search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Updated to fedora-glibc-20040930T0838
[glibc/history.git] / nscd / connections.c
blob53795bb3b99d16a04bf02040618f23edb6569adc
1 /* Inner loops of cache daemon.
2 Copyright (C) 1998-2003, 2004 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4 Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.
5
6 The GNU C Library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
10
11 The GNU C Library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public
17 License along with the GNU C Library; if not, write to the Free
18 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
19 02111-1307 USA. */
20
21 #include <assert.h>
22 #include <atomic.h>
23 #include <error.h>
24 #include <errno.h>
25 #include <fcntl.h>
26 #include <grp.h>
27 #include <libintl.h>
28 #include <pthread.h>
29 #include <pwd.h>
30 #include <resolv.h>
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <unistd.h>
34 #include <arpa/inet.h>
35 #include <sys/mman.h>
36 #include <sys/param.h>
37 #include <sys/poll.h>
38 #include <sys/socket.h>
39 #include <sys/stat.h>
40 #include <sys/un.h>
41
42 #include "nscd.h"
43 #include "dbg_log.h"
44 #include "selinux.h"
45
46
47 /* Number of bytes of data we initially reserve for each hash table bucket. */
48 #define DEFAULT_DATASIZE_PER_BUCKET 1024
49
50
51 /* Wrapper functions with error checking for standard functions. */
52 extern void *xmalloc (size_t n);
53 extern void *xcalloc (size_t n, size_t s);
54 extern void *xrealloc (void *o, size_t n);
55
56 /* Support to run nscd as an unprivileged user */
57 const char *server_user;
58 static uid_t server_uid;
59 static gid_t server_gid;
60 const char *stat_user;
61 uid_t stat_uid;
62 static gid_t *server_groups;
63 #ifndef NGROUPS
64 # define NGROUPS 32
65 #endif
66 static int server_ngroups;
67
68 static void begin_drop_privileges (void);
69 static void finish_drop_privileges (void);
70
71 /* Map request type to a string. */
72 const char *serv2str[LASTREQ] =
73 {
74 [GETPWBYNAME] = "GETPWBYNAME",
75 [GETPWBYUID] = "GETPWBYUID",
76 [GETGRBYNAME] = "GETGRBYNAME",
77 [GETGRBYGID] = "GETGRBYGID",
78 [GETHOSTBYNAME] = "GETHOSTBYNAME",
79 [GETHOSTBYNAMEv6] = "GETHOSTBYNAMEv6",
80 [GETHOSTBYADDR] = "GETHOSTBYADDR",
81 [GETHOSTBYADDRv6] = "GETHOSTBYADDRv6",
82 [SHUTDOWN] = "SHUTDOWN",
83 [GETSTAT] = "GETSTAT",
84 [INVALIDATE] = "INVALIDATE",
85 [GETFDPW] = "GETFDPW",
86 [GETFDGR] = "GETFDGR",
87 [GETFDHST] = "GETFDHST",
88 [GETAI] = "GETAI",
89 [INITGROUPS] = "INITGROUPS"
90 };
91
92 /* The control data structures for the services. */
93 struct database_dyn dbs[lastdb] =
94 {
95 [pwddb] = {
96 .lock = PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP,
97 .enabled = 0,
98 .check_file = 1,
99 .persistent = 0,
100 .shared = 0,
101 .filename = "/etc/passwd",
102 .db_filename = _PATH_NSCD_PASSWD_DB,
103 .disabled_iov = &pwd_iov_disabled,
104 .postimeout = 3600,
105 .negtimeout = 20,
106 .wr_fd = -1,
107 .ro_fd = -1,
108 .mmap_used = false
109 },
110 [grpdb] = {
111 .lock = PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP,
112 .enabled = 0,
113 .check_file = 1,
114 .persistent = 0,
115 .shared = 0,
116 .filename = "/etc/group",
117 .db_filename = _PATH_NSCD_GROUP_DB,
118 .disabled_iov = &grp_iov_disabled,
119 .postimeout = 3600,
120 .negtimeout = 60,
121 .wr_fd = -1,
122 .ro_fd = -1,
123 .mmap_used = false
124 },
125 [hstdb] = {
126 .lock = PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP,
127 .enabled = 0,
128 .check_file = 1,
129 .persistent = 0,
130 .shared = 0,
131 .filename = "/etc/hosts",
132 .db_filename = _PATH_NSCD_HOSTS_DB,
133 .disabled_iov = &hst_iov_disabled,
134 .postimeout = 3600,
135 .negtimeout = 20,
136 .wr_fd = -1,
137 .ro_fd = -1,
138 .mmap_used = false
139 }
140 };
141
142
143 /* Mapping of request type to database. */
