1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 /* 30 * rc_node.c - object management primitives 31 * 32 * This layer manages entities, their data structure, its locking, iterators, 33 * transactions, and change notification requests. Entities (scopes, 34 * services, instances, snapshots, snaplevels, property groups, "composed" 35 * property groups (see composition below), and properties) are represented by 36 * rc_node_t's and are kept in the cache_hash hash table. (Property values 37 * are kept in the rn_values member of the respective property -- not as 38 * separate objects.) Iterators are represented by rc_node_iter_t's. 39 * Transactions are represented by rc_node_tx_t's and are only allocated as 40 * part of repcache_tx_t's in the client layer (client.c). Change 41 * notification requests are represented by rc_notify_t structures and are 42 * described below. 43 * 44 * The entity tree is rooted at rc_scope, which rc_node_init() initializes to 45 * the "localhost" scope. The tree is filled in from the database on-demand 46 * by rc_node_fill_children(), usually from rc_iter_create() since iterators 47 * are the only way to find the children of an entity. 48 * 49 * Each rc_node_t is protected by its rn_lock member. Operations which can 50 * take too long, however, should serialize on an RC_NODE_WAITING_FLAGS bit in 51 * rn_flags with the rc_node_{hold,rele}_flag() functions. And since pointers 52 * to rc_node_t's are allowed, rn_refs is a reference count maintained by 53 * rc_node_{hold,rele}(). See configd.h for locking order information. 54 * 55 * When a node (property group or snapshot) is updated, a new node takes the 56 * place of the old node in the global hash, and the old node is hung off of 57 * the rn_former list of the new node. At the same time, all of its children 58 * have their rn_parent_ref pointer set, and any holds they have are reflected 59 * in the old node's rn_other_refs count. This is automatically kept up 60 * to date, until the final reference to the subgraph is dropped, at which 61 * point the node is unrefed and destroyed, along with all of its children. 62 * 63 * Locking rules: To dereference an rc_node_t * (usually to lock it), you must 64 * have a hold (rc_node_hold()) on it or otherwise be sure that it hasn't been 65 * rc_node_destroy()ed (hold a lock on its parent or child, hold a flag, 66 * etc.). Once you have locked an rc_node_t you must check its rn_flags for 67 * RC_NODE_DEAD before you can use it. This is usually done with the 68 * rc_node_{wait,hold}_flag() functions (often via the rc_node_check_*() 69 * functions & RC_NODE_*() macros), which fail if the object has died. 70 * 71 * Because name service lookups may take a long time and, more importantly 72 * may trigger additional accesses to the repository, perm_granted() must be 73 * called without holding any locks. 74 * 75 * An ITER_START for a non-ENTITY_VALUE induces an rc_node_fill_children() 76 * call via rc_node_setup_iter() to populate the rn_children uu_list of the 77 * rc_node_t * in question and a call to uu_list_walk_start() on that list. For 78 * ITER_READ, rc_iter_next() uses uu_list_walk_next() to find the next 79 * apropriate child. 80 * 81 * An ITER_START for an ENTITY_VALUE makes sure the node has its values 82 * filled, and sets up the iterator. An ITER_READ_VALUE just copies out 83 * the proper values and updates the offset information. 84 * 85 * When a property group gets changed by a transaction, it sticks around as 86 * a child of its replacement property group, but is removed from the parent. 87 * 88 * To allow aliases, snapshots are implemented with a level of indirection. 89 * A snapshot rc_node_t has a snapid which refers to an rc_snapshot_t in 90 * snapshot.c which contains the authoritative snaplevel information. The 91 * snapid is "assigned" by rc_attach_snapshot(). 92 * 93 * We provide the client layer with rc_node_ptr_t's to reference objects. 94 * Objects referred to by them are automatically held & released by 95 * rc_node_assign() & rc_node_clear(). The RC_NODE_PTR_*() macros are used at 96 * client.c entry points to read the pointers. They fetch the pointer to the 97 * object, return (from the function) if it is dead, and lock, hold, or hold 98 * a flag of the object. 99 */ 100 101 /* 102 * Permission checking is authorization-based: some operations may only 103 * proceed if the user has been assigned at least one of a set of 104 * authorization strings. The set of enabling authorizations depends on the 105 * operation and the target object. The set of authorizations assigned to 106 * a user is determined by reading /etc/security/policy.conf, querying the 107 * user_attr database, and possibly querying the prof_attr database, as per 108 * chkauthattr() in libsecdb. 109 * 110 * The fastest way to decide whether the two sets intersect is by entering the 111 * strings into a hash table and detecting collisions, which takes linear time 112 * in the total size of the sets. Except for the authorization patterns which 113 * may be assigned to users, which without advanced pattern-matching 114 * algorithms will take O(n) in the number of enabling authorizations, per 115 * pattern. 116 * 117 * We can achieve some practical speed-ups by noting that if we enter all of 118 * the authorizations from one of the sets into the hash table we can merely 119 * check the elements of the second set for existence without adding them. 120 * This reduces memory requirements and hash table clutter. The enabling set 121 * is well suited for this because it is internal to configd (for now, at 122 * least). Combine this with short-circuiting and we can even minimize the 123 * number of queries to the security databases (user_attr & prof_attr). 124 * 125 * To force this usage onto clients we provide functions for adding 126 * authorizations to the enabling set of a permission context structure 127 * (perm_add_*()) and one to decide whether the the user associated with the 128 * current door call client possesses any of them (perm_granted()). 129 * 130 * At some point, a generic version of this should move to libsecdb. 131 * 132 * While entering the enabling strings into the hash table, we keep track 133 * of which is the most specific for use in generating auditing events. 134 * See the "Collecting the Authorization String" section of the "SMF Audit 135 * Events" block comment below. 136 */ 137 138 /* 139 * Composition is the combination of sets of properties. The sets are ordered 140 * and properties in higher sets obscure properties of the same name in lower 141 * sets. Here we present a composed view of an instance's properties as the 142 * union of its properties and its service's properties. Similarly the 143 * properties of snaplevels are combined to form a composed view of the 144 * properties of a snapshot (which should match the composed view of the 145 * properties of the instance when the snapshot was taken). 146 * 147 * In terms of the client interface, the client may request that a property 148 * group iterator for an instance or snapshot be composed. Property groups 149 * traversed by such an iterator may not have the target entity as a parent. 150 * Similarly, the properties traversed by a property iterator for those 151 * property groups may not have the property groups iterated as parents. 152 * 153 * Implementation requires that iterators for instances and snapshots be 154 * composition-savvy, and that we have a "composed property group" entity 155 * which represents the composition of a number of property groups. Iteration 156 * over "composed property groups" yields properties which may have different 157 * parents, but for all other operations a composed property group behaves 158 * like the top-most property group it represents. 159 * 160 * The implementation is based on the rn_cchain[] array of rc_node_t pointers 161 * in rc_node_t. For instances, the pointers point to the instance and its 162 * parent service. For snapshots they point to the child snaplevels, and for 163 * composed property groups they point to property groups. A composed 164 * iterator carries an index into rn_cchain[]. Thus most of the magic ends up 165 * int the rc_iter_*() code. 166 */ 167 /* 168 * SMF Audit Events: 169 * ================ 170 * 171 * To maintain security, SMF generates audit events whenever 172 * privileged operations are attempted. See the System Administration 173 * Guide:Security Services answerbook for a discussion of the Solaris 174 * audit system. 175 * 176 * The SMF audit event codes are defined in adt_event.h by symbols 177 * starting with ADT_smf_ and are described in audit_event.txt. The 178 * audit record structures are defined in the SMF section of adt.xml. 179 * adt.xml is used to automatically generate adt_event.h which 180 * contains the definitions that we code to in this file. For the 181 * most part the audit events map closely to actions that you would 182 * perform with svcadm or svccfg, but there are some special cases 183 * which we'll discuss later. 184 * 185 * The software associated with SMF audit events falls into three 186 * categories: 187 * - collecting information to be written to the audit 188 * records 189 * - using the adt_* functions in 190 * usr/src/lib/libbsm/common/adt.c to generate the audit 191 * records. 192 * - handling special cases 193 * 194 * Collecting Information: 195 * ---------------------- 196 * 197 * Most all of the audit events require the FMRI of the affected 198 * object and the authorization string that was used. The one 199 * exception is ADT_smf_annotation which we'll talk about later. 200 * 201 * Collecting the FMRI: 202 * 203 * The rc_node structure has a member called rn_fmri which points to 204 * its FMRI. This is initialized by a call to rc_node_build_fmri() 205 * when the node's parent is established. The reason for doing it 206 * at this time is that a node's FMRI is basically the concatenation 207 * of the parent's FMRI and the node's name with the appropriate 208 * decoration. rc_node_build_fmri() does this concatenation and 209 * decorating. It is called from rc_node_link_child() and 210 * rc_node_relink_child() where a node is linked to its parent. 211 * 212 * rc_node_get_fmri_or_fragment() is called to retrieve a node's FMRI 213 * when it is needed. It returns rn_fmri if it is set. If the node 214 * is at the top level, however, rn_fmri won't be set because it was 215 * never linked to a parent. In this case, 216 * rc_node_get_fmri_or_fragment() constructs an FMRI fragment based on 217 * its node type and its name, rn_name. 218 * 219 * Collecting the Authorization String: 220 * 221 * Naturally, the authorization string is captured during the 222 * authorization checking process. Acceptable authorization strings 223 * are added to a permcheck_t hash table as noted in the section on 224 * permission checking above. Once all entries have been added to the 225 * hash table, perm_granted() is called. If the client is authorized, 226 * perm_granted() returns with pc_auth_string of the permcheck_t 227 * structure pointing to the authorization string. 228 * 229 * This works fine if the client is authorized, but what happens if 230 * the client is not authorized? We need to report the required 231 * authorization string. This is the authorization that would have 232 * been used if permission had been granted. perm_granted() will 233 * find no match, so it needs to decide which string in the hash 234 * table to use as the required authorization string. It needs to do 235 * this, because configd is still going to generate an event. A 236 * design decision was made to use the most specific authorization 237 * in the hash table. The pc_auth_type enum designates the 238 * specificity of an authorization string. For example, an 239 * authorization string that is declared in an instance PG is more 240 * specific than one that is declared in a service PG. 241 * 242 * The pc_add() function keeps track of the most specific 243 * authorization in the hash table. It does this using the 244 * pc_specific and pc_specific_type members of the permcheck 245 * structure. pc_add() updates these members whenever a more 246 * specific authorization string is added to the hash table. Thus, if 247 * an authorization match is not found, perm_granted() will return 248 * with pc_auth_string in the permcheck_t pointing to the string that 249 * is referenced by pc_specific. 250 * 251 * Generating the Audit Events: 252 * =========================== 253 * 254 * As the functions in this file process requests for clients of 255 * configd, they gather the information that is required for an audit 256 * event. Eventually, the request processing gets to the point where 257 * the authorization is rejected or to the point where the requested 258 * action was attempted. At these two points smf_audit_event() is 259 * called. 260 * 261 * smf_audit_event() takes 4 parameters: 262 * - the event ID which is one of the ADT_smf_* symbols from 263 * adt_event.h. 264 * - status to pass to adt_put_event() 265 * - return value to pass to adt_put_event() 266 * - the event data (see audit_event_data structure) 267 * 268 * All interactions with the auditing software require an audit 269 * session. We use one audit session per configd client. We keep 270 * track of the audit session in the repcache_client structure. 271 * smf_audit_event() calls get_audit_session() to get the session 272 * pointer. 273 * 274 * smf_audit_event() then calls adt_alloc_event() to allocate an 275 * adt_event_data union which is defined in adt_event.h, copies the 276 * data into the appropriate members of the union and calls 277 * adt_put_event() to generate the event. 278 * 279 * Special Cases: 280 * ============= 281 * 282 * There are three major types of special cases: 283 * 284 * - gathering event information for each action in a 285 * transaction 286 * - Higher level events represented by special property 287 * group/property name combinations. Many of these are 288 * restarter actions. 289 * - ADT_smf_annotation event 290 * 291 * Processing Transaction Actions: 292 * ------------------------------ 293 * 294 * A transaction can contain multiple actions to modify, create or 295 * delete one or more properties. We need to capture information so 296 * that we can generate an event for each property action. The 297 * transaction information is stored in a tx_commmit_data_t, and 298 * object.c provides accessor functions to retrieve data from this 299 * structure. rc_tx_commit() obtains a tx_commit_data_t by calling 300 * tx_commit_data_new() and passes this to object_tx_commit() to 301 * commit the transaction. Then we call generate_property_events() to 302 * generate an audit event for each property action. 303 * 304 * Special Properties: 305 * ------------------ 306 * 307 * There are combinations of property group/property name that are special. 308 * They are special because they have specific meaning to startd. startd 309 * interprets them in a service-independent fashion. 310 * restarter_actions/refresh and general/enabled are two examples of these. 311 * A special event is generated for these properties in addition to the 312 * regular property event described in the previous section. The special 313 * properties are declared as an array of audit_special_prop_item 314 * structures at special_props_list in rc_node.c. 315 * 316 * In the previous section, we mentioned the 317 * generate_property_event() function that generates an event for 318 * every property action. Before generating the event, 319 * generate_property_event() calls special_property_event(). 320 * special_property_event() checks to see if the action involves a 321 * special property. If it does, it generates a special audit 322 * event. 323 * 324 * ADT_smf_annotation event: 325 * ------------------------ 326 * 327 * This is a special event unlike any other. It allows the svccfg 328 * program to store an annotation in the event log before a series 329 * of transactions is processed. It is used with the import and 330 * apply svccfg commands. svccfg uses the rep_protocol_annotation 331 * message to pass the operation (import or apply) and the file name 332 * to configd. The set_annotation() function in client.c stores 333 * these away in the a repcache_client structure. The address of 334 * this structure is saved in the thread_info structure. 335 * 336 * Before it generates any events, smf_audit_event() calls 337 * smf_annotation_event(). smf_annotation_event() calls 338 * client_annotation_needed() which is defined in client.c. If an 339 * annotation is needed client_annotation_needed() returns the 340 * operation and filename strings that were saved from the 341 * rep_protocol_annotation message. smf_annotation_event() then 342 * generates the ADT_smf_annotation event. 343 */ 344 345 #include <assert.h> 346 #include <atomic.h> 347 #include <bsm/adt_event.h> 348 #include <errno.h> 349 #include <libuutil.h> 350 #include <libscf.h> 351 #include <libscf_priv.h> 352 #include <prof_attr.h> 353 #include <pthread.h> 354 #include <pwd.h> 355 #include <stdio.h> 356 #include <stdlib.h> 357 #include <strings.h> 358 #include <sys/types.h> 359 #include <syslog.h> 360 #include <unistd.h> 361 #include <user_attr.h> 362 363 #include "configd.h" 364 365 #define AUTH_PREFIX "solaris.smf." 366 #define AUTH_MANAGE AUTH_PREFIX "manage" 367 #define AUTH_MODIFY AUTH_PREFIX "modify" 368 #define AUTH_MODIFY_PREFIX AUTH_MODIFY "." 369 #define AUTH_PG_ACTIONS SCF_PG_RESTARTER_ACTIONS 370 #define AUTH_PG_ACTIONS_TYPE SCF_PG_RESTARTER_ACTIONS_TYPE 371 #define AUTH_PG_GENERAL SCF_PG_GENERAL 372 #define AUTH_PG_GENERAL_TYPE SCF_PG_GENERAL_TYPE 373 #define AUTH_PG_GENERAL_OVR SCF_PG_GENERAL_OVR 374 #define AUTH_PG_GENERAL_OVR_TYPE SCF_PG_GENERAL_OVR_TYPE 375 #define AUTH_PROP_ACTION "action_authorization" 376 #define AUTH_PROP_ENABLED "enabled" 377 #define AUTH_PROP_MODIFY "modify_authorization" 378 #define AUTH_PROP_VALUE "value_authorization" 379 #define AUTH_PROP_READ "read_authorization" 380 /* libsecdb should take care of this. */ 381 #define RBAC_AUTH_SEP "," 382 383 #define MAX_VALID_CHILDREN 3 384 385 /* 386 * The ADT_smf_* symbols may not be defined on the build machine. Because 387 * of this, we do not want to compile the _smf_aud_event() function when 388 * doing native builds. 389 */ 390 #ifdef NATIVE_BUILD 391 #define smf_audit_event(i, s, r, d) 392 #else 393 #define smf_audit_event(i, s, r, d) _smf_audit_event(i, s, r, d) 394 #endif /* NATIVE_BUILD */ 395 396 typedef struct rc_type_info { 397 uint32_t rt_type; /* matches array index */ 398 uint32_t rt_num_ids; 399 uint32_t rt_name_flags; 400 uint32_t rt_valid_children[MAX_VALID_CHILDREN]; 401 } rc_type_info_t; 402 403 #define RT_NO_NAME -1U 404 405 static rc_type_info_t rc_types[] = { 406 {REP_PROTOCOL_ENTITY_NONE, 0, RT_NO_NAME}, 407 {REP_PROTOCOL_ENTITY_SCOPE, 0, 0, 408 {REP_PROTOCOL_ENTITY_SERVICE, REP_PROTOCOL_ENTITY_SCOPE}}, 409 {REP_PROTOCOL_ENTITY_SERVICE, 0, UU_NAME_DOMAIN | UU_NAME_PATH, 410 {REP_PROTOCOL_ENTITY_INSTANCE, REP_PROTOCOL_ENTITY_PROPERTYGRP}}, 411 {REP_PROTOCOL_ENTITY_INSTANCE, 1, UU_NAME_DOMAIN, 412 {REP_PROTOCOL_ENTITY_SNAPSHOT, REP_PROTOCOL_ENTITY_PROPERTYGRP}}, 413 {REP_PROTOCOL_ENTITY_SNAPSHOT, 2, UU_NAME_DOMAIN, 414 {REP_PROTOCOL_ENTITY_SNAPLEVEL, REP_PROTOCOL_ENTITY_PROPERTYGRP}}, 415 {REP_PROTOCOL_ENTITY_SNAPLEVEL, 4, RT_NO_NAME, 416 {REP_PROTOCOL_ENTITY_PROPERTYGRP}}, 417 {REP_PROTOCOL_ENTITY_PROPERTYGRP, 5, UU_NAME_DOMAIN, 418 {REP_PROTOCOL_ENTITY_PROPERTY}}, 419 {REP_PROTOCOL_ENTITY_CPROPERTYGRP, 0, UU_NAME_DOMAIN, 420 {REP_PROTOCOL_ENTITY_PROPERTY}}, 421 {REP_PROTOCOL_ENTITY_PROPERTY, 7, UU_NAME_DOMAIN}, 422 {-1UL} 423 }; 424 #define NUM_TYPES ((sizeof (rc_types) / sizeof (*rc_types))) 425 426 /* Element of a permcheck_t hash table. */ 427 struct pc_elt { 428 struct pc_elt *pce_next; 429 char pce_auth[1]; 430 }; 431 432 /* 433 * If an authorization fails, we must decide which of the elements in the 434 * permcheck hash table to use in the audit event. That is to say of all 435 * the strings in the hash table, we must choose one and use it in the audit 436 * event. It is desirable to use the most specific string in the audit 437 * event. 438 * 439 * The pc_auth_type specifies the types (sources) of authorization 440 * strings. The enum is ordered in increasing specificity. 441 */ 442 typedef enum pc_auth_type { 443 PC_AUTH_NONE = 0, /* no auth string available. */ 444 PC_AUTH_SMF, /* strings coded into SMF. */ 445 PC_AUTH_SVC, /* strings specified in PG of a service. */ 446 PC_AUTH_INST /* strings specified in PG of an instance. */ 447 } pc_auth_type_t; 448 449 /* An authorization set hash table. */ 450 typedef struct { 451 struct pc_elt **pc_buckets; 452 uint_t pc_bnum; /* number of buckets */ 453 uint_t pc_enum; /* number of elements */ 454 struct pc_elt *pc_specific; /* most specific element */ 455 pc_auth_type_t pc_specific_type; /* type of pc_specific */ 456 char *pc_auth_string; /* authorization string */ 457 /* for audit events */ 458 } permcheck_t; 459 460 /* 461 * Structure for holding audit event data. Not all events use all members 462 * of the structure. 463 */ 464 typedef struct audit_event_data { 465 char *ed_auth; /* authorization string. */ 466 char *ed_fmri; /* affected FMRI. */ 467 char *ed_snapname; /* name of snapshot. */ 468 char *ed_old_fmri; /* old fmri in attach case. */ 469 char *ed_old_name; /* old snapshot in attach case. */ 470 char *ed_type; /* prop. group or prop. type. */ 471 char *ed_prop_value; /* property value. */ 472 } audit_event_data_t; 473 474 /* 475 * Pointer to function to do special processing to get audit event ID. 476 * Audit event IDs are defined in /usr/include/bsm/adt_event.h. Function 477 * returns 0 if ID successfully retrieved. Otherwise it returns -1. 478 */ 479 typedef int (*spc_getid_fn_t)(tx_commit_data_t *, size_t, const char *, 480 au_event_t *); 481 static int general_enable_id(tx_commit_data_t *, size_t, const char *, 482 au_event_t *); 483 484 static uu_list_pool_t *rc_children_pool; 485 static uu_list_pool_t *rc_pg_notify_pool; 486 static uu_list_pool_t *rc_notify_pool; 487 static uu_list_pool_t *rc_notify_info_pool; 488 489 static rc_node_t *rc_scope; 490 491 static pthread_mutex_t rc_pg_notify_lock = PTHREAD_MUTEX_INITIALIZER; 492 static pthread_cond_t rc_pg_notify_cv = PTHREAD_COND_INITIALIZER; 493 static uint_t rc_notify_in_use; /* blocks removals */ 494 495 /* 496 * Some combinations of property group/property name require a special 497 * audit event to be generated when there is a change. 498 * audit_special_prop_item_t is used to specify these special cases. The 499 * special_props_list array defines a list of these special properties. 500 */ 501 typedef struct audit_special_prop_item { 502 const char *api_pg_name; /* property group name. */ 503 const char *api_prop_name; /* property name. */ 504 au_event_t api_event_id; /* event id or 0. */ 505 spc_getid_fn_t api_event_func; /* function to get event id. */ 506 } audit_special_prop_item_t; 507 508 /* 509 * Native builds are done using the build machine's standard include 510 * files. These files may not yet have the definitions for the ADT_smf_* 511 * symbols. Thus, we do not compile this table when doing native builds. 512 */ 513 #ifndef NATIVE_BUILD 514 /* 515 * The following special_props_list array specifies property group/property 516 * name combinations that have specific meaning to startd. A special event 517 * is generated for these combinations in addition to the regular property 518 * event. 519 * 520 * At run time this array gets sorted. See the call to qsort(3C) in 521 * rc_node_init(). The array is sorted, so that bsearch(3C) can be used 522 * to do lookups. 523 */ 524 static audit_special_prop_item_t special_props_list[] = { 525 {SCF_PG_RESTARTER_ACTIONS, SCF_PROPERTY_DEGRADED, ADT_smf_degrade, 526 NULL}, 527 {SCF_PG_RESTARTER_ACTIONS, SCF_PROPERTY_DEGRADE_IMMEDIATE, 528 ADT_smf_immediate_degrade, NULL}, 529 {SCF_PG_RESTARTER_ACTIONS, SCF_PROPERTY_MAINT_OFF, ADT_smf_clear, NULL}, 530 {SCF_PG_RESTARTER_ACTIONS, SCF_PROPERTY_MAINT_ON, 531 ADT_smf_maintenance, NULL}, 532 {SCF_PG_RESTARTER_ACTIONS, SCF_PROPERTY_MAINT_ON_IMMEDIATE, 533 ADT_smf_immediate_maintenance, NULL}, 534 {SCF_PG_RESTARTER_ACTIONS, SCF_PROPERTY_MAINT_ON_IMMTEMP, 535 ADT_smf_immtmp_maintenance, NULL}, 536 {SCF_PG_RESTARTER_ACTIONS, SCF_PROPERTY_MAINT_ON_TEMPORARY, 537 ADT_smf_tmp_maintenance, NULL}, 538 {SCF_PG_RESTARTER_ACTIONS, SCF_PROPERTY_REFRESH, ADT_smf_refresh, NULL}, 539 {SCF_PG_RESTARTER_ACTIONS, SCF_PROPERTY_RESTART, ADT_smf_restart, NULL}, 540 {SCF_PG_RESTARTER_ACTIONS, SCF_PROPERTY_RESTORE, ADT_smf_clear, NULL}, 541 {SCF_PG_OPTIONS, SCF_PROPERTY_MILESTONE, ADT_smf_milestone, NULL}, 542 {SCF_PG_OPTIONS_OVR, SCF_PROPERTY_MILESTONE, ADT_smf_milestone, NULL}, 543 {SCF_PG_GENERAL, SCF_PROPERTY_ENABLED, 0, general_enable_id}, 544 {SCF_PG_GENERAL_OVR, SCF_PROPERTY_ENABLED, 0, general_enable_id} 545 }; 546 #define SPECIAL_PROP_COUNT (sizeof (special_props_list) /\ 547 sizeof (audit_special_prop_item_t)) 548 #endif /* NATIVE_BUILD */ 549 550 static void rc_node_unrefed(rc_node_t *np); 551 552 /* 553 * We support an arbitrary number of clients interested in events for certain 554 * types of changes. Each client is represented by an rc_notify_info_t, and 555 * all clients are chained onto the rc_notify_info_list. 556 * 557 * The rc_notify_list is the global notification list. Each entry is of 558 * type rc_notify_t, which is embedded in one of three other structures: 559 * 560 * rc_node_t property group update notification 561 * rc_notify_delete_t object deletion notification 562 * rc_notify_info_t notification clients 563 * 564 * Which type of object is determined by which pointer in the rc_notify_t is 565 * non-NULL. 566 * 567 * New notifications and clients are added to the end of the list. 568 * Notifications no-one is interested in are never added to the list. 569 * 570 * Clients use their position in the list to track which notifications they 571 * have not yet reported. As they process notifications, they move forward 572 * in the list past them. There is always a client at the beginning of the 573 * list -- as he moves past notifications, he removes them from the list and 574 * cleans them up. 575 * 576 * The rc_pg_notify_lock protects all notification state. The rc_pg_notify_cv 577 * is used for global signalling, and each client has a cv which he waits for 578 * events of interest on. 579 */ 580 static uu_list_t *rc_notify_info_list; 581 static uu_list_t *rc_notify_list; 582 583 #define HASH_SIZE 512 584 #define HASH_MASK (HASH_SIZE - 1) 585 586 #pragma align 64(cache_hash) 587 static cache_bucket_t cache_hash[HASH_SIZE]; 588 589 #define CACHE_BUCKET(h) (&cache_hash[(h) & HASH_MASK]) 590 591 static uint32_t 592 rc_node_hash(rc_node_lookup_t *lp) 593 { 594 uint32_t type = lp->rl_type; 595 uint32_t backend = lp->rl_backend; 596 uint32_t mainid = lp->rl_main_id; 597 uint32_t *ids = lp->rl_ids; 598 599 rc_type_info_t *tp = &rc_types[type]; 600 uint32_t num_ids; 601 uint32_t left; 602 uint32_t hash; 603 604 assert(backend == BACKEND_TYPE_NORMAL || 605 backend == BACKEND_TYPE_NONPERSIST); 606 607 assert(type > 0 && type < NUM_TYPES); 608 num_ids = tp->rt_num_ids; 609 610 left = MAX_IDS - num_ids; 611 assert(num_ids <= MAX_IDS); 612 613 hash = type * 7 + mainid * 5 + backend; 614 615 while (num_ids-- > 0) 616 hash = hash * 11 + *ids++ * 7; 617 618 /* 619 * the rest should be zeroed 620 */ 621 while (left-- > 0) 622 assert(*ids++ == 0); 623 624 return (hash); 625 } 626 627 static int 628 rc_node_match(rc_node_t *np, rc_node_lookup_t *l) 629 { 630 rc_node_lookup_t *r = &np->rn_id; 631 rc_type_info_t *tp; 632 uint32_t type; 633 uint32_t num_ids; 634 635 if (r->rl_main_id != l->rl_main_id) 636 return (0); 637 638 type = r->rl_type; 639 if (type != l->rl_type) 640 return (0); 641 642 assert(type > 0 && type < NUM_TYPES); 643 644 tp = &rc_types[r->rl_type]; 645 num_ids = tp->rt_num_ids; 646 647 assert(num_ids <= MAX_IDS); 648 while (num_ids-- > 0) 649 if (r->rl_ids[num_ids] != l->rl_ids[num_ids]) 650 return (0); 651 652 return (1); 653 } 654 655 /* 656 * the "other" references on a node are maintained in an atomically 657 * updated refcount, rn_other_refs. This can be bumped from arbitrary 658 * context, and tracks references to a possibly out-of-date node's children. 