/*ARGSUSED*/
static void
event_handler(void *cookie, char *argp, size_t asize,
door_desc_t *dp, uint_t n_desc)
{
door_cred_t cred;
nvlist_t *nvlp;
char *dtype;
if (piclevent_debug)
syslog(LOG_INFO,
"piclevent: got SLM event cookie:%p evarg:%p size:0x%x\n",
cookie, argp, asize);
if ((door_id < 0) || (argp == NULL) || (door_cred(&cred) < 0) ||
(cred.dc_euid != 0))
(void) door_return(argp, 0, NULL, 0);
if (nvlist_unpack(argp, asize, &nvlp, NULL))
(void) door_return(argp, 0, NULL, 0);
if (nvlist_lookup_string(nvlp, PICLEVENTARG_DATA_TYPE, &dtype)) {
nvlist_free(nvlp);
(void) door_return(argp, 0, NULL, 0);
}
if (strcmp(dtype, PICLEVENTARG_PICLEVENT_DATA) == 0)
parse_piclevent(nvlp);
/*
* ignore other event data types
*/
nvlist_free(nvlp);
(void) door_return(argp, 0, NULL, 0);
}
int
audit_save_me(door_data_t *door_dp)
{
door_cred_t client_cred;
int ret_val;
int i;
ret_val = door_cred(&client_cred);
if (ret_val == -1)
return (ret_val);
door_dp->audit_ap.ap_pid = client_cred.dc_pid;
ret_val = auditon(A_GETPINFO_ADDR, (caddr_t)&door_dp->audit_ap,
sizeof (door_dp->audit_ap));
if (ret_val == -1)
return (ret_val);
door_dp->audit_auid = door_dp->audit_ap.ap_auid;
door_dp->audit_euid = client_cred.dc_euid;
door_dp->audit_egid = client_cred.dc_egid;
door_dp->audit_uid = client_cred.dc_ruid;
door_dp->audit_gid = client_cred.dc_rgid;
door_dp->audit_pid = client_cred.dc_pid;
door_dp->audit_asid = door_dp->audit_ap.ap_asid;
door_dp->audit_tid.at_port = door_dp->audit_ap.ap_termid.at_port;
door_dp->audit_tid.at_type = door_dp->audit_ap.ap_termid.at_type;
for (i = 0; i < (door_dp->audit_ap.ap_termid.at_type/4); i++)
door_dp->audit_tid.at_addr[i] =
door_dp->audit_ap.ap_termid.at_addr[i];
(void) audit_save_policy(door_dp);
return (0);
}
/*
* This function returns the value of the PICL property specified by
* its name.
*/
static void
picld_get_attrval_by_name(picl_service_t *in)
{
picl_retattrvalbyname_t *ret;
int err;
size_t vbufsize;
size_t len;
door_cred_t cred;
picl_nodehdl_t ptreeh;
ptree_propinfo_t pinfo;
if (door_cred(&cred) < 0)
picld_return_error(in->in.cnum, PICL_FAILURE);
err = cvt_picl2ptree(in->req_attrvalbyname.nodeh, &ptreeh);
if (err != PICL_SUCCESS)
picld_return_error(in->in.cnum, err);
err = xptree_get_propinfo_by_name(ptreeh,
in->req_attrvalbyname.propname, &pinfo);
if (err != PICL_SUCCESS)
picld_return_error(in->in.cnum, err);
if (!(pinfo.piclinfo.accessmode & PICL_READ))
picld_return_error(in->in.cnum, PICL_NOTREADABLE);
/*
* allocate the minimum of piclinfo.size and input bufsize
*/
vbufsize = pinfo.piclinfo.size;
vbufsize = MIN((size_t)in->req_attrvalbyname.bufsize, vbufsize);
len = sizeof (picl_retattrvalbyname_t) + vbufsize;
ret = alloca(len);
if (ret == NULL)
picld_return_error(in->in.cnum, PICL_FAILURE);
ret->cnum = PICL_CNUM_GETATTRVALBYNAME;
ret->nodeh = in->req_attrvalbyname.nodeh;
(void) strcpy(ret->propname, in->req_attrvalbyname.propname);
ret->nbytes = (uint32_t)vbufsize;
err = xptree_get_propval_by_name_with_cred(ptreeh,
in->req_attrvalbyname.propname, ret->ret_buf, vbufsize,
cred);
if (err != PICL_SUCCESS)
picld_return_error(in->in.cnum, err);
/*
* adjust returned value size for charstrings
*/
if (pinfo.piclinfo.type == PICL_PTYPE_CHARSTRING)
ret->nbytes = (uint32_t)strlen(ret->ret_buf) + 1;
if ((pinfo.piclinfo.type == PICL_PTYPE_TABLE) ||
(pinfo.piclinfo.type == PICL_PTYPE_REFERENCE))
cvt_ptree2picl(&ret->ret_nodeh);
(void) rw_unlock(&init_lk);
(void) door_return((char *)ret, sizeof (picl_retattrvalbyname_t) +
(size_t)ret->nbytes, NULL, 0);
}
/*
* This function returns the value of the PICL property
*/
static void
picld_get_attrval(picl_service_t *in)
{
picl_retattrval_t *ret;
int err;
size_t vbufsize;
size_t len;
door_cred_t cred;
picl_prophdl_t ptreeh;
ptree_propinfo_t pinfo;
if (door_cred(&cred) < 0)
picld_return_error(in->in.cnum, PICL_FAILURE);
err = cvt_picl2ptree(in->req_attrval.attr, &ptreeh);
if (err != PICL_SUCCESS)
picld_return_error(in->in.cnum, err);
err = ptree_get_propinfo(ptreeh, &pinfo);
if (err != PICL_SUCCESS)
picld_return_error(in->in.cnum, err);
if (!(pinfo.piclinfo.accessmode & PICL_READ))
picld_return_error(in->in.cnum, PICL_NOTREADABLE);
vbufsize = pinfo.piclinfo.size;
vbufsize = MIN((size_t)in->req_attrval.bufsize, vbufsize);
len = sizeof (picl_retattrval_t) + vbufsize;
ret = alloca(len);
if (ret == NULL)
picld_return_error(in->in.cnum, PICL_FAILURE);
ret->cnum = PICL_CNUM_GETATTRVAL;
ret->attr = in->req_attrval.attr;
ret->nbytes = (uint32_t)vbufsize;
err = xptree_get_propval_with_cred(ptreeh, ret->ret_buf, vbufsize,
cred);
if (err != PICL_SUCCESS)
picld_return_error(in->in.cnum, err);
/*
* adjust returned bytes for charstrings
*/
if (pinfo.piclinfo.type == PICL_PTYPE_CHARSTRING)
ret->nbytes = (uint32_t)strlen(ret->ret_buf) + 1;
/*
* convert handle values to picl handles
*/
if ((pinfo.piclinfo.type == PICL_PTYPE_TABLE) ||
(pinfo.piclinfo.type == PICL_PTYPE_REFERENCE))
cvt_ptree2picl(&ret->ret_nodeh);
(void) rw_unlock(&init_lk);
(void) door_return((char *)ret, sizeof (picl_retattrval_t) +
(size_t)ret->nbytes, NULL, 0);
}
/*
* This function sets the value of a property specified by its name.
