cb5caa98562cf06753163f558cbcfe30b8f4673adjl/*
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * CDDL HEADER START
cb5caa98562cf06753163f558cbcfe30b8f4673adjl *
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * The contents of this file are subject to the terms of the
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * Common Development and Distribution License (the "License").
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * You may not use this file except in compliance with the License.
cb5caa98562cf06753163f558cbcfe30b8f4673adjl *
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * or http://www.opensolaris.org/os/licensing.
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * See the License for the specific language governing permissions
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * and limitations under the License.
cb5caa98562cf06753163f558cbcfe30b8f4673adjl *
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * When distributing Covered Code, include this CDDL HEADER in each
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * If applicable, add the following below this CDDL HEADER, with the
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * fields enclosed by brackets "[]" replaced with your own identifying
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * information: Portions Copyright [yyyy] [name of copyright owner]
cb5caa98562cf06753163f558cbcfe30b8f4673adjl *
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * CDDL HEADER END
cb5caa98562cf06753163f558cbcfe30b8f4673adjl */
ec2f0988b97ce539b7f3c03014df2120212b5f6eraf
cb5caa98562cf06753163f558cbcfe30b8f4673adjl/*
dd3d4b51b900954355940eb01a31d9b66535adabMilan Jurik * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
33f5ff17089e3a43e6e730bf80384c233123dbd9Milan Jurik * Copyright 2012 Milan Jurik. All rights reserved.
cb5caa98562cf06753163f558cbcfe30b8f4673adjl */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include <stdio.h>
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include <stdlib.h>
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include <synch.h>
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include <thread.h>
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include <string.h>
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include <errno.h>
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include <dlfcn.h>
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include <door.h>
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include <libscf.h>
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include <ucred.h>
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include <sys/varargs.h>
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include <signal.h>
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include <unistd.h>
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include <sys/types.h>
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include <dirent.h>
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include <sys/proc.h>
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include <procfs.h>
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include <sys/stat.h>
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include <fcntl.h>
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include <libscf.h>
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include "nscd_door.h"
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include "nscd_config.h"
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include "nscd_log.h"
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include "nscd_frontend.h"
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include "nscd_selfcred.h"
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include "nscd_admin.h"
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include "nscd_common.h"
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#include "ns_sldap.h"
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlextern int _logfd;
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic char *execpath;
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic char **execargv;
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic char *selfcred_dbs = NULL;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic void *get_smf_prop(const char *var, char type, void *def_val);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl/* current self-cred configuration data being used */
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic nscd_cfg_global_selfcred_t nscd_selfcred_cfg_g;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl#define _NSCD_PUN_BLOCK 1024
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic uint8_t pu_nscd_enabled;
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic int max_pu_nscd = _NSCD_PUN_BLOCK;
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic int pu_nscd_ttl;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic nscd_rc_t setup_ldap_backend();
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic nscd_rc_t init_user_proc_monitor();
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl/*
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * clild state
cb5caa98562cf06753163f558cbcfe30b8f4673adjl */
cb5caa98562cf06753163f558cbcfe30b8f4673adjltypedef enum {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl CHILD_STATE_NONE = 0,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl CHILD_STATE_UIDKNOWN,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl CHILD_STATE_FORKSENT,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl CHILD_STATE_PIDKNOWN
cb5caa98562cf06753163f558cbcfe30b8f4673adjl} child_state_t;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjltypedef struct _child {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int child_slot;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int child_door;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl pid_t child_pid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl uid_t child_uid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl gid_t child_gid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl child_state_t child_state;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int next_open;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl mutex_t *mutex;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl cond_t *cond;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl} child_t;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic child_t **child = NULL;
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic mutex_t child_lock = DEFAULTMUTEX;
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic int open_head;
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic int open_tail;
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic int used_slot;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl/* nscd door id */
cb5caa98562cf06753163f558cbcfe30b8f4673adjlextern int _doorfd;
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic pid_t main_uid = 0;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl/* nscd id: main, forker, or child */
cb5caa98562cf06753163f558cbcfe30b8f4673adjlextern int _whoami;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl/* forker nscd pid */
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic pid_t forker_pid = 0;
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic pid_t forker_uid = 0;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjllong activity = 0;
cb5caa98562cf06753163f558cbcfe30b8f4673adjlmutex_t activity_lock = DEFAULTMUTEX;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic int forking_door = -1;
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic mutex_t forking_lock = DEFAULTMUTEX;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic void
cb5caa98562cf06753163f558cbcfe30b8f4673adjlfree_slot(int s)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (child[s] == NULL)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl free(child[s]->mutex);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl free(child[s]->cond);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl free(child[s]);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl child[s] = NULL;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlvoid
cb5caa98562cf06753163f558cbcfe30b8f4673adjl_nscd_free_cslots()
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int i;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_lock(&child_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl for (i = 0; i < max_pu_nscd; i++)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl free_slot(i);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl open_head = -1;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl open_tail = -1;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl used_slot = -1;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_unlock(&child_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic int
cb5caa98562cf06753163f558cbcfe30b8f4673adjlinit_slot(int s)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl child_t *ch;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *me = "init_slot";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (child[s] == NULL) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl child[s] = (child_t *)calloc(1, sizeof (child_t));
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (child[s] == NULL)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (-1);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch = child[s];
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if ((ch->mutex = (mutex_t *)calloc(1,
29836b1990ff03408750301a4ad20cfd233444b9michen sizeof (mutex_t))) == NULL) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl free(ch);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (-1);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_init(ch->mutex, USYNC_THREAD, NULL);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if ((ch->cond = (cond_t *)calloc(1,
29836b1990ff03408750301a4ad20cfd233444b9michen sizeof (cond_t))) == NULL) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl free(ch->mutex);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl free(ch);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (-1);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) cond_init(ch->cond, USYNC_THREAD, NULL);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "slot %d allocated\n", s);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl } else