659 * 660 * To prevent the node from disappearing between the final drop of 661 * rn_other_refs and the unref handling, rn_other_refs_held is bumped on 662 * 0->1 transitions and decremented (with the node lock held) on 1->0 663 * transitions. 664 */ 665 static void 666 rc_node_hold_other(rc_node_t *np) 667 { 668 if (atomic_add_32_nv(&np->rn_other_refs, 1) == 1) { 669 atomic_add_32(&np->rn_other_refs_held, 1); 670 assert(np->rn_other_refs_held > 0); 671 } 672 assert(np->rn_other_refs > 0); 673 } 674 675 /* 676 * No node locks may be held 677 */ 678 static void 679 rc_node_rele_other(rc_node_t *np) 680 { 681 assert(np->rn_other_refs > 0); 682 if (atomic_add_32_nv(&np->rn_other_refs, -1) == 0) { 683 (void) pthread_mutex_lock(&np->rn_lock); 684 assert(np->rn_other_refs_held > 0); 685 if (atomic_add_32_nv(&np->rn_other_refs_held, -1) == 0 && 686 np->rn_refs == 0 && (np->rn_flags & RC_NODE_OLD)) 687 rc_node_unrefed(np); 688 else 689 (void) pthread_mutex_unlock(&np->rn_lock); 690 } 691 } 692 693 static void 694 rc_node_hold_locked(rc_node_t *np) 695 { 696 assert(MUTEX_HELD(&np->rn_lock)); 697 698 if (np->rn_refs == 0 && (np->rn_flags & RC_NODE_PARENT_REF)) 699 rc_node_hold_other(np->rn_parent_ref); 700 np->rn_refs++; 701 assert(np->rn_refs > 0); 702 } 703 704 static void 705 rc_node_hold(rc_node_t *np) 706 { 707 (void) pthread_mutex_lock(&np->rn_lock); 708 rc_node_hold_locked(np); 709 (void) pthread_mutex_unlock(&np->rn_lock); 710 } 711 712 static void 713 rc_node_rele_locked(rc_node_t *np) 714 { 715 int unref = 0; 716 rc_node_t *par_ref = NULL; 717 718 assert(MUTEX_HELD(&np->rn_lock)); 719 assert(np->rn_refs > 0); 720 721 if (--np->rn_refs == 0) { 722 if (np->rn_flags & RC_NODE_PARENT_REF) 723 par_ref = np->rn_parent_ref; 724 725 /* 726 * Composed property groups are only as good as their 727 * references. 728 */ 729 if (np->rn_id.rl_type == REP_PROTOCOL_ENTITY_CPROPERTYGRP) 730 np->rn_flags |= RC_NODE_DEAD; 731 732 if ((np->rn_flags & (RC_NODE_DEAD|RC_NODE_OLD)) && 733 np->rn_other_refs == 0 && np->rn_other_refs_held == 0) 734 unref = 1; 735 } 736 737 if (unref) 738 rc_node_unrefed(np); 739 else 740 (void) pthread_mutex_unlock(&np->rn_lock); 741 742 if (par_ref != NULL) 743 rc_node_rele_other(par_ref); 744 } 745 746 void 747 rc_node_rele(rc_node_t *np) 748 { 749 (void) pthread_mutex_lock(&np->rn_lock); 750 rc_node_rele_locked(np); 751 } 752 753 static cache_bucket_t * 754 cache_hold(uint32_t h) 755 { 756 cache_bucket_t *bp = CACHE_BUCKET(h); 757 (void) pthread_mutex_lock(&bp->cb_lock); 758 return (bp); 759 } 760 761 static void 762 cache_release(cache_bucket_t *bp) 763 { 764 (void) pthread_mutex_unlock(&bp->cb_lock); 765 } 766 767 static rc_node_t * 768 cache_lookup_unlocked(cache_bucket_t *bp, rc_node_lookup_t *lp) 769 { 770 uint32_t h = rc_node_hash(lp); 771 rc_node_t *np; 772 773 assert(MUTEX_HELD(&bp->cb_lock)); 774 assert(bp == CACHE_BUCKET(h)); 775 776 for (np = bp->cb_head; np != NULL; np = np->rn_hash_next) { 777 if (np->rn_hash == h && rc_node_match(np, lp)) { 778 rc_node_hold(np); 779 return (np); 780 } 781 } 782 783 return (NULL); 784 } 785 786 static rc_node_t * 787 cache_lookup(rc_node_lookup_t *lp) 788 { 789 uint32_t h; 790 cache_bucket_t *bp; 791 rc_node_t *np; 792 793 h = rc_node_hash(lp); 794 bp = cache_hold(h); 795 796 np = cache_lookup_unlocked(bp, lp); 797 798 cache_release(bp); 799 800 return (np); 801 } 802 803 static void 804 cache_insert_unlocked(cache_bucket_t *bp, rc_node_t *np) 805 { 806 assert(MUTEX_HELD(&bp->cb_lock)); 807 assert(np->rn_hash == rc_node_hash(&np->rn_id)); 808 assert(bp == CACHE_BUCKET(np->rn_hash)); 809 810 assert(np->rn_hash_next == NULL); 811 812 np->rn_hash_next = bp->cb_head; 813 bp->cb_head = np; 814 } 815 816 static void 817 cache_remove_unlocked(cache_bucket_t *bp, rc_node_t *np) 818 { 819 rc_node_t **npp; 820 821 assert(MUTEX_HELD(&bp->cb_lock)); 822 assert(np->rn_hash == rc_node_hash(&np->rn_id)); 823 assert(bp == CACHE_BUCKET(np->rn_hash)); 824 825 for (npp = &bp->cb_head; *npp != NULL; npp = &(*npp)->rn_hash_next) 826 if (*npp == np) 827 break; 828 829 assert(*npp == np); 830 *npp = np->rn_hash_next; 831 np->rn_hash_next = NULL; 832 } 833 834 /* 835 * verify that the 'parent' type can have a child typed 'child' 836 * Fails with 837 * _INVALID_TYPE - argument is invalid 838 * _TYPE_MISMATCH - parent type cannot have children of type child 839 */ 840 static int 841 rc_check_parent_child(uint32_t parent, uint32_t child) 842 { 843 int idx; 844 uint32_t type; 845 846 if (parent == 0 || parent >= NUM_TYPES || 847 child == 0 || child >= NUM_TYPES) 848 return (REP_PROTOCOL_FAIL_INVALID_TYPE); /* invalid types */ 849 850 for (idx = 0; idx < MAX_VALID_CHILDREN; idx++) { 851 type = rc_types[parent].rt_valid_children[idx]; 852 if (type == child) 853 return (REP_PROTOCOL_SUCCESS); 854 } 855 856 return (REP_PROTOCOL_FAIL_TYPE_MISMATCH); 857 } 858 859 /* 860 * Fails with 861 * _INVALID_TYPE - type is invalid 862 * _BAD_REQUEST - name is an invalid name for a node of type type 863 */ 864 int 865 rc_check_type_name(uint32_t type, const char *name) 866 { 867 if (type == 0 || type >= NUM_TYPES) 868 return (REP_PROTOCOL_FAIL_INVALID_TYPE); /* invalid types */ 869 870 if (uu_check_name(name, rc_types[type].rt_name_flags) == -1) 871 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 872 873 return (REP_PROTOCOL_SUCCESS); 874 } 875 876 static int 877 rc_check_pgtype_name(const char *name) 878 { 879 if (uu_check_name(name, UU_NAME_DOMAIN) == -1) 880 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 881 882 return (REP_PROTOCOL_SUCCESS); 883 } 884 885 /* 886 * rc_node_free_fmri should be called whenever a node loses its parent. 887 * The reason is that the node's fmri string is built up by concatenating 888 * its name to the parent's fmri. Thus, when the node no longer has a 889 * parent, its fmri is no longer valid. 890 */ 891 static void 892 rc_node_free_fmri(rc_node_t *np) 893 { 894 if (np->rn_fmri != NULL) { 895 free((void *)np->rn_fmri); 896 np->rn_fmri = NULL; 897 } 898 } 899 900 /* 901 * Concatenate the appropriate separator and the FMRI element to the base 902 * FMRI string at fmri. 903 * 904 * Fails with 905 * _TRUNCATED Not enough room in buffer at fmri. 906 */ 907 static int 908 rc_concat_fmri_element( 909 char *fmri, /* base fmri */ 910 size_t bufsize, /* size of buf at fmri */ 911 size_t *sz_out, /* receives result size. */ 912 const char *element, /* element name to concat */ 913 rep_protocol_entity_t type) /* type of element */ 914 { 915 size_t actual; 916 const char *name = element; 917 int rc; 918 const char *separator; 919 920 if (bufsize > 0) 921 *sz_out = strlen(fmri); 922 else 923 *sz_out = 0; 924 925 switch (type) { 926 case REP_PROTOCOL_ENTITY_SCOPE: 927 if (strcmp(element, SCF_FMRI_LOCAL_SCOPE) == 0) { 928 /* 929 * No need to display scope information if we are 930 * in the local scope. 931 */ 932 separator = SCF_FMRI_SVC_PREFIX; 933 name = NULL; 934 } else { 935 /* 936 * Need to display scope information, because it is 937 * not the local scope. 938 */ 939 separator = SCF_FMRI_SVC_PREFIX SCF_FMRI_SCOPE_PREFIX; 940 } 941 break; 942 case REP_PROTOCOL_ENTITY_SERVICE: 943 separator = SCF_FMRI_SERVICE_PREFIX; 944 break; 945 case REP_PROTOCOL_ENTITY_INSTANCE: 946 separator = SCF_FMRI_INSTANCE_PREFIX; 947 break; 948 case REP_PROTOCOL_ENTITY_PROPERTYGRP: 949 case REP_PROTOCOL_ENTITY_CPROPERTYGRP: 950 separator = SCF_FMRI_PROPERTYGRP_PREFIX; 951 break; 952 case REP_PROTOCOL_ENTITY_PROPERTY: 953 separator = SCF_FMRI_PROPERTY_PREFIX; 954 break; 955 case REP_PROTOCOL_ENTITY_VALUE: 956 /* 957 * A value does not have a separate FMRI from its property, 958 * so there is nothing to concat. 959 */ 960 return (REP_PROTOCOL_SUCCESS); 961 case REP_PROTOCOL_ENTITY_SNAPSHOT: 962 case REP_PROTOCOL_ENTITY_SNAPLEVEL: 963 /* Snapshots do not have FMRIs, so there is nothing to do. */ 964 return (REP_PROTOCOL_SUCCESS); 965 default: 966 (void) fprintf(stderr, "%s:%d: Unknown protocol type %d.\n", 967 __FILE__, __LINE__, type); 968 abort(); /* Missing a case in switch if we get here. */ 969 } 970 971 /* Concatenate separator and element to the fmri buffer. */ 972 973 actual = strlcat(fmri, separator, bufsize); 974 if (name != NULL) { 975 if (actual < bufsize) { 976 actual = strlcat(fmri, name, bufsize); 977 } else { 978 actual += strlen(name); 979 } 980 } 981 if (actual < bufsize) { 982 rc = REP_PROTOCOL_SUCCESS; 983 } else { 984 rc = REP_PROTOCOL_FAIL_TRUNCATED; 985 } 986 *sz_out = actual; 987 return (rc); 988 } 989 990 /* 991 * Get the FMRI for the node at np. The fmri will be placed in buf. On 992 * success sz_out will be set to the size of the fmri in buf. If 993 * REP_PROTOCOL_FAIL_TRUNCATED is returned, sz_out will be set to the size 994 * of the buffer that would be required to avoid truncation. 995 * 996 * Fails with 997 * _TRUNCATED not enough room in buf for the FMRI. 998 */ 999 static int 1000 rc_node_get_fmri_or_fragment(rc_node_t *np, char *buf, size_t bufsize, 1001 size_t *sz_out) 1002 { 1003 size_t fmri_len = 0; 1004 int r; 1005 1006 if (bufsize > 0) 1007 *buf = 0; 1008 *sz_out = 0; 1009 1010 if (np->rn_fmri == NULL) { 1011 /* 1012 * A NULL rn_fmri implies that this is a top level scope. 1013 * Child nodes will always have an rn_fmri established 1014 * because both rc_node_link_child() and 1015 * rc_node_relink_child() call rc_node_build_fmri(). In 1016 * this case, we'll just return our name preceded by the 1017 * appropriate FMRI decorations. 1018 */ 1019 assert(np->rn_parent == NULL); 1020 r = rc_concat_fmri_element(buf, bufsize, &fmri_len, np->rn_name, 1021 np->rn_id.rl_type); 1022 if (r != REP_PROTOCOL_SUCCESS) 1023 return (r); 1024 } else { 1025 /* We have an fmri, so return it. */ 1026 fmri_len = strlcpy(buf, np->rn_fmri, bufsize); 1027 } 1028 1029 *sz_out = fmri_len; 1030 1031 if (fmri_len >= bufsize) 1032 return (REP_PROTOCOL_FAIL_TRUNCATED); 1033 1034 return (REP_PROTOCOL_SUCCESS); 1035 } 1036 1037 /* 1038 * Build an FMRI string for this node and save it in rn_fmri. 1039 * 1040 * The basic strategy here is to get the fmri of our parent and then 1041 * concatenate the appropriate separator followed by our name. If our name 1042 * is null, the resulting fmri will just be a copy of the parent fmri. 1043 * rc_node_build_fmri() should be called with the RC_NODE_USING_PARENT flag 1044 * set. Also the rn_lock for this node should be held. 1045 * 1046 * Fails with 1047 * _NO_RESOURCES Could not allocate memory. 1048 */ 1049 static int 1050 rc_node_build_fmri(rc_node_t *np) 1051 { 1052 size_t actual; 1053 char fmri[REP_PROTOCOL_FMRI_LEN]; 1054 int rc; 1055 size_t sz = REP_PROTOCOL_FMRI_LEN; 1056 1057 assert(MUTEX_HELD(&np->rn_lock)); 1058 assert(np->rn_flags & RC_NODE_USING_PARENT); 1059 1060 rc_node_free_fmri(np); 1061 1062 rc = rc_node_get_fmri_or_fragment(np->rn_parent, fmri, sz, &actual); 1063 assert(rc == REP_PROTOCOL_SUCCESS); 1064 1065 if (np->rn_name != NULL) { 1066 rc = rc_concat_fmri_element(fmri, sz, &actual, np->rn_name, 1067 np->rn_id.rl_type); 1068 assert(rc == REP_PROTOCOL_SUCCESS); 1069 np->rn_fmri = strdup(fmri); 1070 } else { 1071 np->rn_fmri = strdup(fmri); 1072 } 1073 if (np->rn_fmri == NULL) { 1074 rc = REP_PROTOCOL_FAIL_NO_RESOURCES; 1075 } else { 1076 rc = REP_PROTOCOL_SUCCESS; 1077 } 1078 1079 return (rc); 1080 } 1081 1082 /* 1083 * Get the FMRI of the node at np placing the result in fmri. Then 1084 * concatenate the additional element to fmri. The type variable indicates 1085 * the type of element, so that the appropriate separator can be 1086 * generated. size is the number of bytes in the buffer at fmri, and 1087 * sz_out receives the size of the generated string. If the result is 1088 * truncated, sz_out will receive the size of the buffer that would be 1089 * required to avoid truncation. 1090 * 1091 * Fails with 1092 * _TRUNCATED Not enough room in buffer at fmri. 1093 */ 1094 static int 1095 rc_get_fmri_and_concat(rc_node_t *np, char *fmri, size_t size, size_t *sz_out, 1096 const char *element, rep_protocol_entity_t type) 1097 { 1098 int rc; 1099 1100 if ((rc = rc_node_get_fmri_or_fragment(np, fmri, size, sz_out)) != 1101 REP_PROTOCOL_SUCCESS) { 1102 return (rc); 1103 } 1104 if ((rc = rc_concat_fmri_element(fmri, size, sz_out, element, type)) != 1105 REP_PROTOCOL_SUCCESS) { 1106 return (rc); 1107 } 1108 1109 return (REP_PROTOCOL_SUCCESS); 1110 } 1111 1112 static int 1113 rc_notify_info_interested(rc_notify_info_t *rnip, rc_notify_t *np) 1114 { 1115 rc_node_t *nnp = np->rcn_node; 1116 int i; 1117 1118 assert(MUTEX_HELD(&rc_pg_notify_lock)); 1119 1120 if (np->rcn_delete != NULL) { 1121 assert(np->rcn_info == NULL && np->rcn_node == NULL); 1122 return (1); /* everyone likes deletes */ 1123 } 1124 if (np->rcn_node == NULL) { 1125 assert(np->rcn_info != NULL || np->rcn_delete != NULL); 1126 return (0); 1127 } 1128 assert(np->rcn_info == NULL); 1129 1130 for (i = 0; i < RC_NOTIFY_MAX_NAMES; i++) { 1131 if (rnip->rni_namelist[i] != NULL) { 1132 if (strcmp(nnp->rn_name, rnip->rni_namelist[i]) == 0) 1133 return (1); 1134 } 1135 if (rnip->rni_typelist[i] != NULL) { 1136 if (strcmp(nnp->rn_type, rnip->rni_typelist[i]) == 0) 1137 return (1); 1138 } 1139 } 1140 return (0); 1141 } 1142 1143 static void 1144 rc_notify_insert_node(rc_node_t *nnp) 1145 { 1146 rc_notify_t *np = &nnp->rn_notify; 1147 rc_notify_info_t *nip; 1148 int found = 0; 1149 1150 assert(np->rcn_info == NULL); 1151 1152 if (nnp->rn_id.rl_type != REP_PROTOCOL_ENTITY_PROPERTYGRP) 1153 return; 1154 1155 (void) pthread_mutex_lock(&rc_pg_notify_lock); 1156 np->rcn_node = nnp; 1157 for (nip = uu_list_first(rc_notify_info_list); nip != NULL; 1158 nip = uu_list_next(rc_notify_info_list, nip)) { 1159 if (rc_notify_info_interested(nip, np)) { 1160 (void) pthread_cond_broadcast(&nip->rni_cv); 1161 found++; 1162 } 1163 } 1164 if (found) 1165 (void) uu_list_insert_before(rc_notify_list, NULL, np); 1166 else 1167 np->rcn_node = NULL; 1168 1169 (void) pthread_mutex_unlock(&rc_pg_notify_lock); 1170 } 1171 1172 static void 1173 rc_notify_deletion(rc_notify_delete_t *ndp, const char *service, 1174 const char *instance, const char *pg) 1175 { 1176 rc_notify_info_t *nip; 1177 1178 uu_list_node_init(&ndp->rnd_notify, &ndp->rnd_notify.rcn_list_node, 1179 rc_notify_pool); 1180 ndp->rnd_notify.rcn_delete = ndp; 1181 1182 (void) snprintf(ndp->rnd_fmri, sizeof (ndp->rnd_fmri), 1183 "svc:/%s%s%s%s%s", service, 1184 (instance != NULL)? ":" : "", (instance != NULL)? instance : "", 1185 (pg != NULL)? "/:properties/" : "", (pg != NULL)? pg : ""); 1186 1187 /* 1188 * add to notification list, notify watchers 1189 */ 1190 (void) pthread_mutex_lock(&rc_pg_notify_lock); 1191 for (nip = uu_list_first(rc_notify_info_list); nip != NULL; 1192 nip = uu_list_next(rc_notify_info_list, nip)) 1193 (void) pthread_cond_broadcast(&nip->rni_cv); 1194 (void) uu_list_insert_before(rc_notify_list, NULL, ndp); 1195 (void) pthread_mutex_unlock(&rc_pg_notify_lock); 1196 } 1197 1198 static void 1199 rc_notify_remove_node(rc_node_t *nnp) 1200 { 1201 rc_notify_t *np = &nnp->rn_notify; 1202 1203 assert(np->rcn_info == NULL); 1204 assert(!MUTEX_HELD(&nnp->rn_lock)); 1205 1206 (void) pthread_mutex_lock(&rc_pg_notify_lock); 1207 while (np->rcn_node != NULL) { 1208 if (rc_notify_in_use) { 1209 (void) pthread_cond_wait(&rc_pg_notify_cv, 1210 &rc_pg_notify_lock); 1211 continue; 1212 } 1213 (void) uu_list_remove(rc_notify_list, np); 1214 np->rcn_node = NULL; 1215 break; 1216 } 1217 (void) pthread_mutex_unlock(&rc_pg_notify_lock); 1218 } 1219 1220 static void 1221 rc_notify_remove_locked(rc_notify_t *np) 1222 { 1223 assert(MUTEX_HELD(&rc_pg_notify_lock)); 1224 assert(rc_notify_in_use == 0); 1225 1226 (void) uu_list_remove(rc_notify_list, np); 1227 if (np->rcn_node) { 1228 np->rcn_node = NULL; 1229 } else if (np->rcn_delete) { 1230 uu_free(np->rcn_delete); 1231 } else { 1232 assert(0); /* CAN'T HAPPEN */ 1233 } 1234 } 1235 1236 /* 1237 * Permission checking functions. See comment atop this file. 1238 */ 1239 #ifndef NATIVE_BUILD 1240 static permcheck_t * 1241 pc_create() 1242 { 1243 permcheck_t *p; 1244 1245 p = uu_zalloc(sizeof (*p)); 1246 if (p == NULL) 1247 return (NULL); 1248 p->pc_bnum = 8; /* Normal case will only have 2 elts. */ 1249 p->pc_buckets = uu_zalloc(sizeof (*p->pc_buckets) * p->pc_bnum); 1250 if (p->pc_buckets == NULL) { 1251 uu_free(p); 1252 return (NULL); 1253 } 1254 1255 p->pc_enum = 0; 1256 return (p); 1257 } 1258 1259 static void 1260 pc_free(permcheck_t *pcp) 1261 { 1262 uint_t i; 1263 struct pc_elt *ep, *next; 1264 1265 for (i = 0; i < pcp->pc_bnum; ++i) { 1266 for (ep = pcp->pc_buckets[i]; ep != NULL; ep = next) { 1267 next = ep->pce_next; 1268 free(ep); 1269 } 1270 } 1271 1272 free(pcp->pc_buckets); 1273 free(pcp); 1274 } 1275 1276 static uint32_t 1277 pc_hash(const char *auth) 1278 { 1279 uint32_t h = 0, g; 1280 const char *p; 1281 1282 /* 1283 * Generic hash function from uts/common/os/modhash.c. 1284 */ 1285 for (p = auth; *p != '\0'; ++p) { 1286 h = (h << 4) + *p; 1287 g = (h & 0xf0000000); 1288 if (g != 0) { 1289 h ^= (g >> 24); 1290 h ^= g; 1291 } 1292 } 1293 1294 return (h); 1295 } 1296 1297 static int 1298 pc_exists(permcheck_t *pcp, const char *auth) 1299 { 1300 uint32_t h; 1301 struct pc_elt *ep; 1302 1303 h = pc_hash(auth); 1304 for (ep = pcp->pc_buckets[h & (pcp->pc_bnum - 1)]; 1305 ep != NULL; 1306 ep = ep->pce_next) { 1307 if (strcmp(auth, ep->pce_auth) == 0) { 1308 pcp->pc_auth_string = ep->pce_auth; 1309 return (1); 1310 } 1311 } 1312 1313 return (0); 1314 } 1315 1316 static int 1317 pc_match(permcheck_t *pcp, const char *pattern) 1318 { 1319 uint_t i; 1320 struct pc_elt *ep; 1321 1322 for (i = 0; i < pcp->pc_bnum; ++i) { 1323 for (ep = pcp->pc_buckets[i]; ep != NULL; ep = ep->pce_next) { 1324 if (_auth_match(pattern, ep->pce_auth)) { 1325 pcp->pc_auth_string = ep->pce_auth; 1326 return (1); 1327 } 1328 } 1329 } 1330 1331 return (0); 1332 } 1333 1334 static int 1335 pc_grow(permcheck_t *pcp) 1336 { 1337 uint_t new_bnum, i, j; 1338 struct pc_elt **new_buckets; 1339 struct pc_elt *ep, *next; 1340 1341 new_bnum = pcp->pc_bnum * 2; 1342 if (new_bnum < pcp->pc_bnum) 1343 /* Homey don't play that. */ 1344 return (-1); 1345 1346 new_buckets = uu_zalloc(sizeof (*new_buckets) * new_bnum); 1347 if (new_buckets == NULL) 1348 return (-1); 1349 1350 for (i = 0; i < pcp->pc_bnum; ++i) { 1351 for (ep = pcp->pc_buckets[i]; ep != NULL; ep = next) { 1352 next = ep->pce_next; 1353 j = pc_hash(ep->pce_auth) & (new_bnum - 1); 1354 ep->pce_next = new_buckets[j]; 1355 new_buckets[j] = ep; 1356 } 1357 } 1358 1359 uu_free(pcp->pc_buckets); 1360 pcp->pc_buckets = new_buckets; 1361 pcp->pc_bnum = new_bnum; 1362 1363 return (0); 1364 } 1365 1366 static int 1367 pc_add(permcheck_t *pcp, const char *auth, pc_auth_type_t auth_type) 1368 { 1369 struct pc_elt *ep; 1370 uint_t i; 1371 1372 ep = uu_zalloc(offsetof(struct pc_elt, pce_auth) + strlen(auth) + 1); 1373 if (ep == NULL) 1374 return (-1); 1375 1376 /* Grow if pc_enum / pc_bnum > 3/4. */ 1377 if (pcp->pc_enum * 4 > 3 * pcp->pc_bnum) 1378 /* Failure is not a stopper; we'll try again next time. */ 1379 (void) pc_grow(pcp); 1380 1381 (void) strcpy(ep->pce_auth, auth); 1382 1383 i = pc_hash(auth) & (pcp->pc_bnum - 1); 1384 ep->pce_next = pcp->pc_buckets[i]; 1385 pcp->pc_buckets[i] = ep; 1386 1387 if (auth_type > pcp->pc_specific_type) { 1388 pcp->pc_specific_type = auth_type; 1389 pcp->pc_specific = ep; 1390 } 1391 1392 ++pcp->pc_enum; 1393 1394 return (0); 1395 } 1396 1397 /* 1398 * For the type of a property group, return the authorization which may be 1399 * used to modify it. 1400 */ 1401 static const char * 1402 perm_auth_for_pgtype(const char *pgtype) 1403 { 1404 if (strcmp(pgtype, SCF_GROUP_METHOD) == 0) 1405 return (AUTH_MODIFY_PREFIX "method"); 1406 else if (strcmp(pgtype, SCF_GROUP_DEPENDENCY) == 0) 1407 return (AUTH_MODIFY_PREFIX "dependency"); 1408 else if (strcmp(pgtype, SCF_GROUP_APPLICATION) == 0) 1409 return (AUTH_MODIFY_PREFIX "application"); 1410 else if (strcmp(pgtype, SCF_GROUP_FRAMEWORK) == 0) 1411 return (AUTH_MODIFY_PREFIX "framework"); 1412 else 1413 return (NULL); 1414 } 1415 1416 /* 1417 * Fails with 1418 * _NO_RESOURCES - out of memory 1419 */ 1420 static int 1421 perm_add_enabling_type(permcheck_t *pcp, const char *auth, 1422 pc_auth_type_t auth_type) 1423 { 1424 return (pc_add(pcp, auth, auth_type) == 0 ? REP_PROTOCOL_SUCCESS : 1425 REP_PROTOCOL_FAIL_NO_RESOURCES); 1426 } 1427 1428 /* 1429 * Fails with 1430 * _NO_RESOURCES - out of memory 1431 */ 1432 static int 1433 perm_add_enabling(permcheck_t *pcp, const char *auth) 1434 { 1435 return (perm_add_enabling_type(pcp, auth, PC_AUTH_SMF)); 1436 } 1437 1438 /* Note that perm_add_enabling_values() is defined below. */ 1439 1440 /* 1441 * perm_granted() returns 1 if the current door caller has one of the enabling 1442 * authorizations in pcp, 0 if it doesn't, and -1 if an error (usually lack of 1443 * memory) occurs. check_auth_list() checks an RBAC_AUTH_SEP-separated list 1444 * of authorizations for existence in pcp, and check_prof_list() checks the 1445 * authorizations granted to an RBAC_AUTH_SEP-separated list of profiles. 1446 */ 1447 static int 1448 check_auth_list(permcheck_t *pcp, char *authlist) 1449 { 1450 char *auth, *lasts; 1451 int ret; 1452 1453 for (auth = (char *)strtok_r(authlist, RBAC_AUTH_SEP, &lasts); 1454 auth != NULL; 1455 auth = (char *)strtok_r(NULL, RBAC_AUTH_SEP, &lasts)) { 1456 if (strchr(auth, KV_WILDCHAR) == NULL) 1457 ret = pc_exists(pcp, auth); 1458 else 1459 ret = pc_match(pcp, auth); 1460 1461 if (ret) 1462 return (ret); 1463 } 1464 1465 /* 1466 * If we failed, choose the most specific auth string for use in 1467 * the audit event. 1468 */ 1469 assert(pcp->pc_specific != NULL); 1470 pcp->pc_auth_string = pcp->pc_specific->pce_auth; 1471 1472 return (0); 1473 } 1474 1475 static int 1476 check_prof_list(permcheck_t *pcp, char *proflist) 1477 { 1478 char *prof, *lasts, *authlist, *subproflist; 1479 profattr_t *pap; 1480 int ret = 0; 1481 1482 for (prof = strtok_r(proflist, RBAC_AUTH_SEP, &lasts); 1483 prof != NULL; 1484 prof = strtok_r(NULL, RBAC_AUTH_SEP, &lasts)) { 1485 pap = getprofnam(prof); 1486 if (pap == NULL) 1487 continue; 1488 1489 authlist = kva_match(pap->attr, PROFATTR_AUTHS_KW); 1490 if (authlist != NULL) 1491 ret = check_auth_list(pcp, authlist); 1492 1493 if (!ret) { 1494 subproflist = kva_match(pap->attr, PROFATTR_PROFS_KW); 1495 if (subproflist != NULL) 1496 /* depth check to avoid infinite recursion? */ 1497 ret = check_prof_list(pcp, subproflist); 1498 } 1499 1500 free_profattr(pap); 1501 if (ret) 1502 return (ret); 1503 } 1504 1505 return (ret); 1506 } 1507 1508 static int 1509 perm_granted(permcheck_t *pcp) 1510 { 1511 ucred_t *uc; 1512 1513 int ret = 0; 1514 uid_t uid; 1515 userattr_t *uap; 1516 char *authlist, *userattr_authlist, *proflist, *def_prof = NULL; 1517 struct passwd pw; 1518 char pwbuf[1024]; /* XXX should be NSS_BUFLEN_PASSWD */ 1519 1520 /* Get the uid */ 1521 if ((uc = get_ucred()) == NULL) { 1522 if (errno == EINVAL) { 1523 /* 1524 * Client is no longer waiting for our response (e.g., 1525 * it received a signal & resumed with EINTR). 1526 * Punting with door_return() would be nice but we 1527 * need to release all of the locks & references we 1528 * hold. And we must report failure to the client 1529 * layer to keep it from ignoring retries as 1530 * already-done (idempotency & all that). None of the 1531 * error codes fit very well, so we might as well 1532 * force the return of _PERMISSION_DENIED since we 1533 * couldn't determine the user. 1534 */ 1535 return (0); 1536 } 1537 assert(0); 1538 abort(); 1539 } 1540 1541 uid = ucred_geteuid(uc); 1542 assert(uid != (uid_t)-1); 1543 1544 if (getpwuid_r(uid, &pw, pwbuf, sizeof (pwbuf)) == NULL) { 1545 return (-1); 1546 } 1547 1548 /* 1549 * Get user's default authorizations from policy.conf 1550 */ 1551 ret = _get_user_defs(pw.pw_name, &authlist, &def_prof); 1552 1553 if (ret != 0) 1554 return (-1); 1555 1556 if (authlist != NULL) { 1557 ret = check_auth_list(pcp, authlist); 1558 1559 if (ret) { 1560 _free_user_defs(authlist, def_prof); 1561 return (ret); 1562 } 1563 } 1564 1565 /* 1566 * Put off checking def_prof for later in an attempt to consolidate 1567 * prof_attr accesses. 1568 */ 1569 1570 uap = getusernam(pw.pw_name); 1571 if (uap != NULL) { 1572 /* Get the authorizations from user_attr. */ 1573 userattr_authlist = kva_match(uap->attr, USERATTR_AUTHS_KW); 1574 if (userattr_authlist != NULL) { 1575 ret = check_auth_list(pcp, userattr_authlist); 1576 } 1577 } 1578 1579 if (!ret && def_prof != NULL) { 1580 /* Check generic profiles. */ 1581 ret = check_prof_list(pcp, def_prof); 1582 } 1583 1584 if (!ret && uap != NULL) { 1585 proflist = kva_match(uap->attr, USERATTR_PROFILES_KW); 1586 if (proflist != NULL) 1587 ret = check_prof_list(pcp, proflist); 1588 } 1589 1590 _free_user_defs(authlist, def_prof); 1591 if (uap != NULL) 1592 free_userattr(uap); 1593 1594 return (ret); 1595 } 1596 #endif /* NATIVE_BUILD */ 1597 1598 /* 1599 * flags in RC_NODE_WAITING_FLAGS are broadcast when unset, and are used to 1600 * serialize certain actions, and to wait for certain operations to complete 1601 * 1602 * The waiting flags are: 1603 * RC_NODE_CHILDREN_CHANGING 1604 * The child list is being built or changed (due to creation 1605 * or deletion). All iterators pause. 1606 * 1607 * RC_NODE_USING_PARENT 1608 * Someone is actively using the parent pointer, so we can't 1609 * be removed from the parent list. 1610 * 1611 * RC_NODE_CREATING_CHILD 1612 * A child is being created -- locks out other creations, to 1613 * prevent insert-insert races. 1614 * 1615 * RC_NODE_IN_TX 1616 * This object is running a transaction. 1617 * 1618 * RC_NODE_DYING 1619 * This node might be dying. Always set as a set, using 1620 * RC_NODE_DYING_FLAGS (which is everything but 1621 * RC_NODE_USING_PARENT) 1622 */ 1623 static int 1624 rc_node_hold_flag(rc_node_t *np, uint32_t flag) 1625 { 1626 assert(MUTEX_HELD(&np->rn_lock)); 1627 assert((flag & ~RC_NODE_WAITING_FLAGS) == 0); 1628 1629 while (!(np->rn_flags & RC_NODE_DEAD) && (np->rn_flags & flag)) { 1630 (void) pthread_cond_wait(&np->rn_cv, &np->rn_lock); 1631 } 1632 if (np->rn_flags & RC_NODE_DEAD) 1633 return (0); 1634 1635 np->rn_flags |= flag; 1636 return (1); 1637 } 1638 1639 static void 1640 rc_node_rele_flag(rc_node_t *np, uint32_t flag) 1641 { 1642 assert((flag & ~RC_NODE_WAITING_FLAGS) == 0); 1643 assert(MUTEX_HELD(&np->rn_lock)); 1644 assert((np->rn_flags & flag) == flag); 1645 np->rn_flags &= ~flag; 1646 (void) pthread_cond_broadcast(&np->rn_cv); 1647 } 1648 1649 /* 1650 * wait until a particular flag has cleared. Fails if the object dies. 1651 */ 1652 static int 1653 rc_node_wait_flag(rc_node_t *np, uint32_t flag) 1654 { 1655 assert(MUTEX_HELD(&np->rn_lock)); 1656 while (!