1 /* Copyright (c) 1998-2014 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998.
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, see <http://www.gnu.org/licenses/>. */
18 /* nscd - Name Service Cache Daemon. Caches passwd, group, and hosts. */
38 #include <sys/socket.h>
48 #include "../nss/nsswitch.h"
49 #include <device-nrs.h>
51 # include <sys/inotify.h>
53 #include <kernel-features.h>
55 /* Get libc version number. */
58 #define PACKAGE _libc_intl_domainname
66 /* Running in background as daemon. */
68 /* Running in foreground but otherwise behave like a daemon,
69 i.e., detach from terminal and use syslog. This allows
70 better integration with services like systemd. */
72 /* Run in foreground in debug mode. */
76 static run_modes run_mode
= RUN_DAEMONIZE
;
78 static const char *conffile
= _PATH_NSCDCONF
;
82 uintptr_t pagesize_m1
;
86 time_t restart_interval
= RESTART_INTERVAL
;
91 static int check_pid (const char *file
);
92 static int write_pid (const char *file
);
93 static int monitor_child (int fd
);
95 /* Name and version of program. */
96 static void print_version (FILE *stream
, struct argp_state
*state
);
97 void (*argp_program_version_hook
) (FILE *, struct argp_state
*) = print_version
;
99 /* Function to print some extra text in the help message. */
100 static char *more_help (int key
, const char *text
, void *input
);
102 /* Definitions of arguments for argp functions. */
103 static const struct argp_option options
[] =
105 { "config-file", 'f', N_("NAME"), 0,
106 N_("Read configuration data from NAME") },
107 { "debug", 'd', NULL
, 0,
108 N_("Do not fork and display messages on the current tty") },
109 { "foreground", 'F', NULL
, 0,
110 N_("Do not fork, but otherwise behave like a daemon") },
111 { "nthreads", 't', N_("NUMBER"), 0, N_("Start NUMBER threads") },
112 { "shutdown", 'K', NULL
, 0, N_("Shut the server down") },
113 { "statistics", 'g', NULL
, 0, N_("Print current configuration statistics") },
114 { "invalidate", 'i', N_("TABLE"), 0,
115 N_("Invalidate the specified cache") },
116 { "secure", 'S', N_("TABLE,yes"), OPTION_HIDDEN
,
117 N_("Use separate cache for each user")},
118 { NULL
, 0, NULL
, 0, NULL
}
121 /* Short description of program. */
122 static const char doc
[] = N_("Name Service Cache Daemon.");
124 /* Prototype for option handler. */
125 static error_t
parse_opt (int key
, char *arg
, struct argp_state
*state
);
127 /* Data structure to communicate with argp functions. */
128 static struct argp argp
=
130 options
, parse_opt
, NULL
, doc
, NULL
, more_help
133 /* True if only statistics are requested. */
134 static bool get_stats
;
135 static int parent_fd
= -1;
138 main (int argc
, char **argv
)
142 /* Set locale via LC_ALL. */
143 setlocale (LC_ALL
, "");
144 /* Set the text message domain. */
145 textdomain (PACKAGE
);
147 /* Determine if the kernel has SELinux support. */
148 nscd_selinux_enabled (&selinux_enabled
);
150 /* Parse and process arguments. */
151 argp_parse (&argp
, argc
, argv
, 0, &remaining
, NULL
);
153 if (remaining
!= argc
)
155 error (0, 0, gettext ("wrong number of arguments"));
156 argp_help (&argp
, stdout
, ARGP_HELP_SEE
, program_invocation_short_name
);
160 /* Read the configuration file. */
161 if (nscd_parse_file (conffile
, dbs
) != 0)
162 /* We couldn't read the configuration file. We don't start the
164 error (EXIT_FAILURE
, 0,
165 _("failure while reading configuration file; this is fatal"));
167 /* Do we only get statistics? */
169 /* Does not return. */
170 receive_print_stats ();
172 /* Check if we are already running. */
173 if (check_pid (_PATH_NSCDPID
))
174 error (EXIT_FAILURE
, 0, _("already running"));
176 /* Remember when we started. */
177 start_time
= time (NULL
);
179 /* Determine page size. */
180 pagesize_m1
= getpagesize () - 1;
182 if (run_mode
== RUN_DAEMONIZE
|| run_mode
== RUN_FOREGROUND
)
187 /* Behave like a daemon. */
188 if (run_mode
== RUN_DAEMONIZE
)