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch = child[s];
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch->child_slot = s;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch->child_door = 0;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch->child_state = CHILD_STATE_NONE;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch->child_pid = 0;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch->child_uid = 0;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch->child_gid = 0;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch->next_open = -1;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "slot %d initialized\n", s);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (0);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic int
cb5caa98562cf06753163f558cbcfe30b8f4673adjl_nscd_init_cslots()
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_lock(&child_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl child = (child_t **)calloc(max_pu_nscd, sizeof (child_t *));
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (child == NULL)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (-1);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl open_head = -1;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl open_tail = -1;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl used_slot = -1;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_unlock(&child_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (0);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic child_t *
cb5caa98562cf06753163f558cbcfe30b8f4673adjlget_cslot(
cb5caa98562cf06753163f558cbcfe30b8f4673adjl uid_t uid,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int no_alloc)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int i;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl child_t *ch, *ret = NULL;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *me = "get_cslot";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_lock(&child_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "looking for uid %d (slot used = %d)\n", uid, used_slot);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* first find the slot with a matching uid */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl for (i = 0; i <= used_slot; i++) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch = child[i];
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (ch->child_state >= CHILD_STATE_UIDKNOWN &&
29836b1990ff03408750301a4ad20cfd233444b9michen ch->child_uid == uid) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ret = ch;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_unlock(&child_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "slot %d found with uid %d\n",
29836b1990ff03408750301a4ad20cfd233444b9michen ret->child_slot, ret->child_uid);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (ret);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* if no need to allocate a new slot, return NULL */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (no_alloc == 1) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_unlock(&child_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (ret);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* no open slot ? get a new one */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (open_head == -1) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* if no slot available, allocate more */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (used_slot >= max_pu_nscd - 1) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl child_t **tmp;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int newmax = max_pu_nscd + _NSCD_PUN_BLOCK;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl tmp = (child_t **)calloc(newmax, sizeof (child_t *));
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (tmp == NULL) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_unlock(&child_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (ret);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) memcpy(tmp, child, sizeof (child_t) *
29836b1990ff03408750301a4ad20cfd233444b9michen max_pu_nscd);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl free(child);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl child = tmp;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl max_pu_nscd = newmax;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl used_slot++;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (init_slot(used_slot) == -1) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl used_slot--;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_unlock(&child_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (ret);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch = child[used_slot];
cb5caa98562cf06753163f558cbcfe30b8f4673adjl } else {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch = child[open_head];
cb5caa98562cf06753163f558cbcfe30b8f4673adjl open_head = ch->next_open;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* got last one ? reset tail */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (open_head == -1)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl open_tail = -1;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch->next_open = -1;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch->child_uid = uid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch->child_state = CHILD_STATE_UIDKNOWN;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ret = ch;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_unlock(&child_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (ret);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic void
cb5caa98562cf06753163f558cbcfe30b8f4673adjlreturn_cslot_nolock(child_t *ch)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int slot = ch->child_slot;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* have open slot ? add to and reset tail */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (open_tail != -1) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl child[open_tail]->next_open = slot;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl open_tail = slot;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl } else {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* no open slot ? make one */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl open_head = open_tail = slot;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) init_slot(ch->child_slot);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic void
cb5caa98562cf06753163f558cbcfe30b8f4673adjlreturn_cslot(child_t *ch)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *me = "return_cslot";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "returning slot %d\n", ch->child_slot);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* return if the slot has been returned by another thread */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (ch->child_state == CHILD_STATE_NONE)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_lock(&child_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* check one more time */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (ch->child_state == CHILD_STATE_NONE) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_unlock(&child_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return_cslot_nolock(ch);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_unlock(&child_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic int
cb5caa98562cf06753163f558cbcfe30b8f4673adjlselfcred_kill(
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int fd)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int ret;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *me = "selfcred_kill";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "sending kill to door %d\n", fd);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (fd != -1)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ret = _nscd_doorcall_fd(fd, NSCD_KILL, NULL, 0,
29836b1990ff03408750301a4ad20cfd233444b9michen NULL, 0, NULL);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl else
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ret = _nscd_doorcall(NSCD_KILL);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "kill request sent to door %d (rc = %d)\n", fd, ret);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (ret);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlvoid
cb5caa98562cf06753163f558cbcfe30b8f4673adjl_nscd_kill_forker()
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_lock(&forking_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (forking_door != -1)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) selfcred_kill(forking_door);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl forking_door = -1;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_unlock(&forking_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlvoid
cb5caa98562cf06753163f558cbcfe30b8f4673adjl_nscd_kill_all_children()
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int i;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int ret;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *me = "_nscd_kill_all_children";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_lock(&child_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl for (i = 0; i <= used_slot; i++) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (child[i] == NULL)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl continue;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (child[i]->child_state >= CHILD_STATE_PIDKNOWN) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "killing child process %d (doorfd %d)\n",
29836b1990ff03408750301a4ad20cfd233444b9michen child[i]->child_pid, child[i]->child_door);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ret = selfcred_kill(child[i]->child_door);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (ret != -1)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) kill(child[i]->child_pid, SIGTERM);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (child[i]->child_state != CHILD_STATE_NONE)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) return_cslot_nolock(child[i]);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_unlock(&child_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic int
