diff options
Diffstat (limited to 'nis/nis_call.c')
-rw-r--r-- | nis/nis_call.c | 400 |
1 files changed, 316 insertions, 84 deletions
diff --git a/nis/nis_call.c b/nis/nis_call.c index 928053daf5..c571e8f367 100644 --- a/nis/nis_call.c +++ b/nis/nis_call.c @@ -1,4 +1,5 @@ -/* Copyright (C) 1997,1998,2001,2004,2005,2006 Free Software Foundation, Inc. +/* Copyright (C) 1997, 1998, 2001, 2004, 2005, 2006, 2007 + Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1997. @@ -25,8 +26,11 @@ #include <rpc/auth.h> #include <rpcsvc/nis.h> #include <sys/socket.h> +#include <sys/stat.h> +#include <unistd.h> #include <netinet/in.h> #include <arpa/inet.h> +#include <bits/libc-lock.h> #include "nis_xdr.h" #include "nis_intern.h" @@ -107,10 +111,79 @@ __nisbind_next (dir_binding *bind) } libnsl_hidden_def (__nisbind_next) +static struct ckey_cache_entry +{ + struct in_addr inaddr; + in_port_t port; + unsigned int protocol; + des_block ckey; +} *ckey_cache; +static size_t ckey_cache_size; +static size_t ckey_cache_allocated; +static pid_t ckey_cache_pid; +static uid_t ckey_cache_euid; +__libc_lock_define_initialized (static, ckey_cache_lock) + +static bool_t +get_ckey (des_block *ckey, struct sockaddr_in *addr, unsigned int protocol) +{ + size_t i; + pid_t pid = getpid (); + uid_t euid = geteuid (); + bool_t ret = FALSE; + + __libc_lock_lock (ckey_cache_lock); + + if (ckey_cache_pid != pid || ckey_cache_euid != euid) + { + ckey_cache_size = 0; + ckey_cache_pid = pid; + ckey_cache_euid = euid; + } + + for (i = 0; i < ckey_cache_size; ++i) + if (ckey_cache[i].port == addr->sin_port + && ckey_cache[i].protocol == protocol + && memcmp (&ckey_cache[i].inaddr, &addr->sin_addr, + sizeof (addr->sin_addr)) == 0) + { + *ckey = ckey_cache[i].ckey; + ret = TRUE; + break; + } + + if (!ret && key_gendes (ckey) >= 0) + { + ret = TRUE; + /* Don't grow the cache indefinitely. */ + if (ckey_cache_size == 256) + ckey_cache_size = 0; + if (ckey_cache_size == ckey_cache_allocated) + { + size_t size = ckey_cache_allocated ? ckey_cache_allocated * 2 : 16; + struct ckey_cache_entry *new_cache + = realloc (ckey_cache, size * sizeof (*ckey_cache)); + if (new_cache != NULL) + { + ckey_cache = new_cache; + ckey_cache_allocated = size; + } + } + ckey_cache[ckey_cache_size].inaddr = addr->sin_addr; + ckey_cache[ckey_cache_size].port = addr->sin_port; + ckey_cache[ckey_cache_size].protocol = protocol; + ckey_cache[ckey_cache_size++].ckey = *ckey; + } + + __libc_lock_unlock (ckey_cache_lock); + return ret; +} + nis_error __nisbind_connect (dir_binding *dbp) { nis_server *serv; + u_short port; if (dbp == NULL) return NIS_FAIL; @@ -128,9 +201,12 @@ __nisbind_connect (dir_binding *dbp) /* Check, if the host is online and rpc.nisd is running. Much faster then the clnt*_create functions: */ - if (__pmap_getnisport (&dbp->addr, NIS_PROG, NIS_VERSION, IPPROTO_UDP) == 0) + port = __pmap_getnisport (&dbp->addr, NIS_PROG, NIS_VERSION, + dbp->use_udp ? IPPROTO_UDP : IPPROTO_TCP); + if (port == 0) return NIS_RPCERROR; + dbp->addr.sin_port = htons (port); dbp->socket = RPC_ANYSOCK; if (dbp->use_udp) dbp->clnt = clntudp_create (&dbp->addr, NIS_PROG, NIS_VERSION, @@ -153,17 +229,16 @@ __nisbind_connect (dir_binding *dbp) { char netname[MAXNETNAMELEN + 1]; char *p; + des_block ckey; - p = stpcpy (netname, "unix."); + p = stpcpy (netname, "unix@"); strncpy (p, serv->name, MAXNETNAMELEN - 5); netname[MAXNETNAMELEN] = '\0'; - // XXX What is this supposed to do? If we really want to replace - // XXX the first dot, then we might as well use unix@ as the - // XXX