);
1281 
1282 }
1283 
1284 
1285 static int logfd = 2;
1286 
1287 int
1288 nscd_set_lf(admin_t *ptr, char *s)
1289 {
1290 	int newlogfd;
1291 
1292 	/*
1293 	 *  we don't really want to try and open the log file
1294 	 *  /dev/null since that will fail w/ our security fixes
1295 	 */
1296 
1297 	if (*s == 0) {
1298 		/* ignore empty log file specs */
1299 		/*EMPTY*/;
1300 	} else if (s == NULL || strcmp(s, "/dev/null") == 0) {
1301 		(void) strcpy(current_admin.logfile, "/dev/null");
1302 		(void) close(logfd);
1303 		logfd = -1;
1304 	} else {
1305 		/*
1306 		 * In order to open this file securely, we'll try a few tricks
1307 		 */
1308 
1309 		if ((newlogfd = open(s, O_EXCL|O_WRONLY|O_CREAT, 0644)) < 0) {
1310 			/*
1311 			 * File already exists... now we need to get cute
1312 			 * since opening a file in a world-writeable directory
1313 			 * safely is hard = it could be a hard link or a
1314 			 * symbolic link to a system file.
1315 			 */
1316 			struct stat before;
1317 
1318 			if (lstat(s, &before) < 0) {
1319 				logit("Cannot open new logfile \"%s\": %sn",
1320 					s, strerror(errno));
1321 				return (-1);
1322 			}
1323 
1324 			if (S_ISREG(before.st_mode) && /* no symbolic links */
1325 				(before.st_nlink == 1) && /* no hard links */
1326 				(before.st_uid == 0)) {   /* owned by root */
1327 				if ((newlogfd =
1328 				    open(s, O_APPEND|O_WRONLY, 0644)) < 0) {
1329 					logit("Cannot open new "\
1330 					    "logfile \"%s\": %s\n", s,
1331 					    strerror(errno));
1332 					return (-1);
1333 				}
1334 			} else {
1335 				logit("Cannot use specified logfile \"%s\": "\
1336 				    "file is/has links or isn't owned by "\
1337 				    "root\n", s);
1338 				return (-1);
1339 			}
1340 		}
1341 
1342 		(void) strlcpy(ptr->logfile, s, 128);
1343 		(void) close(logfd);
1344 		logfd = newlogfd;
1345 		logit("Start of new logfile %s\n", s);
1346 	}
1347 	return (0);
1348 }
1349 
1350 void
1351 logit(char *format, ...)
1352 {
1353 	static mutex_t loglock;
1354 	struct timeval tv;
1355 
1356 #define	LOGBUFLEN	1024
1357 	char buffer[LOGBUFLEN];
1358 
1359 	va_list ap;
1360 	va_start(ap, format);
1361 
1362 	if (logfd >= 0) {
1363 		int safechars, offset;
1364 		if (gettimeofday(&tv, NULL) != 0 ||
1365 		    ctime_r(&tv.tv_sec, buffer, LOGBUFLEN) == NULL) {
1366 			(void) snprintf(buffer, LOGBUFLEN,
1367 			    "<time conversion failed>\t");
1368 		} else {
1369 			/*
1370 			 * ctime_r() includes some stuff we don't want;
1371 			 * adjust length to overwrite " YYYY\n".