144 static struct database_dyn *const serv2db[LASTREQ] =
145 {
146 [GETPWBYNAME] = &dbs[pwddb],
147 [GETPWBYUID] = &dbs[pwddb],
148 [GETGRBYNAME] = &dbs[grpdb],
149 [GETGRBYGID] = &dbs[grpdb],
150 [GETHOSTBYNAME] = &dbs[hstdb],
151 [GETHOSTBYNAMEv6] = &dbs[hstdb],
152 [GETHOSTBYADDR] = &dbs[hstdb],
153 [GETHOSTBYADDRv6] = &dbs[hstdb],
154 [GETFDPW] = &dbs[pwddb],
155 [GETFDGR] = &dbs[grpdb],
156 [GETFDHST] = &dbs[hstdb],
157 [GETAI] = &dbs[hstdb],
158 [INITGROUPS] = &dbs[grpdb]
159 };
160
161
162 /* Number of seconds between two cache pruning runs. */
163 #define CACHE_PRUNE_INTERVAL 15
164
165
166 /* Number of threads to use. */
167 int nthreads = -1;
168
169 /* Socket for incoming connections. */
170 static int sock;
171
172 /* Number of times clients had to wait. */
173 unsigned long int client_queued;
174
175
176 /* Initialize database information structures. */
177 void
178 nscd_init (void)
179 {
180 struct sockaddr_un sock_addr;
181 size_t cnt;
182
183 /* Secure mode and unprivileged mode are incompatible */
184 if (server_user != NULL && secure_in_use)
185 {
186 dbg_log (_("Cannot run nscd in secure mode as unprivileged user"));
187 exit (1);
188 }
189
190 /* Look up unprivileged uid/gid/groups before we start listening on the
191 socket */
192 if (server_user != NULL)
193 begin_drop_privileges ();
194
195 if (nthreads == -1)
196 /* No configuration for this value, assume a default. */
197 nthreads = 2 * lastdb;
198
199 for (cnt = 0; cnt < lastdb; ++cnt)
200 if (dbs[cnt].enabled)
201 {
202 pthread_rwlock_init (&dbs[cnt].lock, NULL);
203 pthread_mutex_init (&dbs[cnt].memlock, NULL);
204
205 if (dbs[cnt].persistent)
206 {
207 /* Try to open the appropriate file on disk. */
208 int fd = open (dbs[cnt].db_filename, O_RDWR);
209 if (fd != -1)
210 {
211 struct stat64 st;
212 void *mem;
213 size_t total;
214 struct database_pers_head head;
215 ssize_t n = TEMP_FAILURE_RETRY (read (fd, &head,
216 sizeof (head)));
217 if (n != sizeof (head) || fstat64 (fd, &st) != 0)
218 {
219 fail_db:
220 dbg_log (_("invalid persistent database file \"%s\": %s"),
221 dbs[cnt].db_filename, strerror (errno));
222 dbs[cnt].persistent = 0;
223 }
224 else if (head.module == 0 && head.data_size == 0)
225 {
226 /* The file has been created, but the head has not been
227 initialized yet. Remove the old file. */
228 unlink (dbs[cnt].db_filename);
229 }
230 else if (head.header_size != (int) sizeof (head))
231 {
232 dbg_log (_("invalid persistent database file \"%s\": %s"),
233 dbs[cnt].db_filename,
234 _("header size does not match"));
235 dbs[cnt].persistent = 0;
236 }
237 else if ((total = (sizeof (head)
238 + roundup (head.module * sizeof (ref_t),
239 ALIGN)
240 + head.data_size))
241 > st.st_size)
242 {
243 dbg_log (_("invalid persistent database file \"%s\": %s"),
244 dbs[cnt].db_filename,
245 _("file size does not match"));
246 dbs[cnt].persistent = 0;
247 }
248 else if ((mem = mmap (NULL, total, PROT_READ | PROT_WRITE,
249 MAP_SHARED, fd, 0)) == MAP_FAILED)
250 goto fail_db;
251 else
252 {
253 /* Success. We have the database. */
254 dbs[cnt].head = mem;
255 dbs[cnt].memsize = total;
256 dbs[cnt].data = (char *)
257 &dbs[cnt].head->array[roundup (dbs[cnt].head->module,
258 ALIGN / sizeof (ref_t))];
259 dbs[cnt].mmap_used = true;
260
261 if (dbs[cnt].suggested_module > head.module)
262 dbg_log (_("suggested size of table for database %s larger than the persistent database's table"),
263 dbnames[cnt]);
264
265 dbs[cnt].wr_fd = fd;
266 fd = -1;
267 /* We also need a read-only descriptor. */
268 if (dbs[cnt].shared)
269 {
270 dbs[cnt].ro_fd = open (dbs[cnt].db_filename, O_RDONLY);
271 if (dbs[cnt].ro_fd == -1)
272 dbg_log (_("\
273 cannot create read-only descriptor for \"%s\"; no mmap"),
274 dbs[cnt].db_filename);
275 }
276
277 // XXX Shall we test whether the descriptors actually
278 // XXX point to the same file?