cb5caa98562cf06753163f558cbcfe30b8f4673adjlselfcred_pulse(
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int fd)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int ret;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *me = "selfcred_pulse";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "start monitoring door %d\n", fd);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ret = _nscd_doorcall_fd(fd, NSCD_PULSE |(_whoami & NSCD_WHOAMI),
29836b1990ff03408750301a4ad20cfd233444b9michen NULL, 0, NULL, 0, NULL);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
dd3d4b51b900954355940eb01a31d9b66535adabMilan Jurik /* Close door because the other side exited. */
dd3d4b51b900954355940eb01a31d9b66535adabMilan Jurik (void) close(fd);
dd3d4b51b900954355940eb01a31d9b66535adabMilan Jurik
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "door (%d) monitor exited (rc = %d)\n", fd, ret);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (ret);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl/*ARGSUSED*/
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic void *
cb5caa98562cf06753163f558cbcfe30b8f4673adjlforker_monitor(
cb5caa98562cf06753163f558cbcfe30b8f4673adjl void *arg)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl pid_t fpid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *fmri;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *me = "forker_monitor";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* wait until forker exits */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl fpid = forker_pid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) selfcred_pulse(forking_door);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
29836b1990ff03408750301a4ad20cfd233444b9michen (me, "forker (pid = %d) exited or crashed, "
29836b1990ff03408750301a4ad20cfd233444b9michen "killing all child processes\n", fpid);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_lock(&forking_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl forking_door = -1;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl forker_pid = -1;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_unlock(&forking_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* forker exited/crashed, kill all the child processes */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _nscd_kill_all_children();
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* restart forker */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "restarting the forker ...\n");
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl switch (fpid = fork1()) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl case (pid_t)-1:
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "unable to fork and start the forker ...\n");
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* enter the maintenance mode */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if ((fmri = getenv("SMF_FMRI")) != NULL) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "entering maintenance mode ...\n");
ec2f0988b97ce539b7f3c03014df2120212b5f6eraf (void) smf_maintain_instance(fmri, SMF_TEMPORARY);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
ec2f0988b97ce539b7f3c03014df2120212b5f6eraf return ((void *)1);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl case 0:
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "execv path = %s\n", execpath);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) execv(execpath, execargv);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl exit(0);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl default:
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "new forker's pid is %d\n", fpid);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl forker_pid = fpid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
ec2f0988b97ce539b7f3c03014df2120212b5f6eraf return (NULL);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic void *
cb5caa98562cf06753163f558cbcfe30b8f4673adjlchild_monitor(
cb5caa98562cf06753163f558cbcfe30b8f4673adjl void *arg)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl child_t *ch = (child_t *)arg;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl pid_t cpid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *me = "child_monitor";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* wait until child exits */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl cpid = ch->child_pid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) selfcred_pulse(ch->child_door);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "child (pid = %d) exited or crashed ...\n", cpid);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* return the slot used by the child */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return_cslot(ch);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
ec2f0988b97ce539b7f3c03014df2120212b5f6eraf return (NULL);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlvoid
cb5caa98562cf06753163f558cbcfe30b8f4673adjl_nscd_proc_iamhere(
cb5caa98562cf06753163f558cbcfe30b8f4673adjl void *buf,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl door_desc_t *dp,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl uint_t n_desc,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int iam)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int cslot;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl child_t *ch;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int errnum;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ucred_t *uc = NULL;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl uid_t uid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nscd_imhere_t *ih;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nss_pheader_t *phdr = (nss_pheader_t *)buf;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *me = "_nscd_proc_iamhere";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "%d receives iamhere from %d\n", _whoami, iam);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (door_ucred(&uc) != 0) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl errnum = errno;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "door_ucred failed: %s\n", strerror(errnum));
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, errnum,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_DOOR_UCRED_ERROR);
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik return;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl uid = ucred_geteuid(uc);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl switch (iam) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl case NSCD_MAIN:
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (_whoami == NSCD_MAIN || uid != main_uid) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /*
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * I'm main, or uid from door is not correct,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * this must be an imposter
cb5caa98562cf06753163f558cbcfe30b8f4673adjl */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "MAIN IMPOSTER CAUGHT!\n");
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_SELF_CRED_MAIN_IMPOSTER);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl case NSCD_FORKER:
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (_whoami == NSCD_FORKER || uid != forker_uid) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /*
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * I'm forker, or uid from door is not correct,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * this must be an imposter
cb5caa98562cf06753163f558cbcfe30b8f4673adjl */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "FORKER IMPOSTER CAUGHT!\n");
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_SELF_CRED_FORKER_IMPOSTER);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* only main needs to know the forker */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (_whoami != NSCD_MAIN) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_SELF_CRED_WRONG_NSCD);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (ucred_getpid(uc) != forker_pid) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
29836b1990ff03408750301a4ad20cfd233444b9michen (me, "FORKER IMPOSTER CAUGHT: pid = %d should be %d\n",
29836b1990ff03408750301a4ad20cfd233444b9michen ucred_getpid(uc), forker_pid);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_SELF_CRED_FORKER_IMPOSTER);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (n_desc < 1) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "BAD FORKER, NO DOOR!\n");
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_SELF_CRED_NO_DOOR);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if ((dp->d_attributes & DOOR_DESCRIPTOR) &&
29836b1990ff03408750301a4ad20cfd233444b9michen dp->d_data.d_desc.d_descriptor > 0 &&
29836b1990ff03408750301a4ad20cfd233444b9michen dp->d_data.d_desc.d_id != 0) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_lock(&forking_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (forking_door != -1)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) close(forking_door);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl forking_door = dp->d_data.d_desc.d_descriptor;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_unlock(&forking_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "forking door is %d\n", forking_door);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl NSCD_SET_STATUS_SUCCESS(phdr);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl } else {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl NSCD_SET_STATUS(phdr, NSS_ALTRETRY, 0);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* monitor the forker nscd */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) thr_create(NULL, 0, forker_monitor, NULL,
29836b1990ff03408750301a4ad20cfd233444b9michen THR_DETACHED, NULL);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl case NSCD_CHILD:
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (_whoami != NSCD_MAIN) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* child nscd can only talk to the main nscd */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "CHILD IMPOSTER CAUGHT!\n");
