1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 
23 /*
24  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
25  * Use is subject to license terms.
26  */
27 
28 #pragma ident	"%Z%%M%	%I%	%E% SMI"
29 
30 #include "synonyms.h"
31 #include <mtlib.h>
32 #include <sys/types.h>
33 #include <pwd.h>
34 #include <nss_dbdefs.h>
35 #include <stdio.h>
36 #include <synch.h>
37 #include <sys/param.h>
38 #include <fcntl.h>
39 #include <unistd.h>
40 #include <getxby_door.h>
41 #include <sys/door.h>
42 #include "libc.h"
43 #include "base_conversion.h"
44 
45 /*
46  *
47  * Routine that actually performs the door call.
48  * Note that we cache a file descriptor.  We do
49  * the following to prevent disasters:
50  *
51  * 1) Never use 0,1 or 2; if we get this from the open
52  *    we dup it upwards.
53  *
54  * 2) Set the close on exec flags so descriptor remains available
55  *    to child processes.
56  *
57  * 3) Verify that the door is still the same one we had before
58  *    by using door_info on the client side.
59  *
60  *	Note that we never close the file descriptor if it isn't one
61  *	we allocated; we check this with door info.  The rather tricky
62  *	logic is designed to be fast in the normal case (fd is already
63  *	allocated and is ok) while handling the case where the application
64  *	closed it underneath us or where the nscd dies or re-execs itself
65  *	and we're a multi-threaded application.  Note that we cannot protect
66  *	the application if it closes the fd and it is multi-threaded.
67  *
68  *  int _nsc_trydoorcall(void *dptr, int *bufsize, int *actualsize);
69  *
70  *      *dptr           IN: points to arg buffer OUT: points to results buffer
71  *      *bufsize        IN: overall size of buffer OUT: overall size of buffer
72  *      *actualsize     IN: size of call data OUT: size of return data
73  *
74  *  Note that *dptr may change if provided space as defined by *bufsize is
75  *  inadequate.  In this case the door call mmaps more space and places
76  *  the answer there and sets dptr to contain a pointer to the space, which
77  *  should be freed with munmap.
78  *
79  *  Returns 0 if the door call reached the server, -1 if contact was not made.
80  *
81  */
82 
83 static mutex_t	_door_lock = DEFAULTMUTEX;
84 
85 int
86 _nsc_trydoorcall(nsc_data_t **dptr, int *ndata, int *adata)
87 {
88 	static	int 		doorfd = -1;
89 	static	door_info_t 	real_door;
90 	door_info_t 		my_door;
91 	door_arg_t		param;
92 
93 	/*
94 	 * the first time in we try and open and validate the door.
95 	 * the validations are that the door must have been
96 	 * created with the name service door cookie and
97 	 * that the file attached to the door is owned by root
98 	 * and readonly by user, group and other.  If any of these
99 	 * validations fail we refuse to use the door.
100 	 */
101 
102 	lmutex_lock(&_door_lock);
103 
104 try_again:
105 
106 	if (doorfd == -1) {
107 		int		tbc[3];
108 		int		i;
109 
110 		if ((doorfd = open64(NAME_SERVICE_DOOR, O_RDONLY, 0)) == -1) {
111 			lmutex_unlock(&_door_lock);
112 			return (NOSERVER);
113 		}
114 
115 		/*
116 		 * dup up the file descriptor if we have 0 - 2
117 		 * to avoid problems with shells stdin/out/err
118 		 */
119 		i = 0;
120 
121 		while (doorfd < 3) { /* we have a reserved fd */
122 			tbc[i++] = doorfd;
123 			if ((doorfd = dup(doorfd)) < 0) {
124 				while (i--)
125 				    (void) close(tbc[i]);
126 				doorfd = -1;
127 				lmutex_unlock(&_door_lock);
128 				return (NOSERVER);
129 			}
130 		}
131 
132 		while (i--)
133 		    (void) close(tbc[i]);
134 
135 		/*
136 		 * mark this door descriptor as close on exec
137 		 */
138 		(void) fcntl(doorfd, F_SETFD, FD_CLOEXEC);
139 		if (__door_info(doorfd, &real_door) == -1 ||
140 		    (real_door.di_attributes & DOOR_REVOKED) ||
141 		    real_door.di_data != (uintptr_t)NAME_SERVICE_DOOR_COOKIE) {
142 			/*
143 			 * we should close doorfd because we just opened it
144 			 */
145 			(void) close(doorfd);
146 			doorfd = -1;
147 			lmutex_unlock(&_door_lock);
148 			return (NOSERVER);
149 		}
150 	} else {
151 		if (__door_info(doorfd, &my_door) == -1 ||
152 		    my_door.di_data != (uintptr_t)NAME_SERVICE_DOOR_COOKIE ||
153 		    my_door.di_uniquifier != real_door.di_uniquifier) {
154 			/*
155 			 * don't close it -
156 			 * someone else has clobbered fd
157 			 */
158 			doorfd = -1;
159 			goto try_again;
160 		}
161 
162 		if (my_door.di_attributes & DOOR_REVOKED) {
163 			(void) close(doorfd);	/* nscd exited .... */
164 			doorfd = -1;	/* try and restart connection */
165 			goto try_again;
166 		}
167 	}
168 
169 	lmutex_unlock(&_door_lock);
170 
171 	param.rbuf = (char *)*dptr;
172 	param.rsize = *ndata;
173 	param.data_ptr = (char *)*dptr;
174 	param.data_size = *adata;
175 	param.desc_ptr = NULL;
176 	param.desc_num = 0;
177 	if (__door_call(doorfd, &param) == -1) {
178 		return (NOSERVER);
179 	}
180 	*adata = (int)param.data_size;
181 	*ndata = (int)param.rsize;
182 	*dptr = (nsc_data_t *)(uintptr_t)param.data_ptr;
183 	if (*adata == 0 || *dptr == NULL) {
184 		return (NOSERVER);
185 	}
186 
187 	return ((*dptr)->nsc_ret.nsc_return_code);
188 }
189