279 }
280
281 /* Close the file descriptors in case something went
282 wrong in which case the variable have not been
283 assigned -1. */
284 if (fd != -1)
285 close (fd);
286 }
287 }
288
289 if (dbs[cnt].head == NULL)
290 {
291 /* No database loaded. Allocate the data structure,
292 possibly on disk. */
293 struct database_pers_head head;
294 size_t total = (sizeof (head)
295 + roundup (dbs[cnt].suggested_module
296 * sizeof (ref_t), ALIGN)
297 + (dbs[cnt].suggested_module
298 * DEFAULT_DATASIZE_PER_BUCKET));
299
300 /* Try to create the database. If we do not need a
301 persistent database create a temporary file. */
302 int fd;
303 int ro_fd = -1;
304 if (dbs[cnt].persistent)
305 {
306 fd = open (dbs[cnt].db_filename,
307 O_RDWR | O_CREAT | O_EXCL | O_TRUNC,
308 S_IRUSR | S_IWUSR);
309 if (fd != -1 && dbs[cnt].shared)
310 ro_fd = open (dbs[cnt].db_filename, O_RDONLY);
311 }
312 else
313 {
314 size_t slen = strlen (dbs[cnt].db_filename);
315 char fname[slen + 8];
316 strcpy (mempcpy (fname, dbs[cnt].db_filename, slen),
317 ".XXXXXX");
318 fd = mkstemp (fname);
319
320 /* We do not need the file name anymore after we
321 opened another file descriptor in read-only mode. */
322 if (fd != -1 && dbs[cnt].shared)
323 {
324 ro_fd = open (fname, O_RDONLY);
325
326 unlink (fname);
327 }
328 }
329
330 if (fd == -1)
331 {
332 if (errno == EEXIST)
333 {
334 dbg_log (_("database for %s corrupted or simultaneously used; remove %s manually if necessary and restart"),
335 dbnames[cnt], dbs[cnt].db_filename);
336 // XXX Correct way to terminate?
337 exit (1);
338 }
339
340 if (dbs[cnt].persistent)
341 dbg_log (_("cannot create %s; no persistent database used"),
342 dbs[cnt].db_filename);
343 else
344 dbg_log (_("cannot create %s; no sharing possible"),
345 dbs[cnt].db_filename);
346
347 dbs[cnt].persistent = 0;
348 // XXX remember: no mmap
349 }
350 else
351 {
352 /* Tell the user if we could not create the read-only
353 descriptor. */
354 if (ro_fd == -1 && dbs[cnt].shared)
355 dbg_log (_("\
356 cannot create read-only descriptor for \"%s\"; no mmap"),
357 dbs[cnt].db_filename);
358
359 /* Before we create the header, initialiye the hash
360 table. So that if we get interrupted if writing
361 the header we can recognize a partially initialized
362 database. */
363 size_t ps = sysconf (_SC_PAGESIZE);
364 char tmpbuf[ps];
365 assert (~ENDREF == 0);
366 memset (tmpbuf, '\xff', ps);
367
368 size_t remaining = dbs[cnt].suggested_module * sizeof (ref_t);
369 off_t offset = sizeof (head);
370
371 size_t towrite;
372 if (offset % ps != 0)
373 {
374 towrite = MIN (remaining, ps - (offset % ps));
375 pwrite (fd, tmpbuf, towrite, offset);
376 offset += towrite;
377 remaining -= towrite;
378 }
379
380 while (remaining > ps)
381 {
382 pwrite (fd, tmpbuf, ps, offset);
383 offset += ps;
384 remaining -= ps;
385 }
386
387 if (remaining > 0)
388 pwrite (fd, tmpbuf, remaining, offset);
389
390 /* Create the header of the file. */
391 struct database_pers_head head =
392 {
393 .version = DB_VERSION,
