search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
(CFLAGS-tst-align.c): Add -mpreferred-stack-boundary=4.
[glibc.git] / nscd / connections.c
blobf22d72e265247cbeb40107804ed4469a7ec8519a
1 /* Inner loops of cache daemon.
2 Copyright (C) 1998-2003, 2004 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4 Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.
5
6 The GNU C Library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
10
11 The GNU C Library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public
17 License along with the GNU C Library; if not, write to the Free
18 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
19 02111-1307 USA. */
20
21 #include <alloca.h>
22 #include <assert.h>
23 #include <atomic.h>
24 #include <error.h>
25 #include <errno.h>
26 #include <fcntl.h>
27 #include <grp.h>
28 #include <libintl.h>
29 #include <pthread.h>
30 #include <pwd.h>
31 #include <resolv.h>
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <unistd.h>
35 #include <arpa/inet.h>
36 #ifdef HAVE_EPOLL
37 # include <sys/epoll.h>
38 #endif
39 #include <sys/mman.h>
40 #include <sys/param.h>
41 #include <sys/poll.h>
42 #include <sys/socket.h>
43 #include <sys/stat.h>
44 #include <sys/un.h>
45
46 #include "nscd.h"
47 #include "dbg_log.h"
48 #include "selinux.h"
49
50
51 /* Number of bytes of data we initially reserve for each hash table bucket. */
52 #define DEFAULT_DATASIZE_PER_BUCKET 1024
53
54
55 /* Wrapper functions with error checking for standard functions. */
56 extern void *xmalloc (size_t n);
57 extern void *xcalloc (size_t n, size_t s);
58 extern void *xrealloc (void *o, size_t n);
59
60 /* Support to run nscd as an unprivileged user */
61 const char *server_user;
62 static uid_t server_uid;
63 static gid_t server_gid;
64 const char *stat_user;
65 uid_t stat_uid;
66 static gid_t *server_groups;
67 #ifndef NGROUPS
68 # define NGROUPS 32
69 #endif
70 static int server_ngroups;
71
72 static pthread_attr_t attr;
73
74 static void begin_drop_privileges (void);
75 static void finish_drop_privileges (void);
76
77 /* Map request type to a string. */
78 const char *serv2str[LASTREQ] =
79 {
80 [GETPWBYNAME] = "GETPWBYNAME",
81 [GETPWBYUID] = "GETPWBYUID",
82 [GETGRBYNAME] = "GETGRBYNAME",
83 [GETGRBYGID] = "GETGRBYGID",
84 [GETHOSTBYNAME] = "GETHOSTBYNAME",
85 [GETHOSTBYNAMEv6] = "GETHOSTBYNAMEv6",
86 [GETHOSTBYADDR] = "GETHOSTBYADDR",
87 [GETHOSTBYADDRv6] = "GETHOSTBYADDRv6",
88 [SHUTDOWN] = "SHUTDOWN",
89 [GETSTAT] = "GETSTAT",
90 [INVALIDATE] = "INVALIDATE",
91 [GETFDPW] = "GETFDPW",
92 [GETFDGR] = "GETFDGR",
93 [GETFDHST] = "GETFDHST",
94 [GETAI] = "GETAI",
95 [INITGROUPS] = "INITGROUPS"
96 };
97
98 /* The control data structures for the services. */
99 struct database_dyn dbs[lastdb] =
100 {
101 [pwddb] = {
102 .lock = PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP,
103 .enabled = 0,
104 .check_file = 1,
105 .persistent = 0,
106 .shared = 0,
107 .filename = "/etc/passwd",
108 .db_filename = _PATH_NSCD_PASSWD_DB,
109 .disabled_iov = &pwd_iov_disabled,
110 .postimeout = 3600,
111 .negtimeout = 20,
112 .wr_fd = -1,
113 .ro_fd = -1,
114 .mmap_used = false
115 },
116 [grpdb] = {
117 .lock = PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP,
118 .enabled = 0,
119 .check_file = 1,
120 .persistent = 0,
121 .shared = 0,
122 .filename = "/etc/group",
123 .db_filename = _PATH_NSCD_GROUP_DB,
124 .disabled_iov = &grp_iov_disabled,
125 .postimeout = 3600,
126 .negtimeout = 60,
127 .wr_fd = -1,
128 .ro_fd = -1,
129 .mmap_used = false
130 },
131 [hstdb] = {
132 .lock = PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP,
133 .enabled = 0,
134 .check_file = 1,
135 .persistent = 0,
136 .shared = 0,
137 .filename = "/etc/hosts",
138 .db_filename = _PATH_NSCD_HOSTS_DB,
139 .disabled_iov = &hst_iov_disabled,
140 .postimeout = 3600,
141 .negtimeout = 20,
142 .wr_fd = -1,
143 .ro_fd = -1,
144 .mmap_used = false
145 }
146 };
147
148
149 /* Mapping of request type to database. */
150 static struct database_dyn *const serv2db[LASTREQ] =
151 {
152 [GETPWBYNAME] = &dbs[pwddb],
153 [GETPWBYUID] = &dbs[pwddb],
154 [GETGRBYNAME] = &dbs[grpdb],
155 [GETGRBYGID] = &dbs[grpdb],
156 [GETHOSTBYNAME] = &dbs[hstdb],
157 [GETHOSTBYNAMEv6] = &dbs[hstdb],
158 [GETHOSTBYADDR] = &dbs[hstdb],
159 [GETHOSTBYADDRv6] = &dbs[hstdb],
160 [GETFDPW] = &dbs[pwddb],
161 [GETFDGR] = &dbs[grpdb],
162 [GETFDHST] = &dbs[hstdb],
163 [GETAI] = &dbs[hstdb],
164 [INITGROUPS] = &dbs[grpdb]
165 };
166
167
168 /* Number of seconds between two cache pruning runs. */
169 #define CACHE_PRUNE_INTERVAL 15
170
171
172 /* Initial number of threads to use. */
173 int nthreads = -1;
174 /* Maximum number of threads to use. */
