cachemgr.c revision 8142c2b2a11acff39ec7e0576c566a751eb30ba6
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* Simple doors ldap cache daemon
*/
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <door.h>
#include <time.h>
#include <string.h>
#include <strings.h>
#include <libintl.h>
#include <stdlib.h>
#include <errno.h>
#include <pthread.h>
#include <thread.h>
#include <stdarg.h>
#include <fcntl.h>
#include <assert.h>
#include <unistd.h>
#include <memory.h>
#include <syslog.h>
#include <locale.h> /* LC_ALL */
#include <alloca.h>
#include <ucontext.h>
#include "getxby_door.h"
#include "cachemgr.h"
static void detachfromtty();
static int will_become_server;
static void usage(char *s);
#ifdef SLP
int use_slp = 0;
#endif /* SLP */
static ldap_stat_t *
getcacheptr(char *s)
{
return (¤t_admin.ldap_stat);
return (NULL);
}
char *
getcacheopt(char *s)
{
while (*s && *s != ',')
s++;
}
/*
* This is here to prevent the ldap_cachemgr becomes
* daemonlized to early to soon during boot time.
* This causes problems during boot when automounter
* and others try to use libsldap before ldap_cachemgr
* finishes walking the server list.
*/
static void
sig_ok_to_exit(int signo)
{
logit("sig_ok_to_exit(): parent exiting...\n");
exit(0);
} else {
logit("sig_ok_to_exit(): invalid signal(%d) received.\n",
signo);
"invalid signal(%d) received."), signo);
exit(1);
}
}
#define TABLE_THREADS 10
#define COMMON_THREADS 20
#define CACHE_HIT_THREADS 20
static sema_t common_sema;
static thread_key_t lookup_state_key;
static void
{
}
int
get_clearance(int callnumber)
{
char *tab;
if (sema_trywait(&common_sema) == 0) {
return (0);
}
switch (callnumber) {
case GETLDAPCONFIG:
tab = "ldap";
table_sema = &ldap_sema;
break;
default:
logit("Internal Error: get_clearance\n");
break;
}
if (sema_trywait(table_sema) == 0) {
return (0);
}
}
return (-1);
}
int
{
int which;
if (which == 0) /* from common pool */ {
(void) sema_post(&common_sema);
return (0);
}
switch (callnumber) {
case GETLDAPCONFIG:
table_sema = &ldap_sema;
break;
default:
logit("Internal Error: release_clearance\n");
break;
}
(void) sema_post(table_sema);
return (0);
}
static mutex_t create_lock;
static int num_servers = 0;
static thread_key_t server_key;
/*
* Bind a TSD value to a server thread. This enables the destructor to
* but better safe than sorry.
*/
/*ARGSUSED*/
static void *
server_tsd_bind(void *arg)
{
static void *value = 0;
/*
* disable cancellation to prevent hangs when server
* threads disappear
*/
return (value);
}
/*
* Server threads are created here.
*/
/*ARGSUSED*/
static void
{
(void) mutex_lock(&create_lock);
if (++num_servers > MAX_SERVER_THREADS) {
num_servers--;
(void) mutex_unlock(&create_lock);
return;
}
(void) mutex_unlock(&create_lock);
}
/*
* Server thread are destroyed here
*/
/*ARGSUSED*/
static void
server_destroy(void *arg)
{
(void) mutex_lock(&create_lock);
num_servers--;
(void) mutex_unlock(&create_lock);
}
int
{
int did;
int opt;
int errflg = 0;
int showstats = 0;
int doset = 0;
int dofg = 0;
struct sigaction sighupaction;
static void client_killserver();
int debug_level = 0;
/* setup for localization */
(void) textdomain(TEXT_DOMAIN);
if (chdir(NSLDAPDIRECTORY) < 0) {
exit(1);
}
/*
* Correctly set file mode creation mask, so to make the new files
* created for door calls being readable by all.