prefix string. --drepper - p = strchr (netname, '.'); - *p = '@'; - dbp->clnt->cl_auth = - authdes_pk_create (netname, &serv->pkey, 300, NULL, NULL); + dbp->clnt->cl_auth = NULL; + if (get_ckey (&ckey, &dbp->addr, + dbp->use_udp ? IPPROTO_UDP : IPPROTO_TCP)) + dbp->clnt->cl_auth = + authdes_pk_create (netname, &serv->pkey, 300, NULL, &ckey); if (!dbp->clnt->cl_auth) dbp->clnt->cl_auth = authunix_create_default (); } @@ -177,7 +252,8 @@ libnsl_hidden_def (__nisbind_connect) nis_error __nisbind_create (dir_binding *dbp, const nis_server *serv_val, - unsigned int serv_len, unsigned int flags) + unsigned int serv_len, unsigned int server_used, + unsigned int current_ep, unsigned int flags) { dbp->clnt = NULL; @@ -203,8 +279,16 @@ __nisbind_create (dir_binding *dbp, const nis_server *serv_val, dbp->trys = 1; dbp->class = -1; - if (__nis_findfastest (dbp) < 1) - return NIS_NAMEUNREACHABLE; + if (server_used == ~0) + { + if (__nis_findfastest (dbp) < 1) + return NIS_NAMEUNREACHABLE; + } + else + { + dbp->server_used = server_used; + dbp->current_ep = current_ep; + } return NIS_SUCCESS; } @@ -306,7 +390,7 @@ __do_niscall2 (const nis_server *server, u_int server_len, u_long prog, if (flags & MASTER_ONLY) server_len = 1; - status = __nisbind_create (&dbp, server, server_len, flags); + status = __nisbind_create (&dbp, server, server_len, ~0, ~0, flags); if (status != NIS_SUCCESS) return status; @@ -338,9 +422,7 @@ rec_dirsearch (const_nis_name name, directory_obj *dir, nis_error *status) case HIGHER_NAME: { /* We need data from a parent domain */ directory_obj *obj; - char ndomain[strlen (dir->do_name) + 3]; - - nis_domain_of_r (dir->do_name, ndomain, sizeof (ndomain)); + const char *ndomain = __nis_domain_of (dir->do_name); /* The root server of our domain is a replica of the parent domain ! (Now I understand why a root server must be a @@ -384,7 +466,7 @@ rec_dirsearch (const_nis_name name, directory_obj *dir, nis_error *status) size_t namelen = strlen (name); char leaf[namelen + 3]; char domain[namelen + 3]; - char ndomain[namelen + 3]; + const char *ndomain; char *cp; strcpy (domain, name); @@ -397,8 +479,8 @@ rec_dirsearch (const_nis_name name, directory_obj *dir, nis_error *status) return NULL; } nis_leaf_of_r (domain, leaf, sizeof (leaf)); - nis_domain_of_r (domain, ndomain, sizeof (ndomain)); - strcpy (domain, ndomain); + ndomain = __nis_domain_of (domain); + memmove (domain, ndomain, strlen (ndomain) + 1); } while (nis_dir_cmp (domain, dir->do_name) != SAME_NAME); @@ -451,29 +533,16 @@ rec_dirsearch (const_nis_name name, directory_obj *dir, nis_error *status) /* We try to query the current server for the searched object, maybe he know about it ? */ static directory_obj * -first_shoot (const_nis_name name, int search_parent_first, directory_obj *dir) +first_shoot (const_nis_name name, directory_obj *dir) { directory_obj *obj = NULL; fd_result *fd_res; XDR xdrs; - char domain[strlen (name) + 3]; -#if 0 if (nis_dir_cmp (name, dir->do_name) == SAME_NAME) return dir; -#endif - const char *search_name = name; - if (search_parent_first) - { - nis_domain_of_r (name, domain, sizeof (domain)); - search_name = domain; - } - - if (nis_dir_cmp (search_name, dir->do_name) == SAME_NAME) - return dir; - - fd_res = __nis_finddirectory (dir, search_name); + fd_res = __nis_finddirectory (dir, name); if (fd_res == NULL) return NULL; if (fd_res->status == NIS_SUCCESS @@ -499,42 +568,224 @@ first_shoot (const_nis_name name, int search_parent_first, directory_obj *dir) return obj; } +static struct nis_server_cache +{ + int search_parent; + int uses; + unsigned int size; + unsigned int server_used; + unsigned int current_ep; + time_t expires; + char name[]; +} *nis_server_cache[16]; +static time_t nis_cold_start_mtime; +__libc_lock_define_initialized (static, nis_server_cache_lock) + +static directory_obj * +nis_server_cache_search (const_nis_name name, int search_parent, + unsigned int *server_used, unsigned int *current_ep, + struct timeval *now) +{ + directory_obj *ret = NULL; + int i; + char *addr; + XDR xdrs; + struct stat64 st; + + if (stat64 ("/var/nis/NIS_COLD_START", &st) < 0) + st.st_mtime = nis_cold_start_mtime + 1; + + __libc_lock_lock (nis_server_cache_lock); + + for (i = 0; i < 16; ++i) + if (nis_server_cache[i] == NULL) + continue; + else if (st.st_mtime != nis_cold_start_mtime + || now->tv_sec > nis_server_cache[i]->expires) + { + free (nis_server_cache[i]); + nis_server_cache[i] = NULL; + } + else if (nis_server_cache[i]->search_parent == search_parent + && strcmp (nis_server_cache[i]->name, name) == 0) + { + ret = calloc (1, sizeof (directory_obj)); + if (ret == NULL) + break; + + addr = rawmemchr (nis_server_cache[i]->name, '\0') + 8; + addr = (char *) ((uintptr_t) addr & ~(uintptr_t) 7); + xdrmem_create (&xdrs, addr, nis_server_cache[i]->size, XDR_DECODE); + if (!_xdr_directory_obj (&xdrs, ret)) + { + xdr_destroy (&xdrs); + free (ret); + ret = NULL; + free (nis_server_cache[i]); + nis_server_cache[i] = NULL; + break; + } + xdr_destroy (&xdrs); + *server_used = nis_server_cache[i]->server_used; + *current_ep = nis_server_cache[i]->current_ep; + break; + } + + nis_cold_start_mtime = st.st_mtime; + + __libc_lock_unlock (nis_server_cache_lock); + return ret; +} + +static void +nis_server_cache_add (const_nis_name name, int search_parent, + directory_obj *dir, unsigned int server_used, + unsigned int current_ep, struct timeval *now) +{ + struct nis_server_cache **loc; + struct nis_server_cache *new; + struct nis_server_cache *old; + int i; + char *addr; + unsigned int size; + XDR xdrs; + + if (dir == NULL) + return; + + size = xdr_sizeof ((xdrproc_t) _xdr_directory_obj, (char *) dir); + new = calloc (1, sizeof (*new) + strlen (name) + 8 + size); + if (new == NULL) + return; + new->search_parent = search_parent; + new->uses = 1; + new->expires = now->tv_sec + dir->do_ttl; + new->size = size; + new->server_used = server_used; + new->current_ep = current_ep; + addr = stpcpy (new->name, name) + 8; + addr = (char *) ((uintptr_t) addr & ~(uintptr_t) 7); + + xdrmem_create(&xdrs, addr, size, XDR_ENCODE); + if (!_xdr_directory_obj (&xdrs, dir)) + { + xdr_destroy (&xdrs); + free (new); + return; + } + xdr_destroy (&xdrs); + + __libc_lock_lock (nis_server_cache_lock); + + /* Choose which entry should be evicted from the cache. */ + loc = &nis_server_cache[0]; + if (*loc != NULL) + for (i = 1; i < 16; ++i) + if (nis_server_cache[i] == NULL) + { + loc = &nis_server_cache[i]; + break; + } + else if ((*loc)->uses > nis_server_cache[i]->uses + || ((*loc)->uses == nis_server_cache[i]->uses + && (*loc)->expires > nis_server_cache[i]->expires)) + loc = &nis_server_cache[i]; + old = *loc; + *loc = new; + + __libc_lock_unlock (nis_server_cache_lock); + free (old); +} + nis_error -__nisfind_server (const_nis_name name, int search_parent_first, - directory_obj **dir) +__nisfind_server (const_nis_name name, int search_parent, + directory_obj **dir, dir_binding *dbp, unsigned int flags) { + nis_error result = NIS_SUCCESS; + nis_error status; + directory_obj *obj; + struct timeval now; + unsigned int server_used = ~0; + unsigned int current_ep = ~0; + if (name == NULL) return NIS_BADNAME; -#if 0 - /* Search in local cache. In the moment, we ignore the fastest server */ - if (!