175 int max_nthreads = 32;
176
177 /* Socket for incoming connections. */
178 static int sock;
179
180 /* Number of times clients had to wait. */
181 unsigned long int client_queued;
182
183
184 /* Initialize database information structures. */
185 void
186 nscd_init (void)
187 {
188 struct sockaddr_un sock_addr;
189 size_t cnt;
190
191 /* Secure mode and unprivileged mode are incompatible */
192 if (server_user != NULL && secure_in_use)
193 {
194 dbg_log (_("Cannot run nscd in secure mode as unprivileged user"));
195 exit (1);
196 }
197
198 /* Look up unprivileged uid/gid/groups before we start listening on the
199 socket */
200 if (server_user != NULL)
201 begin_drop_privileges ();
202
203 if (nthreads == -1)
204 /* No configuration for this value, assume a default. */
205 nthreads = 2 * lastdb;
206
207 for (cnt = 0; cnt < lastdb; ++cnt)
208 if (dbs[cnt].enabled)
209 {
210 pthread_rwlock_init (&dbs[cnt].lock, NULL);
211 pthread_mutex_init (&dbs[cnt].memlock, NULL);
212
213 if (dbs[cnt].persistent)
214 {
215 /* Try to open the appropriate file on disk. */
216 int fd = open (dbs[cnt].db_filename, O_RDWR);
217 if (fd != -1)
218 {
219 struct stat64 st;
220 void *mem;
221 size_t total;
222 struct database_pers_head head;
223 ssize_t n = TEMP_FAILURE_RETRY (read (fd, &head,
224 sizeof (head)));
225 if (n != sizeof (head) || fstat64 (fd, &st) != 0)
226 {
227 fail_db:
228 dbg_log (_("invalid persistent database file \"%s\": %s"),
229 dbs[cnt].db_filename, strerror (errno));
230 dbs[cnt].persistent = 0;
231 }
232 else if (head.module == 0 && head.data_size == 0)
233 {
234 /* The file has been created, but the head has not been
235 initialized yet. Remove the old file. */
236 unlink (dbs[cnt].db_filename);
237 }
238 else if (head.header_size != (int) sizeof (head))
239 {
240 dbg_log (_("invalid persistent database file \"%s\": %s"),
241 dbs[cnt].db_filename,
242 _("header size does not match"));
243 dbs[cnt].persistent = 0;
244 }
245 else if ((total = (sizeof (head)
246 + roundup (head.module * sizeof (ref_t),
247 ALIGN)
248 + head.data_size))
249 > st.st_size)
250 {
251 dbg_log (_("invalid persistent database file \"%s\": %s"),
252 dbs[cnt].db_filename,
253 _("file size does not match"));
254 dbs[cnt].persistent = 0;
255 }
256 else if ((mem = mmap (NULL, total, PROT_READ | PROT_WRITE,
257 MAP_SHARED, fd, 0)) == MAP_FAILED)
258 goto fail_db;
259 else
260 {
261 /* Success. We have the database. */
262 dbs[cnt].head = mem;
263 dbs[cnt].memsize = total;
264 dbs[cnt].data = (char *)
265 &dbs[cnt].head->array[roundup (dbs[cnt].head->module,
266 ALIGN / sizeof (ref_t))];
267 dbs[cnt].mmap_used = true;
268
269 if (dbs[cnt].suggested_module > head.module)
270 dbg_log (_("suggested size of table for database %s larger than the persistent database's table"),
271 dbnames[cnt]);
272
273 dbs[cnt].wr_fd = fd;
274 fd = -1;
275 /* We also need a read-only descriptor. */
276 if (dbs[cnt].shared)
277 {
278 dbs[cnt].ro_fd = open (dbs[cnt].db_filename, O_RDONLY);
279 if (dbs[cnt].ro_fd == -1)
280 dbg_log (_("\
281 cannot create read-only descriptor for \"%s\"; no mmap"),
282 dbs[cnt].db_filename);
283 }
284
285 // XXX Shall we test whether the descriptors actually
286 // XXX point to the same file?
287 }
288
289 /* Close the file descriptors in case something went
290 wrong in which case the variable have not been
291 assigned -1. */
292 if (fd != -1)
293 close (fd);
294 }
295 }
296
297 if (dbs[cnt].head == NULL)
298 {
299 /* No database loaded. Allocate the data structure,
300 possibly on disk. */
301 struct database_pers_head head;
302 size_t total = (sizeof (head)
303 + roundup (dbs[cnt].suggested_module
304 * sizeof (ref_t), ALIGN)
305 + (dbs[cnt].suggested_module
306 * DEFAULT_DATASIZE_PER_BUCKET));
307
308 /* Try to create the database. If we do not need a
309 persistent database create a temporary file. */
310 int fd;
311 int ro_fd = -1;
312 if (dbs[cnt].persistent)
313 {
314 fd = open (dbs[cnt].db_filename,
315 O_RDWR | O_CREAT | O_EXCL | O_TRUNC,
316 S_IRUSR | S_IWUSR);
317 if (fd != -1 && dbs[cnt].shared)
318 ro_fd = open (dbs[cnt].db_filename, O_RDONLY);
319 }
320 else
321 {
322 char fname[] = _PATH_NSCD_XYZ_DB_TMP;
323 fd = mkstemp (fname);
324
325 /* We do not need the file name anymore after we
326 opened another file descriptor in read-only mode. */
327 if (fd != -1)
328 {
329 if (dbs[cnt].shared)
330 ro_fd = open (fname, O_RDONLY);
331
332 unlink (fname);
333 }
334 }
335
336 if (fd == -1)
337 {
338 if (errno == EEXIST)
339 {
340 dbg_log (_("database for %s corrupted or simultaneously used; remove %s manually if necessary and restart"),
341 dbnames[cnt], dbs[cnt].db_filename);
342 // XXX Correct way to terminate?
