6592411 large request/response can cause RPC layer of idmap to fail

6613041 trusted domain issues: idmap_name2sid_batch_add1() ignores the domain of the given name
author: nw141292 <none@none> 2007-10-11 10:47:49 -0700
committer: nw141292 <none@none> 2007-10-11 10:47:49 -0700
commit: d3a612ca42c17c3baa6c96ded00f98db349cc881 (patch)
tree: a4088de89b441ce78e9f2bdf305c2ddda685df11 /usr/src
parent: 538f043421a57b3be38677f831d3ee9dd6d2b403 (diff)
download: illumos-gate-d3a612ca42c17c3baa6c96ded00f98db349cc881.tar.gz
5 files changed, 48 insertions, 8 deletions
diff --git a/usr/src/cmd/idmap/idmapd/adutils.c b/usr/src/cmd/idmap/idmapd/adutils.c
index 4cfa56e073..f15f81c676 100644
--- a/usr/src/cmd/idmap/idmapd/adutils.c
+++ b/usr/src/cmd/idmap/idmapd/adutils.c
@@ -1473,17 +1473,16 @@ idmap_name2sid_batch_add1(idmap_query_state_t *state,
 	 * Handle optional domain parameter and default domain
 	 * semantics.  The get a basedn from the domainname.
 	 */
-	if (dname == NULL || *dname != '\0') {
+	samAcctNameLen = strlen(name);
+	if (dname == NULL || *dname == '\0') {
 		/* domain name not given separately */
 		if ((cp = strchr(name, '@')) == NULL) {
 			/* nor is the name qualified */
 			dname = state->qadh->owner->dflt_w2k_dom;
 			basedn = state->qadh->owner->basedn;
-			samAcctNameLen = strlen(name);
 		} else {
 			/* the name is qualified */
-			/* LINTED */
-			samAcctNameLen = cp - name;
+			samAcctNameLen -= strlen(cp);
 			dname = cp + 1;
 		}
 	}
diff --git a/usr/src/cmd/idmap/idmapd/idmapd.c b/usr/src/cmd/idmap/idmapd/idmapd.c
index 650d367609..c3baeb6a83 100644
--- a/usr/src/cmd/idmap/idmapd/idmapd.c
+++ b/usr/src/cmd/idmap/idmapd/idmapd.c
@@ -263,7 +263,7 @@ main(int argc, char **argv)
 static void
 init_idmapd() {
 	int	error;
-	int connmaxrec = RPC_MAX_SIZE;
+	int connmaxrec = IDMAP_MAX_DOOR_RPC;
 
 	/* create directories as root and chown to daemon uid */
 	if (create_directory(IDMAP_DBDIR, DAEMON_UID, DAEMON_GID) < 0)
@@ -303,7 +303,7 @@ init_idmapd() {
 		exit(1);
 	}
 
-	xprt = svc_door_create(idmap_prog_1, IDMAP_PROG, IDMAP_V1, 0);
+	xprt = svc_door_create(idmap_prog_1, IDMAP_PROG, IDMAP_V1, connmaxrec);
 	if (xprt == NULL) {
 		idmapdlog(LOG_ERR,
 		"idmapd: unable to create door RPC service");
diff --git a/usr/src/cmd/idmap/idmapd/idmapd.h b/usr/src/cmd/idmap/idmapd/idmapd.h
index 7ead846242..9ad4328335 100644
--- a/usr/src/cmd/idmap/idmapd/idmapd.h
+++ b/usr/src/cmd/idmap/idmapd/idmapd.h
@@ -141,7 +141,6 @@ typedef struct wksids_table {
 #define	IDMAP_DBNAME	IDMAP_DBDIR "/idmap.db"
 #define	IDMAP_CACHENAME	IDMAP_CACHEDIR "/idmap.db"
 #define	IDMAP_CACHENAME	IDMAP_CACHEDIR "/idmap.db"
-#define	RPC_MAX_SIZE	65536
 
