1 /* Inner loops of cache daemon.
2 Copyright (C) 1998-2003, 2004 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4 Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.
6 The GNU C Library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
11 The GNU C Library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with the GNU C Library; if not, write to the Free
18 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
35 #include <arpa/inet.h>
37 # include <sys/epoll.h>
40 #include <sys/param.h>
42 #include <sys/socket.h>
51 /* Number of bytes of data we initially reserve for each hash table bucket. */
52 #define DEFAULT_DATASIZE_PER_BUCKET 1024
55 /* Wrapper functions with error checking for standard functions. */
56 extern void *xmalloc (size_t n
);
57 extern void *xcalloc (size_t n
, size_t s
);
58 extern void *xrealloc (void *o
, size_t n
);
60 /* Support to run nscd as an unprivileged user */
61 const char *server_user
;
62 static uid_t server_uid
;
63 static gid_t server_gid
;
64 const char *stat_user
;
66 static gid_t
*server_groups
;
70 static int server_ngroups
;
72 static pthread_attr_t attr
;
74 static void begin_drop_privileges (void);
75 static void finish_drop_privileges (void);
77 /* Map request type to a string. */
78 const char *serv2str
[LASTREQ
] =
80 [GETPWBYNAME
] = "GETPWBYNAME",
81 [GETPWBYUID
] = "GETPWBYUID",
82 [GETGRBYNAME
] = "GETGRBYNAME",
83 [GETGRBYGID
] = "GETGRBYGID",
84 [GETHOSTBYNAME
] = "GETHOSTBYNAME",
85 [GETHOSTBYNAMEv6
] = "GETHOSTBYNAMEv6",
86 [GETHOSTBYADDR
] = "GETHOSTBYADDR",
87 [GETHOSTBYADDRv6
] = "GETHOSTBYADDRv6",
88 [SHUTDOWN
] = "SHUTDOWN",
89 [GETSTAT
] = "GETSTAT",
90 [INVALIDATE
] = "INVALIDATE",
91 [GETFDPW
] = "GETFDPW",
92 [GETFDGR
] = "GETFDGR",
93 [GETFDHST
] = "GETFDHST",
95 [INITGROUPS
] = "INITGROUPS"
98 /* The control data structures for the services. */
99 struct database_dyn dbs
[lastdb
] =
102 .lock
= PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP
,
107 .filename
= "/etc/passwd",
108 .db_filename
= _PATH_NSCD_PASSWD_DB
,
109 .disabled_iov
= &pwd_iov_disabled
,
117 .lock
= PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP
,
122 .filename
= "/etc/group",
123 .db_filename
= _PATH_NSCD_GROUP_DB
,
124 .disabled_iov
= &grp_iov_disabled
,
132 .lock
= PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP
,
137 .filename
= "/etc/hosts",
138 .db_filename
= _PATH_NSCD_HOSTS_DB
,
139 .disabled_iov
= &hst_iov_disabled
,
149 /* Mapping of request type to database. */
150 static struct database_dyn
*const serv2db
[LASTREQ
] =
152 [GETPWBYNAME
] = &dbs
[pwddb
],
153 [GETPWBYUID
] = &dbs
[pwddb
],
154 [GETGRBYNAME
] = &dbs
[grpdb
],
155 [GETGRBYGID
] = &dbs
[grpdb
],
156 [GETHOSTBYNAME
] = &dbs
[hstdb
],
157 [GETHOSTBYNAMEv6
] = &dbs
[hstdb
],
158 [GETHOSTBYADDR
] = &dbs
[hstdb
],
159 [GETHOSTBYADDRv6
] = &dbs
[hstdb
],
160 [GETFDPW
] = &dbs
[pwddb
],
161 [GETFDGR
] = &dbs
[grpdb
],
162 [GETFDHST
] = &dbs
[hstdb
],
163 [GETAI
] = &dbs
[hstdb
],
164 [INITGROUPS
] = &dbs
[grpdb
]
168 /* Number of seconds between two cache pruning runs. */
169 #define CACHE_PRUNE_INTERVAL 15
172 /* Initial number of threads to use. */
174 /* Maximum number of threads to use. */
175 int max_nthreads
= 32;
177 /* Socket for incoming connections. */
180 /* Number of times clients had to wait. */
181 unsigned long int client_queued
;
184 /* Initialize database information structures. */
188 struct sockaddr_un sock_addr
;
191 /* Secure mode and unprivileged mode are incompatible */
192 if (server_user
!= NULL
&& secure_in_use
)
194 dbg_log (_("Cannot run nscd in secure mode as unprivileged user"));
198 /* Look up unprivileged uid/gid/groups before we start listening on the
200 if (server_user
!= NULL
)
201 begin_drop_privileges ();
204 /* No configuration for this value, assume a default. */
205 nthreads
= 2 * lastdb
;
207 for (cnt
= 0; cnt
< lastdb
; ++cnt
)
208 if (dbs
[cnt
].enabled
)
210 pthread_rwlock_init (&dbs
[cnt
].lock
, NULL
);
211 pthread_mutex_init (&dbs
[cnt
].memlock
, NULL
);
213 if (dbs
[cnt
].persistent
)
215 /* Try to open the appropriate file on disk. */
216 int fd
= open (dbs
[cnt
].db_filename
, O_RDWR
);
222 struct database_pers_head head
;
223 ssize_t n
= TEMP_FAILURE_RETRY (read (fd
