1 | /* Cache handling for passwd lookup. |
2 | Copyright (C) 1998-2017 Free Software Foundation, Inc. |
3 | This file is part of the GNU C Library. |
4 | Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998. |
5 | |
6 | This program is free software; you can redistribute it and/or modify |
7 | it under the terms of the GNU General Public License as published |
8 | by the Free Software Foundation; version 2 of the License, or |
9 | (at your option) any later version. |
10 | |
11 | This program is distributed in the hope that it will be useful, |
12 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | GNU General Public License for more details. |
15 | |
16 | You should have received a copy of the GNU General Public License |
17 | along with this program; if not, see <http://www.gnu.org/licenses/>. */ |
18 | |
19 | #include <alloca.h> |
20 | #include <assert.h> |
21 | #include <errno.h> |
22 | #include <error.h> |
23 | #include <libintl.h> |
24 | #include <pwd.h> |
25 | #include <stdbool.h> |
26 | #include <stddef.h> |
27 | #include <stdio.h> |
28 | #include <stdlib.h> |
29 | #include <string.h> |
30 | #include <time.h> |
31 | #include <unistd.h> |
32 | #include <sys/mman.h> |
33 | #include <sys/socket.h> |
34 | #include <stackinfo.h> |
35 | |
36 | #include "nscd.h" |
37 | #include "dbg_log.h" |
38 | #ifdef HAVE_SENDFILE |
39 | # include <kernel-features.h> |
40 | #endif |
41 | |
42 | /* This is the standard reply in case the service is disabled. */ |
43 | static const pw_response_header disabled = |
44 | { |
45 | .version = NSCD_VERSION, |
46 | .found = -1, |
47 | .pw_name_len = 0, |
48 | .pw_passwd_len = 0, |
49 | .pw_uid = -1, |
50 | .pw_gid = -1, |
51 | .pw_gecos_len = 0, |
52 | .pw_dir_len = 0, |
53 | .pw_shell_len = 0 |
54 | }; |
55 | |
56 | /* This is the struct describing how to write this record. */ |
57 | const struct iovec pwd_iov_disabled = |
58 | { |
59 | .iov_base = (void *) &disabled, |
60 | .iov_len = sizeof (disabled) |
61 | }; |
62 | |
63 | |
64 | /* This is the standard reply in case we haven't found the dataset. */ |
65 | static const pw_response_header notfound = |
66 | { |
67 | .version = NSCD_VERSION, |
68 | .found = 0, |
69 | .pw_name_len = 0, |
70 | .pw_passwd_len = 0, |
71 | .pw_uid = -1, |
72 | .pw_gid = -1, |
73 | .pw_gecos_len = 0, |
74 | .pw_dir_len = 0, |
75 | .pw_shell_len = 0 |
76 | }; |
77 | |
78 | |
79 | static time_t |
80 | cache_addpw (struct database_dyn *db, int fd, request_header *req, |
81 | const void *key, struct passwd *pwd, uid_t owner, |
82 | struct hashentry *const he, struct datahead *dh, int errval) |
83 | { |
84 | bool all_written = true; |
85 | ssize_t total; |
86 | time_t t = time (NULL); |
87 | |
88 | /* We allocate all data in one memory block: the iov vector, |
89 | the response header and the dataset itself. */ |
90 | struct dataset |
91 | { |
92 | struct datahead head; |
93 | pw_response_header resp; |
94 | char strdata[0]; |
95 | } *dataset; |
96 | |
97 | assert (offsetof (struct dataset, resp) == offsetof (struct datahead, data)); |
98 | |
99 | time_t timeout = MAX_TIMEOUT_VALUE; |
100 | if (pwd == NULL) |
101 | { |
102 | if (he != NULL && errval == EAGAIN) |
103 | { |
104 | /* If we have an old record available but cannot find one |
105 | now because the service is not available we keep the old |
106 | record and make sure it does not get removed. */ |
107 | if (reload_count != UINT_MAX && dh->nreloads == reload_count) |
108 | /* Do not reset the value if we never not reload the record. */ |
109 | dh->nreloads = reload_count - 1; |
110 | |
111 | /* Reload with the same time-to-live value. */ |