394 .header_size = sizeof (head),
395 .module = dbs[cnt].suggested_module,
396 .data_size = (dbs[cnt].suggested_module
397 * DEFAULT_DATASIZE_PER_BUCKET),
398 .first_free = 0
399 };
400 void *mem;
401
402 if ((TEMP_FAILURE_RETRY (write (fd, &head, sizeof (head)))
403 != sizeof (head))
404 || ftruncate (fd, total) != 0
405 || (mem = mmap (NULL, total, PROT_READ | PROT_WRITE,
406 MAP_SHARED, fd, 0)) == MAP_FAILED)
407 {
408 unlink (dbs[cnt].db_filename);
409 dbg_log (_("cannot write to database file %s: %s"),
410 dbs[cnt].db_filename, strerror (errno));
411 dbs[cnt].persistent = 0;
412 }
413 else
414 {
415 /* Success. */
416 dbs[cnt].head = mem;
417 dbs[cnt].data = (char *)
418 &dbs[cnt].head->array[roundup (dbs[cnt].head->module,
419 ALIGN / sizeof (ref_t))];
420 dbs[cnt].memsize = total;
421 dbs[cnt].mmap_used = true;
422
423 /* Remember the descriptors. */
424 dbs[cnt].wr_fd = fd;
425 dbs[cnt].ro_fd = ro_fd;
426 fd = -1;
427 ro_fd = -1;
428 }
429
430 if (fd != -1)
431 close (fd);
432 if (ro_fd != -1)
433 close (ro_fd);
434 }
435 }
436
437 if (dbs[cnt].head == NULL)
438 {
439 /* We do not use the persistent database. Just
440 create an in-memory data structure. */
441 assert (! dbs[cnt].persistent);
442
443 dbs[cnt].head = xmalloc (sizeof (struct database_pers_head)
444 + (dbs[cnt].suggested_module
445 * sizeof (ref_t)));
446 memset (dbs[cnt].head, '\0', sizeof (dbs[cnt].head));
447 assert (~ENDREF == 0);
448 memset (dbs[cnt].head->array, '\xff',
449 dbs[cnt].suggested_module * sizeof (ref_t));
450 dbs[cnt].head->module = dbs[cnt].suggested_module;
451 dbs[cnt].head->data_size = (DEFAULT_DATASIZE_PER_BUCKET
452 * dbs[cnt].head->module);
453 dbs[cnt].data = xmalloc (dbs[cnt].head->data_size);
454 dbs[cnt].head->first_free = 0;
455
456 dbs[cnt].shared = 0;
457 assert (dbs[cnt].ro_fd == -1);
458 }
459
460 if (dbs[cnt].check_file)
461 {
462 /* We need the modification date of the file. */
463 struct stat st;
464
465 if (stat (dbs[cnt].filename, &st) < 0)
466 {
467 /* We cannot stat() the file, disable file checking. */
468 dbg_log (_("cannot stat() file `%s': %s"),
469 dbs[cnt].filename, strerror (errno));
470 dbs[cnt].check_file = 0;
471 }
472 else
473 dbs[cnt].file_mtime = st.st_mtime;
474 }
475 }
476
477 /* Create the socket. */
478 sock = socket (AF_UNIX, SOCK_STREAM, 0);
479 if (sock < 0)
480 {
481 dbg_log (_("cannot open socket: %s"), strerror (errno));
482 exit (1);
483 }
484 /* Bind a name to the socket. */
485 sock_addr.sun_family = AF_UNIX;
486 strcpy (sock_addr.sun_path, _PATH_NSCDSOCKET);
487 if (bind (sock, (struct sockaddr *) &sock_addr, sizeof (sock_addr)) < 0)
488 {
489 dbg_log ("%s: %s", _PATH_NSCDSOCKET, strerror (errno));
490 exit (1);
491 }
492
493 /* We don't wait for data otherwise races between threads can get
494 them stuck on accept. */
495 int fl = fcntl (sock, F_GETFL);
496 if (fl != -1)
497 fcntl (sock, F_SETFL, fl | O_NONBLOCK);
498
499 /* Set permissions for the socket. */
500 chmod (_PATH_NSCDSOCKET, DEFFILEMODE);
501