(np->rn_flags & RC_NODE_DEAD) && (np->rn_flags & flag)) 1657 (void) pthread_cond_wait(&np->rn_cv, &np->rn_lock); 1658 1659 return (!(np->rn_flags & RC_NODE_DEAD)); 1660 } 1661 1662 /* 1663 * On entry, np's lock must be held, and this thread must be holding 1664 * RC_NODE_USING_PARENT. On return, both of them are released. 1665 * 1666 * If the return value is NULL, np either does not have a parent, or 1667 * the parent has been marked DEAD. 1668 * 1669 * If the return value is non-NULL, it is the parent of np, and both 1670 * its lock and the requested flags are held. 1671 */ 1672 static rc_node_t * 1673 rc_node_hold_parent_flag(rc_node_t *np, uint32_t flag) 1674 { 1675 rc_node_t *pp; 1676 1677 assert(MUTEX_HELD(&np->rn_lock)); 1678 assert(np->rn_flags & RC_NODE_USING_PARENT); 1679 1680 if ((pp = np->rn_parent) == NULL) { 1681 rc_node_rele_flag(np, RC_NODE_USING_PARENT); 1682 (void) pthread_mutex_unlock(&np->rn_lock); 1683 return (NULL); 1684 } 1685 (void) pthread_mutex_unlock(&np->rn_lock); 1686 1687 (void) pthread_mutex_lock(&pp->rn_lock); 1688 (void) pthread_mutex_lock(&np->rn_lock); 1689 rc_node_rele_flag(np, RC_NODE_USING_PARENT); 1690 (void) pthread_mutex_unlock(&np->rn_lock); 1691 1692 if (!rc_node_hold_flag(pp, flag)) { 1693 (void) pthread_mutex_unlock(&pp->rn_lock); 1694 return (NULL); 1695 } 1696 return (pp); 1697 } 1698 1699 rc_node_t * 1700 rc_node_alloc(void) 1701 { 1702 rc_node_t *np = uu_zalloc(sizeof (*np)); 1703 1704 if (np == NULL) 1705 return (NULL); 1706 1707 (void) pthread_mutex_init(&np->rn_lock, NULL); 1708 (void) pthread_cond_init(&np->rn_cv, NULL); 1709 1710 np->rn_children = uu_list_create(rc_children_pool, np, 0); 1711 np->rn_pg_notify_list = uu_list_create(rc_pg_notify_pool, np, 0); 1712 1713 uu_list_node_init(np, &np->rn_sibling_node, rc_children_pool); 1714 1715 uu_list_node_init(&np->rn_notify, &np->rn_notify.rcn_list_node, 1716 rc_notify_pool); 1717 1718 return (np); 1719 } 1720 1721 void 1722 rc_node_destroy(rc_node_t *np) 1723 { 1724 int i; 1725 1726 if (np->rn_flags & RC_NODE_UNREFED) 1727 return; /* being handled elsewhere */ 1728 1729 assert(np->rn_refs == 0 && np->rn_other_refs == 0); 1730 assert(np->rn_former == NULL); 1731 1732 if (np->rn_id.rl_type == REP_PROTOCOL_ENTITY_CPROPERTYGRP) { 1733 /* Release the holds from rc_iter_next(). */ 1734 for (i = 0; i < COMPOSITION_DEPTH; ++i) { 1735 /* rn_cchain[i] may be NULL for empty snapshots. */ 1736 if (np->rn_cchain[i] != NULL) 1737 rc_node_rele(np->rn_cchain[i]); 1738 } 1739 } 1740 1741 if (np->rn_name != NULL) 1742 free((void *)np->rn_name); 1743 np->rn_name = NULL; 1744 if (np->rn_type != NULL) 1745 free((void *)np->rn_type); 1746 np->rn_type = NULL; 1747 if (np->rn_values != NULL) 1748 object_free_values(np->rn_values, np->rn_valtype, 1749 np->rn_values_count, np->rn_values_size); 1750 np->rn_values = NULL; 1751 rc_node_free_fmri(np); 1752 1753 if (np->rn_snaplevel != NULL) 1754 rc_snaplevel_rele(np->rn_snaplevel); 1755 np->rn_snaplevel = NULL; 1756 1757 uu_list_node_fini(np, &np->rn_sibling_node, rc_children_pool); 1758 1759 uu_list_node_fini(&np->rn_notify, &np->rn_notify.rcn_list_node, 1760 rc_notify_pool); 1761 1762 assert(uu_list_first(np->rn_children) == NULL); 1763 uu_list_destroy(np->rn_children); 1764 uu_list_destroy(np->rn_pg_notify_list); 1765 1766 (void) pthread_mutex_destroy(&np->rn_lock); 1767 (void) pthread_cond_destroy(&np->rn_cv); 1768 1769 uu_free(np); 1770 } 1771 1772 /* 1773 * Link in a child node. 1774 * 1775 * Because of the lock ordering, cp has to already be in the hash table with 1776 * its lock dropped before we get it. To prevent anyone from noticing that 1777 * it is parentless, the creation code sets the RC_NODE_USING_PARENT. Once 1778 * we've linked it in, we release the flag. 1779 */ 1780 static void 1781 rc_node_link_child(rc_node_t *np, rc_node_t *cp) 1782 { 1783 assert(!MUTEX_HELD(&np->rn_lock)); 1784 assert(!MUTEX_HELD(&cp->rn_lock)); 1785 1786 (void) pthread_mutex_lock(&np->rn_lock); 1787 (void) pthread_mutex_lock(&cp->rn_lock); 1788 assert(!(cp->rn_flags & RC_NODE_IN_PARENT) && 1789 (cp->rn_flags & RC_NODE_USING_PARENT)); 1790 1791 assert(rc_check_parent_child(np->rn_id.rl_type, cp->rn_id.rl_type) == 1792 REP_PROTOCOL_SUCCESS); 1793 1794 cp->rn_parent = np; 1795 cp->rn_flags |= RC_NODE_IN_PARENT; 1796 (void) uu_list_insert_before(np->rn_children, NULL, cp); 1797 (void) rc_node_build_fmri(cp); 1798 1799 (void) pthread_mutex_unlock(&np->rn_lock); 1800 1801 rc_node_rele_flag(cp, RC_NODE_USING_PARENT); 1802 (void) pthread_mutex_unlock(&cp->rn_lock); 1803 } 1804 1805 /* 1806 * Sets the rn_parent_ref field of all the children of np to pp -- always 1807 * initially invoked as rc_node_setup_parent_ref(np, np), we then recurse. 1808 * 1809 * This is used when we mark a node RC_NODE_OLD, so that when the object and 1810 * its children are no longer referenced, they will all be deleted as a unit. 1811 */ 1812 static void 1813 rc_node_setup_parent_ref(rc_node_t *np, rc_node_t *pp) 1814 { 1815 rc_node_t *cp; 1816 1817 assert(MUTEX_HELD(&np->rn_lock)); 1818 1819 for (cp = uu_list_first(np->rn_children); cp != NULL; 1820 cp = uu_list_next(np->rn_children, cp)) { 1821 (void) pthread_mutex_lock(&cp->rn_lock); 1822 if (cp->rn_flags & RC_NODE_PARENT_REF) { 1823 assert(cp->rn_parent_ref == pp); 1824 } else { 1825 assert(cp->rn_parent_ref == NULL); 1826 1827 cp->rn_flags |= RC_NODE_PARENT_REF; 1828 cp->rn_parent_ref = pp; 1829 if (cp->rn_refs != 0) 1830 rc_node_hold_other(pp); 1831 } 1832 rc_node_setup_parent_ref(cp, pp); /* recurse */ 1833 (void) pthread_mutex_unlock(&cp->rn_lock); 1834 } 1835 } 1836 1837 /* 1838 * Atomically replace 'np' with 'newp', with a parent of 'pp'. 1839 * 1840 * Requirements: 1841 * *no* node locks may be held. 1842 * pp must be held with RC_NODE_CHILDREN_CHANGING 1843 * newp and np must be held with RC_NODE_IN_TX 1844 * np must be marked RC_NODE_IN_PARENT, newp must not be 1845 * np must be marked RC_NODE_OLD 1846 * 1847 * Afterwards: 1848 * pp's RC_NODE_CHILDREN_CHANGING is dropped 1849 * newp and np's RC_NODE_IN_TX is dropped 1850 * newp->rn_former = np; 1851 * newp is RC_NODE_IN_PARENT, np is not. 1852 * interested notify subscribers have been notified of newp's new status. 1853 */ 1854 static void 1855 rc_node_relink_child(rc_node_t *pp, rc_node_t *np, rc_node_t *newp) 1856 { 1857 cache_bucket_t *bp; 1858 /* 1859 * First, swap np and nnp in the cache. newp's RC_NODE_IN_TX flag 1860 * keeps rc_node_update() from seeing it until we are done. 1861 */ 1862 bp = cache_hold(newp->rn_hash); 1863 cache_remove_unlocked(bp, np); 1864 cache_insert_unlocked(bp, newp); 1865 cache_release(bp); 1866 1867 /* 1868 * replace np with newp in pp's list, and attach it to newp's rn_former 1869 * link. 1870 */ 1871 (void) pthread_mutex_lock(&pp->rn_lock); 1872 assert(pp->rn_flags & RC_NODE_CHILDREN_CHANGING); 1873 1874 (void) pthread_mutex_lock(&newp->rn_lock); 1875 assert(!(newp->rn_flags & RC_NODE_IN_PARENT)); 1876 assert(newp->rn_flags & RC_NODE_IN_TX); 1877 1878 (void) pthread_mutex_lock(&np->rn_lock); 1879 assert(np->rn_flags & RC_NODE_IN_PARENT); 1880 assert(np->rn_flags & RC_NODE_OLD); 1881 assert(np->rn_flags & RC_NODE_IN_TX); 1882 1883 newp->rn_parent = pp; 1884 newp->rn_flags |= RC_NODE_IN_PARENT; 1885 1886 /* 1887 * Note that we carefully add newp before removing np -- this 1888 * keeps iterators on the list from missing us. 1889 */ 1890 (void) uu_list_insert_after(pp->rn_children, np, newp); 1891 (void) rc_node_build_fmri(newp); 1892 (void) uu_list_remove(pp->rn_children, np); 1893 1894 /* 1895 * re-set np 1896 */ 1897 newp->rn_former = np; 1898 np->rn_parent = NULL; 1899 np->rn_flags &= ~RC_NODE_IN_PARENT; 1900 np->rn_flags |= RC_NODE_ON_FORMER; 1901 1902 rc_notify_insert_node(newp); 1903 1904 rc_node_rele_flag(pp, RC_NODE_CHILDREN_CHANGING); 1905 (void) pthread_mutex_unlock(&pp->rn_lock); 1906 rc_node_rele_flag(newp, RC_NODE_USING_PARENT | RC_NODE_IN_TX); 1907 (void) pthread_mutex_unlock(&newp->rn_lock); 1908 rc_node_setup_parent_ref(np, np); 1909 rc_node_rele_flag(np, RC_NODE_IN_TX); 1910 (void) pthread_mutex_unlock(&np->rn_lock); 1911 } 1912 1913 /* 1914 * makes sure a node with lookup 'nip', name 'name', and parent 'pp' exists. 1915 * 'cp' is used (and returned) if the node does not yet exist. If it does 1916 * exist, 'cp' is freed, and the existent node is returned instead. 1917 */ 1918 rc_node_t * 1919 rc_node_setup(rc_node_t *cp, rc_node_lookup_t *nip, const char *name, 1920 rc_node_t *pp) 1921 { 1922 rc_node_t *np; 1923 cache_bucket_t *bp; 1924 uint32_t h = rc_node_hash(nip); 1925 1926 assert(cp->rn_refs == 0); 1927 1928 bp = cache_hold(h); 1929 if ((np = cache_lookup_unlocked(bp, nip)) != NULL) { 1930 cache_release(bp); 1931 1932 /* 1933 * make sure it matches our expectations 1934 */ 1935 (void) pthread_mutex_lock(&np->rn_lock); 1936 if (rc_node_hold_flag(np, RC_NODE_USING_PARENT)) { 1937 assert(np->rn_parent == pp); 1938 assert(memcmp(&np->rn_id, nip, sizeof (*nip)) == 0); 1939 assert(strcmp(np->rn_name, name) == 0); 1940 assert(np->rn_type == NULL); 1941 assert(np->rn_flags & RC_NODE_IN_PARENT); 1942 rc_node_rele_flag(np, RC_NODE_USING_PARENT); 1943 } 1944 (void) pthread_mutex_unlock(&np->rn_lock); 1945 1946 rc_node_destroy(cp); 1947 return (np); 1948 } 1949 1950 /* 1951 * No one is there -- create a new node. 1952 */ 1953 np = cp; 1954 rc_node_hold(np); 1955 np->rn_id = *nip; 1956 np->rn_hash = h; 1957 np->rn_name = strdup(name); 1958 1959 np->rn_flags |= RC_NODE_USING_PARENT; 1960 1961 if (np->rn_id.rl_type == REP_PROTOCOL_ENTITY_INSTANCE) { 1962 #if COMPOSITION_DEPTH == 2 1963 np->rn_cchain[0] = np; 1964 np->rn_cchain[1] = pp; 1965 #else 1966 #error This code must be updated. 1967 #endif 1968 } 1969 1970 cache_insert_unlocked(bp, np); 1971 cache_release(bp); /* we are now visible */ 1972 1973 rc_node_link_child(pp, np); 1974 1975 return (np); 1976 } 1977 1978 /* 1979 * makes sure a snapshot with lookup 'nip', name 'name', and parent 'pp' exists. 1980 * 'cp' is used (and returned) if the node does not yet exist. If it does 1981 * exist, 'cp' is freed, and the existent node is returned instead. 1982 */ 1983 rc_node_t * 1984 rc_node_setup_snapshot(rc_node_t *cp, rc_node_lookup_t *nip, const char *name, 1985 uint32_t snap_id, rc_node_t *pp) 1986 { 1987 rc_node_t *np; 1988 cache_bucket_t *bp; 1989 uint32_t h = rc_node_hash(nip); 1990 1991 assert(cp->rn_refs == 0); 1992 1993 bp = cache_hold(h); 1994 if ((np = cache_lookup_unlocked(bp, nip)) != NULL) { 1995 cache_release(bp); 1996 1997 /* 1998 * make sure it matches our expectations 1999 */ 2000 (void) pthread_mutex_lock(&np->rn_lock); 2001 if (rc_node_hold_flag(np, RC_NODE_USING_PARENT)) { 2002 assert(np->rn_parent == pp); 2003 assert(memcmp(&np->rn_id, nip, sizeof (*nip)) == 0); 2004 assert(strcmp(np->rn_name, name) == 0); 2005 assert(np->rn_type == NULL); 2006 assert(np->rn_flags & RC_NODE_IN_PARENT); 2007 rc_node_rele_flag(np, RC_NODE_USING_PARENT); 2008 } 2009 (void) pthread_mutex_unlock(&np->rn_lock); 2010 2011 rc_node_destroy(cp); 2012 return (np); 2013 } 2014 2015 /* 2016 * No one is there -- create a new node. 2017 */ 2018 np = cp; 2019 rc_node_hold(np); 2020 np->rn_id = *nip; 2021 np->rn_hash = h; 2022 np->rn_name = strdup(name); 2023 np->rn_snapshot_id = snap_id; 2024 2025 np->rn_flags |= RC_NODE_USING_PARENT; 2026 2027 cache_insert_unlocked(bp, np); 2028 cache_release(bp); /* we are now visible */ 2029 2030 rc_node_link_child(pp, np); 2031 2032 return (np); 2033 } 2034 2035 /* 2036 * makes sure a snaplevel with lookup 'nip' and parent 'pp' exists. 'cp' is 2037 * used (and returned) if the node does not yet exist. If it does exist, 'cp' 2038 * is freed, and the existent node is returned instead. 2039 */ 2040 rc_node_t * 2041 rc_node_setup_snaplevel(rc_node_t *cp, rc_node_lookup_t *nip, 2042 rc_snaplevel_t *lvl, rc_node_t *pp) 2043 { 2044 rc_node_t *np; 2045 cache_bucket_t *bp; 2046 uint32_t h = rc_node_hash(nip); 2047 2048 assert(cp->rn_refs == 0); 2049 2050 bp = cache_hold(h); 2051 if ((np = cache_lookup_unlocked(bp, nip)) != NULL) { 2052 cache_release(bp); 2053 2054 /* 2055 * make sure it matches our expectations 2056 */ 2057 (void) pthread_mutex_lock(&np->rn_lock); 2058 if (rc_node_hold_flag(np, RC_NODE_USING_PARENT)) { 2059 assert(np->rn_parent == pp); 2060 assert(memcmp(&np->rn_id, nip, sizeof (*nip)) == 0); 2061 assert(np->rn_name == NULL); 2062 assert(np->rn_type == NULL); 2063 assert(np->rn_flags & RC_NODE_IN_PARENT); 2064 rc_node_rele_flag(np, RC_NODE_USING_PARENT); 2065 } 2066 (void) pthread_mutex_unlock(&np->rn_lock); 2067 2068 rc_node_destroy(cp); 2069 return (np); 2070 } 2071 2072 /* 2073 * No one is there -- create a new node. 2074 */ 2075 np = cp; 2076 rc_node_hold(np); /* released in snapshot_fill_children() */ 2077 np->rn_id = *nip; 2078 np->rn_hash = h; 2079 2080 rc_snaplevel_hold(lvl); 2081 np->rn_snaplevel = lvl; 2082 2083 np->rn_flags |= RC_NODE_USING_PARENT; 2084 2085 cache_insert_unlocked(bp, np); 2086 cache_release(bp); /* we are now visible */ 2087 2088 /* Add this snaplevel to the snapshot's composition chain. */ 2089 assert(pp->rn_cchain[lvl->rsl_level_num - 1] == NULL); 2090 pp->rn_cchain[lvl->rsl_level_num - 1] = np; 2091 2092 rc_node_link_child(pp, np); 2093 2094 return (np); 2095 } 2096 2097 /* 2098 * Returns NULL if strdup() fails. 2099 */ 2100 rc_node_t * 2101 rc_node_setup_pg(rc_node_t *cp, rc_node_lookup_t *nip, const char *name, 2102 const char *type, uint32_t flags, uint32_t gen_id, rc_node_t *pp) 2103 { 2104 rc_node_t *np; 2105 cache_bucket_t *bp; 2106 2107 uint32_t h = rc_node_hash(nip); 2108 bp = cache_hold(h); 2109 if ((np = cache_lookup_unlocked(bp, nip)) != NULL) { 2110 cache_release(bp); 2111 2112 /* 2113 * make sure it matches our expectations (don't check 2114 * the generation number or parent, since someone could 2115 * have gotten a transaction through while we weren't 2116 * looking) 2117 */ 2118 (void) pthread_mutex_lock(&np->rn_lock); 2119 if (rc_node_hold_flag(np, RC_NODE_USING_PARENT)) { 2120 assert(memcmp(&np->rn_id, nip, sizeof (*nip)) == 0); 2121 assert(strcmp(np->rn_name, name) == 0); 2122 assert(strcmp(np->rn_type, type) == 0); 2123 assert(np->rn_pgflags == flags); 2124 assert(np->rn_flags & RC_NODE_IN_PARENT); 2125 rc_node_rele_flag(np, RC_NODE_USING_PARENT); 2126 } 2127 (void) pthread_mutex_unlock(&np->rn_lock); 2128 2129 rc_node_destroy(cp); 2130 return (np); 2131 } 2132 2133 np = cp; 2134 rc_node_hold(np); /* released in fill_pg_callback() */ 2135 np->rn_id = *nip; 2136 np->rn_hash = h; 2137 np->rn_name = strdup(name); 2138 if (np->rn_name == NULL) { 2139 rc_node_rele(np); 2140 return (NULL); 2141 } 2142 np->rn_type = strdup(type); 2143 if (np->rn_type == NULL) { 2144 free((void *)np->rn_name); 2145 rc_node_rele(np); 2146 return (NULL); 2147 } 2148 np->rn_pgflags = flags; 2149 np->rn_gen_id = gen_id; 2150 2151 np->rn_flags |= RC_NODE_USING_PARENT; 2152 2153 cache_insert_unlocked(bp, np); 2154 cache_release(bp); /* we are now visible */ 2155 2156 rc_node_link_child(pp, np); 2157 2158 return (np); 2159 } 2160 2161 #if COMPOSITION_DEPTH == 2 2162 /* 2163 * Initialize a "composed property group" which represents the composition of 2164 * property groups pg1 & pg2. It is ephemeral: once created & returned for an 2165 * ITER_READ request, keeping it out of cache_hash and any child lists 2166 * prevents it from being looked up. Operations besides iteration are passed 2167 * through to pg1. 2168 * 2169 * pg1 & pg2 should be held before entering this function. They will be 2170 * released in rc_node_destroy(). 2171 */ 2172 static int 2173 rc_node_setup_cpg(rc_node_t *cpg, rc_node_t *pg1, rc_node_t *pg2) 2174 { 2175 if (strcmp(pg1->rn_type, pg2->rn_type) != 0) 2176 return (REP_PROTOCOL_FAIL_TYPE_MISMATCH); 2177 2178 cpg->rn_id.rl_type = REP_PROTOCOL_ENTITY_CPROPERTYGRP; 2179 cpg->rn_name = strdup(pg1->rn_name); 2180 if (cpg->rn_name == NULL) 2181 return (REP_PROTOCOL_FAIL_NO_RESOURCES); 2182 2183 cpg->rn_cchain[0] = pg1; 2184 cpg->rn_cchain[1] = pg2; 2185 2186 return (REP_PROTOCOL_SUCCESS); 2187 } 2188 #else 2189 #error This code must be updated. 2190 #endif 2191 2192 /* 2193 * Fails with _NO_RESOURCES. 2194 */ 2195 int 2196 rc_node_create_property(rc_node_t *pp, rc_node_lookup_t *nip, 2197 const char *name, rep_protocol_value_type_t type, 2198 const char *vals, size_t count, size_t size) 2199 { 2200 rc_node_t *np; 2201 cache_bucket_t *bp; 2202 2203 uint32_t h = rc_node_hash(nip); 2204 bp = cache_hold(h); 2205 if ((np = cache_lookup_unlocked(bp, nip)) != NULL) { 2206 cache_release(bp); 2207 /* 2208 * make sure it matches our expectations 2209 */ 2210 (void) pthread_mutex_lock(&np->rn_lock); 2211 if (rc_node_hold_flag(np, RC_NODE_USING_PARENT)) { 2212 assert(np->rn_parent == pp); 2213 assert(memcmp(&np->rn_id, nip, sizeof (*nip)) == 0); 2214 assert(strcmp(np->rn_name, name) == 0); 2215 assert(np->rn_valtype == type); 2216 assert(np->rn_values_count == count); 2217 assert(np->rn_values_size == size); 2218 assert(vals == NULL || 2219 memcmp(np->rn_values, vals, size) == 0); 2220 assert(np->rn_flags & RC_NODE_IN_PARENT); 2221 rc_node_rele_flag(np, RC_NODE_USING_PARENT); 2222 } 2223 rc_node_rele_locked(np); 2224 object_free_values(vals, type, count, size); 2225 return (REP_PROTOCOL_SUCCESS); 2226 } 2227 2228 /* 2229 * No one is there -- create a new node. 2230 */ 2231 np = rc_node_alloc(); 2232 if (np == NULL) { 2233 cache_release(bp); 2234 object_free_values(vals, type, count, size); 2235 return (REP_PROTOCOL_FAIL_NO_RESOURCES); 2236 } 2237 np->rn_id = *nip; 2238 np->rn_hash = h; 2239 np->rn_name = strdup(name); 2240 if (np->rn_name == NULL) { 2241 cache_release(bp); 2242 object_free_values(vals, type, count, size); 2243 return (REP_PROTOCOL_FAIL_NO_RESOURCES); 2244 } 2245 2246 np->rn_valtype = type; 2247 np->rn_values = vals; 2248 np->rn_values_count = count; 2249 np->rn_values_size = size; 2250 2251 np->rn_flags |= RC_NODE_USING_PARENT; 2252 2253 cache_insert_unlocked(bp, np); 2254 cache_release(bp); /* we are now visible */ 2255 2256 rc_node_link_child(pp, np); 2257 2258 return (REP_PROTOCOL_SUCCESS); 2259 } 2260 2261 /* 2262 * This function implements a decision table to determine the event ID for 2263 * changes to the enabled (SCF_PROPERTY_ENABLED) property. The event ID is 2264 * determined by the value of the first property in the command specified 2265 * by cmd_no and the name of the property group. Here is the decision 2266 * table: 2267 * 2268 * Property Group Name 2269 * Property ------------------------------------------ 2270 * Value SCF_PG_GENERAL SCF_PG_GENERAL_OVR 2271 * -------- -------------- ------------------ 2272 * "0" ADT_smf_disable ADT_smf_tmp_disable 2273 * "1" ADT_smf_enable ADT_smf_tmp_enable 2274 * 2275 * This function is called by special_property_event through a function 2276 * pointer in the special_props_list array. 2277 * 2278 * Since the ADT_smf_* symbols may not be defined in the build machine's 2279 * include files, this function is not compiled when doing native builds. 2280 */ 2281 #ifndef NATIVE_BUILD 2282 static int 2283 general_enable_id(tx_commit_data_t *tx_data, size_t cmd_no, const char *pg, 2284 au_event_t *event_id) 2285 { 2286 const char *value; 2287 uint32_t nvalues; 2288 int enable; 2289 2290 /* 2291 * First, check property value. 2292 */ 2293 if (tx_cmd_nvalues(tx_data, cmd_no, &nvalues) != REP_PROTOCOL_SUCCESS) 2294 return (-1); 2295 if (nvalues == 0) 2296 return (-1); 2297 if (tx_cmd_value(tx_data, cmd_no, 0, &value) != REP_PROTOCOL_SUCCESS) 2298 return (-1); 2299 if (strcmp(value, "0") == 0) { 2300 enable = 0; 2301 } else if (strcmp(value, "1") == 0) { 2302 enable = 1; 2303 } else { 2304 return (-1); 2305 } 2306 2307 /* 2308 * Now check property group name. 2309 */ 2310 if (strcmp(pg, SCF_PG_GENERAL) == 0) { 2311 *event_id = enable ? ADT_smf_enable : ADT_smf_disable; 2312 return (0); 2313 } else if (strcmp(pg, SCF_PG_GENERAL_OVR) == 0) { 2314 *event_id = enable ? ADT_smf_tmp_enable : ADT_smf_tmp_disable; 2315 return (0); 2316 } 2317 return (-1); 2318 } 2319 #endif /* NATIVE_BUILD */ 2320 2321 /* 2322 * This function compares two audit_special_prop_item_t structures 2323 * represented by item1 and item2. It returns an integer greater than 0 if 2324 * item1 is greater than item2. It returns 0 if they are equal and an 2325 * integer less than 0 if item1 is less than item2. api_prop_name and 2326 * api_pg_name are the key fields for sorting. 2327 * 2328 * This function is suitable for calls to bsearch(3C) and qsort(3C). 2329 */ 2330 static int 2331 special_prop_compare(const void *item1, const void *item2) 2332 { 2333 const audit_special_prop_item_t *a = (audit_special_prop_item_t *)item1; 2334 const audit_special_prop_item_t *b = (audit_special_prop_item_t *)item2; 2335 int r; 2336 2337 r = strcmp(a->api_prop_name, b->api_prop_name); 2338 if (r == 0) { 2339 /* 2340 * Primary keys are the same, so check the secondary key. 2341 */ 2342 r = strcmp(a->api_pg_name, b->api_pg_name); 2343 } 2344 return (r); 2345 } 2346 2347 int 2348 rc_node_init(void) 2349 { 2350 rc_node_t *np; 2351 cache_bucket_t *bp; 2352 2353 rc_children_pool = uu_list_pool_create("rc_children_pool", 2354 sizeof (rc_node_t), offsetof(rc_node_t, rn_sibling_node), 2355 NULL, UU_LIST_POOL_DEBUG); 2356 2357 rc_pg_notify_pool = uu_list_pool_create("rc_pg_notify_pool", 2358 sizeof (rc_node_pg_notify_t), 2359 offsetof(rc_node_pg_notify_t, rnpn_node), 2360 NULL, UU_LIST_POOL_DEBUG); 2361 2362 rc_notify_pool = uu_list_pool_create("rc_notify_pool", 2363 sizeof (rc_notify_t), offsetof(rc_notify_t, rcn_list_node), 2364 NULL, UU_LIST_POOL_DEBUG); 2365 2366 rc_notify_info_pool = uu_list_pool_create("rc_notify_info_pool", 2367 sizeof (rc_notify_info_t), 2368 offsetof(rc_notify_info_t, rni_list_node), 2369 NULL, UU_LIST_POOL_DEBUG); 2370 2371 if (rc_children_pool == NULL || rc_pg_notify_pool == NULL || 2372 rc_notify_pool == NULL || rc_notify_info_pool == NULL) 2373 uu_die("out of memory"); 2374 2375 rc_notify_list = uu_list_create(rc_notify_pool, 2376 &rc_notify_list, 0); 2377 2378 rc_notify_info_list = uu_list_create(rc_notify_info_pool, 2379 &rc_notify_info_list, 0); 2380 2381 if (rc_notify_list == NULL || rc_notify_info_list == NULL) 2382 uu_die("out of memory"); 2383 2384 /* 2385 * Sort the special_props_list array so that it can be searched 2386 * with bsearch(3C). 2387 * 2388 * The special_props_list array is not compiled into the native 2389 * build code, so there is no need to call qsort if NATIVE_BUILD is 2390 * defined. 2391 */ 2392 #ifndef NATIVE_BUILD 2393 qsort(special_props_list, SPECIAL_PROP_COUNT, 2394 sizeof (special_props_list[0]), special_prop_compare); 2395 #endif /* NATIVE_BUILD */ 2396 2397 if ((np = rc_node_alloc()) == NULL) 2398 uu_die("out of memory"); 2399 2400 rc_node_hold(np); 2401 np->rn_id.rl_type = REP_PROTOCOL_ENTITY_SCOPE; 2402 np->rn_id.rl_backend = BACKEND_TYPE_NORMAL; 2403 np->rn_hash = rc_node_hash(&np->rn_id); 2404 np->rn_name = "localhost"; 2405 2406 bp = cache_hold(np->rn_hash); 2407 cache_insert_unlocked(bp, np); 2408 cache_release(bp); 2409 2410 rc_scope = np; 2411 return (1); 2412 } 2413 2414 /* 2415 * Fails with 2416 * _INVALID_TYPE - type is invalid 2417 * _TYPE_MISMATCH - np doesn't carry children of type type 2418 * _DELETED - np has been deleted 2419 * _NO_RESOURCES 2420 */ 2421 static int 2422 rc_node_fill_children(rc_node_t *np, uint32_t type) 2423 { 2424 int rc; 2425 2426 assert(MUTEX_HELD(&np->rn_lock)); 2427 2428 if ((rc = rc_check_parent_child(np->rn_id.rl_type, type)) != 2429 REP_PROTOCOL_SUCCESS) 2430 return (rc); 2431 2432 if (!rc_node_hold_flag(np, RC_NODE_CHILDREN_CHANGING)) 2433 return (REP_PROTOCOL_FAIL_DELETED); 2434 2435 if (np->rn_flags & RC_NODE_HAS_CHILDREN) { 2436 rc_node_rele_flag(np, RC_NODE_CHILDREN_CHANGING); 2437 return (REP_PROTOCOL_SUCCESS); 2438 } 2439 2440 (void) pthread_mutex_unlock(&np->rn_lock); 2441 rc = object_fill_children(np); 2442 (void) pthread_mutex_lock(&np->rn_lock); 2443 2444 if (rc == REP_PROTOCOL_SUCCESS) { 2445 np->rn_flags |= RC_NODE_HAS_CHILDREN; 2446 } 2447 rc_node_rele_flag(np, RC_NODE_CHILDREN_CHANGING); 2448 2449 return (rc); 2450 } 2451 2452 /* 2453 * Returns 2454 * _INVALID_TYPE - type is invalid 2455 * _TYPE_MISMATCH - np doesn't carry children of type type 2456 * _DELETED - np has been deleted 2457 * _NO_RESOURCES 2458 * _SUCCESS - if *cpp is not NULL, it is held 2459 */ 2460 static int 2461 rc_node_find_named_child(rc_node_t *np, const char *name, uint32_t type, 2462 rc_node_t **cpp) 2463 { 2464 int ret; 2465 rc_node_t *cp; 2466 2467 assert(MUTEX_HELD(&np->rn_lock)); 2468 assert(np->rn_id.rl_type != REP_PROTOCOL_ENTITY_CPROPERTYGRP); 2469 2470 ret = rc_node_fill_children(np, type); 2471 if (ret != REP_PROTOCOL_SUCCESS) 2472 return (ret); 2473 2474 for (cp = uu_list_first(np->rn_children); 2475 cp != NULL; 2476 cp = uu_list_next(np->rn_children, cp)) { 2477 if (cp->rn_id.rl_type == type && strcmp(cp->rn_name, name) == 0) 2478 break; 2479 } 2480 2481 if (cp != NULL) 2482 rc_node_hold(cp); 2483 *cpp = cp; 2484 2485 return (REP_PROTOCOL_SUCCESS); 2486 } 2487 2488 static int rc_node_parent(rc_node_t *, rc_node_t **); 2489 2490 /* 2491 * Returns 2492 * _INVALID_TYPE - type is invalid 2493 * _DELETED - np or an ancestor has been deleted 2494 * _NOT_FOUND - no ancestor of specified type exists 2495 * _SUCCESS - *app is held 2496 */ 2497 static int 2498 rc_node_find_ancestor(rc_node_t *np, uint32_t type, rc_node_t **app) 2499 { 2500 int ret; 2501 rc_node_t *parent, *np_orig; 2502 2503 if (type >= REP_PROTOCOL_ENTITY_MAX) 2504 return (REP_PROTOCOL_FAIL_INVALID_TYPE); 2505 2506 np_orig = np; 2507 2508 while (np->rn_id.rl_type > type) { 2509 ret = rc_node_parent(np, &parent); 2510 if (np != np_orig) 2511 rc_node_rele(np); 2512 if (ret != REP_PROTOCOL_SUCCESS) 2513 return (ret); 2514 np = parent; 2515 } 2516 2517 if (np->rn_id.rl_type == type) { 2518 *app = parent; 2519 return (REP_PROTOCOL_SUCCESS); 2520 } 2521 2522 return (REP_PROTOCOL_FAIL_NOT_FOUND); 2523 } 2524 2525 #ifndef NATIVE_BUILD 2526 /* 2527 * If the propname property exists in pg, and it is of type string, add its 2528 * values as authorizations to pcp. pg must not be locked on entry, and it is 2529 * returned unlocked. Returns 2530 * _DELETED - pg was deleted 2531 * _NO_RESOURCES 2532 * _NOT_FOUND - pg has no property named propname 2533 * _SUCCESS 2534 */ 2535 static int 2536 perm_add_pg_prop_values(permcheck_t *pcp, rc_node_t *pg, const char *propname) 2537 { 2538 rc_node_t *prop; 2539 int result; 2540 2541 uint_t count; 2542 const char *cp; 2543 2544 assert(!MUTEX_HELD(&pg->rn_lock)); 2545 assert(pg->rn_id.rl_type == REP_PROTOCOL_ENTITY_PROPERTYGRP); 2546 2547 (void) pthread_mutex_lock(&pg->rn_lock); 2548 result = rc_node_find_named_child(pg, propname, 2549 REP_PROTOCOL_ENTITY_PROPERTY, &prop); 2550 (void) pthread_mutex_unlock(&pg->rn_lock); 2551 if (result != REP_PROTOCOL_SUCCESS) { 2552 switch (result) { 2553 case REP_PROTOCOL_FAIL_DELETED: 2554 case REP_PROTOCOL_FAIL_NO_RESOURCES: 2555 return (result); 2556 2557 case REP_PROTOCOL_FAIL_INVALID_TYPE: 2558 case REP_PROTOCOL_FAIL_TYPE_MISMATCH: 2559 default: 2560 bad_error("rc_node_find_named_child", result); 2561 } 2562 } 2563 2564 if (prop == NULL) 2565 return (REP_PROTOCOL_FAIL_NOT_FOUND); 2566 2567 /* rn_valtype is immutable, so no locking. */ 2568 if (prop->rn_valtype != REP_PROTOCOL_TYPE_STRING) { 2569 rc_node_rele(prop); 2570 return (REP_PROTOCOL_SUCCESS); 2571 } 2572 2573 (void) pthread_mutex_lock(&prop->rn_lock); 2574 for (count = prop->rn_values_count, cp = prop->rn_values; 2575 count > 0; 2576 --count) { 2577 result = perm_add_enabling_type(pcp, cp, 2578 (pg->rn_id.rl_ids[ID_INSTANCE]) ? PC_AUTH_INST : 2579 PC_AUTH_SVC); 2580 if (result != REP_PROTOCOL_SUCCESS) 2581 break; 2582 2583 cp = strchr(cp, '\0') + 1; 2584 } 2585 2586 rc_node_rele_locked(prop); 2587 2588 return (result); 2589 } 2590 2591 /* 2592 * Assuming that ent is a service or instance node, if the pgname property 2593 * group has type pgtype, and it has a propname property with string type, add 2594 * its values as authorizations to pcp. If pgtype is NULL, it is not checked. 