connections.c source code [glibc_src_2.28/nscd/connections.c]

1	/ Inner loops of cache daemon.*
2	Copyright (C) 1998-2018 Free Software Foundation, Inc.
3	This file is part of the GNU C Library.
4	Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.
5
6	This program is free software; you can redistribute it and/or modify
7	it under the terms of the GNU General Public License as published
8	by the Free Software Foundation; version 2 of the License, or
9	(at your option) any later version.
10
11	This program is distributed in the hope that it will be useful,
12	but WITHOUT ANY WARRANTY; without even the implied warranty of
13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	GNU General Public License for more details.
15
16	You should have received a copy of the GNU General Public License
17	along with this program; if not, see <http://www.gnu.org/licenses/>. /*
18
19	#include <alloca.h>
20	#include <assert.h>
21	#include <atomic.h>
22	#include <error.h>
23	#include <errno.h>
24	#include <fcntl.h>
25	#include <grp.h>
26	#include <ifaddrs.h>
27	#include <libintl.h>
28	#include <pthread.h>
29	#include <pwd.h>
30	#include <resolv.h>
31	#include <stdio.h>
32	#include <stdlib.h>
33	#include <unistd.h>
34	#include <stdint.h>
35	#include <arpa/inet.h>
36	#ifdef HAVE_NETLINK
37	# include <linux/netlink.h>
38	# include <linux/rtnetlink.h>
39	#endif
40	#ifdef HAVE_EPOLL
41	# include <sys/epoll.h>
42	#endif
43	#ifdef HAVE_INOTIFY
44	# include <sys/inotify.h>
45	#endif
46	#include <sys/mman.h>
47	#include <sys/param.h>
48	#include <sys/poll.h>
49	#include <sys/socket.h>
50	#include <sys/stat.h>
51	#include <sys/un.h>
52
53	#include "nscd.h"
54	#include "dbg_log.h"
55	#include "selinux.h"
56	#include <resolv/resolv.h>
57
58	#include <kernel-features.h>
59	#include <libc-diag.h>
60
61
62	/ Support to run nscd as an unprivileged user /
63	const char *server_user;
64	static uid_t server_uid;
65	static gid_t server_gid;
66	const char *stat_user;
67	uid_t stat_uid;
68	static gid_t *server_groups;
69	#ifndef NGROUPS
70	# define NGROUPS 32
71	#endif
72	static int server_ngroups;
73
74	static pthread_attr_t attr;
75
76	static void begin_drop_privileges (void);
77	static void finish_drop_privileges (void);
78
79	/ Map request type to a string. /
80	const char *const serv2str[LASTREQ] =
81	{
82	[GETPWBYNAME] = "GETPWBYNAME",
83	[GETPWBYUID] = "GETPWBYUID",
84	[GETGRBYNAME] = "GETGRBYNAME",
85	[GETGRBYGID] = "GETGRBYGID",
86	[GETHOSTBYNAME] = "GETHOSTBYNAME",
87	[GETHOSTBYNAMEv6] = "GETHOSTBYNAMEv6",
88	[GETHOSTBYADDR] = "GETHOSTBYADDR",
89	[GETHOSTBYADDRv6] = "GETHOSTBYADDRv6",
90	[SHUTDOWN] = "SHUTDOWN",
91	[GETSTAT] = "GETSTAT",
92	[INVALIDATE] = "INVALIDATE",
93	[GETFDPW] = "GETFDPW",
94	[GETFDGR] = "GETFDGR",
95	[GETFDHST] = "GETFDHST",
96	[GETAI] = "GETAI",
97	[INITGROUPS] = "INITGROUPS",
98	[GETSERVBYNAME] = "GETSERVBYNAME",
99	[GETSERVBYPORT] = "GETSERVBYPORT",
100	[GETFDSERV] = "GETFDSERV",
101	[GETNETGRENT] = "GETNETGRENT",
102	[INNETGR] = "INNETGR",
103	[GETFDNETGR] = "GETFDNETGR"
104	};
105
106	#ifdef PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP
107	# define RWLOCK_INITIALIZER PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP
108	#else
109	# define RWLOCK_INITIALIZER PTHREAD_RWLOCK_INITIALIZER
110	#endif
111
112	/ The control data structures for the services. /
113	struct database_dyn dbs[lastdb] =
114	{
115	[pwddb] = {
116	.lock = RWLOCK_INITIALIZER,
117	.prune_lock = PTHREAD_MUTEX_INITIALIZER,
118	.prune_run_lock = PTHREAD_MUTEX_INITIALIZER,
119	.enabled = `0`,
120	.check_file = `1`,
121	.persistent = `0`,
122	.propagate = `1`,
123	.shared = `0`,
124	.max_db_size = DEFAULT_MAX_DB_SIZE,
125	.suggested_module = DEFAULT_SUGGESTED_MODULE,
126	.db_filename = _PATH_NSCD_PASSWD_DB,
127	.disabled_iov = &pwd_iov_disabled,
128	.postimeout = `3600`,
129	.negtimeout = `20`,
130	.wr_fd = -`1`,
131	.ro_fd = -`1`,
132	.mmap_used = false
133	},
134	[grpdb] = {
135	.lock = RWLOCK_INITIALIZER,
136	.prune_lock = PTHREAD_MUTEX_INITIALIZER,
137	.prune_run_lock = PTHREAD_MUTEX_INITIALIZER,
138	.enabled = `0`,
139	.check_file = `1`,
140	.persistent = `0`,
141	.propagate = `1`,
142	.shared = `0`,
143	.max_db_size = DEFAULT_MAX_DB_SIZE,
144	.suggested_module = DEFAULT_SUGGESTED_MODULE,
145	.db_filename = _PATH_NSCD_GROUP_DB,
146	.disabled_iov = &grp_iov_disabled,
147	.postimeout = `3600`,
148	.negtimeout = `60`,
149	.wr_fd = -`1`,
150	.ro_fd = -`1`,
151	.mmap_used = false
152	},
153	[hstdb] = {
154	.lock = RWLOCK_INITIALIZER,
155	.prune_lock = PTHREAD_MUTEX_INITIALIZER,
156	.prune_run_lock = PTHREAD_MUTEX_INITIALIZER,
157	.enabled = `0`,
158	.check_file = `1`,
159	.persistent = `0`,
160	.propagate = `0`, / Not used. /
161	.shared = `0`,
162	.max_db_size = DEFAULT_MAX_DB_SIZE,
163	.suggested_module = DEFAULT_SUGGESTED_MODULE,
164	.db_filename = _PATH_NSCD_HOSTS_DB,
165	.disabled_iov = &hst_iov_disabled,
166	.postimeout = `3600`,
167	.negtimeout = `20`,
168	.wr_fd = -`1`,
169	.ro_fd = -`1`,
170	.mmap_used = false
171	},
172	[servdb] = {
173	.lock = RWLOCK_INITIALIZER,
174	.prune_lock = PTHREAD_MUTEX_INITIALIZER,
175	.prune_run_lock = PTHREAD_MUTEX_INITIALIZER,
176	.enabled = `0`,
177	.check_file = `1`,
178	.persistent = `0`,
179	.propagate = `0`, / Not used. /
180	.shared = `0`,
181	.max_db_size = DEFAULT_MAX_DB_SIZE,
182	.suggested_module = DEFAULT_SUGGESTED_MODULE,
183	.db_filename = _PATH_NSCD_SERVICES_DB,
184	.disabled_iov = &serv_iov_disabled,
185	.postimeout = `28800`,
186	.negtimeout = `20`,
187	.wr_fd = -`1`,
188	.ro_fd = -`1`,
189	.mmap_used = false
190	},
191	[netgrdb] = {
192	.lock = RWLOCK_INITIALIZER,
193	.prune_lock = PTHREAD_MUTEX_INITIALIZER,
194	.prune_run_lock = PTHREAD_MUTEX_INITIALIZER,
195	.enabled = `0`,
196	.check_file = `1`,
197	.persistent = `0`,
198	.propagate = `0`, / Not used. /
199	.shared = `0`,
200	.max_db_size = DEFAULT_MAX_DB_SIZE,
201	.suggested_module = DEFAULT_SUGGESTED_MODULE,
202	.db_filename = _PATH_NSCD_NETGROUP_DB,
203	.disabled_iov = &netgroup_iov_disabled,
204	.postimeout = `28800`,
205	.negtimeout = `20`,
206	.wr_fd = -`1`,
207	.ro_fd = -`1`,
208	.mmap_used = false
209	}
210	};
211
212
213	/ Mapping of request type to database. /
214	static struct
215	{
216	bool data_request;
217	struct database_dyn *db;
218	} const reqinfo[LASTREQ] =
219	{
220	[GETPWBYNAME] = { true, &dbs[pwddb] },
221	[GETPWBYUID] = { true, &dbs[pwddb] },
222	[GETGRBYNAME] = { true, &dbs[grpdb] },
223	[GETGRBYGID] = { true, &dbs[grpdb] },
224	[GETHOSTBYNAME] = { true, &dbs[hstdb] },