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_SELF_CRED_CHILD_IMPOSTER);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* get the main nscd assigned slot number */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ih = NSCD_N2N_DOOR_DATA(nscd_imhere_t, buf);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl cslot = ih->slot;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_lock(&child_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (cslot < 0 || cslot >= max_pu_nscd)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch = NULL;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl else
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch = child[cslot];
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_unlock(&child_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (ch == NULL) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* Bad slot number */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "bad slot number %d\n", cslot);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_SELF_CRED_INVALID_SLOT_NUMBER);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (uid != ch->child_uid) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "CHILD IMPOSTER CAUGHT: uid = %d should be %d\n",
29836b1990ff03408750301a4ad20cfd233444b9michen uid, ch->child_uid);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_SELF_CRED_CHILD_IMPOSTER);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (ch->child_state != CHILD_STATE_UIDKNOWN &&
29836b1990ff03408750301a4ad20cfd233444b9michen ch->child_state != CHILD_STATE_FORKSENT) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "invalid slot/child state (%d) for uid %d\n",
29836b1990ff03408750301a4ad20cfd233444b9michen ch->child_state, uid);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_SELF_CRED_INVALID_SLOT_STATE);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "d_descriptor = %d, d_id = %lld\n",
29836b1990ff03408750301a4ad20cfd233444b9michen dp->d_data.d_desc.d_descriptor, dp->d_data.d_desc.d_id);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if ((dp->d_attributes & DOOR_DESCRIPTOR) &&
29836b1990ff03408750301a4ad20cfd233444b9michen dp->d_data.d_desc.d_descriptor > 0 &&
29836b1990ff03408750301a4ad20cfd233444b9michen dp->d_data.d_desc.d_id != 0) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_lock(ch->mutex);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (ch->child_door != -1)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) close(ch->child_door);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch->child_door = dp->d_data.d_desc.d_descriptor;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch->child_pid = ucred_getpid(uc);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch->child_state = CHILD_STATE_PIDKNOWN;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "child in slot %d has door %d\n",
29836b1990ff03408750301a4ad20cfd233444b9michen cslot, ch->child_door);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /*
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * let waiters know that the child is ready to
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * serve
cb5caa98562cf06753163f558cbcfe30b8f4673adjl */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) cond_broadcast(ch->cond);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_unlock(ch->mutex);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* monitor the child nscd */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) thr_create(NULL, 0, child_monitor,
29836b1990ff03408750301a4ad20cfd233444b9michen ch, THR_DETACHED, NULL);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl NSCD_SET_STATUS_SUCCESS(phdr);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl } else {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl NSCD_SET_STATUS(phdr, NSS_ALTRETRY, 0);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ucred_free(uc);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl uc = NULL;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlvoid
cb5caa98562cf06753163f558cbcfe30b8f4673adjl_nscd_proc_pulse(
cb5caa98562cf06753163f558cbcfe30b8f4673adjl void *buf,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int iam)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl long last_active;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int done = 0;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nss_pheader_t *phdr = (nss_pheader_t *)buf;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *me = "_nscd_proc_pulse";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* only main nscd sends pulse */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (iam != NSCD_MAIN) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "MAIN IMPOSTER CAUGHT! i am %d not NSCD_MAIN\n", iam);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_SELF_CRED_MAIN_IMPOSTER);
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik return;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* forker doesn't return stats, it just pauses */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (_whoami == NSCD_FORKER) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "forker ready to pause ...\n");
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik for (;;)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) pause();
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* remember the current activity sequence number */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_lock(&activity_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl last_active = activity;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_unlock(&activity_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl while (!done) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* allow per_user_nscd_ttl seconds of inactivity */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) sleep(pu_nscd_ttl);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_lock(&activity_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (last_active == activity)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl done = 1;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl else {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl last_active = activity;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "active, sleep again for %d seconds\n",
29836b1990ff03408750301a4ad20cfd233444b9michen pu_nscd_ttl);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_unlock(&activity_lock);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* no activity in the specified seconds, exit and disconnect */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "no activity in the last %d seconds, exit\n", pu_nscd_ttl);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl exit(0);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlvoid
cb5caa98562cf06753163f558cbcfe30b8f4673adjl_nscd_proc_fork(
cb5caa98562cf06753163f558cbcfe30b8f4673adjl void *buf,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int iam)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int slot;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int ret;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *fmri;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl pid_t cid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl uid_t set2uid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl gid_t set2gid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nss_pheader_t *phdr = (nss_pheader_t *)buf;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *me = "_nscd_proc_fork";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nscd_fork_t *f;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nscd_imhere_t ih;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "%d receives fork request from %d\n", _whoami, iam);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* only main nscd sends fork requests */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (iam != NSCD_MAIN) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
29836b1990ff03408750301a4ad20cfd233444b9michen (me, "MAIN IMPOSTER CAUGHT! i am %d not NSCD_MAIN\n", iam);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_SELF_CRED_MAIN_IMPOSTER);
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik return;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* only forker handles fork requests */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (_whoami != NSCD_FORKER) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "MAIN IMPOSTER CAUGHT! I AM NOT FORKER!\n");
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_SELF_CRED_WRONG_NSCD);
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik return;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* fork a child for the slot assigned by the main nscd */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl f = NSCD_N2N_DOOR_DATA(nscd_fork_t, buf);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl slot = f->slot;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* set the uid/gid as assigned by the main nscd */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl set2uid = f->uid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl set2gid = f->gid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* ignore bad slot number */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (slot < 0 || slot >= max_pu_nscd) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "bas slot number\n");
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_SELF_CRED_INVALID_SLOT_NUMBER);
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik return;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "before fork1() ...\n");
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if ((cid = fork1()) == 0) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _whoami = NSCD_CHILD;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
e37190e5b4531a897e4191a30b8f41678b582e25michen /*
e37190e5b4531a897e4191a30b8f41678b582e25michen * remember when this child nscd starts
e37190e5b4531a897e4191a30b8f41678b582e25michen * (replace the forker start time)
e37190e5b4531a897e4191a30b8f41678b582e25michen */
e37190e5b4531a897e4191a30b8f41678b582e25michen _nscd_set_start_time(1);
e37190e5b4531a897e4191a30b8f41678b582e25michen
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* close all except the log file */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (_logfd > 0) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int i;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl for (i = 0; i < _logfd; i++)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) close(i);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl closefrom(_logfd + 1);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl } else