, &head
,
225 if (n
!= sizeof (head
) || fstat64 (fd
, &st
) != 0)
228 dbg_log (_("invalid persistent database file \"%s\": %s"),
229 dbs
[cnt
].db_filename
, strerror (errno
));
230 dbs
[cnt
].persistent
= 0;
232 else if (head
.module
== 0 && head
.data_size
== 0)
234 /* The file has been created, but the head has not been
235 initialized yet. Remove the old file. */
236 unlink (dbs
[cnt
].db_filename
);
238 else if (head
.header_size
!= (int) sizeof (head
))
240 dbg_log (_("invalid persistent database file \"%s\": %s"),
241 dbs
[cnt
].db_filename
,
242 _("header size does not match"));
243 dbs
[cnt
].persistent
= 0;
245 else if ((total
= (sizeof (head
)
246 + roundup (head
.module
* sizeof (ref_t
),
251 dbg_log (_("invalid persistent database file \"%s\": %s"),
252 dbs
[cnt
].db_filename
,
253 _("file size does not match"));
254 dbs
[cnt
].persistent
= 0;
256 else if ((mem
= mmap (NULL
, total
, PROT_READ
| PROT_WRITE
,
257 MAP_SHARED
, fd
, 0)) == MAP_FAILED
)
261 /* Success. We have the database. */
263 dbs
[cnt
].memsize
= total
;
264 dbs
[cnt
].data
= (char *)
265 &dbs
[cnt
].head
->array
[roundup (dbs
[cnt
].head
->module
,
266 ALIGN
/ sizeof (ref_t
))];
267 dbs
[cnt
].mmap_used
= true;
269 if (dbs
[cnt
].suggested_module
> head
.module
)
270 dbg_log (_("suggested size of table for database %s larger than the persistent database's table"),
275 /* We also need a read-only descriptor. */
278 dbs
[cnt
].ro_fd
= open (dbs
[cnt
].db_filename
, O_RDONLY
);
279 if (dbs
[cnt
].ro_fd
== -1)
281 cannot create read-only descriptor for \"%s\"; no mmap"),
282 dbs
[cnt
].db_filename
);
285 // XXX Shall we test whether the descriptors actually
286 // XXX point to the same file?
289 /* Close the file descriptors in case something went
290 wrong in which case the variable have not been
297 if (dbs
[cnt
].head
== NULL
)
299 /* No database loaded. Allocate the data structure,
301 struct database_pers_head head
;
302 size_t total
= (sizeof (head
)
303 + roundup (dbs
[cnt
].suggested_module
304 * sizeof (ref_t
), ALIGN
)
305 + (dbs
[cnt
].suggested_module
306 * DEFAULT_DATASIZE_PER_BUCKET
));
308 /* Try to create the database. If we do not need a
309 persistent database create a temporary file. */
312 if (dbs
[cnt
].persistent
)
314 fd
= open (dbs
[cnt
].db_filename
,
315 O_RDWR
| O_CREAT
| O_EXCL
| O_TRUNC
,
317 if (fd
!= -1 && dbs
[cnt
].shared
)
318 ro_fd
= open (dbs
[cnt
].db_filename
, O_RDONLY
);
322 char fname
[] = _PATH_NSCD_XYZ_DB_TMP
;
323 fd
= mkstemp (fname
);
325 /* We do not need the file name anymore after we
326 opened another file descriptor in read-only mode. */
330 ro_fd
= open (fname
, O_RDONLY
);
340 dbg_log (_("database for %s corrupted or simultaneously used; remove %s manually if necessary and restart"),
341 dbnames
[cnt
], dbs
[cnt
].db_filename
);
342 // XXX Correct way to terminate?
346 if (dbs
[cnt
].persistent
)
347 dbg_log (_("cannot create %s; no persistent database used"),
348 dbs
[cnt
].db_filename
);
350 dbg_log (_("cannot create %s; no sharing possible"),
351 dbs
[cnt
].db_filename
);
353 dbs
[cnt
].persistent
= 0;
354 // XXX remember: no mmap
358 /* Tell the user if we could not create the read-only
360 if (ro_fd
== -1 && dbs
[cnt
].shared
)
362 cannot create read-only descriptor for \"%s\"; no mmap"),
363 dbs
[cnt
].db_filename
);
365 /* Before we create the header, initialiye the hash
366 table. So that if we get interrupted if writing
367 the header we can recognize a partially initialized
369 size_t ps
= sysconf (_SC_PAGESIZE
);
371 assert (~ENDREF
== 0);
372 memset (tmpbuf
, '\xff', ps
);
374 size_t remaining
= dbs
[cnt
].suggested_module
* sizeof (ref_t
);
375 off_t offset
= sizeof (head
);
378 if (offset
% ps
!= 0)
380 towrite
= MIN (remaining
, ps
- (offset
% ps
));
381 pwrite (fd
, tmpbuf
, towrite
, offset
);
383 remaining
-= towrite
;
386 while (remaining
> ps
)
388 pwrite (fd
, tmpbuf
, ps
, offset
);
394 pwrite (fd
, tmpbuf
, remaining
, offset
);
396 /* Create the header of the file. */
397 struct database_pers_head head
=
399 .version
= DB_VERSION
,
400 .header_size
= sizeof (head
),
401 .module
= dbs
[cnt
].suggested_module
,
402 .data_size
= (dbs
[cnt
].suggested_module
403 * DEFAULT_DATASIZE_PER_BUCKET
),