112 | timeout = dh->timeout = t + db->postimeout; |
113 | |
114 | total = 0; |
115 | } |
116 | else |
117 | { |
118 | /* We have no data. This means we send the standard reply for this |
119 | case. */ |
120 | total = sizeof (notfound); |
121 | |
122 | if (fd != -1 |
123 | && TEMP_FAILURE_RETRY (send (fd, ¬found, total, |
124 | MSG_NOSIGNAL)) != total) |
125 | all_written = false; |
126 | |
127 | /* If we have a transient error or cannot permanently store |
128 | the result, so be it. */ |
129 | if (errno == EAGAIN || __builtin_expect (db->negtimeout == 0, 0)) |
130 | { |
131 | /* Mark the old entry as obsolete. */ |
132 | if (dh != NULL) |
133 | dh->usable = false; |
134 | } |
135 | else if ((dataset = mempool_alloc (db, (sizeof (struct dataset) |
136 | + req->key_len), 1)) != NULL) |
137 | { |
138 | timeout = datahead_init_neg (&dataset->head, |
139 | (sizeof (struct dataset) |
140 | + req->key_len), total, |
141 | db->negtimeout); |
142 | |
143 | /* This is the reply. */ |
144 | memcpy (&dataset->resp, ¬found, total); |
145 | |
146 | /* Copy the key data. */ |
147 | char *key_copy = memcpy (dataset->strdata, key, req->key_len); |
148 | |
149 | /* If necessary, we also propagate the data to disk. */ |
150 | if (db->persistent) |
151 | { |
152 | // XXX async OK? |
153 | uintptr_t pval = (uintptr_t) dataset & ~pagesize_m1; |
154 | msync ((void *) pval, |
155 | ((uintptr_t) dataset & pagesize_m1) |
156 | + sizeof (struct dataset) + req->key_len, MS_ASYNC); |
157 | } |
158 | |
159 | (void) cache_add (req->type, key_copy, req->key_len, |
160 | &dataset->head, true, db, owner, he == NULL); |
161 | |
162 | pthread_rwlock_unlock (&db->lock); |
163 | |
164 | /* Mark the old entry as obsolete. */ |
165 | if (dh != NULL) |
166 | dh->usable = false; |
167 | } |
168 | } |
169 | } |
170 | else |
171 | { |
172 | /* Determine the I/O structure. */ |
173 | size_t pw_name_len = strlen (pwd->pw_name) + 1; |
174 | size_t pw_passwd_len = strlen (pwd->pw_passwd) + 1; |
175 | size_t pw_gecos_len = strlen (pwd->pw_gecos) + 1; |
176 | size_t pw_dir_len = strlen (pwd->pw_dir) + 1; |
177 | size_t pw_shell_len = strlen (pwd->pw_shell) + 1; |
178 | char *cp; |
179 | const size_t key_len = strlen (key); |
180 | const size_t buf_len = 3 * sizeof (pwd->pw_uid) + key_len + 1; |
181 | char *buf = alloca (buf_len); |
182 | ssize_t n; |
183 | |
184 | /* We need this to insert the `byuid' entry. */ |
185 | int key_offset; |
186 | n = snprintf (buf, buf_len, "%d%c%n%s" , pwd->pw_uid, '\0', |
187 | &key_offset, (char *) key) + 1; |
188 | |
189 | total = (offsetof (struct dataset, strdata) |
190 | + pw_name_len + pw_passwd_len |
191 | + pw_gecos_len + pw_dir_len + pw_shell_len); |
192 | |
193 | /* If we refill the cache, first assume the reconrd did not |
194 | change. Allocate memory on the cache since it is likely |
195 | discarded anyway. If it turns out to be necessary to have a |
196 | new record we can still allocate real memory. */ |
197 | bool alloca_used = false; |
198 | dataset = NULL; |
199 | |
200 | if (he == NULL) |
201 | { |
202 | /* Prevent an INVALIDATE request from pruning the data between |
203 | the two calls to cache_add. */ |
204 | if (db->propagate) |
205 | pthread_mutex_lock (&db->prune_run_lock); |
206 | dataset = (struct dataset *) mempool_alloc (db, total + n, 1); |
207 | } |
208 | |
209 | if (dataset == NULL) |
210 | { |
211 | if (he == NULL && db->propagate) |
212 | pthread_mutex_unlock (&db->prune_run_lock); |
213 | |
214 | /* We cannot permanently add the result in the moment. But |
215 | we can provide the result as is. Store the data in some |