2595 * Returns 2596 * _SUCCESS 2597 * _DELETED - ent was deleted 2598 * _NO_RESOURCES - no resources 2599 * _NOT_FOUND - ent does not have pgname pg or propname property 2600 */ 2601 static int 2602 perm_add_ent_prop_values(permcheck_t *pcp, rc_node_t *ent, const char *pgname, 2603 const char *pgtype, const char *propname) 2604 { 2605 int r; 2606 rc_node_t *pg; 2607 2608 assert(!MUTEX_HELD(&ent->rn_lock)); 2609 2610 (void) pthread_mutex_lock(&ent->rn_lock); 2611 r = rc_node_find_named_child(ent, pgname, 2612 REP_PROTOCOL_ENTITY_PROPERTYGRP, &pg); 2613 (void) pthread_mutex_unlock(&ent->rn_lock); 2614 2615 switch (r) { 2616 case REP_PROTOCOL_SUCCESS: 2617 break; 2618 2619 case REP_PROTOCOL_FAIL_DELETED: 2620 case REP_PROTOCOL_FAIL_NO_RESOURCES: 2621 return (r); 2622 2623 default: 2624 bad_error("rc_node_find_named_child", r); 2625 } 2626 2627 if (pg == NULL) 2628 return (REP_PROTOCOL_FAIL_NOT_FOUND); 2629 2630 if (pgtype == NULL || strcmp(pg->rn_type, pgtype) == 0) { 2631 r = perm_add_pg_prop_values(pcp, pg, propname); 2632 switch (r) { 2633 case REP_PROTOCOL_FAIL_DELETED: 2634 r = REP_PROTOCOL_FAIL_NOT_FOUND; 2635 break; 2636 2637 case REP_PROTOCOL_FAIL_NO_RESOURCES: 2638 case REP_PROTOCOL_SUCCESS: 2639 case REP_PROTOCOL_FAIL_NOT_FOUND: 2640 break; 2641 2642 default: 2643 bad_error("perm_add_pg_prop_values", r); 2644 } 2645 } 2646 2647 rc_node_rele(pg); 2648 2649 return (r); 2650 } 2651 2652 /* 2653 * If pg has a property named propname, and is string typed, add its values as 2654 * authorizations to pcp. If pg has no such property, and its parent is an 2655 * instance, walk up to the service and try doing the same with the property 2656 * of the same name from the property group of the same name. Returns 2657 * _SUCCESS 2658 * _NO_RESOURCES 2659 * _DELETED - pg (or an ancestor) was deleted 2660 */ 2661 static int 2662 perm_add_enabling_values(permcheck_t *pcp, rc_node_t *pg, const char *propname) 2663 { 2664 int r; 2665 char pgname[REP_PROTOCOL_NAME_LEN + 1]; 2666 rc_node_t *svc; 2667 size_t sz; 2668 2669 r = perm_add_pg_prop_values(pcp, pg, propname); 2670 2671 if (r != REP_PROTOCOL_FAIL_NOT_FOUND) 2672 return (r); 2673 2674 assert(!MUTEX_HELD(&pg->rn_lock)); 2675 2676 if (pg->rn_id.rl_ids[ID_INSTANCE] == 0) 2677 return (REP_PROTOCOL_SUCCESS); 2678 2679 sz = strlcpy(pgname, pg->rn_name, sizeof (pgname)); 2680 assert(sz < sizeof (pgname)); 2681 2682 /* 2683 * If pg is a child of an instance or snapshot, we want to compose the 2684 * authorization property with the service's (if it exists). The 2685 * snapshot case applies only to read_authorization. In all other 2686 * cases, the pg's parent will be the instance. 2687 */ 2688 r = rc_node_find_ancestor(pg, REP_PROTOCOL_ENTITY_SERVICE, &svc); 2689 if (r != REP_PROTOCOL_SUCCESS) { 2690 assert(r == REP_PROTOCOL_FAIL_DELETED); 2691 return (r); 2692 } 2693 assert(svc->rn_id.rl_type == REP_PROTOCOL_ENTITY_SERVICE); 2694 2695 r = perm_add_ent_prop_values(pcp, svc, pgname, NULL, propname); 2696 2697 rc_node_rele(svc); 2698 2699 if (r == REP_PROTOCOL_FAIL_NOT_FOUND) 2700 r = REP_PROTOCOL_SUCCESS; 2701 2702 return (r); 2703 } 2704 2705 /* 2706 * Call perm_add_enabling_values() for the "action_authorization" property of 2707 * the "general" property group of inst. Returns 2708 * _DELETED - inst (or an ancestor) was deleted 2709 * _NO_RESOURCES 2710 * _SUCCESS 2711 */ 2712 static int 2713 perm_add_inst_action_auth(permcheck_t *pcp, rc_node_t *inst) 2714 { 2715 int r; 2716 rc_node_t *svc; 2717 2718 assert(inst->rn_id.rl_type == REP_PROTOCOL_ENTITY_INSTANCE); 2719 2720 r = perm_add_ent_prop_values(pcp, inst, AUTH_PG_GENERAL, 2721 AUTH_PG_GENERAL_TYPE, AUTH_PROP_ACTION); 2722 2723 if (r != REP_PROTOCOL_FAIL_NOT_FOUND) 2724 return (r); 2725 2726 r = rc_node_parent(inst, &svc); 2727 if (r != REP_PROTOCOL_SUCCESS) { 2728 assert(r == REP_PROTOCOL_FAIL_DELETED); 2729 return (r); 2730 } 2731 2732 r = perm_add_ent_prop_values(pcp, svc, AUTH_PG_GENERAL, 2733 AUTH_PG_GENERAL_TYPE, AUTH_PROP_ACTION); 2734 2735 return (r == REP_PROTOCOL_FAIL_NOT_FOUND ? REP_PROTOCOL_SUCCESS : r); 2736 } 2737 #endif /* NATIVE_BUILD */ 2738 2739 void 2740 rc_node_ptr_init(rc_node_ptr_t *out) 2741 { 2742 out->rnp_node = NULL; 2743 out->rnp_auth_string = NULL; 2744 out->rnp_authorized = RC_AUTH_UNKNOWN; 2745 out->rnp_deleted = 0; 2746 } 2747 2748 void 2749 rc_node_ptr_free_mem(rc_node_ptr_t *npp) 2750 { 2751 if (npp->rnp_auth_string != NULL) { 2752 free((void *)npp->rnp_auth_string); 2753 npp->rnp_auth_string = NULL; 2754 } 2755 } 2756 2757 static void 2758 rc_node_assign(rc_node_ptr_t *out, rc_node_t *val) 2759 { 2760 rc_node_t *cur = out->rnp_node; 2761 if (val != NULL) 2762 rc_node_hold(val); 2763 out->rnp_node = val; 2764 if (cur != NULL) 2765 rc_node_rele(cur); 2766 out->rnp_authorized = RC_AUTH_UNKNOWN; 2767 rc_node_ptr_free_mem(out); 2768 out->rnp_deleted = 0; 2769 } 2770 2771 void 2772 rc_node_clear(rc_node_ptr_t *out, int deleted) 2773 { 2774 rc_node_assign(out, NULL); 2775 out->rnp_deleted = deleted; 2776 } 2777 2778 void 2779 rc_node_ptr_assign(rc_node_ptr_t *out, const rc_node_ptr_t *val) 2780 { 2781 rc_node_assign(out, val->rnp_node); 2782 } 2783 2784 /* 2785 * rc_node_check()/RC_NODE_CHECK() 2786 * generic "entry" checks, run before the use of an rc_node pointer. 2787 * 2788 * Fails with 2789 * _NOT_SET 2790 * _DELETED 2791 */ 2792 static int 2793 rc_node_check_and_lock(rc_node_t *np) 2794 { 2795 int result = REP_PROTOCOL_SUCCESS; 2796 if (np == NULL) 2797 return (REP_PROTOCOL_FAIL_NOT_SET); 2798 2799 (void) pthread_mutex_lock(&np->rn_lock); 2800 if (!rc_node_wait_flag(np, RC_NODE_DYING)) { 2801 result = REP_PROTOCOL_FAIL_DELETED; 2802 (void) pthread_mutex_unlock(&np->rn_lock); 2803 } 2804 2805 return (result); 2806 } 2807 2808 /* 2809 * Fails with 2810 * _NOT_SET - ptr is reset 2811 * _DELETED - node has been deleted 2812 */ 2813 static rc_node_t * 2814 rc_node_ptr_check_and_lock(rc_node_ptr_t *npp, int *res) 2815 { 2816 rc_node_t *np = npp->rnp_node; 2817 if (np == NULL) { 2818 if (npp->rnp_deleted) 2819 *res = REP_PROTOCOL_FAIL_DELETED; 2820 else 2821 *res = REP_PROTOCOL_FAIL_NOT_SET; 2822 return (NULL); 2823 } 2824 2825 (void) pthread_mutex_lock(&np->rn_lock); 2826 if (!rc_node_wait_flag(np, RC_NODE_DYING)) { 2827 (void) pthread_mutex_unlock(&np->rn_lock); 2828 rc_node_clear(npp, 1); 2829 *res = REP_PROTOCOL_FAIL_DELETED; 2830 return (NULL); 2831 } 2832 return (np); 2833 } 2834 2835 #define RC_NODE_CHECK_AND_LOCK(n) { \ 2836 int rc__res; \ 2837 if ((rc__res = rc_node_check_and_lock(n)) != REP_PROTOCOL_SUCCESS) \ 2838 return (rc__res); \ 2839 } 2840 2841 #define RC_NODE_CHECK(n) { \ 2842 RC_NODE_CHECK_AND_LOCK(n); \ 2843 (void) pthread_mutex_unlock(&(n)->rn_lock); \ 2844 } 2845 2846 #define RC_NODE_CHECK_AND_HOLD(n) { \ 2847 RC_NODE_CHECK_AND_LOCK(n); \ 2848 rc_node_hold_locked(n); \ 2849 (void) pthread_mutex_unlock(&(n)->rn_lock); \ 2850 } 2851 2852 #define RC_NODE_PTR_GET_CHECK_AND_LOCK(np, npp) { \ 2853 int rc__res; \ 2854 if (((np) = rc_node_ptr_check_and_lock(npp, &rc__res)) == NULL) \ 2855 return (rc__res); \ 2856 } 2857 2858 #define RC_NODE_PTR_GET_CHECK(np, npp) { \ 2859 RC_NODE_PTR_GET_CHECK_AND_LOCK(np, npp); \ 2860 (void) pthread_mutex_unlock(&(np)->rn_lock); \ 2861 } 2862 2863 #define RC_NODE_PTR_GET_CHECK_AND_HOLD(np, npp) { \ 2864 RC_NODE_PTR_GET_CHECK_AND_LOCK(np, npp); \ 2865 rc_node_hold_locked(np); \ 2866 (void) pthread_mutex_unlock(&(np)->rn_lock); \ 2867 } 2868 2869 #define HOLD_FLAG_OR_RETURN(np, flag) { \ 2870 assert(MUTEX_HELD(&(np)->rn_lock)); \ 2871 assert(!((np)->rn_flags & RC_NODE_DEAD)); \ 2872 if (!rc_node_hold_flag((np), flag)) { \ 2873 (void) pthread_mutex_unlock(&(np)->rn_lock); \ 2874 return (REP_PROTOCOL_FAIL_DELETED); \ 2875 } \ 2876 } 2877 2878 #define HOLD_PTR_FLAG_OR_RETURN(np, npp, flag) { \ 2879 assert(MUTEX_HELD(&(np)->rn_lock)); \ 2880 assert(!((np)->rn_flags & RC_NODE_DEAD)); \ 2881 if (!rc_node_hold_flag((np), flag)) { \ 2882 (void) pthread_mutex_unlock(&(np)->rn_lock); \ 2883 assert((np) == (npp)->rnp_node); \ 2884 rc_node_clear(npp, 1); \ 2885 return (REP_PROTOCOL_FAIL_DELETED); \ 2886 } \ 2887 } 2888 2889 #define HOLD_PTR_FLAG_OR_FREE_AND_RETURN(np, npp, flag, mem) { \ 2890 assert(MUTEX_HELD(&(np)->rn_lock)); \ 2891 assert(!((np)->rn_flags & RC_NODE_DEAD)); \ 2892 if (!rc_node_hold_flag((np), flag)) { \ 2893 (void) pthread_mutex_unlock(&(np)->rn_lock); \ 2894 assert((np) == (npp)->rnp_node); \ 2895 rc_node_clear(npp, 1); \ 2896 if ((mem) != NULL) \ 2897 free((mem)); \ 2898 return (REP_PROTOCOL_FAIL_DELETED); \ 2899 } \ 2900 } 2901 2902 int 2903 rc_local_scope(uint32_t type, rc_node_ptr_t *out) 2904 { 2905 if (type != REP_PROTOCOL_ENTITY_SCOPE) { 2906 rc_node_clear(out, 0); 2907 return (REP_PROTOCOL_FAIL_TYPE_MISMATCH); 2908 } 2909 2910 /* 2911 * the main scope never gets destroyed 2912 */ 2913 rc_node_assign(out, rc_scope); 2914 2915 return (REP_PROTOCOL_SUCCESS); 2916 } 2917 2918 /* 2919 * Fails with 2920 * _NOT_SET - npp is not set 2921 * _DELETED - the node npp pointed at has been deleted 2922 * _TYPE_MISMATCH - type is not _SCOPE 2923 * _NOT_FOUND - scope has no parent 2924 */ 2925 static int 2926 rc_scope_parent_scope(rc_node_ptr_t *npp, uint32_t type, rc_node_ptr_t *out) 2927 { 2928 rc_node_t *np; 2929 2930 rc_node_clear(out, 0); 2931 2932 RC_NODE_PTR_GET_CHECK(np, npp); 2933 2934 if (type != REP_PROTOCOL_ENTITY_SCOPE) 2935 return (REP_PROTOCOL_FAIL_TYPE_MISMATCH); 2936 2937 return (REP_PROTOCOL_FAIL_NOT_FOUND); 2938 } 2939 2940 static int rc_node_pg_check_read_protect(rc_node_t *); 2941 2942 /* 2943 * Fails with 2944 * _NOT_SET 2945 * _DELETED 2946 * _NOT_APPLICABLE 2947 * _NOT_FOUND 2948 * _BAD_REQUEST 2949 * _TRUNCATED 2950 * _NO_RESOURCES 2951 */ 2952 int 2953 rc_node_name(rc_node_ptr_t *npp, char *buf, size_t sz, uint32_t answertype, 2954 size_t *sz_out) 2955 { 2956 size_t actual; 2957 rc_node_t *np; 2958 2959 assert(sz == *sz_out); 2960 2961 RC_NODE_PTR_GET_CHECK(np, npp); 2962 2963 if (np->rn_id.rl_type == REP_PROTOCOL_ENTITY_CPROPERTYGRP) { 2964 np = np->rn_cchain[0]; 2965 RC_NODE_CHECK(np); 2966 } 2967 2968 switch (answertype) { 2969 case RP_ENTITY_NAME_NAME: 2970 if (np->rn_name == NULL) 2971 return (REP_PROTOCOL_FAIL_NOT_APPLICABLE); 2972 actual = strlcpy(buf, np->rn_name, sz); 2973 break; 2974 case RP_ENTITY_NAME_PGTYPE: 2975 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_PROPERTYGRP) 2976 return (REP_PROTOCOL_FAIL_NOT_APPLICABLE); 2977 actual = strlcpy(buf, np->rn_type, sz); 2978 break; 2979 case RP_ENTITY_NAME_PGFLAGS: 2980 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_PROPERTYGRP) 2981 return (REP_PROTOCOL_FAIL_NOT_APPLICABLE); 2982 actual = snprintf(buf, sz, "%d", np->rn_pgflags); 2983 break; 2984 case RP_ENTITY_NAME_SNAPLEVEL_SCOPE: 2985 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_SNAPLEVEL) 2986 return (REP_PROTOCOL_FAIL_NOT_APPLICABLE); 2987 actual = strlcpy(buf, np->rn_snaplevel->rsl_scope, sz); 2988 break; 2989 case RP_ENTITY_NAME_SNAPLEVEL_SERVICE: 2990 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_SNAPLEVEL) 2991 return (REP_PROTOCOL_FAIL_NOT_APPLICABLE); 2992 actual = strlcpy(buf, np->rn_snaplevel->rsl_service, sz); 2993 break; 2994 case RP_ENTITY_NAME_SNAPLEVEL_INSTANCE: 2995 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_SNAPLEVEL) 2996 return (REP_PROTOCOL_FAIL_NOT_APPLICABLE); 2997 if (np->rn_snaplevel->rsl_instance == NULL) 2998 return (REP_PROTOCOL_FAIL_NOT_FOUND); 2999 actual = strlcpy(buf, np->rn_snaplevel->rsl_instance, sz); 3000 break; 3001 case RP_ENTITY_NAME_PGREADPROT: 3002 { 3003 int ret; 3004 3005 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_PROPERTYGRP) 3006 return (REP_PROTOCOL_FAIL_NOT_APPLICABLE); 3007 ret = rc_node_pg_check_read_protect(np); 3008 assert(ret != REP_PROTOCOL_FAIL_TYPE_MISMATCH); 3009 switch (ret) { 3010 case REP_PROTOCOL_FAIL_PERMISSION_DENIED: 3011 actual = snprintf(buf, sz, "1"); 3012 break; 3013 case REP_PROTOCOL_SUCCESS: 3014 actual = snprintf(buf, sz, "0"); 3015 break; 3016 default: 3017 return (ret); 3018 } 3019 break; 3020 } 3021 default: 3022 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 3023 } 3024 if (actual >= sz) 3025 return (REP_PROTOCOL_FAIL_TRUNCATED); 3026 3027 *sz_out = actual; 3028 return (REP_PROTOCOL_SUCCESS); 3029 } 3030 3031 int 3032 rc_node_get_property_type(rc_node_ptr_t *npp, rep_protocol_value_type_t *out) 3033 { 3034 rc_node_t *np; 3035 3036 RC_NODE_PTR_GET_CHECK(np, npp); 3037 3038 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_PROPERTY) 3039 return (REP_PROTOCOL_FAIL_TYPE_MISMATCH); 3040 3041 *out = np->rn_valtype; 3042 3043 return (REP_PROTOCOL_SUCCESS); 3044 } 3045 3046 /* 3047 * Get np's parent. If np is deleted, returns _DELETED. Otherwise puts a hold 3048 * on the parent, returns a pointer to it in *out, and returns _SUCCESS. 3049 */ 3050 static int 3051 rc_node_parent(rc_node_t *np, rc_node_t **out) 3052 { 3053 rc_node_t *pnp; 3054 rc_node_t *np_orig; 3055 3056 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_CPROPERTYGRP) { 3057 RC_NODE_CHECK_AND_LOCK(np); 3058 } else { 3059 np = np->rn_cchain[0]; 3060 RC_NODE_CHECK_AND_LOCK(np); 3061 } 3062 3063 np_orig = np; 3064 rc_node_hold_locked(np); /* simplifies the remainder */ 3065 3066 for (;;) { 3067 if (!rc_node_wait_flag(np, 3068 RC_NODE_IN_TX | RC_NODE_USING_PARENT)) { 3069 rc_node_rele_locked(np); 3070 return (REP_PROTOCOL_FAIL_DELETED); 3071 } 3072 3073 if (!(np->rn_flags & RC_NODE_OLD)) 3074 break; 3075 3076 rc_node_rele_locked(np); 3077 np = cache_lookup(&np_orig->rn_id); 3078 assert(np != np_orig); 3079 3080 if (np == NULL) 3081 goto deleted; 3082 (void) pthread_mutex_lock(&np->rn_lock); 3083 } 3084 3085 /* guaranteed to succeed without dropping the lock */ 3086 if (!rc_node_hold_flag(np, RC_NODE_USING_PARENT)) { 3087 (void) pthread_mutex_unlock(&np->rn_lock); 3088 *out = NULL; 3089 rc_node_rele(np); 3090 return (REP_PROTOCOL_FAIL_DELETED); 3091 } 3092 3093 assert(np->rn_parent != NULL); 3094 pnp = np->rn_parent; 3095 (void) pthread_mutex_unlock(&np->rn_lock); 3096 3097 (void) pthread_mutex_lock(&pnp->rn_lock); 3098 (void) pthread_mutex_lock(&np->rn_lock); 3099 rc_node_rele_flag(np, RC_NODE_USING_PARENT); 3100 (void) pthread_mutex_unlock(&np->rn_lock); 3101 3102 rc_node_hold_locked(pnp); 3103 3104 (void) pthread_mutex_unlock(&pnp->rn_lock); 3105 3106 rc_node_rele(np); 3107 *out = pnp; 3108 return (REP_PROTOCOL_SUCCESS); 3109 3110 deleted: 3111 rc_node_rele(np); 3112 return (REP_PROTOCOL_FAIL_DELETED); 3113 } 3114 3115 /* 3116 * Fails with 3117 * _NOT_SET 3118 * _DELETED 3119 */ 3120 static int 3121 rc_node_ptr_parent(rc_node_ptr_t *npp, rc_node_t **out) 3122 { 3123 rc_node_t *np; 3124 3125 RC_NODE_PTR_GET_CHECK(np, npp); 3126 3127 return (rc_node_parent(np, out)); 3128 } 3129 3130 /* 3131 * Fails with 3132 * _NOT_SET - npp is not set 3133 * _DELETED - the node npp pointed at has been deleted 3134 * _TYPE_MISMATCH - npp's node's parent is not of type type 3135 * 3136 * If npp points to a scope, can also fail with 3137 * _NOT_FOUND - scope has no parent 3138 */ 3139 int 3140 rc_node_get_parent(rc_node_ptr_t *npp, uint32_t type, rc_node_ptr_t *out) 3141 { 3142 rc_node_t *pnp; 3143 int rc; 3144 3145 if (npp->rnp_node != NULL && 3146 npp->rnp_node->rn_id.rl_type == REP_PROTOCOL_ENTITY_SCOPE) 3147 return (rc_scope_parent_scope(npp, type, out)); 3148 3149 if ((rc = rc_node_ptr_parent(npp, &pnp)) != REP_PROTOCOL_SUCCESS) { 3150 rc_node_clear(out, 0); 3151 return (rc); 3152 } 3153 3154 if (type != pnp->rn_id.rl_type) { 3155 rc_node_rele(pnp); 3156 return (REP_PROTOCOL_FAIL_TYPE_MISMATCH); 3157 } 3158 3159 rc_node_assign(out, pnp); 3160 rc_node_rele(pnp); 3161 3162 return (REP_PROTOCOL_SUCCESS); 3163 } 3164 3165 int 3166 rc_node_parent_type(rc_node_ptr_t *npp, uint32_t *type_out) 3167 { 3168 rc_node_t *pnp; 3169 int rc; 3170 3171 if (npp->rnp_node != NULL && 3172 npp->rnp_node->rn_id.rl_type == REP_PROTOCOL_ENTITY_SCOPE) { 3173 *type_out = REP_PROTOCOL_ENTITY_SCOPE; 3174 return (REP_PROTOCOL_SUCCESS); 3175 } 3176 3177 if ((rc = rc_node_ptr_parent(npp, &pnp)) != REP_PROTOCOL_SUCCESS) 3178 return (rc); 3179 3180 *type_out = pnp->rn_id.rl_type; 3181 3182 rc_node_rele(pnp); 3183 3184 return (REP_PROTOCOL_SUCCESS); 3185 } 3186 3187 /* 3188 * Fails with 3189 * _INVALID_TYPE - type is invalid 3190 * _TYPE_MISMATCH - np doesn't carry children of type type 3191 * _DELETED - np has been deleted 3192 * _NOT_FOUND - no child with that name/type combo found 3193 * _NO_RESOURCES 3194 * _BACKEND_ACCESS 3195 */ 3196 int 3197 rc_node_get_child(rc_node_ptr_t *npp, const char *name, uint32_t type, 3198 rc_node_ptr_t *outp) 3199 { 3200 rc_node_t *np, *cp; 3201 rc_node_t *child = NULL; 3202 int ret, idx; 3203 3204 RC_NODE_PTR_GET_CHECK_AND_LOCK(np, npp); 3205 if ((ret = rc_check_type_name(type, name)) == REP_PROTOCOL_SUCCESS) { 3206 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_CPROPERTYGRP) { 3207 ret = rc_node_find_named_child(np, name, type, &child); 3208 } else { 3209 (void) pthread_mutex_unlock(&np->rn_lock); 3210 ret = REP_PROTOCOL_SUCCESS; 3211 for (idx = 0; idx < COMPOSITION_DEPTH; idx++) { 3212 cp = np->rn_cchain[idx]; 3213 if (cp == NULL) 3214 break; 3215 RC_NODE_CHECK_AND_LOCK(cp); 3216 ret = rc_node_find_named_child(cp, name, type, 3217 &child); 3218 (void) pthread_mutex_unlock(&cp->rn_lock); 3219 /* 3220 * loop only if we succeeded, but no child of 3221 * the correct name was found. 3222 */ 3223 if (ret != REP_PROTOCOL_SUCCESS || 3224 child != NULL) 3225 break; 3226 } 3227 (void) pthread_mutex_lock(&np->rn_lock); 3228 } 3229 } 3230 (void) pthread_mutex_unlock(&np->rn_lock); 3231 3232 if (ret == REP_PROTOCOL_SUCCESS) { 3233 rc_node_assign(outp, child); 3234 if (child != NULL) 3235 rc_node_rele(child); 3236 else 3237 ret = REP_PROTOCOL_FAIL_NOT_FOUND; 3238 } else { 3239 rc_node_assign(outp, NULL); 3240 } 3241 return (ret); 3242 } 3243 3244 int 3245 rc_node_update(rc_node_ptr_t *npp) 3246 { 3247 cache_bucket_t *bp; 3248 rc_node_t *np = npp->rnp_node; 3249 rc_node_t *nnp; 3250 rc_node_t *cpg = NULL; 3251 3252 if (np != NULL && 3253 np->rn_id.rl_type == REP_PROTOCOL_ENTITY_CPROPERTYGRP) { 3254 /* 3255 * If we're updating a composed property group, actually 3256 * update the top-level property group & return the 3257 * appropriate value. But leave *nnp pointing at us. 3258 */ 3259 cpg = np; 3260 np = np->rn_cchain[0]; 3261 } 3262 3263 RC_NODE_CHECK(np); 3264 3265 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_PROPERTYGRP && 3266 np->rn_id.rl_type != REP_PROTOCOL_ENTITY_SNAPSHOT) 3267 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 3268 3269 for (;;) { 3270 bp = cache_hold(np->rn_hash); 3271 nnp = cache_lookup_unlocked(bp, &np->rn_id); 3272 if (nnp == NULL) { 3273 cache_release(bp); 3274 rc_node_clear(npp, 1); 3275 return (REP_PROTOCOL_FAIL_DELETED); 3276 } 3277 /* 3278 * grab the lock before dropping the cache bucket, so 3279 * that no one else can sneak in 3280 */ 3281 (void) pthread_mutex_lock(&nnp->rn_lock); 3282 cache_release(bp); 3283 3284 if (!(nnp->rn_flags & RC_NODE_IN_TX) || 3285 !rc_node_wait_flag(nnp, RC_NODE_IN_TX)) 3286 break; 3287 3288 rc_node_rele_locked(nnp); 3289 } 3290 3291 /* 3292 * If it is dead, we want to update it so that it will continue to 3293 * report being dead. 3294 */ 3295 if (nnp->rn_flags & RC_NODE_DEAD) { 3296 (void) pthread_mutex_unlock(&nnp->rn_lock); 3297 if (nnp != np && cpg == NULL) 3298 rc_node_assign(npp, nnp); /* updated */ 3299 rc_node_rele(nnp); 3300 return (REP_PROTOCOL_FAIL_DELETED); 3301 } 3302 3303 assert(!(nnp->rn_flags & RC_NODE_OLD)); 3304 (void) pthread_mutex_unlock(&nnp->rn_lock); 3305 3306 if (nnp != np && cpg == NULL) 3307 rc_node_assign(npp, nnp); /* updated */ 3308 3309 rc_node_rele(nnp); 3310 3311 return ((nnp == np)? REP_PROTOCOL_SUCCESS : REP_PROTOCOL_DONE); 3312 } 3313 3314 /* 3315 * does a generic modification check, for creation, deletion, and snapshot 3316 * management only. Property group transactions have different checks. 3317 * 3318 * The string returned to *match_auth must be freed. 3319 */ 3320 int 3321 rc_node_modify_permission_check(char **match_auth) 3322 { 3323 int rc = REP_PROTOCOL_SUCCESS; 3324 permcheck_t *pcp; 3325 int granted; 3326 3327 *match_auth = NULL; 3328 #ifdef NATIVE_BUILD 3329 if (!client_is_privileged()) { 3330 rc = REP_PROTOCOL_FAIL_PERMISSION_DENIED; 3331 } 3332 return (rc); 3333 #else 3334 if (is_main_repository == 0) 3335 return (REP_PROTOCOL_SUCCESS); 3336 pcp = pc_create(); 3337 if (pcp != NULL) { 3338 rc = perm_add_enabling(pcp, AUTH_MODIFY); 3339 3340 if (rc == REP_PROTOCOL_SUCCESS) { 3341 granted = perm_granted(pcp); 3342 3343 if (granted < 0) { 3344 rc = REP_PROTOCOL_FAIL_NO_RESOURCES; 3345 } else { 3346 /* 3347 * Copy off the authorization 3348 * string before freeing pcp. 3349 */ 3350 *match_auth = 3351 strdup(pcp->pc_auth_string); 3352 if (*match_auth == NULL) 3353 rc = REP_PROTOCOL_FAIL_NO_RESOURCES; 3354 } 3355 } 3356 3357 pc_free(pcp); 3358 } else { 3359 rc = REP_PROTOCOL_FAIL_NO_RESOURCES; 3360 } 3361 3362 if (rc == REP_PROTOCOL_SUCCESS && !granted) 3363 rc = REP_PROTOCOL_FAIL_PERMISSION_DENIED; 3364 3365 return (rc); 3366 #endif /* NATIVE_BUILD */ 3367 } 3368 3369 /* 3370 * Native builds are done to create svc.configd-native. This program runs 3371 * only on the Solaris build machines to create the seed repository, and it 3372 * is compiled against the build machine's header files. The ADT_smf_* 3373 * symbols may not be defined in these header files. For this reason 3374 * smf_annotation_event(), _smf_audit_event() and special_property_event() 3375 * are not compiled for native builds. 3376 */ 3377 #ifndef NATIVE_BUILD 3378 3379 /* 3380 * This function generates an annotation audit event if one has been setup. 3381 * Annotation events should only be generated immediately before the audit 3382 * record from the first attempt to modify the repository from a client 3383 * which has requested an annotation. 3384 */ 3385 static void 3386 smf_annotation_event(int status, int return_val) 3387 { 3388 adt_session_data_t *session; 3389 adt_event_data_t *event = NULL; 3390 char file[MAXPATHLEN]; 3391 char operation[REP_PROTOCOL_NAME_LEN]; 3392 3393 /* Don't audit if we're using an alternate repository. */ 3394 if (is_main_repository == 0) 3395 return; 3396 3397 if (client_annotation_needed(operation, sizeof (operation), file, 3398 sizeof (file)) == 0) { 3399 return; 3400 } 3401 if (file[0] == 0) { 3402 (void) strlcpy(file, "NO FILE", sizeof (file)); 3403 } 3404 if (operation[0] == 0) { 3405 (void) strlcpy(operation, "NO OPERATION", 3406 sizeof (operation)); 3407 } 3408 if ((session = get_audit_session()) == NULL) 3409 return; 3410 if ((event = adt_alloc_event(session, ADT_smf_annotation)) == NULL) { 3411 uu_warn("smf_annotation_event cannot allocate event " 3412 "data. %s\n", strerror(errno)); 3413 return; 3414 } 3415 event->adt_smf_annotation.operation = operation; 3416 event->adt_smf_annotation.file = file; 3417 if (adt_put_event(event, status, return_val) == 0) { 3418 client_annotation_finished(); 3419 } else { 3420 uu_warn("smf_annotation_event failed to put event. " 3421 "%s\n", strerror(errno)); 3422 } 3423 adt_free_event(event); 3424 } 3425 3426 /* 3427 * _smf_audit_event interacts with the security auditing system to generate 3428 * an audit event structure. It establishes an audit session and allocates 3429 * an audit event. The event is filled in from the audit data, and 3430 * adt_put_event is called to generate the event. 3431 */ 3432 static void 3433 _smf_audit_event(au_event_t event_id, int status, int return_val, 3434 audit_event_data_t *data) 3435 { 3436 char *auth_used; 3437 char *fmri; 3438 char *prop_value; 3439 adt_session_data_t *session; 3440 adt_event_data_t *event = NULL; 3441 3442 /* Don't audit if we're using an alternate repository */ 3443 if (is_main_repository == 0) 3444 return; 3445 3446 smf_annotation_event(status, return_val); 3447 if ((session = get_audit_session()) == NULL) 3448 return; 3449 if ((event = adt_alloc_event(session, event_id)) == NULL) { 3450 uu_warn("_smf_audit_event cannot allocate event " 3451 "data. %s\n", strerror(errno)); 3452 return; 3453 } 3454 3455 /* 3456 * Handle possibility of NULL authorization strings, FMRIs and 3457 * property values. 