*/
(void) umask(0);
/*
* stats
*/
if (geteuid()) {
gettext("Must be root to use any option "
"other than -g.\n\n"));
}
if ((__ns_ldap_cache_ping() != SUCCESS) ||
(client_getadmin(¤t_admin) != 0)) {
gettext("%s doesn't appear to be running.\n"),
argv[0]);
exit(1);
}
(void) client_showstats(¤t_admin);
exit(0);
}
/*
* Determine if there is already a daemon running
*/
/*
* load normal config file
*/
if (will_become_server) {
static const ldap_stat_t defaults = {
0, /* stat */
DEFAULTTTL}; /* ttl */
} else {
if (client_getadmin(¤t_admin)) {
"properly(?)\n"), argv[0]);
exit(1);
}
}
#ifndef SLP
#else
#endif /* SLP */
switch (opt) {
case 'K':
exit(0);
break;
case 'g':
showstats++;
break;
case 'f':
dofg++;
break;
case 'r':
doset++;
if (!optarg) {
errflg++;
break;
}
break;
case 'l':
doset++;
break;
case 'd':
doset++;
break;
#ifdef SLP
case 's': /* undocumented: use dynamic (SLP) config */
use_slp = 1;
break;
#endif /* SLP */
default:
errflg++;
break;
}
}
if (errflg)
/*
* will not show statistics if no daemon running
*/
if (will_become_server && showstats) {
gettext("%s doesn't appear to be running.\n"),
argv[0]);
exit(1);
}
if (!will_become_server) {
if (showstats) {
(void) client_showstats(¤t_admin);
}
if (doset) {
if (client_setadmin(¤t_admin) < 0) {
gettext("Error during admin call\n"));
exit(1);
}
}
gettext("%s already running....use '%s "
}
exit(0);
}
/*
* daemon from here on
*/
if (debug_level) {
/*
* we're debugging...
*/
/*
* no specified log file
*/
else
(void) cachemgr_set_lf(¤t_admin,
/*
* validate the range of debug level number
* and set the number to current_admin.debug_level
*/
/*
* print error messages to the screen
* cachemgr_set_dl prints msgs to cachemgr.log
* only
*/
gettext("Incorrect Debug Level: %d\n"
"It should be between %d and %d\n"),
exit(-1);
}
} else {
(void) cachemgr_set_lf(¤t_admin,
}
if (dofg == 0)
detachfromtty(argv[0]);
/*
* perform some initialization
*/
if (getldap_init() != 0)
exit(-1);
/*
* Establish our own server thread pool
*/
(void) door_server_create(server_create);
logit("thr_keycreate() call failed\n");
gettext("ldap_cachemgr: thr_keycreate() call failed"));
perror("thr_keycreate");
exit(-1);
}
/*
* Create a door
*/
logit("door_create() call failed\n");
"ldap_cachemgr: door_create() call failed"));
perror("door_create");
exit(-1);
}
/*
* bind to file system
*/
int newfd;
logit("Cannot create %s:%s\n",
exit(1);
}
}
(fdetach(LDAP_CACHE_DOOR) < 0) ||
logit("fattach() call failed\n");
"ldap_cachemgr: fattach() call failed"));
perror("fattach");
exit(2);
}
}
/* catch SIGHUP revalid signals */
sighupaction.sa_flags = 0;
(void) sigemptyset(&myset);
logit("sigaction() call failed\n");
gettext("ldap_cachemgr: sigaction() call failed"));
perror("sigaction");
exit(1);
}
logit("thr_sigsetmask() call failed\n");
gettext("ldap_cachemgr: thr_sigsetmask() call failed"));
perror("thr_sigsetmask");
exit(1);
}
/*
* kick off revalidate threads only if ttl != 0
*/
0, 0, NULL) != 0) {
logit("thr_create() call failed\n");
gettext("ldap_cachemgr: thr_create() call failed"));
perror("thr_create");
exit(1);
}
/*
* kick off the thread which refreshes the server info
*/
0, 0, NULL) != 0) {
logit("thr_create() call failed\n");
gettext("ldap_cachemgr: thr_create() call failed"));
perror("thr_create");
exit(1);
}
#ifdef SLP
if (use_slp) {
/* kick off SLP discovery thread */
logit("thr_create() call failed\n");
"call failed"));
perror("thr_create");
exit(1);
}
}
#endif /* SLP */
logit("thr_sigsetmask() call failed\n");
gettext("ldap_cachemgr: the_sigsetmask() call failed"));
perror("thr_sigsetmask");
exit(1);
}
/*CONSTCOND*/
while (1) {
(void) pause();
}
/* NOTREACHED */
/*LINTED E_FUNC_HAS_NO_RETURN_STMT*/
}
/*
* Before calling the alloca() function we have to be sure that we won't get
* beyond the stack. Since we don't know the precise layout of the stack,
* a bit. We also need a bit more of stackspace after the call to be able
* to call further functions. Even something as simple as making a system call
* from within this function can take ~100 Bytes of stackspace.
*/
static
{
config_info->len -
if (!stack_inbounds((char *)&buf -
(configSize + SAFETY_BUFFER))) {
/*
* We do not have enough space on the stack
* to accomodate the whole DUAProfile
*/
logit("The DUAProfile is too big. There is not enough "
"space to process it. Ignoring it.\n");
"is too big. There is not enough space "
"to process it. Ignoring it."));
*err_code = SERVERERROR;
config_info->len = 0;
configSize = sizeof (ldap_return_t);
}
}
return (configSize);
}
/*ARGSUSED*/
static void
{
#define GETSIZE 1000
#define ALLOCATE 1001
/*
* By default the size of a buffer to be passed down to a client
* is equal to the size of the ldap_return_t structure. We need
* a bigger buffer in a few cases.