225	[GETHOSTBYNAMEv6] = { true, &dbs[hstdb] },
226	[GETHOSTBYADDR] = { true, &dbs[hstdb] },
227	[GETHOSTBYADDRv6] = { true, &dbs[hstdb] },
228	[SHUTDOWN] = { false, NULL },
229	[GETSTAT] = { false, NULL },
230	[SHUTDOWN] = { false, NULL },
231	[GETFDPW] = { false, &dbs[pwddb] },
232	[GETFDGR] = { false, &dbs[grpdb] },
233	[GETFDHST] = { false, &dbs[hstdb] },
234	[GETAI] = { true, &dbs[hstdb] },
235	[INITGROUPS] = { true, &dbs[grpdb] },
236	[GETSERVBYNAME] = { true, &dbs[servdb] },
237	[GETSERVBYPORT] = { true, &dbs[servdb] },
238	[GETFDSERV] = { false, &dbs[servdb] },
239	[GETNETGRENT] = { true, &dbs[netgrdb] },
240	[INNETGR] = { true, &dbs[netgrdb] },
241	[GETFDNETGR] = { false, &dbs[netgrdb] }
242	};
243
244
245	/ Initial number of threads to use. /
246	int nthreads = -`1`;
247	/ Maximum number of threads to use. /
248	int max_nthreads = `32`;
249
250	/ Socket for incoming connections. /
251	static int sock;
252
253	#ifdef HAVE_INOTIFY
254	/ Inotify descriptor. /
255	int inotify_fd = -`1`;
256	#endif
257
258	#ifdef HAVE_NETLINK
259	/ Descriptor for netlink status updates. /
260	static int nl_status_fd = -`1`;
261	#endif
262
263	/ Number of times clients had to wait. /
264	unsigned long int client_queued;
265
266
267	ssize_t
268	writeall (int fd, const void *buf, size_t len)
269	{
270	size_t n = len;
271	ssize_t ret;
272	do
273	{
274	ret = TEMP_FAILURE_RETRY (send (fd, buf, n, MSG_NOSIGNAL));
275	if (ret <= `0`)
276	break;
277	buf = (const char *) buf + ret;
278	n -= ret;
279	}
280	while (n > `0`);
281	return ret < `0` ? ret : len - n;
282	}
283
284
285	enum usekey
286	{
287	use_not = `0`,
288	/ The following three are not really used, they are symbolic constants. /
289	use_first = `16`,
290	use_begin = `32`,
291	use_end = `64`,
292
293	use_he = `1`,
294	use_he_begin = use_he \| use_begin,
295	use_he_end = use_he \| use_end,
296	use_data = `3`,
297	use_data_begin = use_data \| use_begin,
298	use_data_end = use_data \| use_end,
299	use_data_first = use_data_begin \| use_first
300	};
301
302
303	static int
304	check_use (const char data, nscd_ssize_t first_free, uint8_t usemap,
305	enum usekey use, ref_t start, size_t len)
306	{
307	if (len < `2`)
308	return `0`;
309
310	if (start > first_free \|\| start + len > first_free
311	\|\| (start & BLOCK_ALIGN_M1))
312	return `0`;
313
314	if (usemap[start] == use_not)
315	{
316	/ Add the start marker. /
317	usemap[start] = use \| use_begin;
318	use &= ~use_first;
319
320	while (--len > `0`)
321	if (usemap[++start] != use_not)
322	return `0`;
323	else
324	usemap[start] = use;
325
326	/ Add the end marker. /
327	usemap[start] = use \| use_end;
328	}
329	else if ((usemap[start] & ~use_first) == ((use \| use_begin) & ~use_first))
330	{
331	/ Hash entries can't be shared. /
332	if (use == use_he)
333	return `0`;
334
335	usemap[start] \|= (use & use_first);
336	use &= ~use_first;
337
338	while (--len > `1`)
339	if (usemap[++start] != use)
340	return `0`;
341
342	if (usemap[++start] != (use \| use_end))
343	return `0`;
344	}
345	else
346	/ Points to a wrong object or somewhere in the middle. /
347	return `0`;
348
349	return `1`;
350	}
351
352
353	/ Verify data in persistent database. /
354	static int
355	verify_persistent_db (void mem, struct* database_pers_head readhead, int* dbnr)
356	{
357	assert (dbnr == pwddb \|\| dbnr == grpdb \|\| dbnr == hstdb \|\| dbnr == servdb
358	\|\| dbnr == netgrdb);
359
360	time_t now = time (NULL);
361
362	struct database_pers_head *head = mem;
363	struct database_pers_head head_copy = *head;
364
365	/ Check that the header that was read matches the head in the database. /
366	if (memcmp (head, readhead, sizeof (*head)) != `0`)
367	return `0`;
368
369	/ First some easy tests: make sure the database header is sane. /
370	if (head->version != DB_VERSION
371	\|\| head->header_size != sizeof (*head)
372	/ We allow a timestamp to be one hour ahead of the current time.*
373	This should cover daylight saving time changes. /*
374	\|\| head->timestamp > now + `60` * `60` + `60`
375	\|\| (head->gc_cycle & `1`)
376	\|\| head->module == `0`
377	\|\| (size_t) head->module > INT32_MAX / sizeof (ref_t)
378	\|\| (size_t) head->data_size > INT32_MAX - head->module * sizeof (ref_t)
379	\|\| head->first_free < `0`
380	\|\| head->first_free > head->data_size
381	\|\| (head->first_free & BLOCK_ALIGN_M1) != `0`
382	\|\| head->maxnentries < `0`
383	\|\| head->maxnsearched < `0`)
384	return `0`;
385
386	uint8_t *usemap = calloc (head->first_free, `1`);
387	if (usemap == NULL)
388	return `0`;
389
390	const char data = (char* *) &head->array[roundup (head->module,
391	ALIGN / sizeof (ref_t))];
392
393	nscd_ssize_t he_cnt = `0`;
394	for (nscd_ssize_t cnt = `0`; cnt < head->module; ++cnt)
395	{
396	ref_t trail = head->array[cnt];
397	ref_t work = trail;
398	int tick = `0`;
399
400	while (work != ENDREF)
401	{
402	if (! check_use (data, head->first_free, usemap, use_he, work,
403	sizeof (struct hashentry)))
404	goto fail;
405
406	/ Now we know we can dereference the record. /
407	struct hashentry here = (struct* hashentry *) (data + work);
408
409	++he_cnt;
410
411	/ Make sure the record is for this type of service. /
412	if (here->type >= LASTREQ
413	\|\| reqinfo[here->type].db != &dbs[dbnr])
414	goto fail;
415
416	/ Validate boolean field value. /
417	if (here->first != false && here->first != true)
418	goto fail;
419
420	if (here->len < `0`)
421	goto fail;
422
423	/ Now the data. /
424	if (here->packet < `0`
425	\|\| here->packet > head->first_free
426	\|\| here->packet + sizeof (struct datahead) > head->first_free)
427	goto fail;
428
429	struct datahead dh = (struct* datahead *) (data + here->packet);
430
431	if (! check_use (data, head->first_free, usemap,
432	use_data \| (here->first ? use_first : `0`),
433	here->packet, dh->allocsize))
434	goto fail;
435
436	if (dh->allocsize < sizeof (struct datahead)
437	\|\| dh->recsize > dh->allocsize
438	\|\| (dh->notfound != false && dh->notfound != true)
439	\|\| (dh->usable != false && dh->usable != true))
440	goto fail;
441
442	if (here->key < here->packet + sizeof (struct datahead)
443	\|\| here->key > here->packet + dh->allocsize
444	\|\| here->key + here->len > here->packet + dh->allocsize)
445	goto fail;
446
447	work = here->next;
448
449	if (work == trail)
450	/ A circular list, this must not happen. /
451	goto fail;
452	if (tick)
453	trail = ((struct hashentry *) (data + trail))->next;
454	tick = `1` - tick;
455	}
456	}
457
458	if (he_cnt != head->nentries)