343 exit (1);
344 }
345
346 if (dbs[cnt].persistent)
347 dbg_log (_("cannot create %s; no persistent database used"),
348 dbs[cnt].db_filename);
349 else
350 dbg_log (_("cannot create %s; no sharing possible"),
351 dbs[cnt].db_filename);
352
353 dbs[cnt].persistent = 0;
354 // XXX remember: no mmap
355 }
356 else
357 {
358 /* Tell the user if we could not create the read-only
359 descriptor. */
360 if (ro_fd == -1 && dbs[cnt].shared)
361 dbg_log (_("\
362 cannot create read-only descriptor for \"%s\"; no mmap"),
363 dbs[cnt].db_filename);
364
365 /* Before we create the header, initialiye the hash
366 table. So that if we get interrupted if writing
367 the header we can recognize a partially initialized
368 database. */
369 size_t ps = sysconf (_SC_PAGESIZE);
370 char tmpbuf[ps];
371 assert (~ENDREF == 0);
372 memset (tmpbuf, '\xff', ps);
373
374 size_t remaining = dbs[cnt].suggested_module * sizeof (ref_t);
375 off_t offset = sizeof (head);
376
377 size_t towrite;
378 if (offset % ps != 0)
379 {
380 towrite = MIN (remaining, ps - (offset % ps));
381 pwrite (fd, tmpbuf, towrite, offset);
382 offset += towrite;
383 remaining -= towrite;
384 }
385
386 while (remaining > ps)
387 {
388 pwrite (fd, tmpbuf, ps, offset);
389 offset += ps;
390 remaining -= ps;
391 }
392
393 if (remaining > 0)
394 pwrite (fd, tmpbuf, remaining, offset);
395
396 /* Create the header of the file. */
397 struct database_pers_head head =
398 {
399 .version = DB_VERSION,
400 .header_size = sizeof (head),
401 .module = dbs[cnt].suggested_module,
402 .data_size = (dbs[cnt].suggested_module
403 * DEFAULT_DATASIZE_PER_BUCKET),
404 .first_free = 0
405 };
406 void *mem;
407
408 if ((TEMP_FAILURE_RETRY (write (fd, &head, sizeof (head)))
409 != sizeof (head))
410 || ftruncate (fd, total) != 0
411 || (mem = mmap (NULL, total, PROT_READ | PROT_WRITE,
412 MAP_SHARED, fd, 0)) == MAP_FAILED)
413 {
414 unlink (dbs[cnt].db_filename);
415 dbg_log (_("cannot write to database file %s: %s"),
416 dbs[cnt].db_filename, strerror (errno));
417 dbs[cnt].persistent = 0;
418 }
419 else
420 {
421 /* Success. */
422 dbs[cnt].head = mem;
423 dbs[cnt].data = (char *)
424 &dbs[cnt].head->array[roundup (dbs[cnt].head->module,
425 ALIGN / sizeof (ref_t))];
426 dbs[cnt].memsize = total;
427 dbs[cnt].mmap_used = true;
428
429 /* Remember the descriptors. */
430 dbs[cnt].wr_fd = fd;
431 dbs[cnt].ro_fd = ro_fd;
432 fd = -1;
433 ro_fd = -1;
434 }
435
436 if (fd != -1)
437 close (fd);
438 if (ro_fd != -1)
439 close (ro_fd);
440 }
441 }
442
443 if (paranoia
444 && ((dbs[cnt].wr_fd != -1
445 && fcntl (dbs[cnt].wr_fd, F_SETFD, FD_CLOEXEC) == -1)
446 || (dbs[cnt].ro_fd != -1
447 && fcntl (dbs[cnt].ro_fd, F_SETFD, FD_CLOEXEC) == -1)))
448 {
449 dbg_log (_("\
450 cannot set socket to close on exec: %s; disabling paranoia mode"),
451 strerror (errno));
452 paranoia = 0;
453 }
454
455 if (dbs[cnt].head == NULL)
456 {
457 /* We do not use the persistent database. Just
458 create an in-memory data structure. */
459 assert (! dbs[cnt].persistent);
460
461 dbs[cnt].head = xmalloc (sizeof (struct database_pers_head)
462 + (dbs[cnt].suggested_module
463 * sizeof (ref_t)));
464 memset (dbs[cnt].head, '\0', sizeof (dbs[cnt].head));
465 assert (~ENDREF == 0);
466 memset (dbs[cnt].head->array, '\xff',
467 dbs[cnt].suggested_module * sizeof (ref_t));
468 dbs[cnt].head->module = dbs[cnt].suggested_module;
469 dbs[cnt].head->data_size = (DEFAULT_DATASIZE_PER_BUCKET
470 * dbs[cnt].head->module);
471 dbs[cnt].data = xmalloc (dbs[cnt].head->data_size);
472 dbs[cnt].head->first_free = 0;
473
474 dbs[cnt].shared = 0;
475 assert (dbs[cnt].ro_fd == -1);
476 }
477
478 if (dbs[cnt].check_file)
479 {
480 /* We need the modification date of the file. */
481 struct stat st;
482
483 if (stat (dbs[cnt].filename, &st) < 0)
484 {
485 /* We cannot stat() the file, disable file checking. */
486 dbg_log (_("cannot stat() file `%s': %s"),
487 dbs[cnt].filename, strerror (errno));
488 dbs[cnt].check_file = 0;
489 }
490 else
491 dbs[cnt].file_mtime = st.st_mtime;
492 }
493 }
494
495 /* Create the socket. */
496 sock = socket (AF_UNIX, SOCK_STREAM, 0);
497 if (sock < 0)
498 {
499 dbg_log (_("cannot open socket: %s"), strerror (errno));
500 exit (1);
501 }
502 /* Bind a name to the socket. */
503 sock_addr.sun_family = AF_UNIX;
504 strcpy (sock_addr.sun_path, _PATH_NSCDSOCKET);
505 if (bind (sock, (struct sockaddr *) &sock_addr, sizeof (sock_addr)) < 0)
506 {
507 dbg_log ("%s: %s", _PATH_NSCDSOCKET, strerror (errno));
508 exit (1);
509 }
510
511 /* We don't want to get stuck on accept. */
512 int fl = fcntl (sock, F_GETFL);
513 if (fl == -1 || fcntl (sock, F_SETFL, fl | O_NONBLOCK) == -1)
514 {
515 dbg_log (_("cannot change socket to nonblocking mode: %s"),
516 strerror (errno));
517 exit (1);
518 }
519
520 /* The descriptor needs to be closed on exec. */
521 if (paranoia && fcntl (sock, F_SETFD, FD_CLOEXEC) == -1)
522 {
523 dbg_log (_("cannot set socket to close on exec: %s"),
524 strerror (errno));
525 exit (1);
526 }
527
528 /* Set permissions for the socket. */
529 chmod (_PATH_NSCDSOCKET, DEFFILEMODE);
530
531 /* Set the socket up to accept connections. */
532 if (listen (sock, SOMAXCONN) < 0)
533 {
534 dbg_log (_("cannot enable socket to accept connections: %s"),
535 strerror (errno));
536 exit (1);
537 }
538
539 /* Change to unprivileged uid/gid/groups if specifed in config file */
540 if (server_user != NULL)
541 finish_drop_privileges ();
542 }
543
544
545 /* Close the connections. */
546 void
547 close_sockets (void)
548 {
549 close (sock);
550 }
551
552
553 static void
554 invalidate_cache (char *key)
555 {
556 dbtype number;
557
558 if (strcmp (key, "passwd") == 0)
559 number = pwddb;
560 else if (strcmp (key, "group") == 0)
561 number = grpdb;
562 else if (__builtin_expect (strcmp (key, "hosts"), 0) == 0)
563 {
564 number = hstdb;
565
566 /* Re-initialize the resolver. resolv.conf might have changed. */
567 res_init ();
568 }
569 else
570 return;
571
572 if (dbs[number].enabled)
573 prune_cache (&dbs[number], LONG_MAX);
574 }
575
576
577 #ifdef SCM_RIGHTS
578 static void
579 send_ro_fd (struct database_dyn *db, char *key, int fd)
580 {
581 /* If we do not have an read-only file descriptor do nothing. */
582 if (db->ro_fd == -1)
583 return;
584
585 /* We need to send some data along with the descriptor. */
586 struct iovec iov[1];
587 iov[0].iov_base = key;
588 iov[0].iov_len = strlen (key) + 1;
589
590 /* Prepare the control message to transfer the descriptor. */
591 char buf[CMSG_SPACE (sizeof (int))];
592 struct msghdr msg = { .msg_iov = iov, .msg_iovlen = 1,
593 .msg_control = buf, .msg_controllen = sizeof (buf) };
594 struct cmsghdr *cmsg = CMSG_FIRSTHDR (&msg);
595
596 cmsg->cmsg_level = SOL_SOCKET;
597 cmsg->cmsg_type = SCM_RIGHTS;
598 cmsg->cmsg_len = CMSG_LEN (sizeof (int));
599
600 *(int *) CMSG_DATA (cmsg) = db->ro_fd;
601
602 msg.msg_controllen = cmsg->cmsg_len;
603
604 /* Send the control message. We repeat when we are interrupted but
605 everything else is ignored. */
606 (void) TEMP_FAILURE_RETRY (sendmsg (fd, &msg, 0));
607
608 if (__builtin_expect (debug_level > 0, 0))
609 dbg_log (_("provide access to FD %d, for %s"), db->ro_fd, key);
610 }
611 #endif /* SCM_RIGHTS */
612
613
614 /* Handle new request. */
615 static void
616 handle_request (int fd, request_header *req, void *key, uid_t uid)
617 {
618 if (__builtin_expect (req->version, NSCD_VERSION) != NSCD_VERSION)
619 {
620 if (debug_level > 0)
621 dbg_log (_("\
622 cannot handle old request version %d; current version is %d"),
623 req->version, NSCD_VERSION);
624 return;
625 }
626
627 /* Make the SELinux check before we go on to the standard checks. We
628 need to verify that the request type is valid, since it has not
629 yet been checked at this point. */
630 if (selinux_enabled
631 && __builtin_expect (req->type, GETPWBYNAME) >= GETPWBYNAME
632 && __builtin_expect (req->type, LASTREQ) < LASTREQ
633 && nscd_request_avc_has_perm (fd, req->type) != 0)
634 return;
635
636 struct database_dyn *db = serv2db[req->type];
637
638 // XXX Clean up so that each new command need not introduce a
639 // XXX new conditional.