216 | temporary memory. */ |
217 | dataset = (struct dataset *) alloca (total + n); |
218 | |
219 | /* We cannot add this record to the permanent database. */ |
220 | alloca_used = true; |
221 | } |
222 | |
223 | timeout = datahead_init_pos (&dataset->head, total + n, |
224 | total - offsetof (struct dataset, resp), |
225 | he == NULL ? 0 : dh->nreloads + 1, |
226 | db->postimeout); |
227 | |
228 | dataset->resp.version = NSCD_VERSION; |
229 | dataset->resp.found = 1; |
230 | dataset->resp.pw_name_len = pw_name_len; |
231 | dataset->resp.pw_passwd_len = pw_passwd_len; |
232 | dataset->resp.pw_uid = pwd->pw_uid; |
233 | dataset->resp.pw_gid = pwd->pw_gid; |
234 | dataset->resp.pw_gecos_len = pw_gecos_len; |
235 | dataset->resp.pw_dir_len = pw_dir_len; |
236 | dataset->resp.pw_shell_len = pw_shell_len; |
237 | |
238 | cp = dataset->strdata; |
239 | |
240 | /* Copy the strings over into the buffer. */ |
241 | cp = mempcpy (cp, pwd->pw_name, pw_name_len); |
242 | cp = mempcpy (cp, pwd->pw_passwd, pw_passwd_len); |
243 | cp = mempcpy (cp, pwd->pw_gecos, pw_gecos_len); |
244 | cp = mempcpy (cp, pwd->pw_dir, pw_dir_len); |
245 | cp = mempcpy (cp, pwd->pw_shell, pw_shell_len); |
246 | |
247 | /* Finally the stringified UID value. */ |
248 | memcpy (cp, buf, n); |
249 | char *key_copy = cp + key_offset; |
250 | assert (key_copy == (char *) rawmemchr (cp, '\0') + 1); |
251 | |
252 | assert (cp == dataset->strdata + total - offsetof (struct dataset, |
253 | strdata)); |
254 | |
255 | /* Now we can determine whether on refill we have to create a new |
256 | record or not. */ |
257 | if (he != NULL) |
258 | { |
259 | assert (fd == -1); |
260 | |
261 | if (dataset->head.allocsize == dh->allocsize |
262 | && dataset->head.recsize == dh->recsize |
263 | && memcmp (&dataset->resp, dh->data, |
264 | dh->allocsize - offsetof (struct dataset, resp)) == 0) |
265 | { |
266 | /* The data has not changed. We will just bump the |
267 | timeout value. Note that the new record has been |
268 | allocated on the stack and need not be freed. */ |
269 | dh->timeout = dataset->head.timeout; |
270 | ++dh->nreloads; |
271 | } |
272 | else |
273 | { |
274 | /* We have to create a new record. Just allocate |
275 | appropriate memory and copy it. */ |
276 | struct dataset *newp |
277 | = (struct dataset *) mempool_alloc (db, total + n, 1); |
278 | if (newp != NULL) |
279 | { |
280 | /* Adjust pointer into the memory block. */ |
281 | cp = (char *) newp + (cp - (char *) dataset); |
282 | key_copy = (char *) newp + (key_copy - (char *) dataset); |
283 | |
284 | dataset = memcpy (newp, dataset, total + n); |
285 | alloca_used = false; |
286 | } |
287 | |
288 | /* Mark the old record as obsolete. */ |
289 | dh->usable = false; |
290 | } |
291 | } |
292 | else |
293 | { |
294 | /* We write the dataset before inserting it to the database |
295 | since while inserting this thread might block and so would |
296 | unnecessarily let the receiver wait. */ |
297 | assert (fd != -1); |
298 | |
299 | #ifdef HAVE_SENDFILE |
300 | if (__builtin_expect (db->mmap_used, 1) && !alloca_used) |
301 | { |
302 | assert (db->wr_fd != -1); |
303 | assert ((char *) &dataset->resp > (char *) db->data); |
304 | assert ((char *) dataset - (char *) db->head |
305 | + total |
306 | <= (sizeof (struct database_pers_head) |
307 | + db->head->module * sizeof (ref_t) |
308 | + db->head->data_size)); |
309 | ssize_t written = sendfileall (fd, db->wr_fd, |
310 | (char *) &dataset->resp |
311 | - (char *) db->head, |
312 | dataset->head.recsize); |
313 | if (written != dataset->head.recsize) |
314 | { |