*/
struct {
void *begin;
} dataSource;
if (argp == DOOR_UNREF_DATA) {
logit("Door Slam... invalid door param\n");
"invalid door param"));
exit(0);
}
}
/*
* We presume that sizeof (ldap_return_t) bytes are always available
* on the stack
*/
switch (callnumber) {
case NULLCALL:
/*
* Just a 'ping'. Use the default size
* of the buffer and set the
* 'OK' error code.
*/
break;
case GETLDAPCONFIG:
/*
* Get the current LDAP configuration.
* Since this is dynamic data and its size can exceed
* the size of ldap_return_t, the next step will
* calculate who much space exactly is required.
*/
break;
case GETLDAPSERVER:
/*
* Get the root DSE for a next server in the list.
* Since this is dynamic data and its size can exceed
* the size of ldap_return_t, the next step will
* calculate who much space exactly is required.
*/
break;
case GETCACHESTAT:
/*
* Get the cache stattistics.
* Since this is dynamic data and its size can exceed
* the size of ldap_return_t, the next step will
* calculate how much space exactly is required.
*/
break;
case GETADMIN:
/*
* Get current configuration and statistics.
* The size of the statistics structure is less then
* sizeof (ldap_return_t). So specify the source
* where to take the info and proceed with the memory
* allocation.
*/
if (ldapErrno == 0) {
dataSource.destroy = 0;
}
break;
case KILLSERVER:
/*
* Process the request and proceed with the default
* buffer allocation.
*/
exit(0);
ldapErrno = -1;
break;
case SETADMIN:
/*
* Process the request and proceed with the default
* buffer allocation.
*/
else
ldapErrno = -1;
break;
case GETCACHE:
/*
* Get the cache stattistics.
* Since this is dynamic data and its size can exceed
* the size of ldap_return_t, the next step will
* calculate how much space exactly is required.
*/
break;
case SETCACHE:
/*
* Process the request and proceed with the default
* buffer allocation.
*/
} else
ldapErrno = -1;
ucred_free(uc);
break;
default:
/*
* This means an unknown request type. Proceed with
* the default buffer allocation.
*/
logit("Unknown ldap service door call op %d\n",
ldapErrno = -99;
break;
}
switch (state) {
case GETSIZE:
/*
* This stage calculates how much data will be
* passed down to the client, checks if there is
* enough space on the stack to accommodate the data,
* increases the value of the configSize variable
* if necessary and specifies the data source.
* In case of any error occurred ldapErrno will be set
* appropriately.
*/
ldapErrno = -1;
}
if (ldapErrno == 0) {
}
/* FALLTHRU */
case ALLOCATE:
/*
* Allocate a buffer of the calculated (or default) size
* and proceed with populating it with data.
*/
/*
* Set a return code and, if a data source is specified,
* copy data from the source to the buffer.
*/
if (dataSource.destroy) {
}
}
}
NULL,
0);
}
static void
usage(char *s)
{
gettext("Usage: %s [-d debug_level] [-l logfilename]\n"), s);
"[-r revalidate_interval] "));
#ifndef SLP
#else
#endif /* SLP */
exit(1);
}
static int logfd = -1;
static int
{
int newlogfd;
/*
* we don't really want to try and open the log file
*/
/*EMPTY*/;
logfd = -1;
} else {
if ((newlogfd =
/*
* File already exists... now we need to get cute
* since opening a file in a world-writeable directory
* safely is hard = it could be a hard link or a
* symbolic link to a system file.
*
*/
logit("Cannot open new logfile \"%s\": %sn",
return (-1);
}
if ((newlogfd =
logit("Cannot open new logfile "
"\"%s\": %s\n",
return (-1);
}
} else {
logit("Cannot use specified logfile "
"owned by root\n", logfile);
return (-1);
}
}
}
return (0);
}
/*PRINTFLIKE1*/
void
{
if (logfd >= 0) {
int safechars;
(void) mutex_lock(&loglock);
(void) mutex_unlock(&loglock);
}
}
static int
{
dataunion u;
int ndata;
int adata;
ndata = sizeof (u);
return (-1);
}
return (0);
}
static int
{
/*
* global admin stuff
*/
return (-1);
}
"ldap",
return (-1);
}
return (0);
}
static void
{
dataunion u;
int ndata;
int adata;
ndata = sizeof (u);
adata = sizeof (ldap_call_t);
}
static int
{
dataunion u;
int ndata;
int adata;
ndata = sizeof (u);
return (-1);
}
return (0);
}
static int
{
dataunion u;
int ndata;
int adata;
/*
* print admin data
*/
/*
* get cache data statistics
*/
ndata = sizeof (u);
adata = sizeof (ldap_call_t);
(void) printf(
gettext("\nCache data statistics not available!\n"));
return (0);
}
/*
* print cache data statistics line by line
*/
for (;;) {
break;
}
return (0);
}
/*
* detach from tty
*/
static void
detachfromtty(char *pgm)
{
int status;
(void) close(0);
(void) close(1);
/*
* Block the SIGUSR1 signal
* just in case that the child
* process may run faster than
* the parent process and
* send this signal before
* the signal handler is ready
* in the parent process.