640 if ((__builtin_expect (req->type, GETPWBYNAME) >= GETPWBYNAME
641 && __builtin_expect (req->type, LASTDBREQ) <= LASTDBREQ)
642 || req->type == GETAI || req->type == INITGROUPS)
643 {
644 if (__builtin_expect (debug_level, 0) > 0)
645 {
646 if (req->type == GETHOSTBYADDR || req->type == GETHOSTBYADDRv6)
647 {
648 char buf[INET6_ADDRSTRLEN];
649
650 dbg_log ("\t%s (%s)", serv2str[req->type],
651 inet_ntop (req->type == GETHOSTBYADDR
652 ? AF_INET : AF_INET6,
653 key, buf, sizeof (buf)));
654 }
655 else
656 dbg_log ("\t%s (%s)", serv2str[req->type], (char *) key);
657 }
658
659 /* Is this service enabled? */
660 if (!db->enabled)
661 {
662 /* No, sent the prepared record. */
663 if (TEMP_FAILURE_RETRY (write (fd, db->disabled_iov->iov_base,
664 db->disabled_iov->iov_len))
665 != (ssize_t) db->disabled_iov->iov_len
666 && __builtin_expect (debug_level, 0) > 0)
667 {
668 /* We have problems sending the result. */
669 char buf[256];
670 dbg_log (_("cannot write result: %s"),
671 strerror_r (errno, buf, sizeof (buf)));
672 }
673
674 return;
675 }
676
677 /* Be sure we can read the data. */
678 if (__builtin_expect (pthread_rwlock_tryrdlock (&db->lock) != 0, 0))
679 {
680 ++db->head->rdlockdelayed;
681 pthread_rwlock_rdlock (&db->lock);
682 }
683
684 /* See whether we can handle it from the cache. */
685 struct datahead *cached;
686 cached = (struct datahead *) cache_search (req->type, key, req->key_len,
687 db, uid);
688 if (cached != NULL)
689 {
690 /* Hurray it's in the cache. */
691 if (TEMP_FAILURE_RETRY (write (fd, cached->data, cached->recsize))
692 != cached->recsize
693 && __builtin_expect (debug_level, 0) > 0)
694 {
695 /* We have problems sending the result. */
696 char buf[256];
697 dbg_log (_("cannot write result: %s"),
698 strerror_r (errno, buf, sizeof (buf)));
699 }
700
701 pthread_rwlock_unlock (&db->lock);
702
703 return;
704 }
705
706 pthread_rwlock_unlock (&db->lock);
707 }
708 else if (__builtin_expect (debug_level, 0) > 0)
709 {
710 if (req->type == INVALIDATE)
711 dbg_log ("\t%s (%s)", serv2str[req->type], (char *) key);
712 else
713 dbg_log ("\t%s", serv2str[req->type]);
714 }
715
716 /* Handle the request. */
717 switch (req->type)
718 {
719 case GETPWBYNAME:
720 addpwbyname (db, fd, req, key, uid);
721 break;
722
723 case GETPWBYUID:
724 addpwbyuid (db, fd, req, key, uid);
725 break;
726
727 case GETGRBYNAME:
728 addgrbyname (db, fd, req, key, uid);
729 break;
730
731 case GETGRBYGID:
732 addgrbygid (db, fd, req, key, uid);
733 break;
734
735 case GETHOSTBYNAME:
736 addhstbyname (db, fd, req, key, uid);
737 break;
738
739 case GETHOSTBYNAMEv6:
740 addhstbynamev6 (db, fd, req, key, uid);
741 break;
742
743 case GETHOSTBYADDR:
744 addhstbyaddr (db, fd, req, key, uid);
745 break;
746
747 case GETHOSTBYADDRv6:
748 addhstbyaddrv6 (db, fd, req, key, uid);
749 break;
750
751 case GETAI:
752 addhstai (db, fd, req, key, uid);
753 break;
754
755 case INITGROUPS:
756 addinitgroups (db, fd, req, key, uid);
757 break;
758
759 case GETSTAT:
760 case SHUTDOWN:
761 case INVALIDATE:
762 if (! secure_in_use)
763 {
764 /* Get the callers credentials. */
765 #ifdef SO_PEERCRED
766 struct ucred caller;
767 socklen_t optlen = sizeof (caller);
768
769 if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &caller, &optlen) < 0)
770 {
771 char buf[256];
772
773 dbg_log (_("error getting callers id: %s"),
774 strerror_r (errno, buf, sizeof (buf)));
775 break;
776 }
777
778 uid = caller.uid;
779 #else
780 /* Some systems have no SO_PEERCRED implementation. They don't
781 care about security so we don't as well. */
782 uid = 0;
783 #endif
784 }
785
786 /* Accept shutdown, getstat and invalidate only from root. For
787 the stat call also allow the user specified in the config file. */
788 if (req->type == GETSTAT)
789 {
790 if (uid == 0 || uid == stat_uid)
791 send_stats (fd, dbs);
792 }
793 else if (uid == 0)
794 {
795 if (req->type == INVALIDATE)
796 invalidate_cache (key);
797 else
798 termination_handler (0);
799 }
800 break;
801
802 case GETFDPW:
803 case GETFDGR:
804 case GETFDHST:
805 #ifdef SCM_RIGHTS
806 send_ro_fd (serv2db[req->type], key, fd);
807 #endif
808 break;
809
810 default:
811 /* Ignore the command, it's nothing we know. */
812 break;
813 }
814 }
815
816
817 /* Restart the process. */
818 static void
819 restart (void)
820 {
821 /* First determine the parameters. We do not use the parameters
822 passed to main() since in case nscd is started by running the
823 dynamic linker this will not work. Yes, this is not the usual
824 case but nscd is part of glibc and we occasionally do this. */
825 size_t buflen = 1024;
826 char *buf = alloca (buflen);
827 size_t readlen = 0;
828 int fd = open ("/proc/self/cmdline", O_RDONLY);
829 if (fd == -1)
830 {
831 dbg_log (_("\
832 cannot open /proc/self/cmdline: %s; disabling paranoia mode"),
833 strerror (errno));
834
835 paranoia = 0;
836 return;
837 }
838
839 while (1)
840 {
841 ssize_t n = TEMP_FAILURE_RETRY (read (fd, buf + readlen,
842 buflen - readlen));
843 if (n == -1)
844 {
845 dbg_log (_("\
846 cannot open /proc/self/cmdline: %s; disabling paranoia mode"),