315 | # ifndef __ASSUME_SENDFILE |
316 | if (written == -1 && errno == ENOSYS) |
317 | goto use_write; |
318 | # endif |
319 | all_written = false; |
320 | } |
321 | } |
322 | else |
323 | # ifndef __ASSUME_SENDFILE |
324 | use_write: |
325 | # endif |
326 | #endif |
327 | if (writeall (fd, &dataset->resp, dataset->head.recsize) |
328 | != dataset->head.recsize) |
329 | all_written = false; |
330 | } |
331 | |
332 | |
333 | /* Add the record to the database. But only if it has not been |
334 | stored on the stack. */ |
335 | if (! alloca_used) |
336 | { |
337 | /* If necessary, we also propagate the data to disk. */ |
338 | if (db->persistent) |
339 | { |
340 | // XXX async OK? |
341 | uintptr_t pval = (uintptr_t) dataset & ~pagesize_m1; |
342 | msync ((void *) pval, |
343 | ((uintptr_t) dataset & pagesize_m1) + total + n, |
344 | MS_ASYNC); |
345 | } |
346 | |
347 | /* NB: in the following code we always must add the entry |
348 | marked with FIRST first. Otherwise we end up with |
349 | dangling "pointers" in case a latter hash entry cannot be |
350 | added. */ |
351 | bool first = true; |
352 | |
353 | /* If the request was by UID, add that entry first. */ |
354 | if (req->type == GETPWBYUID) |
355 | { |
356 | if (cache_add (GETPWBYUID, cp, key_offset, &dataset->head, true, |
357 | db, owner, he == NULL) < 0) |
358 | goto out; |
359 | |
360 | first = false; |
361 | } |
362 | /* If the key is different from the name add a separate entry. */ |
363 | else if (strcmp (key_copy, dataset->strdata) != 0) |
364 | { |
365 | if (cache_add (GETPWBYNAME, key_copy, key_len + 1, |
366 | &dataset->head, true, db, owner, he == NULL) < 0) |
367 | goto out; |
368 | |
369 | first = false; |
370 | } |
371 | |
372 | /* We have to add the value for both, byname and byuid. */ |
373 | if ((req->type == GETPWBYNAME || db->propagate) |
374 | && __builtin_expect (cache_add (GETPWBYNAME, dataset->strdata, |
375 | pw_name_len, &dataset->head, |
376 | first, db, owner, he == NULL) |
377 | == 0, 1)) |
378 | { |
379 | if (req->type == GETPWBYNAME && db->propagate) |
380 | (void) cache_add (GETPWBYUID, cp, key_offset, &dataset->head, |
381 | false, db, owner, false); |
382 | } |
383 | |
384 | out: |
385 | pthread_rwlock_unlock (&db->lock); |
386 | if (he == NULL && db->propagate) |
387 | pthread_mutex_unlock (&db->prune_run_lock); |
388 | } |
389 | } |
390 | |
391 | if (__builtin_expect (!all_written, 0) && debug_level > 0) |
392 | { |
393 | char buf[256]; |
394 | dbg_log (_("short write in %s: %s" ), __FUNCTION__, |
395 | strerror_r (errno, buf, sizeof (buf))); |
396 | } |
397 | |
398 | return timeout; |
399 | } |
400 | |
401 | |
402 | union keytype |
403 | { |
404 | void *v; |
405 | uid_t u; |
406 | }; |
407 | |
408 | |
409 | static int |
410 | lookup (int type, union keytype key, struct passwd *resultbufp, char *buffer, |
411 | size_t buflen, struct passwd **pwd) |
412 | { |
413 | if (type == GETPWBYNAME) |
414 | return __getpwnam_r (key.v, resultbufp, buffer, buflen, pwd); |
415 | else |
416 | return __getpwuid_r (key.u, resultbufp, buffer, buflen, pwd); |
417 | } |
418 | |
419 | |
420 | static time_t |
421 | addpwbyX (struct database_dyn *db, int fd, request_header *req, |
422 | union keytype key, const char *keystr, uid_t c_uid, |
423 | struct hashentry *he, struct datahead *dh) |
424 | { |
425 | /* Search for the entry matching the key. Please note that we don't |
426 | look again in the table whether the dataset is now available. We |
427 | simply insert it. It does not matter if it is in there twice. The |
428 | pruning function only will look at the timestamp. */ |