459	goto fail;
460
461	/ See if all data and keys had at least one reference from*
462	he->first == true hashentry. /*
463	for (ref_t idx = `0`; idx < head->first_free; ++idx)
464	{
465	if (usemap[idx] == use_data_begin)
466	goto fail;
467	}
468
469	/ Finally, make sure the database hasn't changed since the first test. /
470	if (memcmp (mem, &head_copy, sizeof (*head)) != `0`)
471	goto fail;
472
473	free (usemap);
474	return `1`;
475
476	fail:
477	free (usemap);
478	return `0`;
479	}
480
481
482	/ Initialize database information structures. /
483	void
484	nscd_init (void)
485	{
486	/ Look up unprivileged uid/gid/groups before we start listening on the*
487	socket /*
488	if (server_user != NULL)
489	begin_drop_privileges ();
490
491	if (nthreads == -`1`)
492	/ No configuration for this value, assume a default. /
493	nthreads = `4`;
494
495	for (size_t cnt = `0`; cnt < lastdb; ++cnt)
496	if (dbs[cnt].enabled)
497	{
498	pthread_rwlock_init (&dbs[cnt].lock, NULL);
499	pthread_mutex_init (&dbs[cnt].memlock, NULL);
500
501	if (dbs[cnt].persistent)
502	{
503	/ Try to open the appropriate file on disk. /
504	int fd = open (dbs[cnt].db_filename, O_RDWR \| O_CLOEXEC);
505	if (fd != -`1`)
506	{
507	char *msg = NULL;
508	struct stat64 st;
509	void *mem;
510	size_t total;
511	struct database_pers_head head;
512	ssize_t n = TEMP_FAILURE_RETRY (read (fd, &head,
513	sizeof (head)));
514	if (n != sizeof (head) \|\| fstat64 (fd, &st) != `0`)
515	{
516	fail_db_errno:
517	/ The code is single-threaded at this point so*
518	using strerror is just fine. /*
519	msg = strerror (errno);
520	fail_db:
521	dbg_log (_("invalid persistent database file \"%s\": %s"),
522	dbs[cnt].db_filename, msg);
523	unlink (dbs[cnt].db_filename);
524	}
525	else if (head.module == `0` && head.data_size == `0`)
526	{
527	/ The file has been created, but the head has not*
528	been initialized yet. /*
529	msg = _("uninitialized header");
530	goto fail_db;
531	}
532	else if (head.header_size != (int) sizeof (head))
533	{
534	msg = _("header size does not match");
535	goto fail_db;
536	}
537	else if ((total = (sizeof (head)
538	+ roundup (head.module * sizeof (ref_t),
539	ALIGN)
540	+ head.data_size))
541	> st.st_size
542	\|\| total < sizeof (head))
543	{
544	msg = _("file size does not match");
545	goto fail_db;
546	}
547	/ Note we map with the maximum size allowed for the*
548	database. This is likely much larger than the
549	actual file size. This is OK on most OSes since
550	extensions of the underlying file will
551	automatically translate more pages available for
552	memory access. /*
553	else if ((mem = mmap (NULL, dbs[cnt].max_db_size,
554	PROT_READ \| PROT_WRITE,
555	MAP_SHARED, fd, `0`))
556	== MAP_FAILED)
557	goto fail_db_errno;
558	else if (!verify_persistent_db (mem, &head, cnt))
559	{
560	munmap (mem, total);
561	msg = _("verification failed");
562	goto fail_db;
563	}
564	else
565	{
566	/ Success. We have the database. /
567	dbs[cnt].head = mem;
568	dbs[cnt].memsize = total;
569	dbs[cnt].data = (char *)
570	&dbs[cnt].head->array[roundup (dbs[cnt].head->module,
571	ALIGN / sizeof (ref_t))];
572	dbs[cnt].mmap_used = true;
573
574	if (dbs[cnt].suggested_module > head.module)
575	dbg_log (_("suggested size of table for database %s larger than the persistent database's table"),
576	dbnames[cnt]);
577
578	dbs[cnt].wr_fd = fd;
579	fd = -`1`;
580	/ We also need a read-only descriptor. /
581	if (dbs[cnt].shared)
582	{
583	dbs[cnt].ro_fd = open (dbs[cnt].db_filename,
584	O_RDONLY \| O_CLOEXEC);
585	if (dbs[cnt].ro_fd == -`1`)
586	dbg_log (_("\
587	cannot create read-only descriptor for \"%s\"; no mmap"),
588	dbs[cnt].db_filename);
589	}
590
591	// XXX Shall we test whether the descriptors actually
592	// XXX point to the same file?
593	}
594
595	/ Close the file descriptors in case something went*
596	wrong in which case the variable have not been
597	assigned -1. /*
598	if (fd != -`1`)
599	close (fd);
600	}
601	else if (errno == EACCES)
602	do_exit (EXIT_FAILURE, `0`, _("cannot access '%s'"),
603	dbs[cnt].db_filename);
604	}
605
606	if (dbs[cnt].head == NULL)
607	{
608	/ No database loaded. Allocate the data structure,*
609	possibly on disk. /*
610	struct database_pers_head head;
611	size_t total = (sizeof (head)
612	+ roundup (dbs[cnt].suggested_module
613	* sizeof (ref_t), ALIGN)
614	+ (dbs[cnt].suggested_module
615	* DEFAULT_DATASIZE_PER_BUCKET));
616
617	/ Try to create the database. If we do not need a*
618	persistent database create a temporary file. /*
619	int fd;
620	int ro_fd = -`1`;
621	if (dbs[cnt].persistent)
622	{
623	fd = open (dbs[cnt].db_filename,
624	O_RDWR \| O_CREAT \| O_EXCL \| O_TRUNC \| O_CLOEXEC,
625	S_IRUSR \| S_IWUSR);
626	if (fd != -`1` && dbs[cnt].shared)
627	ro_fd = open (dbs[cnt].db_filename,
628	O_RDONLY \| O_CLOEXEC);
629	}
630	else
631	{
632	char fname[] = _PATH_NSCD_XYZ_DB_TMP;
633	fd = mkostemp (fname, O_CLOEXEC);
634
635	/ We do not need the file name anymore after we*
636	opened another file descriptor in read-only mode. /*
637	if (fd != -`1`)
638	{
639	if (dbs[cnt].shared)
640	ro_fd = open (fname, O_RDONLY \| O_CLOEXEC);
641
642	unlink (fname);
643	}
644	}
645
646	if (fd == -`1`)
647	{
648	if (errno == EEXIST)
649	{
650	dbg_log (_("database for %s corrupted or simultaneously used; remove %s manually if necessary and restart"),
651	dbnames[cnt], dbs[cnt].db_filename);
652	do_exit (`1`, `0`, NULL);
653	}
654
655	if (dbs[cnt].persistent)
656	dbg_log (_("cannot create %s; no persistent database used"),
657	dbs[cnt].db_filename);
658	else
659	dbg_log (_("cannot create %s; no sharing possible"),
660	dbs[cnt].db_filename);
661
662	dbs[cnt].persistent = `0`;
663	// XXX remember: no mmap
664	}
665	else
666	{
667	/ Tell the user if we could not create the read-only*
668	descriptor. /*
669	if (ro_fd == -`1` && dbs[cnt].shared)
670	dbg_log (_("\
671	cannot create read-only descriptor for \"%s\"; no mmap"),
672	dbs[cnt].db_filename);
673
674	/ Before we create the header, initialize the hash*
675	table. That way if we get interrupted while writing
676	the header we can recognize a partially initialized
677	database. /*
678	size_t ps = sysconf (_SC_PAGESIZE);
679	char tmpbuf[ps];
680	assert (~ENDREF == `0`);
681	memset (tmpbuf, `'\xff'`, ps);
682
683	size_t remaining = dbs[cnt].suggested_module * sizeof (ref_t);
684	off_t offset = sizeof (head);
685
686	size_t towrite;
687	if (offset % ps != `0`)
688	{
689	towrite = MIN (remaining, ps - (offset % ps));
690	if (pwrite (fd, tmpbuf, towrite, offset) != towrite)