193 error (EXIT_FAILURE
, errno
,
194 _("cannot create a pipe to talk to the child"));
198 error (EXIT_FAILURE
, errno
, _("cannot fork"));
201 /* The parent only reads from the child. */
203 exit (monitor_child (fd
[0]));
207 /* The child only writes to the parent. */
213 int nullfd
= open (_PATH_DEVNULL
, O_RDWR
);
218 if (fstat64 (nullfd
, &st
) == 0 && S_ISCHR (st
.st_mode
) != 0
219 #if defined DEV_NULL_MAJOR && defined DEV_NULL_MINOR
220 && st
.st_rdev
== makedev (DEV_NULL_MAJOR
, DEV_NULL_MINOR
)
224 /* It is the /dev/null special device alright. */
225 (void) dup2 (nullfd
, STDIN_FILENO
);
226 (void) dup2 (nullfd
, STDOUT_FILENO
);
227 (void) dup2 (nullfd
, STDERR_FILENO
);
234 /* Ugh, somebody is trying to play a trick on us. */
239 int min_close_fd
= nullfd
== -1 ? 0 : STDERR_FILENO
+ 1;
241 DIR *d
= opendir ("/proc/self/fd");
244 struct dirent64
*dirent
;
245 int dfdn
= dirfd (d
);
247 while ((dirent
= readdir64 (d
)) != NULL
)
250 long int fdn
= strtol (dirent
->d_name
, &endp
, 10);
252 if (*endp
== '\0' && fdn
!= dfdn
&& fdn
>= min_close_fd
260 for (i
= min_close_fd
; i
< getdtablesize (); i
++)
266 if (chdir ("/") != 0)
267 do_exit (EXIT_FAILURE
, errno
,
268 _("cannot change current working directory to \"/\""));
270 openlog ("nscd", LOG_CONS
| LOG_ODELAY
, LOG_DAEMON
);
272 if (write_pid (_PATH_NSCDPID
) < 0)
273 dbg_log ("%s: %s", _PATH_NSCDPID
, strerror (errno
));
275 if (!init_logfile ())
276 dbg_log (_("Could not create log file"));
278 /* Ignore job control signals. */
279 signal (SIGTTOU
, SIG_IGN
);
280 signal (SIGTTIN
, SIG_IGN
);
281 signal (SIGTSTP
, SIG_IGN
);
284 /* In debug mode we are not paranoid. */
287 signal (SIGINT
, termination_handler
);
288 signal (SIGQUIT
, termination_handler
);
289 signal (SIGTERM
, termination_handler
);
290 signal (SIGPIPE
, SIG_IGN
);
292 /* Cleanup files created by a previous 'bind'. */
293 unlink (_PATH_NSCDSOCKET
);
296 /* Use inotify to recognize changed files. */
297 inotify_fd
= inotify_init1 (IN_NONBLOCK
);
298 # ifndef __ASSUME_IN_NONBLOCK
299 if (inotify_fd
== -1 && errno
== ENOSYS
)
301 inotify_fd
= inotify_init ();
302 if (inotify_fd
!= -1)
303 fcntl (inotify_fd
, F_SETFL
, O_RDONLY
| O_NONBLOCK
);
309 /* Make sure we do not get recursive calls. */
310 __nss_disable_nscd (register_traced_file
);
313 /* Init databases. */
316 /* Start the SELinux AVC. */
320 /* Handle incoming requests */
327 /* Handle program arguments. */
329 parse_opt (int key
, char *arg
, struct argp_state
*state
)
335 run_mode
= RUN_DEBUG
;
339 run_mode
= RUN_FOREGROUND
;
348 error (4, 0, _("Only root is allowed to use this option!"));
350 int sock
= nscd_open_socket ();
356 req
.version
= NSCD_VERSION
;
360 ssize_t nbytes
= TEMP_FAILURE_RETRY (send (sock
, &req
,
361 sizeof (request_header
),
364 exit (nbytes
!= sizeof (request_header
) ? EXIT_FAILURE
: EXIT_SUCCESS
);
373 error (4, 0, _("Only root is allowed to use this option!"));
376 int sock
= nscd_open_socket ();
382 for (cnt
= pwddb
; cnt
< lastdb
; ++cnt
)
383 if (strcmp (arg
, dbnames
[cnt
]) == 0)
388 argp_error (state
, _("'%s' is not a known database"), arg
);
392 size_t arg_len
= strlen (arg
) + 1;
399 reqdata
.req
.key_len
= strlen (arg
) + 1;
400 reqdata
.req
.version
= NSCD_VERSION
;
401 reqdata
.req
.type
= INVALIDATE
;
402 memcpy (reqdata
.arg
, arg
, arg_len
);
404 ssize_t nbytes
= TEMP_FAILURE_RETRY (send (sock
, &reqdata
,
405 sizeof (request_header
)
409 if (nbytes
!= sizeof (request_header
) + arg_len
)
413 error (EXIT_FAILURE
, err
, _("write incomplete"));
416 /* Wait for ack. Older nscd just closed the socket when
417 prune_cache finished, silently ignore that. */
419 nbytes
= TEMP_FAILURE_RETRY (read (sock
, &resp
, sizeof (resp
)));
420 if (nbytes
!= 0 && nbytes
!= sizeof (resp
))
424 error (EXIT_FAILURE
, err
, _("cannot read invalidate ACK"));
430 error (EXIT_FAILURE
, resp
, _("invalidation failed"));
436 nthreads
= atol (arg
);