1372 			 */
1373 			offset = strlen(buffer) - 6;
1374 			safechars = LOGBUFLEN - (offset - 1);
1375 			(void) snprintf(buffer + offset, safechars, ".%.4ld\t",
1376 			    tv.tv_usec/100);
1377 		}
1378 		offset = strlen(buffer);
1379 		safechars = LOGBUFLEN - (offset - 1);
1380 		if (vsnprintf(buffer + offset, safechars, format, ap) >
1381 		    safechars) {
1382 			(void) strncat(buffer, "...\n", LOGBUFLEN);
1383 		}
1384 
1385 		(void) mutex_lock(&loglock);
1386 		(void) write(logfd, buffer, strlen(buffer));
1387 		(void) mutex_unlock(&loglock);
1388 	}
1389 
1390 	va_end(ap);
1391 #undef	LOGBUFLEN
1392 }
1393 
1394 static void
1395 do_update(nsc_call_t *in)
1396 {
1397 	union {
1398 		nsc_data_t	data;
1399 		char		space[8192];
1400 	} u;
1401 
1402 	time_t now = time(NULL);
1403 
1404 	switch (MASKUPDATEBIT(in->nsc_callnumber)) {
1405 
1406 	case GETPWUID:
1407 	case GETPWNAM:
1408 		getpw_lookup(&u.data.nsc_ret, sizeof (u), in, now);
1409 		break;
1410 
1411 	case GETGRNAM:
1412 	case GETGRGID:
1413 		getgr_lookup(&u.data.nsc_ret, sizeof (u), in, now);
1414 		break;
1415 
1416 	case GETHOSTBYNAME:
1417 	case GETHOSTBYADDR:
1418 		gethost_lookup(&u.data.nsc_ret, sizeof (u), in, now);
1419 		break;
1420 
1421 	case GETIPNODEBYNAME:
1422 	case GETIPNODEBYADDR:
1423 		getnode_lookup(&u.data.nsc_ret, sizeof (u), in, now);
1424 		break;
1425 
1426 	case GETEXECID:
1427 		getexec_lookup(&u.data.nsc_ret, sizeof (u), in, now);
1428 		break;
1429 
1430 	case GETPROFNAM:
1431 		getprof_lookup(&u.data.nsc_ret, sizeof (u), in, now);
1432 		break;
1433 
1434 	case GETUSERNAM:
1435 		getuser_lookup(&u.data.nsc_ret, sizeof (u), in, now);
1436 		break;
1437 
1438 	default:
1439 		assert(0);
1440 		break;
1441 	}
1442 
1443 	free(in);
1444 }
1445 
1446 int
1447 launch_update(nsc_call_t *in)
1448 {
1449 	nsc_call_t *c;
1450 
1451 	int l = nsc_calllen(in);
1452 
1453 	in->nsc_callnumber |= UPDATEBIT;
1454 
1455 	if ((c = malloc(l)) == NULL) {
1456 		logit("thread create failed: %s\n", strerror(errno));
1457 		exit(1);
1458 	}
1459 	(void) memcpy(c, in, l);
1460 
1461 	if (current_admin.debug_level >= DBG_ALL) {
1462 		logit("launching update\n");
1463 	}
1464 
1465 	if (thr_create(NULL,
1466 	    NULL,
1467 	    (void *(*)(void*))do_update,
1468 	    c,
1469 	    0|THR_DETACHED, NULL) != 0) {
1470 		logit("thread create failed\n");
1471 		exit(1);
1472 	}
1473 
1474 	return (0);
1475 }
1476 
1477 static int
1478 nsc_calllen(nsc_call_t *in)
1479 {
1480 	switch (MASKUPDATEBIT(in->nsc_callnumber)) {
1481 
1482 	case GETPWUID:
1483 	case GETGRGID:
1484 	case NULLCALL:
1485 		return (sizeof (*in));
1486 
1487 	case GETPWNAM:
1488 	case GETGRNAM:
1489 	case GETHOSTBYNAME:
1490 		return (sizeof (*in) + strlen(in->nsc_u.name));
1491 	case GETIPNODEBYNAME:
1492 		return (sizeof (*in) + strlen(in->nsc_u.ipnode.name));
1493 
1494 	case GETHOSTBYADDR:
1495 	case GETIPNODEBYADDR:
1496 		return (sizeof (*in) + in->nsc_u.addr.a_length);
1497 
1498 	case GETEXECID:
1499 	case GETPROFNAM:
1500 	case GETUSERNAM:
1501 
1502 		return (sizeof (*in) + strlen(in->nsc_u.name));
1503 	}
1504 
1505 	return (0);
1506 }
1507 
1508 static int
1509 client_getadmin(admin_t *ptr)
1510 {
1511 	union {
1512 		nsc_data_t data;
1513 		char space[8192];
1514 	} u;
1515 
1516 	nsc_data_t *dptr;
1517 	int ndata;
1518 	int adata;
1519 
1520 	u.data.nsc_call.nsc_callnumber = GETADMIN;
1521 	ndata = sizeof (u);
1522 	adata = sizeof (u.data);
1523 	dptr = &u.data;
1524 
1525 	if (_nsc_trydoorcall(&dptr, &ndata, &adata) != SUCCESS) {
1526 		return (-1);
1527 	}
1528 
1529 	(void) memcpy(ptr, dptr->nsc_ret.nsc_u.buff, sizeof (*ptr));
1530 	return (0);
1531 }
1532 
1533 /*ARGSUSED*/
1534 static void
1535 getadmin(nsc_return_t *out, int size, nsc_call_t *ptr)
1536 {
1537 	out->nsc_return_code = SUCCESS;
1538 	out->nsc_bufferbytesused = sizeof (current_admin);
1539 	(void) memcpy(out->nsc_u.buff, &current_admin, sizeof (current_admin));
1540 }
1541 
1542 
1543 static int
1544 nscd_set_rbac(admin_t *new_admin, int invalidate)
1545 {
1546 	int		i;
1547 	char		*dbname = NULL;
1548 	nsc_stat_t	*cache = NULL;
1549 	nsc_stat_t	*new = NULL;
1550 	void		(*invalidate_func)(void);
1551 
1552 
1553 	for (i = 1; i <= 3; i++) {
1554 		/*
1555 		 * Three of the RBAC databases are cached.
