1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <strings.h> 27 #include <stdlib.h> 28 #include <syslog.h> 29 #include <errno.h> 30 #include <libintl.h> 31 #include <door.h> 32 #include <sys/types.h> 33 #include <sys/stat.h> 34 #include <fcntl.h> 35 #include <procfs.h> 36 #include "cachemgr.h" 37 38 extern admin_t current_admin; 39 40 #define CLEANUP_WAIT_TIME 60 41 42 typedef enum cleanup_type { 43 CLEANUP_ALL = 1, 44 CLEANUP_BY_PID = 2 45 } cleanup_type_t; 46 47 typedef struct cleanup_op { 48 pid_t pid; 49 cleanup_type_t type; 50 } cleanup_op_t; 51 52 typedef struct main_nscd_struct { 53 pid_t pid; /* main nscd pid */ 54 thread_t tid; /* main nscd tid */ 55 int in_progress; /* A main nscd thread is */ 56 /* waiting for change or */ 57 /* copying data */ 58 int is_waiting_cleanup; /* A main nscd thread is */ 59 /* waiting for another main */ 60 /* nscd thread to be cleaned */ 61 /* up */ 62 } main_nscd_t; 63 64 static chg_info_t chg = { DEFAULTMUTEX, DEFAULTCV, 0, NULL, NULL, NULL, 0 }; 65 66 static main_nscd_t chg_main_nscd = {0, 0, 0, 0}; 67 static mutex_t chg_main_nscd_lock = DEFAULTMUTEX; 68 static cond_t chg_main_nscd_cv = DEFAULTCV; 69 70 /* 71 * The cookie of the configuration and its mutex 72 */ 73 static ldap_get_chg_cookie_t config_cookie = {0, 0}; 74 static mutex_t config_cookie_lock = DEFAULTMUTEX; 75 76 static void cleanup_thread_by_pid(pid_t pid); 77 78 ldap_get_chg_cookie_t 79 chg_config_cookie_get(void) 80 { 81 ldap_get_chg_cookie_t cookie; 82 (void) mutex_lock(&config_cookie_lock); 83 cookie = config_cookie; 84 (void) mutex_unlock(&config_cookie_lock); 85 return (cookie); 86 } 87 88 static void 89 chg_config_cookie_increment_seq_num(void) 90 { 91 (void) mutex_lock(&config_cookie_lock); 92 config_cookie.seq_num++; 93 (void) mutex_unlock(&config_cookie_lock); 94 } 95 96 void 97 chg_config_cookie_set(ldap_get_chg_cookie_t *cookie) 98 { 99 (void) mutex_lock(&config_cookie_lock); 100 config_cookie.mgr_pid = cookie->mgr_pid; 101 config_cookie.seq_num = cookie->seq_num; 102 (void) mutex_unlock(&config_cookie_lock); 103 } 104 static boolean_t 105 chg_cookie_equal(ldap_get_chg_cookie_t *c1, ldap_get_chg_cookie_t *c2) 106 { 107 if (c1->mgr_pid == c2->mgr_pid && c1->seq_num == c2->seq_num) 108 return (B_TRUE); 109 else 110 return (B_FALSE); 111 } 112 /* 113 * Create a node in the list and output the node. The caller can NOT free it. 114 */ 115 static int 116 waiting_list_add(chg_info_t *info, pid_t pid, thread_t tid, 117 waiting_list_t **wlp) 118 { 119 120 waiting_list_t *wl; 121 122 *wlp = NULL; 123 124 if ((wl = (waiting_list_t *)calloc(1, sizeof (waiting_list_t))) 125 == NULL) { 126 logit("waiting_list_add: No memory. pid %ld tid %d\n", 127 pid, tid); 128 return (CHG_NO_MEMORY); 129 } 130 131 wl->pid = pid; 132 wl->tid = tid; 133 134 if (info->chg_w_first == NULL) { 135 info->chg_w_first = wl; 136 info->chg_w_last = wl; 137 } else { 138 info->chg_w_last->next = wl; 139 wl->prev = info->chg_w_last; 140 info->chg_w_last = wl; 141 } 142 *wlp = wl; 143 return (CHG_SUCCESS); 144 } 145 146 /* 147 * Find a node with matching tid in the list and remove it from the list. 148 */ 149 static int 150 waiting_list_delete(chg_info_t *info, thread_t tid) 151 { 152 waiting_list_t *wl; 153 154 for (wl = info->chg_w_first; wl != NULL; wl = wl->next) { 155 if (wl->tid == tid) { 156 if (wl->next == NULL) { 157 if (wl->prev == NULL) { 158 info->chg_w_first = NULL; 159 info->chg_w_last = NULL; 160 } else { 161 wl->prev->next = NULL; 162 info->chg_w_last = wl->prev; 163 } 164 } else { 165 if (wl->prev == NULL) { 166 wl->next->prev = NULL; 167 info->chg_w_first = wl->next; 168 } else { 169 wl->prev->next = wl->next; 170 wl->next->prev = wl->prev; 171 } 172 } 173 free(wl); 174 return (CHG_SUCCESS); 175 } 176 } 177 return (CHG_NOT_FOUND_IN_WAITING_LIST); 178 } 179 180 /* 181 * Delete the thread from the waiting list and remove data when the list 182 * is empty. 