847 strerror (errno));
848
849 close (fd);
850 paranoia = 0;
851 return;
852 }
853
854 readlen += n;
855
856 if (readlen < buflen)
857 break;
858
859 /* We might have to extend the buffer. */
860 size_t old_buflen = buflen;
861 char *newp = extend_alloca (buf, buflen, 2 * buflen);
862 buf = memmove (newp, buf, old_buflen);
863 }
864
865 close (fd);
866
867 /* Parse the command line. Worst case scenario: every two
868 characters form one parameter (one character plus NUL). */
869 char **argv = alloca ((readlen / 2 + 1) * sizeof (argv[0]));
870 int argc = 0;
871
872 char *cp = buf;
873 while (cp < buf + readlen)
874 {
875 argv[argc++] = cp;
876 cp = (char *) rawmemchr (cp, '\0') + 1;
877 }
878 argv[argc] = NULL;
879
880 /* Second, change back to the old user if we changed it. */
881 if (server_user != NULL)
882 {
883 if (setuid (old_uid) != 0)
884 {
885 dbg_log (_("\
886 cannot change to old UID: %s; disabling paranoia mode"),
887 strerror (errno));
888
889 paranoia = 0;
890 return;
891 }
892
893 if (setgid (old_gid) != 0)
894 {
895 dbg_log (_("\
896 cannot change to old GID: %s; disabling paranoia mode"),
897 strerror (errno));
898
899 setuid (server_uid);
900 paranoia = 0;
901 return;
902 }
903 }
904
905 /* Next change back to the old working directory. */
906 if (chdir (oldcwd) == -1)
907 {
908 dbg_log (_("\
909 cannot change to old working directory: %s; disabling paranoia mode"),
910 strerror (errno));
911
912 if (server_user != NULL)
913 {
914 setuid (server_uid);
915 setgid (server_gid);
916 }
917 paranoia = 0;
918 return;
919 }
920
921 /* Synchronize memory. */
922 for (int cnt = 0; cnt < lastdb; ++cnt)
923 {
924 /* Make sure nobody keeps using the database. */
925 dbs[cnt].head->timestamp = 0;
926
927 if (dbs[cnt].persistent)
928 // XXX async OK?
929 msync (dbs[cnt].head, dbs[cnt].memsize, MS_ASYNC);
930 }
931
932 /* The preparations are done. */
933 execv ("/proc/self/exe", argv);
934
935 /* If we come here, we will never be able to re-exec. */
936 dbg_log (_("re-exec failed: %s; disabling paranoia mode"),
937 strerror (errno));
938
939 if (server_user != NULL)
940 {
941 setuid (server_uid);
942 setgid (server_gid);
943 }
944 chdir ("/");
945 paranoia = 0;
946 }
947
948
949 /* List of file descriptors. */
950 struct fdlist
951 {
952 int fd;
953 struct fdlist *next;
954 };
955 /* Memory allocated for the list. */
956 static struct fdlist *fdlist;
957 /* List of currently ready-to-read file descriptors. */
958 static struct fdlist *readylist;
959
960 /* Conditional variable and mutex to signal availability of entries in
961 READYLIST. The condvar is initialized dynamically since we might
962 use a different clock depending on availability. */
963 static pthread_cond_t readylist_cond;
964 static pthread_mutex_t readylist_lock = PTHREAD_MUTEX_INITIALIZER;
965
966 /* The clock to use with the condvar. */
967 static clockid_t timeout_clock = CLOCK_REALTIME;
968
969 /* Number of threads ready to handle the READYLIST. */
970 static unsigned long int nready;
971
972
973 /* This is the main loop. It is replicated in different threads but the
974 `poll' call makes sure only one thread handles an incoming connection. */
975 static void *
976 __attribute__ ((__noreturn__))
977 nscd_run (void *p)
978 {
979 const long int my_number = (long int) p;
980 const int run_prune = my_number < lastdb && dbs[my_number].enabled;
981 struct timespec prune_ts;
982 int to = 0;
983 char buf[256];
984
985 if (run_prune)
986 {
987 setup_thread (&dbs[my_number]);
988
989 /* We are running. */
990 dbs[my_number].head->timestamp = time (NULL);
991
992 if (clock_gettime (timeout_clock, &prune_ts) == -1)
993 /* Should never happen. */
994 abort ();
995
996 /* Compute timeout time. */
997 prune_ts.tv_sec += CACHE_PRUNE_INTERVAL;
998 }
999
1000 /* Initial locking. */
1001 pthread_mutex_lock (&readylist_lock);
1002
1003 /* One more thread available. */
1004 ++nready;
1005
1006 while (1)
1007 {
1008 while (readylist == NULL)
1009 {
1010 if (run_prune)
1011 {
1012 /* Wait, but not forever. */
1013 to = pthread_cond_timedwait (&readylist_cond, &readylist_lock,
1014 &prune_ts);
1015
1016 /* If we were woken and there is no work to be done,
1017 just start pruning. */
1018 if (readylist == NULL && to == ETIMEDOUT)
1019 {
1020 --nready;
1021 pthread_mutex_unlock (&readylist_lock);
1022 goto only_prune;
1023 }
1024 }
1025 else
1026 /* No need to timeout. */
1027 pthread_cond_wait (&readylist_cond, &readylist_lock);
1028 }
1029
1030 struct fdlist *it = readylist->next;
1031 if (readylist->next == readylist)
1032 /* Just one entry on the list. */
1033 readylist = NULL;
1034 else
1035 readylist->next = it->next;
1036
1037 /* Extract the information and mark the record ready to be used
1038 again. */
1039 int fd = it->fd;
1040 it->next = NULL;
1041
1042 /* One more thread available. */
1043 --nready;
1044
1045 /* We are done with the list. */
1046 pthread_mutex_unlock (&readylist_lock);
1047
1048 /* We do not want to block on a short read or so. */
1049 int fl = fcntl (fd, F_GETFL);
1050 if (fl == -1 || fcntl (fd, F_SETFL, fl | O_NONBLOCK) == -1)
1051 goto close_and_out;