502 /* Set the socket up to accept connections. */
503 if (listen (sock, SOMAXCONN) < 0)
504 {
505 dbg_log (_("cannot enable socket to accept connections: %s"),
506 strerror (errno));
507 exit (1);
508 }
509
510 /* Change to unprivileged uid/gid/groups if specifed in config file */
511 if (server_user != NULL)
512 finish_drop_privileges ();
513 }
514
515
516 /* Close the connections. */
517 void
518 close_sockets (void)
519 {
520 close (sock);
521 }
522
523
524 static void
525 invalidate_cache (char *key)
526 {
527 dbtype number;
528
529 if (strcmp (key, "passwd") == 0)
530 number = pwddb;
531 else if (strcmp (key, "group") == 0)
532 number = grpdb;
533 else if (__builtin_expect (strcmp (key, "hosts"), 0) == 0)
534 {
535 number = hstdb;
536
537 /* Re-initialize the resolver. resolv.conf might have changed. */
538 res_init ();
539 }
540 else
541 return;
542
543 if (dbs[number].enabled)
544 prune_cache (&dbs[number], LONG_MAX);
545 }
546
547
548 #ifdef SCM_RIGHTS
549 static void
550 send_ro_fd (struct database_dyn *db, char *key, int fd)
551 {
552 /* If we do not have an read-only file descriptor do nothing. */
553 if (db->ro_fd == -1)
554 return;
555
556 /* We need to send some data along with the descriptor. */
557 struct iovec iov[1];
558 iov[0].iov_base = key;
559 iov[0].iov_len = strlen (key) + 1;
560
561 /* Prepare the control message to transfer the descriptor. */
562 char buf[CMSG_SPACE (sizeof (int))];
563 struct msghdr msg = { .msg_iov = iov, .msg_iovlen = 1,
564 .msg_control = buf, .msg_controllen = sizeof (buf) };
565 struct cmsghdr *cmsg = CMSG_FIRSTHDR (&msg);
566
567 cmsg->cmsg_level = SOL_SOCKET;
568 cmsg->cmsg_type = SCM_RIGHTS;
569 cmsg->cmsg_len = CMSG_LEN (sizeof (int));
570
571 *(int *) CMSG_DATA (cmsg) = db->ro_fd;
572
573 msg.msg_controllen = cmsg->cmsg_len;
574
575 /* Send the control message. We repeat when we are interrupted but
576 everything else is ignored. */
577 (void) TEMP_FAILURE_RETRY (sendmsg (fd, &msg, 0));
578
579 if (__builtin_expect (debug_level > 0, 0))
580 dbg_log (_("provide access to FD %d, for %s"), db->ro_fd, key);
581 }
582 #endif /* SCM_RIGHTS */
583
584
585 /* Handle new request. */
586 static void
587 handle_request (int fd, request_header *req, void *key, uid_t uid)
588 {
589 if (__builtin_expect (req->version, NSCD_VERSION) != NSCD_VERSION)
590 {
591 if (debug_level > 0)
592 dbg_log (_("\
593 cannot handle old request version %d; current version is %d"),
594 req->version, NSCD_VERSION);
595 return;
596 }
597
598 /* Make the SELinux check before we go on to the standard checks. We
599 need to verify that the request type is valid, since it has not
600 yet been checked at this point. */
601 if (selinux_enabled
602 && __builtin_expect (req->type, GETPWBYNAME) >= GETPWBYNAME
603 && __builtin_expect (req->type, LASTREQ) < LASTREQ
604 && nscd_request_avc_has_perm (fd, req->type) != 0)
605 return;
606
607 struct database_dyn *db = serv2db[req->type];
608
609 // XXX Clean up so that each new command need not introduce a
610 // XXX new conditional.