*/
static void
picld_set_attrval_by_name(picl_service_t *in)
{
picl_retsetattrvalbyname_t ret;
int err;
door_cred_t cred;
picl_prophdl_t ptreeh;
ptree_propinfo_t pinfo;
if (door_cred(&cred) < 0)
picld_return_error(in->in.cnum, PICL_FAILURE);
err = cvt_picl2ptree(in->req_setattrvalbyname.nodeh, &ptreeh);
if (err != PICL_SUCCESS)
picld_return_error(in->in.cnum, err);
err = xptree_get_propinfo_by_name(ptreeh,
in->req_setattrvalbyname.propname, &pinfo);
if (err != PICL_SUCCESS)
picld_return_error(in->in.cnum, err);
if (!(pinfo.piclinfo.accessmode & PICL_WRITE))
picld_return_error(in->in.cnum, PICL_NOTWRITABLE);
/*
* For non-volatile prop, only super user can set its value.
*/
if (!(pinfo.piclinfo.accessmode & PICL_VOLATILE) &&
(cred.dc_euid != SUPER_USER))
picld_return_error(in->in.cnum, PICL_PERMDENIED);
ret.cnum = PICL_CNUM_SETATTRVALBYNAME;
ret.nodeh = in->req_setattrvalbyname.nodeh;
(void) strcpy(ret.propname, in->req_setattrvalbyname.propname);
err = xptree_update_propval_by_name_with_cred(ptreeh,
in->req_setattrvalbyname.propname,
in->req_setattrvalbyname.valbuf,
(size_t)in->req_setattrvalbyname.bufsize,
cred);
if (err != PICL_SUCCESS)
picld_return_error(in->in.cnum, err);
(void) rw_unlock(&init_lk);
(void) door_return((char *)&ret, sizeof (picl_retsetattrvalbyname_t),
NULL, 0);
}
/*
* Sanity check that dsvcd_request_t `req' (which is `reqsize' bytes long)
* is a correctly formed request; if not, return an error which will be
* returned to the door caller.
*/
static int
check_door_req(dsvcd_request_t *req, size_t reqsize, size_t minsize)
{
door_cred_t cred;
if (req == NULL) {
dhcpmsg(MSG_WARNING, "empty request, ignoring");
return (DSVC_SYNCH_ERR);
}
/*
* Check credentials; we don't allow any non-super-user requests
* since this would open a denial-of-service hole (since a lock
* could be checked out indefinitely).
*/
if (door_cred(&cred) != 0) {
dhcpmsg(MSG_WARNING, "request with unknown credentials");
return (DSVC_ACCESS);
}
if (cred.dc_euid != 0) {
dhcpmsg(MSG_WARNING, "request with non-super-user credentials");
return (DSVC_ACCESS);
}
/*
* Check the version and size; we check this before checking the
* size of the request structure since an "incompatible version"
* message is more helpful than a "short request" message.
*/
if (reqsize > offsetof(dsvcd_request_t, rq_version) &&
req->rq_version != DSVCD_DOOR_VERSION) {
dhcpmsg(MSG_WARNING, "request with unsupported version `%d'",
req->rq_version);
return (DSVC_SYNCH_ERR);
}
if (reqsize < minsize) {
dhcpmsg(MSG_VERBOSE, "short request (%d bytes, minimum %d "
"bytes)", reqsize, minsize);
return (DSVC_SYNCH_ERR);
}
return (DSVC_SUCCESS);
}
static void server_proc (void *cookie, char *argp, size_t arg_size,
door_desc_t *dp, uint_t n_desc)
{
long arg;
long res;
door_cred_t info;
if (door_cred (&info) == -1)
err_msg ("door_cred failed");
printf ("Client credentials:\n");
printf (" Effective user ID = %ld\n", info.dc_euid);
printf (" Effective group ID = %ld\n", info.dc_egid);
printf (" Real user ID = %ld\n", info.dc_ruid);
printf (" Real group ID = %ld\n", info.dc_rgid);
printf (" Process ID = %ld\n", info.dc_pid);
arg = *((long *) argp);
res = arg * arg;
if (door_return ((char *) &res, sizeof (long), NULL, 0) == -1)
err_msg ("door_return failed");
}