1052
1053 /* Now read the request. */
1054 request_header req;
1055 if (__builtin_expect (TEMP_FAILURE_RETRY (read (fd, &req, sizeof (req)))
1056 != sizeof (req), 0))
1057 {
1058 /* We failed to read data. Note that this also might mean we
1059 failed because we would have blocked. */
1060 if (debug_level > 0)
1061 dbg_log (_("short read while reading request: %s"),
1062 strerror_r (errno, buf, sizeof (buf)));
1063 goto close_and_out;
1064 }
1065
1066 /* Check whether this is a valid request type. */
1067 if (req.type < GETPWBYNAME || req.type >= LASTREQ)
1068 goto close_and_out;
1069
1070 /* Some systems have no SO_PEERCRED implementation. They don't
1071 care about security so we don't as well. */
1072 uid_t uid = -1;
1073 #ifdef SO_PEERCRED
1074 pid_t pid = 0;
1075
1076 if (secure_in_use)
1077 {
1078 struct ucred caller;
1079 socklen_t optlen = sizeof (caller);
1080
1081 if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &caller, &optlen) < 0)
1082 {
1083 dbg_log (_("error getting callers id: %s"),
1084 strerror_r (errno, buf, sizeof (buf)));
1085 goto close_and_out;
1086 }
1087
1088 if (req.type < GETPWBYNAME || req.type > LASTDBREQ
1089 || serv2db[req.type]->secure)
1090 uid = caller.uid;
1091
1092 pid = caller.pid;
1093 }
1094 else if (__builtin_expect (debug_level > 0, 0))
1095 {
1096 struct ucred caller;
1097 socklen_t optlen = sizeof (caller);
1098
1099 if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &caller, &optlen) == 0)
1100 pid = caller.pid;
1101 }
1102 #endif
1103
1104 /* It should not be possible to crash the nscd with a silly
1105 request (i.e., a terribly large key). We limit the size to 1kb. */
1106 #define MAXKEYLEN 1024
1107 if (__builtin_expect (req.key_len, 1) < 0
1108 || __builtin_expect (req.key_len, 1) > MAXKEYLEN)
1109 {
1110 if (debug_level > 0)
1111 dbg_log (_("key length in request too long: %d"), req.key_len);
1112 }
1113 else
1114 {
1115 /* Get the key. */
1116 char keybuf[MAXKEYLEN];
1117
1118 if (__builtin_expect (TEMP_FAILURE_RETRY (read (fd, keybuf,
1119 req.key_len))
1120 != req.key_len, 0))
1121 {
1122 /* Again, this can also mean we would have blocked. */
1123 if (debug_level > 0)
1124 dbg_log (_("short read while reading request key: %s"),
1125 strerror_r (errno, buf, sizeof (buf)));
1126 goto close_and_out;
1127 }
1128
1129 if (__builtin_expect (debug_level, 0) > 0)
1130 {
1131 #ifdef SO_PEERCRED
1132 if (pid != 0)
1133 dbg_log (_("\
1134 handle_request: request received (Version = %d) from PID %ld"),
1135 req.version, (long int) pid);
1136 else
1137 #endif
1138 dbg_log (_("\
1139 handle_request: request received (Version = %d)"), req.version);
1140 }
1141
1142 /* Phew, we got all the data, now process it. */
1143 handle_request (fd, &req, keybuf, uid);
1144 }
1145
1146 close_and_out:
1147 /* We are done. */
1148 close (fd);
1149
1150 /* Check whether we should be pruning the cache. */
1151 assert (run_prune || to == 0);
1152 if (to == ETIMEDOUT)
1153 {
1154 only_prune:
1155 /* The pthread_cond_timedwait() call timed out. It is time
1156 to clean up the cache. */
1157 assert (my_number < lastdb);
1158 prune_cache (&dbs[my_number],
1159 prune_ts.tv_sec + (prune_ts.tv_nsec >= 500000000));
1160
1161 if (clock_gettime (timeout_clock, &prune_ts) == -1)
1162 /* Should never happen. */
1163 abort ();
1164
1165 /* Compute next timeout time. */
1166 prune_ts.tv_sec += CACHE_PRUNE_INTERVAL;
1167
1168 /* In case the list is emtpy we do not want to run the prune
1169 code right away again. */
1170 to = 0;
1171 }
1172
1173 /* Re-locking. */
1174 pthread_mutex_lock (&readylist_lock);
1175
1176 /* One more thread available. */
1177 ++nready;
1178 }
1179 }
1180
1181
1182 static unsigned int nconns;
1183
1184 static void
1185 fd_ready (int fd)
1186 {
1187 pthread_mutex_lock (&readylist_lock);
1188
1189 /* Find an empty entry in FDLIST. */
1190 size_t inner;
1191 for (inner = 0; inner < nconns; ++inner)
1192 if (fdlist[inner].next == NULL)
1193 break;
1194 assert (inner < nconns);
1195
1196 fdlist[inner].fd = fd;
1197
1198 if (readylist == NULL)
1199 readylist = fdlist[inner].next = &fdlist[inner];
1200 else
1201 {
1202 fdlist[inner].next = readylist->next;
1203 readylist = readylist->next = &fdlist[inner];
1204 }
1205
1206 bool do_signal = true;
1207 if (__builtin_expect (nready == 0, 0))
1208 {
1209 ++client_queued;
1210 do_signal = false;
1211
1212 /* Try to start another thread to help out. */
1213 pthread_t th;
1214 if (nthreads < max_nthreads
1215 && pthread_create (&th, &attr, nscd_run,
1216 (void *) (long int) nthreads) == 0)
1217 {
1218 /* We got another thread. */
1219 ++nthreads;
1220 /* The new thread might new a kick. */
1221 do_signal = true;
1222 }
1223
1224 }
1225
1226 pthread_mutex_unlock (&readylist_lock);
1227
1228 /* Tell one of the worker threads there is work to do. */
1229 if (do_signal)
1230 pthread_cond_signal (&readylist_cond);
1231 }
1232
1233
1234 /* Check whether restarting should happen. */
1235 static inline int
1236 restart_p (time_t now)
1237 {
1238 return (paranoia && readylist == NULL && nready == nthreads
1239 && now >= restart_time);
1240 }
1241
1242