3458 */ 3459 if (data->ed_auth == NULL) { 3460 auth_used = "PRIVILEGED"; 3461 } else { 3462 auth_used = data->ed_auth; 3463 } 3464 if (data->ed_fmri == NULL) { 3465 syslog(LOG_WARNING, "_smf_audit_event called with " 3466 "empty FMRI string"); 3467 fmri = "UNKNOWN FMRI"; 3468 } else { 3469 fmri = data->ed_fmri; 3470 } 3471 if (data->ed_prop_value == NULL) { 3472 prop_value = ""; 3473 } else { 3474 prop_value = data->ed_prop_value; 3475 } 3476 3477 /* Fill in the event data. */ 3478 switch (event_id) { 3479 case ADT_smf_attach_snap: 3480 event->adt_smf_attach_snap.auth_used = auth_used; 3481 event->adt_smf_attach_snap.old_fmri = data->ed_old_fmri; 3482 event->adt_smf_attach_snap.old_name = data->ed_old_name; 3483 event->adt_smf_attach_snap.new_fmri = fmri; 3484 event->adt_smf_attach_snap.new_name = data->ed_snapname; 3485 break; 3486 case ADT_smf_change_prop: 3487 event->adt_smf_change_prop.auth_used = auth_used; 3488 event->adt_smf_change_prop.fmri = fmri; 3489 event->adt_smf_change_prop.type = data->ed_type; 3490 event->adt_smf_change_prop.value = prop_value; 3491 break; 3492 case ADT_smf_clear: 3493 event->adt_smf_clear.auth_used = auth_used; 3494 event->adt_smf_clear.fmri = fmri; 3495 break; 3496 case ADT_smf_create: 3497 event->adt_smf_create.fmri = fmri; 3498 event->adt_smf_create.auth_used = auth_used; 3499 break; 3500 case ADT_smf_create_npg: 3501 event->adt_smf_create_npg.auth_used = auth_used; 3502 event->adt_smf_create_npg.fmri = fmri; 3503 event->adt_smf_create_npg.type = data->ed_type; 3504 break; 3505 case ADT_smf_create_pg: 3506 event->adt_smf_create_pg.auth_used = auth_used; 3507 event->adt_smf_create_pg.fmri = fmri; 3508 event->adt_smf_create_pg.type = data->ed_type; 3509 break; 3510 case ADT_smf_create_prop: 3511 event->adt_smf_create_prop.auth_used = auth_used; 3512 event->adt_smf_create_prop.fmri = fmri; 3513 event->adt_smf_create_prop.type = data->ed_type; 3514 event->adt_smf_create_prop.value = prop_value; 3515 break; 3516 case ADT_smf_create_snap: 3517 event->adt_smf_create_snap.auth_used = auth_used; 3518 event->adt_smf_create_snap.fmri = fmri; 3519 event->adt_smf_create_snap.name = data->ed_snapname; 3520 break; 3521 case ADT_smf_degrade: 3522 event->adt_smf_degrade.auth_used = auth_used; 3523 event->adt_smf_degrade.fmri = fmri; 3524 break; 3525 case ADT_smf_delete: 3526 event->adt_smf_delete.fmri = fmri; 3527 event->adt_smf_delete.auth_used = auth_used; 3528 break; 3529 case ADT_smf_delete_npg: 3530 event->adt_smf_delete_npg.auth_used = auth_used; 3531 event->adt_smf_delete_npg.fmri = fmri; 3532 event->adt_smf_delete_npg.type = data->ed_type; 3533 break; 3534 case ADT_smf_delete_pg: 3535 event->adt_smf_delete_pg.auth_used = auth_used; 3536 event->adt_smf_delete_pg.fmri = fmri; 3537 event->adt_smf_delete_pg.type = data->ed_type; 3538 break; 3539 case ADT_smf_delete_prop: 3540 event->adt_smf_delete_prop.auth_used = auth_used; 3541 event->adt_smf_delete_prop.fmri = fmri; 3542 break; 3543 case ADT_smf_delete_snap: 3544 event->adt_smf_delete_snap.auth_used = auth_used; 3545 event->adt_smf_delete_snap.fmri = fmri; 3546 event->adt_smf_delete_snap.name = data->ed_snapname; 3547 break; 3548 case ADT_smf_disable: 3549 event->adt_smf_disable.auth_used = auth_used; 3550 event->adt_smf_disable.fmri = fmri; 3551 break; 3552 case ADT_smf_enable: 3553 event->adt_smf_enable.auth_used = auth_used; 3554 event->adt_smf_enable.fmri = fmri; 3555 break; 3556 case ADT_smf_immediate_degrade: 3557 event->adt_smf_immediate_degrade.auth_used = auth_used; 3558 event->adt_smf_immediate_degrade.fmri = fmri; 3559 break; 3560 case ADT_smf_immediate_maintenance: 3561 event->adt_smf_immediate_maintenance.auth_used = auth_used; 3562 event->adt_smf_immediate_maintenance.fmri = fmri; 3563 break; 3564 case ADT_smf_immtmp_maintenance: 3565 event->adt_smf_immtmp_maintenance.auth_used = auth_used; 3566 event->adt_smf_immtmp_maintenance.fmri = fmri; 3567 break; 3568 case ADT_smf_maintenance: 3569 event->adt_smf_maintenance.auth_used = auth_used; 3570 event->adt_smf_maintenance.fmri = fmri; 3571 break; 3572 case ADT_smf_milestone: 3573 event->adt_smf_milestone.auth_used = auth_used; 3574 event->adt_smf_milestone.fmri = fmri; 3575 break; 3576 case ADT_smf_read_prop: 3577 event->adt_smf_read_prop.auth_used = auth_used; 3578 event->adt_smf_read_prop.fmri = fmri; 3579 break; 3580 case ADT_smf_refresh: 3581 event->adt_smf_refresh.auth_used = auth_used; 3582 event->adt_smf_refresh.fmri = fmri; 3583 break; 3584 case ADT_smf_restart: 3585 event->adt_smf_restart.auth_used = auth_used; 3586 event->adt_smf_restart.fmri = fmri; 3587 break; 3588 case ADT_smf_tmp_disable: 3589 event->adt_smf_tmp_disable.auth_used = auth_used; 3590 event->adt_smf_tmp_disable.fmri = fmri; 3591 break; 3592 case ADT_smf_tmp_enable: 3593 event->adt_smf_tmp_enable.auth_used = auth_used; 3594 event->adt_smf_tmp_enable.fmri = fmri; 3595 break; 3596 case ADT_smf_tmp_maintenance: 3597 event->adt_smf_tmp_maintenance.auth_used = auth_used; 3598 event->adt_smf_tmp_maintenance.fmri = fmri; 3599 break; 3600 default: 3601 abort(); /* Need to cover all SMF event IDs */ 3602 } 3603 3604 if (adt_put_event(event, status, return_val) != 0) { 3605 uu_warn("_smf_audit_event failed to put event. %s\n", 3606 strerror(errno)); 3607 } 3608 adt_free_event(event); 3609 } 3610 3611 /* 3612 * Determine if the combination of the property group at pg_name and the 3613 * property at prop_name are in the set of special startd properties. If 3614 * they are, a special audit event will be generated. 3615 */ 3616 static void 3617 special_property_event(audit_event_data_t *evdp, const char *prop_name, 3618 char *pg_name, int status, int return_val, tx_commit_data_t *tx_data, 3619 size_t cmd_no) 3620 { 3621 au_event_t event_id; 3622 audit_special_prop_item_t search_key; 3623 audit_special_prop_item_t *found; 3624 3625 /* Use bsearch to find the special property information. */ 3626 search_key.api_prop_name = prop_name; 3627 search_key.api_pg_name = pg_name; 3628 found = (audit_special_prop_item_t *)bsearch(&search_key, 3629 special_props_list, SPECIAL_PROP_COUNT, 3630 sizeof (special_props_list[0]), special_prop_compare); 3631 if (found == NULL) { 3632 /* Not a special property. */ 3633 return; 3634 } 3635 3636 /* Get the event id */ 3637 if (found->api_event_func == NULL) { 3638 event_id = found->api_event_id; 3639 } else { 3640 if ((*found->api_event_func)(tx_data, cmd_no, 3641 found->api_pg_name, &event_id) < 0) 3642 return; 3643 } 3644 3645 /* Generate the event. */ 3646 smf_audit_event(event_id, status, return_val, evdp); 3647 } 3648 #endif /* NATIVE_BUILD */ 3649 3650 /* 3651 * Return a pointer to a string containing all the values of the command 3652 * specified by cmd_no with each value enclosed in quotes. It is up to the 3653 * caller to free the memory at the returned pointer. 3654 */ 3655 static char * 3656 generate_value_list(tx_commit_data_t *tx_data, size_t cmd_no) 3657 { 3658 const char *cp; 3659 const char *cur_value; 3660 size_t byte_count = 0; 3661 uint32_t i; 3662 uint32_t nvalues; 3663 size_t str_size = 0; 3664 char *values = NULL; 3665 char *vp; 3666 3667 if (tx_cmd_nvalues(tx_data, cmd_no, &nvalues) != REP_PROTOCOL_SUCCESS) 3668 return (NULL); 3669 /* 3670 * First determine the size of the buffer that we will need. We 3671 * will represent each property value surrounded by quotes with a 3672 * space separating the values. Thus, we need to find the total 3673 * size of all the value strings and add 3 for each value. 3674 * 3675 * There is one catch, though. We need to escape any internal 3676 * quote marks in the values. So for each quote in the value we 3677 * need to add another byte to the buffer size. 3678 */ 3679 for (i = 0; i < nvalues; i++) { 3680 if (tx_cmd_value(tx_data, cmd_no, i, &cur_value) != 3681 REP_PROTOCOL_SUCCESS) 3682 return (NULL); 3683 for (cp = cur_value; *cp != 0; cp++) { 3684 byte_count += (*cp == '"') ? 2 : 1; 3685 } 3686 byte_count += 3; /* surrounding quotes & space */ 3687 } 3688 byte_count++; /* nul terminator */ 3689 values = malloc(byte_count); 3690 if (values == NULL) 3691 return (NULL); 3692 *values = 0; 3693 3694 /* Now build up the string of values. */ 3695 for (i = 0; i < nvalues; i++) { 3696 if (tx_cmd_value(tx_data, cmd_no, i, &cur_value) != 3697 REP_PROTOCOL_SUCCESS) { 3698 free(values); 3699 return (NULL); 3700 } 3701 (void) strlcat(values, "\"", byte_count); 3702 for (cp = cur_value, vp = values + strlen(values); 3703 *cp != 0; cp++) { 3704 if (*cp == '"') { 3705 *vp++ = '\\'; 3706 *vp++ = '"'; 3707 } else { 3708 *vp++ = *cp; 3709 } 3710 } 3711 *vp = 0; 3712 str_size = strlcat(values, "\" ", byte_count); 3713 assert(str_size < byte_count); 3714 } 3715 if (str_size > 0) 3716 values[str_size - 1] = 0; /* get rid of trailing space */ 3717 return (values); 3718 } 3719 3720 /* 3721 * generate_property_events takes the transaction commit data at tx_data 3722 * and generates an audit event for each command. 3723 * 3724 * Native builds are done to create svc.configd-native. This program runs 3725 * only on the Solaris build machines to create the seed repository. Thus, 3726 * no audit events should be generated when running svc.configd-native. 3727 */ 3728 static void 3729 generate_property_events( 3730 tx_commit_data_t *tx_data, 3731 char *pg_fmri, /* FMRI of property group */ 3732 char *auth_string, 3733 int auth_status, 3734 int auth_ret_value) 3735 { 3736 #ifndef NATIVE_BUILD 3737 enum rep_protocol_transaction_action action; 3738 audit_event_data_t audit_data; 3739 size_t count; 3740 size_t cmd_no; 3741 char *cp; 3742 au_event_t event_id; 3743 char fmri[REP_PROTOCOL_FMRI_LEN]; 3744 char pg_name[REP_PROTOCOL_NAME_LEN]; 3745 char *pg_end; /* End of prop. group fmri */ 3746 const char *prop_name; 3747 uint32_t ptype; 3748 char prop_type[3]; 3749 enum rep_protocol_responseid rc; 3750 size_t sz_out; 3751 3752 /* Make sure we have something to do. */ 3753 if (tx_data == NULL) 3754 return; 3755 if ((count = tx_cmd_count(tx_data)) == 0) 3756 return; 3757 3758 /* Copy the property group fmri */ 3759 pg_end = fmri; 3760 pg_end += strlcpy(fmri, pg_fmri, sizeof (fmri)); 3761 3762 /* 3763 * Get the property group name. It is the first component after 3764 * the last occurance of SCF_FMRI_PROPERTYGRP_PREFIX in the fmri. 3765 */ 3766 cp = strstr(pg_fmri, SCF_FMRI_PROPERTYGRP_PREFIX); 3767 if (cp == NULL) { 3768 pg_name[0] = 0; 3769 } else { 3770 cp += strlen(SCF_FMRI_PROPERTYGRP_PREFIX); 3771 (void) strlcpy(pg_name, cp, sizeof (pg_name)); 3772 } 3773 3774 audit_data.ed_auth = auth_string; 3775 audit_data.ed_fmri = fmri; 3776 audit_data.ed_type = prop_type; 3777 3778 /* 3779 * Property type is two characters (see 3780 * rep_protocol_value_type_t), so terminate the string. 3781 */ 3782 prop_type[2] = 0; 3783 3784 for (cmd_no = 0; cmd_no < count; cmd_no++) { 3785 /* Construct FMRI of the property */ 3786 *pg_end = 0; 3787 if (tx_cmd_prop(tx_data, cmd_no, &prop_name) != 3788 REP_PROTOCOL_SUCCESS) { 3789 continue; 3790 } 3791 rc = rc_concat_fmri_element(fmri, sizeof (fmri), &sz_out, 3792 prop_name, REP_PROTOCOL_ENTITY_PROPERTY); 3793 if (rc != REP_PROTOCOL_SUCCESS) { 3794 /* 3795 * If we can't get the FMRI, we'll abandon this 3796 * command 3797 */ 3798 continue; 3799 } 3800 3801 /* Generate special property event if necessary. */ 3802 special_property_event(&audit_data, prop_name, pg_name, 3803 auth_status, auth_ret_value, tx_data, cmd_no); 3804 3805 /* Capture rest of audit data. */ 3806 if (tx_cmd_prop_type(tx_data, cmd_no, &ptype) != 3807 REP_PROTOCOL_SUCCESS) { 3808 continue; 3809 } 3810 prop_type[0] = REP_PROTOCOL_BASE_TYPE(ptype); 3811 prop_type[1] = REP_PROTOCOL_SUBTYPE(ptype); 3812 audit_data.ed_prop_value = generate_value_list(tx_data, cmd_no); 3813 3814 /* Determine the event type. */ 3815 if (tx_cmd_action(tx_data, cmd_no, &action) != 3816 REP_PROTOCOL_SUCCESS) { 3817 free(audit_data.ed_prop_value); 3818 continue; 3819 } 3820 switch (action) { 3821 case REP_PROTOCOL_TX_ENTRY_NEW: 3822 event_id = ADT_smf_create_prop; 3823 break; 3824 case REP_PROTOCOL_TX_ENTRY_CLEAR: 3825 event_id = ADT_smf_change_prop; 3826 break; 3827 case REP_PROTOCOL_TX_ENTRY_REPLACE: 3828 event_id = ADT_smf_change_prop; 3829 break; 3830 case REP_PROTOCOL_TX_ENTRY_DELETE: 3831 event_id = ADT_smf_delete_prop; 3832 break; 3833 default: 3834 assert(0); /* Missing a case */ 3835 free(audit_data.ed_prop_value); 3836 continue; 3837 } 3838 3839 /* Generate the event. */ 3840 smf_audit_event(event_id, auth_status, auth_ret_value, 3841 &audit_data); 3842 free(audit_data.ed_prop_value); 3843 } 3844 #endif /* NATIVE_BUILD */ 3845 } 3846 3847 /* 3848 * Fails with 3849 * _DELETED - node has been deleted 3850 * _NOT_SET - npp is reset 3851 * _NOT_APPLICABLE - type is _PROPERTYGRP 3852 * _INVALID_TYPE - node is corrupt or type is invalid 3853 * _TYPE_MISMATCH - node cannot have children of type type 3854 * _BAD_REQUEST - name is invalid 3855 * cannot create children for this type of node 3856 * _NO_RESOURCES - out of memory, or could not allocate new id 3857 * _PERMISSION_DENIED 3858 * _BACKEND_ACCESS 3859 * _BACKEND_READONLY 3860 * _EXISTS - child already exists 3861 * _TRUNCATED - truncated FMRI for the audit record 3862 */ 3863 int 3864 rc_node_create_child(rc_node_ptr_t *npp, uint32_t type, const char *name, 3865 rc_node_ptr_t *cpp) 3866 { 3867 rc_node_t *np; 3868 rc_node_t *cp = NULL; 3869 int rc, perm_rc; 3870 size_t sz_out; 3871 char fmri[REP_PROTOCOL_FMRI_LEN]; 3872 audit_event_data_t audit_data; 3873 3874 rc_node_clear(cpp, 0); 3875 3876 perm_rc = rc_node_modify_permission_check(&audit_data.ed_auth); 3877 3878 RC_NODE_PTR_GET_CHECK_AND_LOCK(np, npp); 3879 3880 audit_data.ed_fmri = fmri; 3881 audit_data.ed_auth = NULL; 3882 3883 /* 3884 * there is a separate interface for creating property groups 3885 */ 3886 if (type == REP_PROTOCOL_ENTITY_PROPERTYGRP) { 3887 (void) pthread_mutex_unlock(&np->rn_lock); 3888 free(audit_data.ed_auth); 3889 return (REP_PROTOCOL_FAIL_NOT_APPLICABLE); 3890 } 3891 3892 if (np->rn_id.rl_type == REP_PROTOCOL_ENTITY_CPROPERTYGRP) { 3893 (void) pthread_mutex_unlock(&np->rn_lock); 3894 np = np->rn_cchain[0]; 3895 RC_NODE_CHECK_AND_LOCK(np); 3896 } 3897 3898 if ((rc = rc_check_parent_child(np->rn_id.rl_type, type)) != 3899 REP_PROTOCOL_SUCCESS) { 3900 (void) pthread_mutex_unlock(&np->rn_lock); 3901 free(audit_data.ed_auth); 3902 return (rc); 3903 } 3904 if ((rc = rc_check_type_name(type, name)) != REP_PROTOCOL_SUCCESS) { 3905 (void) pthread_mutex_unlock(&np->rn_lock); 3906 free(audit_data.ed_auth); 3907 return (rc); 3908 } 3909 3910 if ((rc = rc_get_fmri_and_concat(np, fmri, sizeof (fmri), &sz_out, 3911 name, type)) != REP_PROTOCOL_SUCCESS) { 3912 (void) pthread_mutex_unlock(&np->rn_lock); 3913 free(audit_data.ed_auth); 3914 return (rc); 3915 } 3916 if (perm_rc != REP_PROTOCOL_SUCCESS) { 3917 (void) pthread_mutex_unlock(&np->rn_lock); 3918 smf_audit_event(ADT_smf_create, ADT_FAILURE, 3919 ADT_FAIL_VALUE_AUTH, &audit_data); 3920 free(audit_data.ed_auth); 3921 return (perm_rc); 3922 } 3923 3924 HOLD_PTR_FLAG_OR_FREE_AND_RETURN(np, npp, RC_NODE_CREATING_CHILD, 3925 audit_data.ed_auth); 3926 (void) pthread_mutex_unlock(&np->rn_lock); 3927 3928 rc = object_create(np, type, name, &cp); 3929 assert(rc != REP_PROTOCOL_FAIL_NOT_APPLICABLE); 3930 3931 if (rc == REP_PROTOCOL_SUCCESS) { 3932 rc_node_assign(cpp, cp); 3933 rc_node_rele(cp); 3934 } 3935 3936 (void) pthread_mutex_lock(&np->rn_lock); 3937 rc_node_rele_flag(np, RC_NODE_CREATING_CHILD); 3938 (void) pthread_mutex_unlock(&np->rn_lock); 3939 3940 if (rc == REP_PROTOCOL_SUCCESS) { 3941 smf_audit_event(ADT_smf_create, ADT_SUCCESS, ADT_SUCCESS, 3942 &audit_data); 3943 } 3944 3945 free(audit_data.ed_auth); 3946 3947 return (rc); 3948 } 3949 3950 int 3951 rc_node_create_child_pg(rc_node_ptr_t *npp, uint32_t type, const char *name, 3952 const char *pgtype, uint32_t flags, rc_node_ptr_t *cpp) 3953 { 3954 rc_node_t *np; 3955 rc_node_t *cp; 3956 int rc; 3957 permcheck_t *pcp; 3958 int granted; 3959 char fmri[REP_PROTOCOL_FMRI_LEN]; 3960 audit_event_data_t audit_data; 3961 au_event_t event_id; 3962 size_t sz_out; 3963 3964 audit_data.ed_auth = NULL; 3965 audit_data.ed_fmri = fmri; 3966 audit_data.ed_type = (char *)pgtype; 3967 3968 rc_node_clear(cpp, 0); 3969 3970 /* verify flags is valid */ 3971 if (flags & ~SCF_PG_FLAG_NONPERSISTENT) 3972 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 3973 3974 RC_NODE_PTR_GET_CHECK_AND_HOLD(np, npp); 3975 3976 if (type != REP_PROTOCOL_ENTITY_PROPERTYGRP) { 3977 rc_node_rele(np); 3978 return (REP_PROTOCOL_FAIL_NOT_APPLICABLE); 3979 } 3980 3981 if ((rc = rc_check_parent_child(np->rn_id.rl_type, type)) != 3982 REP_PROTOCOL_SUCCESS) { 3983 rc_node_rele(np); 3984 return (rc); 3985 } 3986 if ((rc = rc_check_type_name(type, name)) != REP_PROTOCOL_SUCCESS || 3987 (rc = rc_check_pgtype_name(pgtype)) != REP_PROTOCOL_SUCCESS) { 3988 rc_node_rele(np); 3989 return (rc); 3990 } 3991 3992 #ifdef NATIVE_BUILD 3993 if (!client_is_privileged()) { 3994 rc = REP_PROTOCOL_FAIL_PERMISSION_DENIED; 3995 } 3996 #else 3997 if (flags & SCF_PG_FLAG_NONPERSISTENT) { 3998 event_id = ADT_smf_create_npg; 3999 } else { 4000 event_id = ADT_smf_create_pg; 4001 } 4002 if ((rc = rc_get_fmri_and_concat(np, fmri, sizeof (fmri), &sz_out, 4003 name, REP_PROTOCOL_ENTITY_PROPERTYGRP)) != REP_PROTOCOL_SUCCESS) { 4004 rc_node_rele(np); 4005 return (rc); 4006 } 4007 4008 if (is_main_repository) { 4009 /* Must have .smf.modify or smf.modify.<type> authorization */ 4010 pcp = pc_create(); 4011 if (pcp != NULL) { 4012 rc = perm_add_enabling(pcp, AUTH_MODIFY); 4013 4014 if (rc == REP_PROTOCOL_SUCCESS) { 4015 const char * const auth = 4016 perm_auth_for_pgtype(pgtype); 4017 4018 if (auth != NULL) 4019 rc = perm_add_enabling(pcp, auth); 4020 } 4021 4022 /* 4023 * .manage or $action_authorization can be used to 4024 * create the actions pg and the general_ovr pg. 4025 */ 4026 if (rc == REP_PROTOCOL_SUCCESS && 4027 (flags & SCF_PG_FLAG_NONPERSISTENT) != 0 && 4028 np->rn_id.rl_type == REP_PROTOCOL_ENTITY_INSTANCE && 4029 ((strcmp(name, AUTH_PG_ACTIONS) == 0 && 4030 strcmp(pgtype, AUTH_PG_ACTIONS_TYPE) == 0) || 4031 (strcmp(name, AUTH_PG_GENERAL_OVR) == 0 && 4032 strcmp(pgtype, AUTH_PG_GENERAL_OVR_TYPE) == 0))) { 4033 rc = perm_add_enabling(pcp, AUTH_MANAGE); 4034 4035 if (rc == REP_PROTOCOL_SUCCESS) 4036 rc = perm_add_inst_action_auth(pcp, np); 4037 } 4038 4039 if (rc == REP_PROTOCOL_SUCCESS) { 4040 granted = perm_granted(pcp); 4041 4042 if (granted < 0) { 4043 rc = REP_PROTOCOL_FAIL_NO_RESOURCES; 4044 } else { 4045 /* 4046 * Copy out the authorization 4047 * string before freeing pcp. 4048 */ 4049 audit_data.ed_auth = 4050 strdup(pcp->pc_auth_string); 4051 if (audit_data.ed_auth == NULL) { 4052 /* 4053 * Following code line 4054 * cannot meet both the 4055 * indentation and the line 4056 * length requirements of 4057 * cstyle. Indendation has 4058 * been sacrificed. 4059 */ 4060 /* CSTYLED */ 4061 rc = REP_PROTOCOL_FAIL_NO_RESOURCES; 4062 } 4063 } 4064 } 4065 4066 pc_free(pcp); 4067 } else { 4068 rc = REP_PROTOCOL_FAIL_NO_RESOURCES; 4069 } 4070 4071 if (rc == REP_PROTOCOL_SUCCESS && !granted) 4072 rc = REP_PROTOCOL_FAIL_PERMISSION_DENIED; 4073 } else { 4074 rc = REP_PROTOCOL_SUCCESS; 4075 } 4076 #endif /* NATIVE_BUILD */ 4077 4078 if (rc != REP_PROTOCOL_SUCCESS) { 4079 rc_node_rele(np); 4080 smf_audit_event(event_id, ADT_FAILURE, 4081 ADT_FAIL_VALUE_AUTH, &audit_data); 4082 if (audit_data.ed_auth != NULL) 4083 free(audit_data.ed_auth); 4084 return (rc); 4085 } 4086 4087 (void) pthread_mutex_lock(&np->rn_lock); 4088 HOLD_PTR_FLAG_OR_FREE_AND_RETURN(np, npp, RC_NODE_CREATING_CHILD, 4089 audit_data.ed_auth); 4090 (void) pthread_mutex_unlock(&np->rn_lock); 4091 4092 rc = object_create_pg(np, type, name, pgtype, flags, &cp); 4093 4094 if (rc == REP_PROTOCOL_SUCCESS) { 4095 rc_node_assign(cpp, cp); 4096 rc_node_rele(cp); 4097 } 4098 4099 (void) pthread_mutex_lock(&np->rn_lock); 4100 rc_node_rele_flag(np, RC_NODE_CREATING_CHILD); 4101 (void) pthread_mutex_unlock(&np->rn_lock); 4102 4103 if (rc == REP_PROTOCOL_SUCCESS) { 4104 smf_audit_event(event_id, ADT_SUCCESS, ADT_SUCCESS, 4105 &audit_data); 4106 } 4107 if (audit_data.ed_auth != NULL) 4108 free(audit_data.ed_auth); 4109 4110 return (rc); 4111 } 4112 4113 static void 4114 rc_pg_notify_fire(rc_node_pg_notify_t *pnp) 4115 { 4116 assert(MUTEX_HELD(&rc_pg_notify_lock)); 4117 4118 if (pnp->rnpn_pg != NULL) { 4119 uu_list_remove(pnp->rnpn_pg->rn_pg_notify_list, pnp); 4120 (void) close(pnp->rnpn_fd); 4121 4122 pnp->rnpn_pg = NULL; 4123 pnp->rnpn_fd = -1; 4124 } else { 4125 assert(pnp->rnpn_fd == -1); 4126 } 4127 } 4128 4129 static void 4130 rc_notify_node_delete(rc_notify_delete_t *ndp, rc_node_t *np_arg) 4131 { 4132 rc_node_t *svc = NULL; 4133 rc_node_t *inst = NULL; 4134 rc_node_t *pg = NULL; 4135 rc_node_t *np = np_arg; 4136 rc_node_t *nnp; 4137 4138 while (svc == NULL) { 4139 (void) pthread_mutex_lock(&np->rn_lock); 4140 if (!rc_node_hold_flag(np, RC_NODE_USING_PARENT)) { 4141 (void) pthread_mutex_unlock(&np->rn_lock); 4142 goto cleanup; 4143 } 4144 nnp = np->rn_parent; 4145 rc_node_hold_locked(np); /* hold it in place */ 4146 4147 switch (np->rn_id.rl_type) { 4148 case REP_PROTOCOL_ENTITY_PROPERTYGRP: 4149 assert(pg == NULL); 4150 pg = np; 4151 break; 4152 case REP_PROTOCOL_ENTITY_INSTANCE: 4153 assert(inst == NULL); 4154 inst = np; 4155 break; 4156 case REP_PROTOCOL_ENTITY_SERVICE: 4157 assert(svc == NULL); 4158 svc = np; 4159 break; 4160 default: 4161 rc_node_rele_flag(np, RC_NODE_USING_PARENT); 4162 rc_node_rele_locked(np); 4163 goto cleanup; 4164 } 4165 4166 (void) pthread_mutex_unlock(&np->rn_lock); 4167 4168 np = nnp; 4169 if (np == NULL) 4170 goto cleanup; 4171 } 4172 4173 rc_notify_deletion(ndp, 4174 svc->rn_name, 4175 inst != NULL ? inst->rn_name : NULL, 4176 pg != NULL ? pg->rn_name : NULL); 4177 4178 ndp = NULL; 4179 4180 cleanup: 4181 if (ndp != NULL) 4182 uu_free(ndp); 4183 4184 for (;;) { 4185 if (svc != NULL) { 4186 np = svc; 4187 svc = NULL; 4188 } else if (inst != NULL) { 4189 np = inst; 4190 inst = NULL; 4191 } else if (pg != NULL) { 4192 np = pg; 4193 pg = NULL; 4194 } else 4195 break; 4196 4197 (void) pthread_mutex_lock(&np->rn_lock); 4198 rc_node_rele_flag(np, RC_NODE_USING_PARENT); 4199 rc_node_rele_locked(np); 4200 } 4201 } 4202 4203 /* 4204 * N.B.: this function drops np->rn_lock on the way out. 4205 */ 4206 static void 4207 rc_node_delete_hold(rc_node_t *np, int andformer) 4208 { 4209 rc_node_t *cp; 4210 4211 again: 4212 assert(MUTEX_HELD(&np->rn_lock)); 4213 assert((np->rn_flags & RC_NODE_DYING_FLAGS) == RC_NODE_DYING_FLAGS); 4214 4215 for (cp = uu_list_first(np->rn_children); cp != NULL; 4216 cp = uu_list_next(np->rn_children, cp)) { 4217 (void) pthread_mutex_lock(&cp->rn_lock); 4218 (void) pthread_mutex_unlock(&np->rn_lock); 4219 if (!rc_node_hold_flag(cp, RC_NODE_DYING_FLAGS)) { 4220 /* 4221 * already marked as dead -- can't happen, since that 4222 * would require setting RC_NODE_CHILDREN_CHANGING 4223 * in np, and we're holding that... 4224 */ 4225 abort(); 4226 } 4227 rc_node_delete_hold(cp, andformer); /* recurse, drop lock */ 4228 4229 (void) pthread_mutex_lock(&np->rn_lock); 4230 } 4231 if (andformer && (cp = np->rn_former) != NULL) { 4232 (void) pthread_mutex_lock(&cp->rn_lock); 4233 (void) pthread_mutex_unlock(&np->rn_lock); 4234 if (!rc_node_hold_flag(cp, RC_NODE_DYING_FLAGS)) 4235 abort(); /* can't happen, see above */ 4236 np = cp; 4237 goto again; /* tail-recurse down rn_former */ 4238 } 4239 (void) pthread_mutex_unlock(&np->rn_lock); 4240 } 4241 4242 /* 4243 * N.B.: this function drops np->rn_lock on the way out. 4244 */ 4245 static void 4246 rc_node_delete_rele(rc_node_t *np, int andformer) 4247 { 4248 rc_node_t *cp; 4249 4250 again: 4251 assert(MUTEX_HELD(&np->rn_lock)); 4252 assert((np->rn_flags & RC_NODE_DYING_FLAGS) == RC_NODE_DYING_FLAGS); 4253 4254 for (cp = uu_list_first(np->rn_children); cp != NULL; 4255 cp = uu_list_next(np->rn_children, cp)) { 4256 (void) pthread_mutex_lock(&cp->rn_lock); 4257 (void) pthread_mutex_unlock(&np->rn_lock); 4258 rc_node_delete_rele(cp, andformer); /* recurse, drop lock */ 4259 (void) pthread_mutex_lock(&np->rn_lock); 4260 } 4261 if (andformer && (cp = np->rn_former) != NULL) { 4262 (void) pthread_mutex_lock(&cp->rn_lock); 4263 rc_node_rele_flag(np, RC_NODE_DYING_FLAGS); 4264 (void) pthread_mutex_unlock(&np->rn_lock); 4265 4266 np = cp; 4267 goto again; /* tail-recurse down rn_former */ 4268 } 4269 rc_node_rele_flag(np, RC_NODE_DYING_FLAGS); 4270 (void) pthread_mutex_unlock(&np->rn_lock); 4271 } 4272 4273 static void 4274 rc_node_finish_delete(rc_node_t *cp) 4275 { 4276 cache_bucket_t *bp; 4277 rc_node_pg_notify_t *pnp; 4278 4279 assert(MUTEX_HELD(&cp->rn_lock)); 4280 4281 if (!(cp->rn_flags & RC_NODE_OLD)) { 4282 assert(cp->rn_flags & RC_NODE_IN_PARENT); 4283 if (!rc_node_wait_flag(cp, RC_NODE_USING_PARENT)) { 4284 abort(); /* can't happen, see above */ 4285 } 4286 cp->rn_flags &= ~RC_NODE_IN_PARENT; 4287 cp->rn_parent = NULL; 4288 rc_node_free_fmri(cp); 4289 } 4290 4291 cp->rn_flags |= RC_NODE_DEAD; 4292 4293 /* 4294 * If this node is not out-dated, we need to remove it from 4295 * the notify list and cache hash table. 4296 */ 4297 if (!(cp->rn_flags & RC_NODE_OLD)) { 4298 assert(cp->rn_refs > 0); /* can't go away yet */ 4299 (void) pthread_mutex_unlock(&cp->rn_lock); 4300 4301 (void) pthread_mutex_lock(&rc_pg_notify_lock); 4302 while ((pnp = uu_list_first(cp->rn_pg_notify_list)) != NULL) 4303 rc_pg_notify_fire(pnp); 4304 (void) pthread_mutex_unlock(&rc_pg_notify_lock); 4305 rc_notify_remove_node(cp); 4306 4307 bp = cache_hold(cp->rn_hash); 4308 (void) pthread_mutex_lock(&cp->rn_lock); 4309 cache_remove_unlocked(bp, cp); 4310 cache_release(bp); 4311 } 4312 } 4313 4314 /* 4315 * N.B.: this function drops np->rn_lock and a reference on the way out. 4316 */ 4317 static void 4318 rc_node_delete_children(rc_node_t *np, int andformer) 4319 { 4320 rc_node_t *cp; 4321 4322 again: 4323 assert(np->rn_refs > 0); 4324 assert(MUTEX_HELD(&np->rn_lock)); 4325 assert(np->rn_flags & RC_NODE_DEAD); 4326 4327 while ((cp = uu_list_first(np->rn_children)) != NULL) { 4328 uu_list_remove(np->rn_children, cp); 4329 (void) pthread_mutex_lock(&cp->rn_lock); 4330 (void) pthread_mutex_unlock(&np->rn_lock); 4331 rc_node_hold_locked(cp); /* hold while we recurse */ 4332 rc_node_finish_delete(cp); 4333 rc_node_delete_children(cp, andformer); /* drops lock + ref */ 4334 (void) pthread_mutex_lock(&np->rn_lock); 4335 } 4336 4337 /* 4338 * When we drop cp's lock, all the children will be gone, so we 4339 * can release DYING_FLAGS. 4340 */ 4341 rc_node_rele_flag(np, RC_NODE_DYING_FLAGS); 4342 if (andformer && (cp = np->rn_former) != NULL) { 4343 np->rn_former = NULL; /* unlink */ 4344 (void) pthread_mutex_lock(&cp->rn_lock); 4345 (void) pthread_mutex_unlock(&np->rn_lock); 4346 cp->rn_flags &= ~RC_NODE_ON_FORMER; 4347 4348 rc_node_hold_locked(cp); /* hold while we loop */ 4349 4350 rc_node_finish_delete(cp); 4351 4352 rc_node_rele(np); /* drop the old reference */ 4353 4354 np = cp; 4355 goto again; /* tail-recurse down rn_former */ 4356 } 4357 rc_node_rele_locked(np); 4358 } 4359 4360 static void 4361 rc_node_unrefed(rc_node_t *np) 4362 { 4363 int unrefed; 4364 rc_node_t *pp, *cur; 4365 4366 assert(MUTEX_HELD(&np->rn_lock)); 4367 assert(np->rn_refs == 0); 4368 assert(np->rn_other_refs == 0); 4369 assert(np->rn_other_refs_held == 0); 4370 4371 if (np->rn_flags & RC_NODE_DEAD) { 4372 (void) pthread_mutex_unlock(&np->rn_lock); 4373 rc_node_destroy(np); 4374 return; 4375 } 4376 4377 assert(np->rn_flags & RC_NODE_OLD); 4378 if (np->rn_flags & RC_NODE_UNREFED) { 4379 (void) pthread_mutex_unlock(&np->rn_lock); 4380 return; 4381 } 4382 np->rn_flags |= RC_NODE_UNREFED; 4383 4384 (void) pthread_mutex_unlock(&np->rn_lock); 4385 4386 /* 4387 * find the current in-hash object, and grab it's RC_NODE_IN_TX 4388 * flag. That protects the entire rn_former chain. 4389 */ 4390 for (;;) { 4391 pp = cache_lookup(&np->rn_id); 4392 if (pp == NULL) { 4393 (void) pthread_mutex_lock(&np->rn_lock); 4394 if (np->rn_flags & RC_NODE_DEAD) 4395 goto died; 4396 /* 4397 * We are trying to unreference this node, but the 4398 * owner of the former list does not exist. It must 4399 * be the case that another thread is deleting this 4400 * entire sub-branch, but has not yet reached us. 4401 * We will in short order be deleted. 4402 */ 4403 np->rn_flags &= ~RC_NODE_UNREFED; 4404 (void) pthread_mutex_unlock(&np->rn_lock); 4405 return; 4406 } 4407 if (pp == np) { 4408 /* 4409 * no longer unreferenced 4410 */ 4411 (void) pthread_mutex_lock(&np->rn_lock); 4412 np->rn_flags &= ~RC_NODE_UNREFED; 4413 rc_node_rele_locked(np); 4414 return; 4415 } 4416 (void) pthread_mutex_lock(&pp->rn_lock); 4417 if ((pp->rn_flags & RC_NODE_OLD) || 4418 !rc_node_hold_flag(pp, RC_NODE_IN_TX)) { 4419 rc_node_rele_locked(pp); 4420 continue; 4421 } 4422 if (!(pp->rn_flags & RC_NODE_OLD)) { 4423 (void) pthread_mutex_unlock(&pp->rn_lock); 4424 break; 4425 } 4426 rc_node_rele_flag(pp, RC_NODE_IN_TX); 4427 rc_node_rele_locked(pp); 4428 } 4429 4430 (void) pthread_mutex_lock(&np->rn_lock); 4431 if (!(np->rn_flags & (RC_NODE_OLD | RC_NODE_DEAD)) || 4432 np->rn_refs != 0 || np->rn_other_refs != 0 || 4433 np->rn_other_refs_held != 0) { 4434 np->rn_flags &= ~RC_NODE_UNREFED; 4435 (void) pthread_mutex_lock(&pp->rn_lock); 4436 4437 rc_node_rele_flag(pp, RC_NODE_IN_TX); 4438 rc_node_rele_locked(pp); 4439 return; 4440 } 4441 4442 if (!rc_node_hold_flag(np, RC_NODE_DYING_FLAGS)) { 4443 (void) pthread_mutex_unlock(&np->rn_lock); 4444 4445 rc_node_rele_flag(pp, RC_NODE_IN_TX); 4446 rc_node_rele_locked(pp); 4447 4448 (void) pthread_mutex_lock(&np->rn_lock); 4449 goto died; 4450 } 4451 4452 rc_node_delete_hold(np, 0); 4453 4454 (void) pthread_mutex_lock(&np->rn_lock); 4455 if (!