691	goto write_fail;
692	offset += towrite;
693	remaining -= towrite;
694	}
695
696	while (remaining > ps)
697	{
698	if (pwrite (fd, tmpbuf, ps, offset) == -`1`)
699	goto write_fail;
700	offset += ps;
701	remaining -= ps;
702	}
703
704	if (remaining > `0`
705	&& pwrite (fd, tmpbuf, remaining, offset) != remaining)
706	goto write_fail;
707
708	/ Create the header of the file. /
709	struct database_pers_head head =
710	{
711	.version = DB_VERSION,
712	.header_size = sizeof (head),
713	.module = dbs[cnt].suggested_module,
714	.data_size = (dbs[cnt].suggested_module
715	* DEFAULT_DATASIZE_PER_BUCKET),
716	.first_free = `0`
717	};
718	void *mem;
719
720	if ((TEMP_FAILURE_RETRY (write (fd, &head, sizeof (head)))
721	!= sizeof (head))
722	\|\| (TEMP_FAILURE_RETRY_VAL (posix_fallocate (fd, `0`, total))
723	!= `0`)
724	\|\| (mem = mmap (NULL, dbs[cnt].max_db_size,
725	PROT_READ \| PROT_WRITE,
726	MAP_SHARED, fd, `0`)) == MAP_FAILED)
727	{
728	write_fail:
729	unlink (dbs[cnt].db_filename);
730	dbg_log (_("cannot write to database file %s: %s"),
731	dbs[cnt].db_filename, strerror (errno));
732	dbs[cnt].persistent = `0`;
733	}
734	else
735	{
736	/ Success. /
737	dbs[cnt].head = mem;
738	dbs[cnt].data = (char *)
739	&dbs[cnt].head->array[roundup (dbs[cnt].head->module,
740	ALIGN / sizeof (ref_t))];
741	dbs[cnt].memsize = total;
742	dbs[cnt].mmap_used = true;
743
744	/ Remember the descriptors. /
745	dbs[cnt].wr_fd = fd;
746	dbs[cnt].ro_fd = ro_fd;
747	fd = -`1`;
748	ro_fd = -`1`;
749	}
750
751	if (fd != -`1`)
752	close (fd);
753	if (ro_fd != -`1`)
754	close (ro_fd);
755	}
756	}
757
758	if (dbs[cnt].head == NULL)
759	{
760	/ We do not use the persistent database. Just*
761	create an in-memory data structure. /*
762	assert (! dbs[cnt].persistent);
763
764	dbs[cnt].head = xmalloc (sizeof (struct database_pers_head)
765	+ (dbs[cnt].suggested_module
766	* sizeof (ref_t)));
767	memset (dbs[cnt].head, `'\0'`, sizeof (struct database_pers_head));
768	assert (~ENDREF == `0`);
769	memset (dbs[cnt].head->array, `'\xff'`,
770	dbs[cnt].suggested_module * sizeof (ref_t));
771	dbs[cnt].head->module = dbs[cnt].suggested_module;
772	dbs[cnt].head->data_size = (DEFAULT_DATASIZE_PER_BUCKET
773	* dbs[cnt].head->module);
774	dbs[cnt].data = xmalloc (dbs[cnt].head->data_size);
775	dbs[cnt].head->first_free = `0`;
776
777	dbs[cnt].shared = `0`;
778	assert (dbs[cnt].ro_fd == -`1`);
779	}
780	}
781
782	/ Create the socket. /
783	sock = socket (AF_UNIX, SOCK_STREAM \| SOCK_CLOEXEC \| SOCK_NONBLOCK, `0`);
784	if (sock < `0`)
785	{
786	dbg_log (_("cannot open socket: %s"), strerror (errno));
787	do_exit (errno == EACCES ? `4` : `1`, `0`, NULL);
788	}
789	/ Bind a name to the socket. /
790	struct sockaddr_un sock_addr;
791	sock_addr.sun_family = AF_UNIX;
792	strcpy (sock_addr.sun_path, _PATH_NSCDSOCKET);
793	if (bind (sock, (struct sockaddr ) &sock_addr, sizeof* (sock_addr)) < `0`)
794	{
795	dbg_log ("%s: %s", _PATH_NSCDSOCKET, strerror (errno));
796	do_exit (errno == EACCES ? `4` : `1`, `0`, NULL);
797	}
798
799	/ Set permissions for the socket. /
800	chmod (_PATH_NSCDSOCKET, DEFFILEMODE);
801
802	/ Set the socket up to accept connections. /
803	if (listen (sock, SOMAXCONN) < `0`)
804	{
805	dbg_log (_("cannot enable socket to accept connections: %s"),
806	strerror (errno));
807	do_exit (`1`, `0`, NULL);
808	}
809
810	#ifdef HAVE_NETLINK
811	if (dbs[hstdb].enabled)
812	{
813	/ Try to open netlink socket to monitor network setting changes. /
814	nl_status_fd = socket (AF_NETLINK,
815	SOCK_RAW \| SOCK_CLOEXEC \| SOCK_NONBLOCK,
816	NETLINK_ROUTE);
817	if (nl_status_fd != -`1`)
818	{
819	struct sockaddr_nl snl;
820	memset (&snl, `'\0'`, sizeof (snl));
821	snl.nl_family = AF_NETLINK;
822	/ XXX Is this the best set to use? /
823	snl.nl_groups = (RTMGRP_IPV4_IFADDR \| RTMGRP_TC \| RTMGRP_IPV4_MROUTE
824	\| RTMGRP_IPV4_ROUTE \| RTMGRP_IPV4_RULE
825	\| RTMGRP_IPV6_IFADDR \| RTMGRP_IPV6_MROUTE
826	\| RTMGRP_IPV6_ROUTE \| RTMGRP_IPV6_IFINFO
827	\| RTMGRP_IPV6_PREFIX);
828
829	if (bind (nl_status_fd, (struct sockaddr ) &snl, sizeof* (snl)) != `0`)
830	{
831	close (nl_status_fd);
832	nl_status_fd = -`1`;
833	}
834	else
835	{
836	/ Start the timestamp process. /
837	dbs[hstdb].head->extra_data[NSCD_HST_IDX_CONF_TIMESTAMP]
838	= __bump_nl_timestamp ();
839	}
840	}
841	}
842	#endif
843
844	/ Change to unprivileged uid/gid/groups if specified in config file /
845	if (server_user != NULL)
846	finish_drop_privileges ();
847	}
848
849	#ifdef HAVE_INOTIFY
850	#define TRACED_FILE_MASK (IN_DELETE_SELF \| IN_CLOSE_WRITE \| IN_MOVE_SELF)
851	#define TRACED_DIR_MASK (IN_DELETE_SELF \| IN_CREATE \| IN_MOVED_TO \| IN_MOVE_SELF)
852	void
853	install_watches (struct traced_file *finfo)
854	{
855	/ Use inotify support if we have it. /
856	if (finfo->inotify_descr[TRACED_FILE] < `0`)
857	finfo->inotify_descr[TRACED_FILE] = inotify_add_watch (inotify_fd,
858	finfo->fname,
859	TRACED_FILE_MASK);
860	if (finfo->inotify_descr[TRACED_FILE] < `0`)
861	{
862	dbg_log (_("disabled inotify-based monitoring for file `%s': %s"),
863	finfo->fname, strerror (errno));
864	return;
865	}
866	dbg_log (_("monitoring file `%s` (%d)"),
867	finfo->fname, finfo->inotify_descr[TRACED_FILE]);
868	/ Additionally listen for events in the file's parent directory.*
869	We do this because the file to be watched might be
870	deleted and then added back again. When it is added back again
871	we must re-add the watch. We must also cover IN_MOVED_TO to
872	detect a file being moved into the directory. /*
873	if (finfo->inotify_descr[TRACED_DIR] < `0`)
874	finfo->inotify_descr[TRACED_DIR] = inotify_add_watch (inotify_fd,
875	finfo->dname,
876	TRACED_DIR_MASK);
877	if (finfo->inotify_descr[TRACED_DIR] < `0`)
878	{
879	dbg_log (_("disabled inotify-based monitoring for directory `%s': %s"),
880	finfo->fname, strerror (errno));
881	return;
882	}
883	dbg_log (_("monitoring directory `%s` (%d)"),
884	finfo->dname, finfo->inotify_descr[TRACED_DIR]);
885	}
886	#endif
887
888	/ Register the file in FINFO as a traced file for the database DBS[DBIX].*
889
890	We support registering multiple files per database. Each call to
891	register_traced_file adds to the list of registered files.
892
893	When we prune the database, either through timeout or a request to
894	invalidate, we will check to see if any of the registered files has changed.
895	When we accept new connections to handle a cache request we will also
896	check to see if any of the registered files has changed.