(flags & NO_CACHE)) - dir = __nis_cache_search (name, flags, &cinfo); -#endif + if (*dir != NULL) + return NIS_SUCCESS; - nis_error result = NIS_SUCCESS; - if (*dir == NULL) + (void) gettimeofday (&now, NULL); + + if ((flags & NO_CACHE) == 0) + *dir = nis_server_cache_search (name, search_parent, &server_used, + ¤t_ep, &now); + if (*dir != NULL) { - nis_error status; - directory_obj *obj; + unsigned int server_len = (*dir)->do_servers.do_servers_len; + if (flags & MASTER_ONLY) + { + server_len = 1; + if (server_used != 0) + { + server_used = ~0; + current_ep = ~0; + } + } + result = __nisbind_create (dbp, (*dir)->do_servers.do_servers_val, + server_len, server_used, current_ep, flags); + if (result != NIS_SUCCESS) + { + nis_free_directory (*dir); + *dir = NULL; + } + return result; + } - *dir = readColdStartFile (); - if (*dir == NULL) - /* No /var/nis/NIS_COLD_START->no NIS+ installed. */ - return NIS_UNAVAIL; + *dir = readColdStartFile (); + if (*dir == NULL) + /* No /var/nis/NIS_COLD_START->no NIS+ installed. */ + return NIS_UNAVAIL; - /* Try at first, if servers in "dir" know our object */ - obj = first_shoot (name, search_parent_first, *dir); + /* Try at first, if servers in "dir" know our object */ + const char *search_name = name; + if (search_parent) + search_name = __nis_domain_of (name); + obj = first_shoot (search_name, *dir); + if (obj == NULL) + { + obj = rec_dirsearch (search_name, *dir, &status); if (obj == NULL) + result = status; + } + + if (result == NIS_SUCCESS) + { + unsigned int server_len = obj->do_servers.do_servers_len; + if (flags & MASTER_ONLY) + server_len = 1; + result = __nisbind_create (dbp, obj->do_servers.do_servers_val, + server_len, ~0, ~0, flags); + if (result == NIS_SUCCESS) { - obj = rec_dirsearch (name, *dir, &status); - if (obj == NULL) - result = status; + if ((flags & MASTER_ONLY) == 0 + || obj->do_servers.do_servers_len == 1) + { + server_used = dbp->server_used; + current_ep = dbp->current_ep; + } + if ((flags & NO_CACHE) == 0) + nis_server_cache_add (name, search_parent, obj, + server_used, current_ep, &now); + } + else + { + nis_free_directory (obj); + obj = NULL; } - - *dir = obj; } + *dir = obj; + return result; } @@ -543,38 +794,19 @@ nis_error __prepare_niscall (const_nis_name name, directory_obj **dirp, dir_binding *bptrp, unsigned int flags) { - nis_error retcode = __nisfind_server (name, 1, dirp); + nis_error retcode = __nisfind_server (name, 1, dirp, bptrp, flags); if (__builtin_expect (retcode != NIS_SUCCESS, 0)) return retcode; - nis_server *server; - u_int server_len; - - if (flags & MASTER_ONLY) - { - server = (*dirp)->do_servers.do_servers_val; - server_len = 1; - } - else - { - server = (*dirp)->do_servers.do_servers_val; - server_len = (*dirp)->do_servers.do_servers_len; - } - - retcode = __nisbind_create (bptrp, server, server_len, flags); - if (retcode == NIS_SUCCESS) - { - do - if (__nisbind_connect (bptrp) == NIS_SUCCESS) - return NIS_SUCCESS; - while (__nisbind_next (bptrp) == NIS_SUCCESS); - - __nisbind_destroy (bptrp); - memset (bptrp, '\0', sizeof (*bptrp)); + do + if (__nisbind_connect (bptrp) == NIS_SUCCESS) + return NIS_SUCCESS; + while (__nisbind_next (bptrp) == NIS_SUCCESS); - retcode = NIS_NAMEUNREACHABLE; - } + __nisbind_destroy (bptrp); + memset (bptrp, '\0', sizeof (*bptrp)); + retcode = NIS_NAMEUNREACHABLE; nis_free_directory (*dirp); *dirp = NULL; |