408 if ((TEMP_FAILURE_RETRY (write (fd
, &head
, sizeof (head
)))
410 || ftruncate (fd
, total
) != 0
411 || (mem
= mmap (NULL
, total
, PROT_READ
| PROT_WRITE
,
412 MAP_SHARED
, fd
, 0)) == MAP_FAILED
)
414 unlink (dbs
[cnt
].db_filename
);
415 dbg_log (_("cannot write to database file %s: %s"),
416 dbs
[cnt
].db_filename
, strerror (errno
));
417 dbs
[cnt
].persistent
= 0;
423 dbs
[cnt
].data
= (char *)
424 &dbs
[cnt
].head
->array
[roundup (dbs
[cnt
].head
->module
,
425 ALIGN
/ sizeof (ref_t
))];
426 dbs
[cnt
].memsize
= total
;
427 dbs
[cnt
].mmap_used
= true;
429 /* Remember the descriptors. */
431 dbs
[cnt
].ro_fd
= ro_fd
;
444 && ((dbs
[cnt
].wr_fd
!= -1
445 && fcntl (dbs
[cnt
].wr_fd
, F_SETFD
, FD_CLOEXEC
) == -1)
446 || (dbs
[cnt
].ro_fd
!= -1
447 && fcntl (dbs
[cnt
].ro_fd
, F_SETFD
, FD_CLOEXEC
) == -1)))
450 cannot set socket to close on exec: %s; disabling paranoia mode"),
455 if (dbs
[cnt
].head
== NULL
)
457 /* We do not use the persistent database. Just
458 create an in-memory data structure. */
459 assert (! dbs
[cnt
].persistent
);
461 dbs
[cnt
].head
= xmalloc (sizeof (struct database_pers_head
)
462 + (dbs
[cnt
].suggested_module
464 memset (dbs
[cnt
].head
, '\0', sizeof (dbs
[cnt
].head
));
465 assert (~ENDREF
== 0);
466 memset (dbs
[cnt
].head
->array
, '\xff',
467 dbs
[cnt
].suggested_module
* sizeof (ref_t
));
468 dbs
[cnt
].head
->module
= dbs
[cnt
].suggested_module
;
469 dbs
[cnt
].head
->data_size
= (DEFAULT_DATASIZE_PER_BUCKET
470 * dbs
[cnt
].head
->module
);
471 dbs
[cnt
].data
= xmalloc (dbs
[cnt
].head
->data_size
);
472 dbs
[cnt
].head
->first_free
= 0;
475 assert (dbs
[cnt
].ro_fd
== -1);
478 if (dbs
[cnt
].check_file
)
480 /* We need the modification date of the file. */
483 if (stat (dbs
[cnt
].filename
, &st
) < 0)
485 /* We cannot stat() the file, disable file checking. */
486 dbg_log (_("cannot stat() file `%s': %s"),
487 dbs
[cnt
].filename
, strerror (errno
));
488 dbs
[cnt
].check_file
= 0;
491 dbs
[cnt
].file_mtime
= st
.st_mtime
;
495 /* Create the socket. */
496 sock
= socket (AF_UNIX
, SOCK_STREAM
, 0);
499 dbg_log (_("cannot open socket: %s"), strerror (errno
));
502 /* Bind a name to the socket. */
503 sock_addr
.sun_family
= AF_UNIX
;
504 strcpy (sock_addr
.sun_path
, _PATH_NSCDSOCKET
);
505 if (bind (sock
, (struct sockaddr
*) &sock_addr
, sizeof (sock_addr
)) < 0)
507 dbg_log ("%s: %s", _PATH_NSCDSOCKET
, strerror (errno
));
511 /* We don't want to get stuck on accept. */
512 int fl
= fcntl (sock
, F_GETFL
);
513 if (fl
== -1 || fcntl (sock
, F_SETFL
, fl
| O_NONBLOCK
) == -1)
515 dbg_log (_("cannot change socket to nonblocking mode: %s"),
520 /* The descriptor needs to be closed on exec. */
521 if (paranoia
&& fcntl (sock
, F_SETFD
, FD_CLOEXEC
) == -1)
523 dbg_log (_("cannot set socket to close on exec: %s"),
528 /* Set permissions for the socket. */
529 chmod (_PATH_NSCDSOCKET
, DEFFILEMODE
);
531 /* Set the socket up to accept connections. */
532 if (listen (sock
, SOMAXCONN
) < 0)
534 dbg_log (_("cannot enable socket to accept connections: %s"),
539 /* Change to unprivileged uid/gid/groups if specifed in config file */
540 if (server_user
!= NULL
)
541 finish_drop_privileges ();
545 /* Close the connections. */
554 invalidate_cache (char *key
)
558 if (strcmp (key
, "passwd") == 0)
560 else if (strcmp (key
, "group") == 0)
562 else if (__builtin_expect (strcmp (key
, "hosts"), 0) == 0)
566 /* Re-initialize the resolver. resolv.conf might have changed. */
572 if (dbs
[number
].enabled
)
573 prune_cache (&dbs
[number
], LONG_MAX
);
579 send_ro_fd (struct database_dyn
*db
, char *key
, int fd
)
581 /* If we do not have an read-only file descriptor do nothing. */
585 /* We need to send some data along with the descriptor. */
587 iov
[0].iov_base
= key
;
588 iov
[0].iov_len
= strlen (key
) + 1;
590 /* Prepare the control message to transfer the descriptor. */
591 char buf
[CMSG_SPACE (sizeof (int))];
592 struct msghdr msg
= { .msg_iov
= iov
, .msg_iovlen
= 1,
593 .msg_control
= buf
, .msg_controllen
= sizeof (buf
) };
594 struct cmsghdr
*cmsg
= CMSG_FIRSTHDR (&msg
);
596 cmsg
->cmsg_level
= SOL_SOCKET
;
597 cmsg
->cmsg_type
= SCM_RIGHTS
;
598 cmsg
->cmsg_len
= CMSG_LEN (sizeof (int));
600 *(int *) CMSG_DATA (cmsg