897
898	If we have inotify support then we install an inotify fd to notify us of
899	file deletion or modification, both of which will require we invalidate
900	the cache for the database. Without inotify support we stat the file and
901	store st_mtime to determine if the file has been modified. /*
902	void
903	register_traced_file (size_t dbidx, struct traced_file *finfo)
904	{
905	/ If the database is disabled or file checking is disabled*
906	then ignore the registration. /*
907	if (! dbs[dbidx].enabled \|\| ! dbs[dbidx].check_file)
908	return;
909
910	if (__glibc_unlikely (debug_level > `0`))
911	dbg_log (_("monitoring file %s for database %s"),
912	finfo->fname, dbnames[dbidx]);
913
914	#ifdef HAVE_INOTIFY
915	install_watches (finfo);
916	#endif
917	struct stat64 st;
918	if (stat64 (finfo->fname, &st) < `0`)
919	{
920	/ We cannot stat() the file. Set mtime to zero and try again later. /
921	dbg_log (_("stat failed for file `%s'; will try again later: %s"),
922	finfo->fname, strerror (errno));
923	finfo->mtime = `0`;
924	}
925	else
926	finfo->mtime = st.st_mtime;
927
928	/ Queue up the file name. /
929	finfo->next = dbs[dbidx].traced_files;
930	dbs[dbidx].traced_files = finfo;
931	}
932
933
934	/ Close the connections. /
935	void
936	close_sockets (void)
937	{
938	close (sock);
939	}
940
941
942	static void
943	invalidate_cache (char key, int* fd)
944	{
945	dbtype number;
946	int32_t resp;
947
948	for (number = pwddb; number < lastdb; ++number)
949	if (strcmp (key, dbnames[number]) == `0`)
950	{
951	struct traced_file *runp = dbs[number].traced_files;
952	while (runp != NULL)
953	{
954	/ Make sure we reload from file when checking mtime. /
955	runp->mtime = `0`;
956	#ifdef HAVE_INOTIFY
957	/ During an invalidation we try to reload the traced*
958	file watches. This allows the user to re-sync if
959	inotify events were lost. Similar to what we do during
960	pruning. /*
961	install_watches (runp);
962	#endif
963	if (runp->call_res_init)
964	{
965	res_init ();
966	break;
967	}
968	runp = runp->next;
969	}
970	break;
971	}
972
973	if (number == lastdb)
974	{
975	resp = EINVAL;
976	writeall (fd, &resp, sizeof (resp));
977	return;
978	}
979
980	if (dbs[number].enabled)
981	{
982	pthread_mutex_lock (&dbs[number].prune_run_lock);
983	prune_cache (&dbs[number], LONG_MAX, fd);
984	pthread_mutex_unlock (&dbs[number].prune_run_lock);
985	}
986	else
987	{
988	resp = `0`;
989	writeall (fd, &resp, sizeof (resp));
990	}
991	}
992
993
994	#ifdef SCM_RIGHTS
995	static void
996	send_ro_fd (struct database_dyn db, char* key, int* fd)
997	{
998	/ If we do not have an read-only file descriptor do nothing. /
999	if (db->ro_fd == -`1`)
1000	return;
1001
1002	/ We need to send some data along with the descriptor. /
1003	uint64_t mapsize = (db->head->data_size
1004	+ roundup (db->head->module * sizeof (ref_t), ALIGN)
1005	+ sizeof (struct database_pers_head));
1006	struct iovec iov[`2`];
1007	iov[`0`].iov_base = key;
1008	iov[`0`].iov_len = strlen (key) + `1`;
1009	iov[`1`].iov_base = &mapsize;
1010	iov[`1`].iov_len = sizeof (mapsize);
1011
1012	/ Prepare the control message to transfer the descriptor. /
1013	union
1014	{
1015	struct cmsghdr hdr;
1016	char bytes[CMSG_SPACE (sizeof (int))];
1017	} buf;
1018	struct msghdr msg = { .msg_iov = iov, .msg_iovlen = `2`,
1019	.msg_control = buf.bytes,
1020	.msg_controllen = sizeof (buf) };
1021	struct cmsghdr *cmsg = CMSG_FIRSTHDR (&msg);
1022
1023	cmsg->cmsg_level = SOL_SOCKET;
1024	cmsg->cmsg_type = SCM_RIGHTS;
1025	cmsg->cmsg_len = CMSG_LEN (sizeof (int));
1026
1027	int ip = (int* *) CMSG_DATA (cmsg);
1028	*ip = db->ro_fd;
1029
1030	msg.msg_controllen = cmsg->cmsg_len;
1031
1032	/ Send the control message. We repeat when we are interrupted but*
1033	everything else is ignored. /*
1034	#ifndef MSG_NOSIGNAL
1035	# define MSG_NOSIGNAL 0
1036	#endif
1037	(void) TEMP_FAILURE_RETRY (sendmsg (fd, &msg, MSG_NOSIGNAL));
1038
1039	if (__glibc_unlikely (debug_level > `0`))
1040	dbg_log (_("provide access to FD %d, for %s"), db->ro_fd, key);
1041	}
1042	#endif /* SCM_RIGHTS */
1043
1044
1045	/ Handle new request. /
1046	static void
1047	handle_request (int fd, request_header req, void* *key, uid_t uid, pid_t pid)
1048	{
1049	if (__builtin_expect (req->version, NSCD_VERSION) != NSCD_VERSION)
1050	{
1051	if (debug_level > `0`)
1052	dbg_log (_("\
1053	cannot handle old request version %d; current version is %d"),
1054	req->version, NSCD_VERSION);
1055	return;
1056	}
1057
1058	/ Perform the SELinux check before we go on to the standard checks. /
1059	if (selinux_enabled && nscd_request_avc_has_perm (fd, req->type) != `0`)
1060	{
1061	if (debug_level > `0`)
1062	{
1063	#ifdef SO_PEERCRED
1064	char pbuf[sizeof ("/proc//exe") + `3` * sizeof (long int)];
1065	# ifdef PATH_MAX
1066	char buf[PATH_MAX];
1067	# else
1068	char buf[`4096`];
1069	# endif
1070
1071	snprintf (pbuf, sizeof (pbuf), "/proc/%ld/exe", (long int) pid);
1072	ssize_t n = readlink (pbuf, buf, sizeof (buf) - `1`);
1073
1074	if (n <= `0`)
1075	dbg_log (_("\
1076	request from %ld not handled due to missing permission"), (long int) pid);
1077	else
1078	{
1079	buf[n] = `'\0'`;
1080	dbg_log (_("\
1081	request from '%s' [%ld] not handled due to missing permission"),
1082	buf, (long int) pid);
1083	}
1084	#else
1085	dbg_log (_("request not handled due to missing permission"));
1086	#endif
1087	}
1088	return;
1089	}
1090
1091	struct database_dyn *db = reqinfo[req->type].db;
1092
1093	/ See whether we can service the request from the cache. /
1094	if (__builtin_expect (reqinfo[req->type].data_request, true))
1095	{
1096	if (__builtin_expect (debug_level, `0`) > `0`)
1097	{
1098	if (req->type == GETHOSTBYADDR \|\| req->type == GETHOSTBYADDRv6)
1099	{
1100	char buf[INET6_ADDRSTRLEN];
1101
1102	dbg_log ("\t%s (%s)", serv2str[req->type],
1103	inet_ntop (req->type == GETHOSTBYADDR
1104	? AF_INET : AF_INET6,
1105	key, buf, sizeof (buf)));
1106	}
1107	else
1108	dbg_log ("\t%s (%s)", serv2str[req->type], (char *) key);
1109	}
1110
1111	/ Is this service enabled? /
1112	if (__glibc_unlikely (!db->enabled))
1113	{
1114	/ No, sent the prepared record. /
1115	if (TEMP_FAILURE_RETRY (send (fd, db->disabled_iov->iov_base,
1116	db->disabled_iov->iov_len,
1117	MSG_NOSIGNAL))
1118	!= (ssize_t) db->disabled_iov->iov_len
1119	&& __builtin_expect (debug_level, `0`) > `0`)
1120	{
1121	/ We have problems sending the result. /
1122	char buf[`256`];
1123	dbg_log (_("cannot write result: %s"),
1124	strerror_r (errno, buf, sizeof (buf)));
1125	}
1126
1127	return;
1128	}
1129
1130	/ Be sure we can read the data. /
1131	if (__glibc_unlikely (pthread_rwlock_tryrdlock (&db->lock) != `0`))
1132	{
1133	++db->head->rdlockdelayed;
1134	pthread_rwlock_rdlock (&db->lock);
1135	}
1136
1137	/ See whether we can handle it from the cache. /