(np->rn_flags & RC_NODE_OLD) || 4456 np->rn_refs != 0 || np->rn_other_refs != 0 || 4457 np->rn_other_refs_held != 0) { 4458 np->rn_flags &= ~RC_NODE_UNREFED; 4459 rc_node_delete_rele(np, 0); 4460 4461 (void) pthread_mutex_lock(&pp->rn_lock); 4462 rc_node_rele_flag(pp, RC_NODE_IN_TX); 4463 rc_node_rele_locked(pp); 4464 return; 4465 } 4466 4467 np->rn_flags |= RC_NODE_DEAD; 4468 rc_node_hold_locked(np); 4469 rc_node_delete_children(np, 0); 4470 4471 /* 4472 * It's gone -- remove it from the former chain and destroy it. 4473 */ 4474 (void) pthread_mutex_lock(&pp->rn_lock); 4475 for (cur = pp; cur != NULL && cur->rn_former != np; 4476 cur = cur->rn_former) 4477 ; 4478 assert(cur != NULL && cur != np); 4479 4480 cur->rn_former = np->rn_former; 4481 np->rn_former = NULL; 4482 4483 rc_node_rele_flag(pp, RC_NODE_IN_TX); 4484 rc_node_rele_locked(pp); 4485 4486 (void) pthread_mutex_lock(&np->rn_lock); 4487 assert(np->rn_flags & RC_NODE_ON_FORMER); 4488 np->rn_flags &= ~(RC_NODE_UNREFED | RC_NODE_ON_FORMER); 4489 (void) pthread_mutex_unlock(&np->rn_lock); 4490 rc_node_destroy(np); 4491 return; 4492 4493 died: 4494 np->rn_flags &= ~RC_NODE_UNREFED; 4495 unrefed = (np->rn_refs == 0 && np->rn_other_refs == 0 && 4496 np->rn_other_refs_held == 0); 4497 (void) pthread_mutex_unlock(&np->rn_lock); 4498 if (unrefed) 4499 rc_node_destroy(np); 4500 } 4501 4502 static au_event_t 4503 get_delete_event_id(rep_protocol_entity_t entity, uint32_t pgflags) 4504 { 4505 au_event_t id = 0; 4506 4507 #ifndef NATIVE_BUILD 4508 switch (entity) { 4509 case REP_PROTOCOL_ENTITY_SERVICE: 4510 case REP_PROTOCOL_ENTITY_INSTANCE: 4511 id = ADT_smf_delete; 4512 break; 4513 case REP_PROTOCOL_ENTITY_SNAPSHOT: 4514 id = ADT_smf_delete_snap; 4515 break; 4516 case REP_PROTOCOL_ENTITY_PROPERTYGRP: 4517 case REP_PROTOCOL_ENTITY_CPROPERTYGRP: 4518 if (pgflags & SCF_PG_FLAG_NONPERSISTENT) { 4519 id = ADT_smf_delete_npg; 4520 } else { 4521 id = ADT_smf_delete_pg; 4522 } 4523 break; 4524 default: 4525 abort(); 4526 } 4527 #endif /* NATIVE_BUILD */ 4528 return (id); 4529 } 4530 4531 /* 4532 * Fails with 4533 * _NOT_SET 4534 * _DELETED 4535 * _BAD_REQUEST 4536 * _PERMISSION_DENIED 4537 * _NO_RESOURCES 4538 * _TRUNCATED 4539 * and whatever object_delete() fails with. 4540 */ 4541 int 4542 rc_node_delete(rc_node_ptr_t *npp) 4543 { 4544 rc_node_t *np, *np_orig; 4545 rc_node_t *pp = NULL; 4546 int rc; 4547 rc_node_pg_notify_t *pnp; 4548 cache_bucket_t *bp; 4549 rc_notify_delete_t *ndp; 4550 permcheck_t *pcp; 4551 int granted; 4552 au_event_t event_id = 0; 4553 size_t sz_out; 4554 audit_event_data_t audit_data; 4555 int audit_failure = 0; 4556 4557 RC_NODE_PTR_GET_CHECK_AND_LOCK(np, npp); 4558 4559 audit_data.ed_fmri = NULL; 4560 audit_data.ed_auth = NULL; 4561 audit_data.ed_snapname = NULL; 4562 audit_data.ed_type = NULL; 4563 4564 switch (np->rn_id.rl_type) { 4565 case REP_PROTOCOL_ENTITY_SERVICE: 4566 event_id = get_delete_event_id(REP_PROTOCOL_ENTITY_SERVICE, 4567 np->rn_pgflags); 4568 break; 4569 case REP_PROTOCOL_ENTITY_INSTANCE: 4570 event_id = get_delete_event_id(REP_PROTOCOL_ENTITY_INSTANCE, 4571 np->rn_pgflags); 4572 break; 4573 case REP_PROTOCOL_ENTITY_SNAPSHOT: 4574 event_id = get_delete_event_id(REP_PROTOCOL_ENTITY_SNAPSHOT, 4575 np->rn_pgflags); 4576 audit_data.ed_snapname = strdup(np->rn_name); 4577 if (audit_data.ed_snapname == NULL) { 4578 (void) pthread_mutex_unlock(&np->rn_lock); 4579 return (REP_PROTOCOL_FAIL_NO_RESOURCES); 4580 } 4581 break; /* deletable */ 4582 4583 case REP_PROTOCOL_ENTITY_SCOPE: 4584 case REP_PROTOCOL_ENTITY_SNAPLEVEL: 4585 /* Scopes and snaplevels are indelible. */ 4586 (void) pthread_mutex_unlock(&np->rn_lock); 4587 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 4588 4589 case REP_PROTOCOL_ENTITY_CPROPERTYGRP: 4590 (void) pthread_mutex_unlock(&np->rn_lock); 4591 np = np->rn_cchain[0]; 4592 RC_NODE_CHECK_AND_LOCK(np); 4593 event_id = get_delete_event_id(REP_PROTOCOL_ENTITY_CPROPERTYGRP, 4594 np->rn_pgflags); 4595 break; 4596 4597 case REP_PROTOCOL_ENTITY_PROPERTYGRP: 4598 if (np->rn_id.rl_ids[ID_SNAPSHOT] == 0) { 4599 event_id = 4600 get_delete_event_id(REP_PROTOCOL_ENTITY_PROPERTYGRP, 4601 np->rn_pgflags); 4602 audit_data.ed_type = strdup(np->rn_type); 4603 if (audit_data.ed_type == NULL) { 4604 (void) pthread_mutex_unlock(&np->rn_lock); 4605 return (REP_PROTOCOL_FAIL_NO_RESOURCES); 4606 } 4607 break; 4608 } 4609 4610 /* Snapshot property groups are indelible. */ 4611 (void) pthread_mutex_unlock(&np->rn_lock); 4612 return (REP_PROTOCOL_FAIL_PERMISSION_DENIED); 4613 4614 case REP_PROTOCOL_ENTITY_PROPERTY: 4615 (void) pthread_mutex_unlock(&np->rn_lock); 4616 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 4617 4618 default: 4619 assert(0); 4620 abort(); 4621 break; 4622 } 4623 4624 audit_data.ed_fmri = malloc(REP_PROTOCOL_FMRI_LEN); 4625 if (audit_data.ed_fmri == NULL) { 4626 rc = REP_PROTOCOL_FAIL_NO_RESOURCES; 4627 goto cleanout; 4628 } 4629 np_orig = np; 4630 rc_node_hold_locked(np); /* simplifies rest of the code */ 4631 4632 again: 4633 /* 4634 * The following loop is to deal with the fact that snapshots and 4635 * property groups are moving targets -- changes to them result 4636 * in a new "child" node. Since we can only delete from the top node, 4637 * we have to loop until we have a non-RC_NODE_OLD version. 4638 */ 4639 for (;;) { 4640 if (!rc_node_wait_flag(np, 4641 RC_NODE_IN_TX | RC_NODE_USING_PARENT)) { 4642 rc_node_rele_locked(np); 4643 rc = REP_PROTOCOL_FAIL_DELETED; 4644 goto cleanout; 4645 } 4646 4647 if (np->rn_flags & RC_NODE_OLD) { 4648 rc_node_rele_locked(np); 4649 np = cache_lookup(&np_orig->rn_id); 4650 assert(np != np_orig); 4651 4652 if (np == NULL) { 4653 rc = REP_PROTOCOL_FAIL_DELETED; 4654 goto fail; 4655 } 4656 (void) pthread_mutex_lock(&np->rn_lock); 4657 continue; 4658 } 4659 4660 if (!rc_node_hold_flag(np, RC_NODE_USING_PARENT)) { 4661 rc_node_rele_locked(np); 4662 rc_node_clear(npp, 1); 4663 rc = REP_PROTOCOL_FAIL_DELETED; 4664 } 4665 4666 /* 4667 * Mark our parent as children changing. this call drops our 4668 * lock and the RC_NODE_USING_PARENT flag, and returns with 4669 * pp's lock held 4670 */ 4671 pp = rc_node_hold_parent_flag(np, RC_NODE_CHILDREN_CHANGING); 4672 if (pp == NULL) { 4673 /* our parent is gone, we're going next... */ 4674 rc_node_rele(np); 4675 4676 rc_node_clear(npp, 1); 4677 rc = REP_PROTOCOL_FAIL_DELETED; 4678 goto cleanout; 4679 } 4680 4681 rc_node_hold_locked(pp); /* hold for later */ 4682 (void) pthread_mutex_unlock(&pp->rn_lock); 4683 4684 (void) pthread_mutex_lock(&np->rn_lock); 4685 if (!(np->rn_flags & RC_NODE_OLD)) 4686 break; /* not old -- we're done */ 4687 4688 (void) pthread_mutex_unlock(&np->rn_lock); 4689 (void) pthread_mutex_lock(&pp->rn_lock); 4690 rc_node_rele_flag(pp, RC_NODE_CHILDREN_CHANGING); 4691 rc_node_rele_locked(pp); 4692 (void) pthread_mutex_lock(&np->rn_lock); 4693 continue; /* loop around and try again */ 4694 } 4695 /* 4696 * Everyone out of the pool -- we grab everything but 4697 * RC_NODE_USING_PARENT (including RC_NODE_DYING) to keep 4698 * any changes from occurring while we are attempting to 4699 * delete the node. 4700 */ 4701 if (!rc_node_hold_flag(np, RC_NODE_DYING_FLAGS)) { 4702 (void) pthread_mutex_unlock(&np->rn_lock); 4703 rc = REP_PROTOCOL_FAIL_DELETED; 4704 goto fail; 4705 } 4706 4707 assert(!(np->rn_flags & RC_NODE_OLD)); 4708 4709 if ((rc = rc_node_get_fmri_or_fragment(np, audit_data.ed_fmri, 4710 REP_PROTOCOL_FMRI_LEN, &sz_out)) != REP_PROTOCOL_SUCCESS) { 4711 rc_node_rele_flag(np, RC_NODE_DYING_FLAGS); 4712 (void) pthread_mutex_unlock(&np->rn_lock); 4713 goto fail; 4714 } 4715 4716 #ifdef NATIVE_BUILD 4717 if (!client_is_privileged()) { 4718 rc = REP_PROTOCOL_FAIL_PERMISSION_DENIED; 4719 } 4720 #else 4721 if (is_main_repository) { 4722 /* permission check */ 4723 (void) pthread_mutex_unlock(&np->rn_lock); 4724 pcp = pc_create(); 4725 if (pcp != NULL) { 4726 rc = perm_add_enabling(pcp, AUTH_MODIFY); 4727 4728 /* add .smf.modify.<type> for pgs. */ 4729 if (rc == REP_PROTOCOL_SUCCESS && np->rn_id.rl_type == 4730 REP_PROTOCOL_ENTITY_PROPERTYGRP) { 4731 const char * const auth = 4732 perm_auth_for_pgtype(np->rn_type); 4733 4734 if (auth != NULL) 4735 rc = perm_add_enabling(pcp, auth); 4736 } 4737 4738 if (rc == REP_PROTOCOL_SUCCESS) { 4739 granted = perm_granted(pcp); 4740 4741 if (granted < 0) { 4742 rc = REP_PROTOCOL_FAIL_NO_RESOURCES; 4743 } else { 4744 /* 4745 * Copy out the authorization 4746 * string before freeing pcp. 4747 */ 4748 audit_data.ed_auth = 4749 strdup(pcp->pc_auth_string); 4750 if (audit_data.ed_auth == NULL) { 4751 /* 4752 * Following code line 4753 * cannot meet both the 4754 * indentation and the line 4755 * length requirements of 4756 * cstyle. Indendation has 4757 * been sacrificed. 4758 */ 4759 /* CSTYLED */ 4760 rc = REP_PROTOCOL_FAIL_NO_RESOURCES; 4761 } 4762 } 4763 } 4764 4765 pc_free(pcp); 4766 } else { 4767 rc = REP_PROTOCOL_FAIL_NO_RESOURCES; 4768 } 4769 4770 if (rc == REP_PROTOCOL_SUCCESS && !granted) { 4771 rc = REP_PROTOCOL_FAIL_PERMISSION_DENIED; 4772 audit_failure = 1; 4773 } 4774 (void) pthread_mutex_lock(&np->rn_lock); 4775 } else { 4776 rc = REP_PROTOCOL_SUCCESS; 4777 } 4778 #endif /* NATIVE_BUILD */ 4779 4780 if (rc != REP_PROTOCOL_SUCCESS) { 4781 rc_node_rele_flag(np, RC_NODE_DYING_FLAGS); 4782 (void) pthread_mutex_unlock(&np->rn_lock); 4783 goto fail; 4784 } 4785 4786 ndp = uu_zalloc(sizeof (*ndp)); 4787 if (ndp == NULL) { 4788 rc_node_rele_flag(np, RC_NODE_DYING_FLAGS); 4789 (void) pthread_mutex_unlock(&np->rn_lock); 4790 rc = REP_PROTOCOL_FAIL_NO_RESOURCES; 4791 goto fail; 4792 } 4793 4794 rc_node_delete_hold(np, 1); /* hold entire subgraph, drop lock */ 4795 4796 rc = object_delete(np); 4797 4798 if (rc != REP_PROTOCOL_SUCCESS) { 4799 (void) pthread_mutex_lock(&np->rn_lock); 4800 rc_node_delete_rele(np, 1); /* drops lock */ 4801 uu_free(ndp); 4802 goto fail; 4803 } 4804 4805 /* 4806 * Now, delicately unlink and delete the object. 4807 * 4808 * Create the delete notification, atomically remove 4809 * from the hash table and set the NODE_DEAD flag, and 4810 * remove from the parent's children list. 4811 */ 4812 rc_notify_node_delete(ndp, np); /* frees or uses ndp */ 4813 4814 bp = cache_hold(np->rn_hash); 4815 4816 (void) pthread_mutex_lock(&np->rn_lock); 4817 cache_remove_unlocked(bp, np); 4818 cache_release(bp); 4819 4820 np->rn_flags |= RC_NODE_DEAD; 4821 if (pp != NULL) { 4822 (void) pthread_mutex_unlock(&np->rn_lock); 4823 4824 (void) pthread_mutex_lock(&pp->rn_lock); 4825 (void) pthread_mutex_lock(&np->rn_lock); 4826 uu_list_remove(pp->rn_children, np); 4827 rc_node_rele_flag(pp, RC_NODE_CHILDREN_CHANGING); 4828 (void) pthread_mutex_unlock(&pp->rn_lock); 4829 np->rn_flags &= ~RC_NODE_IN_PARENT; 4830 } 4831 /* 4832 * finally, propagate death to our children, handle notifications, 4833 * and release our hold. 4834 */ 4835 rc_node_hold_locked(np); /* hold for delete */ 4836 rc_node_delete_children(np, 1); /* drops DYING_FLAGS, lock, ref */ 4837 4838 rc_node_clear(npp, 1); 4839 4840 (void) pthread_mutex_lock(&rc_pg_notify_lock); 4841 while ((pnp = uu_list_first(np->rn_pg_notify_list)) != NULL) 4842 rc_pg_notify_fire(pnp); 4843 (void) pthread_mutex_unlock(&rc_pg_notify_lock); 4844 rc_notify_remove_node(np); 4845 4846 rc_node_rele(np); 4847 4848 smf_audit_event(event_id, ADT_SUCCESS, ADT_SUCCESS, 4849 &audit_data); 4850 free(audit_data.ed_auth); 4851 free(audit_data.ed_snapname); 4852 free(audit_data.ed_type); 4853 free(audit_data.ed_fmri); 4854 return (rc); 4855 4856 fail: 4857 rc_node_rele(np); 4858 if (rc == REP_PROTOCOL_FAIL_DELETED) 4859 rc_node_clear(npp, 1); 4860 if (pp != NULL) { 4861 (void) pthread_mutex_lock(&pp->rn_lock); 4862 rc_node_rele_flag(pp, RC_NODE_CHILDREN_CHANGING); 4863 rc_node_rele_locked(pp); /* drop ref and lock */ 4864 } 4865 if (audit_failure) { 4866 smf_audit_event(event_id, ADT_FAILURE, 4867 ADT_FAIL_VALUE_AUTH, &audit_data); 4868 } 4869 cleanout: 4870 free(audit_data.ed_auth); 4871 free(audit_data.ed_snapname); 4872 free(audit_data.ed_type); 4873 free(audit_data.ed_fmri); 4874 return (rc); 4875 } 4876 4877 int 4878 rc_node_next_snaplevel(rc_node_ptr_t *npp, rc_node_ptr_t *cpp) 4879 { 4880 rc_node_t *np; 4881 rc_node_t *cp, *pp; 4882 int res; 4883 4884 rc_node_clear(cpp, 0); 4885 4886 RC_NODE_PTR_GET_CHECK_AND_LOCK(np, npp); 4887 4888 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_SNAPSHOT && 4889 np->rn_id.rl_type != REP_PROTOCOL_ENTITY_SNAPLEVEL) { 4890 (void) pthread_mutex_unlock(&np->rn_lock); 4891 return (REP_PROTOCOL_FAIL_NOT_APPLICABLE); 4892 } 4893 4894 if (np->rn_id.rl_type == REP_PROTOCOL_ENTITY_SNAPSHOT) { 4895 if ((res = rc_node_fill_children(np, 4896 REP_PROTOCOL_ENTITY_SNAPLEVEL)) != REP_PROTOCOL_SUCCESS) { 4897 (void) pthread_mutex_unlock(&np->rn_lock); 4898 return (res); 4899 } 4900 4901 for (cp = uu_list_first(np->rn_children); 4902 cp != NULL; 4903 cp = uu_list_next(np->rn_children, cp)) { 4904 if (cp->rn_id.rl_type != REP_PROTOCOL_ENTITY_SNAPLEVEL) 4905 continue; 4906 rc_node_hold(cp); 4907 break; 4908 } 4909 4910 (void) pthread_mutex_unlock(&np->rn_lock); 4911 } else { 4912 HOLD_PTR_FLAG_OR_RETURN(np, npp, RC_NODE_USING_PARENT); 4913 /* 4914 * mark our parent as children changing. This call drops our 4915 * lock and the RC_NODE_USING_PARENT flag, and returns with 4916 * pp's lock held 4917 */ 4918 pp = rc_node_hold_parent_flag(np, RC_NODE_CHILDREN_CHANGING); 4919 if (pp == NULL) { 4920 /* our parent is gone, we're going next... */ 4921 4922 rc_node_clear(npp, 1); 4923 return (REP_PROTOCOL_FAIL_DELETED); 4924 } 4925 4926 /* 4927 * find the next snaplevel 4928 */ 4929 cp = np; 4930 while ((cp = uu_list_next(pp->rn_children, cp)) != NULL && 4931 cp->rn_id.rl_type != REP_PROTOCOL_ENTITY_SNAPLEVEL) 4932 ; 4933 4934 /* it must match the snaplevel list */ 4935 assert((cp == NULL && np->rn_snaplevel->rsl_next == NULL) || 4936 (cp != NULL && np->rn_snaplevel->rsl_next == 4937 cp->rn_snaplevel)); 4938 4939 if (cp != NULL) 4940 rc_node_hold(cp); 4941 4942 rc_node_rele_flag(pp, RC_NODE_CHILDREN_CHANGING); 4943 4944 (void) pthread_mutex_unlock(&pp->rn_lock); 4945 } 4946 4947 rc_node_assign(cpp, cp); 4948 if (cp != NULL) { 4949 rc_node_rele(cp); 4950 4951 return (REP_PROTOCOL_SUCCESS); 4952 } 4953 return (REP_PROTOCOL_FAIL_NOT_FOUND); 4954 } 4955 4956 /* 4957 * This call takes a snapshot (np) and either: 4958 * an existing snapid (to be associated with np), or 4959 * a non-NULL parentp (from which a new snapshot is taken, and associated 4960 * with np) 4961 * 4962 * To do the association, np is duplicated, the duplicate is made to 4963 * represent the new snapid, and np is replaced with the new rc_node_t on 4964 * np's parent's child list. np is placed on the new node's rn_former list, 4965 * and replaces np in cache_hash (so rc_node_update() will find the new one). 4966 * 4967 * old_fmri and old_name point to the original snap shot's FMRI and name. 4968 * These values are used when generating audit events. 4969 * 4970 * Fails with 4971 * _BAD_REQUEST 4972 * _BACKEND_READONLY 4973 * _DELETED 4974 * _NO_RESOURCES 4975 * _TRUNCATED 4976 * _TYPE_MISMATCH 4977 */ 4978 static int 4979 rc_attach_snapshot( 4980 rc_node_t *np, 4981 uint32_t snapid, 4982 rc_node_t *parentp, 4983 char *old_fmri, 4984 char *old_name) 4985 { 4986 rc_node_t *np_orig; 4987 rc_node_t *nnp, *prev; 4988 rc_node_t *pp; 4989 int rc; 4990 size_t sz_out; 4991 au_event_t event_id; 4992 audit_event_data_t audit_data; 4993 4994 if (parentp == NULL) { 4995 assert(old_fmri != NULL); 4996 } else { 4997 assert(snapid == 0); 4998 } 4999 assert(MUTEX_HELD(&np->rn_lock)); 5000 5001 /* Gather the audit data. */ 5002 /* 5003 * ADT_smf_* symbols may not be defined in the /usr/include header 5004 * files on the build machine. Thus, the following if-else will 5005 * not be compiled when doing native builds. 5006 */ 5007 #ifndef NATIVE_BUILD 5008 if (parentp == NULL) { 5009 event_id = ADT_smf_attach_snap; 5010 } else { 5011 event_id = ADT_smf_create_snap; 5012 } 5013 #endif /* NATIVE_BUILD */ 5014 audit_data.ed_fmri = malloc(REP_PROTOCOL_FMRI_LEN); 5015 audit_data.ed_snapname = malloc(REP_PROTOCOL_NAME_LEN); 5016 if ((audit_data.ed_fmri == NULL) || (audit_data.ed_snapname == NULL)) { 5017 (void) pthread_mutex_unlock(&np->rn_lock); 5018 free(audit_data.ed_fmri); 5019 free(audit_data.ed_snapname); 5020 return (REP_PROTOCOL_FAIL_NO_RESOURCES); 5021 } 5022 audit_data.ed_auth = NULL; 5023 if (strlcpy(audit_data.ed_snapname, np->rn_name, 5024 REP_PROTOCOL_NAME_LEN) >= REP_PROTOCOL_NAME_LEN) { 5025 abort(); 5026 } 5027 audit_data.ed_old_fmri = old_fmri; 5028 audit_data.ed_old_name = old_name ? old_name : "NO NAME"; 5029 5030 if (parentp == NULL) { 5031 /* 5032 * In the attach case, get the instance FMRIs of the 5033 * snapshots. 5034 */ 5035 if ((rc = rc_node_get_fmri_or_fragment(np, audit_data.ed_fmri, 5036 REP_PROTOCOL_FMRI_LEN, &sz_out)) != REP_PROTOCOL_SUCCESS) { 5037 (void) pthread_mutex_unlock(&np->rn_lock); 5038 free(audit_data.ed_fmri); 5039 free(audit_data.ed_snapname); 5040 return (rc); 5041 } 5042 } else { 5043 /* 5044 * Capture the FMRI of the parent if we're actually going 5045 * to take the snapshot. 5046 */ 5047 if ((rc = rc_node_get_fmri_or_fragment(parentp, 5048 audit_data.ed_fmri, REP_PROTOCOL_FMRI_LEN, &sz_out)) != 5049 REP_PROTOCOL_SUCCESS) { 5050 (void) pthread_mutex_unlock(&np->rn_lock); 5051 free(audit_data.ed_fmri); 5052 free(audit_data.ed_snapname); 5053 return (rc); 5054 } 5055 } 5056 5057 np_orig = np; 5058 rc_node_hold_locked(np); /* simplifies the remainder */ 5059 5060 (void) pthread_mutex_unlock(&np->rn_lock); 5061 if ((rc = rc_node_modify_permission_check(&audit_data.ed_auth)) != 5062 REP_PROTOCOL_SUCCESS) { 5063 smf_audit_event(event_id, ADT_FAILURE, ADT_FAIL_VALUE_AUTH, 5064 &audit_data); 5065 goto cleanout; 5066 } 5067 (void) pthread_mutex_lock(&np->rn_lock); 5068 5069 /* 5070 * get the latest node, holding RC_NODE_IN_TX to keep the rn_former 5071 * list from changing. 5072 */ 5073 for (;;) { 5074 if (!(np->rn_flags & RC_NODE_OLD)) { 5075 if (!rc_node_hold_flag(np, RC_NODE_USING_PARENT)) { 5076 goto again; 5077 } 5078 pp = rc_node_hold_parent_flag(np, 5079 RC_NODE_CHILDREN_CHANGING); 5080 5081 (void) pthread_mutex_lock(&np->rn_lock); 5082 if (pp == NULL) { 5083 goto again; 5084 } 5085 if (np->rn_flags & RC_NODE_OLD) { 5086 rc_node_rele_flag(pp, 5087 RC_NODE_CHILDREN_CHANGING); 5088 (void) pthread_mutex_unlock(&pp->rn_lock); 5089 goto again; 5090 } 5091 (void) pthread_mutex_unlock(&pp->rn_lock); 5092 5093 if (!rc_node_hold_flag(np, RC_NODE_IN_TX)) { 5094 /* 5095 * Can't happen, since we're holding our 5096 * parent's CHILDREN_CHANGING flag... 5097 */ 5098 abort(); 5099 } 5100 break; /* everything's ready */ 5101 } 5102 again: 5103 rc_node_rele_locked(np); 5104 np = cache_lookup(&np_orig->rn_id); 5105 5106 if (np == NULL) { 5107 rc = REP_PROTOCOL_FAIL_DELETED; 5108 goto cleanout; 5109 } 5110 5111 (void) pthread_mutex_lock(&np->rn_lock); 5112 } 5113 5114 if (parentp != NULL) { 5115 if (pp != parentp) { 5116 rc = REP_PROTOCOL_FAIL_BAD_REQUEST; 5117 goto fail; 5118 } 5119 nnp = NULL; 5120 } else { 5121 /* 5122 * look for a former node with the snapid we need. 5123 */ 5124 if (np->rn_snapshot_id == snapid) { 5125 rc_node_rele_flag(np, RC_NODE_IN_TX); 5126 rc_node_rele_locked(np); 5127 5128 (void) pthread_mutex_lock(&pp->rn_lock); 5129 rc_node_rele_flag(pp, RC_NODE_CHILDREN_CHANGING); 5130 (void) pthread_mutex_unlock(&pp->rn_lock); 5131 rc = REP_PROTOCOL_SUCCESS; /* nothing to do */ 5132 goto cleanout; 5133 } 5134 5135 prev = np; 5136 while ((nnp = prev->rn_former) != NULL) { 5137 if (nnp->rn_snapshot_id == snapid) { 5138 rc_node_hold(nnp); 5139 break; /* existing node with that id */ 5140 } 5141 prev = nnp; 5142 } 5143 } 5144 5145 if (nnp == NULL) { 5146 prev = NULL; 5147 nnp = rc_node_alloc(); 5148 if (nnp == NULL) { 5149 rc = REP_PROTOCOL_FAIL_NO_RESOURCES; 5150 goto fail; 5151 } 5152 5153 nnp->rn_id = np->rn_id; /* structure assignment */ 5154 nnp->rn_hash = np->rn_hash; 5155 nnp->rn_name = strdup(np->rn_name); 5156 nnp->rn_snapshot_id = snapid; 5157 nnp->rn_flags = RC_NODE_IN_TX | RC_NODE_USING_PARENT; 5158 5159 if (nnp->rn_name == NULL) { 5160 rc = REP_PROTOCOL_FAIL_NO_RESOURCES; 5161 goto fail; 5162 } 5163 } 5164 5165 (void) pthread_mutex_unlock(&np->rn_lock); 5166 5167 rc = object_snapshot_attach(&np->rn_id, &snapid, (parentp != NULL)); 5168 5169 if (parentp != NULL) 5170 nnp->rn_snapshot_id = snapid; /* fill in new snapid */ 5171 else 5172 assert(nnp->rn_snapshot_id == snapid); 5173 5174 (void) pthread_mutex_lock(&np->rn_lock); 5175 if (rc != REP_PROTOCOL_SUCCESS) 5176 goto fail; 5177 5178 /* 5179 * fix up the former chain 5180 */ 5181 if (prev != NULL) { 5182 prev->rn_former = nnp->rn_former; 5183 (void) pthread_mutex_lock(&nnp->rn_lock); 5184 nnp->rn_flags &= ~RC_NODE_ON_FORMER; 5185 nnp->rn_former = NULL; 5186 (void) pthread_mutex_unlock(&nnp->rn_lock); 5187 } 5188 np->rn_flags |= RC_NODE_OLD; 5189 (void) pthread_mutex_unlock(&np->rn_lock); 5190 5191 /* 5192 * replace np with nnp 5193 */ 5194 rc_node_relink_child(pp, np, nnp); 5195 5196 rc_node_rele(np); 5197 smf_audit_event(event_id, ADT_SUCCESS, ADT_SUCCESS, &audit_data); 5198 rc = REP_PROTOCOL_SUCCESS; 5199 5200 cleanout: 5201 free(audit_data.ed_auth); 5202 free(audit_data.ed_fmri); 5203 free(audit_data.ed_snapname); 5204 return (rc); 5205 5206 fail: 5207 rc_node_rele_flag(np, RC_NODE_IN_TX); 5208 rc_node_rele_locked(np); 5209 (void) pthread_mutex_lock(&pp->rn_lock); 5210 rc_node_rele_flag(pp, RC_NODE_CHILDREN_CHANGING); 5211 (void) pthread_mutex_unlock(&pp->rn_lock); 5212 5213 if (nnp != NULL) { 5214 if (prev == NULL) 5215 rc_node_destroy(nnp); 5216 else 5217 rc_node_rele(nnp); 5218 } 5219 5220 free(audit_data.ed_auth); 5221 free(audit_data.ed_fmri); 5222 free(audit_data.ed_snapname); 5223 return (rc); 5224 } 5225 5226 int 5227 rc_snapshot_take_new(rc_node_ptr_t *npp, const char *svcname, 5228 const char *instname, const char *name, rc_node_ptr_t *outpp) 5229 { 5230 rc_node_t *np; 5231 rc_node_t *outp = NULL; 5232 int rc, perm_rc; 5233 char fmri[REP_PROTOCOL_FMRI_LEN]; 5234 audit_event_data_t audit_data; 5235 size_t sz_out; 5236 5237 rc_node_clear(outpp, 0); 5238 5239 perm_rc = rc_node_modify_permission_check(&audit_data.ed_auth); 5240 5241 RC_NODE_PTR_GET_CHECK_AND_LOCK(np, npp); 5242 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_INSTANCE) { 5243 (void) pthread_mutex_unlock(&np->rn_lock); 5244 free(audit_data.ed_auth); 5245 return (REP_PROTOCOL_FAIL_TYPE_MISMATCH); 5246 } 5247 5248 rc = rc_check_type_name(REP_PROTOCOL_ENTITY_SNAPSHOT, name); 5249 if (rc != REP_PROTOCOL_SUCCESS) { 5250 (void) pthread_mutex_unlock(&np->rn_lock); 5251 free(audit_data.ed_auth); 5252 return (rc); 5253 } 5254 5255 if (svcname != NULL && (rc = 5256 rc_check_type_name(REP_PROTOCOL_ENTITY_SERVICE, svcname)) != 5257 REP_PROTOCOL_SUCCESS) { 5258 (void) pthread_mutex_unlock(&np->rn_lock); 5259 free(audit_data.ed_auth); 5260 return (rc); 5261 } 5262 5263 if (instname != NULL && (rc = 5264 rc_check_type_name(REP_PROTOCOL_ENTITY_INSTANCE, instname)) != 5265 REP_PROTOCOL_SUCCESS) { 5266 (void) pthread_mutex_unlock(&np->rn_lock); 5267 free(audit_data.ed_auth); 5268 return (rc); 5269 } 5270 5271 audit_data.ed_auth = NULL; 5272 audit_data.ed_fmri = fmri; 5273 audit_data.ed_snapname = (char *)name; 5274 5275 if ((rc = rc_node_get_fmri_or_fragment(np, fmri, sizeof (fmri), 5276 &sz_out)) != REP_PROTOCOL_SUCCESS) { 5277 (void) pthread_mutex_unlock(&np->rn_lock); 5278 free(audit_data.ed_auth); 5279 return (rc); 5280 } 5281 if (perm_rc != REP_PROTOCOL_SUCCESS) { 5282 (void) pthread_mutex_unlock(&np->rn_lock); 5283 smf_audit_event(ADT_smf_create_snap, ADT_FAILURE, 5284 ADT_FAIL_VALUE_AUTH, &audit_data); 5285 free(audit_data.ed_auth); 5286 return (perm_rc); 5287 } 5288 5289 HOLD_PTR_FLAG_OR_FREE_AND_RETURN(np, npp, RC_NODE_CREATING_CHILD, 5290 audit_data.ed_auth); 5291 (void) pthread_mutex_unlock(&np->rn_lock); 5292 5293 rc = object_snapshot_take_new(np, svcname, instname, name, &outp); 5294 5295 if (rc == REP_PROTOCOL_SUCCESS) { 5296 rc_node_assign(outpp, outp); 5297 rc_node_rele(outp); 5298 } 5299 5300 (void) pthread_mutex_lock(&np->rn_lock); 5301 rc_node_rele_flag(np, RC_NODE_CREATING_CHILD); 5302 (void) pthread_mutex_unlock(&np->rn_lock); 5303 5304 if (rc == REP_PROTOCOL_SUCCESS) { 5305 smf_audit_event(ADT_smf_create_snap, ADT_SUCCESS, ADT_SUCCESS, 5306 &audit_data); 5307 } 5308 if (audit_data.ed_auth != NULL) 5309 free(audit_data.ed_auth); 5310 return (rc); 5311 } 5312 5313 int 5314 rc_snapshot_take_attach(rc_node_ptr_t *npp, rc_node_ptr_t *outpp) 5315 { 5316 rc_node_t *np, *outp; 5317 5318 RC_NODE_PTR_GET_CHECK(np, npp); 5319 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_INSTANCE) { 5320 return (REP_PROTOCOL_FAIL_TYPE_MISMATCH); 5321 } 5322 5323 RC_NODE_PTR_GET_CHECK_AND_LOCK(outp, outpp); 5324 if (outp->rn_id.rl_type != REP_PROTOCOL_ENTITY_SNAPSHOT) { 5325 (void) pthread_mutex_unlock(&outp->rn_lock); 5326 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 5327 } 5328 5329 return (rc_attach_snapshot(outp, 0, np, NULL, 5330 NULL)); /* drops outp's lock */ 5331 } 5332 5333 int 5334 rc_snapshot_attach(rc_node_ptr_t *npp, rc_node_ptr_t *cpp) 5335 { 5336 rc_node_t *np; 5337 rc_node_t *cp; 5338 uint32_t snapid; 5339 char old_name[REP_PROTOCOL_NAME_LEN]; 5340 int rc; 5341 size_t sz_out; 5342 char old_fmri[REP_PROTOCOL_FMRI_LEN]; 5343 5344 RC_NODE_PTR_GET_CHECK_AND_LOCK(np, npp); 5345 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_SNAPSHOT) { 5346 (void) pthread_mutex_unlock(&np->rn_lock); 5347 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 5348 } 5349 snapid = np->rn_snapshot_id; 5350 rc = rc_node_get_fmri_or_fragment(np, old_fmri, sizeof (old_fmri), 5351 &sz_out); 5352 (void) pthread_mutex_unlock(&np->rn_lock); 5353 if (rc != REP_PROTOCOL_SUCCESS) 5354 return (rc); 5355 if (np->rn_name != NULL) { 5356 if (strlcpy(old_name, np->rn_name, sizeof (old_name)) >= 5357 sizeof (old_name)) { 5358 return (REP_PROTOCOL_FAIL_TRUNCATED); 5359 } 5360 } 5361 5362 RC_NODE_PTR_GET_CHECK_AND_LOCK(cp, cpp); 5363 if (cp->rn_id.rl_type != REP_PROTOCOL_ENTITY_SNAPSHOT) { 5364 (void) pthread_mutex_unlock(&cp->rn_lock); 5365 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 5366 } 5367 5368 rc = rc_attach_snapshot(cp, snapid, NULL, 5369 old_fmri, old_name); /* drops cp's lock */ 5370 return (rc); 5371 } 5372 5373 /* 5374 * If the pgname property group under ent has type pgtype, and it has a 5375 * propname property with type ptype, return _SUCCESS. If pgtype is NULL, 5376 * it is not checked. If ent is not a service node, we will return _SUCCESS if 5377 * a property meeting the requirements exists in either the instance or its 5378 * parent. 