183 */ 184 static void 185 waiting_list_cleanup(chg_info_t *chg, thread_t tid) 186 { 187 int rc; 188 189 rc = waiting_list_delete(chg, tid); 190 191 if (rc == CHG_SUCCESS && chg->chg_w_first == NULL) { 192 free(chg->chg_data); 193 chg->chg_data = NULL; 194 chg->chg_wakeup = 0; 195 } 196 } 197 198 /* 199 * Set flag by pid so it can be cleaned up. 200 */ 201 static void 202 waiting_list_set_cleanup(chg_info_t *info, pid_t pid) 203 { 204 waiting_list_t *wl; 205 206 for (wl = info->chg_w_first; wl != NULL; wl = wl->next) { 207 if (wl->pid == pid) { 208 wl->cleanup = 1; 209 break; 210 } 211 } 212 } 213 214 /* 215 * Return: 1 - door client is dead, 0 - door client is alive 216 */ 217 static int 218 door_client_dead(void) 219 { 220 ucred_t *uc = NULL; 221 int rc; 222 223 if (door_ucred(&uc) == -1 && errno == EINVAL) { 224 rc = 1; 225 } else { 226 rc = 0; 227 } 228 if (uc) 229 ucred_free(uc); 230 231 return (rc); 232 } 233 234 /* 235 * This function handles GETSTATUSCHANGE call from main nscd. 236 * The call can be a START op or STOP op. A cookie is sent from main nscd too. 237 * The static global variable main_nscd keeps record of pid, tid and some flags. 238 * If the thread is door_return(), main_nscd.pid, main_nscd.tid are set to 0. 239 * When the call is START op, it checks if main_nscd.pid is 0. If it is, it 240 * proceeds to wait for the change notification. If it's not, which means 241 * another main nscd handling thread is still around. It sends broadcast to 242 * clean up that thread and wait until the cleanup is done then proceeds to 243 * wait for the change notification. If same main nscd sends START op 244 * repeatedly, it'll be rejected. 245 * It also checks the cookie from main nscd. If it's not the same as 246 * ldap_cachemgr's cookie, door returns config change. 247 * If the door call is STOP op, it creates a thread to clean up main nscd START 248 * thread so it won't be blocking. 249 * In waiting for the change notification phase, the thread is waken up by 250 * the notification threads or by the cleanup threads. 251 * If it's a notification, it copies data to the stack then door return. 252 * If it's a cleanup, door_client_dead() is called to verify it then 253 * door return. 254 */ 255 int 256 chg_get_statusChange(LineBuf *info, ldap_call_t *in, pid_t nscd_pid) 257 { 258 int rc = CHG_SUCCESS, another_main_nscd_thread_alive = 0; 259 int len, return_now; 260 thread_t this_tid = thr_self(); 261 waiting_list_t *wl = NULL; 262 ldap_get_change_out_t *cout; 263 ldap_get_chg_cookie_t cookie; 264 265 info->str = NULL; 266 info->len = 0; 267 268 if (in->ldap_u.get_change.op == NS_STATUS_CHANGE_OP_START) { 269 270 (void) mutex_lock(&chg_main_nscd_lock); 271 if (chg_main_nscd.pid != 0) { 272 if (nscd_pid != chg_main_nscd.pid) { 273 /* 274 * This is the case that nscd doesn't shut down 275 * properly(e.g. core) and STOP op is not sent, 276 * the thread handling it is still around and 277 * not cleaned up yet. 278 * Test if the thread is still alive. 