diff options
| author | michen <none@none> | 2007-08-03 16:25:01 -0700 |
|---|---|---|
| committer | michen <none@none> | 2007-08-03 16:25:01 -0700 |
| commit | bf1e3bee1b13b3a914f0dd817a04f6e0ce8e0691 (patch) | |
| tree | e6607b2deb5a79b6ba087d1a7813ed85af690963 | |
| parent | 566a18dc8caea94b786a9338516476928c2fe598 (diff) | |
| download | illumos-gate-bf1e3bee1b13b3a914f0dd817a04f6e0ce8e0691.tar.gz | |
6519579 need name service configuration for labeled zone access to an isolated name space
6562771 getspnam(3C) requires more than all privs
6577639 system/name-service-cache starting incorrectly on snv_67+
6585350 nss_nisplus: getbymember() does not follow the NSS_DBOP_GROUP_BYMEMBER protocol
| -rw-r--r-- | usr/src/cmd/nscd/nscd_door.h | 2 | ||||
| -rw-r--r-- | usr/src/cmd/nscd/nscd_frontend.c | 167 | ||||
| -rw-r--r-- | usr/src/cmd/nscd/nscd_frontend.h | 1 | ||||
| -rw-r--r-- | usr/src/cmd/nscd/nscd_nswstate.c | 197 | ||||
| -rw-r--r-- | usr/src/cmd/nscd/nscd_switch.c | 185 | ||||
| -rw-r--r-- | usr/src/cmd/nscd/nscd_switch.h | 2 | ||||
| -rw-r--r-- | usr/src/cmd/nscd/server.c | 94 | ||||
| -rw-r--r-- | usr/src/cmd/nscd/svc-nscd | 48 | ||||
| -rw-r--r-- | usr/src/lib/nsswitch/nisplus/common/getgrent.c | 24 |
9 files changed, 412 insertions, 308 deletions
diff --git a/usr/src/cmd/nscd/nscd_door.h b/usr/src/cmd/nscd/nscd_door.h index 102cc65f26..3647b59abc 100644 --- a/usr/src/cmd/nscd/nscd_door.h +++ b/usr/src/cmd/nscd/nscd_door.h @@ -42,6 +42,8 @@ extern "C" { /* door for Trusted Extensions */ #define TSOL_NAME_SERVICE_DOOR "/var/tsol/doors/name_service_door" +/* TX per label nscd indication file */ +#define TSOL_NSCD_PER_LABEL_FILE "/var/tsol/doors/nscd_per_label" /* nscd v2 nscd -> nscd call numbers */ #define NSCD_PING (NSCD_CALLCAT_N2N|0x01) diff --git a/usr/src/cmd/nscd/nscd_frontend.c b/usr/src/cmd/nscd/nscd_frontend.c index 02b081db58..dd158fff41 100644 --- a/usr/src/cmd/nscd/nscd_frontend.c +++ b/usr/src/cmd/nscd/nscd_frontend.c @@ -114,7 +114,7 @@ server_create(door_info_t *dip) } (void) mutex_unlock(&create_lock); (void) thr_create(NULL, 0, server_tsd_bind, NULL, - THR_BOUND|THR_DETACHED, NULL); + THR_BOUND|THR_DETACHED, NULL); } /* @@ -204,11 +204,11 @@ restart_if_cfgfile_changed() if (last_resolv_modified >= 0) { if (stat("/etc/resolv.conf", &res_buf) < 0) { if (last_resolv_modified == 0) - last_resolv_modified = -1; + last_resolv_modified = -1; else - res_buf.st_mtime = last_resolv_modified; + res_buf.st_mtime = last_resolv_modified; } else if (last_resolv_modified == 0) { - last_resolv_modified = res_buf.st_mtime; + last_resolv_modified = res_buf.st_mtime; } } @@ -240,7 +240,7 @@ restart_if_cfgfile_changed() */ _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_INFO) (me, "nscd restart due to %s or %s change\n", - "/etc/nsswitch.conf", "resolv.conf"); + "/etc/nsswitch.conf", "resolv.conf"); /* * try to restart under smf */ @@ -259,7 +259,7 @@ restart_if_cfgfile_changed() } } else - (void) mutex_unlock(&nsswitch_lock); + (void) mutex_unlock(&nsswitch_lock); } uid_t @@ -280,6 +280,30 @@ _nscd_get_client_euid() return (id); } +/* + * Check to see if the door client has PRIV_FILE_DAC_READ privilege. + * Return 0 if yes, -1 otherwise. + */ +int +_nscd_check_client_read_priv() +{ + int rc = 0; + ucred_t *uc = NULL; + const priv_set_t *eset; + char *me = "_nscd_check_client_read_priv"; + + if (door_ucred(&uc) != 0) { + _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) + (me, "door_ucred: %s\n", strerror(errno)); + return (-1); + } + eset = ucred_getprivset(uc, PRIV_EFFECTIVE); + if (!priv_ismember(eset, PRIV_FILE_DAC_READ)) + rc = -1; + ucred_free(uc); + return (rc); +} + static void N2N_check_priv( void *buf, @@ -304,13 +328,13 @@ N2N_check_priv( zoneid = ucred_getzoneid(uc); if ((zoneid != GLOBAL_ZONEID && zoneid != getzoneid()) || - eset != NULL ? !priv_ismember(eset, PRIV_SYS_ADMIN) : - ucred_geteuid(uc) != 0) { + eset != NULL ? !priv_ismember(eset, PRIV_SYS_ADMIN) : + ucred_geteuid(uc) != 0) { _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ALERT) (me, "%s call failed(cred): caller pid %d, uid %d, " - "euid %d, zoneid %d\n", dc_str, ucred_getpid(uc), - ucred_getruid(uc), ucred_geteuid(uc), zoneid); + "euid %d, zoneid %d\n", dc_str, ucred_getpid(uc), + ucred_getruid(uc), ucred_geteuid(uc), zoneid); ucred_free(uc); NSCD_RETURN_STATUS(phdr, NSS_ERROR, EACCES); @@ -318,8 +342,8 @@ N2N_check_priv( _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG) (me, "nscd received %s cmd from pid %d, uid %d, " - "euid %d, zoneid %d\n", dc_str, ucred_getpid(uc), - ucred_getruid(uc), ucred_geteuid(uc), zoneid); + "euid %d, zoneid %d\n", dc_str, ucred_getpid(uc), + ucred_getruid(uc), ucred_geteuid(uc), zoneid); ucred_free(uc); @@ -353,7 +377,7 @@ _nscd_APP_check_cred( NSCD_SET_STATUS_SUCCESS(phdr); pid = ucred_getpid(uc); if (NSS_PACKED_CRED_CHECK(buf, ruid = ucred_getruid(uc), - euid = ucred_geteuid(uc))) { + euid = ucred_geteuid(uc))) { if (pidp != NULL) { if (*pidp == (pid_t)-1) *pidp = pid; @@ -370,10 +394,10 @@ _nscd_APP_check_cred( if (NSCD_STATUS_IS_NOT_OK(phdr)) { _NSCD_LOG(log_comp, log_level) (me, "%s call failed: caller pid %d (input pid = %d), ruid %d, " - "euid %d, header ruid %d, header euid %d\n", dc_str, - pid, (pidp != NULL) ? *pidp : -1, ruid, euid, - ((nss_pheader_t *)(buf))->p_ruid, - ((nss_pheader_t *)(buf))->p_euid); + "euid %d, header ruid %d, header euid %d\n", dc_str, + pid, (pidp != NULL) ? *pidp : -1, ruid, euid, + ((nss_pheader_t *)(buf))->p_ruid, + ((nss_pheader_t *)(buf))->p_euid); } } @@ -409,7 +433,7 @@ pheader_error(nss_pheader_t *phdr, uint32_t call_number) _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ALERT) ("pheader_error", "call number %s: invalid packed buffer header\n", - call_num_str); + call_num_str); NSCD_SET_STATUS(phdr, NSS_ERROR, EINVAL); return (-1); @@ -462,14 +486,14 @@ validate_pheader( * of the header must match the size of nss_pheader_t */ if (phdr->p_version != NSCD_HEADER_REV || - phdr->dbd_off != sizeof (nss_pheader_t)) + phdr->dbd_off != sizeof (nss_pheader_t)) return (pheader_error(phdr, call_number)); /* * buffer size and offsets must be in multiple of 4 */ if ((arg_size & 3) || (phdr->dbd_off & 3) || (phdr->key_off & 3) || - (phdr->data_off & 3)) + (phdr->data_off & 3)) return (pheader_error(phdr, call_number)); /* @@ -565,11 +589,10 @@ N2Nbuf_error(nss_pheader_t *phdr, uint32_t call_number) } _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ALERT) - ("N2Nbuf_error", "call number %s: invalid N2N buffer\n", - call_num_str); + ("N2Nbuf_error", "call number %s: invalid N2N buffer\n", call_num_str); NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, - NSCD_DOOR_BUFFER_CHECK_FAILED); + NSCD_DOOR_BUFFER_CHECK_FAILED); return (-1); } @@ -607,7 +630,7 @@ validate_N2Nbuf( * of the header must match the size of nss_pheader_t */ if (phdr->p_version != NSCD_HEADER_REV || - phdr->dbd_off != sizeof (nss_pheader_t)) + phdr->dbd_off != sizeof (nss_pheader_t)) return (N2Nbuf_error(phdr, call_number)); /* @@ -615,7 +638,7 @@ validate_N2Nbuf( * offsets should be equal */ if (phdr->dbd_off != phdr->key_off || - phdr->dbd_off != phdr->data_off) + phdr->dbd_off != phdr->data_off) return (N2Nbuf_error(phdr, call_number)); /* @@ -640,7 +663,7 @@ lookup(char *argp, size_t arg_size) nss_pheader_t *phdr = (nss_pheader_t *)(void *)argp; NSCD_ALLOC_LOOKUP_BUFFER(argp, arg_size, phdr, space, - sizeof (space)); + sizeof (space)); /* * make sure the first