) = db
->ro_fd
;
602 msg
.msg_controllen
= cmsg
->cmsg_len
;
604 /* Send the control message. We repeat when we are interrupted but
605 everything else is ignored. */
606 (void) TEMP_FAILURE_RETRY (sendmsg (fd
, &msg
, 0));
608 if (__builtin_expect (debug_level
> 0, 0))
609 dbg_log (_("provide access to FD %d, for %s"), db
->ro_fd
, key
);
611 #endif /* SCM_RIGHTS */
614 /* Handle new request. */
616 handle_request (int fd
, request_header
*req
, void *key
, uid_t uid
)
618 if (__builtin_expect (req
->version
, NSCD_VERSION
) != NSCD_VERSION
)
622 cannot handle old request version %d; current version is %d"),
623 req
->version
, NSCD_VERSION
);
627 /* Make the SELinux check before we go on to the standard checks. We
628 need to verify that the request type is valid, since it has not
629 yet been checked at this point. */
631 && __builtin_expect (req
->type
, GETPWBYNAME
) >= GETPWBYNAME
632 && __builtin_expect (req
->type
, LASTREQ
) < LASTREQ
633 && nscd_request_avc_has_perm (fd
, req
->type
) != 0)
636 struct database_dyn
*db
= serv2db
[req
->type
];
638 // XXX Clean up so that each new command need not introduce a
639 // XXX new conditional.
640 if ((__builtin_expect (req
->type
, GETPWBYNAME
) >= GETPWBYNAME
641 && __builtin_expect (req
->type
, LASTDBREQ
) <= LASTDBREQ
)
642 || req
->type
== GETAI
|| req
->type
== INITGROUPS
)
644 if (__builtin_expect (debug_level
, 0) > 0)
646 if (req
->type
== GETHOSTBYADDR
|| req
->type
== GETHOSTBYADDRv6
)
648 char buf
[INET6_ADDRSTRLEN
];
650 dbg_log ("\t%s (%s)", serv2str
[req
->type
],
651 inet_ntop (req
->type
== GETHOSTBYADDR
652 ? AF_INET
: AF_INET6
,
653 key
, buf
, sizeof (buf
)));
656 dbg_log ("\t%s (%s)", serv2str
[req
->type
], (char *) key
);
659 /* Is this service enabled? */
662 /* No, sent the prepared record. */
663 if (TEMP_FAILURE_RETRY (write (fd
, db
->disabled_iov
->iov_base
,
664 db
->disabled_iov
->iov_len
))
665 != (ssize_t
) db
->disabled_iov
->iov_len
666 && __builtin_expect (debug_level
, 0) > 0)
668 /* We have problems sending the result. */
670 dbg_log (_("cannot write result: %s"),
671 strerror_r (errno
, buf
, sizeof (buf
)));
677 /* Be sure we can read the data. */
678 if (__builtin_expect (pthread_rwlock_tryrdlock (&db
->lock
) != 0, 0))
680 ++db
->head
->rdlockdelayed
;
681 pthread_rwlock_rdlock (&db
->lock
);
684 /* See whether we can handle it from the cache. */
685 struct datahead
*cached
;
686 cached
= (struct datahead
*) cache_search (req
->type
, key
, req
->key_len
,
690 /* Hurray it's in the cache. */
691 if (TEMP_FAILURE_RETRY (write (fd
, cached
->data
, cached
->recsize
))
693 && __builtin_expect (debug_level
, 0) > 0)
695 /* We have problems sending the result. */
697 dbg_log (_("cannot write result: %s"),
698 strerror_r (errno
, buf
, sizeof (buf
)));
701 pthread_rwlock_unlock (&db
->lock
);
706 pthread_rwlock_unlock (&db
->lock
);
708 else if (__builtin_expect (debug_level
, 0) > 0)
710 if (req
->type
== INVALIDATE
)
711 dbg_log ("\t%s (%s)", serv2str
[req
->type
], (char *) key
);
713 dbg_log ("\t%s", serv2str
[req
->type
]);
716 /* Handle the request. */
720 addpwbyname (db
, fd
, req
, key
, uid
);
724 addpwbyuid (db
, fd
, req
, key
, uid
);
728 addgrbyname (db
, fd
, req
, key
, uid
);
732 addgrbygid (db
, fd
, req
, key
, uid
);
736 addhstbyname (db
, fd
, req
, key
, uid
);
739 case GETHOSTBYNAMEv6
:
740 addhstbynamev6 (db
, fd
, req
, key
, uid
);
744 addhstbyaddr (db
, fd
, req
, key
, uid
);
747 case GETHOSTBYADDRv6
:
748 addhstbyaddrv6 (db
, fd
, req
, key
, uid
);
752 addhstai (db
, fd
, req
, key
, uid
);
756 addinitgroups (db
, fd
, req
, key
, uid
);
764 /* Get the callers credentials. */
767 socklen_t optlen
= sizeof (caller
);
769 if (getsockopt (fd
, SOL_SOCKET
, SO_PEERCRED
, &caller
, &optlen
) < 0)
773 dbg_log (_("error getting callers id: %s"),
774 strerror_r (errno
, buf
, sizeof (buf
)));
780 /* Some systems have no SO_PEERCRED implementation. They don't
781 care about security so we don't as well. */
786 /* Accept shutdown, getstat and invalidate only from root. For
787 the stat call also allow the user specified in the config file. */
788 if (req
->type
== GETSTAT
)
790 if (uid
== 0 || uid
== stat_uid
)
791 send_stats (fd
, dbs
);