5379 * 5380 * Returns 5381 * _SUCCESS - see above 5382 * _DELETED - ent or one of its ancestors was deleted 5383 * _NO_RESOURCES - no resources 5384 * _NOT_FOUND - no matching property was found 5385 */ 5386 static int 5387 rc_svc_prop_exists(rc_node_t *ent, const char *pgname, const char *pgtype, 5388 const char *propname, rep_protocol_value_type_t ptype) 5389 { 5390 int ret; 5391 rc_node_t *pg = NULL, *spg = NULL, *svc, *prop; 5392 5393 assert(!MUTEX_HELD(&ent->rn_lock)); 5394 5395 (void) pthread_mutex_lock(&ent->rn_lock); 5396 ret = rc_node_find_named_child(ent, pgname, 5397 REP_PROTOCOL_ENTITY_PROPERTYGRP, &pg); 5398 (void) pthread_mutex_unlock(&ent->rn_lock); 5399 5400 switch (ret) { 5401 case REP_PROTOCOL_SUCCESS: 5402 break; 5403 5404 case REP_PROTOCOL_FAIL_DELETED: 5405 case REP_PROTOCOL_FAIL_NO_RESOURCES: 5406 return (ret); 5407 5408 default: 5409 bad_error("rc_node_find_named_child", ret); 5410 } 5411 5412 if (ent->rn_id.rl_type != REP_PROTOCOL_ENTITY_SERVICE) { 5413 ret = rc_node_find_ancestor(ent, REP_PROTOCOL_ENTITY_SERVICE, 5414 &svc); 5415 if (ret != REP_PROTOCOL_SUCCESS) { 5416 assert(ret == REP_PROTOCOL_FAIL_DELETED); 5417 if (pg != NULL) 5418 rc_node_rele(pg); 5419 return (ret); 5420 } 5421 assert(svc->rn_id.rl_type == REP_PROTOCOL_ENTITY_SERVICE); 5422 5423 (void) pthread_mutex_lock(&svc->rn_lock); 5424 ret = rc_node_find_named_child(svc, pgname, 5425 REP_PROTOCOL_ENTITY_PROPERTYGRP, &spg); 5426 (void) pthread_mutex_unlock(&svc->rn_lock); 5427 5428 rc_node_rele(svc); 5429 5430 switch (ret) { 5431 case REP_PROTOCOL_SUCCESS: 5432 break; 5433 5434 case REP_PROTOCOL_FAIL_DELETED: 5435 case REP_PROTOCOL_FAIL_NO_RESOURCES: 5436 if (pg != NULL) 5437 rc_node_rele(pg); 5438 return (ret); 5439 5440 default: 5441 bad_error("rc_node_find_named_child", ret); 5442 } 5443 } 5444 5445 if (pg != NULL && 5446 pgtype != NULL && strcmp(pg->rn_type, pgtype) != 0) { 5447 rc_node_rele(pg); 5448 pg = NULL; 5449 } 5450 5451 if (spg != NULL && 5452 pgtype != NULL && strcmp(spg->rn_type, pgtype) != 0) { 5453 rc_node_rele(spg); 5454 spg = NULL; 5455 } 5456 5457 if (pg == NULL) { 5458 if (spg == NULL) 5459 return (REP_PROTOCOL_FAIL_NOT_FOUND); 5460 pg = spg; 5461 spg = NULL; 5462 } 5463 5464 /* 5465 * At this point, pg is non-NULL, and is a property group node of the 5466 * correct type. spg, if non-NULL, is also a property group node of 5467 * the correct type. Check for the property in pg first, then spg 5468 * (if applicable). 5469 */ 5470 (void) pthread_mutex_lock(&pg->rn_lock); 5471 ret = rc_node_find_named_child(pg, propname, 5472 REP_PROTOCOL_ENTITY_PROPERTY, &prop); 5473 (void) pthread_mutex_unlock(&pg->rn_lock); 5474 rc_node_rele(pg); 5475 switch (ret) { 5476 case REP_PROTOCOL_SUCCESS: 5477 if (prop != NULL) { 5478 if (prop->rn_valtype == ptype) { 5479 rc_node_rele(prop); 5480 if (spg != NULL) 5481 rc_node_rele(spg); 5482 return (REP_PROTOCOL_SUCCESS); 5483 } 5484 rc_node_rele(prop); 5485 } 5486 break; 5487 5488 case REP_PROTOCOL_FAIL_NO_RESOURCES: 5489 if (spg != NULL) 5490 rc_node_rele(spg); 5491 return (ret); 5492 5493 case REP_PROTOCOL_FAIL_DELETED: 5494 break; 5495 5496 default: 5497 bad_error("rc_node_find_named_child", ret); 5498 } 5499 5500 if (spg == NULL) 5501 return (REP_PROTOCOL_FAIL_NOT_FOUND); 5502 5503 pg = spg; 5504 5505 (void) pthread_mutex_lock(&pg->rn_lock); 5506 ret = rc_node_find_named_child(pg, propname, 5507 REP_PROTOCOL_ENTITY_PROPERTY, &prop); 5508 (void) pthread_mutex_unlock(&pg->rn_lock); 5509 rc_node_rele(pg); 5510 switch (ret) { 5511 case REP_PROTOCOL_SUCCESS: 5512 if (prop != NULL) { 5513 if (prop->rn_valtype == ptype) { 5514 rc_node_rele(prop); 5515 return (REP_PROTOCOL_SUCCESS); 5516 } 5517 rc_node_rele(prop); 5518 } 5519 return (REP_PROTOCOL_FAIL_NOT_FOUND); 5520 5521 case REP_PROTOCOL_FAIL_NO_RESOURCES: 5522 return (ret); 5523 5524 case REP_PROTOCOL_FAIL_DELETED: 5525 return (REP_PROTOCOL_FAIL_NOT_FOUND); 5526 5527 default: 5528 bad_error("rc_node_find_named_child", ret); 5529 } 5530 5531 return (REP_PROTOCOL_SUCCESS); 5532 } 5533 5534 /* 5535 * Given a property group node, returns _SUCCESS if the property group may 5536 * be read without any special authorization. 5537 * 5538 * Fails with: 5539 * _DELETED - np or an ancestor node was deleted 5540 * _TYPE_MISMATCH - np does not refer to a property group 5541 * _NO_RESOURCES - no resources 5542 * _PERMISSION_DENIED - authorization is required 5543 */ 5544 static int 5545 rc_node_pg_check_read_protect(rc_node_t *np) 5546 { 5547 int ret; 5548 rc_node_t *ent; 5549 5550 assert(!MUTEX_HELD(&np->rn_lock)); 5551 5552 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_PROPERTYGRP) 5553 return (REP_PROTOCOL_FAIL_TYPE_MISMATCH); 5554 5555 if (strcmp(np->rn_type, SCF_GROUP_FRAMEWORK) == 0 || 5556 strcmp(np->rn_type, SCF_GROUP_DEPENDENCY) == 0 || 5557 strcmp(np->rn_type, SCF_GROUP_METHOD) == 0) 5558 return (REP_PROTOCOL_SUCCESS); 5559 5560 ret = rc_node_parent(np, &ent); 5561 5562 if (ret != REP_PROTOCOL_SUCCESS) 5563 return (ret); 5564 5565 ret = rc_svc_prop_exists(ent, np->rn_name, np->rn_type, 5566 AUTH_PROP_READ, REP_PROTOCOL_TYPE_STRING); 5567 5568 rc_node_rele(ent); 5569 5570 switch (ret) { 5571 case REP_PROTOCOL_FAIL_NOT_FOUND: 5572 return (REP_PROTOCOL_SUCCESS); 5573 case REP_PROTOCOL_SUCCESS: 5574 return (REP_PROTOCOL_FAIL_PERMISSION_DENIED); 5575 case REP_PROTOCOL_FAIL_DELETED: 5576 case REP_PROTOCOL_FAIL_NO_RESOURCES: 5577 return (ret); 5578 default: 5579 bad_error("rc_svc_prop_exists", ret); 5580 } 5581 5582 return (REP_PROTOCOL_SUCCESS); 5583 } 5584 5585 /* 5586 * Fails with 5587 * _DELETED - np's node or parent has been deleted 5588 * _TYPE_MISMATCH - np's node is not a property 5589 * _NO_RESOURCES - out of memory 5590 * _PERMISSION_DENIED - no authorization to read this property's value(s) 5591 * _BAD_REQUEST - np's parent is not a property group 5592 */ 5593 static int 5594 rc_node_property_may_read(rc_node_t *np) 5595 { 5596 int ret, granted = 0; 5597 rc_node_t *pgp; 5598 permcheck_t *pcp; 5599 audit_event_data_t audit_data; 5600 size_t sz_out; 5601 5602 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_PROPERTY) 5603 return (REP_PROTOCOL_FAIL_TYPE_MISMATCH); 5604 5605 if (client_is_privileged()) 5606 return (REP_PROTOCOL_SUCCESS); 5607 5608 #ifdef NATIVE_BUILD 5609 return (REP_PROTOCOL_FAIL_PERMISSION_DENIED); 5610 #else 5611 ret = rc_node_parent(np, &pgp); 5612 5613 if (ret != REP_PROTOCOL_SUCCESS) 5614 return (ret); 5615 5616 if (pgp->rn_id.rl_type != REP_PROTOCOL_ENTITY_PROPERTYGRP) { 5617 rc_node_rele(pgp); 5618 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 5619 } 5620 5621 ret = rc_node_pg_check_read_protect(pgp); 5622 5623 if (ret != REP_PROTOCOL_FAIL_PERMISSION_DENIED) { 5624 rc_node_rele(pgp); 5625 return (ret); 5626 } 5627 5628 pcp = pc_create(); 5629 5630 if (pcp == NULL) { 5631 rc_node_rele(pgp); 5632 return (REP_PROTOCOL_FAIL_NO_RESOURCES); 5633 } 5634 5635 ret = perm_add_enabling(pcp, AUTH_MODIFY); 5636 5637 if (ret == REP_PROTOCOL_SUCCESS) { 5638 const char * const auth = 5639 perm_auth_for_pgtype(pgp->rn_type); 5640 5641 if (auth != NULL) 5642 ret = perm_add_enabling(pcp, auth); 5643 } 5644 5645 /* 5646 * If you are permitted to modify the value, you may also 5647 * read it. This means that both the MODIFY and VALUE 5648 * authorizations are acceptable. We don't allow requests 5649 * for AUTH_PROP_MODIFY if all you have is $AUTH_PROP_VALUE, 5650 * however, to avoid leaking possibly valuable information 5651 * since such a user can't change the property anyway. 5652 */ 5653 if (ret == REP_PROTOCOL_SUCCESS) 5654 ret = perm_add_enabling_values(pcp, pgp, 5655 AUTH_PROP_MODIFY); 5656 5657 if (ret == REP_PROTOCOL_SUCCESS && 5658 strcmp(np->rn_name, AUTH_PROP_MODIFY) != 0) 5659 ret = perm_add_enabling_values(pcp, pgp, 5660 AUTH_PROP_VALUE); 5661 5662 if (ret == REP_PROTOCOL_SUCCESS) 5663 ret = perm_add_enabling_values(pcp, pgp, 5664 AUTH_PROP_READ); 5665 5666 rc_node_rele(pgp); 5667 5668 if (ret == REP_PROTOCOL_SUCCESS) { 5669 granted = perm_granted(pcp); 5670 if (granted < 0) 5671 ret = REP_PROTOCOL_FAIL_NO_RESOURCES; 5672 } 5673 if (ret == REP_PROTOCOL_SUCCESS) { 5674 /* Generate a read_prop audit event. */ 5675 audit_data.ed_fmri = malloc(REP_PROTOCOL_FMRI_LEN); 5676 if (audit_data.ed_fmri == NULL) 5677 ret = REP_PROTOCOL_FAIL_NO_RESOURCES; 5678 } 5679 ret = rc_node_get_fmri_or_fragment(np, audit_data.ed_fmri, 5680 REP_PROTOCOL_FMRI_LEN, &sz_out); 5681 assert(ret == REP_PROTOCOL_SUCCESS); 5682 if (ret == REP_PROTOCOL_SUCCESS) { 5683 int status; 5684 int ret_value; 5685 5686 if (granted == 0) { 5687 status = ADT_FAILURE; 5688 ret_value = ADT_FAIL_VALUE_AUTH; 5689 } else { 5690 status = ADT_SUCCESS; 5691 ret_value = ADT_SUCCESS; 5692 } 5693 audit_data.ed_auth = pcp->pc_auth_string; 5694 smf_audit_event(ADT_smf_read_prop, 5695 status, ret_value, &audit_data); 5696 } 5697 free(audit_data.ed_fmri); 5698 5699 pc_free(pcp); 5700 5701 if (ret == REP_PROTOCOL_SUCCESS && !granted) 5702 ret = REP_PROTOCOL_FAIL_PERMISSION_DENIED; 5703 5704 return (ret); 5705 #endif /* NATIVE_BUILD */ 5706 } 5707 5708 /* 5709 * Iteration 5710 */ 5711 static int 5712 rc_iter_filter_name(rc_node_t *np, void *s) 5713 { 5714 const char *name = s; 5715 5716 return (strcmp(np->rn_name, name) == 0); 5717 } 5718 5719 static int 5720 rc_iter_filter_type(rc_node_t *np, void *s) 5721 { 5722 const char *type = s; 5723 5724 return (np->rn_type != NULL && strcmp(np->rn_type, type) == 0); 5725 } 5726 5727 /*ARGSUSED*/ 5728 static int 5729 rc_iter_null_filter(rc_node_t *np, void *s) 5730 { 5731 return (1); 5732 } 5733 5734 /* 5735 * Allocate & initialize an rc_node_iter_t structure. Essentially, ensure 5736 * np->rn_children is populated and call uu_list_walk_start(np->rn_children). 5737 * If successful, leaves a hold on np & increments np->rn_other_refs 5738 * 5739 * If composed is true, then set up for iteration across the top level of np's 5740 * composition chain. If successful, leaves a hold on np and increments 5741 * rn_other_refs for the top level of np's composition chain. 5742 * 5743 * Fails with 5744 * _NO_RESOURCES 5745 * _INVALID_TYPE 5746 * _TYPE_MISMATCH - np cannot carry type children 5747 * _DELETED 5748 */ 5749 static int 5750 rc_iter_create(rc_node_iter_t **resp, rc_node_t *np, uint32_t type, 5751 rc_iter_filter_func *filter, void *arg, boolean_t composed) 5752 { 5753 rc_node_iter_t *nip; 5754 int res; 5755 5756 assert(*resp == NULL); 5757 5758 nip = uu_zalloc(sizeof (*nip)); 5759 if (nip == NULL) 5760 return (REP_PROTOCOL_FAIL_NO_RESOURCES); 5761 5762 /* np is held by the client's rc_node_ptr_t */ 5763 if (np->rn_id.rl_type == REP_PROTOCOL_ENTITY_CPROPERTYGRP) 5764 composed = 1; 5765 5766 if (!composed) { 5767 (void) pthread_mutex_lock(&np->rn_lock); 5768 5769 if ((res = rc_node_fill_children(np, type)) != 5770 REP_PROTOCOL_SUCCESS) { 5771 (void) pthread_mutex_unlock(&np->rn_lock); 5772 uu_free(nip); 5773 return (res); 5774 } 5775 5776 nip->rni_clevel = -1; 5777 5778 nip->rni_iter = uu_list_walk_start(np->rn_children, 5779 UU_WALK_ROBUST); 5780 if (nip->rni_iter != NULL) { 5781 nip->rni_iter_node = np; 5782 rc_node_hold_other(np); 5783 } else { 5784 (void) pthread_mutex_unlock(&np->rn_lock); 5785 uu_free(nip); 5786 return (REP_PROTOCOL_FAIL_NO_RESOURCES); 5787 } 5788 (void) pthread_mutex_unlock(&np->rn_lock); 5789 } else { 5790 rc_node_t *ent; 5791 5792 if (np->rn_id.rl_type == REP_PROTOCOL_ENTITY_SNAPSHOT) { 5793 /* rn_cchain isn't valid until children are loaded. */ 5794 (void) pthread_mutex_lock(&np->rn_lock); 5795 res = rc_node_fill_children(np, 5796 REP_PROTOCOL_ENTITY_SNAPLEVEL); 5797 (void) pthread_mutex_unlock(&np->rn_lock); 5798 if (res != REP_PROTOCOL_SUCCESS) { 5799 uu_free(nip); 5800 return (res); 5801 } 5802 5803 /* Check for an empty snapshot. */ 5804 if (np->rn_cchain[0] == NULL) 5805 goto empty; 5806 } 5807 5808 /* Start at the top of the composition chain. */ 5809 for (nip->rni_clevel = 0; ; ++nip->rni_clevel) { 5810 if (nip->rni_clevel >= COMPOSITION_DEPTH) { 5811 /* Empty composition chain. */ 5812 empty: 5813 nip->rni_clevel = -1; 5814 nip->rni_iter = NULL; 5815 /* It's ok, iter_next() will return _DONE. */ 5816 goto out; 5817 } 5818 5819 ent = np->rn_cchain[nip->rni_clevel]; 5820 assert(ent != NULL); 5821 5822 if (rc_node_check_and_lock(ent) == REP_PROTOCOL_SUCCESS) 5823 break; 5824 5825 /* Someone deleted it, so try the next one. */ 5826 } 5827 5828 res = rc_node_fill_children(ent, type); 5829 5830 if (res == REP_PROTOCOL_SUCCESS) { 5831 nip->rni_iter = uu_list_walk_start(ent->rn_children, 5832 UU_WALK_ROBUST); 5833 5834 if (nip->rni_iter == NULL) 5835 res = REP_PROTOCOL_FAIL_NO_RESOURCES; 5836 else { 5837 nip->rni_iter_node = ent; 5838 rc_node_hold_other(ent); 5839 } 5840 } 5841 5842 if (res != REP_PROTOCOL_SUCCESS) { 5843 (void) pthread_mutex_unlock(&ent->rn_lock); 5844 uu_free(nip); 5845 return (res); 5846 } 5847 5848 (void) pthread_mutex_unlock(&ent->rn_lock); 5849 } 5850 5851 out: 5852 rc_node_hold(np); /* released by rc_iter_end() */ 5853 nip->rni_parent = np; 5854 nip->rni_type = type; 5855 nip->rni_filter = (filter != NULL)? filter : rc_iter_null_filter; 5856 nip->rni_filter_arg = arg; 5857 *resp = nip; 5858 return (REP_PROTOCOL_SUCCESS); 5859 } 5860 5861 static void 5862 rc_iter_end(rc_node_iter_t *iter) 5863 { 5864 rc_node_t *np = iter->rni_parent; 5865 5866 if (iter->rni_clevel >= 0) 5867 np = np->rn_cchain[iter->rni_clevel]; 5868 5869 assert(MUTEX_HELD(&np->rn_lock)); 5870 if (iter->rni_iter != NULL) 5871 uu_list_walk_end(iter->rni_iter); 5872 iter->rni_iter = NULL; 5873 5874 (void) pthread_mutex_unlock(&np->rn_lock); 5875 rc_node_rele(iter->rni_parent); 5876 if (iter->rni_iter_node != NULL) 5877 rc_node_rele_other(iter->rni_iter_node); 5878 } 5879 5880 /* 5881 * Fails with 5882 * _NOT_SET - npp is reset 5883 * _DELETED - npp's node has been deleted 5884 * _NOT_APPLICABLE - npp's node is not a property 5885 * _NO_RESOURCES - out of memory 5886 */ 5887 static int 5888 rc_node_setup_value_iter(rc_node_ptr_t *npp, rc_node_iter_t **iterp) 5889 { 5890 rc_node_t *np; 5891 5892 rc_node_iter_t *nip; 5893 5894 assert(*iterp == NULL); 5895 5896 RC_NODE_PTR_GET_CHECK_AND_LOCK(np, npp); 5897 5898 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_PROPERTY) { 5899 (void) pthread_mutex_unlock(&np->rn_lock); 5900 return (REP_PROTOCOL_FAIL_NOT_APPLICABLE); 5901 } 5902 5903 nip = uu_zalloc(sizeof (*nip)); 5904 if (nip == NULL) { 5905 (void) pthread_mutex_unlock(&np->rn_lock); 5906 return (REP_PROTOCOL_FAIL_NO_RESOURCES); 5907 } 5908 5909 nip->rni_parent = np; 5910 nip->rni_iter = NULL; 5911 nip->rni_clevel = -1; 5912 nip->rni_type = REP_PROTOCOL_ENTITY_VALUE; 5913 nip->rni_offset = 0; 5914 nip->rni_last_offset = 0; 5915 5916 rc_node_hold_locked(np); 5917 5918 *iterp = nip; 5919 (void) pthread_mutex_unlock(&np->rn_lock); 5920 5921 return (REP_PROTOCOL_SUCCESS); 5922 } 5923 5924 /* 5925 * Returns: 5926 * _NO_RESOURCES - out of memory 5927 * _NOT_SET - npp is reset 5928 * _DELETED - npp's node has been deleted 5929 * _TYPE_MISMATCH - npp's node is not a property 5930 * _NOT_FOUND - property has no values 5931 * _TRUNCATED - property has >1 values (first is written into out) 5932 * _SUCCESS - property has 1 value (which is written into out) 5933 * _PERMISSION_DENIED - no authorization to read property value(s) 5934 * 5935 * We shorten *sz_out to not include anything after the final '\0'. 5936 */ 5937 int 5938 rc_node_get_property_value(rc_node_ptr_t *npp, 5939 struct rep_protocol_value_response *out, size_t *sz_out) 5940 { 5941 rc_node_t *np; 5942 size_t w; 5943 int ret; 5944 5945 assert(*sz_out == sizeof (*out)); 5946 5947 RC_NODE_PTR_GET_CHECK_AND_HOLD(np, npp); 5948 ret = rc_node_property_may_read(np); 5949 rc_node_rele(np); 5950 5951 if (ret != REP_PROTOCOL_SUCCESS) 5952 return (ret); 5953 5954 RC_NODE_PTR_GET_CHECK_AND_LOCK(np, npp); 5955 5956 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_PROPERTY) { 5957 (void) pthread_mutex_unlock(&np->rn_lock); 5958 return (REP_PROTOCOL_FAIL_TYPE_MISMATCH); 5959 } 5960 5961 if (np->rn_values_size == 0) { 5962 (void) pthread_mutex_unlock(&np->rn_lock); 5963 return (REP_PROTOCOL_FAIL_NOT_FOUND); 5964 } 5965 out->rpr_type = np->rn_valtype; 5966 w = strlcpy(out->rpr_value, &np->rn_values[0], 5967 sizeof (out->rpr_value)); 5968 5969 if (w >= sizeof (out->rpr_value)) 5970 backend_panic("value too large"); 5971 5972 *sz_out = offsetof(struct rep_protocol_value_response, 5973 rpr_value[w + 1]); 5974 5975 ret = (np->rn_values_count != 1)? REP_PROTOCOL_FAIL_TRUNCATED : 5976 REP_PROTOCOL_SUCCESS; 5977 (void) pthread_mutex_unlock(&np->rn_lock); 5978 return (ret); 5979 } 5980 5981 int 5982 rc_iter_next_value(rc_node_iter_t *iter, 5983 struct rep_protocol_value_response *out, size_t *sz_out, int repeat) 5984 { 5985 rc_node_t *np = iter->rni_parent; 5986 const char *vals; 5987 size_t len; 5988 5989 size_t start; 5990 size_t w; 5991 int ret; 5992 5993 rep_protocol_responseid_t result; 5994 5995 assert(*sz_out == sizeof (*out)); 5996 5997 (void) memset(out, '\0', *sz_out); 5998 5999 if (iter->rni_type != REP_PROTOCOL_ENTITY_VALUE) 6000 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 6001 6002 RC_NODE_CHECK(np); 6003 ret = rc_node_property_may_read(np); 6004 6005 if (ret != REP_PROTOCOL_SUCCESS) 6006 return (ret); 6007 6008 RC_NODE_CHECK_AND_LOCK(np); 6009 6010 vals = np->rn_values; 6011 len = np->rn_values_size; 6012 6013 out->rpr_type = np->rn_valtype; 6014 6015 start = (repeat)? iter->rni_last_offset : iter->rni_offset; 6016 6017 if (len == 0 || start >= len) { 6018 result = REP_PROTOCOL_DONE; 6019 *sz_out -= sizeof (out->rpr_value); 6020 } else { 6021 w = strlcpy(out->rpr_value, &vals[start], 6022 sizeof (out->rpr_value)); 6023 6024 if (w >= sizeof (out->rpr_value)) 6025 backend_panic("value too large"); 6026 6027 *sz_out = offsetof(struct rep_protocol_value_response, 6028 rpr_value[w + 1]); 6029 6030 /* 6031 * update the offsets if we're not repeating 6032 */ 6033 if (!repeat) { 6034 iter->rni_last_offset = iter->rni_offset; 6035 iter->rni_offset += (w + 1); 6036 } 6037 6038 result = REP_PROTOCOL_SUCCESS; 6039 } 6040 6041 (void) pthread_mutex_unlock(&np->rn_lock); 6042 return (result); 6043 } 6044 6045 /* 6046 * Entry point for ITER_START from client.c. Validate the arguments & call 6047 * rc_iter_create(). 6048 * 6049 * Fails with 6050 * _NOT_SET 6051 * _DELETED 6052 * _TYPE_MISMATCH - np cannot carry type children 6053 * _BAD_REQUEST - flags is invalid 6054 * pattern is invalid 6055 * _NO_RESOURCES 6056 * _INVALID_TYPE 6057 * _TYPE_MISMATCH - *npp cannot have children of type 6058 * _BACKEND_ACCESS 6059 */ 6060 int 6061 rc_node_setup_iter(rc_node_ptr_t *npp, rc_node_iter_t **iterp, 6062 uint32_t type, uint32_t flags, const char *pattern) 6063 { 6064 rc_node_t *np; 6065 rc_iter_filter_func *f = NULL; 6066 int rc; 6067 6068 RC_NODE_PTR_GET_CHECK(np, npp); 6069 6070 if (pattern != NULL && pattern[0] == '\0') 6071 pattern = NULL; 6072 6073 if (type == REP_PROTOCOL_ENTITY_VALUE) { 6074 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_PROPERTY) 6075 return (REP_PROTOCOL_FAIL_TYPE_MISMATCH); 6076 if (flags != RP_ITER_START_ALL || pattern != NULL) 6077 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 6078 6079 rc = rc_node_setup_value_iter(npp, iterp); 6080 assert(rc != REP_PROTOCOL_FAIL_NOT_APPLICABLE); 6081 return (rc); 6082 } 6083 6084 if ((rc = rc_check_parent_child(np->rn_id.rl_type, type)) != 6085 REP_PROTOCOL_SUCCESS) 6086 return (rc); 6087 6088 if (((flags & RP_ITER_START_FILT_MASK) == RP_ITER_START_ALL) ^ 6089 (pattern == NULL)) 6090 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 6091 6092 /* Composition only works for instances & snapshots. */ 6093 if ((flags & RP_ITER_START_COMPOSED) && 6094 (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_INSTANCE && 6095 np->rn_id.rl_type != REP_PROTOCOL_ENTITY_SNAPSHOT)) 6096 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 6097 6098 if (pattern != NULL) { 6099 if ((rc = rc_check_type_name(type, pattern)) != 6100 REP_PROTOCOL_SUCCESS) 6101 return (rc); 6102 pattern = strdup(pattern); 6103 if (pattern == NULL) 6104 return (REP_PROTOCOL_FAIL_NO_RESOURCES); 6105 } 6106 6107 switch (flags & RP_ITER_START_FILT_MASK) { 6108 case RP_ITER_START_ALL: 6109 f = NULL; 6110 break; 6111 case RP_ITER_START_EXACT: 6112 f = rc_iter_filter_name; 6113 break; 6114 case RP_ITER_START_PGTYPE: 6115 if (type != REP_PROTOCOL_ENTITY_PROPERTYGRP) { 6116 free((void *)pattern); 6117 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 6118 } 6119 f = rc_iter_filter_type; 6120 break; 6121 default: 6122 free((void *)pattern); 6123 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 6124 } 6125 6126 rc = rc_iter_create(iterp, np, type, f, (void *)pattern, 6127 flags & RP_ITER_START_COMPOSED); 6128 if (rc != REP_PROTOCOL_SUCCESS && pattern != NULL) 6129 free((void *)pattern); 6130 6131 return (rc); 6132 } 6133 6134 /* 6135 * Do uu_list_walk_next(iter->rni_iter) until we find a child which matches 6136 * the filter. 6137 * For composed iterators, then check to see if there's an overlapping entity 6138 * (see embedded comments). If we reach the end of the list, start over at 6139 * the next level. 6140 * 6141 * Returns 6142 * _BAD_REQUEST - iter walks values 6143 * _TYPE_MISMATCH - iter does not walk type entities 6144 * _DELETED - parent was deleted 6145 * _NO_RESOURCES 6146 * _INVALID_TYPE - type is invalid 6147 * _DONE 6148 * _SUCCESS 6149 * 6150 * For composed property group iterators, can also return 6151 * _TYPE_MISMATCH - parent cannot have type children 6152 */ 6153 int 6154 rc_iter_next(rc_node_iter_t *iter, rc_node_ptr_t *out, uint32_t type) 6155 { 6156 rc_node_t *np = iter->rni_parent; 6157 rc_node_t *res; 6158 int rc; 6159 6160 if (iter->rni_type == REP_PROTOCOL_ENTITY_VALUE) 6161 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 6162 6163 if (iter->rni_iter == NULL) { 6164 rc_node_clear(out, 0); 6165 return (REP_PROTOCOL_DONE); 6166 } 6167 6168 if (iter->rni_type != type) { 6169 rc_node_clear(out, 0); 6170 return (REP_PROTOCOL_FAIL_TYPE_MISMATCH); 6171 } 6172 6173 (void) pthread_mutex_lock(&np->rn_lock); /* held by _iter_create() */ 6174 6175 if (!rc_node_wait_flag(np, RC_NODE_CHILDREN_CHANGING)) { 6176 (void) pthread_mutex_unlock(&np->rn_lock); 6177 rc_node_clear(out, 1); 6178 return (REP_PROTOCOL_FAIL_DELETED); 6179 } 6180 6181 if (iter->rni_clevel >= 0) { 6182 /* Composed iterator. Iterate over appropriate level. */ 6183 (void) pthread_mutex_unlock(&np->rn_lock); 6184 np = np->rn_cchain[iter->rni_clevel]; 6185 /* 6186 * If iter->rni_parent is an instance or a snapshot, np must 6187 * be valid since iter holds iter->rni_parent & possible 6188 * levels (service, instance, snaplevel) cannot be destroyed 6189 * while rni_parent is held. If iter->rni_parent is 6190 * a composed property group then rc_node_setup_cpg() put 6191 * a hold on np. 6192 */ 6193 6194 (void) pthread_mutex_lock(&np->rn_lock); 6195 6196 if (!rc_node_wait_flag(np, RC_NODE_CHILDREN_CHANGING)) { 6197 (void) pthread_mutex_unlock(&np->rn_lock); 6198 rc_node_clear(out, 1); 6199 return (REP_PROTOCOL_FAIL_DELETED); 6200 } 6201 } 6202 6203 assert(np->rn_flags & RC_NODE_HAS_CHILDREN); 6204 6205 for (;;) { 6206 res = uu_list_walk_next(iter->rni_iter); 6207 if (res == NULL) { 6208 rc_node_t *parent = iter->rni_parent; 6209 6210 #if COMPOSITION_DEPTH == 2 6211 if (iter->rni_clevel < 0 || iter->rni_clevel == 1) { 6212 /* release walker and lock */ 6213 rc_iter_end(iter); 6214 break; 6215 } 6216 6217 /* Stop walking current level. */ 6218 uu_list_walk_end(iter->rni_iter); 6219 iter->rni_iter = NULL; 6220 (void) pthread_mutex_unlock(&np->rn_lock); 6221 rc_node_rele_other(iter->rni_iter_node); 6222 iter->rni_iter_node = NULL; 6223 6224 /* Start walking next level. */ 6225 ++iter->rni_clevel; 6226 np = parent->rn_cchain[iter->rni_clevel]; 6227 assert(np != NULL); 6228 #else 6229 #error This code must be updated. 6230 #endif 6231 6232 (void) pthread_mutex_lock(&np->rn_lock); 6233 6234 rc = rc_node_fill_children(np, iter->rni_type); 6235 6236 if (rc == REP_PROTOCOL_SUCCESS) { 6237 iter->rni_iter = 6238 uu_list_walk_start(np->rn_children, 6239 UU_WALK_ROBUST); 6240 6241 if (iter->rni_iter == NULL) 6242 rc = REP_PROTOCOL_FAIL_NO_RESOURCES; 6243 else { 6244 iter->rni_iter_node = np; 6245 rc_node_hold_other(np); 6246 } 6247 } 6248 6249 if (rc != REP_PROTOCOL_SUCCESS) { 6250 (void) pthread_mutex_unlock(&np->rn_lock); 6251 rc_node_clear(out, 0); 6252 return (rc); 6253 } 6254 6255 continue; 6256 } 6257 6258 if (res->rn_id.rl_type != type || 6259 !iter->rni_filter(res, iter->rni_filter_arg)) 6260 continue; 6261 6262 /* 6263 * If we're composed and not at the top level, check to see if 6264 * there's an entity at a higher level with the same name. If 6265 * so, skip this one. 6266 */ 6267 if (iter->rni_clevel > 0) { 6268 rc_node_t *ent = iter->rni_parent->rn_cchain[0]; 6269 rc_node_t *pg; 6270 6271 #if COMPOSITION_DEPTH == 2 6272 assert(iter->rni_clevel == 1); 6273 6274 (void) pthread_mutex_unlock(&np->rn_lock); 6275 (void) pthread_mutex_lock(&ent->rn_lock); 6276 rc = rc_node_find_named_child(ent, res->rn_name, type, 6277 &pg); 6278 if (rc == REP_PROTOCOL_SUCCESS && pg != NULL) 6279 rc_node_rele(pg); 6280 (void) pthread_mutex_unlock(&ent->rn_lock); 6281 if (rc != REP_PROTOCOL_SUCCESS) { 6282 rc_node_clear(out, 0); 6283 return (rc); 6284 } 6285 (void) pthread_mutex_lock(&np->rn_lock); 6286 6287 /* Make sure np isn't being deleted all of a sudden. */ 6288 if (!rc_node_wait_flag(np, RC_NODE_DYING)) { 6289 (void) pthread_mutex_unlock(&np->rn_lock); 6290 rc_node_clear(out, 1); 6291 return (REP_PROTOCOL_FAIL_DELETED); 6292 } 6293 6294 if (pg != NULL) 6295 /* Keep going. */ 6296 continue; 6297 #else 6298 #error This code must be updated. 6299 #endif 6300 } 6301 6302 /* 6303 * If we're composed, iterating over property groups, and not 6304 * at the bottom level, check to see if there's a pg at lower 6305 * level with the same name. If so, return a cpg. 6306 */ 6307 if (iter->rni_clevel >= 0 && 6308 type == REP_PROTOCOL_ENTITY_PROPERTYGRP && 6309 iter->rni_clevel < COMPOSITION_DEPTH - 1) { 6310 #if COMPOSITION_DEPTH == 2 6311 rc_node_t *pg; 6312 rc_node_t *ent = iter->rni_parent->rn_cchain[1]; 6313 6314 rc_node_hold(res); /* While we drop np->rn_lock */ 6315 6316 (void) pthread_mutex_unlock(&np->rn_lock); 6317 (void) pthread_mutex_lock(&ent->rn_lock); 6318 rc = rc_node_find_named_child(ent, res->rn_name, type, 6319 &pg); 6320 /* holds pg if not NULL */ 6321 (void) pthread_mutex_unlock(&ent->rn_lock); 6322 if (rc != REP_PROTOCOL_SUCCESS) { 6323 rc_node_rele(res); 6324 rc_node_clear(out, 0); 6325 return (rc); 6326 } 6327 6328 (void) pthread_mutex_lock(&np->rn_lock); 6329 if (!rc_node_wait_flag(np, RC_NODE_DYING)) { 6330 (void) pthread_mutex_unlock(&np->rn_lock); 6331 rc_node_rele(res); 6332 if (pg != NULL) 6333 rc_node_rele(pg); 6334 rc_node_clear(out, 1); 6335 return (REP_PROTOCOL_FAIL_DELETED); 6336 } 6337 6338 if (pg == NULL) { 6339 rc_node_rele(res); 6340 } else { 6341 rc_node_t *cpg; 6342 6343 /* Keep res held for rc_node_setup_cpg(). */ 6344 6345 cpg = rc_node_alloc(); 6346 if (cpg == NULL) { 6347 (void) pthread_mutex_unlock( 6348 &np->rn_lock); 6349 rc_node_rele(res); 6350 rc_node_rele(pg); 6351 rc_node_clear(out, 0); 6352 return (REP_PROTOCOL_FAIL_NO_RESOURCES); 6353 } 6354 6355 switch (rc_node_setup_cpg(cpg, res, pg)) { 6356 case REP_PROTOCOL_SUCCESS: 6357 res = cpg; 6358 break; 6359 6360 case REP_PROTOCOL_FAIL_TYPE_MISMATCH: 6361 /* Nevermind. */ 6362 rc_node_destroy(cpg); 6363 rc_node_rele(pg); 6364 rc_node_rele(res); 6365 break; 6366 6367 case REP_PROTOCOL_FAIL_NO_RESOURCES: 6368 rc_node_destroy(cpg); 6369 (void) pthread_mutex_unlock( 6370 &np->rn_lock); 6371 rc_node_rele(res); 6372 rc_node_rele(pg); 6373 rc_node_clear(out, 0); 6374 return (REP_PROTOCOL_FAIL_NO_RESOURCES); 6375 6376 default: 6377 assert(0); 6378 abort(); 6379 } 6380 } 6381 #else 6382 #error This code must be updated. 