1138	struct datahead *cached;
1139	cached = (struct datahead *) cache_search (req->type, key, req->key_len,
1140	db, uid);
1141	if (cached != NULL)
1142	{
1143	/ Hurray it's in the cache. /
1144	if (writeall (fd, cached->data, cached->recsize) != cached->recsize
1145	&& __glibc_unlikely (debug_level > `0`))
1146	{
1147	/ We have problems sending the result. /
1148	char buf[`256`];
1149	dbg_log (_("cannot write result: %s"),
1150	strerror_r (errno, buf, sizeof (buf)));
1151	}
1152
1153	pthread_rwlock_unlock (&db->lock);
1154
1155	return;
1156	}
1157
1158	pthread_rwlock_unlock (&db->lock);
1159	}
1160	else if (__builtin_expect (debug_level, `0`) > `0`)
1161	{
1162	if (req->type == INVALIDATE)
1163	dbg_log ("\t%s (%s)", serv2str[req->type], (char *) key);
1164	else
1165	dbg_log ("\t%s", serv2str[req->type]);
1166	}
1167
1168	/ Handle the request. /
1169	switch (req->type)
1170	{
1171	case GETPWBYNAME:
1172	addpwbyname (db, fd, req, key, uid);
1173	break;
1174
1175	case GETPWBYUID:
1176	addpwbyuid (db, fd, req, key, uid);
1177	break;
1178
1179	case GETGRBYNAME:
1180	addgrbyname (db, fd, req, key, uid);
1181	break;
1182
1183	case GETGRBYGID:
1184	addgrbygid (db, fd, req, key, uid);
1185	break;
1186
1187	case GETHOSTBYNAME:
1188	addhstbyname (db, fd, req, key, uid);
1189	break;
1190
1191	case GETHOSTBYNAMEv6:
1192	addhstbynamev6 (db, fd, req, key, uid);
1193	break;
1194
1195	case GETHOSTBYADDR:
1196	addhstbyaddr (db, fd, req, key, uid);
1197	break;
1198
1199	case GETHOSTBYADDRv6:
1200	addhstbyaddrv6 (db, fd, req, key, uid);
1201	break;
1202
1203	case GETAI:
1204	addhstai (db, fd, req, key, uid);
1205	break;
1206
1207	case INITGROUPS:
1208	addinitgroups (db, fd, req, key, uid);
1209	break;
1210
1211	case GETSERVBYNAME:
1212	addservbyname (db, fd, req, key, uid);
1213	break;
1214
1215	case GETSERVBYPORT:
1216	addservbyport (db, fd, req, key, uid);
1217	break;
1218
1219	case GETNETGRENT:
1220	addgetnetgrent (db, fd, req, key, uid);
1221	break;
1222
1223	case INNETGR:
1224	addinnetgr (db, fd, req, key, uid);
1225	break;
1226
1227	case GETSTAT:
1228	case SHUTDOWN:
1229	case INVALIDATE:
1230	{
1231	/ Get the callers credentials. /
1232	#ifdef SO_PEERCRED
1233	struct ucred caller;
1234	socklen_t optlen = sizeof (caller);
1235
1236	if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &caller, &optlen) < `0`)
1237	{
1238	char buf[`256`];
1239
1240	dbg_log (_("error getting caller's id: %s"),
1241	strerror_r (errno, buf, sizeof (buf)));
1242	break;
1243	}
1244
1245	uid = caller.uid;
1246	#else
1247	/ Some systems have no SO_PEERCRED implementation. They don't*
1248	care about security so we don't as well. /*
1249	uid = `0`;
1250	#endif
1251	}
1252
1253	/ Accept shutdown, getstat and invalidate only from root. For*
1254	the stat call also allow the user specified in the config file. /*
1255	if (req->type == GETSTAT)
1256	{
1257	if (uid == `0` \|\| uid == stat_uid)
1258	send_stats (fd, dbs);
1259	}
1260	else if (uid == `0`)
1261	{
1262	if (req->type == INVALIDATE)
1263	invalidate_cache (key, fd);
1264	else
1265	termination_handler (`0`);
1266	}
1267	break;
1268
1269	case GETFDPW:
1270	case GETFDGR:
1271	case GETFDHST:
1272	case GETFDSERV:
1273	case GETFDNETGR:
1274	#ifdef SCM_RIGHTS
1275	send_ro_fd (reqinfo[req->type].db, key, fd);
1276	#endif
1277	break;
1278
1279	default:
1280	/ Ignore the command, it's nothing we know. /
1281	break;
1282	}
1283	}
1284
1285	static char *
1286	read_cmdline (size_t *size)
1287	{
1288	int fd = open ("/proc/self/cmdline", O_RDONLY);
1289	if (fd < `0`)
1290	return NULL;
1291	size_t current = `0`;
1292	size_t limit = `1024`;
1293	char *buffer = malloc (limit);
1294	if (buffer == NULL)
1295	{
1296	close (fd);
1297	errno = ENOMEM;
1298	return NULL;
1299	}
1300	while (`1`)
1301	{
1302	if (current == limit)
1303	{
1304	char *newptr;
1305	if (`2` * limit < limit
1306	\|\| (newptr = realloc (buffer, `2` * limit)) == NULL)
1307	{
1308	free (buffer);
1309	close (fd);
1310	errno = ENOMEM;
1311	return NULL;
1312	}
1313	buffer = newptr;
1314	limit *= `2`;
1315	}
1316
1317	ssize_t n = TEMP_FAILURE_RETRY (read (fd, buffer + current,
1318	limit - current));
1319	if (n == -`1`)
1320	{
1321	int e = errno;
1322	free (buffer);
1323	close (fd);
1324	errno = e;
1325	return NULL;
1326	}
1327	if (n == `0`)
1328	break;
1329	current += n;
1330	}
1331
1332	close (fd);
1333	*size = current;
1334	return buffer;
1335	}
1336
1337
1338	/ Restart the process. /
1339	static void
1340	restart (void)
1341	{
1342	/ First determine the parameters. We do not use the parameters*
1343	passed to main because then nscd would use the system libc after
1344	restarting even if it was started by a non-system dynamic linker
1345	during glibc testing. /*
1346	size_t readlen;
1347	char *cmdline = read_cmdline (&readlen);
1348	if (cmdline == NULL)
1349	{
1350	dbg_log (_("\
1351	cannot open /proc/self/cmdline: %m; disabling paranoia mode"));
1352	paranoia = `0`;
1353	return;
1354	}
1355
1356	/ Parse the command line. Worst case scenario: every two*
1357	characters form one parameter (one character plus NUL). /*
1358	char *argv = alloca ((readlen / `2` + `1`) sizeof (argv[`0`]));
1359	int argc = `0`;
1360
1361	for (char *cp = cmdline; cp < cmdline + readlen;)
1362	{
1363	argv[argc++] = cp;
1364	cp = (char *) rawmemchr (cp, `'\0'`) + `1`;
1365	}
1366	argv[argc] = NULL;
1367
1368	/ Second, change back to the old user if we changed it. /
1369	if (server_user != NULL)
1370	{
1371	if (setresuid (old_uid, old_uid, old_uid) != `0`)
1372	{
1373	dbg_log (_("\
1374	cannot change to old UID: %s; disabling paranoia mode"),
1375	strerror (errno));
1376
1377	paranoia = `0`;
1378	free (cmdline);
1379	return;
1380	}
1381
1382	if (setresgid (old_gid, old_gid, old_gid) != `0`)
1383	{
1384	dbg_log (_("\
1385	cannot change to old GID: %s; disabling paranoia mode"),
1386	strerror (errno));
1387
1388	ignore_value (setuid (server_uid));
1389	paranoia = `0`;
1390	free (cmdline);
1391	return;
1392	}
1393	}
1394
1395	/ Next change back to the old working directory. /
1396	if (chdir (oldcwd) == -`1`)
1397	{
1398	dbg_log (_("\
1399	cannot change to old working directory: %s; disabling paranoia mode"),
1400	strerror (errno));
1401
1402	if (server_user != NULL)
1403	{
1404	ignore_value (setuid (server_uid));
1405	ignore_value (setgid (server_gid));
1406	}
1407	paranoia = `0`;
1408	free (cmdline);
1409	return;
1410	}
1411
1412	/ Synchronize memory. /
1413	int32_t certainly[lastdb];
1414	for (int cnt = `0`; cnt < lastdb; ++cnt)
1415	if (dbs[cnt].enabled)
1416	{
1417	/ Make sure nobody keeps using the database. /
1418	dbs[cnt].head->timestamp = `0`;
1419	certainly[cnt] = dbs[cnt].head->nscd_certainly_running;
1420	dbs[cnt].head->nscd_certainly_running = `0`;
1421
1422	if (dbs[cnt].persistent)
1423	// XXX async OK?