611 if ((__builtin_expect (req->type, GETPWBYNAME) >= GETPWBYNAME
612 && __builtin_expect (req->type, LASTDBREQ) <= LASTDBREQ)
613 || req->type == GETAI || req->type == INITGROUPS)
614 {
615 if (__builtin_expect (debug_level, 0) > 0)
616 {
617 if (req->type == GETHOSTBYADDR || req->type == GETHOSTBYADDRv6)
618 {
619 char buf[INET6_ADDRSTRLEN];
620
621 dbg_log ("\t%s (%s)", serv2str[req->type],
622 inet_ntop (req->type == GETHOSTBYADDR
623 ? AF_INET : AF_INET6,
624 key, buf, sizeof (buf)));
625 }
626 else
627 dbg_log ("\t%s (%s)", serv2str[req->type], (char *) key);
628 }
629
630 /* Is this service enabled? */
631 if (!db->enabled)
632 {
633 /* No, sent the prepared record. */
634 if (TEMP_FAILURE_RETRY (write (fd, db->disabled_iov->iov_base,
635 db->disabled_iov->iov_len))
636 != (ssize_t) db->disabled_iov->iov_len
637 && __builtin_expect (debug_level, 0) > 0)
638 {
639 /* We have problems sending the result. */
640 char buf[256];
641 dbg_log (_("cannot write result: %s"),
642 strerror_r (errno, buf, sizeof (buf)));
643 }
644
645 return;
646 }
647
648 /* Be sure we can read the data. */
649 if (__builtin_expect (pthread_rwlock_tryrdlock (&db->lock) != 0, 0))
650 {
651 ++db->head->rdlockdelayed;
652 pthread_rwlock_rdlock (&db->lock);
653 }
654
655 /* See whether we can handle it from the cache. */
656 struct datahead *cached;
657 cached = (struct datahead *) cache_search (req->type, key, req->key_len,
658 db, uid);
659 if (cached != NULL)
660 {
661 /* Hurray it's in the cache. */
662 if (TEMP_FAILURE_RETRY (write (fd, cached->data, cached->recsize))
663 != cached->recsize
664 && __builtin_expect (debug_level, 0) > 0)
665 {
666 /* We have problems sending the result. */
667 char buf[256];
668 dbg_log (_("cannot write result: %s"),
669 strerror_r (errno, buf, sizeof (buf)));
670 }
671
672 pthread_rwlock_unlock (&db->lock);
673
674 return;
675 }
676
677 pthread_rwlock_unlock (&db->lock);
678 }
679 else if (__builtin_expect (debug_level, 0) > 0)
680 {
681 if (req->type == INVALIDATE)
682 dbg_log ("\t%s (%s)", serv2str[req->type], (char *) key);
683 else
684 dbg_log ("\t%s", serv2str[req->type]);
685 }
686
687 /* Handle the request. */
688 switch (req->type)
689 {
690 case GETPWBYNAME:
691 addpwbyname (db, fd, req, key, uid);
692 break;
693
694 case GETPWBYUID:
695 addpwbyuid (db, fd, req, key, uid);
696 break;
697
698 case GETGRBYNAME:
699 addgrbyname (db, fd, req, key, uid);
700 break;
701
702 case GETGRBYGID:
703 addgrbygid (db, fd, req, key, uid);
704 break;
705
706 case GETHOSTBYNAME:
707 addhstbyname (db, fd, req, key, uid);
708 break;
709
710 case GETHOSTBYNAMEv6:
711 addhstbynamev6 (db, fd, req, key, uid);
712 break;
713
714 case GETHOSTBYADDR:
715 addhstbyaddr (db, fd, req, key, uid);
716 break;
717
718 case GETHOSTBYADDRv6:
719 addhstbyaddrv6 (db, fd, req, key, uid);
720 break;
721
722 case GETAI:
723 addhstai (db, fd, req, key, uid);
724 break;
725
726 case INITGROUPS:
727 addinitgroups (db, fd, req, key, uid);
728 break;
729
730 case GETSTAT:
731 case SHUTDOWN:
732 case INVALIDATE:
733 if (! secure_in_use)
734 {
735 /* Get the callers credentials. */
736 #ifdef SO_PEERCRED
737 struct ucred caller;
738 socklen_t optlen = sizeof (caller);
739
740 if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &caller, &optlen) < 0)
741 {
742 char buf[256];
743
744 dbg_log (_("error getting callers id: %s"),
745 strerror_r (errno, buf, sizeof (buf)));
746 break;
747 }
748
749 uid = caller.uid;
750 #else
751 /* Some systems have no SO_PEERCRED implementation. They don't
752 care about security so we don't as well. */
753 uid = 0;
754 #endif
755 }
756
757 /* Accept shutdown, getstat and invalidate only from root. For
758 the stat call also allow the user specified in the config file. */
759 if (req->type == GETSTAT)
760 {
761 if (uid == 0 || uid == stat_uid)
762 send_stats (fd, dbs);
763 }
764 else if (uid == 0)
765 {
766 if (req->type == INVALIDATE)
767 invalidate_cache (key);
768 else
769 termination_handler (0);