795 if (req
->type
== INVALIDATE
)
796 invalidate_cache (key
);
798 termination_handler (0);
806 send_ro_fd (serv2db
[req
->type
], key
, fd
);
811 /* Ignore the command, it's nothing we know. */
817 /* Restart the process. */
821 /* First determine the parameters. We do not use the parameters
822 passed to main() since in case nscd is started by running the
823 dynamic linker this will not work. Yes, this is not the usual
824 case but nscd is part of glibc and we occasionally do this. */
825 size_t buflen
= 1024;
826 char *buf
= alloca (buflen
);
828 int fd
= open ("/proc/self/cmdline", O_RDONLY
);
832 cannot open /proc/self/cmdline: %s; disabling paranoia mode"),
841 ssize_t n
= TEMP_FAILURE_RETRY (read (fd
, buf
+ readlen
,
846 cannot open /proc/self/cmdline: %s; disabling paranoia mode"),
856 if (readlen
< buflen
)
859 /* We might have to extend the buffer. */
860 size_t old_buflen
= buflen
;
861 char *newp
= extend_alloca (buf
, buflen
, 2 * buflen
);
862 buf
= memmove (newp
, buf
, old_buflen
);
867 /* Parse the command line. Worst case scenario: every two
868 characters form one parameter (one character plus NUL). */
869 char **argv
= alloca ((readlen
/ 2 + 1) * sizeof (argv
[0]));
873 while (cp
< buf
+ readlen
)
876 cp
= (char *) rawmemchr (cp
, '\0') + 1;
880 /* Second, change back to the old user if we changed it. */
881 if (server_user
!= NULL
)
883 if (setuid (old_uid
) != 0)
886 cannot change to old UID: %s; disabling paranoia mode"),
893 if (setgid (old_gid
) != 0)
896 cannot change to old GID: %s; disabling paranoia mode"),
905 /* Next change back to the old working directory. */
906 if (chdir (oldcwd
) == -1)
909 cannot change to old working directory: %s; disabling paranoia mode"),
912 if (server_user
!= NULL
)
921 /* Synchronize memory. */
922 for (int cnt
= 0; cnt
< lastdb
; ++cnt
)
924 /* Make sure nobody keeps using the database. */
925 dbs
[cnt
].head
->timestamp
= 0;
927 if (dbs
[cnt
].persistent
)
929 msync (dbs
[cnt
].head
, dbs
[cnt
].memsize
, MS_ASYNC
);
932 /* The preparations are done. */
933 execv ("/proc/self/exe", argv
);
935 /* If we come here, we will never be able to re-exec. */
936 dbg_log (_("re-exec failed: %s; disabling paranoia mode"),
939 if (server_user
!= NULL
)
949 /* List of file descriptors. */
955 /* Memory allocated for the list. */
956 static struct fdlist
*fdlist
;
957 /* List of currently ready-to-read file descriptors. */
958 static struct fdlist
*readylist
;
960 /* Conditional variable and mutex to signal availability of entries in
961 READYLIST. The condvar is initialized dynamically since we might
962 use a different clock depending on availability. */
963 static pthread_cond_t readylist_cond
;
964 static pthread_mutex_t readylist_lock
= PTHREAD_MUTEX_INITIALIZER
;
966 /* The clock to use with the condvar. */
967 static clockid_t timeout_clock
= CLOCK_REALTIME
;
969 /* Number of threads ready to handle the READYLIST. */
970 static unsigned long int nready
;
973 /* This is the main loop. It is replicated in different threads but the
974 `poll' call makes sure only one thread handles an incoming connection. */
976 __attribute__ ((__noreturn__
))
979 const long int my_number
= (long int) p
;
980 const int run_prune
= my_number
< lastdb
&& dbs
[my_number
].enabled
;
981 struct timespec prune_ts
;
987 setup_thread (&dbs
[my_number
]);
989 /* We are running. */
990 dbs
[my_number
].head
->timestamp
= time (NULL
);
992 if (clock_gettime (timeout_clock
, &prune_ts
) == -1)
993 /* Should never happen. */
996 /* Compute timeout time. */
997 prune_ts
.tv_sec
+= CACHE_PRUNE_INTERVAL
;
1000 /* Initial locking. */
1001 pthread_mutex_lock (&readylist_lock
);
1003 /* One more thread available. */
1008 while (readylist
== NULL
)
1012 /* Wait, but not forever. */
1013 to
= pthread_cond_timedwait (&readylist_cond
, &readylist_lock
,
1016 /* If we were woken and there is no work to be done,
1017 just start pruning. */
1018 if (readylist
== NULL
&& to
== ETIMEDOUT
)
1021 pthread_mutex_unlock (&readylist_lock
);
1026 /* No need to timeout. */
1027 pthread_cond_wait (&readylist_cond
, &readylist_lock
);
1030 struct fdlist
*it
= readylist
->next
;
1031 if (readylist
->next
== readylist
)
1032 /* Just one entry on the list. */