1424	msync (dbs[cnt].head, dbs[cnt].memsize, MS_ASYNC);
1425	}
1426
1427	/ The preparations are done. /
1428	#ifdef PATH_MAX
1429	char pathbuf[PATH_MAX];
1430	#else
1431	char pathbuf[`256`];
1432	#endif
1433	/ Try to exec the real nscd program so the process name (as reported*
1434	in /proc/PID/status) will be 'nscd', but fall back to /proc/self/exe
1435	if readlink or the exec with the result of the readlink call fails. /*
1436	ssize_t n = readlink ("/proc/self/exe", pathbuf, sizeof (pathbuf) - `1`);
1437	if (n != -`1`)
1438	{
1439	pathbuf[n] = `'\0'`;
1440	execv (pathbuf, argv);
1441	}
1442	execv ("/proc/self/exe", argv);
1443
1444	/ If we come here, we will never be able to re-exec. /
1445	dbg_log (_("re-exec failed: %s; disabling paranoia mode"),
1446	strerror (errno));
1447
1448	if (server_user != NULL)
1449	{
1450	ignore_value (setuid (server_uid));
1451	ignore_value (setgid (server_gid));
1452	}
1453	if (chdir ("/") != `0`)
1454	dbg_log (_("cannot change current working directory to \"/\": %s"),
1455	strerror (errno));
1456	paranoia = `0`;
1457	free (cmdline);
1458
1459	/ Reenable the databases. /
1460	time_t now = time (NULL);
1461	for (int cnt = `0`; cnt < lastdb; ++cnt)
1462	if (dbs[cnt].enabled)
1463	{
1464	dbs[cnt].head->timestamp = now;
1465	dbs[cnt].head->nscd_certainly_running = certainly[cnt];
1466	}
1467	}
1468
1469
1470	/ List of file descriptors. /
1471	struct fdlist
1472	{
1473	int fd;
1474	struct fdlist *next;
1475	};
1476	/ Memory allocated for the list. /
1477	static struct fdlist *fdlist;
1478	/ List of currently ready-to-read file descriptors. /
1479	static struct fdlist *readylist;
1480
1481	/ Conditional variable and mutex to signal availability of entries in*
1482	READYLIST. The condvar is initialized dynamically since we might
1483	use a different clock depending on availability. /*
1484	static pthread_cond_t readylist_cond = PTHREAD_COND_INITIALIZER;
1485	static pthread_mutex_t readylist_lock = PTHREAD_MUTEX_INITIALIZER;
1486
1487	/ The clock to use with the condvar. /
1488	static clockid_t timeout_clock = CLOCK_REALTIME;
1489
1490	/ Number of threads ready to handle the READYLIST. /
1491	static unsigned long int nready;
1492
1493
1494	/ Function for the clean-up threads. /
1495	static void *
1496	__attribute__ ((__noreturn__))
1497	nscd_run_prune (void *p)
1498	{
1499	const long int my_number = (long int) p;
1500	assert (dbs[my_number].enabled);
1501
1502	int dont_need_update = setup_thread (&dbs[my_number]);
1503
1504	time_t now = time (NULL);
1505
1506	/ We are running. /
1507	dbs[my_number].head->timestamp = now;
1508
1509	struct timespec prune_ts;
1510	if (__glibc_unlikely (clock_gettime (timeout_clock, &prune_ts) == -`1`))
1511	/ Should never happen. /
1512	abort ();
1513
1514	/ Compute the initial timeout time. Prevent all the timers to go*
1515	off at the same time by adding a db-based value. /*
1516	prune_ts.tv_sec += CACHE_PRUNE_INTERVAL + my_number;
1517	dbs[my_number].wakeup_time = now + CACHE_PRUNE_INTERVAL + my_number;
1518
1519	pthread_mutex_t *prune_lock = &dbs[my_number].prune_lock;
1520	pthread_mutex_t *prune_run_lock = &dbs[my_number].prune_run_lock;
1521	pthread_cond_t *prune_cond = &dbs[my_number].prune_cond;
1522
1523	pthread_mutex_lock (prune_lock);
1524	while (`1`)
1525	{
1526	/ Wait, but not forever. /
1527	int e = `0`;
1528	if (! dbs[my_number].clear_cache)
1529	e = pthread_cond_timedwait (prune_cond, prune_lock, &prune_ts);
1530	assert (__builtin_expect (e == `0` \|\| e == ETIMEDOUT, `1`));
1531
1532	time_t next_wait;
1533	now = time (NULL);
1534	if (e == ETIMEDOUT \|\| now >= dbs[my_number].wakeup_time
1535	\|\| dbs[my_number].clear_cache)
1536	{
1537	/ We will determine the new timout values based on the*
1538	cache content. Should there be concurrent additions to
1539	the cache which are not accounted for in the cache
1540	pruning we want to know about it. Therefore set the
1541	timeout to the maximum. It will be descreased when adding
1542	new entries to the cache, if necessary. /*
1543	dbs[my_number].wakeup_time = MAX_TIMEOUT_VALUE;
1544
1545	/ Unconditionally reset the flag. /
1546	time_t prune_now = dbs[my_number].clear_cache ? LONG_MAX : now;
1547	dbs[my_number].clear_cache = `0`;
1548
1549	pthread_mutex_unlock (prune_lock);
1550
1551	/ We use a separate lock for running the prune function (instead*
1552	of keeping prune_lock locked) because this enables concurrent
1553	invocations of cache_add which might modify the timeout value. /*
1554	pthread_mutex_lock (prune_run_lock);
1555	next_wait = prune_cache (&dbs[my_number], prune_now, -`1`);
1556	pthread_mutex_unlock (prune_run_lock);
1557
1558	next_wait = MAX (next_wait, CACHE_PRUNE_INTERVAL);
1559	/ If clients cannot determine for sure whether nscd is running*
1560	we need to wake up occasionally to update the timestamp.
1561	Wait 90% of the update period. /*
1562	#define UPDATE_MAPPING_TIMEOUT (MAPPING_TIMEOUT * 9 / 10)
1563	if (__glibc_unlikely (! dont_need_update))
1564	{
1565	next_wait = MIN (UPDATE_MAPPING_TIMEOUT, next_wait);
1566	dbs[my_number].head->timestamp = now;
1567	}
1568
1569	pthread_mutex_lock (prune_lock);
1570
1571	/ Make it known when we will wake up again. /
1572	if (now + next_wait < dbs[my_number].wakeup_time)
1573	dbs[my_number].wakeup_time = now + next_wait;
1574	else
1575	next_wait = dbs[my_number].wakeup_time - now;
1576	}
1577	else
1578	/ The cache was just pruned. Do not do it again now. Just*
1579	use the new timeout value. /*
1580	next_wait = dbs[my_number].wakeup_time - now;
1581
1582	if (clock_gettime (timeout_clock, &prune_ts) == -`1`)
1583	/ Should never happen. /
1584	abort ();
1585
1586	/ Compute next timeout time. /
1587	prune_ts.tv_sec += next_wait;
1588	}
1589	}
1590
1591
1592	/ This is the main loop. It is replicated in different threads but*
1593	the use of the ready list makes sure only one thread handles an
1594	incoming connection. /*
1595	static void *
1596	__attribute__ ((__noreturn__))
1597	nscd_run_worker (void *p)
1598	{
1599	char buf[`256`];
1600
1601	/ Initial locking. /
1602	pthread_mutex_lock (&readylist_lock);
1603
1604	/ One more thread available. /
1605	++nready;
1606
1607	while (`1`)
1608	{
1609	while (readylist == NULL)
1610	pthread_cond_wait (&readylist_cond, &readylist_lock);
1611
1612	struct fdlist *it = readylist->next;
1613	if (readylist->next == readylist)
1614	/ Just one entry on the list. /
1615	readylist = NULL;
1616	else
1617	readylist->next = it->next;
1618
1619	/ Extract the information and mark the record ready to be used*
1620	again. /*
1621	int fd = it->fd;
1622	it->next = NULL;
1623
1624	/ One more thread available. /
1625	--nready;
1626
1627	/ We are done with the list. /
1628	pthread_mutex_unlock (&readylist_lock);
1629
1630	/ Now read the request. /
1631	request_header req;
1632	if (__builtin_expect (TEMP_FAILURE_RETRY (read (fd, &req, sizeof (req)))
1633	!= sizeof (req), `0`))
1634	{
1635	/ We failed to read data. Note that this also might mean we*
1636	failed because we would have blocked. /*
1637	if (debug_level > `0`)
1638	dbg_log (_("short read while reading request: %s"),
1639	strerror_r (errno, buf, sizeof (buf)));
1640	goto close_and_out;
1641	}
1642
1643	/ Check whether this is a valid request type. /