770 }
771 break;
772
773 case GETFDPW:
774 case GETFDGR:
775 case GETFDHST:
776 #ifdef SCM_RIGHTS
777 send_ro_fd (serv2db[req->type], key, fd);
778 #endif
779 break;
780
781 default:
782 /* Ignore the command, it's nothing we know. */
783 break;
784 }
785 }
786
787
788 /* This is the main loop. It is replicated in different threads but the
789 `poll' call makes sure only one thread handles an incoming connection. */
790 static void *
791 __attribute__ ((__noreturn__))
792 nscd_run (void *p)
793 {
794 long int my_number = (long int) p;
795 struct pollfd conn;
796 int run_prune = my_number < lastdb && dbs[my_number].enabled;
797 time_t next_prune = run_prune ? time (NULL) + CACHE_PRUNE_INTERVAL : 0;
798 static unsigned long int nready;
799
800 if (run_prune)
801 setup_thread (&dbs[my_number]);
802
803 conn.fd = sock;
804 conn.events = POLLRDNORM;
805
806 while (1)
807 {
808 int nr;
809 time_t now = 0;
810
811 /* One more thread available. */
812 atomic_increment (&nready);
813
814 no_conn:
815 do
816 {
817 int timeout = -1;
818 if (run_prune)
819 {
820 /* NB: we do not flush the timestamp update using msync since
821 this value doesnot matter on disk. */
822 dbs[my_number].head->timestamp = now = time (NULL);
823 timeout = now < next_prune ? 1000 * (next_prune - now) : 0;
824 }
825
826 nr = poll (&conn, 1, timeout);
827
828 if (nr == 0)
829 {
830 /* The `poll' call timed out. It's time to clean up the
831 cache. */
832 atomic_decrement (&nready);
833 assert (my_number < lastdb);
834 prune_cache (&dbs[my_number], time(NULL));
835 now = time (NULL);
836 next_prune = now + CACHE_PRUNE_INTERVAL;
837
838 goto try_get;
839 }
840 }
841 while ((conn.revents & POLLRDNORM) == 0);
842
843 got_data:;
844 /* We have a new incoming connection. Accept the connection. */
845 int fd = TEMP_FAILURE_RETRY (accept (conn.fd, NULL, NULL));
846 request_header req;
847 char buf[256];
848 uid_t uid = -1;
849 #ifdef SO_PEERCRED
850 pid_t pid = 0;
851 #endif
852
853 if (__builtin_expect (fd, 0) < 0)
854 {
855 if (errno != EAGAIN && errno != EWOULDBLOCK)
856 dbg_log (_("while accepting connection: %s"),
857 strerror_r (errno, buf, sizeof (buf)));
858 goto no_conn;
859 }
860
861 /* This thread is busy. */
862 atomic_decrement (&nready);
863
864 /* Now read the request. */
865 if (__builtin_expect (TEMP_FAILURE_RETRY (read (fd, &req, sizeof (req)))
866 != sizeof (req), 0))
867 {
868 if (debug_level > 0)
869 dbg_log (_("short read while reading request: %s"),
870 strerror_r (errno, buf, sizeof (buf)));
871 close (fd);
872 continue;
873 }
874
875 /* Check whether this is a valid request type. */
876 if (req.type < GETPWBYNAME || req.type >= LASTREQ)
877 goto close_and_out;
878
879 /* Some systems have no SO_PEERCRED implementation. They don't
880 care about security so we don't as well. */
881 #ifdef SO_PEERCRED
882 if (secure_in_use)
883 {
884 struct ucred caller;
885 socklen_t optlen = sizeof (caller);
886
887 if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &caller, &optlen) < 0)
888 {
889 dbg_log (_("error getting callers id: %s"),
890 strerror_r (errno, buf, sizeof (buf)));
891 goto close_and_out;
892 }
893
894 if (req.type < GETPWBYNAME || req.type > LASTDBREQ
895 || serv2db[req.type]->secure)
896 uid = caller.uid;
897
898 pid = caller.pid;
899 }
900 else if (__builtin_expect (debug_level > 0, 0))
901 {
902 struct ucred caller;
903 socklen_t optlen = sizeof (caller);
904
905 if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &caller, &optlen) == 0)
906 pid = caller.pid;
907 }
908 #endif
909
910 /* It should not be possible to crash the nscd with a silly
911 request (i.e., a terribly large key). We limit the size to 1kb. */
912 if (__builtin_expect (req.key_len, 1) < 0
913 || __builtin_expect (req.key_len, 1) > 1024)
914 {
915 if (debug_level > 0)
916 dbg_log (_("key length in request too long: %d"), req.key_len);
917 }
918 else
919 {
920 /* Get the key. */
921 char keybuf[req.key_len];
922