1556 		 */
1557 		switch (i) {
1558 		case 1:
1559 			dbname = NSS_DBNAM_EXECATTR;
1560 			cache = &current_admin.exec;
1561 			new = &new_admin->exec;
1562 			invalidate_func = getexec_invalidate;
1563 			break;
1564 		case 2:
1565 			dbname = NSS_DBNAM_PROFATTR;
1566 			cache = &current_admin.prof;
1567 			new = &new_admin->prof;
1568 			invalidate_func = getprof_invalidate;
1569 			break;
1570 		case 3:
1571 			dbname = NSS_DBNAM_USERATTR;
1572 			cache = &current_admin.user;
1573 			new = &new_admin->user;
1574 			invalidate_func = getuser_invalidate;
1575 			break;
1576 		default:
1577 			break;
1578 		}
1579 
1580 		if (invalidate) {
1581 			if (new->nsc_invalidate) {
1582 				logit("Invalidating %s cache\n", dbname);
1583 				(*invalidate_func)();
1584 			}
1585 		} else {
1586 			if (nscd_set_ttl_positive(cache, dbname,
1587 			    new->nsc_pos_ttl) < 0 ||
1588 			    nscd_set_ttl_negative(cache, dbname,
1589 			    new->nsc_neg_ttl) < 0 ||
1590 			    nscd_set_khc(cache, dbname, new->nsc_keephot) < 0 ||
1591 			    nscd_set_odo(cache, dbname,
1592 			    new->nsc_old_data_ok) < 0 ||
1593 			    nscd_set_ec(cache, dbname, new->nsc_enabled) < 0 ||
1594 			    nscd_set_ss(cache, dbname,
1595 			    new->nsc_suggestedsize) < 0)
1596 				return (-1);
1597 		}
1598 	}
1599 
1600 	return (0);
1601 }
1602 
1603 /*ARGSUSED*/
1604 static int
1605 setadmin(nsc_return_t *out, int size, nsc_call_t *ptr)
1606 {
1607 	admin_t *new;
1608 
1609 	out->nsc_return_code = SUCCESS;
1610 	out->nsc_bufferbytesused = sizeof (nsc_return_t);
1611 
1612 	new = (admin_t *)ptr->nsc_u.name;
1613 
1614 
1615 	/*
1616 	 *  global admin stuff
1617 	 */
1618 
1619 	if ((nscd_set_lf(&current_admin, new->logfile) < 0) ||
1620 	    nscd_set_dl(&current_admin, new->debug_level) < 0) {
1621 		out->nsc_return_code = NOTFOUND;
1622 		return (-1);
1623 	}
1624 
1625 	/*
1626 	 * per cache items
1627 	 */
1628 
1629 	if (new->passwd.nsc_invalidate) {
1630 		logit("Invalidating passwd cache\n");
1631 		getpw_invalidate();
1632 	}
1633 
1634 	if (new->group.nsc_invalidate) {
1635 		logit("Invalidating group cache\n");
1636 		getgr_invalidate();
1637 	}
1638 
1639 	if (new->host.nsc_invalidate) {
1640 		logit("Invalidating host cache\n");
1641 		gethost_invalidate();
1642 	}
1643 
1644 	if (new->node.nsc_invalidate) {
1645 		logit("Invalidating ipnodes cache\n");
1646 		getnode_invalidate();
1647 	}
1648 
1649 	(void) nscd_set_rbac(new, 1);		/* invalidate rbac cache */
1650 
1651 	if (nscd_set_ttl_positive(&current_admin.passwd,
1652 			"passwd",
1653 			new->passwd.nsc_pos_ttl) < 0		||
1654 	    nscd_set_ttl_negative(&current_admin.passwd,
1655 			"passwd",
1656 			new->passwd.nsc_neg_ttl) < 0		||
1657 	    nscd_set_khc(&current_admin.passwd,
1658 			"passwd",
1659 			new->passwd.nsc_keephot) < 0		||
1660 	    nscd_set_odo(&current_admin.passwd,
1661 			"passwd",
1662 			new->passwd.nsc_old_data_ok) < 0	||
1663 	    nscd_set_ec(&current_admin.passwd,
1664 			"passwd",
1665 			new->passwd.nsc_enabled) < 0		||
1666 	    nscd_set_ss(&current_admin.passwd,
1667 			"passwd",
1668 			new->passwd.nsc_suggestedsize) < 0	   ||