429 | size_t buflen = 1024; |
430 | char *buffer = (char *) alloca (buflen); |
431 | struct passwd resultbuf; |
432 | struct passwd *pwd; |
433 | bool use_malloc = false; |
434 | int errval = 0; |
435 | |
436 | if (__glibc_unlikely (debug_level > 0)) |
437 | { |
438 | if (he == NULL) |
439 | dbg_log (_("Haven't found \"%s\" in password cache!" ), keystr); |
440 | else |
441 | dbg_log (_("Reloading \"%s\" in password cache!" ), keystr); |
442 | } |
443 | |
444 | while (lookup (req->type, key, &resultbuf, buffer, buflen, &pwd) != 0 |
445 | && (errval = errno) == ERANGE) |
446 | { |
447 | errno = 0; |
448 | |
449 | if (__glibc_unlikely (buflen > 32768)) |
450 | { |
451 | char *old_buffer = buffer; |
452 | buflen *= 2; |
453 | buffer = (char *) realloc (use_malloc ? buffer : NULL, buflen); |
454 | if (buffer == NULL) |
455 | { |
456 | /* We ran out of memory. We cannot do anything but |
457 | sending a negative response. In reality this should |
458 | never happen. */ |
459 | pwd = NULL; |
460 | buffer = old_buffer; |
461 | |
462 | /* We set the error to indicate this is (possibly) a |
463 | temporary error and that it does not mean the entry |
464 | is not available at all. */ |
465 | errval = EAGAIN; |
466 | break; |
467 | } |
468 | use_malloc = true; |
469 | } |
470 | else |
471 | /* Allocate a new buffer on the stack. If possible combine it |
472 | with the previously allocated buffer. */ |
473 | buffer = (char *) extend_alloca (buffer, buflen, 2 * buflen); |
474 | } |
475 | |
476 | /* Add the entry to the cache. */ |
477 | time_t timeout = cache_addpw (db, fd, req, keystr, pwd, c_uid, he, dh, |
478 | errval); |
479 | |
480 | if (use_malloc) |
481 | free (buffer); |
482 | |
483 | return timeout; |
484 | } |
485 | |
486 | |
487 | void |
488 | addpwbyname (struct database_dyn *db, int fd, request_header *req, |
489 | void *key, uid_t c_uid) |
490 | { |
491 | union keytype u = { .v = key }; |
492 | |
493 | addpwbyX (db, fd, req, u, key, c_uid, NULL, NULL); |
494 | } |
495 | |
496 | |
497 | time_t |
498 | readdpwbyname (struct database_dyn *db, struct hashentry *he, |
499 | struct datahead *dh) |
500 | { |
501 | request_header req = |
502 | { |
503 | .type = GETPWBYNAME, |
504 | .key_len = he->len |
505 | }; |
506 | union keytype u = { .v = db->data + he->key }; |
507 | |
508 | return addpwbyX (db, -1, &req, u, db->data + he->key, he->owner, he, dh); |
509 | } |
510 | |
511 | |
512 | void |
513 | addpwbyuid (struct database_dyn *db, int fd, request_header *req, |
514 | void *key, uid_t c_uid) |
515 | { |
516 | char *ep; |
517 | uid_t uid = strtoul ((char *) key, &ep, 10); |
518 | |
519 | if (*(char *) key == '\0' || *ep != '\0') /* invalid numeric uid */ |
520 | { |
521 | if (debug_level > 0) |
522 | dbg_log (_("Invalid numeric uid \"%s\"!" ), (char *) key); |
523 | |
524 | errno = EINVAL; |
525 | return; |
526 | } |
527 | |
528 | union keytype u = { .u = uid }; |
529 | |
530 | addpwbyX (db, fd, req, u, key, c_uid, NULL, NULL); |
531 | } |
532 | |
533 | |
534 | time_t |
535 | readdpwbyuid (struct database_dyn *db, struct hashentry *he, |
536 | struct datahead *dh) |
537 | { |
538 | char *ep; |
539 | uid_t uid = strtoul (db->data + he->key, &ep, 10); |
540 | |
541 | /* Since the key has been added before it must be OK. */ |
542 | assert (*(db->data + he->key) != '\0' && *ep == '\0'); |
543 | |
544 | request_header req = |
545 | { |
546 | .type = GETPWBYUID, |
547 | .key_len = he->len |
548 | }; |
549 | union keytype u = { .u = uid }; |
550 | |
551 | return addpwbyX (db, -1, &req, u, db->data + he->key, he->owner, he, dh); |
552 | } |
553 | |