923 if (__builtin_expect (TEMP_FAILURE_RETRY (read (fd, keybuf,
924 req.key_len))
925 != req.key_len, 0))
926 {
927 if (debug_level > 0)
928 dbg_log (_("short read while reading request key: %s"),
929 strerror_r (errno, buf, sizeof (buf)));
930 close (fd);
931 continue;
932 }
933
934 if (__builtin_expect (debug_level, 0) > 0)
935 {
936 #ifdef SO_PEERCRED
937 if (pid != 0)
938 dbg_log (_("\
939 handle_request: request received (Version = %d) from PID %ld"),
940 req.version, (long int) pid);
941 else
942 #endif
943 dbg_log (_("\
944 handle_request: request received (Version = %d)"), req.version);
945 }
946
947 /* Phew, we got all the data, now process it. */
948 handle_request (fd, &req, keybuf, uid);
949 }
950
951 close_and_out:
952 /* We are done. */
953 close (fd);
954
955 /* Just determine whether any data is present. We do this to
956 measure whether clients are queued up. */
957 try_get:
958 nr = poll (&conn, 1, 0);
959 if (nr != 0)
960 {
961 if (nready == 0)
962 ++client_queued;
963
964 atomic_increment (&nready);
965
966 goto got_data;
967 }
968 }
969 }
970
971
972 /* Start all the threads we want. The initial process is thread no. 1. */
973 void
974 start_threads (void)
975 {
976 long int i;
977 pthread_attr_t attr;
978 pthread_t th;
979
980 pthread_attr_init (&attr);
981 pthread_attr_setdetachstate (&attr, PTHREAD_CREATE_DETACHED);
982
983 /* We allow less than LASTDB threads only for debugging. */
984 if (debug_level == 0)
985 nthreads = MAX (nthreads, lastdb);
986
987 for (i = 1; i < nthreads; ++i)
988 pthread_create (&th, &attr, nscd_run, (void *) i);
989
990 pthread_attr_destroy (&attr);
991
992 nscd_run ((void *) 0);
993 }
994
995 /* Look up the uid, gid, and supplementary groups to run nscd as. When
996 this function is called, we are not listening on the nscd socket yet so
997 we can just use the ordinary lookup functions without causing a lockup */
998 static void
999 begin_drop_privileges (void)
1000 {
1001 struct passwd *pwd = getpwnam (server_user);
1002
1003 if (pwd == NULL)
1004 {
1005 dbg_log (_("Failed to run nscd as user '%s'"), server_user);
1006 error (EXIT_FAILURE, 0, _("Failed to run nscd as user '%s'"),
1007 server_user);
1008 }
1009
1010 server_uid = pwd->pw_uid;
1011 server_gid = pwd->pw_gid;
1012
1013 if (getgrouplist (server_user, server_gid, NULL, &server_ngroups) == 0)
1014 {
1015 /* This really must never happen. */
1016 dbg_log (_("Failed to run nscd as user '%s'"), server_user);
1017 error (EXIT_FAILURE, errno, _("initial getgrouplist failed"));
1018 }
1019
1020 server_groups = (gid_t *) xmalloc (server_ngroups * sizeof (gid_t));
1021
1022 if (getgrouplist (server_user, server_gid, server_groups, &server_ngroups)
1023 == -1)
1024 {
1025 dbg_log (_("Failed to run nscd as user '%s'"), server_user);
1026 error (EXIT_FAILURE, errno, _("getgrouplist failed"));
1027 }
1028 }
1029
1030
1031 /* Call setgroups(), setgid(), and setuid() to drop root privileges and
1032 run nscd as the user specified in the configuration file. */
1033 static void
1034 finish_drop_privileges (void)
1035 {
1036 if (setgroups (server_ngroups, server_groups) == -1)
1037 {
1038 dbg_log (_("Failed to run nscd as user '%s'"), server_user);
1039 error (EXIT_FAILURE, errno, _("setgroups failed"));
1040 }
1041
1042 if (setgid (server_gid) == -1)
1043 {
1044 dbg_log (_("Failed to run nscd as user '%s'"), server_user);
1045 perror ("setgid");
1046 exit (1);
1047 }
1048
1049 if (setuid (server_uid) == -1)
1050 {
1051 dbg_log (_("Failed to run nscd as user '%s'"), server_user);
1052 perror ("setuid");
1053 exit (1);
1054 }
1055 }
1056
1057 /* Handle the HUP signal which will force a dump of the cache */
1058 void
1059 sighup_handler (int signum)
1060 {
1061 /* Prune the password database */
1062 prune_cache (&dbs[pwddb], LONG_MAX);
1063
1064 /* Prune the group database */
1065 prune_cache (&dbs[grpdb], LONG_MAX);
1066
1067 /* Prune the host database */
1068 prune_cache (&dbs[hstdb], LONG_MAX);
1069 }
1070
Unaltered CVS history