diff options
-rw-r--r-- | Makefile.am | 5 | ||||
-rw-r--r-- | src/sss_client/nss_mc.h | 62 | ||||
-rw-r--r-- | src/sss_client/nss_mc_common.c | 272 |
3 files changed, 338 insertions, 1 deletions
diff --git a/Makefile.am b/Makefile.am index 8067c980..1c4d11e0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -954,7 +954,10 @@ libnss_sss_la_SOURCES = \ src/sss_client/nss_netgroup.c \ src/sss_client/nss_services.c \ src/sss_client/sss_cli.h \ - src/sss_client/nss_compat.h + src/sss_client/nss_compat.h \ + src/sss_client/nss_mc_common.c \ + src/util/murmurhash3.c \ + src/sss_client/nss_mc.h libnss_sss_la_LDFLAGS = \ -module \ -version-info 2:0:0 \ diff --git a/src/sss_client/nss_mc.h b/src/sss_client/nss_mc.h new file mode 100644 index 00000000..35cefe5b --- /dev/null +++ b/src/sss_client/nss_mc.h @@ -0,0 +1,62 @@ +/* + * System Security Services Daemon. NSS client interface + * + * Copyright (C) Simo Sorce 2011 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* NSS interfaces to mmap cache */ + +#ifndef _NSS_MC_H_ +#define _NSS_MC_H_ + +#include <stdint.h> +#include <stdbool.h> +#include <pwd.h> +#include "util/mmap_cache.h" + +#ifndef HAVE_ERRNO_T +#define HAVE_ERRNO_T +typedef int errno_t; +#endif + +/* common stuff */ +struct sss_cli_mc_ctx { + bool initialized; + int fd; + + uint32_t seed; /* seed from the tables header */ + + void *mmap_base; /* base address of mmap */ + size_t mmap_size; /* total size of mmap */ + + uint8_t *data_table; /* data table address (in mmap) */ + uint32_t dt_size; /* size of data table */ + + uint32_t *hash_table; /* hash table address (in mmap) */ + uint32_t ht_size; /* size of hash table */ +}; + +errno_t sss_nss_mc_get_ctx(const char *name, struct sss_cli_mc_ctx *ctx); +errno_t sss_nss_check_header(struct sss_cli_mc_ctx *ctx); +uint32_t sss_nss_mc_hash(struct sss_cli_mc_ctx *ctx, + const char *key, size_t len); +errno_t sss_nss_mc_get_record(struct sss_cli_mc_ctx *ctx, + uint32_t slot, struct sss_mc_rec **_rec); +errno_t sss_nss_str_ptr_from_buffer(char **str, void **cookie, + char *buf, size_t len); + +#endif /* _NSS_MC_H_ */ diff --git a/src/sss_client/nss_mc_common.c b/src/sss_client/nss_mc_common.c new file mode 100644 index 00000000..5391df97 --- /dev/null +++ b/src/sss_client/nss_mc_common.c @@ -0,0 +1,272 @@ +/* + * System Security Services Daemon. NSS client interface + * + * Copyright (C) Simo Sorce 2011 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* NSS interfaces to mmap cache */ + +#include "config.h" + +#include <stdio.h> +#include <errno.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <unistd.h> +#include <sys/mman.h> +#include <string.h> +#include <stdlib.h> +#include "nss_mc.h" + +/* FIXME: hook up to library destructor to avoid leaks */ +/* FIXME: temporarily open passwd file on our own, later we will probably + * use socket passing from the main process */ +/* FIXME: handle name upper/lower casing ? Maybe a flag passed down by + * sssd or a flag in sss_mc_header ? per domain ? */ + +errno_t sss_nss_check_header(struct sss_cli_mc_ctx *ctx) +{ + struct sss_mc_header h; + int count; + + /* retry barrier protected reading max 5 times then give up */ + for (count = 5; count > 0; count--) { + memcpy(&h, ctx->mmap_base, sizeof(struct sss_mc_header)); + if (MC_VALID_BARRIER(h.b1) && h.b1 == h.b2) { + /* record is consistent so we can proceed */ + break; + } + } + if (count == 0) { + /* couldn't successfully read header we have to give up */ + return EIO; + } + + if (h.major_vno != SSS_MC_MAJOR_VNO || + h.minor_vno != SSS_MC_MINOR_VNO || + h.status == SSS_MC_HEADER_RECYCLED) { + return EINVAL; + } + + /* first time we check the header, let's fill our own struct */ + if (ctx->data_table == NULL) { + ctx->seed = h.seed; + ctx->data_table = MC_PTR_ADD(ctx->mmap_base, h.data_table); + ctx->hash_table = MC_PTR_ADD(ctx->mmap_base, h.hash_table); + ctx->dt_size = h.dt_size; + ctx->ht_size = h.ht_size; + } else { + if (ctx->seed != h.seed || + ctx->data_table != MC_PTR_ADD(ctx->mmap_base, h.data_table) || + ctx->hash_table != MC_PTR_ADD(ctx->mmap_base, h.hash_table) || + ctx->dt_size != h.dt_size || + ctx->ht_size != h.ht_size) { + return EINVAL; + } + } + + return 0; +} + +errno_t sss_nss_mc_get_ctx(const char *name, struct sss_cli_mc_ctx *ctx) +{ + struct stat fdstat; + char *file = NULL; + char *envval; + int ret; + + envval = getenv("_SSS_MC_SPECIAL"); + if (envval && strcmp(envval, "NO") == 0) { + return EPERM; + } + + if (ctx->initialized) { + ret = sss_nss_check_header(ctx); + goto done; + } + + ret = asprintf(&file, "%s/%s", SSS_NSS_MCACHE_DIR, name); + if (ret == -1) { + ret = ENOMEM; + goto done; + } + + ctx->fd = open(file, O_RDONLY); + if (ctx->fd == -1) { + ret = EIO; + goto done; + } + + ret = fstat(ctx->fd, &fdstat); + if (ret == -1) { + ret = EIO; + goto done; + } + + if (fdstat.st_size < MC_HEADER_SIZE) { + ret = ENOMEM; + goto done; + } + ctx->mmap_size = fdstat.st_size; + + ctx->mmap_base = mmap(NULL, ctx->mmap_size, + PROT_READ, MAP_SHARED, ctx->fd, 0); + if (ctx->mmap_base == MAP_FAILED) { + ret = ENOMEM; + goto done; + } + + ret = sss_nss_check_header(ctx); + if (ret != 0) { + goto done; + } + + ctx->initialized = true; + + ret = 0; + +done: + if (ret) { + if ((ctx->mmap_base != NULL) && (ctx->mmap_size != 0)) { + munmap(ctx->mmap_base, ctx->mmap_size); + } + if (ctx->fd != -1) { + close(ctx->fd); + } + memset(ctx, 0, sizeof(struct sss_cli_mc_ctx)); + } + free(file); + return ret; +} + +uint32_t sss_nss_mc_hash(struct sss_cli_mc_ctx *ctx, + const char *key, size_t len) +{ + return murmurhash3(key, len, ctx->seed) % MC_HT_ELEMS(ctx->ht_size); +} + +errno_t sss_nss_mc_get_record(struct sss_cli_mc_ctx *ctx, + uint32_t slot, struct sss_mc_rec **_rec) +{ + struct sss_mc_rec *rec; + void *rec_buf = NULL; + size_t buf_size = 0; + size_t rec_len; + uint32_t b1; + uint32_t b2; + int count; + int ret; + + /* try max 5 times */ + for (count = 5; count > 0; count--) { + rec = MC_SLOT_TO_PTR(ctx->data_table, slot, struct sss_mc_rec); + + /* fetch record length */ + b1 = rec->b1; + __sync_synchronize(); + rec_len = rec->len; + __sync_synchronize(); + b2 = rec->b1; + if (!MC_VALID_BARRIER(b1) || b1 != b2) { + /* record is inconsistent, retry */ + continue; + } + + if (rec_len > buf_size) { + free(rec_buf); + rec_buf = malloc(rec_len); + if (!rec_buf) { + ret = ENOMEM; + goto done; + } + buf_size = rec_len; + } + /* we cannot access data directly, we must copy data and then + * access the copy */ + memcpy(rec_buf, rec, rec_len); + rec = (struct sss_mc_rec *)rec_buf; + + /* we must check data is consistent again after the copy */ + if (MC_VALID_BARRIER(rec->b1) && + rec->b1 == rec->b2 && + rec->len == rec_len) { + /* record is consistent, use it */ + break; + } + } + if (count == 0) { + /* couldn't successfully read header we have to give up */ + ret = EIO; + goto done; + } + + *_rec = rec; + ret = 0; + +done: + if (ret) { + free(rec_buf); + *_rec = NULL; + } + return ret; +} + +/* + * returns strings froma a buffer. + * + * Call first time with *cookie set to null, then call again + * with the returned cookie. + * On the last string the cookie will be reset to null and + * all strings will have been returned. + * In case the last string is not zero terminated EINVAL is returned. + */ +errno_t sss_nss_str_ptr_from_buffer(char **str, void **cookie, + char *buf, size_t len) +{ + char *max = buf + len; + char *ret; + char *p; + + if (*cookie == NULL) { + p = buf; + } else { + p = *((char **)cookie); + } + + ret = p; + + while (p < max) { + if (*p == '\0') { + break; + } + p++; + } + if (p >= max) { + return EINVAL; + } + p++; + if (p == max) { + *cookie = NULL; + } else { + *cookie = p; + } + + *str = ret; + return 0; +} + |