1243 /* Array for times a connection was accepted. */
1244 static time_t *starttime;
1245
1246
1247 static void
1248 __attribute__ ((__noreturn__))
1249 main_loop_poll (void)
1250 {
1251 struct pollfd *conns = (struct pollfd *) xmalloc (nconns
1252 * sizeof (conns[0]));
1253
1254 conns[0].fd = sock;
1255 conns[0].events = POLLRDNORM;
1256 size_t nused = 1;
1257 size_t firstfree = 1;
1258
1259 while (1)
1260 {
1261 /* Wait for any event. We wait at most a couple of seconds so
1262 that we can check whether we should close any of the accepted
1263 connections since we have not received a request. */
1264 #define MAX_ACCEPT_TIMEOUT 30
1265 #define MIN_ACCEPT_TIMEOUT 5
1266 #define MAIN_THREAD_TIMEOUT \
1267 (MAX_ACCEPT_TIMEOUT * 1000 \
1268 - ((MAX_ACCEPT_TIMEOUT - MIN_ACCEPT_TIMEOUT) * 1000 * nused) / (2 * nconns))
1269
1270 int n = poll (conns, nused, MAIN_THREAD_TIMEOUT);
1271
1272 time_t now = time (NULL);
1273
1274 /* If there is a descriptor ready for reading or there is a new
1275 connection, process this now. */
1276 if (n > 0)
1277 {
1278 if (conns[0].revents != 0)
1279 {
1280 /* We have a new incoming connection. Accept the connection. */
1281 int fd = TEMP_FAILURE_RETRY (accept (sock, NULL, NULL));
1282
1283 /* use the descriptor if we have not reached the limit. */
1284 if (fd >= 0 && firstfree < nconns)
1285 {
1286 conns[firstfree].fd = fd;
1287 conns[firstfree].events = POLLRDNORM;
1288 starttime[firstfree] = now;
1289 if (firstfree >= nused)
1290 nused = firstfree + 1;
1291
1292 do
1293 ++firstfree;
1294 while (firstfree < nused && conns[firstfree].fd != -1);
1295 }
1296
1297 --n;
1298 }
1299
1300 for (size_t cnt = 1; cnt < nused && n > 0; ++cnt)
1301 if (conns[cnt].revents != 0)
1302 {
1303 fd_ready (conns[cnt].fd);
1304
1305 /* Clean up the CONNS array. */
1306 conns[cnt].fd = -1;
1307 if (cnt < firstfree)
1308 firstfree = cnt;
1309 if (cnt == nused - 1)
1310 do
1311 --nused;
1312 while (conns[nused - 1].fd == -1);
1313
1314 --n;
1315 }
1316 }
1317
1318 /* Now find entries which have timed out. */
1319 assert (nused > 0);
1320
1321 /* We make the timeout length depend on the number of file
1322 descriptors currently used. */
1323 #define ACCEPT_TIMEOUT \
1324 (MAX_ACCEPT_TIMEOUT \
1325 - ((MAX_ACCEPT_TIMEOUT - MIN_ACCEPT_TIMEOUT) * nused) / nconns)
1326 time_t laststart = now - ACCEPT_TIMEOUT;
1327
1328 for (size_t cnt = nused - 1; cnt > 0; --cnt)
1329 {
1330 if (conns[cnt].fd != -1 && starttime[cnt] < laststart)
1331 {
1332 /* Remove the entry, it timed out. */
1333 (void) close (conns[cnt].fd);
1334 conns[cnt].fd = -1;
1335
1336 if (cnt < firstfree)
1337 firstfree = cnt;
1338 if (cnt == nused - 1)
1339 do
1340 --nused;
1341 while (conns[nused - 1].fd == -1);
1342 }
1343 }
1344
1345 if (restart_p (now))
1346 restart ();
1347 }
1348 }
1349
1350
1351 #ifdef HAVE_EPOLL
1352 static void
1353 main_loop_epoll (int efd)
1354 {
1355 struct epoll_event ev = { 0, };
1356 int nused = 1;
1357 size_t highest = 0;
1358
1359 /* Add the socket. */
1360 ev.events = EPOLLRDNORM;
1361 ev.data.fd = sock;
1362 if (epoll_ctl (efd, EPOLL_CTL_ADD, sock, &ev) == -1)
1363 /* We cannot use epoll. */
1364 return;
1365
1366 while (1)
1367 {
1368 struct epoll_event revs[100];
1369 # define nrevs (sizeof (revs) / sizeof (revs[0]))
1370
1371 int n = epoll_wait (efd, revs, nrevs, MAIN_THREAD_TIMEOUT);
1372
1373 time_t now = time (NULL);
1374
1375 for (int cnt = 0; cnt < n; ++cnt)
1376 if (revs[cnt].data.fd == sock)
1377 {
1378 /* A new connection. */
1379 int fd = TEMP_FAILURE_RETRY (accept (sock, NULL, NULL));
1380
1381 if (fd >= 0)
1382 {
1383 /* Try to add the new descriptor. */
1384 ev.data.fd = fd;
1385 if (fd >= nconns
1386 || epoll_ctl (efd, EPOLL_CTL_ADD, fd, &ev) == -1)
1387 /* The descriptor is too large or something went
1388 wrong. Close the descriptor. */
1389 close (fd);
1390 else
1391 {
1392 /* Remember when we accepted the connection. */
1393 starttime[fd] = now;
1394
1395 if (fd > highest)
1396 highest = fd;
1397
1398 ++nused;
1399 }
1400 }
1401 }
1402 else
1403 {
1404 /* Remove the descriptor from the epoll descriptor. */
1405 struct epoll_event ev = { 0, };
1406 (void) epoll_ctl (efd, EPOLL_CTL_DEL, revs[cnt].data.fd, &ev);
1407
1408 /* Get a worked to handle the request. */
1409 fd_ready (revs[cnt].data.fd);
1410
1411 /* Reset the time. */
1412 starttime[revs[cnt].data.fd] = 0;
1413 if (revs[cnt].data.fd == highest)
1414 do
1415 --highest;
1416 while (highest > 0 && starttime[highest] == 0);
1417
1418 --nused;
1419 }
1420
1421 /* Now look for descriptors for accepted connections which have
1422 no reply in too long of a time. */
1423 time_t laststart = now - ACCEPT_TIMEOUT;
1424 for (int cnt = highest; cnt > STDERR_FILENO; --cnt)
1425 if (cnt != sock && starttime[cnt] != 0 && starttime[cnt] < laststart)
1426 {
1427 /* We are waiting for this one for too long. Close it. */
1428 struct epoll_event ev = {0, };
1429 (void) epoll_ctl (efd, EPOLL_CTL_DEL, cnt, &ev);
1430
1431 (void) close (cnt);
1432
1433 starttime[cnt] = 0;
1434 if (cnt == highest)
1435 --highest;
1436 }
1437 else if (cnt != sock && starttime[cnt] == 0 && cnt == highest)