cb5caa98562cf06753163f558cbcfe30b8f4673adjl closefrom(0);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "child %d\n", getpid());
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) setgid(set2gid);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) setuid(set2uid);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* set up the door and server thread pool */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if ((_doorfd = _nscd_setup_child_server(_doorfd)) == -1)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl exit(-1);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* tell libsldap to do self cred only */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) setup_ldap_backend();
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* notify main that child is active */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ih.slot = slot;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl for (ret = NSS_ALTRETRY; ret == NSS_ALTRETRY; )
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ret = _nscd_doorcall_sendfd(_doorfd,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_IMHERE | (NSCD_CHILD & NSCD_WHOAMI),
29836b1990ff03408750301a4ad20cfd233444b9michen &ih, sizeof (ih), NULL);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik NSCD_SET_STATUS_SUCCESS(phdr);
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik return;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl } if (cid == (pid_t)-1) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "forker unable to fork ...\n");
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* enter the maintenance mode */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if ((fmri = getenv("SMF_FMRI")) != NULL) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "entering maintenance mode ...\n");
ec2f0988b97ce539b7f3c03014df2120212b5f6eraf (void) smf_maintain_instance(fmri, SMF_TEMPORARY);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl exit(0);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl } else {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /*
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * start the monitor so as to exit as early as
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * possible if no other processes are running
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * with the same PUN uid (i.e., this PUN is
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * not needed any more)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) init_user_proc_monitor();
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "child forked: parent pid = %d, child pid = %d\n",
29836b1990ff03408750301a4ad20cfd233444b9michen getpid(), cid);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl NSCD_SET_STATUS_SUCCESS(phdr);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "after fork\n");
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic void
cb5caa98562cf06753163f558cbcfe30b8f4673adjlselfcred_fork(
cb5caa98562cf06753163f558cbcfe30b8f4673adjl void *buf,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int doorfd,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int cslot,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl uid_t uid,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl gid_t gid)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int ret;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nscd_fork_t f;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nss_pheader_t *phdr = (nss_pheader_t *)buf;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *me = "selfcred_fork";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* if no door fd, do nothing */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (doorfd == -1) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_SELF_CRED_NO_DOOR);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "sending fork request to door %d for slot %d "
29836b1990ff03408750301a4ad20cfd233444b9michen "(uid = %d, gid = %d)\n", doorfd, cslot, uid, gid);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl f.slot = cslot;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl f.uid = uid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl f.gid = gid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ret = _nscd_doorcall_fd(doorfd, NSCD_FORK|(_whoami&NSCD_WHOAMI),
29836b1990ff03408750301a4ad20cfd233444b9michen &f, sizeof (f), NULL, 0, phdr);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "fork request sent to door %d for slot %d (rc = %d)\n",
29836b1990ff03408750301a4ad20cfd233444b9michen doorfd, cslot, ret);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (NSCD_STATUS_IS_NOT_OK(phdr)) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "fork request sent to door %d for slot %d failed: "
29836b1990ff03408750301a4ad20cfd233444b9michen "status = %d, errno = %s, nscd status = %d\n", doorfd,
29836b1990ff03408750301a4ad20cfd233444b9michen cslot, NSCD_GET_STATUS(phdr),
29836b1990ff03408750301a4ad20cfd233444b9michen strerror(NSCD_GET_ERRNO(phdr)),
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_GET_NSCD_STATUS(phdr));
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlvoid
cb5caa98562cf06753163f558cbcfe30b8f4673adjl_nscd_proc_alt_get(
cb5caa98562cf06753163f558cbcfe30b8f4673adjl void *buf,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int *door)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int errnum;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl uid_t set2uid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl gid_t set2gid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nss_pheader_t *phdr = (nss_pheader_t *)buf;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *me = "_nscd_proc_alt_get";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ucred_t *uc = NULL;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl child_t *ch;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "getting an alternate door ...\n");
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* make sure there is a door to talk to the forker */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (forking_door == -1) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_ERROR)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "no door to talk to the forker\n");
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_SELF_CRED_NO_FORKER);
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik return;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* get door client's credential information */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (door_ucred(&uc) != 0) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl errnum = errno;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "door_ucred failed: %s\n", strerror(errnum));
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, errnum,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_DOOR_UCRED_ERROR);
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik return;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* get door client's effective uid and effective gid */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl set2uid = ucred_geteuid(uc);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl set2gid = ucred_getegid(uc);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ucred_free(uc);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl uc = NULL;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "child uid = %d, gid = %d\n", set2uid, set2gid);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* is a slot available ? if not, no one to serve */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (child == NULL || (ch = get_cslot(set2uid, 0)) == NULL) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "no child slot available (child array = %p, slot = %d)\n",
29836b1990ff03408750301a4ad20cfd233444b9michen child, ch->child_slot);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_SELF_CRED_NO_CHILD_SLOT);
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik return;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* create the per user nscd if necessary */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (ch->child_state != CHILD_STATE_PIDKNOWN) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nss_pheader_t phdr1;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl NSCD_CLEAR_STATUS(&phdr1);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_lock(ch->mutex);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (ch->child_state == CHILD_STATE_UIDKNOWN) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* ask forker to fork a new child */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl selfcred_fork(&phdr1, forking_door, ch->child_slot,
29836b1990ff03408750301a4ad20cfd233444b9michen set2uid, set2gid);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (NSCD_STATUS_IS_NOT_OK(&phdr1)) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_unlock(ch->mutex);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl NSCD_COPY_STATUS(phdr, &phdr1);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch->child_state = CHILD_STATE_FORKSENT;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "waiting for door (slot = %d, uid = %d, gid = %d)\n",
29836b1990ff03408750301a4ad20cfd233444b9michen ch->child_slot, set2uid, set2gid);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* wait for the per user nscd to become available */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl while (ch->child_state == CHILD_STATE_FORKSENT) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl timestruc_t to;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int err;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int ttl = 5;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl to.tv_sec = ttl;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl to.tv_nsec = 0;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "cond_reltimedwait %d seconds\n", ttl);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl err = cond_reltimedwait(ch->cond, ch->mutex, &to);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (err == ETIME) {
29836b1990ff03408750301a4ad20cfd233444b9michen ch->child_state = CHILD_STATE_UIDKNOWN;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "door wait timedout (slot = %d)\n",