440 error (0, 0, _("secure services not implemented anymore"));
444 return ARGP_ERR_UNKNOWN
;
450 /* Print bug-reporting information in the help message. */
452 more_help (int key
, const char *text
, void *input
)
454 char *tables
, *tp
= NULL
;
458 case ARGP_KEY_HELP_EXTRA
:
462 tables
= xmalloc (sizeof (dbnames
) + 1);
463 for (cnt
= 0; cnt
< lastdb
; cnt
++)
465 strcat (tables
, dbnames
[cnt
]);
466 strcat (tables
, " ");
470 /* We print some extra information. */
471 if (asprintf (&tp
, gettext ("\
475 For bug reporting instructions, please see:\n\
477 "), tables
, REPORT_BUGS_TO
) < 0)
486 return (char *) text
;
489 /* Print the version information. */
491 print_version (FILE *stream
, struct argp_state
*state
)
493 fprintf (stream
, "nscd %s%s\n", PKGVERSION
, VERSION
);
494 fprintf (stream
, gettext ("\
495 Copyright (C) %s Free Software Foundation, Inc.\n\
496 This is free software; see the source for copying conditions. There is NO\n\
497 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\
499 fprintf (stream
, gettext ("Written by %s.\n"),
500 "Thorsten Kukuk and Ulrich Drepper");
504 /* Create a socket connected to a name. */
506 nscd_open_socket (void)
508 struct sockaddr_un addr
;
511 sock
= socket (PF_UNIX
, SOCK_STREAM
, 0);
515 addr
.sun_family
= AF_UNIX
;
516 assert (sizeof (addr
.sun_path
) >= sizeof (_PATH_NSCDSOCKET
));
517 strcpy (addr
.sun_path
, _PATH_NSCDSOCKET
);
518 if (connect (sock
, (struct sockaddr
*) &addr
, sizeof (addr
)) < 0)
530 termination_handler (int signum
)
534 /* Clean up the file created by 'bind'. */
535 unlink (_PATH_NSCDSOCKET
);
537 /* Clean up pid file. */
538 unlink (_PATH_NSCDPID
);
540 // XXX Terminate threads.
542 /* Synchronize memory. */
543 for (int cnt
= 0; cnt
< lastdb
; ++cnt
)
545 if (!dbs
[cnt
].enabled
|| dbs
[cnt
].head
== NULL
)
548 /* Make sure nobody keeps using the database. */
549 dbs
[cnt
].head
->timestamp
= 0;
551 if (dbs
[cnt
].persistent
)
553 msync (dbs
[cnt
].head
, dbs
[cnt
].memsize
, MS_ASYNC
);
556 _exit (EXIT_SUCCESS
);
559 /* Returns 1 if the process in pid file FILE is running, 0 if not. */
561 check_pid (const char *file
)
565 fp
= fopen (file
, "r");
571 n
= fscanf (fp
, "%d", &pid
);
574 /* If we cannot parse the file default to assuming nscd runs.
575 If the PID is alive, assume it is running. That all unless
576 the PID is the same as the current process' since tha latter
577 can mean we re-exec. */
578 if ((n
!= 1 || kill (pid
, 0) == 0) && pid
!= getpid ())
585 /* Write the current process id to the file FILE.
586 Returns 0 if successful, -1 if not. */
588 write_pid (const char *file
)
592 fp
= fopen (file
, "w");
596 fprintf (fp
, "%d\n", getpid ());
598 int result
= fflush (fp
) || ferror (fp
) ? -1 : 0;
606 monitor_child (int fd
)
609 int ret
= read (fd
, &child_ret
, sizeof (child_ret
));
611 /* The child terminated with an error, either via exit or some other abnormal
612 method, like a segfault. */
613 if (ret
<= 0 || child_ret
!= 0)
616 int err
= wait (&status
);
620 fprintf (stderr
, _("'wait' failed\n"));
624 if (WIFEXITED (status
))
626 child_ret
= WEXITSTATUS (status
);
627 fprintf (stderr
, _("child exited with status %d\n"), child_ret
);
629 if (WIFSIGNALED (status
))
631 child_ret
= WTERMSIG (status
);
632 fprintf (stderr
, _("child terminated by signal %d\n"), child_ret
);
636 /* We have the child status, so exit with that code. */
643 do_exit (int child_ret
, int errnum
, const char *format
, ...)
647 int ret
= write (parent_fd
, &child_ret
, sizeof (child_ret
));
648 assert (ret
== sizeof (child_ret
));
654 /* Emulate error() since we don't have a va_list variant for it. */
659 fprintf (stderr
, "%s: ", program_invocation_name
);
661 va_start (argp
, format
);
662 vfprintf (stderr
, format
, argp
);
665 fprintf (stderr
, ": %s\n", strerror (errnum
));
674 notify_parent (int child_ret
)
679 int ret
= write (parent_fd
, &child_ret
, sizeof (child_ret
));
680 assert (ret
== sizeof (child_ret
));