 #define	EMPTY_STRING(str)	(str == NULL || *str == 0)
 
diff --git a/usr/src/lib/libidmap/common/idmap_api.c b/usr/src/lib/libidmap/common/idmap_api.c
index 06a849f902..09b26bb26c 100644
--- a/usr/src/lib/libidmap/common/idmap_api.c
+++ b/usr/src/lib/libidmap/common/idmap_api.c
@@ -39,6 +39,7 @@
 #include <sys/stat.h>
 #include <dlfcn.h>
 #include <libintl.h>
+#include <ucontext.h>
 #include "idmap_impl.h"
 
 static struct timeval TIMEOUT = { 25, 0 };
@@ -103,6 +104,8 @@ idmap_free(void *ptr) {
 }
 
 
+#define	MIN_STACK_NEEDS	16384
+
 /*
  * Create and Initialize idmap client handle for rpc/doors
  *
@@ -113,13 +116,45 @@ idmap_stat
 idmap_init(idmap_handle_t **handle) {
 	CLIENT			*clnt = NULL;
 	struct idmap_handle	*hptr;
+	uint_t			sendsz = 0;
+	stack_t			st;
 
 	*handle = NULL;
 	hptr = (struct idmap_handle *)calloc(1, sizeof (*hptr));
 	if (hptr == NULL)
 		return (IDMAP_ERR_MEMORY);
 
-	clnt = clnt_door_create(IDMAP_PROG, IDMAP_V1, 0);
+	/*
+	 * clnt_door_call() alloca()s sendsz bytes (twice too, once for
+	 * the call args buffer and once for the call result buffer), so
+	 * we want to pick a sendsz that will be large enough, but not
+	 * too large.
+	 */
+	if (stack_getbounds(&st) == 0) {
+		/*
+		 * Estimate how much stack space is left;
+		 * st.ss_sp is the top of stack.
+		 */
+		if ((char *)&sendsz < (char *)st.ss_sp)
+			/* stack grows up */
+			sendsz = ((char *)st.ss_sp - (char *)&sendsz);
+		else
+			/* stack grows down */
+			sendsz = ((char *)&sendsz - (char *)st.ss_sp);
+
+		/*
+		 * Take much of the stack space left, divided by two,
+		 * but leave enough for our needs (just a guess!), and
+		 * if we can't, then roll the dice.
+		 */
+		sendsz = RNDUP(sendsz / 2);
+		if (sendsz < MIN_STACK_NEEDS)
+			sendsz = 0;	/* RPC call may fail */
+		else if (sendsz > IDMAP_MAX_DOOR_RPC)
+			sendsz = IDMAP_MAX_DOOR_RPC;
+	}
+
+	clnt = clnt_door_create(IDMAP_PROG, IDMAP_V1, sendsz);
 	if (clnt == NULL) {
 		free(hptr);
 		return (IDMAP_ERR_RPC);
diff --git a/usr/src/uts/common/sys/idmap.h b/usr/src/uts/common/sys/idmap.h
index c48bd092d7..8993de65d9 100644
--- a/usr/src/uts/common/sys/idmap.h
+++ b/usr/src/uts/common/sys/idmap.h
@@ -76,4 +76,11 @@
 /* Reserved SIDs */
 #define	IDMAP_WK_CREATOR_SID_AUTHORITY	"S-1-3"
 
+/*
+ * Max door RPC size for ID mapping (can't be too large relative to the
+ * default user-land thread stack size, since clnt_door_call()
+ * alloca()s).  See libidmap:idmap_init().
+ */
+#define	IDMAP_MAX_DOOR_RPC		(256 * 1024)
+
 #endif /* _SYS_IDMAP_H */
author	nw141292 <none@none>	2007-10-11 10:47:49 -0700
committer	nw141292 <none@none>	2007-10-11 10:47:49 -0700
commit	d3a612ca42c17c3baa6c96ded00f98db349cc881 (patch)
tree	a4088de89b441ce78e9f2bdf305c2ddda685df11 /usr/src
parent	538f043421a57b3be38677f831d3ee9dd6d2b403 (diff)
download	illumos-gate-d3a612ca42c17c3baa6c96ded00f98db349cc881.tar.gz