1035 readylist
->next
= it
->next
;
1037 /* Extract the information and mark the record ready to be used
1042 /* One more thread available. */
1045 /* We are done with the list. */
1046 pthread_mutex_unlock (&readylist_lock
);
1048 /* We do not want to block on a short read or so. */
1049 int fl
= fcntl (fd
, F_GETFL
);
1050 if (fl
== -1 || fcntl (fd
, F_SETFL
, fl
| O_NONBLOCK
) == -1)
1053 /* Now read the request. */
1055 if (__builtin_expect (TEMP_FAILURE_RETRY (read (fd
, &req
, sizeof (req
)))
1056 != sizeof (req
), 0))
1058 /* We failed to read data. Note that this also might mean we
1059 failed because we would have blocked. */
1060 if (debug_level
> 0)
1061 dbg_log (_("short read while reading request: %s"),
1062 strerror_r (errno
, buf
, sizeof (buf
)));
1066 /* Check whether this is a valid request type. */
1067 if (req
.type
< GETPWBYNAME
|| req
.type
>= LASTREQ
)
1070 /* Some systems have no SO_PEERCRED implementation. They don't
1071 care about security so we don't as well. */
1078 struct ucred caller
;
1079 socklen_t optlen
= sizeof (caller
);
1081 if (getsockopt (fd
, SOL_SOCKET
, SO_PEERCRED
, &caller
, &optlen
) < 0)
1083 dbg_log (_("error getting callers id: %s"),
1084 strerror_r (errno
, buf
, sizeof (buf
)));
1088 if (req
.type
< GETPWBYNAME
|| req
.type
> LASTDBREQ
1089 || serv2db
[req
.type
]->secure
)
1094 else if (__builtin_expect (debug_level
> 0, 0))
1096 struct ucred caller
;
1097 socklen_t optlen
= sizeof (caller
);
1099 if (getsockopt (fd
, SOL_SOCKET
, SO_PEERCRED
, &caller
, &optlen
) == 0)
1104 /* It should not be possible to crash the nscd with a silly
1105 request (i.e., a terribly large key). We limit the size to 1kb. */
1106 #define MAXKEYLEN 1024
1107 if (__builtin_expect (req
.key_len
, 1) < 0
1108 || __builtin_expect (req
.key_len
, 1) > MAXKEYLEN
)
1110 if (debug_level
> 0)
1111 dbg_log (_("key length in request too long: %d"), req
.key_len
);
1116 char keybuf
[MAXKEYLEN
];
1118 if (__builtin_expect (TEMP_FAILURE_RETRY (read (fd
, keybuf
,
1122 /* Again, this can also mean we would have blocked. */
1123 if (debug_level
> 0)
1124 dbg_log (_("short read while reading request key: %s"),
1125 strerror_r (errno
, buf
, sizeof (buf
)));
1129 if (__builtin_expect (debug_level
, 0) > 0)
1134 handle_request: request received (Version = %d) from PID %ld"),
1135 req
.version
, (long int) pid
);
1139 handle_request: request received (Version = %d)"), req
.version
);
1142 /* Phew, we got all the data, now process it. */
1143 handle_request (fd
, &req
, keybuf
, uid
);
1150 /* Check whether we should be pruning the cache. */
1151 assert (run_prune
|| to
== 0);
1152 if (to
== ETIMEDOUT
)
1155 /* The pthread_cond_timedwait() call timed out. It is time
1156 to clean up the cache. */
1157 assert (my_number
< lastdb
);
1158 prune_cache (&dbs
[my_number
],
1159 prune_ts
.tv_sec
+ (prune_ts
.tv_nsec
>= 500000000));
1161 if (clock_gettime (timeout_clock
, &prune_ts
) == -1)
1162 /* Should never happen. */
1165 /* Compute next timeout time. */
1166 prune_ts
.tv_sec
+= CACHE_PRUNE_INTERVAL
;
1168 /* In case the list is emtpy we do not want to run the prune
1169 code right away again. */
1174 pthread_mutex_lock (&readylist_lock
);
1176 /* One more thread available. */
1182 static unsigned int nconns
;
1187 pthread_mutex_lock (&readylist_lock
);
1189 /* Find an empty entry in FDLIST. */
1191 for (inner
= 0; inner
< nconns
; ++inner
)
1192 if (fdlist
[inner
].next
== NULL
)
1194 assert (inner
< nconns
);
1196 fdlist
[inner
].fd
= fd
;
1198 if (readylist
== NULL
)
1199 readylist
= fdlist
[inner
].next
= &fdlist
[inner
];
1202 fdlist
[inner
].next
= readylist
->next
;
1203 readylist
= readylist
->next
= &fdlist
[inner
];
1206 bool do_signal
= true;
1207 if (__builtin_expect (nready
== 0, 0))
1212 /* Try to start another thread to help out. */
1214 if (nthreads
< max_nthreads
1215 && pthread_create (&th
, &attr
, nscd_run
,
1216 (void *) (long int) nthreads
) == 0)
1218 /* We got another thread. */
1220 /* The new thread might new a kick. */
1226 pthread_mutex_unlock (&readylist_lock
);
1228 /* Tell one of the worker threads there is work to do. */
1230 pthread_cond_signal (&readylist_cond
);
1234 /* Check whether restarting should happen. */