29836b1990ff03408750301a4ad20cfd233444b9michen ch->child_slot);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) mutex_unlock(ch->mutex);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (ch->child_state != CHILD_STATE_PIDKNOWN) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_SELF_CRED_INVALID_SLOT_STATE);
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik return;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl *door = ch->child_door;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "returning door %d for slot %d, uid %d, gid = %d\n",
29836b1990ff03408750301a4ad20cfd233444b9michen *door, ch->child_slot, set2uid, set2gid);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik NSCD_SET_STATUS(phdr, NSS_ALTRETRY, 0);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic char **
cb5caa98562cf06753163f558cbcfe30b8f4673adjlcpargv(
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int argc,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char **inargv)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char **newargv;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int c = 4;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int i = 0, j, k = 0, n = 0;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl newargv = (char **)calloc(c + 1, sizeof (char *));
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (newargv == NULL)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (NULL);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl newargv[n] = strdup(inargv[0]);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (newargv[n++] == NULL) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl free(newargv);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (NULL);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl newargv[n] = strdup("-F");
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (newargv[n++] == NULL) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl free(newargv[0]);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl free(newargv);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (NULL);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl for (i = 1; i < argc; i++) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (strcmp(inargv[i], "-f") == 0)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl k = 2;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (k == 0)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl continue;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl newargv[n] = strdup(inargv[i]);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (newargv[n] == NULL) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl for (j = 0; j < n; j++)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl free(newargv[j]);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl free(newargv);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (NULL);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl k--;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl n++;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (newargv);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlvoid
cb5caa98562cf06753163f558cbcfe30b8f4673adjl_nscd_start_forker(
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *path,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int argc,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char **argv)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl pid_t cid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* if self cred is not configured, do nothing */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (!_nscd_is_self_cred_on(1, NULL))
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* save pathname and generate the new argv for the forker */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl execpath = strdup(path);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl execargv = cpargv(argc, argv);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (execpath == NULL || execargv == NULL)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl exit(1);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl switch (cid = fork1()) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl case (pid_t)-1:
cb5caa98562cf06753163f558cbcfe30b8f4673adjl exit(1);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl case 0:
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* start the forker nscd */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) execv(path, execargv);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl exit(0);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl default:
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* main nscd */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* remember process id of the forker */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl forker_pid = cid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* enable child nscd management */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) _nscd_init_cslots();
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic nscd_rc_t
cb5caa98562cf06753163f558cbcfe30b8f4673adjlget_ldap_funcs(
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *name,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl void **func_p)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *me = "get_ldap_funcs";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl static void *handle = NULL;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl void *sym;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (name == NULL && handle != NULL) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) dlclose(handle);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (NSCD_SUCCESS);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* no handle to close, it's OK */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (name == NULL)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (NSCD_SUCCESS);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (handle == NULL) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl handle = dlopen("libsldap.so.1", RTLD_LAZY);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (handle == NULL) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_ERROR)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "unable to dlopen libsldap.so.1");
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (NSCD_CFG_DLOPEN_ERROR);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if ((sym = dlsym(handle, name)) == NULL) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_ERROR)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "unable to find symbol %s", name);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (NSCD_CFG_DLSYM_ERROR);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl } else
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) memcpy(func_p, &sym, sizeof (void *));
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (NSCD_SUCCESS);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlint
cb5caa98562cf06753163f558cbcfe30b8f4673adjl_nscd_is_self_cred_on(int recheck, char **dblist)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl static int checked = 0;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl static int is_on = 0;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl static int (*ldap_func)();
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *srcs = "ldap"; /* only ldap support self cred */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int ldap_on = 0;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *ldap_sc_func = "__ns_ldap_self_gssapi_config";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ns_ldap_self_gssapi_config_t ldap_config;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (checked && !recheck) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (is_on && dblist != NULL)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl *dblist = selfcred_dbs;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (is_on);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (selfcred_dbs != NULL)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl free(selfcred_dbs);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl selfcred_dbs = _nscd_srcs_in_db_nsw_policy(1, &srcs);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
0dfdd7f38ea07ffc9a4b245c94185c923f4bb0a3michen if (selfcred_dbs == NULL) {
0dfdd7f38ea07ffc9a4b245c94185c923f4bb0a3michen is_on = 0;
0dfdd7f38ea07ffc9a4b245c94185c923f4bb0a3michen checked = 1;
0dfdd7f38ea07ffc9a4b245c94185c923f4bb0a3michen return (0);
0dfdd7f38ea07ffc9a4b245c94185c923f4bb0a3michen }
0dfdd7f38ea07ffc9a4b245c94185c923f4bb0a3michen
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /*
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * also check the ldap backend to see if
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * the configuration there is good for
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * doing self credentialing
cb5caa98562cf06753163f558cbcfe30b8f4673adjl */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (ldap_func == NULL)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) get_ldap_funcs(ldap_sc_func, (void **)&ldap_func);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (ldap_func != NULL) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (ldap_func(&ldap_config) == NS_LDAP_SUCCESS &&
29836b1990ff03408750301a4ad20cfd233444b9michen ldap_config != NS_LDAP_SELF_GSSAPI_CONFIG_NONE)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ldap_on = 1;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
0dfdd7f38ea07ffc9a4b245c94185c923f4bb0a3michen is_on = (pu_nscd_enabled == nscd_true) && ldap_on;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl checked = 1;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (is_on && dblist != NULL)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl *dblist = selfcred_dbs;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (is_on);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic nscd_rc_t
cb5caa98562cf06753163f558cbcfe30b8f4673adjlsetup_ldap_backend()
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nscd_rc_t rc;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl static void (*ldap_func)();
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *ldap_sc_func = "__ns_ldap_self_gssapi_only_set";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (ldap_func == NULL)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl rc = get_ldap_funcs(ldap_sc_func, (void **)&ldap_func);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (ldap_func != NULL) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ldap_func(1);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (NSCD_SUCCESS);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (rc);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl/*ARGSUSED*/