279 * If it is, clean it up. 280 * For thr_kill, if sig is 0, a validity check 281 * is done for the existence of the target 282 * thread; no signal is sent. 283 */ 284 if (thr_kill(chg_main_nscd.tid, 0) == 0) { 285 another_main_nscd_thread_alive = 1; 286 cleanup_thread_by_pid( 287 chg_main_nscd.pid); 288 } 289 } else if (chg_main_nscd.in_progress || 290 chg_main_nscd.is_waiting_cleanup) { 291 /* 292 * Same nscd pid can only send door call 293 * one at a time and wait for ldap_cachemgr to 294 * return change data. If it's the same pid 295 * again, it's an nscd error. 296 */ 297 (void) mutex_unlock(&chg_main_nscd_lock); 298 return (CHG_NSCD_REPEATED_CALL); 299 } 300 } 301 /* 302 * Wait for another thread to be cleaned up if it's alive. 303 * After that this cond var is waken up. 304 */ 305 if (another_main_nscd_thread_alive) { 306 while (chg_main_nscd.in_progress) { 307 chg_main_nscd.is_waiting_cleanup = 1; 308 (void) cond_wait(&chg_main_nscd_cv, 309 &chg_main_nscd_lock); 310 } 311 } 312 313 /* 314 * Replace pid and tid and set the flag. 315 */ 316 chg_main_nscd.is_waiting_cleanup = 0; 317 chg_main_nscd.pid = nscd_pid; 318 chg_main_nscd.tid = this_tid; 319 chg_main_nscd.in_progress = 1; 320 (void) mutex_unlock(&chg_main_nscd_lock); 321 322 cookie = chg_config_cookie_get(); 323 324 if (!chg_cookie_equal(&cookie, &in->ldap_u.get_change.cookie)) { 325 /* 326 * different cookie, set new cookie and 327 * return door call right away 328 */ 329 len = sizeof (ldap_get_change_out_t); 330 if ((cout = calloc(1, len)) == NULL) { 331 rc = CHG_NO_MEMORY; 332 } else { 333 cout->type = NS_STATUS_CHANGE_TYPE_CONFIG; 334 cout->cookie = cookie; 335 info->str = (char *)cout; 336 info->len = len; 337 } 338 339 } else { 340 (void) mutex_lock(&chg.chg_lock); 341 342 /* wait for the change notification */ 343 rc = waiting_list_add(&chg, nscd_pid, this_tid, &wl); 344 if (rc == CHG_SUCCESS) { 345 return_now = 0; 346 while (!chg.chg_wakeup) { 347 if (wl->cleanup || 348 door_client_dead()) { 349 return_now = 1; 350 break; 351 } 352 (void) cond_wait(&chg.chg_cv, 353 &chg.chg_lock); 354 } 355 /* Check if door client is still alive again */ 356 if (!return_now && !wl->cleanup && 357 !door_client_dead()) { 358 /* copy data to buffer */ 359 if ((info->str = malloc( 360 chg.chg_data_size)) == NULL) { 361 rc = CHG_NO_MEMORY; 362 } else { 363 (void) memcpy(info->str, 364 chg.chg_data, 365 chg.chg_data_size); 366 info->len = chg.chg_data_size; 367 } 368 } 369 waiting_list_cleanup(&chg, this_tid); 370 } 371 (void) mutex_unlock(&chg.chg_lock); 372 } 373 374 375 /* 376 * Reset pid, tid and flag, send wakeup signal. 377 */ 378 (void) mutex_lock(&chg_main_nscd_lock); 379 chg_main_nscd.pid = 0; 380 chg_main_nscd.tid = 0; 381 chg_main_nscd.in_progress = 0; 382 if (chg_main_nscd.is_waiting_cleanup) 383 (void) cond_broadcast(&chg_main_nscd_cv); 384 385 (void) mutex_unlock(&chg_main_nscd_lock); 386 387 } else if (in->ldap_u.get_change.op == NS_STATUS_CHANGE_OP_STOP) { 388 389 cleanup_thread_by_pid(nscd_pid); 390 rc = CHG_SUCCESS; 391 392 } else { 393 rc = CHG_INVALID_PARAM; 394 } 395 if (rc == CHG_EXCEED_MAX_THREADS) 396 cleanup_thread_by_pid(0); 397 398 return (rc); 399 } 400 401 /* 402 * This function copies the header and data stream to the buffer 403 * then send broadcast to wake up the chg_get_statusChange() threads. 