1236 restart_p (time_t now
)
1238 return (paranoia
&& readylist
== NULL
&& nready
== nthreads
1239 && now
>= restart_time
);
1243 /* Array for times a connection was accepted. */
1244 static time_t *starttime
;
1248 __attribute__ ((__noreturn__
))
1249 main_loop_poll (void)
1251 struct pollfd
*conns
= (struct pollfd
*) xmalloc (nconns
1252 * sizeof (conns
[0]));
1255 conns
[0].events
= POLLRDNORM
;
1257 size_t firstfree
= 1;
1261 /* Wait for any event. We wait at most a couple of seconds so
1262 that we can check whether we should close any of the accepted
1263 connections since we have not received a request. */
1264 #define MAX_ACCEPT_TIMEOUT 30
1265 #define MIN_ACCEPT_TIMEOUT 5
1266 #define MAIN_THREAD_TIMEOUT \
1267 (MAX_ACCEPT_TIMEOUT * 1000 \
1268 - ((MAX_ACCEPT_TIMEOUT - MIN_ACCEPT_TIMEOUT) * 1000 * nused) / (2 * nconns))
1270 int n
= poll (conns
, nused
, MAIN_THREAD_TIMEOUT
);
1272 time_t now
= time (NULL
);
1274 /* If there is a descriptor ready for reading or there is a new
1275 connection, process this now. */
1278 if (conns
[0].revents
!= 0)
1280 /* We have a new incoming connection. Accept the connection. */
1281 int fd
= TEMP_FAILURE_RETRY (accept (sock
, NULL
, NULL
));
1283 /* use the descriptor if we have not reached the limit. */
1284 if (fd
>= 0 && firstfree
< nconns
)
1286 conns
[firstfree
].fd
= fd
;
1287 conns
[firstfree
].events
= POLLRDNORM
;
1288 starttime
[firstfree
] = now
;
1289 if (firstfree
>= nused
)
1290 nused
= firstfree
+ 1;
1294 while (firstfree
< nused
&& conns
[firstfree
].fd
!= -1);
1300 for (size_t cnt
= 1; cnt
< nused
&& n
> 0; ++cnt
)
1301 if (conns
[cnt
].revents
!= 0)
1303 fd_ready (conns
[cnt
].fd
);
1305 /* Clean up the CONNS array. */
1307 if (cnt
< firstfree
)
1309 if (cnt
== nused
- 1)
1312 while (conns
[nused
- 1].fd
== -1);
1318 /* Now find entries which have timed out. */
1321 /* We make the timeout length depend on the number of file
1322 descriptors currently used. */
1323 #define ACCEPT_TIMEOUT \
1324 (MAX_ACCEPT_TIMEOUT \
1325 - ((MAX_ACCEPT_TIMEOUT - MIN_ACCEPT_TIMEOUT) * nused) / nconns)
1326 time_t laststart
= now
- ACCEPT_TIMEOUT
;
1328 for (size_t cnt
= nused
- 1; cnt
> 0; --cnt
)
1330 if (conns
[cnt
].fd
!= -1 && starttime
[cnt
] < laststart
)
1332 /* Remove the entry, it timed out. */
1333 (void) close (conns
[cnt
].fd
);
1336 if (cnt
< firstfree
)
1338 if (cnt
== nused
- 1)
1341 while (conns
[nused
- 1].fd
== -1);
1345 if (restart_p (now
))
1353 main_loop_epoll (int efd
)
1355 struct epoll_event ev
= { 0, };
1359 /* Add the socket. */
1360 ev
.events
= EPOLLRDNORM
;
1362 if (epoll_ctl (efd
, EPOLL_CTL_ADD
, sock
, &ev
) == -1)
1363 /* We cannot use epoll. */
1368 struct epoll_event revs
[100];
1369 # define nrevs (sizeof (revs) / sizeof (revs[0]))
1371 int n
= epoll_wait (efd
, revs
, nrevs
, MAIN_THREAD_TIMEOUT
);
1373 time_t now
= time (NULL
);
1375 for (int cnt
= 0; cnt
< n
; ++cnt
)
1376 if (revs
[cnt
].data
.fd
== sock
)
1378 /* A new connection. */
1379 int fd
= TEMP_FAILURE_RETRY (accept (sock
, NULL
, NULL
));
1383 /* Try to add the new descriptor. */
1386 || epoll_ctl (efd
, EPOLL_CTL_ADD
, fd
, &ev
) == -1)
1387 /* The descriptor is too large or something went
1388 wrong. Close the descriptor. */
1392 /* Remember when we accepted the connection. */
1393 starttime
[fd
] = now
;
1404 /* Remove the descriptor from the epoll descriptor. */
1405 struct epoll_event ev
= { 0, };
1406 (void) epoll_ctl (efd
, EPOLL_CTL_DEL
, revs
[cnt
].data
.fd
, &ev
);
1408 /* Get a worked to handle the request. */
1409 fd_ready (revs
[cnt
].data
.fd
);
1411 /* Reset the time. */
1412 starttime
[revs
[cnt
].data
.fd
] = 0;
1413 if (revs
[cnt
].data
.fd
== highest
)
1416 while (highest
> 0 && starttime
[highest
] == 0);
1421 /* Now look for descriptors for accepted connections which have
1422 no reply in too long of a time. */
1423 time_t laststart
= now
- ACCEPT_TIMEOUT
;
1424 for (int cnt
= highest
; cnt
> STDERR_FILENO
; --cnt
)
1425 if (cnt
!= sock
&& starttime
[cnt
] != 0 && starttime
[cnt
] < laststart
)
1427 /* We are waiting for this one for too long. Close it. */
1428 struct epoll_event ev
= {0, };
1429 (void) epoll_ctl (efd
, EPOLL_CTL_DEL
, cnt
, &ev
);
1437 else if (cnt
!= sock
&& starttime
