1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <sys/types.h> 30 #include <pwd.h> 31 #include <stdio.h> 32 #include <synch.h> 33 #include <sys/param.h> 34 #include <fcntl.h> 35 #include <unistd.h> 36 #include "ns_cache_door.h" 37 #include <door.h> 38 39 #if defined(PIC) || defined(lint) 40 41 /* 42 * 43 * Routine that actually performs the door call. 44 * Note that we cache a file descriptor. We do 45 * the following to prevent disasters: 46 * 47 * 1) Never use 0,1 or 2; if we get this from the open 48 * we dup it upwards. 49 * 50 * 2) Set the close on exec flags so descriptor remains available 51 * to child processes. 52 * 53 * 3) Verify that the door is still the same one we had before 54 * by using door_info on the client side. 55 * 56 * Note that we never close the file descriptor if it isn't one 57 * we allocated; we check this with door info. The rather tricky 58 * logic is designed to be fast in the normal case (fd is already 59 * allocated and is ok) while handling the case where the application 60 * closed it underneath us or where the nscd dies or re-execs itself 61 * and we're a multi-threaded application. Note that we cannot protect 62 * the application if it closes the fd and it is multi-threaded. 63 * 64 * int _cache_trydoorcall(void *dptr, int *bufsize, int *actualsize); 65 * 66 * *dptr IN: points to arg buffer OUT: points to results buffer 67 * *bufsize IN: overall size of buffer OUT: overall size of buffer 68 * *actualsize IN: size of call data OUT: size of return data 69 * 70 * Note that *dptr may change if provided space as defined by *bufsize is 71 * inadequate. In this case the door call mmaps more space and places 72 * the answer there and sets dptr to contain a pointer to the space, which 73 * should be freed with munmap. 74 * 75 * Returns 0 if the door call reached the server, -1 if contact was not made. 76 * 77 */ 78 79 extern int errno; 80 static mutex_t _door_lock = DEFAULTMUTEX; 81 82 int 83 __ns_ldap_trydoorcall(ldap_data_t **dptr, int *ndata, int *adata) 84 { 85 static int doorfd = -1; 86 static door_info_t real_door; 87 door_info_t my_door; 88 door_arg_t param; 89 90 /* 91 * the first time in we try and open and validate the door. 92 * the validations are that the door must have been 93 * created with the name service door cookie and 94 * that the file attached to the door is owned by root 95 * and readonly by user, group and other. If any of these 96 * validations fail we refuse to use the door. 97 */ 98 99 (void) mutex_lock(&_door_lock); 100 101 try_again: 102 103 if (doorfd == -1) { 104 105 int tbc[3]; 106 int i; 107 if ((doorfd = open(LDAP_CACHE_DOOR, O_RDONLY, 0)) 108 == -1) { 109 (void) mutex_unlock(&_door_lock); 110 return (NOSERVER); 111 } 112 113 /* 114 * dup up the file descriptor if we have 0 - 2 115 * to avoid problems with shells stdin/out/err 116 */ 117 i = 0; 118 119 while (doorfd < 3) { /* we have a reserved fd */ 120 tbc[i++] = doorfd; 121 if ((doorfd = dup(doorfd)) < 0) { 122 while (i--) 123 (void) close(tbc[i]); 124 doorfd = -1; 125 (void) mutex_unlock(&_door_lock); 126 return (NOSERVER); 127 } 128 } 129 130 while (i--) 131 (void) close(tbc[i]); 132 133 /* 134 * mark this door descriptor as close on exec 135 */ 136 (void) fcntl(doorfd, F_SETFD, FD_CLOEXEC); 137 if (door_info(doorfd, &real_door) == -1) { 138 /* 139 * we should close doorfd because we just opened it 140 */ 141 (void) close(doorfd); 142 doorfd = -1; 143 (void) mutex_unlock(&_door_lock); 144 return (NOSERVER); 145 } 146 147 if ((real_door.di_attributes & DOOR_REVOKED) || 148 (real_door.di_data != 149 (door_ptr_t)LDAP_CACHE_DOOR_COOKIE)) { 150 (void) close(doorfd); 151 doorfd = -1; 152 (void) mutex_unlock(&_door_lock); 153 return (NOSERVER); 154 } 155 } else { 156 157 if ((door_info(doorfd, &my_door) == -1) || 158 (my_door.di_data != (door_ptr_t)LDAP_CACHE_DOOR_COOKIE) || 159 (my_door.di_uniquifier != real_door.di_uniquifier)) { 160 /* 161 * don't close it - 162 * someone else has clobbered fd 163 */ 164 doorfd = -1; 165 goto try_again; 166 } 167 168 if (my_door.di_attributes & DOOR_REVOKED) { 169 (void) close(doorfd); 170 doorfd = -1; /* try and restart connection */ 171 goto try_again; 172 } 173 } 174 175 (void) mutex_unlock(&_door_lock); 176 177 param.rbuf = (char *)*dptr; 178 param.rsize = *ndata; 179 param.data_ptr = (char *)*dptr; 180 param.data_size = *adata; 181 param.desc_ptr = NULL; 182 param.desc_num = 0; 183 if (door_call(doorfd, ¶m) == -1) { 184 return (NOSERVER); 185 } 186 *adata = (int)param.data_size; 187 *ndata = (int)param.rsize; 188 *dptr = (ldap_data_t *)param.data_ptr; 189 if (*adata == 0 || *dptr == NULL) { 190 return (NOSERVER); 191 } 192 193 return ((*dptr)->ldap_ret.ldap_return_code); 194 } 195 196 /* 197 * routine to check if server is already running 198 */ 199 200 int 201 __ns_ldap_cache_ping() 202 { 203 ldap_data_t data; 204 ldap_data_t *dptr; 205 int ndata; 206 int adata; 207 208 data.ldap_call.ldap_callnumber = NULLCALL; 209 ndata = sizeof (data); 210 adata = sizeof (data); 211 dptr = &data; 212 return (__ns_ldap_trydoorcall(&dptr, &ndata, &adata)); 213 } 214 215 #endif /* PIC */ 216