404 */ 405 int 406 chg_notify_statusChange(char *str) 407 { 408 ldap_get_change_out_t *cout = (ldap_get_change_out_t *)str; 409 410 cout->cookie = chg_config_cookie_get(); 411 412 (void) mutex_lock(&chg.chg_lock); 413 if (chg.chg_w_first != NULL && chg.chg_wakeup == 0) { 414 415 if (chg.chg_data) { 416 free(chg.chg_data); 417 chg.chg_data = NULL; 418 } 419 420 chg.chg_data = str; 421 422 if (cout->type == NS_STATUS_CHANGE_TYPE_CONFIG) 423 chg.chg_data_size = sizeof (ldap_get_change_out_t); 424 else 425 /* NS_STATUS_CHANGE_TYPE_SERVER */ 426 chg.chg_data_size = sizeof (ldap_get_change_out_t) - 427 sizeof (int) + cout->data_size; 428 429 chg.chg_wakeup = 1; 430 (void) cond_broadcast(&chg.chg_cv); 431 } 432 (void) mutex_unlock(&chg.chg_lock); 433 434 return (CHG_SUCCESS); 435 } 436 437 /* 438 * This is called when the configuration is refreshed. 439 * The new configuration is different from the current one, a notification 440 * is sent tochg_get_statusChange() threads. 441 */ 442 void 443 chg_test_config_change(ns_config_t *new, int *change_status) 444 { 445 int changed = 0; 446 LineBuf new_cfg, cur_cfg; 447 ns_ldap_error_t *errp = NULL; 448 ldap_config_out_t *new_out, *cur_out; 449 ldap_get_change_out_t *cout; 450 451 (void) memset(&new_cfg, 0, sizeof (LineBuf)); 452 (void) memset(&cur_cfg, 0, sizeof (LineBuf)); 453 /* 454 * Flatten the config data of the newly downloaded config and 455 * current default config and compare both. 456 */ 457 if ((errp = __ns_ldap_LoadDoorInfo(&new_cfg, NULL, new, 0)) != NULL) { 458 __ns_ldap_freeError(&errp); 459 /* error, assume the config is changed */ 460 changed = 1; 461 } else if ((errp = __ns_ldap_LoadDoorInfo(&cur_cfg, NULL, NULL, 0)) 462 != NULL) { 463 __ns_ldap_freeError(&errp); 464 /* error, assume the config is changed */ 465 changed = 1; 466 } 467 if (changed == 0) { 468 new_out = (ldap_config_out_t *)new_cfg.str; 469 cur_out = (ldap_config_out_t *)cur_cfg.str; 470 if (strcmp(new_out->config_str, cur_out->config_str) != 0) { 471 changed = 1; 472 if (current_admin.debug_level >= DBG_PROFILE_REFRESH) { 473 logit("config changed.\n"); 474 } 475 } 476 } 477 if (cur_cfg.str) 478 free(cur_cfg.str); 479 if (new_cfg.str) 480 free(new_cfg.str); 481 482 if (changed) { 483 484 if ((cout = calloc(1, sizeof (ldap_get_change_out_t))) 485 == NULL) { 486 logit("chg_test_config_change: No Memory\n"); 487 } else { 488 /* 489 * Replace the currentdefault config with the new 490 * config 491 */ 492 __s_api_init_config(new); 493 chg_config_cookie_increment_seq_num(); 494 cout->type = NS_STATUS_CHANGE_TYPE_CONFIG; 495 /* 496 * cout->cookie is set by 497 * chg_notify_statusChange 498 */ 499 (void) chg_notify_statusChange((char *)cout); 500 } 501 } else { 502 __s_api_destroy_config(new); 503 } 504 505 *change_status = changed; 506 } 507 508 /* 509 * Wake up chg_get_statusChange() threads to clean up the threads 510 * that main nscd doesn't exist on the other of door anymore or 511 * the thread is marked as cleanup. 512 */ 513 static void 514 cleanup_threads(chg_info_t *chg, pid_t pid, cleanup_type_t type) 515 { 516 (void) mutex_lock(&chg->chg_lock); 517 if (type == CLEANUP_BY_PID) 518 waiting_list_set_cleanup(chg, pid); 519 /* 520 * wake up threads without setting chg.chg_wakeup. 521 * It's for cleanup purpose, not for notifying changes. 522 */ 523 (void) cond_broadcast(&chg->chg_cv); 524 (void) mutex_unlock(&chg->chg_lock); 525 } 526 /* 527 * If arg is NULL, it loops forever, 528 * else it calls cleanup_threads once and exits. 