couple bytes of the data area is null, @@ -674,8 +697,7 @@ getent(char *argp, size_t arg_size) char space[NSCD_LOOKUP_BUFSIZE]; nss_pheader_t *phdr = (nss_pheader_t *)(void *)argp; - NSCD_ALLOC_LOOKUP_BUFFER(argp, arg_size, phdr, - space, sizeof (space)); + NSCD_ALLOC_LOOKUP_BUFFER(argp, arg_size, phdr, space, sizeof (space)); nss_pgetent(argp, arg_size); @@ -776,7 +798,7 @@ if_selfcred_return_per_user_door(char *argp, size_t arg_size, */ if (per_user_is_on == 1) { rc = need_per_user_door(argp, whoami, - _nscd_get_client_euid(), &dblist); + _nscd_get_client_euid(), &dblist); if (rc == -1) per_user_is_on = 0; } @@ -850,7 +872,7 @@ switcher(void *cookie, char *argp, size_t arg_size, /* make sure the packed buffer header is good */ if (validate_pheader(argp, arg_size, - phdr->nsc_callnumber) == -1) + phdr->nsc_callnumber) == -1) (void) door_return(argp, arg_size, NULL, 0); switch (phdr->nsc_callnumber) { @@ -860,7 +882,7 @@ switcher(void *cookie, char *argp, size_t arg_size, /* if a fallback to main nscd, skip per-user setup */ if (phdr->p_status != NSS_ALTRETRY) if_selfcred_return_per_user_door(argp, arg_size, - dp, _whoami); + dp, _whoami); lookup(argp, arg_size); break; @@ -868,10 +890,10 @@ switcher(void *cookie, char *argp, size_t arg_size, case NSCD_SETENT: _nscd_APP_check_cred(argp, &ent_pid, "NSCD_SETENT", - NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ALERT); + NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ALERT); if (NSCD_STATUS_IS_OK(phdr)) { if_selfcred_return_per_user_door(argp, arg_size, - dp, _whoami); + dp, _whoami); nss_psetent(argp, arg_size, ent_pid); } break; @@ -906,7 +928,7 @@ switcher(void *cookie, char *argp, size_t arg_size, _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) (me, "Unknown name service door call op %x\n", - phdr->nsc_callnumber); + phdr->nsc_callnumber); NSCD_SET_STATUS(phdr, NSS_ERROR, EINVAL); break; @@ -918,7 +940,7 @@ switcher(void *cookie, char *argp, size_t arg_size, iam = NSCD_MAIN; callnum = phdr->nsc_callnumber & ~NSCD_WHOAMI; if (callnum == NSCD_IMHERE || - callnum == NSCD_PULSE || callnum == NSCD_FORK) + callnum == NSCD_PULSE || callnum == NSCD_FORK) iam = phdr->nsc_callnumber & NSCD_WHOAMI; else callnum = phdr->nsc_callnumber; @@ -972,7 +994,7 @@ switcher(void *cookie, char *argp, size_t arg_size, _nscd_peruser_getadmin(argp, sizeof (nscd_admin_t)); } else { NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, - NSCD_SELF_CRED_NOT_CONFIGURED); + NSCD_SELF_CRED_NOT_CONFIGURED); } break; @@ -1014,7 +1036,7 @@ switcher(void *cookie, char *argp, size_t arg_size, default: _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) (me, "Unknown name service door call op %d\n", - phdr->nsc_callnumber); + phdr->nsc_callnumber); NSCD_SET_STATUS(phdr, NSS_ERROR, EINVAL); @@ -1049,9 +1071,8 @@ _nscd_setup_server(char *execname, char **argv) max_servers_set = 1; (void) thr_keycreate(&lookup_state_key, NULL); - (void) sema_init(&common_sema, - frontend_cfg_g.common_worker_threads, - USYNC_THREAD, 0); + (void) sema_init(&common_sema, frontend_cfg_g.common_worker_threads, + USYNC_THREAD, 0); /* Establish server thread pool */ (void) door_server_create(server_create); @@ -1059,7 +1080,7 @@ _nscd_setup_server(char *execname, char **argv) errnum = errno; _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) (me, "thr_keycreate (server thread): %s\n", - strerror(errnum)); + strerror(errnum)); return (-1); } @@ -1077,16 +1098,16 @@ _nscd_setup_server(char *execname, char **argv) return (fd); /* bind to file system */ - if (is_system_labeled()) { + if (is_system_labeled() && (getzoneid() == GLOBAL_ZONEID)) { if (stat(TSOL_NAME_SERVICE_DOOR, &buf) < 0) { int newfd; if ((newfd = creat(TSOL_NAME_SERVICE_DOOR, 0444)) < 0) { errnum = errno; _NSCD_LOG(NSCD_LOG_FRONT_END, - NSCD_LOG_LEVEL_ERROR) + NSCD_LOG_LEVEL_ERROR) (me, "Cannot create %s: %s\n", - TSOL_NAME_SERVICE_DOOR, - strerror(errnum)); + TSOL_NAME_SERVICE_DOOR, + strerror(errnum)); bind_failed = 1; } (void) close(newfd); @@ -1095,10 +1116,9 @@ _nscd_setup_server(char *execname, char **argv) if (errno != EEXIST) { errnum = errno; _NSCD_LOG(NSCD_LOG_FRONT_END, - NSCD_LOG_LEVEL_ERROR) + NSCD_LOG_LEVEL_ERROR) (me, "Cannot symlink %s: %s\n", - NAME_SERVICE_DOOR, - strerror(errnum)); + NAME_SERVICE_DOOR, strerror(errnum)); bind_failed = 1; } } @@ -1108,7 +1128,7 @@ _nscd_setup_server(char *execname, char **argv) errnum = errno; _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) (me, "Cannot create %s: %s\n", NAME_SERVICE_DOOR, - strerror(errnum)); + strerror(errnum)); bind_failed = 1; } (void) close(newfd); @@ -1121,11 +1141,10 @@ _nscd_setup_server(char *execname, char **argv) if (fattach(fd, NAME_SERVICE_DOOR) < 0) { if ((errno != EBUSY) || - (fdetach(NAME_SERVICE_DOOR) < 0) || - (fattach(fd, NAME_SERVICE_DOOR) < 0)) { + (fdetach(NAME_SERVICE_DOOR) < 0) || + (fattach(fd, NAME_SERVICE_DOOR) < 0)) { errnum = errno; - _NSCD_LOG(NSCD_LOG_FRONT_END, - NSCD_LOG_LEVEL_ERROR) + _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) (me, "fattach: %s\n", strerror(errnum)); (void) door_revoke(fd); return (-1); @@ -1136,11 +1155,11 @@ _nscd_setup_server(char *execname, char **argv) * kick off routing socket monitor thread */ if (thr_create(NULL, NULL, - (void *(*)(void *))rts_mon, 0, 0, NULL) != 0) { + (void *(*)(void *))rts_mon, 0, 0, NULL) != 0) { errnum = errno; _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) (me, "thr_create (routing socket monitor): %s\n", - strerror(errnum)); + strerror(errnum)); (void) door_revoke(fd); return (-1); @@ -1190,9 +1209,8 @@ _nscd_setup_child_server(int did) * Keep DOOR_REFUSE_DESC (self-cred nscds don't fork) */ (void) close(did); - if ((fd = door_create(switcher, - NAME_SERVICE_DOOR_COOKIE, - DOOR_REFUSE_DESC|DOOR_UNREF|DOOR_NO_CANCEL)) < 0) { + if ((fd = door_create(switcher, NAME_SERVICE_DOOR_COOKIE, + DOOR_REFUSE_DESC|DOOR_UNREF|DOOR_NO_CANCEL)) < 0) { errnum = errno; _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG) (me, "door_create failed: %s", strerror(errnum)); @@ -1203,11 +1221,11 @@ _nscd_setup_child_server(int did) * kick off routing socket monitor thread */ if (thr_create(NULL, NULL, - (void *(*)(void *))rts_mon, 0, 0, NULL) != 0) { + (void *(*)(void *))rts_mon, 0, 0, NULL) != 0) { errnum = errno; _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) (me, "thr_create (routing socket monitor): %s\n", - strerror(errnum)); + strerror(errnum)); (void) door_revoke(fd); return (-1); } @@ -1257,30 +1275,27 @@ _nscd_cfg_frontend_notify( */ if (_nscd_cfg_flag_is_set(dflag, NSCD_CFG_DFLAG_INIT) || - _nscd_cfg_flag_is_set(dflag, NSCD_CFG_DFLAG_GROUP)) { + _nscd_cfg_flag_is_set(dflag, NSCD_CFG_DFLAG_GROUP)) { /* * group data is received, copy in the * entire strcture */ - if (_nscd_cfg_flag_is_set(pdesc->pflag, - NSCD_CFG_PFLAG_GLOBAL)) - frontend_cfg_g = - *(nscd_cfg_global_frontend_t *)data; + if (_nscd_cfg_flag_is_set(pdesc->pflag, NSCD_CFG_PFLAG_GLOBAL)) + frontend_cfg_g = *(nscd_cfg_global_frontend_t *)data; else frontend_cfg[nswdb->index] = - *(nscd_cfg_frontend_t *)data; + *(nscd_cfg_frontend_t *)data; } else { /* * individual paramater is received: copy in the * parameter value. */ - if (_nscd_cfg_flag_is_set(pdesc->pflag, - NSCD_CFG_PFLAG_GLOBAL)) + if (_nscd_cfg_flag_is_set(pdesc->pflag, NSCD_CFG_PFLAG_GLOBAL)) dp = (char *)&frontend_cfg_g + pdesc->p_offset; else dp = (char *)&frontend_cfg[nswdb->index] + - pdesc->p_offset; + pdesc->p_offset; (void) memcpy(dp, data, pdesc->p_size); } @@ -1335,7 +1350,7 @@ _nscd_init_cache_sema(sema_t *sema, char *cache_name) if (max_servers == 0) max_servers = frontend_cfg_g.common_worker_threads + - frontend_cfg_g.cache_hit_threads; + frontend_cfg_g.cache_hit_threads; for (i = 0; i < NSCD_NUM_DB; i++) { @@ -1383,19 +1398,19 @@ rts_mon(void) if (rdlen <= 0) { if (rdlen == 0 || (errno != EINTR && errno != EAGAIN)) { _NSCD_LOG(NSCD_LOG_FRONT_END, - NSCD_LOG_LEVEL_ERROR) + NSCD_LOG_LEVEL_ERROR) (me, "routing socket read: %s\n", - strerror(errno)); + strerror(errno)); thr_exit(0); } continue; } if (ifam->ifam_version != RTM_VERSION) { _NSCD_LOG(NSCD_LOG_FRONT_END, - NSCD_LOG_LEVEL_ERROR) + NSCD_LOG_LEVEL_ERROR) (me, "rx unknown version (%d) on " - "routing socket.