1669 
1670 	    nscd_set_ttl_positive(&current_admin.group,
1671 			"group",
1672 			new->group.nsc_pos_ttl) < 0		||
1673 	    nscd_set_ttl_negative(&current_admin.group,
1674 			"group",
1675 			new->group.nsc_neg_ttl) < 0		||
1676 	    nscd_set_khc(&current_admin.group,
1677 			"group",
1678 			new->group.nsc_keephot) < 0		||
1679 	    nscd_set_odo(&current_admin.group,
1680 			"group",
1681 			new->group.nsc_old_data_ok) < 0		||
1682 	    nscd_set_ec(&current_admin.group,
1683 			"group",
1684 			new->group.nsc_enabled) < 0		||
1685 	    nscd_set_ss(&current_admin.group,
1686 			"group",
1687 			new->group.nsc_suggestedsize) < 0	||
1688 
1689 	    nscd_set_ttl_positive(&current_admin.node,
1690 			"ipnodes",
1691 			new->node.nsc_pos_ttl) < 0		||
1692 	    nscd_set_ttl_negative(&current_admin.node,
1693 			"ipnodes",
1694 			new->node.nsc_neg_ttl) < 0		||
1695 	    nscd_set_khc(&current_admin.node,
1696 			"ipnodes",
1697 			new->node.nsc_keephot) < 0		||
1698 	    nscd_set_odo(&current_admin.node,
1699 			"ipnodes",
1700 			new->node.nsc_old_data_ok) < 0		||
1701 	    nscd_set_ec(&current_admin.node,
1702 			"ipnodes",
1703 			new->node.nsc_enabled) < 0		||
1704 	    nscd_set_ss(&current_admin.node,
1705 			"ipnodes",
1706 			new->node.nsc_suggestedsize) < 0	||
1707 
1708 	    nscd_set_ttl_positive(&current_admin.host,
1709 			"hosts",
1710 			new->host.nsc_pos_ttl) < 0		||
1711 	    nscd_set_ttl_negative(&current_admin.host,
1712 			"hosts",
1713 			new->host.nsc_neg_ttl) < 0		||
1714 	    nscd_set_khc(&current_admin.host,
1715 			"hosts",
1716 			new->host.nsc_keephot) < 0		||
1717 	    nscd_set_odo(&current_admin.host,
1718 			"hosts",
1719 			new->host.nsc_old_data_ok) < 0		||
1720 	    nscd_set_ec(&current_admin.host,
1721 			"hosts",
1722 			new->host.nsc_enabled) < 0		||
1723 	    nscd_set_ss(&current_admin.host,
1724 			"hosts",
1725 			new->host.nsc_suggestedsize) < 0	||
1726 	    nscd_set_rbac(new, 0) < 0) {
1727 		out->nsc_return_code = NOTFOUND;
1728 		return (-1);
1729 	}
1730 	out->nsc_return_code = SUCCESS;
1731 	return (0);
1732 }
1733 
1734 void
1735 client_killserver(void)
1736 {
1737 	union {
1738 		nsc_data_t data;
1739 		char space[8192];
1740 	} u;
1741 
1742 	nsc_data_t *dptr;
1743 	int ndata;
1744 	int adata;
1745 
1746 	u.data.nsc_call.nsc_callnumber = KILLSERVER;
1747 
1748 	ndata = sizeof (u);
1749 	adata = sizeof (nsc_call_t);
1750 
1751 	dptr = &u.data;
1752 
1753 	_nsc_trydoorcall(&dptr, &ndata, &adata);
1754 }
1755 
1756 
1757 static int
1758 client_setadmin(admin_t *ptr)
1759 {
1760 	union {
1761 		nsc_data_t data;
1762 		char space[8192];
1763 	} u;
1764 
1765 	nsc_data_t *dptr;
1766 	int ndata;
1767 	int adata;
1768 
1769 	u.data.nsc_call.nsc_callnumber = SETADMIN;
1770 
1771 	(void) memcpy(u.data.nsc_call.nsc_u.name, ptr, sizeof (*ptr));
1772 
1773 	ndata = sizeof (u);
1774 	adata = sizeof (*ptr);
1775 
1776 	dptr = &u.data;
1777 
1778 	if (_nsc_trydoorcall(&dptr, &ndata, &adata) != SUCCESS) {
1779 		return (-1);
1780 	}
1781 
1782 	return (0);
1783 }
1784 
1785 static void
1786 dump_stat(nsc_stat_t *ptr)
1787 {
1788 	double hitrate;