* This error will cause the parent
* to exit with the User Signal 1
* exit code (144).
*/
switch (pid) {
case (pid_t)-1:
logit("detachfromtty(): fork1() call failed\n");
gettext("%s: fork1() call failed.\n"),
pgm);
gettext("ldap_cachemgr: fork1() call failed."));
exit(1);
break;
case 0:
/*
* child process does not
* need to worry about
* the SIGUSR1 signal
*/
(void) close(2);
break;
default:
/*
* Wait forever until the child process
* has exited, or has signalled that at
* least one server in the server list
* is up.
*/
logit("detachfromtty(): "
"can't set up signal handler to "
" catch SIGUSR1.\n");
gettext("%s: signal() call failed.\n"),
pgm);
"can't set up signal handler to "
" catch SIGUSR1."));
exit(1);
}
/*
* now unblock the SIGUSR1 signal
* to handle the pending or
* soon to arrive SIGUSR1 signal
*/
if (wret == -1) {
logit("detachfromtty(): "
"waitpid() call failed\n");
gettext("%s: waitpid() call failed.\n"),
pgm);
gettext("ldap_cachemgr: waitpid() "
"call failed."));
exit(1);
}
logit("detachfromtty(): "
"waitpid() returned %ld when "
"child pid was %ld\n",
"%s: waitpid() returned %ld when "
"child pid was %ld.\n"),
gettext("ldap_cachemgr: waitpid() "
"returned different "
"child pid."));
exit(1);
}
/* evaluate return status */
if (WEXITSTATUS(status) == 0) {
exit(0);
}
logit("detachfromtty(): "
"child failed (rc = %d).\n",
gettext("%s: failed. Please see "
"syslog for details.\n"),
pgm);
gettext("ldap_cachemgr: failed "
"(rc = %d)."),
} else if (WIFSIGNALED(status)) {
logit("detachfromtty(): "
"child terminated by signal %d.\n",
gettext("%s: terminated by signal %d.\n"),
gettext("ldap_cachemgr: terminated by "
"signal %d.\n"),
logit("detachfromtty(): child core dumped.\n"),
gettext("%s: core dumped.\n"),
pgm);
gettext("ldap_cachemgr: "
"core dumped.\n"));
}
exit(1);
}
(void) setsid();
(void) dup(0);
(void) dup(0);
}
}
/*
* Check if the door client's euid is 0
*
* We could check for some privilege or re-design the interfaces that
* lead to is_root() being called so that we rely on SMF and RBAC, but
* we need this check only for dealing with undocumented-but-possibly-
* used interfaces. Anything beyond checking for euid == 0 here would
* be overkill considering that those are undocumented interfaces.
*
* If free_uc is 0, the caller is responsible for freeing *ucp.
*
* return - 0 euid != 0
* 1 euid == 0
*/
static int
{
int rc;
if (door_ucred(ucp) != 0) {
return (0);
}
if (ucred_geteuid(*ucp) != 0) {
logit("%s call failed(cred): caller pid %ld, uid %u, "
rc = 0;
} else {
logit("ldap_cachemgr received %s call from pid %ld, "
rc = 1;
}
if (free_uc)
ucred_free(*ucp);
return (rc);
}
/*
* Check if pid is nscd
*
* Input: pid - process id of the door client that calls ldap_cachemgr
*
* Return: 0 - No
* 1 - Yes
*/
static int
{
static int doorfd = -1;
int match;
/*
* the first time in we try and open and validate the door.
* the validations are that the door must have been
* created with the door cookie and
* that the file attached to the door is owned by root
* and readonly by user, group and other. If any of these
* validations fail we refuse to use the door.
*/
(void) mutex_lock(&_door_lock);
if (doorfd == -1) {
== -1) {
(void) mutex_unlock(&_door_lock);
return (0);
}
/*
* we should close doorfd because we just opened it
*/
doorfd = -1;
(void) mutex_unlock(&_door_lock);
return (0);
}
} else {
/*
* doorfd is cached. Double check just in case
* the door server is restarted or is down.
*/
/*
* don't close it -
* someone else has clobbered fd
*/
doorfd = -1;
goto try_again;
}
goto try_again;
}
}
/*
* door descriptor exists and is valid
*/
match = 1;
else
match = 0;
(void) mutex_unlock(&_door_lock);
return (match);
}