6383 #endif 6384 } 6385 6386 rc_node_hold(res); 6387 (void) pthread_mutex_unlock(&np->rn_lock); 6388 break; 6389 } 6390 rc_node_assign(out, res); 6391 6392 if (res == NULL) 6393 return (REP_PROTOCOL_DONE); 6394 rc_node_rele(res); 6395 return (REP_PROTOCOL_SUCCESS); 6396 } 6397 6398 void 6399 rc_iter_destroy(rc_node_iter_t **nipp) 6400 { 6401 rc_node_iter_t *nip = *nipp; 6402 rc_node_t *np; 6403 6404 if (nip == NULL) 6405 return; /* already freed */ 6406 6407 np = nip->rni_parent; 6408 6409 if (nip->rni_filter_arg != NULL) 6410 free(nip->rni_filter_arg); 6411 nip->rni_filter_arg = NULL; 6412 6413 if (nip->rni_type == REP_PROTOCOL_ENTITY_VALUE || 6414 nip->rni_iter != NULL) { 6415 if (nip->rni_clevel < 0) 6416 (void) pthread_mutex_lock(&np->rn_lock); 6417 else 6418 (void) pthread_mutex_lock( 6419 &np->rn_cchain[nip->rni_clevel]->rn_lock); 6420 rc_iter_end(nip); /* release walker and lock */ 6421 } 6422 nip->rni_parent = NULL; 6423 6424 uu_free(nip); 6425 *nipp = NULL; 6426 } 6427 6428 int 6429 rc_node_setup_tx(rc_node_ptr_t *npp, rc_node_ptr_t *txp) 6430 { 6431 rc_node_t *np; 6432 permcheck_t *pcp; 6433 int ret; 6434 rc_auth_state_t authorized = RC_AUTH_UNKNOWN; 6435 char *auth_string = NULL; 6436 6437 RC_NODE_PTR_GET_CHECK_AND_HOLD(np, npp); 6438 6439 if (np->rn_id.rl_type == REP_PROTOCOL_ENTITY_CPROPERTYGRP) { 6440 rc_node_rele(np); 6441 np = np->rn_cchain[0]; 6442 RC_NODE_CHECK_AND_HOLD(np); 6443 } 6444 6445 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_PROPERTYGRP) { 6446 rc_node_rele(np); 6447 return (REP_PROTOCOL_FAIL_TYPE_MISMATCH); 6448 } 6449 6450 if (np->rn_id.rl_ids[ID_SNAPSHOT] != 0) { 6451 rc_node_rele(np); 6452 return (REP_PROTOCOL_FAIL_PERMISSION_DENIED); 6453 } 6454 6455 #ifdef NATIVE_BUILD 6456 if (client_is_privileged()) 6457 goto skip_checks; 6458 rc_node_rele(np); 6459 return (REP_PROTOCOL_FAIL_PERMISSION_DENIED); 6460 #else 6461 if (is_main_repository == 0) 6462 goto skip_checks; 6463 6464 /* permission check */ 6465 pcp = pc_create(); 6466 if (pcp == NULL) { 6467 rc_node_rele(np); 6468 return (REP_PROTOCOL_FAIL_NO_RESOURCES); 6469 } 6470 6471 if (np->rn_id.rl_ids[ID_INSTANCE] != 0 && /* instance pg */ 6472 ((strcmp(np->rn_name, AUTH_PG_ACTIONS) == 0 && 6473 strcmp(np->rn_type, AUTH_PG_ACTIONS_TYPE) == 0) || 6474 (strcmp(np->rn_name, AUTH_PG_GENERAL_OVR) == 0 && 6475 strcmp(np->rn_type, AUTH_PG_GENERAL_OVR_TYPE) == 0))) { 6476 rc_node_t *instn; 6477 6478 /* solaris.smf.manage can be used. */ 6479 ret = perm_add_enabling(pcp, AUTH_MANAGE); 6480 6481 if (ret != REP_PROTOCOL_SUCCESS) { 6482 pc_free(pcp); 6483 rc_node_rele(np); 6484 return (ret); 6485 } 6486 6487 /* general/action_authorization values can be used. */ 6488 ret = rc_node_parent(np, &instn); 6489 if (ret != REP_PROTOCOL_SUCCESS) { 6490 assert(ret == REP_PROTOCOL_FAIL_DELETED); 6491 rc_node_rele(np); 6492 pc_free(pcp); 6493 return (REP_PROTOCOL_FAIL_DELETED); 6494 } 6495 6496 assert(instn->rn_id.rl_type == REP_PROTOCOL_ENTITY_INSTANCE); 6497 6498 ret = perm_add_inst_action_auth(pcp, instn); 6499 rc_node_rele(instn); 6500 switch (ret) { 6501 case REP_PROTOCOL_SUCCESS: 6502 break; 6503 6504 case REP_PROTOCOL_FAIL_DELETED: 6505 case REP_PROTOCOL_FAIL_NO_RESOURCES: 6506 rc_node_rele(np); 6507 pc_free(pcp); 6508 return (ret); 6509 6510 default: 6511 bad_error("perm_add_inst_action_auth", ret); 6512 } 6513 6514 if (strcmp(np->rn_name, AUTH_PG_ACTIONS) == 0) 6515 authorized = RC_AUTH_PASSED; /* No check on commit. */ 6516 } else { 6517 ret = perm_add_enabling(pcp, AUTH_MODIFY); 6518 6519 if (ret == REP_PROTOCOL_SUCCESS) { 6520 /* propertygroup-type-specific authorization */ 6521 /* no locking because rn_type won't change anyway */ 6522 const char * const auth = 6523 perm_auth_for_pgtype(np->rn_type); 6524 6525 if (auth != NULL) 6526 ret = perm_add_enabling(pcp, auth); 6527 } 6528 6529 if (ret == REP_PROTOCOL_SUCCESS) 6530 /* propertygroup/transaction-type-specific auths */ 6531 ret = 6532 perm_add_enabling_values(pcp, np, AUTH_PROP_VALUE); 6533 6534 if (ret == REP_PROTOCOL_SUCCESS) 6535 ret = 6536 perm_add_enabling_values(pcp, np, AUTH_PROP_MODIFY); 6537 6538 /* AUTH_MANAGE can manipulate general/AUTH_PROP_ACTION */ 6539 if (ret == REP_PROTOCOL_SUCCESS && 6540 strcmp(np->rn_name, AUTH_PG_GENERAL) == 0 && 6541 strcmp(np->rn_type, AUTH_PG_GENERAL_TYPE) == 0) 6542 ret = perm_add_enabling(pcp, AUTH_MANAGE); 6543 6544 if (ret != REP_PROTOCOL_SUCCESS) { 6545 pc_free(pcp); 6546 rc_node_rele(np); 6547 return (ret); 6548 } 6549 } 6550 6551 ret = perm_granted(pcp); 6552 /* 6553 * Copy out the authorization string before freeing pcp. 6554 */ 6555 if (ret >= 0) { 6556 auth_string = strdup(pcp->pc_auth_string); 6557 } 6558 pc_free(pcp); 6559 if ((auth_string == NULL) || (ret < 0)) { 6560 rc_node_rele(np); 6561 return (REP_PROTOCOL_FAIL_NO_RESOURCES); 6562 } 6563 6564 if (ret == 0) { 6565 /* 6566 * If we get here, the authorization failed. 6567 * Unfortunately, we don't have enough information at this 6568 * point to generate the security audit events. We'll only 6569 * get that information when the client tries to commit the 6570 * event. Thus, we'll remember the failed authorization, 6571 * so that we can generate the audit events later. 6572 */ 6573 authorized = RC_AUTH_FAILED; 6574 } 6575 #endif /* NATIVE_BUILD */ 6576 6577 skip_checks: 6578 rc_node_assign(txp, np); 6579 txp->rnp_authorized = authorized; 6580 if (authorized != RC_AUTH_UNKNOWN) { 6581 /* Save the authorization string. */ 6582 if (txp->rnp_auth_string != NULL) 6583 free((void *)txp->rnp_auth_string); 6584 txp->rnp_auth_string = auth_string; 6585 auth_string = NULL; /* Don't free until done with txp. */ 6586 } 6587 6588 rc_node_rele(np); 6589 if (auth_string != NULL) 6590 free(auth_string); 6591 return (REP_PROTOCOL_SUCCESS); 6592 } 6593 6594 /* 6595 * Return 1 if the given transaction commands only modify the values of 6596 * properties other than "modify_authorization". Return -1 if any of the 6597 * commands are invalid, and 0 otherwise. 6598 */ 6599 static int 6600 tx_allow_value(const void *cmds_arg, size_t cmds_sz, rc_node_t *pg) 6601 { 6602 const struct rep_protocol_transaction_cmd *cmds; 6603 uintptr_t loc; 6604 uint32_t sz; 6605 rc_node_t *prop; 6606 boolean_t ok; 6607 6608 assert(!MUTEX_HELD(&pg->rn_lock)); 6609 6610 loc = (uintptr_t)cmds_arg; 6611 6612 while (cmds_sz > 0) { 6613 cmds = (struct rep_protocol_transaction_cmd *)loc; 6614 6615 if (cmds_sz <= REP_PROTOCOL_TRANSACTION_CMD_MIN_SIZE) 6616 return (-1); 6617 6618 sz = cmds->rptc_size; 6619 if (sz <= REP_PROTOCOL_TRANSACTION_CMD_MIN_SIZE) 6620 return (-1); 6621 6622 sz = TX_SIZE(sz); 6623 if (sz > cmds_sz) 6624 return (-1); 6625 6626 switch (cmds[0].rptc_action) { 6627 case REP_PROTOCOL_TX_ENTRY_CLEAR: 6628 break; 6629 6630 case REP_PROTOCOL_TX_ENTRY_REPLACE: 6631 /* Check type */ 6632 (void) pthread_mutex_lock(&pg->rn_lock); 6633 if (rc_node_find_named_child(pg, 6634 (const char *)cmds[0].rptc_data, 6635 REP_PROTOCOL_ENTITY_PROPERTY, &prop) == 6636 REP_PROTOCOL_SUCCESS) { 6637 ok = (prop != NULL && 6638 prop->rn_valtype == cmds[0].rptc_type); 6639 } else { 6640 /* Return more particular error? */ 6641 ok = B_FALSE; 6642 } 6643 (void) pthread_mutex_unlock(&pg->rn_lock); 6644 if (ok) 6645 break; 6646 return (0); 6647 6648 default: 6649 return (0); 6650 } 6651 6652 if (strcmp((const char *)cmds[0].rptc_data, AUTH_PROP_MODIFY) 6653 == 0) 6654 return (0); 6655 6656 loc += sz; 6657 cmds_sz -= sz; 6658 } 6659 6660 return (1); 6661 } 6662 6663 /* 6664 * Return 1 if any of the given transaction commands affect 6665 * "action_authorization". Return -1 if any of the commands are invalid and 6666 * 0 in all other cases. 6667 */ 6668 static int 6669 tx_modifies_action(const void *cmds_arg, size_t cmds_sz) 6670 { 6671 const struct rep_protocol_transaction_cmd *cmds; 6672 uintptr_t loc; 6673 uint32_t sz; 6674 6675 loc = (uintptr_t)cmds_arg; 6676 6677 while (cmds_sz > 0) { 6678 cmds = (struct rep_protocol_transaction_cmd *)loc; 6679 6680 if (cmds_sz <= REP_PROTOCOL_TRANSACTION_CMD_MIN_SIZE) 6681 return (-1); 6682 6683 sz = cmds->rptc_size; 6684 if (sz <= REP_PROTOCOL_TRANSACTION_CMD_MIN_SIZE) 6685 return (-1); 6686 6687 sz = TX_SIZE(sz); 6688 if (sz > cmds_sz) 6689 return (-1); 6690 6691 if (strcmp((const char *)cmds[0].rptc_data, AUTH_PROP_ACTION) 6692 == 0) 6693 return (1); 6694 6695 loc += sz; 6696 cmds_sz -= sz; 6697 } 6698 6699 return (0); 6700 } 6701 6702 /* 6703 * Returns 1 if the transaction commands only modify properties named 6704 * 'enabled'. 6705 */ 6706 static int 6707 tx_only_enabled(const void *cmds_arg, size_t cmds_sz) 6708 { 6709 const struct rep_protocol_transaction_cmd *cmd; 6710 uintptr_t loc; 6711 uint32_t sz; 6712 6713 loc = (uintptr_t)cmds_arg; 6714 6715 while (cmds_sz > 0) { 6716 cmd = (struct rep_protocol_transaction_cmd *)loc; 6717 6718 if (cmds_sz <= REP_PROTOCOL_TRANSACTION_CMD_MIN_SIZE) 6719 return (-1); 6720 6721 sz = cmd->rptc_size; 6722 if (sz <= REP_PROTOCOL_TRANSACTION_CMD_MIN_SIZE) 6723 return (-1); 6724 6725 sz = TX_SIZE(sz); 6726 if (sz > cmds_sz) 6727 return (-1); 6728 6729 if (strcmp((const char *)cmd->rptc_data, AUTH_PROP_ENABLED) 6730 != 0) 6731 return (0); 6732 6733 loc += sz; 6734 cmds_sz -= sz; 6735 } 6736 6737 return (1); 6738 } 6739 6740 int 6741 rc_tx_commit(rc_node_ptr_t *txp, const void *cmds, size_t cmds_sz) 6742 { 6743 rc_node_t *np = txp->rnp_node; 6744 rc_node_t *pp; 6745 rc_node_t *nnp; 6746 rc_node_pg_notify_t *pnp; 6747 int rc; 6748 permcheck_t *pcp; 6749 int granted, normal; 6750 char *pg_fmri = NULL; 6751 char *auth_string = NULL; 6752 int auth_status = ADT_SUCCESS; 6753 int auth_ret_value = ADT_SUCCESS; 6754 size_t sz_out; 6755 int tx_flag = 1; 6756 tx_commit_data_t *tx_data = NULL; 6757 6758 RC_NODE_CHECK(np); 6759 6760 if ((txp->rnp_authorized != RC_AUTH_UNKNOWN) && 6761 (txp->rnp_auth_string != NULL)) { 6762 auth_string = strdup(txp->rnp_auth_string); 6763 if (auth_string == NULL) 6764 return (REP_PROTOCOL_FAIL_NO_RESOURCES); 6765 } 6766 6767 if ((txp->rnp_authorized == RC_AUTH_UNKNOWN) && 6768 is_main_repository) { 6769 #ifdef NATIVE_BUILD 6770 if (!client_is_privileged()) { 6771 return (REP_PROTOCOL_FAIL_PERMISSION_DENIED); 6772 } 6773 #else 6774 /* permission check: depends on contents of transaction */ 6775 pcp = pc_create(); 6776 if (pcp == NULL) 6777 return (REP_PROTOCOL_FAIL_NO_RESOURCES); 6778 6779 /* If normal is cleared, we won't do the normal checks. */ 6780 normal = 1; 6781 rc = REP_PROTOCOL_SUCCESS; 6782 6783 if (strcmp(np->rn_name, AUTH_PG_GENERAL) == 0 && 6784 strcmp(np->rn_type, AUTH_PG_GENERAL_TYPE) == 0) { 6785 /* Touching general[framework]/action_authorization? */ 6786 rc = tx_modifies_action(cmds, cmds_sz); 6787 if (rc == -1) { 6788 pc_free(pcp); 6789 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 6790 } 6791 6792 if (rc) { 6793 /* Yes: only AUTH_MANAGE can be used. */ 6794 rc = perm_add_enabling(pcp, AUTH_MANAGE); 6795 normal = 0; 6796 } else { 6797 rc = REP_PROTOCOL_SUCCESS; 6798 } 6799 } else if (np->rn_id.rl_ids[ID_INSTANCE] != 0 && 6800 strcmp(np->rn_name, AUTH_PG_GENERAL_OVR) == 0 && 6801 strcmp(np->rn_type, AUTH_PG_GENERAL_OVR_TYPE) == 0) { 6802 rc_node_t *instn; 6803 6804 rc = tx_only_enabled(cmds, cmds_sz); 6805 if (rc == -1) { 6806 pc_free(pcp); 6807 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 6808 } 6809 6810 if (rc) { 6811 rc = rc_node_parent(np, &instn); 6812 if (rc != REP_PROTOCOL_SUCCESS) { 6813 assert(rc == REP_PROTOCOL_FAIL_DELETED); 6814 pc_free(pcp); 6815 return (rc); 6816 } 6817 6818 assert(instn->rn_id.rl_type == 6819 REP_PROTOCOL_ENTITY_INSTANCE); 6820 6821 rc = perm_add_inst_action_auth(pcp, instn); 6822 rc_node_rele(instn); 6823 switch (rc) { 6824 case REP_PROTOCOL_SUCCESS: 6825 break; 6826 6827 case REP_PROTOCOL_FAIL_DELETED: 6828 case REP_PROTOCOL_FAIL_NO_RESOURCES: 6829 pc_free(pcp); 6830 return (rc); 6831 6832 default: 6833 bad_error("perm_add_inst_action_auth", 6834 rc); 6835 } 6836 } else { 6837 rc = REP_PROTOCOL_SUCCESS; 6838 } 6839 } 6840 6841 if (rc == REP_PROTOCOL_SUCCESS && normal) { 6842 rc = perm_add_enabling(pcp, AUTH_MODIFY); 6843 6844 if (rc == REP_PROTOCOL_SUCCESS) { 6845 /* Add pgtype-specific authorization. */ 6846 const char * const auth = 6847 perm_auth_for_pgtype(np->rn_type); 6848 6849 if (auth != NULL) 6850 rc = perm_add_enabling(pcp, auth); 6851 } 6852 6853 /* Add pg-specific modify_authorization auths. */ 6854 if (rc == REP_PROTOCOL_SUCCESS) 6855 rc = perm_add_enabling_values(pcp, np, 6856 AUTH_PROP_MODIFY); 6857 6858 /* If value_authorization values are ok, add them. */ 6859 if (rc == REP_PROTOCOL_SUCCESS) { 6860 rc = tx_allow_value(cmds, cmds_sz, np); 6861 if (rc == -1) 6862 rc = REP_PROTOCOL_FAIL_BAD_REQUEST; 6863 else if (rc) 6864 rc = perm_add_enabling_values(pcp, np, 6865 AUTH_PROP_VALUE); 6866 } 6867 } 6868 6869 if (rc == REP_PROTOCOL_SUCCESS) { 6870 granted = perm_granted(pcp); 6871 if (granted < 0) { 6872 rc = REP_PROTOCOL_FAIL_NO_RESOURCES; 6873 } else { 6874 /* 6875 * Copy out the authorization string before 6876 * freeing pcp. 6877 */ 6878 auth_string = strdup(pcp->pc_auth_string); 6879 if (auth_string == NULL) 6880 rc = REP_PROTOCOL_FAIL_NO_RESOURCES; 6881 } 6882 } 6883 6884 pc_free(pcp); 6885 6886 if (rc != REP_PROTOCOL_SUCCESS) 6887 goto cleanout; 6888 6889 if (!granted) { 6890 auth_status = ADT_FAILURE; 6891 auth_ret_value = ADT_FAIL_VALUE_AUTH; 6892 tx_flag = 0; 6893 } 6894 #endif /* NATIVE_BUILD */ 6895 } else if (txp->rnp_authorized == RC_AUTH_FAILED) { 6896 auth_status = ADT_FAILURE; 6897 auth_ret_value = ADT_FAIL_VALUE_AUTH; 6898 tx_flag = 0; 6899 } 6900 6901 pg_fmri = malloc(REP_PROTOCOL_FMRI_LEN); 6902 if (pg_fmri == NULL) { 6903 rc = REP_PROTOCOL_FAIL_NO_RESOURCES; 6904 goto cleanout; 6905 } 6906 if ((rc = rc_node_get_fmri_or_fragment(np, pg_fmri, 6907 REP_PROTOCOL_FMRI_LEN, &sz_out)) != REP_PROTOCOL_SUCCESS) { 6908 goto cleanout; 6909 } 6910 6911 /* 6912 * Parse the transaction commands into a useful form. 6913 */ 6914 if ((rc = tx_commit_data_new(cmds, cmds_sz, &tx_data)) != 6915 REP_PROTOCOL_SUCCESS) { 6916 goto cleanout; 6917 } 6918 6919 if (tx_flag == 0) { 6920 /* Authorization failed. Generate audit events. */ 6921 generate_property_events(tx_data, pg_fmri, auth_string, 6922 auth_status, auth_ret_value); 6923 rc = REP_PROTOCOL_FAIL_PERMISSION_DENIED; 6924 goto cleanout; 6925 } 6926 6927 nnp = rc_node_alloc(); 6928 if (nnp == NULL) { 6929 rc = REP_PROTOCOL_FAIL_NO_RESOURCES; 6930 goto cleanout; 6931 } 6932 6933 nnp->rn_id = np->rn_id; /* structure assignment */ 6934 nnp->rn_hash = np->rn_hash; 6935 nnp->rn_name = strdup(np->rn_name); 6936 nnp->rn_type = strdup(np->rn_type); 6937 nnp->rn_pgflags = np->rn_pgflags; 6938 6939 nnp->rn_flags = RC_NODE_IN_TX | RC_NODE_USING_PARENT; 6940 6941 if (nnp->rn_name == NULL || nnp->rn_type == NULL) { 6942 rc_node_destroy(nnp); 6943 rc = REP_PROTOCOL_FAIL_NO_RESOURCES; 6944 goto cleanout; 6945 } 6946 6947 (void) pthread_mutex_lock(&np->rn_lock); 6948 6949 /* 6950 * We must have all of the old properties in the cache, or the 6951 * database deletions could cause inconsistencies. 6952 */ 6953 if ((rc = rc_node_fill_children(np, REP_PROTOCOL_ENTITY_PROPERTY)) != 6954 REP_PROTOCOL_SUCCESS) { 6955 (void) pthread_mutex_unlock(&np->rn_lock); 6956 rc_node_destroy(nnp); 6957 goto cleanout; 6958 } 6959 6960 if (!rc_node_hold_flag(np, RC_NODE_USING_PARENT)) { 6961 (void) pthread_mutex_unlock(&np->rn_lock); 6962 rc_node_destroy(nnp); 6963 rc = REP_PROTOCOL_FAIL_DELETED; 6964 goto cleanout; 6965 } 6966 6967 if (np->rn_flags & RC_NODE_OLD) { 6968 rc_node_rele_flag(np, RC_NODE_USING_PARENT); 6969 (void) pthread_mutex_unlock(&np->rn_lock); 6970 rc_node_destroy(nnp); 6971 rc = REP_PROTOCOL_FAIL_NOT_LATEST; 6972 goto cleanout; 6973 } 6974 6975 pp = rc_node_hold_parent_flag(np, RC_NODE_CHILDREN_CHANGING); 6976 if (pp == NULL) { 6977 /* our parent is gone, we're going next... */ 6978 rc_node_destroy(nnp); 6979 (void) pthread_mutex_lock(&np->rn_lock); 6980 if (np->rn_flags & RC_NODE_OLD) { 6981 (void) pthread_mutex_unlock(&np->rn_lock); 6982 rc = REP_PROTOCOL_FAIL_NOT_LATEST; 6983 goto cleanout; 6984 } 6985 (void) pthread_mutex_unlock(&np->rn_lock); 6986 rc = REP_PROTOCOL_FAIL_DELETED; 6987 goto cleanout; 6988 } 6989 (void) pthread_mutex_unlock(&pp->rn_lock); 6990 6991 /* 6992 * prepare for the transaction 6993 */ 6994 (void) pthread_mutex_lock(&np->rn_lock); 6995 if (!rc_node_hold_flag(np, RC_NODE_IN_TX)) { 6996 (void) pthread_mutex_unlock(&np->rn_lock); 6997 (void) pthread_mutex_lock(&pp->rn_lock); 6998 rc_node_rele_flag(pp, RC_NODE_CHILDREN_CHANGING); 6999 (void) pthread_mutex_unlock(&pp->rn_lock); 7000 rc_node_destroy(nnp); 7001 rc = REP_PROTOCOL_FAIL_DELETED; 7002 goto cleanout; 7003 } 7004 nnp->rn_gen_id = np->rn_gen_id; 7005 (void) pthread_mutex_unlock(&np->rn_lock); 7006 7007 /* Sets nnp->rn_gen_id on success. */ 7008 rc = object_tx_commit(&np->rn_id, tx_data, &nnp->rn_gen_id); 7009 7010 (void) pthread_mutex_lock(&np->rn_lock); 7011 if (rc != REP_PROTOCOL_SUCCESS) { 7012 rc_node_rele_flag(np, RC_NODE_IN_TX); 7013 (void) pthread_mutex_unlock(&np->rn_lock); 7014 (void) pthread_mutex_lock(&pp->rn_lock); 7015 rc_node_rele_flag(pp, RC_NODE_CHILDREN_CHANGING); 7016 (void) pthread_mutex_unlock(&pp->rn_lock); 7017 rc_node_destroy(nnp); 7018 rc_node_clear(txp, 0); 7019 if (rc == REP_PROTOCOL_DONE) 7020 rc = REP_PROTOCOL_SUCCESS; /* successful empty tx */ 7021 goto cleanout; 7022 } 7023 7024 /* 7025 * Notify waiters 7026 */ 7027 (void) pthread_mutex_lock(&rc_pg_notify_lock); 7028 while ((pnp = uu_list_first(np->rn_pg_notify_list)) != NULL) 7029 rc_pg_notify_fire(pnp); 7030 (void) pthread_mutex_unlock(&rc_pg_notify_lock); 7031 7032 np->rn_flags |= RC_NODE_OLD; 7033 (void) pthread_mutex_unlock(&np->rn_lock); 7034 7035 rc_notify_remove_node(np); 7036 7037 /* 7038 * replace np with nnp 7039 */ 7040 rc_node_relink_child(pp, np, nnp); 7041 7042 /* 7043 * all done -- clear the transaction. 7044 */ 7045 rc_node_clear(txp, 0); 7046 generate_property_events(tx_data, pg_fmri, auth_string, 7047 auth_status, auth_ret_value); 7048 7049 rc = REP_PROTOCOL_SUCCESS; 7050 7051 cleanout: 7052 free(auth_string); 7053 free(pg_fmri); 7054 tx_commit_data_free(tx_data); 7055 return (rc); 7056 } 7057 7058 void 7059 rc_pg_notify_init(rc_node_pg_notify_t *pnp) 7060 { 7061 uu_list_node_init(pnp, &pnp->rnpn_node, rc_pg_notify_pool); 7062 pnp->rnpn_pg = NULL; 7063 pnp->rnpn_fd = -1; 7064 } 7065 7066 int 7067 rc_pg_notify_setup(rc_node_pg_notify_t *pnp, rc_node_ptr_t *npp, int fd) 7068 { 7069 rc_node_t *np; 7070 7071 RC_NODE_PTR_GET_CHECK_AND_LOCK(np, npp); 7072 7073 if (np->rn_id.rl_type != REP_PROTOCOL_ENTITY_PROPERTYGRP) { 7074 (void) pthread_mutex_unlock(&np->rn_lock); 7075 return (REP_PROTOCOL_FAIL_BAD_REQUEST); 7076 } 7077 7078 /* 7079 * wait for any transaction in progress to complete 7080 */ 7081 if (!rc_node_wait_flag(np, RC_NODE_IN_TX)) { 7082 (void) pthread_mutex_unlock(&np->rn_lock); 7083 return (REP_PROTOCOL_FAIL_DELETED); 7084 } 7085 7086 if (np->rn_flags & RC_NODE_OLD) { 7087 (void) pthread_mutex_unlock(&np->rn_lock); 7088 return (REP_PROTOCOL_FAIL_NOT_LATEST); 7089 } 7090 7091 (void) pthread_mutex_lock(&rc_pg_notify_lock); 7092 rc_pg_notify_fire(pnp); 7093 pnp->rnpn_pg = np; 7094 pnp->rnpn_fd = fd; 7095 (void) uu_list_insert_after(np->rn_pg_notify_list, NULL, pnp); 7096 (void) pthread_mutex_unlock(&rc_pg_notify_lock); 7097 7098 (void) pthread_mutex_unlock(&np->rn_lock); 7099 return (REP_PROTOCOL_SUCCESS); 7100 } 7101 7102 void 7103 rc_pg_notify_fini(rc_node_pg_notify_t *pnp) 7104 { 7105 (void) pthread_mutex_lock(&rc_pg_notify_lock); 7106 rc_pg_notify_fire(pnp); 7107 (void) pthread_mutex_unlock(&rc_pg_notify_lock); 7108 7109 uu_list_node_fini(pnp, &pnp->rnpn_node, rc_pg_notify_pool); 7110 } 7111 7112 void 7113 rc_notify_info_init(rc_notify_info_t *rnip) 7114 { 7115 int i; 7116 7117 uu_list_node_init(rnip, &rnip->rni_list_node, rc_notify_info_pool); 7118 uu_list_node_init(&rnip->rni_notify, &rnip->rni_notify.rcn_list_node, 7119 rc_notify_pool); 7120 7121 rnip->rni_notify.rcn_node = NULL; 7122 rnip->rni_notify.rcn_info = rnip; 7123 7124 bzero(rnip->rni_namelist, sizeof (rnip->rni_namelist)); 7125 bzero(rnip->rni_typelist, sizeof (rnip->rni_typelist)); 7126 7127 (void) pthread_cond_init(&rnip->rni_cv, NULL); 7128 7129 for (i = 0; i < RC_NOTIFY_MAX_NAMES; i++) { 7130 rnip->rni_namelist[i] = NULL; 7131 rnip->rni_typelist[i] = NULL; 7132 } 7133 } 7134 7135 static void 7136 rc_notify_info_insert_locked(rc_notify_info_t *rnip) 7137 { 7138 assert(MUTEX_HELD(&rc_pg_notify_lock)); 7139 7140 assert(!(rnip->rni_flags & RC_NOTIFY_ACTIVE)); 7141 7142 rnip->rni_flags |= RC_NOTIFY_ACTIVE; 7143 (void) uu_list_insert_after(rc_notify_info_list, NULL, rnip); 7144 (void) uu_list_insert_before(rc_notify_list, NULL, &rnip->rni_notify); 7145 } 7146 7147 static void 7148 rc_notify_info_remove_locked(rc_notify_info_t *rnip) 7149 { 7150 rc_notify_t *me = &rnip->rni_notify; 7151 rc_notify_t *np; 7152 7153 assert(MUTEX_HELD(&rc_pg_notify_lock)); 7154 7155 assert(rnip->rni_flags & RC_NOTIFY_ACTIVE); 7156 7157 assert(!(rnip->rni_flags & RC_NOTIFY_DRAIN)); 7158 rnip->rni_flags |= RC_NOTIFY_DRAIN; 7159 (void) pthread_cond_broadcast(&rnip->rni_cv); 7160 7161 (void) uu_list_remove(rc_notify_info_list, rnip); 7162 7163 /* 7164 * clean up any notifications at the beginning of the list 7165 */ 7166 if (uu_list_first(rc_notify_list) == me) { 7167 while ((np = uu_list_next(rc_notify_list, me)) != NULL && 7168 np->rcn_info == NULL) 7169 rc_notify_remove_locked(np); 7170 } 7171 (void) uu_list_remove(rc_notify_list, me); 7172 7173 while (rnip->rni_waiters) { 7174 (void) pthread_cond_broadcast(&rc_pg_notify_cv); 7175 (void) pthread_cond_broadcast(&rnip->rni_cv); 7176 (void) pthread_cond_wait(&rnip->rni_cv, &rc_pg_notify_lock); 7177 } 7178 7179 rnip->rni_flags &= ~(RC_NOTIFY_DRAIN | RC_NOTIFY_ACTIVE); 7180 } 7181 7182 static int 7183 rc_notify_info_add_watch(rc_notify_info_t *rnip, const char **arr, 7184 const char *name) 7185 { 7186 int i; 7187 int rc; 7188 char *f; 7189 7190 rc = rc_check_type_name(REP_PROTOCOL_ENTITY_PROPERTYGRP, name); 7191 if (rc != REP_PROTOCOL_SUCCESS) 7192 return (rc); 7193 7194 f = strdup(name); 7195 if (f == NULL) 7196 return (REP_PROTOCOL_FAIL_NO_RESOURCES); 7197 7198 (void) pthread_mutex_lock(&rc_pg_notify_lock); 7199 7200 while (rnip->rni_flags & RC_NOTIFY_EMPTYING) 7201 (void) pthread_cond_wait(&rnip->rni_cv, &rc_pg_notify_lock); 7202 7203 for (i = 0; i < RC_NOTIFY_MAX_NAMES; i++) 7204 if (arr[i] == NULL) 7205 break; 7206 7207 if (i == RC_NOTIFY_MAX_NAMES) { 7208 (void) pthread_mutex_unlock(&rc_pg_notify_lock); 7209 free(f); 7210 return (REP_PROTOCOL_FAIL_NO_RESOURCES); 7211 } 7212 7213 arr[i] = f; 7214 if (!(rnip->rni_flags & RC_NOTIFY_ACTIVE)) 7215 rc_notify_info_insert_locked(rnip); 7216 7217 (void) pthread_mutex_unlock(&rc_pg_notify_lock); 7218 return (REP_PROTOCOL_SUCCESS); 7219 } 7220 7221 int 7222 rc_notify_info_add_name(rc_notify_info_t *rnip, const char *name) 7223 { 7224 return (rc_notify_info_add_watch(rnip, rnip->rni_namelist, name)); 7225 } 7226 7227 int 7228 rc_notify_info_add_type(rc_notify_info_t *rnip, const char *type) 7229 { 7230 return (rc_notify_info_add_watch(rnip, rnip->rni_typelist, type)); 7231 } 7232 7233 /* 7234 * Wait for and report an event of interest to rnip, a notification client 7235 */ 7236 int 7237 rc_notify_info_wait(rc_notify_info_t *rnip, rc_node_ptr_t *out, 7238 char *outp, size_t sz) 7239 { 7240 rc_notify_t *np; 7241 rc_notify_t *me = &rnip->rni_notify; 7242 rc_node_t *nnp; 7243 rc_notify_delete_t *ndp; 7244 7245 int am_first_info; 7246 7247 if (sz > 0) 7248 outp[0] = 0; 7249 7250 (void) pthread_mutex_lock(&rc_pg_notify_lock); 7251 7252 while ((rnip->rni_flags & (RC_NOTIFY_ACTIVE | RC_NOTIFY_DRAIN)) == 7253 RC_NOTIFY_ACTIVE) { 7254 /* 7255 * If I'm first on the notify list, it is my job to 7256 * clean up any notifications I pass by. I can't do that 7257 * if someone is blocking the list from removals, so I 7258 * have to wait until they have all drained. 7259 */ 7260 am_first_info = (uu_list_first(rc_notify_list) == me); 7261 if (am_first_info && rc_notify_in_use) { 7262 rnip->rni_waiters++; 7263 (void) pthread_cond_wait(&rc_pg_notify_cv, 7264 &rc_pg_notify_lock); 7265 rnip->rni_waiters--; 7266 continue; 7267 } 7268 7269 /* 7270 * Search the list for a node of interest. 7271 */ 7272 np = uu_list_next(rc_notify_list, me); 7273 while (np != NULL && !rc_notify_info_interested(rnip, np)) { 7274 rc_notify_t *next = uu_list_next(rc_notify_list, np); 7275 7276 if (am_first_info) { 7277 if (np->rcn_info) { 7278 /* 7279 * Passing another client -- stop 7280 * cleaning up notifications 7281 */ 7282 am_first_info = 0; 7283 } else { 7284 rc_notify_remove_locked(np); 7285 } 7286 } 7287 np = next; 7288 } 7289 7290 /* 7291 * Nothing of interest -- wait for notification 7292 */ 7293 if (np == NULL) { 7294 rnip->rni_waiters++; 7295 (void) pthread_cond_wait(&rnip->rni_cv, 7296 &rc_pg_notify_lock); 7297 rnip->rni_waiters--; 7298 continue; 7299 } 7300 7301 /* 7302 * found something to report -- move myself after the 7303 * notification and process it. 7304 */ 7305 (void) uu_list_remove(rc_notify_list, me); 7306 (void) uu_list_insert_after(rc_notify_list, np, me); 7307 7308 if ((ndp = np->rcn_delete) != NULL) { 7309 (void) strlcpy(outp, ndp->rnd_fmri, sz); 7310 if (am_first_info) 7311 rc_notify_remove_locked(np); 7312 (void) pthread_mutex_unlock(&rc_pg_notify_lock); 7313 rc_node_clear(out, 0); 7314 return (REP_PROTOCOL_SUCCESS); 7315 } 7316 7317 nnp = np->rcn_node; 7318 assert(nnp != NULL); 7319 7320 /* 7321 * We can't bump nnp's reference count without grabbing its 7322 * lock, and rc_pg_notify_lock is a leaf lock. So we 7323 * temporarily block all removals to keep nnp from 7324 * disappearing. 7325 */ 7326 rc_notify_in_use++; 7327 assert(rc_notify_in_use > 0); 7328 (void) pthread_mutex_unlock(&rc_pg_notify_lock); 7329 7330 rc_node_assign(out, nnp); 7331 7332 (void) pthread_mutex_lock(&rc_pg_notify_lock); 7333 assert(rc_notify_in_use > 0); 7334 rc_notify_in_use--; 7335 if (am_first_info) 7336 rc_notify_remove_locked(np); 7337 if (rc_notify_in_use == 0) 7338 (void) pthread_cond_broadcast(&rc_pg_notify_cv); 7339 (void) pthread_mutex_unlock(&rc_pg_notify_lock); 7340 7341 return (REP_PROTOCOL_SUCCESS); 7342 } 7343 /* 7344 * If we're the last one out, let people know it's clear. 7345 */ 7346 if (rnip->rni_waiters == 0) 7347 (void) pthread_cond_broadcast(&rnip->rni_cv); 7348 (void) pthread_mutex_unlock(&rc_pg_notify_lock); 7349 return (REP_PROTOCOL_DONE); 7350 } 7351 7352 static void 7353 rc_notify_info_reset(rc_notify_info_t *rnip) 7354 { 7355 int i; 7356 7357 (void) pthread_mutex_lock(&rc_pg_notify_lock); 7358 if (rnip->rni_flags & RC_NOTIFY_ACTIVE) 7359 rc_notify_info_remove_locked(rnip); 7360 assert(!(rnip->rni_flags & (RC_NOTIFY_DRAIN | RC_NOTIFY_EMPTYING))); 7361 rnip->rni_flags |= RC_NOTIFY_EMPTYING; 7362 (void) pthread_mutex_unlock(&rc_pg_notify_lock); 7363 7364 for (i = 0; i < RC_NOTIFY_MAX_NAMES; i++) { 7365 if (rnip->rni_namelist[i] != NULL) { 7366 free((void *)rnip->rni_namelist[i]); 7367 rnip->rni_namelist[i] = NULL; 7368 } 7369 if (rnip->rni_typelist[i] != NULL) { 7370 free((void *)rnip->rni_typelist[i]); 7371 rnip->rni_typelist[i] = NULL; 7372 } 7373 } 7374 7375 (void) pthread_mutex_lock(&rc_pg_notify_lock); 7376 rnip->rni_flags &= ~RC_NOTIFY_EMPTYING; 7377 (void) pthread_mutex_unlock(&rc_pg_notify_lock); 7378 } 7379 7380 void 7381 rc_notify_info_fini(rc_notify_info_t *rnip) 7382 { 7383 rc_notify_info_reset(rnip); 7384 7385 uu_list_node_fini(rnip, &rnip->rni_list_node, rc_notify_info_pool); 7386 uu_list_node_fini(&rnip->rni_notify, &rnip->rni_notify.rcn_list_node, 7387 rc_notify_pool); 7388 } 7389