1789 	(void) printf("%10s  cache is enabled\n",
1790 	    (ptr->nsc_enabled?"Yes":"No"));
1791 	(void) printf("%10d  cache hits on positive entries\n",
1792 	    ptr->nsc_pos_cache_hits);
1793 	(void) printf("%10d  cache hits on negative entries\n",
1794 	    ptr->nsc_neg_cache_hits);
1795 	(void) printf("%10d  cache misses on positive entries\n",
1796 	    ptr->nsc_pos_cache_misses);
1797 	(void) printf("%10d  cache misses on negative entries\n",
1798 	    ptr->nsc_neg_cache_misses);
1799 	hitrate = ptr->nsc_pos_cache_misses + ptr->nsc_neg_cache_misses +
1800 	    ptr->nsc_pos_cache_hits + ptr->nsc_neg_cache_hits;
1801 
1802 	if (hitrate > 0.0)
1803 		hitrate = (100.0 * ((double)ptr->nsc_pos_cache_hits +
1804 		    (double)ptr->nsc_neg_cache_hits))/hitrate;
1805 
1806 	(void) printf("%10.1f%% cache hit rate\n",  hitrate);
1807 	(void) printf("%10d  queries deferred\n", ptr->nsc_throttle_count);
1808 	(void) printf("%10d  total entries\n", ptr->nsc_entries);
1809 	(void) printf("%10d  complete cache invalidations\n",
1810 	    ptr->nsc_invalidate_count);
1811 	(void) printf("%10d  suggested size\n", ptr->nsc_suggestedsize);
1812 	(void) printf("%10d  seconds time to live for positive entries\n",
1813 	    ptr->nsc_pos_ttl);
1814 	(void) printf("%10d  seconds time to live for negative entries\n",
1815 	    ptr->nsc_neg_ttl);
1816 	(void) printf("%10d  most active entries to be kept valid\n",
1817 	    ptr->nsc_keephot);
1818 	(void) printf("%10s  check /etc/{passwd, group, hosts, inet/ipnodes} "
1819 	    "file for changes\n",
1820 	    (ptr->nsc_check_files?"Yes":"No"));
1821 
1822 	(void) printf("%10s  use possibly stale data rather than waiting for "
1823 	    "refresh\n",
1824 	    (ptr->nsc_old_data_ok?"Yes":"No"));
1825 }
1826 
1827 static void
1828 client_showstats(admin_t *ptr)
1829 {
1830 
1831 	(void) printf("nscd configuration:\n\n");
1832 	(void) printf("%10d  server debug level\n", ptr->debug_level);
1833 	(void) printf("\"%s\"  is server log file\n", ptr->logfile);
1834 
1835 	(void) printf("\npasswd cache:\n\n");
1836 	dump_stat(&(ptr->passwd));
1837 	(void) printf("\ngroup cache:\n\n");
1838 	dump_stat(&(ptr->group));
1839 	(void) printf("\nhosts cache:\n\n");
1840 	dump_stat(&(ptr->host));
1841 	(void) printf("\nipnodes cache:\n\n");
1842 	dump_stat(&(ptr->node));
1843 	(void) printf("\nexec_attr cache:\n\n");
1844 	dump_stat(&(ptr->exec));
1845 	(void) printf("\nprof_attr cache:\n\n");
1846 	dump_stat(&(ptr->prof));
1847 	(void) printf("\nuser_attr cache:\n\n");
1848 	dump_stat(&(ptr->user));
1849 }
1850 
1851 
1852 
1853 /*
1854  * detach from tty
1855  */
1856 static void
1857 detachfromtty(void)
1858 {
1859 	if (logfd > 0) {
1860 		int i;
1861 		for (i = 0; i < logfd; i++)
1862 			(void) close(i);
1863 		closefrom(logfd+1);
1864 	} else
1865 		closefrom(0);
1866 
1867 	(void) chdir("/");
1868 
1869 	switch (fork1()) {
1870 	case (pid_t)-1:
1871 		exit(1);
1872 		break;
1873 	case 0:
1874 		break;
1875 	default:
1876 		exit(0);
1877 	}
1878 	(void) setsid();
1879 	(void) open("/dev/null", O_RDWR, 0);
1880 	(void) dup(0);
1881 	(void) dup(0);
1882 }
1883