cb5caa98562cf06753163f558cbcfe30b8f4673adjlvoid
cb5caa98562cf06753163f558cbcfe30b8f4673adjl_nscd_peruser_getadmin(
cb5caa98562cf06753163f558cbcfe30b8f4673adjl void *buf,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int buf_size)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl void *result_mn = NSCD_N2N_DOOR_DATA(void, buf);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int errnum = 0;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int ret;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl uid_t uid;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nss_pheader_t *phdr = (nss_pheader_t *)buf;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *me = "_nscd_peruser_getadmin";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ucred_t *uc = NULL;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl child_t *ch;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* get door client's credential information */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (door_ucred(&uc) != 0) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl errnum = errno;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "door_ucred failed: %s\n", strerror(errnum));
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, errnum,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_DOOR_UCRED_ERROR);
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik return;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* get door client's effective uid */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl uid = ucred_geteuid(uc);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ucred_free(uc);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl uc = NULL;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "per user get admin ... (uid = %d)\n", uid);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* is the per-user nscd running ? if not, no one to serve */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ch = get_cslot(uid, 1);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (ch == NULL) {
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
29836b1990ff03408750301a4ad20cfd233444b9michen NSCD_SELF_CRED_NO_CHILD_SLOT);
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik return;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl ret = _nscd_doorcall_fd(ch->child_door, NSCD_GETADMIN,
29836b1990ff03408750301a4ad20cfd233444b9michen NULL, sizeof (nscd_admin_t), result_mn,
29836b1990ff03408750301a4ad20cfd233444b9michen sizeof (nscd_admin_t), phdr);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (ret == NSS_SUCCESS) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl phdr->data_len = sizeof (nscd_admin_t);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic void
cb5caa98562cf06753163f558cbcfe30b8f4673adjlset_selfcred_cfg(
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char param,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl void *data)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int64_t prop_int;
29836b1990ff03408750301a4ad20cfd233444b9michen uint8_t prop_boolean;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *me = "set_selfcred_cfg";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
29836b1990ff03408750301a4ad20cfd233444b9michen if (param == 'e') {
29836b1990ff03408750301a4ad20cfd233444b9michen prop_boolean = *(uint8_t *)data;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl pu_nscd_enabled = *(uint8_t *)get_smf_prop(
29836b1990ff03408750301a4ad20cfd233444b9michen "enable_per_user_lookup", 'b', &prop_boolean);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "self cred config: enabled = %d\n", pu_nscd_enabled);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
29836b1990ff03408750301a4ad20cfd233444b9michen if (param == 't') {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl prop_int = *(int *)data;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl pu_nscd_ttl = *(int64_t *)get_smf_prop(
29836b1990ff03408750301a4ad20cfd233444b9michen "per_user_nscd_time_to_live", 'i', &prop_int);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "self cred config: PUN TTL = %d\n", pu_nscd_ttl);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl/* ARGSUSED */
cb5caa98562cf06753163f558cbcfe30b8f4673adjlnscd_rc_t
cb5caa98562cf06753163f558cbcfe30b8f4673adjl_nscd_cfg_selfcred_notify(
cb5caa98562cf06753163f558cbcfe30b8f4673adjl void *data,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl struct nscd_cfg_param_desc *pdesc,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nscd_cfg_id_t *nswdb,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nscd_cfg_flag_t dflag,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nscd_cfg_error_t **errorp,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl void *cookie)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nscd_cfg_global_selfcred_t *sc_cfg = &nscd_selfcred_cfg_g;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int off;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /*
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * At init time, the whole group of config params are received.
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * At update time, group or individual parameter value could
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * be received.
cb5caa98562cf06753163f558cbcfe30b8f4673adjl */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (_nscd_cfg_flag_is_set(dflag, NSCD_CFG_DFLAG_GROUP)) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl *sc_cfg = *(nscd_cfg_global_selfcred_t *)data;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl off = offsetof(nscd_cfg_global_selfcred_t,
29836b1990ff03408750301a4ad20cfd233444b9michen enable_selfcred);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl set_selfcred_cfg('e', (char *)data + off);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl off = offsetof(nscd_cfg_global_selfcred_t,
29836b1990ff03408750301a4ad20cfd233444b9michen per_user_nscd_ttl);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl set_selfcred_cfg('t', (char *)data + off);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (NSCD_SUCCESS);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /*
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * individual config parameter
cb5caa98562cf06753163f558cbcfe30b8f4673adjl */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl off = offsetof(nscd_cfg_global_selfcred_t, enable_selfcred);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (pdesc->p_offset == off) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl sc_cfg->enable_selfcred = *(nscd_bool_t *)data;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl set_selfcred_cfg('e', data);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (NSCD_SUCCESS);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl off = offsetof(nscd_cfg_global_selfcred_t, per_user_nscd_ttl);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (pdesc->p_offset == off) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl sc_cfg->per_user_nscd_ttl = *(int *)data;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl set_selfcred_cfg('t', data);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (NSCD_SUCCESS);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (NSCD_SUCCESS);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl/* ARGSUSED */
cb5caa98562cf06753163f558cbcfe30b8f4673adjlnscd_rc_t
cb5caa98562cf06753163f558cbcfe30b8f4673adjl_nscd_cfg_selfcred_verify(
cb5caa98562cf06753163f558cbcfe30b8f4673adjl void *data,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl struct nscd_cfg_param_desc *pdesc,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nscd_cfg_id_t *nswdb,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nscd_cfg_flag_t dflag,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nscd_cfg_error_t **errorp,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl void **cookie)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (NSCD_SUCCESS);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl/* ARGSUSED */
cb5caa98562cf06753163f558cbcfe30b8f4673adjlnscd_rc_t
cb5caa98562cf06753163f558cbcfe30b8f4673adjl_nscd_cfg_selfcred_get_stat(
cb5caa98562cf06753163f558cbcfe30b8f4673adjl void **stat,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl struct nscd_cfg_stat_desc *sdesc,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nscd_cfg_id_t *nswdb,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nscd_cfg_flag_t *dflag,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl void (**free_stat)(void *stat),
cb5caa98562cf06753163f558cbcfe30b8f4673adjl nscd_cfg_error_t **errorp)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (NSCD_SUCCESS);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic int
cb5caa98562cf06753163f558cbcfe30b8f4673adjlcheck_uid(char *pid_name)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char pname[PATH_MAX];
cb5caa98562cf06753163f558cbcfe30b8f4673adjl static pid_t pid = 0;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl static uid_t uid = 0;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl static uid_t euid = 0;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int pfd; /* file descriptor for /proc/<pid>/psinfo */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl psinfo_t info; /* process information from /proc */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (uid == 0) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl pid = getpid();
cb5caa98562cf06753163f558cbcfe30b8f4673adjl uid = getuid();
cb5caa98562cf06753163f558cbcfe30b8f4673adjl euid = geteuid();
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) snprintf(pname, sizeof (pname), "/proc/%s/psinfo", pid_name);
cb5caa98562cf06753163f558cbcfe30b8f4673adjlretry:
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if ((pfd = open(pname, O_RDONLY)) == -1) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* Process may have exited */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (1);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /*
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * Get the info structure for the process and close quickly.