1438 --highest;
1439
1440 if (restart_p (now))
1441 restart ();
1442 }
1443 }
1444 #endif
1445
1446
1447 /* Start all the threads we want. The initial process is thread no. 1. */
1448 void
1449 start_threads (void)
1450 {
1451 /* Initialize the conditional variable we will use. The only
1452 non-standard attribute we might use is the clock selection. */
1453 pthread_condattr_t condattr;
1454 pthread_condattr_init (&condattr);
1455
1456 #if defined _POSIX_CLOCK_SELECTION && _POSIX_CLOCK_SELECTION >= 0 \
1457 && defined _POSIX_MONOTONIC_CLOCK && _POSIX_MONOTONIC_CLOCK >= 0
1458 /* Determine whether the monotonous clock is available. */
1459 struct timespec dummy;
1460 # if _POSIX_MONOTONIC_CLOCK == 0
1461 if (sysconf (_SC_MONOTONIC_CLOCK) > 0)
1462 # endif
1463 # if _POSIX_CLOCK_SELECTION == 0
1464 if (sysconf (_SC_CLOCK_SELECTION) > 0)
1465 # endif
1466 if (clock_getres (CLOCK_MONOTONIC, &dummy) == 0
1467 && pthread_condattr_setclock (&condattr, CLOCK_MONOTONIC) == 0)
1468 timeout_clock = CLOCK_MONOTONIC;
1469 #endif
1470
1471 pthread_cond_init (&readylist_cond, &condattr);
1472 pthread_condattr_destroy (&condattr);
1473
1474
1475 /* Create the attribute for the threads. They are all created
1476 detached. */
1477 pthread_attr_init (&attr);
1478 pthread_attr_setdetachstate (&attr, PTHREAD_CREATE_DETACHED);
1479 /* Use 1MB stacks, twice as much for 64-bit architectures. */
1480 pthread_attr_setstacksize (&attr, 1024 * 1024 * (sizeof (void *) / 4));
1481
1482 /* We allow less than LASTDB threads only for debugging. */
1483 if (debug_level == 0)
1484 nthreads = MAX (nthreads, lastdb);
1485
1486 int nfailed = 0;
1487 for (long int i = 0; i < nthreads; ++i)
1488 {
1489 pthread_t th;
1490 if (pthread_create (&th, &attr, nscd_run, (void *) (i - nfailed)) != 0)
1491 ++nfailed;
1492 }
1493 if (nthreads - nfailed < lastdb)
1494 {
1495 /* We could not start enough threads. */
1496 dbg_log (_("could only start %d threads; terminating"),
1497 nthreads - nfailed);
1498 exit (1);
1499 }
1500
1501 /* Determine how much room for descriptors we should initially
1502 allocate. This might need to change later if we cap the number
1503 with MAXCONN. */
1504 const long int nfds = sysconf (_SC_OPEN_MAX);
1505 #define MINCONN 32
1506 #define MAXCONN 16384
1507 if (nfds == -1 || nfds > MAXCONN)
1508 nconns = MAXCONN;
1509 else if (nfds < MINCONN)
1510 nconns = MINCONN;
1511 else
1512 nconns = nfds;
1513
1514 /* We need memory to pass descriptors on to the worker threads. */
1515 fdlist = (struct fdlist *) xcalloc (nconns, sizeof (fdlist[0]));
1516 /* Array to keep track when connection was accepted. */
1517 starttime = (time_t *) xcalloc (nconns, sizeof (starttime[0]));
1518
1519 /* In the main thread we execute the loop which handles incoming
1520 connections. */
1521 #ifdef HAVE_EPOLL
1522 int efd = epoll_create (100);
1523 if (efd != -1)
1524 {
1525 main_loop_epoll (efd);
1526 close (efd);
1527 }
1528 #endif
1529
1530 main_loop_poll ();
1531 }
1532
1533
1534 /* Look up the uid, gid, and supplementary groups to run nscd as. When
1535 this function is called, we are not listening on the nscd socket yet so
1536 we can just use the ordinary lookup functions without causing a lockup */
1537 static void
1538 begin_drop_privileges (void)
1539 {
1540 struct passwd *pwd = getpwnam (server_user);
1541
1542 if (pwd == NULL)
1543 {
1544 dbg_log (_("Failed to run nscd as user '%s'"), server_user);
1545 error (EXIT_FAILURE, 0, _("Failed to run nscd as user '%s'"),
1546 server_user);
1547 }
1548
1549 server_uid = pwd->pw_uid;
1550 server_gid = pwd->pw_gid;
1551
1552 /* Save the old UID/GID if we have to change back. */
1553 if (paranoia)
1554 {
1555 old_uid = getuid ();
1556 old_gid = getgid ();
1557 }
1558
1559 if (getgrouplist (server_user, server_gid, NULL, &server_ngroups) == 0)
1560 {
1561 /* This really must never happen. */
1562 dbg_log (_("Failed to run nscd as user '%s'"), server_user);
1563 error (EXIT_FAILURE, errno, _("initial getgrouplist failed"));
1564 }
1565
1566 server_groups = (gid_t *) xmalloc (server_ngroups * sizeof (gid_t));
1567
1568 if (getgrouplist (server_user, server_gid, server_groups, &server_ngroups)
1569 == -1)
1570 {
1571 dbg_log (_("Failed to run nscd as user '%s'"), server_user);
1572 error (EXIT_FAILURE, errno, _("getgrouplist failed"));
1573 }
1574 }
1575
1576
1577 /* Call setgroups(), setgid(), and setuid() to drop root privileges and
1578 run nscd as the user specified in the configuration file. */
1579 static void
1580 finish_drop_privileges (void)
1581 {
1582 if (setgroups (server_ngroups, server_groups) == -1)
1583 {
1584 dbg_log (_("Failed to run nscd as user '%s'"), server_user);
1585 error (EXIT_FAILURE, errno, _("setgroups failed"));
1586 }
1587
1588 if (setgid (server_gid) == -1)
1589 {
1590 dbg_log (_("Failed to run nscd as user '%s'"), server_user);
1591 perror ("setgid");
1592 exit (1);
1593 }
1594
1595 if (setuid (server_uid) == -1)
1596 {
1597 dbg_log (_("Failed to run nscd as user '%s'"), server_user);
1598 perror ("setuid");
1599 exit (1);
1600 }
1601 }
sources.redhat.com git mirror of glibc CVS