\n", - ifam->ifam_version); + "routing socket.\n", + ifam->ifam_version); continue; } switch (ifam->ifam_type) { @@ -1404,7 +1419,7 @@ rts_mon(void) /* if no ipnodes cache, then nothing to do */ idx = get_cache_idx("ipnodes"); if (cache_ctx_p[idx] == NULL || - cache_ctx_p[idx]->reaper_on != nscd_true) + cache_ctx_p[idx]->reaper_on != nscd_true) break; nsc_invalidate(cache_ctx_p[idx], NULL, NULL); break; diff --git a/usr/src/cmd/nscd/nscd_frontend.h b/usr/src/cmd/nscd/nscd_frontend.h index 48da7c37e3..a42c9f89c4 100644 --- a/usr/src/cmd/nscd/nscd_frontend.h +++ b/usr/src/cmd/nscd/nscd_frontend.h @@ -76,6 +76,7 @@ extern "C" { /* prototypes */ uid_t _nscd_get_client_euid(); +int _nscd_check_client_read_priv(); int _nscd_setup_server(char *execname, char **argv); int _nscd_setup_child_server(int did); int _nscd_get_clearance(sema_t *sema); diff --git a/usr/src/cmd/nscd/nscd_nswstate.c b/usr/src/cmd/nscd/nscd_nswstate.c index 7727acf453..ac5d94d7b9 100644 --- a/usr/src/cmd/nscd/nscd_nswstate.c +++ b/usr/src/cmd/nscd/nscd_nswstate.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -82,13 +82,16 @@ _nscd_free_nsw_state( continue; if (s->getent == 1) (void) NSS_INVOKE_DBOP(s->be[i], - NSS_DBOP_ENDENT, 0); + NSS_DBOP_ENDENT, 0); (void) NSS_INVOKE_DBOP(s->be[i], - NSS_DBOP_DESTRUCTOR, 0); + NSS_DBOP_DESTRUCTOR, 0); } free(s->be); } + if (s->be_constr != NULL) + free(s->be_constr); + s->base = NULL; _NSCD_LOG(NSCD_LOG_NSW_STATE, NSCD_LOG_LEVEL_DEBUG) @@ -144,14 +147,14 @@ _nscd_free_all_nsw_state_base() base = nscd_nsw_state_base[i]; _NSCD_LOG(NSCD_LOG_NSW_STATE | NSCD_LOG_CONFIG, - NSCD_LOG_LEVEL_DEBUG) + NSCD_LOG_LEVEL_DEBUG) (me, "freeing db state base (%d) %p \n", i, base); if (base == NULL) continue; nscd_nsw_state_base[i] = (nscd_nsw_state_base_t *) - _nscd_set((nscd_acc_data_t *)base, NULL); + _nscd_set((nscd_acc_data_t *)base, NULL); } (void) rw_unlock(&nscd_nsw_state_base_lock); } @@ -203,6 +206,19 @@ _nscd_create_nsw_state( (me, "db be array %p allocated\n", s->be); } + s->be_constr = (nss_backend_constr_t *)calloc(s->max_src, + sizeof (nss_backend_constr_t)); + if (s->be_constr == NULL) { + _NSCD_LOG(NSCD_LOG_NSW_STATE, NSCD_LOG_LEVEL_ERROR) + (me, "not able to allocate s->be_constr\n"); + + _nscd_free_nsw_state(s); + return (NULL); + } else { + _NSCD_LOG(NSCD_LOG_NSW_STATE, NSCD_LOG_LEVEL_DEBUG) + (me, "db be constructor array %p allocated\n", s->be_constr); + } + s->be_db_pp = calloc(s->max_src, sizeof (nscd_db_t ***)); if (s->be_db_pp == NULL) { _NSCD_LOG(NSCD_LOG_NSW_STATE, NSCD_LOG_LEVEL_ERROR) @@ -241,7 +257,7 @@ _nscd_create_nsw_state( (me, "source name = %s, index = %d\n", srcn, srci); be_db_p = (nscd_db_t **)_nscd_get( - (nscd_acc_data_t *)nscd_src_backend_db[srci]); + (nscd_acc_data_t *)nscd_src_backend_db[srci]); if (be_db_p == NULL) { _nscd_free_nsw_state(s); return (NULL); @@ -255,7 +271,7 @@ _nscd_create_nsw_state( be = NULL; dbn = params->p.name; dbe = _nscd_get_db_entry(be_db, NSCD_DATA_BACKEND_INFO, - (const char *)dbn, NSCD_GET_FIRST_DB_ENTRY, 0); + (const char *)dbn, NSCD_GET_FIRST_DB_ENTRY, 0); if (dbe != NULL) be_info = (nscd_be_info_t *)*(dbe->data_array); @@ -263,15 +279,19 @@ _nscd_create_nsw_state( _NSCD_LOG(NSCD_LOG_NSW_STATE, NSCD_LOG_LEVEL_DEBUG) (me, "no backend info or be_constr is NULL " "for <%s : %s>\n", NSCD_NSW_SRC_NAME(srci), - dbn); - } else + dbn); + } else { + s->be_constr[i] = be_info->be_constr; be = (be_info->be_constr)(dbn, - NSCD_NSW_SRC_NAME(srci), 0); + NSCD_NSW_SRC_NAME(srci), 0); + if (be == NULL) + s->recheck_be = nscd_true; + } if (be == NULL) { _NSCD_LOG(NSCD_LOG_NSW_STATE, NSCD_LOG_LEVEL_ERROR) (me, "not able to init be for <%s : %s>\n", - NSCD_NSW_SRC_NAME(srci), dbn); + NSCD_NSW_SRC_NAME(srci), dbn); _NSCD_LOG(NSCD_LOG_NSW_STATE, NSCD_LOG_LEVEL_DEBUG) (me, "releasing db be ptr %p\n", be_db_p); @@ -297,6 +317,48 @@ _nscd_create_nsw_state( return (s); } +/* + * Try to initialize the backend instances one more time + * in case the dependencies the backend libraries depend + * on are now available + */ +static void +check_be_array( + nscd_nsw_state_t *s) +{ + int i; + char *dbn; + char *srcn; + struct __nsw_lookup_v1 *lkp; + + dbn = NSCD_NSW_DB_NAME(s->dbi); + + s->recheck_be = nscd_false; + for (i = 0; i < s->max_src; i++) { + + if (i == 0) + lkp = s->config->lookups; + else + lkp = lkp->next; + if (lkp == NULL) + return; + + srcn = lkp->service_name; + + /* + * it is possible that 's->be[i]' could not be + * initialized earlier due to a dependency not + * yet available (e.g., nis on domain name), + * try to initialize one more time + */ + if (s->be[i] == NULL && s->be_constr[i] != NULL) { + s->be[i] = (s->be_constr[i])(dbn, srcn, 0); + if (s->be[i] == NULL) + s->recheck_be = nscd_true; + } + } +} + static nscd_rc_t _get_nsw_state_int( nss_db_root_t *rootp, @@ -322,13 +384,13 @@ _get_nsw_state_int( */ if (params->p.flags & NSS_USE_DEFAULT_CONFIG) { rc = _nscd_create_sw_struct(dbi, -1, (char *)params->p.name, - (char *)params->p.default_config, NULL, params); + (char *)params->p.default_config, NULL, params); if (rc != NSCD_SUCCESS) return (rc); _NSCD_LOG(NSCD_LOG_NSW_STATE, NSCD_LOG_LEVEL_DEBUG) (me, "no base nsw config created for %s (sources: %s)\n", - params->p.name, params->p.default_config); + params->p.name, params->p.default_config); ret = _nscd_create_nsw_state(params); if (ret == NULL) @@ -351,7 +413,7 @@ _get_nsw_state_int( dbi = i; nswcfg = (nscd_nsw_config_t **)_nscd_get( - (nscd_acc_data_t *)nscd_nsw_config[i]); + (nscd_acc_data_t *)nscd_nsw_config[i]); /* * if nsw data structures not created yet, get the @@ -360,26 +422,26 @@ _get_nsw_state_int( */ if (nswcfg == NULL) { nswcfg1 = (nscd_nsw_config_t **)_nscd_get( - (nscd_acc_data_t *)nscd_nsw_config[params->cfgdbi]); + (nscd_acc_data_t *)nscd_nsw_config[params->cfgdbi]); if (nswcfg1 == NULL) { _NSCD_LOG(NSCD_LOG_NSW_STATE, - NSCD_LOG_LEVEL_ERROR) + NSCD_LOG_LEVEL_ERROR) (me, "no nsw config for %s\n", - params->p.name); + params->p.name); return (NSCD_CREATE_NSW_STATE_FAILED); } rc = _nscd_create_sw_struct(i, params->cfgdbi, - params->p.name, (*nswcfg1)->nsw_cfg_str, - NULL, params); + params->p.name, (*nswcfg1)->nsw_cfg_str, + NULL, params); _nscd_release((nscd_acc_data_t *)nswcfg1); if (rc != NSCD_SUCCESS) return (rc); _NSCD_LOG(NSCD_LOG_NSW_STATE, - NSCD_LOG_LEVEL_DEBUG) + NSCD_LOG_LEVEL_DEBUG) (me, "nsw config created for %s (%s)\n", - params->p.name, (*nswcfg1)->nsw_cfg_str); + params->p.name, (*nswcfg1)->nsw_cfg_str); } else _nscd_release((nscd_acc_data_t *)nswcfg); } @@ -397,7 +459,7 @@ _get_nsw_state_int( * is available' signal. */ assert(base == (nscd_nsw_state_base_t *)_nscd_mutex_lock( - (nscd_acc_data_t *)base)); + (nscd_acc_data_t *)base)); if (tid == NULL) { ctrl_p = &base->nsw_state; @@ -410,13 +472,14 @@ _get_nsw_state_int( _nscd_logit(me, "tid = %d\n", *tid); _nscd_logit(me, "tid in base = %d\n", base->tid); _nscd_logit(me, "number of free nsw_state = %d\n", - ctrl_p->free); + ctrl_p->free); _nscd_logit(me, "number of nsw state allocated = %d\n", - ctrl_p->allocated); + ctrl_p->allocated); _nscd_logit(me, "first nsw state on list = %p\n", - ctrl_p->first); + ctrl_p->first); _nscd_logit(me, "number of waiter = %d\n", - ctrl_p->waiter); + ctrl_p->waiter); + } } @@ -432,20 +495,20 @@ _get_nsw_state_int( while (wait_cond) { if (!thread_only) _NSCD_LOG(NSCD_LOG_NSW_STATE, - NSCD_LOG_LEVEL_DEBUG) + NSCD_LOG_LEVEL_DEBUG) (me, "waiting for nsw state signal\n"); else _NSCD_LOG(NSCD_LOG_NSW_STATE, - NSCD_LOG_LEVEL_DEBUG) + NSCD_LOG_LEVEL_DEBUG) (me, "waiting for per thread " "nsw state signal\n"); if (thread_only) { _nscd_cond_wait((nscd_acc_data_t *)base, - &base->thr_cond); + &base->thr_cond); if (base->used_by_thr == 0 && - ctrl_p->first != NULL) + ctrl_p->first != NULL) wait_cond = 0; } else { _nscd_cond_wait((nscd_acc_data_t *)base, NULL); @@ -456,15 +519,15 @@ _get_nsw_state_int( if (!thread_only) _NSCD_LOG(NSCD_LOG_NSW_STATE, - NSCD_LOG_LEVEL_DEBUG) + NSCD_LOG_LEVEL_DEBUG) (me, "woke from cond wait ...wait_cond = %d\n", - wait_cond); + wait_cond); else _NSCD_LOG(NSCD_LOG_NSW_STATE, - NSCD_LOG_LEVEL_DEBUG) + NSCD_LOG_LEVEL_DEBUG) (me, "woke from cond wait (per thread) " - "...wait_cond = %d\n", wait_cond); + "...wait_cond = %d\n", wait_cond); } @@ -485,10 +548,10 @@ _get_nsw_state_int( geti = params->dbi; params->nswcfg = (nscd_nsw_config_t **)_nscd_get( - (nscd_acc_data_t *)nscd_nsw_config[geti]); + (nscd_acc_data_t *)nscd_nsw_config[geti]); _NSCD_LOG(NSCD_LOG_NSW_STATE, NSCD_LOG_LEVEL_DEBUG) (me, "got a nsw config %p for index %d\n", - params->nswcfg, geti); + params->nswcfg, geti); ctrl_p->first = _nscd_create_nsw_state(params); if (ctrl_p->first != NULL) { @@ -496,13 +559,13 @@ _get_nsw_state_int( if (tid == NULL) { _NSCD_LOG(NSCD_LOG_NSW_STATE, - NSCD_LOG_LEVEL_DEBUG) + NSCD_LOG_LEVEL_DEBUG) (me, "got a new nsw_state %p\n", ctrl_p->first); } else { _NSCD_LOG(NSCD_LOG_NSW_STATE, - NSCD_LOG_LEVEL_DEBUG) + NSCD_LOG_LEVEL_DEBUG) (me, "got a new per thread nsw_state %p\n", - ctrl_p->first); + ctrl_p->first); } ctrl_p->allocated++; ctrl_p->free++; @@ -515,6 +578,8 @@ _get_nsw_state_int( } ret = ctrl_p->first; + if (ret->recheck_be == nscd_true) + check_be_array(ret); ctrl_p->first = ret->next; ret->next = NULL; ctrl_p->free--; @@ -528,13 +593,13 @@ _get_nsw_state_int( _nscd_logit(me, "tid = %d\n", *tid); _nscd_logit(me, "tid in base = %d\n", base->tid); _nscd_logit(me, "number of free nsw_state = %d\n", - ctrl_p->free); + ctrl_p->free); _nscd_logit(me, "number od nsw state allocated = %d\n", - ctrl_p->allocated); + ctrl_p->allocated); _nscd_logit(me, "first nsw state on list = %p\n", - ctrl_p->first); + ctrl_p->first); _nscd_logit(me, "number of waiter = %d\n", - ctrl_p->waiter); + ctrl_p->waiter); } } else @@ -621,13 +686,12 @@ _put_nsw_state_int( _nscd_logit(me, "tid = %d\n", (tid == NULL) ? -1 : *tid); _nscd_logit(me, "tid in base = %d\n", base->tid); _nscd_logit(me, "number of free nsw_state = %d\n", - ctrl_p->free); + ctrl_p->free); _nscd_logit(me, "number od nsw state allocated = %d\n", - ctrl_p->allocated); + ctrl_p->allocated); _nscd_logit(me, "first nsw state on list = %p\n", - ctrl_p->first); - _nscd_logit(me, "number of waiter = %d\n", - ctrl_p->waiter); + ctrl_p->first); + _nscd_logit(me, "number of waiter = %d\n", ctrl_p->waiter); } if (ctrl_p->first != NULL) { @@ -660,18 +724,17 @@ _put_nsw_state_int( _nscd_logit(me, "tid = %d\n", (tid == NULL) ? -1 : *tid); _nscd_logit(me, "tid in base = %d\n", base->tid); _nscd_logit(me, "number of free nsw_state = %d\n", - ctrl_p->free); + ctrl_p->free); _nscd_logit(me, "number od nsw state allocated = %d\n", - ctrl_p->allocated); + ctrl_p->allocated); _nscd_logit(me, "first nsw state on list = %p\n", - ctrl_p->first); - _nscd_logit(me, "tnumber of waiter = %d\n", - ctrl_p->waiter); + ctrl_p->first); + _nscd_logit(me, "tnumber of waiter = %d\n", ctrl_p->waiter); } _NSCD_LOG(NSCD_LOG_NSW_STATE, NSCD_LOG_LEVEL_DEBUG) (me, "done putting back nsw state %p, thread_only = %d\n", - s, thread_only); + s, thread_only); _nscd_mutex_unlock((nscd_acc_data_t *)base); @@ -706,21 +769,20 @@ _nscd_init_nsw_state_base( (void) rw_rdlock(&nscd_nsw_state_base_lock); base = (nscd_nsw_state_base_t *)_nscd_alloc( - NSCD_DATA_NSW_STATE_BASE, - sizeof (nscd_nsw_state_base_t), - _nscd_free_nsw_state_base, - NSCD_ALLOC_MUTEX | NSCD_ALLOC_COND); + NSCD_DATA_NSW_STATE_BASE, + sizeof (nscd_nsw_state_base_t), + _nscd_free_nsw_state_base, + NSCD_ALLOC_MUTEX | NSCD_ALLOC_COND); if (base == NULL) { _NSCD_LOG(NSCD_LOG_NSW_STATE | NSCD_LOG_CONFIG, - NSCD_LOG_LEVEL_ERROR) + NSCD_LOG_LEVEL_ERROR) (me, "not able to allocate a nsw state base\n"); if (lock) (void) rw_unlock(&nscd_nsw_state_base_lock); return (NSCD_NO_MEMORY); } - _NSCD_LOG(NSCD_LOG_NSW_STATE | NSCD_LOG_CONFIG, - NSCD_LOG_LEVEL_DEBUG) + _NSCD_LOG(NSCD_LOG_NSW_STATE | NSCD_LOG_CONFIG, NSCD_LOG_LEVEL_DEBUG) (me, "nsw state base %p allocated\n", base); /* @@ -736,8 +798,8 @@ _nscd_init_nsw_state_base( base->nsw_state_thr.max = NSCD_SW_CFG(cfgdbi).max_nsw_state_per_thread; nscd_nsw_state_base[dbi] = (nscd_nsw_state_base_t *)_nscd_set( - (nscd_acc_data_t *)nscd_nsw_state_base[dbi], - (nscd_acc_data_t *)base); + (nscd_acc_data_t *)nscd_nsw_state_base[dbi], + (nscd_acc_data_t *)base); if (lock) (void) rw_unlock(&nscd_nsw_state_base_lock); @@ -760,16 +822,15 @@ _nscd_init_all_nsw_state_base() if (rc != NSCD_SUCCESS) { _NSCD_LOG(NSCD_LOG_NSW_STATE | NSCD_LOG_CONFIG, - NSCD_LOG_LEVEL_ERROR) + NSCD_LOG_LEVEL_ERROR) (me, "not able to initialize a nsw db state " - "base (%d)\n", i); + "base (%d)\n", i); (void) rw_unlock(&nscd_nsw_state_base_lock); return (rc); } } - _NSCD_LOG(NSCD_LOG_NSW_STATE | NSCD_LOG_CONFIG, - NSCD_LOG_LEVEL_DEBUG) + _NSCD_LOG(NSCD_LOG_NSW_STATE | NSCD_LOG_CONFIG, NSCD_LOG_LEVEL_DEBUG) (me, "all nsw state base initialized\n"); (void) rw_unlock(&nscd_nsw_state_base_lock); @@ -784,7 +845,7 @@ _nscd_alloc_nsw_state_base() (void) rw_rdlock(&nscd_nsw_state_base_lock); nscd_nsw_state_base = calloc(NSCD_NUM_DB, - sizeof (nscd_nsw_state_base_t *)); + sizeof (nscd_nsw_state_base_t *)); if (nscd_nsw_state_base == NULL) { (void) rw_unlock(&nscd_nsw_state_base_lock); return (NSCD_NO_MEMORY); diff --git a/usr/src/cmd/nscd/nscd_switch.c b/usr/src/cmd/nscd/nscd_switch.c index 22632003dd..365fffa084 100644 --- a/usr/src/cmd/nscd/nscd_switch.c +++ b/usr/src/cmd/nscd/nscd_switch.c @@ -55,7 +55,7 @@ retry_test(nss_status_t res, int n, struct __nsw_lookup_v1 *lkp) if (res == NSS_SUCCESS) { __NSW_UNPAUSE_ACTION(lkp->actions[__NSW_TRYAGAIN]); __NSW_UNPAUSE_ACTION( - lkp->actions[__NSW_NISSERVDNS_TRYAGAIN]); + lkp->actions[__NSW_NISSERVDNS_TRYAGAIN]); } return (0); } @@ -224,10 +224,10 @@ getparams( if (*n != 'h' && *n != 'i' && *n != 's' && *n != 'a') break; if (strcmp(n, NSS_DBNAM_HOSTS) == 0 && - search_fnum == NSS_DBOP_HOSTS_BYNAME) + search_fnum == NSS_DBOP_HOSTS_BYNAME) params->dnsi = 0; else if (strcmp(n, NSS_DBNAM_IPNODES) == 0 && - search_fnum == NSS_DBOP_IPNODES_BYNAME) + search_fnum == NSS_DBOP_IPNODES_BYNAME) params->dnsi = 1; else if (strcmp(n, NSS_DBNAM_SHADOW) == 0) params->privdb = 1; @@ -299,7 +299,7 @@ nscd_initf(nss_db_params_t *p) if (pbuf->dbd_len <= sizeof (nss_dbd_t)) { _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "invalid db front params data ? dbd_len = %d\n", - pbuf->dbd_len); + pbuf->dbd_len); return; } @@ -315,11 +315,11 @@ nscd_initf(nss_db_params_t *p) _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "db frontend params: name =%s, config_name = %s, " "default_config = %s, flags = %x\n", p->name, - (p->config_name && *p->config_name != '\0' ? - p->config_name : "<NOT SPECIFIED>"), - (p->default_config && *p->default_config != '\0' ? - p->default_config : "<NOT SPECIFIED>"), - p->flags); + (p->config_name && *p->config_name != '\0' ? + p->config_name : "<NOT SPECIFIED>"), + (p->default_config && *p->default_config != '\0' ? + p->default_config : "<NOT SPECIFIED>"), + p->flags); } @@ -363,23 +363,22 @@ trace_result( src = NSCD_NSW_SRC_NAME(srci); if (res == NSS_SUCCESS) { - _nscd_logit(me, -"%s: database: %s, operation: %d, source: %s returned >>%s<<, length = %d\n", - res_str, db, op, src, arg->buf.buffer, arg->returnlen); - + _nscd_logit(me, "%s: database: %s, operation: %d, " + "source: %s returned >>%s<<, length = %d\n", + res_str, db, op, src, arg->buf.buffer, arg->returnlen); return; } - _nscd_logit(me, -"%s: database: %s, operation: %d, source: %s, erange= %d, errno: %s \n", - res_str, db, op, src, arg->erange, strerror(arg->h_errno)); + _nscd_logit(me, "%s: database: %s, operation: %d, source: %s, " + "erange= %d, errno: %s \n", + res_str, db, op, src, arg->erange, strerror(arg->h_errno)); } /* * Determine if a request should be done locally in the getXbyY caller's * process. Return none zero if yes, 0 otherwise. This should be called * before the switch engine steps through the backends/sources. - * This function returnis 1 if: + * This function returns 1 if: * -- the database is exec_attr and the search_flag is GET_ALL */ static int @@ -393,8 +392,7 @@ try_local( char *me = "try_local"; if (strcmp(NSCD_NSW_DB_NAME(dbi), NSS_DBNAM_EXECATTR) == 0) { - if ((ep = ap->key.attrp) != NULL && - ep->search_flag == GET_ALL) + if ((ep = ap->key.attrp) != NULL && ep->search_flag == GET_ALL) rc = 1; } @@ -411,7 +409,7 @@ try_local( * Determine if a request should be done locally in the getXbyY caller's * process. Return none zero if yes, 0 otherwise. This should be called * before the switch engine invokes any backend. - * This function returnis 1 if: + * This function returns 1 if: * -- the database is shadow and the source is nisplus */ static int @@ -423,7 +421,7 @@ try_local2( char *me = "try_local2"; if (*NSCD_NSW_DB_NAME(dbi) == 's' && - strcmp(NSCD_NSW_DB_NAME(dbi), NSS_DBNAM_SHADOW) == 0) { + strcmp(NSCD_NSW_DB_NAME(dbi), NSS_DBNAM_SHADOW) == 0) { if (strcmp(NSCD_NSW_SRC_NAME(srci), "nisplus") == 0) rc = 1; } @@ -474,8 +472,7 @@ get_gss_func(void **func_p) if (handle == NULL) { handle = dlopen("libgss.so.1", RTLD_LAZY); if (handle == NULL) { - _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, - NSCD_LOG_LEVEL_ERROR) + _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_ERROR) (me, "unable to dlopen libgss.so.1\n"); (void) mutex_unlock(&func_lock); return (NSCD_CFG_DLOPEN_ERROR); @@ -535,8 +532,7 @@ get_dns_funcs(int dnsi, void **func_p) if (handle == NULL) { handle = dlopen("nss_dns.so.1", RTLD_LAZY); if (handle == NULL) { - _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, - NSCD_LOG_LEVEL_ERROR) + _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_ERROR) (me, "unable to dlopen nss_dns.so.1\n"); (void) mutex_unlock(&func_lock); return (NSCD_CFG_DLOPEN_ERROR); @@ -611,8 +607,8 @@ nss_search(nss_db_root_t *rootp, nss_db_initf_t initf, int search_fnum, _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "rootp = %p, initf = %p, search_fnum = %d, " - "search_args = %p\n", rootp, initf, - search_fnum, search_args); + "search_args = %p\n", rootp, initf, + search_fnum, search_args); NSCD_SW_STATS_G.lookup_request_received_g++; NSCD_SW_STATS_G.lookup_request_in_progress_g++; @@ -620,7 +616,7 @@ nss_search(nss_db_root_t *rootp, nss_db_initf_t initf, int search_fnum, /* determine db index, cfg db index, etc */ if (getparams(search_fnum, initf, ¶ms) == - NSCD_CFG_UNSUPPORTED_SWITCH_DB) { + NSCD_CFG_UNSUPPORTED_SWITCH_DB) { /* * if unsupported database and the request is from the * the door, tell the door client to try it locally @@ -655,7 +651,7 @@ nss_search(nss_db_root_t *rootp, nss_db_initf_t initf, int search_fnum, /* if lookup not enabled, return NSS_UNAVAIL */ if (!(NSCD_SW_CFG_G.enable_lookup_g == nscd_true && - NSCD_SW_CFG(dbi).enable_lookup == nscd_true)) { + NSCD_SW_CFG(dbi).enable_lookup == nscd_true)) { _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "lookup not enabled for %s\n", NSCD_NSW_DB_NAME(dbi)); @@ -665,12 +661,12 @@ nss_search(nss_db_root_t *rootp, nss_db_initf_t initf, int search_fnum, /* determine if loopback checking is configured */ if (NSCD_SW_CFG_G.enable_loopback_checking_g == nscd_true && - NSCD_SW_CFG(dbi).enable_loopback_checking == nscd_true) { + NSCD_SW_CFG(dbi).enable_loopback_checking == nscd_true) { check_loopback = 1; _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "loopback checking enabled for %s\n", - NSCD_NSW_DB_NAME(dbi)); + NSCD_NSW_DB_NAME(dbi)); } if (check_loopback) { @@ -703,7 +699,7 @@ nss_search(nss_db_root_t *rootp, nss_db_initf_t initf, int search_fnum, _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "database = %s, config = >>%s<<\n", NSCD_NSW_DB_NAME(dbi), - (*s->nsw_cfg_p)->nsw_cfg_str); + (*s->nsw_cfg_p)->nsw_cfg_str); for (n_src = 0; n_src < s->max_src; n_src++) { nss_backend_t *be; @@ -733,10 +729,9 @@ nss_search(nss_db_root_t *rootp, nss_db_initf_t initf, int search_fnum, /* if no privilege to look up, skip */ if (params.privdb == 1 && swret != NULL && - strcmp(NSCD_NSW_SRC_NAME(srci), "files") == 0 && - _nscd_get_client_euid() != 0) { - _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, - NSCD_LOG_LEVEL_DEBUG) + strcmp(NSCD_NSW_SRC_NAME(srci), "files") == 0 && + _nscd_check_client_read_priv() != 0) { + _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "no privilege to look up, skip source\n"); goto next_src; @@ -747,9 +742,8 @@ nss_search(nss_db_root_t *rootp, nss_db_initf_t initf, int search_fnum, /* stop if the source is one that should be TRYLOCAL */ if (smf_state == NSCD_SVC_STATE_UNKNOWN_SRC || - (params.privdb && try_local2(dbi, srci) == 1)) { - _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, - NSCD_LOG_LEVEL_DEBUG) + (params.privdb && try_local2(dbi, srci) == 1)) { + _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "returning TRYLOCAL ... \n"); res = NSS_TRYLOCAL; goto free_nsw_state; @@ -761,12 +755,12 @@ nss_search(nss_db_root_t *rootp, nss_db_initf_t initf, int search_fnum, if (k->fnum == search_fnum) { _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, - NSCD_LOG_LEVEL_DEBUG) + NSCD_LOG_LEVEL_DEBUG) (me, "loopback detected: " - "source = %s, database = %s " - "search fnum = %d\n", - NSCD_NSW_SRC_NAME(srci), - NSCD_NSW_DB_NAME(dbi), search_fnum); + "source = %s, database = %s " + "search fnum = %d\n", + NSCD_NSW_SRC_NAME(srci), + NSCD_NSW_DB_NAME(dbi), search_fnum); NSCD_SW_STATS_G.loopback_nsw_db_skipped_g++; NSCD_SW_STATS(dbi).loopback_nsw_db_skipped++; @@ -779,14 +773,14 @@ nss_search(nss_db_root_t *rootp, nss_db_initf_t initf, int search_fnum, funcp = NSS_LOOKUP_DBOP(be, search_fnum); if ((params.dnsi >= 0 && be == 0) || (params.dnsi < 0 && - (be == 0 || (smf_state != NSCD_SVC_STATE_UNINITED && - smf_state < SCF_STATE_ONLINE) || funcp == 0))) { + (be == 0 || (smf_state != NSCD_SVC_STATE_UNINITED && + smf_state < SCF_STATE_ONLINE) || funcp == 0))) { _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, - NSCD_LOG_LEVEL_DEBUG) + NSCD_LOG_LEVEL_DEBUG) (me, "unable to look up source %s: be = %p, " "smf state = %d, funcp = %p\n", - NSCD_NSW_SRC_NAME(srci), be, smf_state, funcp); + NSCD_NSW_SRC_NAME(srci), be, smf_state, funcp); goto next_src; } @@ -816,9 +810,9 @@ nss_search(nss_db_root_t *rootp, nss_db_initf_t initf, int search_fnum, } _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, - NSCD_LOG_LEVEL_DEBUG) + NSCD_LOG_LEVEL_DEBUG) (me, "looking up source = %s, loop# = %d \n", - NSCD_NSW_SRC_NAME(srci), n_loop); + NSCD_NSW_SRC_NAME(srci), n_loop); /* * search the backend, if hosts lookups, @@ -826,8 +820,7 @@ nss_search(nss_db_root_t *rootp, nss_db_initf_t initf, int search_fnum, */ if (params.dnsi >= 0) { res = search_dns_withttl(swret, - NSCD_NSW_SRC_NAME(srci), - params.dnsi); + NSCD_NSW_SRC_NAME(srci), params.dnsi); /* * if not able to get ttl, fall back * to the regular backend call @@ -860,10 +853,10 @@ nss_search(nss_db_root_t *rootp, nss_db_initf_t initf, int search_fnum, */ if (_whoami == NSCD_CHILD && swret != NULL) swret->fallback = set_fallback_flag( - NSCD_NSW_SRC_NAME(srci), res); + NSCD_NSW_SRC_NAME(srci), res); _NSCD_LOG_IF(NSCD_LOG_SWITCH_ENGINE, - NSCD_LOG_LEVEL_DEBUG) { + NSCD_LOG_LEVEL_DEBUG) { /* * set up to trace the result/status @@ -873,10 +866,10 @@ nss_search(nss_db_root_t *rootp, nss_db_initf_t initf, int search_fnum, nss_pheader_t *phdr; struct nss_XbyY_args *arg; arg = (struct nss_XbyY_args *) - search_args; + search_args; phdr = (nss_pheader_t *)swret->pbuf; arg->buf.buffer = (char *)phdr + - phdr->data_off; + phdr->data_off; arg->returnlen = phdr->data_len; if (phdr->p_errno == ERANGE) arg->erange = 1; @@ -884,7 +877,7 @@ nss_search(nss_db_root_t *rootp, nss_db_initf_t initf, int search_fnum, } trace_result(dbi, srci, search_fnum, res, - (nss_XbyY_args_t *)search_args); + (nss_XbyY_args_t *)search_args); } n_loop++; @@ -1011,7 +1004,7 @@ nss_setent_u(nss_db_root_t *rootp, nss_db_initf_t initf, _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "rootp = %p, initf = %p, contextpp = %p \n", - rootp, initf, contextpp); + rootp, initf, contextpp); /* * Get the nsw db index via the initf function. If unsupported @@ -1026,7 +1019,7 @@ nss_setent_u(nss_db_root_t *rootp, nss_db_initf_t initf, /* if no privilege to look up, return */ if (params.privdb == 1 && swret != NULL && - ((nss_pheader_t *)(swret->pbuf))->p_euid != 0) { + _nscd_check_client_read_priv() != 0) { _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "no privilege \n"); @@ -1035,7 +1028,7 @@ nss_setent_u(nss_db_root_t *rootp, nss_db_initf_t initf, if ((contextp = (nscd_getent_context_t *)contextpp->ctx) == 0) { if ((_nscd_get_getent_ctx(contextpp, ¶ms)) != - NSCD_SUCCESS) { + NSCD_SUCCESS) { return; } contextp = (nscd_getent_context_t *)contextpp->ctx; @@ -1044,7 +1037,7 @@ nss_setent_u(nss_db_root_t *rootp, nss_db_initf_t initf, if (s == 0) { if (_nscd_get_nsw_state(&root, ¶ms) != - NSCD_SUCCESS) { + NSCD_SUCCESS) { return; } s = (nscd_nsw_state_t *)root.s; @@ -1069,7 +1062,7 @@ nss_setent_u(nss_db_root_t *rootp, nss_db_initf_t initf, } } for (n_src = 0, be = 0; n_src < s->max_src && - (be = s->be[n_src]) == 0; n_src++) { + (be = s->be[n_src]) == 0; n_src++) { ; } @@ -1091,14 +1084,14 @@ nss_setent_u(nss_db_root_t *rootp, nss_db_initf_t initf, srci = (*s->nsw_cfg_p)->src_idx[i]; st = _nscd_get_smf_state(srci, params.dbi, 1); if (st == NSCD_SVC_STATE_UNKNOWN_SRC || - st == NSCD_SVC_STATE_UNINITED || (params.privdb && - try_local2(params.dbi, srci) == 1)) { + st == NSCD_SVC_STATE_UNINITED || (params.privdb && + try_local2(params.dbi, srci) == 1)) { nss_endent_u(rootp, initf, contextpp); _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, - NSCD_LOG_LEVEL_DEBUG) + NSCD_LOG_LEVEL_DEBUG) (me, "backend (%s) not available (state = %d)\n", - NSCD_NSW_SRC_NAME(srci), st); + NSCD_NSW_SRC_NAME(srci), st); return; } @@ -1119,14 +1112,14 @@ nss_getent_u(nss_db_root_t *rootp, nss_db_initf_t initf, _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "rootp = %p, initf = %p, contextpp = %p, args = %p\n", - rootp, initf, contextpp, args); + rootp, initf, contextpp, args); if ((contextp = (nscd_getent_context_t *)contextpp->ctx) == 0) { nss_setent_u(rootp, initf, contextpp); if ((contextp = (nscd_getent_context_t *)contextpp->ctx) == 0) { /* Give up */ _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, - NSCD_LOG_LEVEL_ERROR) + NSCD_LOG_LEVEL_ERROR) (me, "not able to obtain getent context ... give up\n"); return (NSS_UNAVAIL); @@ -1161,11 +1154,11 @@ nss_getent_u(nss_db_root_t *rootp, nss_db_initf_t initf, res = NSS_UNAVAIL; } else { _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, - NSCD_LOG_LEVEL_DEBUG) + NSCD_LOG_LEVEL_DEBUG) (me, "database: %s, backend: %s, nsswitch config: %s\n", - NSCD_NSW_DB_NAME(s->dbi), - lkp->service_name, - (*s->nsw_cfg_p)->nsw_cfg_str); + NSCD_NSW_DB_NAME(s->dbi), + lkp->service_name, + (*s->nsw_cfg_p)->nsw_cfg_str); res = NSS_INVOKE_DBOP(be, NSS_DBOP_GETENT, args); } @@ -1173,7 +1166,7 @@ nss_getent_u(nss_db_root_t *rootp, nss_db_initf_t initf, if (__NSW_ACTION_V1(lkp, res) == __NSW_RETURN) { if (res != __NSW_SUCCESS) { end_iter_u(rootp, - (struct nss_getent_context *)contextp); + (struct nss_getent_context *)contextp); } return (res); } @@ -1181,7 +1174,7 @@ nss_getent_u(nss_db_root_t *rootp, nss_db_initf_t initf, do { n_src++; } while (n_src < s->max_src && - (be = s->be[n_src]) == 0); + (be = s->be[n_src]) == 0); if (be == 0) { /* * This is the case where we failed to get the backend @@ -1210,7 +1203,7 @@ nss_endent_u(nss_db_root_t *rootp, nss_db_initf_t initf, _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "rootp = %p, initf = %p, contextpp = %p \n", - rootp, initf, contextpp); + rootp, initf, contextpp); if ((contextp = (nscd_getent_context_t *)contextpp->ctx) == 0) { /* nss_endent() on an unused context is a no-op */ @@ -1274,7 +1267,7 @@ nss_psearch(void *buffer, size_t length) } status = nss_packed_arg_init(buffer, length, - NULL, &initf, &dbop, &arg); + NULL, &initf, &dbop, &arg); if (status != NSS_SUCCESS) { NSCD_RETURN_STATUS(pbuf, status, -1); } @@ -1316,10 +1309,10 @@ nss_psearch(void *buffer, size_t length) rc = get_gss_func((void **)&func); if (rc == NSCD_SUCCESS) { if (func(&stat, GSS_C_NO_CREDENTIAL, - NULL, NULL, NULL, NULL) != GSS_S_COMPLETE) { + NULL, NULL, NULL, NULL) != GSS_S_COMPLETE) { _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, - NSCD_LOG_LEVEL_DEBUG) + NSCD_LOG_LEVEL_DEBUG) (me, "NSS_ALTRETRY: fallback to main nscd needed\n"); status = NSS_ALTRETRY; @@ -1340,8 +1333,8 @@ nss_psearch(void *buffer, size_t length) _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "switch engine result: source is %s, status %d, " "herrno is %d, errno is %s\n", - (swret.srci != -1) ? NSCD_NSW_SRC_NAME(swret.srci) : "<NOTSET>", - pbuf->p_status, pbuf->p_herrno, strerror(pbuf->p_errno)); + (swret.srci != -1) ? NSCD_NSW_SRC_NAME(swret.srci) : "<NOTSET>", + pbuf->p_status, pbuf->p_herrno, strerror(pbuf->p_errno)); /* clear the TSD key used by the generic initf */ clear_initf_key(); @@ -1390,14 +1383,14 @@ nscd_map_contextp(void *buffer, nss_getent_t *contextp, */ if (cookie->p1_seqnum == NSCD_P0_COOKIE_SEQNUM) { nscd_getent_p0_cookie_t *p0c = - (nscd_getent_p0_cookie_t *)cookie; + (nscd_getent_p0_cookie_t *)cookie; if (p0c->p0_time == _nscd_get_start_time()) NSCD_RETURN_STATUS_SUCCESS(pbuf); } _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "cookie # = %lld, sequence # = %lld\n", - cookie->p1_cookie_num, cookie->p1_seqnum); + cookie->p1_cookie_num, cookie->p1_seqnum); ctx = _nscd_is_getent_ctx(cookie->p1_cookie_num); @@ -1410,7 +1403,7 @@ nscd_map_contextp(void *buffer, nss_getent_t *contextp, /* if not called by nss_psetent, verify sequence number */ if (setent != 1 && ctx->seq_num != - (nscd_seq_num_t)cookie->p1_seqnum) { + (nscd_seq_num_t)cookie->p1_seqnum) { _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "invalid sequence # (%lld)\n", cookie->p1_seqnum); @@ -1451,10 +1444,10 @@ nss_psetent(void *buffer, size_t length, pid_t pid) rc = get_gss_func((void **)&func); if (rc == NSCD_SUCCESS) { if (func(&stat, GSS_C_NO_CREDENTIAL, - NULL, NULL, NULL, NULL) != GSS_S_COMPLETE) { + NULL, NULL, NULL, NULL) != GSS_S_COMPLETE) { _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, - NSCD_LOG_LEVEL_DEBUG) + NSCD_LOG_LEVEL_DEBUG) (me, "NSS_TRYLOCAL: fallback to caller process\n"); NSCD_RETURN_STATUS(pbuf, NSS_TRYLOCAL, 0); } @@ -1493,7 +1486,7 @@ nss_psetent(void *buffer, size_t length, pid_t pid) p0c->p0_seqnum = NSCD_P0_COOKIE_SEQNUM; _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "returning a p0 cookie: pid = %ld, time = %ld, seq #= %llx\n", - p0c->p0_pid, p0c->p0_time, p0c->p0_seqnum); + p0c->p0_pid, p0c->p0_time, p0c->p0_seqnum); NSCD_RETURN_STATUS(pbuf, NSS_SUCCESS, 0); } @@ -1511,7 +1504,7 @@ delayed_setent(nss_pheader_t *pbuf, nss_db_initf_t initf, * check credential */ _nscd_APP_check_cred(pbuf, &pid, "NSCD_DELAYED_SETENT", - NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_ERROR); + NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_ERROR); if (NSCD_STATUS_IS_NOT_OK(pbuf)) { _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "invalid credential\n"); @@ -1543,13 +1536,13 @@ delayed_setent(nss_pheader_t *pbuf, nss_db_initf_t initf, _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "NSS_TRYLOCAL: cookie # = %lld, sequence # = %lld\n", - *cookie_num_p, *seqnum_p); + *cookie_num_p, *seqnum_p); NSCD_RETURN_STATUS(pbuf, NSS_TRYLOCAL, 0); } _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "NSS_SUCCESS: cookie # = %lld, sequence # = %lld\n", - ctx->cookie_num, ctx->seq_num); + ctx->cookie_num, ctx->seq_num); NSCD_RETURN_STATUS(pbuf, NSS_SUCCESS, 0); } @@ -1591,10 +1584,10 @@ nss_pgetent(void *buffer, size_t length) /* if no context yet, get one */ if (contextp->ctx == NULL) { nscd_getent_p0_cookie_t *p0c = - (nscd_getent_p0_cookie_t *)cookie_num_p; + (nscd_getent_p0_cookie_t *)cookie_num_p; delayed_setent(pbuf, initf, contextp, cookie_num_p, - seqnum_p, p0c->p0_pid); + seqnum_p, p0c->p0_pid); if (NSCD_STATUS_IS_NOT_OK(pbuf)) { clear_initf_key(); return; @@ -1602,7 +1595,7 @@ nss_pgetent(void *buffer, size_t length) } status = nss_packed_context_init(buffer, length, - NULL, &initf, &contextp, &arg); + NULL, &initf, &contextp, &arg); if (status != NSS_SUCCESS) { NSCD_RETURN_STATUS(pbuf, status, -1); } @@ -1621,8 +1614,8 @@ nss_pgetent(void *buffer, size_t length) _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "getent OK, new sequence # = %lld, len = %lld," - " data = >>%s<<\n", *seqnum_p, - pbuf->data_len, (char *)buffer + pbuf->data_off); + " data = >>%s<<\n", *seqnum_p, + pbuf->data_len, (char *)buffer + pbuf->data_off); } else { /* release the resources used */ ctx = (nscd_getent_context_t *)contextp->ctx; @@ -1632,7 +1625,7 @@ nss_pgetent(void *buffer, size_t length) } _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "getent failed, status = %d, sequence # = %lld\n", - status, *seqnum_p); + status, *seqnum_p); } /* clear the TSD key used by the generic initf */ @@ -1663,7 +1656,7 @@ nss_pendent(void *buffer, size_t length) _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "endent, cookie = %lld, sequence # = %lld\n", - *cookie_num_p, *seqnum_p); + *cookie_num_p, *seqnum_p); /* Perform local endent and reset context */ nss_endent(NULL, NULL, contextp); diff --git a/usr/src/cmd/nscd/nscd_switch.h b/usr/src/cmd/nscd/nscd_switch.h index 93564446b3..add7a6a26e 100644 --- a/usr/src/cmd/nscd/nscd_switch.h +++ b/usr/src/cmd/nscd/nscd_switch.h @@ -107,11 +107,13 @@ typedef struct nscd_nsw_state { int dbi; /* which database? */ int max_src; /* is == config->num_lookups */ int getent; /* used by getent */ + nscd_bool_t recheck_be; /* if set, check/init be */ nss_db_params_t p; struct __nsw_switchconfig_v1 *config; nscd_nsw_config_t **nsw_cfg_p; nscd_nsw_state_base_t *base; nss_backend_t **be; /* array of backends */ + nss_backend_constr_t *be_constr; /* be constructor array */ nscd_db_t ***be_db_pp; struct nscd_nsw_state *next; } nscd_nsw_state_t; diff --git a/usr/src/cmd/nscd/server.c b/usr/src/cmd/nscd/server.c index 699579fdfe..520a92be17 100644 --- a/usr/src/cmd/nscd/server.c +++ b/usr/src/cmd/nscd/server.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -36,6 +36,7 @@ #include <errno.h> #include <stdarg.h> #include <locale.h> +#include <sys/stat.h> #include <tsol/label.h> #include <zone.h> #include "cache.h" @@ -129,12 +130,17 @@ main(int argc, char ** argv) /* * The admin model for TX is that labeled zones are managed * in global zone where most trusted configuration database - * resides. + * resides. However, nscd will run in any labeled zone if + * file /var/tsol/doors/nscd_per_label exists. */ if (is_system_labeled() && (getzoneid() != GLOBAL_ZONEID)) { - (void) fprintf(stderr, -gettext("With Trusted Extensions nscd runs only in the global zone.\n")); - exit(1); + struct stat sbuf; + if (stat(TSOL_NSCD_PER_LABEL_FILE, &sbuf) < 0) { + (void) fprintf(stderr, + gettext("With Trusted Extensions nscd runs only in the " + "global zone (if nscd_per_label flag not set)\n")); + exit(1); + } } /* @@ -142,7 +148,7 @@ gettext("With Trusted Extensions nscd runs only in the global zone.\n")); */ if (geteuid()) { if (argc != 2 || - (strcmp(argv[1], "-g") && strcmp(argv[1], "-G"))) { + (strcmp(argv[1], "-g") && strcmp(argv[1], "-G"))) { (void) fprintf(stderr, gettext("Must be root to use any option other than -g\n\n")); usage(argv[0]); @@ -151,7 +157,7 @@ gettext("With Trusted Extensions nscd runs only in the global zone.\n")); if (_nscd_doorcall(NSCD_PING) != NSS_SUCCESS) { (void) fprintf(stderr, gettext("%s doesn't appear to be running.\n"), - argv[0]); + argv[0]); exit(1); } if (_nscd_client_getadmin(argv[1][1]) != 0) { @@ -215,7 +221,7 @@ gettext("With Trusted Extensions nscd runs only in the global zone.\n")); } if (errflg) - usage(argv[0]); + usage(argv[0]); /* * perform more initialization and load configuration @@ -262,31 +268,31 @@ gettext("With Trusted Extensions nscd runs only in the global zone.\n")); case 'p': doset++; if (_nscd_add_admin_mod(optarg, 'p', - getcacheopt(optarg), - msg, sizeof (msg)) == -1) + getcacheopt(optarg), + msg, sizeof (msg)) == -1) errflg++; break; case 'n': doset++; if (_nscd_add_admin_mod(optarg, 'n', - getcacheopt(optarg), - msg, sizeof (msg)) == -1) + getcacheopt(optarg), + msg, sizeof (msg)) == -1) errflg++; break; case 'c': doset++; if (_nscd_add_admin_mod(optarg, 'c', - getcacheopt(optarg), - msg, sizeof (msg)) == -1) + getcacheopt(optarg), + msg, sizeof (msg)) == -1) errflg++; break; case 'i': doset++; if (_nscd_add_admin_mod(optarg, 'i', NULL, - msg, sizeof (msg)) == -1) + msg, sizeof (msg)) == -1) errflg++; break; @@ -294,14 +300,14 @@ gettext("With Trusted Extensions nscd runs only in the global zone.