529 */ 530 void * 531 chg_cleanup_waiting_threads(void *arg) 532 { 533 cleanup_op_t *op = (cleanup_op_t *)arg; 534 cleanup_type_t type = 0; 535 pid_t pid; 536 int always = 1, waiting; 537 538 if (op == NULL) { 539 waiting = 1; 540 type = CLEANUP_ALL; 541 pid = 0; 542 } else { 543 waiting = 0; 544 type = op->type; 545 pid = op->pid; 546 } 547 548 while (always) { 549 if (waiting) 550 (void) sleep(CLEANUP_WAIT_TIME); 551 cleanup_threads(&chg, pid, type); 552 if (!waiting) 553 break; 554 } 555 556 if (op) 557 free(op); 558 559 thr_exit(NULL); 560 return (NULL); 561 } 562 /* 563 * The door server thead which has the door client pid will be marked 564 * as to be clean up. If pid is 0, no marking and just clean up all. 565 */ 566 static void 567 cleanup_thread_by_pid(pid_t pid) 568 { 569 cleanup_op_t *op; 570 571 if ((op = malloc(sizeof (cleanup_op_t))) == NULL) 572 return; 573 574 op->pid = pid; 575 /* clean up all if pid is 0 */ 576 if (pid == 0) 577 op->type = CLEANUP_ALL; 578 else 579 op->type = CLEANUP_BY_PID; 580 581 if (thr_create(NULL, 0, chg_cleanup_waiting_threads, 582 (void *)op, THR_BOUND|THR_DETACHED, NULL) != 0) { 583 free(op); 584 logit("thr_create failed for cleanup_thread_by_pid(%ld)\n", 585 pid); 586 } 587 } 588 589 /* 590 * Output a psinfo of an nscd process with process id pid 591 * Return: 0 - Can't find the process or it's not nscd 592 * 1 - psinfo found 593 * Note: If info is NULL, returns 0 or 1 only and no output from info. 594 */ 595 static int 596 get_nscd_psinfo(pid_t pid, psinfo_t *info) 597 { 598 psinfo_t pinfo; 599 char fname[MAXPATHLEN]; 600 ssize_t ret; 601 int fd; 602 603 if (snprintf(fname, MAXPATHLEN, "/proc/%d/psinfo", pid) > 0) { 604 if ((fd = open(fname, O_RDONLY)) >= 0) { 605 ret = read(fd, &pinfo, sizeof (psinfo_t)); 606 (void) close(fd); 607 if ((ret == sizeof (psinfo_t)) && 608 (strcmp(pinfo.pr_fname, "nscd") == 0)) { 609 if (info) 610 *info = pinfo; 611 return (1); 612 } 613 } 614 } 615 return (0); 616 } 617 /* 618 * If the parent process is nscd and euid is 0, it's a peruser nscd. 619 */ 620 static int 621 is_peruser_nscd(pid_t pid) 622 { 623 pid_t ppid; 624 psinfo_t pinfo; 625 626 if (get_nscd_psinfo(pid, &pinfo)) { 627 ppid = pinfo.pr_ppid; 628 if (get_nscd_psinfo(ppid, &pinfo) && pinfo.pr_euid == 0) 629 /* 630 * get psinfo of parent forker nscd 631 */ 632 return (1); 633 else 634 return (0); 635 } else { 636 return (0); 637 } 638 } 639 /* 640 * Check if the door client making door call is a nscd or peruser nscd and 641 * output door client's pid. 642 */ 643 int 644 chg_is_called_from_nscd_or_peruser_nscd(char *dc_str, pid_t *pidp) 645 { 646 int rc; 647 uid_t euid; 648 pid_t pid; 649 ucred_t *uc = NULL; 650 651 if (door_ucred(&uc) != 0) { 652 rc = errno; 653 logit("door_ucred() call failed %s\n", strerror(rc)); 654 return (0); 655 } 656 euid = ucred_geteuid(uc); 657 pid = *pidp = ucred_getpid(uc); 658 659 if ((euid == 0 && is_called_from_nscd(pid)) || 660 is_peruser_nscd(pid)) { 661 if (current_admin.debug_level >= DBG_ALL) 662 logit("ldap_cachemgr received %s call from pid %ld, " 663 "uid %u, euid %u\n", dc_str, pid, 664 ucred_getruid(uc), euid); 665 rc = 1; 666 } else { 667 if (current_admin.debug_level >= DBG_CANT_FIND) 668 logit("%s call failed(cred): caller pid %ld, uid %u, " 669 "euid %u\n", dc_str, pid, 670 ucred_getruid(uc), euid); 671 672 rc = 0; 673 } 674 675 ucred_free(uc); 676 677 return (rc); 678 }