[cnt
] == 0 && cnt
== highest
)
1440 if (restart_p (now
))
1447 /* Start all the threads we want. The initial process is thread no. 1. */
1449 start_threads (void)
1451 /* Initialize the conditional variable we will use. The only
1452 non-standard attribute we might use is the clock selection. */
1453 pthread_condattr_t condattr
;
1454 pthread_condattr_init (&condattr
);
1456 #if defined _POSIX_CLOCK_SELECTION && _POSIX_CLOCK_SELECTION >= 0 \
1457 && defined _POSIX_MONOTONIC_CLOCK && _POSIX_MONOTONIC_CLOCK >= 0
1458 /* Determine whether the monotonous clock is available. */
1459 struct timespec dummy
;
1460 # if _POSIX_MONOTONIC_CLOCK == 0
1461 if (sysconf (_SC_MONOTONIC_CLOCK
) > 0)
1463 # if _POSIX_CLOCK_SELECTION == 0
1464 if (sysconf (_SC_CLOCK_SELECTION
) > 0)
1466 if (clock_getres (CLOCK_MONOTONIC
, &dummy
) == 0
1467 && pthread_condattr_setclock (&condattr
, CLOCK_MONOTONIC
) == 0)
1468 timeout_clock
= CLOCK_MONOTONIC
;
1471 pthread_cond_init (&readylist_cond
, &condattr
);
1472 pthread_condattr_destroy (&condattr
);
1475 /* Create the attribute for the threads. They are all created
1477 pthread_attr_init (&attr
);
1478 pthread_attr_setdetachstate (&attr
, PTHREAD_CREATE_DETACHED
);
1479 /* Use 1MB stacks, twice as much for 64-bit architectures. */
1480 pthread_attr_setstacksize (&attr
, 1024 * 1024 * (sizeof (void *) / 4));
1482 /* We allow less than LASTDB threads only for debugging. */
1483 if (debug_level
== 0)
1484 nthreads
= MAX (nthreads
, lastdb
);
1487 for (long int i
= 0; i
< nthreads
; ++i
)
1490 if (pthread_create (&th
, &attr
, nscd_run
, (void *) (i
- nfailed
)) != 0)
1493 if (nthreads
- nfailed
< lastdb
)
1495 /* We could not start enough threads. */
1496 dbg_log (_("could only start %d threads; terminating"),
1497 nthreads
- nfailed
);
1501 /* Determine how much room for descriptors we should initially
1502 allocate. This might need to change later if we cap the number
1504 const long int nfds
= sysconf (_SC_OPEN_MAX
);
1506 #define MAXCONN 16384
1507 if (nfds
== -1 || nfds
> MAXCONN
)
1509 else if (nfds
< MINCONN
)
1514 /* We need memory to pass descriptors on to the worker threads. */
1515 fdlist
= (struct fdlist
*) xcalloc (nconns
, sizeof (fdlist
[0]));
1516 /* Array to keep track when connection was accepted. */
1517 starttime
= (time_t *) xcalloc (nconns
, sizeof (starttime
[0]));
1519 /* In the main thread we execute the loop which handles incoming
1522 int efd
= epoll_create (100);
1525 main_loop_epoll (efd
);
1534 /* Look up the uid, gid, and supplementary groups to run nscd as. When
1535 this function is called, we are not listening on the nscd socket yet so
1536 we can just use the ordinary lookup functions without causing a lockup */
1538 begin_drop_privileges (void)
1540 struct passwd
*pwd
= getpwnam (server_user
);
1544 dbg_log (_("Failed to run nscd as user '%s'"), server_user
);
1545 error (EXIT_FAILURE
, 0, _("Failed to run nscd as user '%s'"),
1549 server_uid
= pwd
->pw_uid
;
1550 server_gid
= pwd
->pw_gid
;
1552 /* Save the old UID/GID if we have to change back. */
1555 old_uid
= getuid ();
1556 old_gid
= getgid ();
1559 if (getgrouplist (server_user
, server_gid
, NULL
, &server_ngroups
) == 0)
1561 /* This really must never happen. */
1562 dbg_log (_("Failed to run nscd as user '%s'"), server_user
);
1563 error (EXIT_FAILURE
, errno
, _("initial getgrouplist failed"));
1566 server_groups
= (gid_t
*) xmalloc (server_ngroups
* sizeof (gid_t
));
1568 if (getgrouplist (server_user
, server_gid
, server_groups
, &server_ngroups
)
1571 dbg_log (_("Failed to run nscd as user '%s'"), server_user
);
1572 error (EXIT_FAILURE
, errno
, _("getgrouplist failed"));
1577 /* Call setgroups(), setgid(), and setuid() to drop root privileges and
1578 run nscd as the user specified in the configuration file. */
1580 finish_drop_privileges (void)
1582 if (setgroups (server_ngroups
, server_groups
) == -1)
1584 dbg_log (_("Failed to run nscd as user '%s'"), server_user
);
1585 error (EXIT_FAILURE
, errno
, _("setgroups failed"));
1588 if (setgid (server_gid
) == -1)
1590 dbg_log (_("Failed to run nscd as user '%s'"), server_user
);
1595 if (setuid (server_uid
) == -1)
1597 dbg_log (_("Failed to run nscd as user '%s'"), server_user
);