\n")); doset++; (void) strlcpy(logfile, optarg, 128); (void) _nscd_add_admin_mod(NULL, 'l', optarg, - msg, sizeof (msg)); + msg, sizeof (msg)); break; case 'd': doset++; debug_level = atoi(optarg); (void) _nscd_add_admin_mod(NULL, 'd', optarg, - msg, sizeof (msg)); + msg, sizeof (msg)); break; case 'S': @@ -319,16 +325,16 @@ gettext("With Trusted Extensions nscd runs only in the global zone.\n")); case 'h': doset++; if (_nscd_add_admin_mod(optarg, 'h', - getcacheopt(optarg), - msg, sizeof (msg)) == -1) + getcacheopt(optarg), + msg, sizeof (msg)) == -1) errflg++; break; case 'e': doset++; if (_nscd_add_admin_mod(optarg, 'e', - getcacheopt(optarg), - msg, sizeof (msg)) == -1) + getcacheopt(optarg), + msg, sizeof (msg)) == -1) errflg++; break; @@ -344,9 +350,9 @@ gettext("With Trusted Extensions nscd runs only in the global zone.\n")); } if (errflg) { - if (*msg != '\0') - (void) fprintf(stderr, "\n%s: %s\n\n", argv[0], msg); - usage(argv[0]); + if (*msg != '\0') + (void) fprintf(stderr, "\n%s: %s\n\n", argv[0], msg); + usage(argv[0]); } /* @@ -374,7 +380,7 @@ gettext("With Trusted Extensions nscd runs only in the global zone.\n")); if (!showstats && !doset) { (void) fprintf(stderr, gettext("%s already running.... no administration option specified\n"), - argv[0]); + argv[0]); } exit(0); } @@ -403,7 +409,7 @@ gettext("%s already running.... no administration option specified\n"), (void) strcpy(logfile, "/dev/null"); (void) _nscd_add_admin_mod(NULL, 'l', logfile, - msg, sizeof (msg)); + msg, sizeof (msg)); } /* activate command options */ @@ -421,7 +427,7 @@ gettext("%s already running.... no administration option specified\n"), * is configured */ _nscd_start_forker(saved_execname, saved_argc, - saved_argv); + saved_argv); } else { /* * daemonize the nscd (forker nscd will also @@ -449,8 +455,8 @@ gettext("%s already running.... no administration option specified\n"), for (ret = NSS_ALTRETRY; ret == NSS_ALTRETRY; ) ret = _nscd_doorcall_sendfd(_doorfd, - NSCD_IMHERE | (NSCD_FORKER & NSCD_WHOAMI), - NULL, 0, NULL); + NSCD_IMHERE | (NSCD_FORKER & NSCD_WHOAMI), + NULL, 0, NULL); } for (;;) { @@ -466,32 +472,32 @@ static void usage(char *s) { (void) fprintf(stderr, - "Usage: %s [-d debug_level] [-l logfilename]\n", s); + "Usage: %s [-d debug_level] [-l logfilename]\n", s); (void) fprintf(stderr, - " [-p cachename,positive_time_to_live]\n"); + " [-p cachename,positive_time_to_live]\n"); (void) fprintf(stderr, - " [-n cachename,negative_time_to_live]\n"); + " [-n cachename,negative_time_to_live]\n"); (void) fprintf(stderr, - " [-i cachename]\n"); + " [-i cachename]\n"); (void) fprintf(stderr, - " [-h cachename,keep_hot_count]\n"); + " [-h cachename,keep_hot_count]\n"); (void) fprintf(stderr, - " [-e cachename,\"yes\"|\"no\"] [-g] " \ - "[-c cachename,\"yes\"|\"no\"]\n"); + " [-e cachename,\"yes\"|\"no\"] [-g] " \ + "[-c cachename,\"yes\"|\"no\"]\n"); (void) fprintf(stderr, - " [-f configfilename] \n"); + " [-f configfilename] \n"); (void) fprintf(stderr, - "\n Supported caches:\n"); + "\n Supported caches:\n"); (void) fprintf(stderr, - " audit_user, auth_attr, bootparams, ethers\n"); + " audit_user, auth_attr, bootparams, ethers\n"); (void) fprintf(stderr, - " exec_attr, group, hosts, ipnodes, netmasks\n"); + " exec_attr, group, hosts, ipnodes, netmasks\n"); (void) fprintf(stderr, - " networks, passwd, printers, prof_attr, project\n"); + " networks, passwd, printers, prof_attr, project\n"); (void) fprintf(stderr, - " protocols, rpc, services, tnrhtp, tnrhdb\n"); + " protocols, rpc, services, tnrhtp, tnrhdb\n"); (void) fprintf(stderr, - " user_attr\n"); + " user_attr\n"); exit(1); } @@ -519,7 +525,7 @@ detachfromtty(void) _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ERROR) (me, "unable to fork: pid = %d, %s\n", - getpid(), strerror(errno)); + getpid(), strerror(errno)); exit(1); break; diff --git a/usr/src/cmd/nscd/svc-nscd b/usr/src/cmd/nscd/svc-nscd index 08a856ee66..0c6aa1bc4b 100644 --- a/usr/src/cmd/nscd/svc-nscd +++ b/usr/src/cmd/nscd/svc-nscd @@ -21,7 +21,7 @@ # CDDL HEADER END # # -# Copyright 2006 Sun Microsystems, Inc. All rights reserved. +# Copyright 2007 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "%Z%%M% %I% %E% SMI" @@ -32,28 +32,38 @@ if (smf_is_system_labeled); then if (smf_is_nonglobalzone); then + if [ ! -f /var/tsol/doors/nscd_per_label ]; then - # If needed create a door to the global zone daemon. - if [ ! -L /var/run/name_service_door ]; then - ln -s /var/tsol/doors/name_service_door /var/run || \ - exit $SMF_EXIT_ERR_FATAL - fi + # If needed create a door to the global zone daemon. + if [ -r /var/run/name_service_door ]; then + rm /var/run/name_service_door + fi + ln -s /var/tsol/doors/name_service_door \ + /var/run || exit $SMF_EXIT_ERR_FATAL - # If current service duration is not "transient", create - # a dummy background process to preserve contract lifetime. - duration="" - if /bin/svcprop -q -c -p startd/duration $SMF_FMRI ; then - duration=`/bin/svcprop -c -p startd/duration $SMF_FMRI` - fi - if [ "$duration" != "transient" ]; then - ( while true ; do sleep 3600 ; done ) & - fi + # If current service duration is not "transient", + # create a dummy background process to preserve + # contract lifetime. + duration="" + if /bin/svcprop -q -c -p startd/duration $SMF_FMRI + then + duration=`/bin/svcprop -c -p startd/duration \ + $SMF_FMRI` + fi + if [ "$duration" != "transient" ]; then + ( while true ; do sleep 3600 ; done ) & + fi - # The real daemon is not started in non-global zones, - # so exit now. - exit $SMF_EXIT_OK + # The real daemon is not started in non-global zones, + # so exit now. + exit $SMF_EXIT_OK + else + # remove the door to the global zone daemon + if [ -L /var/run/name_service_door ]; then + rm /var/run/name_service_door + fi + fi fi - fi if [ -f /etc/nscd.conf -a -f /usr/sbin/nscd ]; then diff --git a/usr/src/lib/nsswitch/nisplus/common/getgrent.c b/usr/src/lib/nsswitch/nisplus/common/getgrent.c index 9f1e78a89c..c5c76514b6 100644 --- a/usr/src/lib/nsswitch/nisplus/common/getgrent.c +++ b/usr/src/lib/nsswitch/nisplus/common/getgrent.c @@ -114,7 +114,7 @@ getbymember(be, a) switch (netid_lookup(&grdata, be)) { case NSS_SUCCESS: /* - * Return SUCESS only if array is full. + * Return SUCCESS only if array is full. * Explained in <nss_dbdefs.h>. */ argp->numgids = grdata.numgids; @@ -151,7 +151,14 @@ getbymember(be, a) if (r) nis_freeresult(r); argp->numgids = grdata.numgids; - return (NSS_SUCCESS); + + /* + * Return SUCCESS only if array is full. + * Explained in <nss_dbdefs.h>. + */ + return ((argp->numgids == argp->maxgids) + ? NSS_SUCCESS + : NSS_NOTFOUND); } r = __nis_list_localcb(be->table_name, NIS_LIST_COMMON | ALL_RESULTS | __nis_force_hard_lookups, gr_cback, &grdata); @@ -160,7 +167,14 @@ getbymember(be, a) nis_freeresult(r); argp->numgids = grdata.numgids; - return (NSS_SUCCESS); + + /* + * Return SUCCESS only if array is full. + * Explained in <nss_dbdefs.h>. + */ + return ((argp->numgids == argp->maxgids) + ? NSS_SUCCESS + : NSS_NOTFOUND); } @@ -361,8 +375,8 @@ netid_lookup(struct memdata *grdata, nisplus_backend_ptr_t be) * in the Answerbook. */ r = __nis_list_localcb(buf, - NIS_LIST_COMMON | __nis_force_hard_lookups, - netid_cback, grdata); + NIS_LIST_COMMON | __nis_force_hard_lookups, + netid_cback, grdata); if (r == 0) return (NSS_NOTFOUND); |