cb5caa98562cf06753163f558cbcfe30b8f4673adjl */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (read(pfd, (char *)&info, sizeof (info)) < 0) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int saverr = errno;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) close(pfd);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (saverr == EAGAIN)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl goto retry;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (saverr != ENOENT)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (1);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) close(pfd);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (info.pr_pid != pid &&
29836b1990ff03408750301a4ad20cfd233444b9michen info.pr_uid == uid && info.pr_euid == euid)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (0);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl else
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (1);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl/*
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * FUNCTION: check_user_process
cb5caa98562cf06753163f558cbcfe30b8f4673adjl */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl/*ARGSUSED*/
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic void *
cb5caa98562cf06753163f558cbcfe30b8f4673adjlcheck_user_process(void *arg)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl DIR *dp;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl struct dirent *ep;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int found;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *me = "check_user_process";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
7d7551bcfe5ded1738ddbe3268520996a32023b4Milan Jurik for (;;) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) sleep(60);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl found = 0;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /*
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * search the /proc directory and look at each process
cb5caa98562cf06753163f558cbcfe30b8f4673adjl */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if ((dp = opendir("/proc")) == NULL) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_ERROR)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "unable to open the /proc directory\n");
cb5caa98562cf06753163f558cbcfe30b8f4673adjl continue;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /* for each active process */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl while (ep = readdir(dp)) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (ep->d_name[0] == '.') /* skip . and .. */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl continue;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (check_uid(ep->d_name) == 0) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl found = 1;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /*
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * if no process running as the PUN uid found, exit
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * to kill this PUN
cb5caa98562cf06753163f558cbcfe30b8f4673adjl */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (found == 0) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) closedir(dp);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl exit(1);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) closedir(dp);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /*LINTED E_FUNC_HAS_NO_RETURN_STMT*/
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic nscd_rc_t
cb5caa98562cf06753163f558cbcfe30b8f4673adjlinit_user_proc_monitor() {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl int errnum;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *me = "init_user_proc_monitor";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "initializing the user process monitor\n");
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl /*
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * start a thread to make sure there is at least a process
cb5caa98562cf06753163f558cbcfe30b8f4673adjl * running as the PUN user. If not, terminate this PUN.
cb5caa98562cf06753163f558cbcfe30b8f4673adjl */
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (thr_create(NULL, NULL, check_user_process,
cb5caa98562cf06753163f558cbcfe30b8f4673adjl NULL, THR_DETACHED, NULL) != 0) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl errnum = errno;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_ERROR)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "thr_create: %s\n", strerror(errnum));
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (NSCD_THREAD_CREATE_ERROR);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl return (NSCD_SUCCESS);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjlstatic void *
cb5caa98562cf06753163f558cbcfe30b8f4673adjlget_smf_prop(const char *var, char type, void *def_val)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl{
cb5caa98562cf06753163f558cbcfe30b8f4673adjl scf_simple_prop_t *prop;
29836b1990ff03408750301a4ad20cfd233444b9michen void *val;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char *me = "get_smf_prop";
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl prop = scf_simple_prop_get(NULL, NULL, "config", var);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (prop) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl switch (type) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl case 'b':
cb5caa98562cf06753163f558cbcfe30b8f4673adjl val = scf_simple_prop_next_boolean(prop);
29836b1990ff03408750301a4ad20cfd233444b9michen if (val != NULL)
29836b1990ff03408750301a4ad20cfd233444b9michen (void) memcpy(def_val, val, sizeof (uint8_t));
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl case 'i':
cb5caa98562cf06753163f558cbcfe30b8f4673adjl val = scf_simple_prop_next_integer(prop);
29836b1990ff03408750301a4ad20cfd233444b9michen if (val != NULL)
29836b1990ff03408750301a4ad20cfd233444b9michen (void) memcpy(def_val, val, sizeof (int64_t));
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl scf_simple_prop_free(prop);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (prop == NULL || val == NULL) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl char vs[64];
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl switch (type) {
cb5caa98562cf06753163f558cbcfe30b8f4673adjl case 'b':
cb5caa98562cf06753163f558cbcfe30b8f4673adjl if (*(uint8_t *)def_val)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) strcpy(vs, "yes");
cb5caa98562cf06753163f558cbcfe30b8f4673adjl else
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) strcpy(vs, "no");
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl case 'i':
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (void) sprintf(vs, "%lld", *(int64_t *)def_val);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl break;
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_ALERT)
cb5caa98562cf06753163f558cbcfe30b8f4673adjl (me, "no value for config/%s (%s). "
29836b1990ff03408750301a4ad20cfd233444b9michen "Using default \"%s\"\n", var,
29836b1990ff03408750301a4ad20cfd233444b9michen scf_strerror(scf_error()), vs);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl }
cb5caa98562cf06753163f558cbcfe30b8f4673adjl
29836b1990ff03408750301a4ad20cfd233444b9michen return (def_val);
cb5caa98562cf06753163f558cbcfe30b8f4673adjl}