1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 23 /* 24 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 25 * Use is subject to license terms. 26 */ 27 28 #pragma ident "%Z%%M% %I% %E% SMI" 29 30 #include <sys/types.h> 31 #include <pwd.h> 32 #include <stdio.h> 33 #include <synch.h> 34 #include <sys/param.h> 35 #include <fcntl.h> 36 #include <unistd.h> 37 #include "ns_cache_door.h" 38 #include <door.h> 39 40 #if defined(PIC) || defined(lint) 41 42 /* 43 * 44 * Routine that actually performs the door call. 45 * Note that we cache a file descriptor. We do 46 * the following to prevent disasters: 47 * 48 * 1) Never use 0,1 or 2; if we get this from the open 49 * we dup it upwards. 50 * 51 * 2) Set the close on exec flags so descriptor remains available 52 * to child processes. 53 * 54 * 3) Verify that the door is still the same one we had before 55 * by using door_info on the client side. 56 * 57 * Note that we never close the file descriptor if it isn't one 58 * we allocated; we check this with door info. The rather tricky 59 * logic is designed to be fast in the normal case (fd is already 60 * allocated and is ok) while handling the case where the application 61 * closed it underneath us or where the nscd dies or re-execs itself 62 * and we're a multi-threaded application. Note that we cannot protect 63 * the application if it closes the fd and it is multi-threaded. 64 * 65 * int _cache_trydoorcall(void *dptr, int *bufsize, int *actualsize); 66 * 67 * *dptr IN: points to arg buffer OUT: points to results buffer 68 * *bufsize IN: overall size of buffer OUT: overall size of buffer 69 * *actualsize IN: size of call data OUT: size of return data 70 * 71 * Note that *dptr may change if provided space as defined by *bufsize is 72 * inadequate. In this case the door call mmaps more space and places 73 * the answer there and sets dptr to contain a pointer to the space, which 74 * should be freed with munmap. 75 * 76 * Returns 0 if the door call reached the server, -1 if contact was not made. 77 * 78 */ 79 80 extern int errno; 81 static mutex_t _door_lock = DEFAULTMUTEX; 82 83 int 84 __ns_ldap_trydoorcall(ldap_data_t **dptr, int *ndata, int *adata) 85 { 86 static int doorfd = -1; 87 static door_info_t real_door; 88 door_info_t my_door; 89 door_arg_t param; 90 91 /* 92 * the first time in we try and open and validate the door. 93 * the validations are that the door must have been 94 * created with the name service door cookie and 95 * that the file attached to the door is owned by root 96 * and readonly by user, group and other. If any of these 97 * validations fail we refuse to use the door. 98 */ 99 100 (void) mutex_lock(&_door_lock); 101 102 try_again: 103 104 if (doorfd == -1) { 105 106 int tbc[3]; 107 int i; 108 if ((doorfd = open(LDAP_CACHE_DOOR, O_RDONLY, 0)) 109 == -1) { 110 (void) mutex_unlock(&_door_lock); 111 return (NOSERVER); 112 } 113 114 /* 115 * dup up the file descriptor if we have 0 - 2 116 * to avoid problems with shells stdin/out/err 117 */ 118 i = 0; 119 120 while (doorfd < 3) { /* we have a reserved fd */ 121 tbc[i++] = doorfd; 122 if ((doorfd = dup(doorfd)) < 0) { 123 while (i--) 124 (void) close(tbc[i]); 125 doorfd = -1; 126 (void) mutex_unlock(&_door_lock); 127 return (NOSERVER); 128 } 129 } 130 131 while (i--) 132 (void) close(tbc[i]); 133 134 /* 135 * mark this door descriptor as close on exec 136 */ 137 (void) fcntl(doorfd, F_SETFD, FD_CLOEXEC); 138 if (door_info(doorfd, &real_door) == -1 || 139 (real_door.di_attributes & DOOR_REVOKED) || 140 real_door.di_data != (uintptr_t)LDAP_CACHE_DOOR_COOKIE) { 141 /* 142 * we should close doorfd because we just opened it 143 */ 144 (void) close(doorfd); 145 doorfd = -1; 146 (void) mutex_unlock(&_door_lock); 147 return (NOSERVER); 148 } 149 } else { 150 if (door_info(doorfd, &my_door) == -1 || 151 my_door.di_data != (uintptr_t)LDAP_CACHE_DOOR_COOKIE || 152 my_door.di_uniquifier != real_door.di_uniquifier) { 153 /* 154 * don't close it - 155 * someone else has clobbered fd 156 */ 157 doorfd = -1; 158 goto try_again; 159 } 160 161 if (my_door.di_attributes & DOOR_REVOKED) { 162 (void) close(doorfd); 163 doorfd = -1; /* try and restart connection */ 164 goto try_again; 165 } 166 } 167 168 (void) mutex_unlock(&_door_lock); 169 170 param.rbuf = (char *)*dptr; 171 param.rsize = *ndata; 172 param.data_ptr = (char *)*dptr; 173 param.data_size = *adata; 174 param.desc_ptr = NULL; 175 param.desc_num = 0; 176 if (door_call(doorfd, ¶m) == -1) { 177 return (NOSERVER); 178 } 179 *adata = (int)param.data_size; 180 *ndata = (int)param.rsize; 181 *dptr = (ldap_data_t *)param.data_ptr; 182 if (*adata == 0 || *dptr == NULL) { 183 return (NOSERVER); 184 } 185 186 return ((*dptr)->ldap_ret.ldap_return_code); 187 } 188 189 /* 190 * routine to check if server is already running 191 */ 192 193 int 194 __ns_ldap_cache_ping() 195 { 196 ldap_data_t data; 197 ldap_data_t *dptr; 198 int ndata; 199 int adata; 200 201 data.ldap_call.ldap_callnumber = NULLCALL; 202 ndata = sizeof (data); 203 adata = sizeof (data); 204 dptr = &data; 205 return (__ns_ldap_trydoorcall(&dptr, &ndata, &adata)); 206 } 207 208 #endif /* PIC */ 209