1644	if (req.type < GETPWBYNAME \|\| req.type >= LASTREQ)
1645	goto close_and_out;
1646
1647	/ Some systems have no SO_PEERCRED implementation. They don't*
1648	care about security so we don't as well. /*
1649	uid_t uid = -`1`;
1650	#ifdef SO_PEERCRED
1651	pid_t pid = `0`;
1652
1653	if (__glibc_unlikely (debug_level > `0`))
1654	{
1655	struct ucred caller;
1656	socklen_t optlen = sizeof (caller);
1657
1658	if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &caller, &optlen) == `0`)
1659	pid = caller.pid;
1660	}
1661	#else
1662	const pid_t pid = `0`;
1663	#endif
1664
1665	/ It should not be possible to crash the nscd with a silly*
1666	request (i.e., a terribly large key). We limit the size to 1kb. /*
1667	if (__builtin_expect (req.key_len, `1`) < `0`
1668	\|\| __builtin_expect (req.key_len, `1`) > MAXKEYLEN)
1669	{
1670	if (debug_level > `0`)
1671	dbg_log (_("key length in request too long: %d"), req.key_len);
1672	}
1673	else
1674	{
1675	/ Get the key. /
1676	char keybuf[MAXKEYLEN + `1`];
1677
1678	if (__builtin_expect (TEMP_FAILURE_RETRY (read (fd, keybuf,
1679	req.key_len))
1680	!= req.key_len, `0`))
1681	{
1682	/ Again, this can also mean we would have blocked. /
1683	if (debug_level > `0`)
1684	dbg_log (_("short read while reading request key: %s"),
1685	strerror_r (errno, buf, sizeof (buf)));
1686	goto close_and_out;
1687	}
1688	keybuf[req.key_len] = `'\0'`;
1689
1690	if (__builtin_expect (debug_level, `0`) > `0`)
1691	{
1692	#ifdef SO_PEERCRED
1693	if (pid != `0`)
1694	dbg_log (_("\
1695	handle_request: request received (Version = %d) from PID %ld"),
1696	req.version, (long int) pid);
1697	else
1698	#endif
1699	dbg_log (_("\
1700	handle_request: request received (Version = %d)"), req.version);
1701	}
1702
1703	/ Phew, we got all the data, now process it. /
1704	handle_request (fd, &req, keybuf, uid, pid);
1705	}
1706
1707	close_and_out:
1708	/ We are done. /
1709	close (fd);
1710
1711	/ Re-locking. /
1712	pthread_mutex_lock (&readylist_lock);
1713
1714	/ One more thread available. /
1715	++nready;
1716	}
1717	/ NOTREACHED /
1718	}
1719
1720
1721	static unsigned int nconns;
1722
1723	static void
1724	fd_ready (int fd)
1725	{
1726	pthread_mutex_lock (&readylist_lock);
1727
1728	/ Find an empty entry in FDLIST. /
1729	size_t inner;
1730	for (inner = `0`; inner < nconns; ++inner)
1731	if (fdlist[inner].next == NULL)
1732	break;
1733	assert (inner < nconns);
1734
1735	fdlist[inner].fd = fd;
1736
1737	if (readylist == NULL)
1738	readylist = fdlist[inner].next = &fdlist[inner];
1739	else
1740	{
1741	fdlist[inner].next = readylist->next;
1742	readylist = readylist->next = &fdlist[inner];
1743	}
1744
1745	bool do_signal = true;
1746	if (__glibc_unlikely (nready == `0`))
1747	{
1748	++client_queued;
1749	do_signal = false;
1750
1751	/ Try to start another thread to help out. /
1752	pthread_t th;
1753	if (nthreads < max_nthreads
1754	&& pthread_create (&th, &attr, nscd_run_worker,
1755	(void ) (long* int) nthreads) == `0`)
1756	{
1757	/ We got another thread. /
1758	++nthreads;
1759	/ The new thread might need a kick. /
1760	do_signal = true;
1761	}
1762
1763	}
1764
1765	pthread_mutex_unlock (&readylist_lock);
1766
1767	/ Tell one of the worker threads there is work to do. /
1768	if (do_signal)
1769	pthread_cond_signal (&readylist_cond);
1770	}
1771
1772
1773	/ Check whether restarting should happen. /
1774	static bool
1775	restart_p (time_t now)
1776	{
1777	return (paranoia && readylist == NULL && nready == nthreads
1778	&& now >= restart_time);
1779	}
1780
1781
1782	/ Array for times a connection was accepted. /
1783	static time_t *starttime;
1784
1785	#ifdef HAVE_INOTIFY
1786	/ Inotify event for changed file. /
1787	union __inev
1788	{
1789	struct inotify_event i;
1790	# ifndef PATH_MAX
1791	# define PATH_MAX 1024
1792	# endif
1793	char buf[sizeof (struct inotify_event) + PATH_MAX];
1794	};
1795
1796	/ Returns 0 if the file is there otherwise -1. /
1797	int
1798	check_file (struct traced_file *finfo)
1799	{
1800	struct stat64 st;
1801	/ We could check mtime and if different re-add*
1802	the watches, and invalidate the database, but we
1803	don't because we are called from inotify_check_files
1804	which should be doing that work. If sufficient inotify
1805	events were lost then the next pruning or invalidation
1806	will do the stat and mtime check. We don't do it here to
1807	keep the logic simple. /*
1808	if (stat64 (finfo->fname, &st) < `0`)
1809	return -`1`;
1810	return `0`;
1811	}
1812
1813	/ Process the inotify event in INEV. If the event matches any of the files*
1814	registered with a database then mark that database as requiring its cache
1815	to be cleared. We indicate the cache needs clearing by setting
1816	TO_CLEAR[DBCNT] to true for the matching database. /*
1817	static void
1818	inotify_check_files (bool to_clear, union* __inev *inev)
1819	{
1820	/ Check which of the files changed. /
1821	for (size_t dbcnt = `0`; dbcnt < lastdb; ++dbcnt)
1822	{
1823	struct traced_file *finfo = dbs[dbcnt].traced_files;
1824
1825	while (finfo != NULL)
1826	{
1827	/ The configuration file was moved or deleted.*
1828	We stop watching it at that point, and reinitialize. /*
1829	if (finfo->inotify_descr[TRACED_FILE] == inev->i.wd
1830	&& ((inev->i.mask & IN_MOVE_SELF)
1831	\|\| (inev->i.mask & IN_DELETE_SELF)
1832	\|\| (inev->i.mask & IN_IGNORED)))
1833	{
1834	int ret;
1835	bool moved = (inev->i.mask & IN_MOVE_SELF) != `0`;
1836
1837	if (check_file (finfo) == `0`)
1838	{
1839	dbg_log (_("ignored inotify event for `%s` (file exists)"),
1840	finfo->fname);
1841	return;
1842	}
1843
1844	dbg_log (_("monitored file `%s` was %s, removing watch"),
1845	finfo->fname, moved ? "moved" : "deleted");
1846	/ File was moved out, remove the watch. Watches are*
1847	automatically removed when the file is deleted. /*
1848	if (moved)
1849	{
1850	ret = inotify_rm_watch (inotify_fd, inev->i.wd);
1851	if (ret < `0`)
1852	dbg_log (_("failed to remove file watch `%s`: %s"),
1853	finfo->fname, strerror (errno));
1854	}
1855	finfo->inotify_descr[TRACED_FILE] = -`1`;
1856	to_clear[dbcnt] = true;
1857	if (finfo->call_res_init)
1858	res_init ();
1859	return;
1860	}
1861	/ The configuration file was open for writing and has just closed.*
1862	We reset the cache and reinitialize. /*
1863	if (finfo->inotify_descr[TRACED_FILE] == inev->i.wd
1864	&& inev->i.mask & IN_CLOSE_WRITE)
1865	{
1866	/ Mark cache as needing to be cleared and reinitialize. /
1867	dbg_log (_("monitored file `%s` was written to"), finfo->fname);
1868	to_clear[dbcnt] = true;
1869	if (finfo->call_res_init)
1870	res_init ();
1871	return;
1872	}
1873	/ The parent directory was moved or deleted. We trigger one last*
1874	invalidation. At the next pruning or invalidation we may add
1875	this watch back if the file is present again. /*
1876	if (finfo->inotify_descr[TRACED_DIR] == inev->i.wd
1877	&& ((inev->i.mask & IN_DELETE_SELF)
1878	\|\| (inev->i.mask & IN_MOVE_SELF)
1879	\|\| (inev->i.mask & IN_IGNORED)))
1880	{
1881	bool moved = (inev->i.mask & IN_MOVE_SELF) != `0`;
1882	/ The directory watch may have already been removed*
1883	but we don't know so we just remove it again and
1884	ignore the error. Then we remove the file watch.
1885	Note: watches are automatically removed for deleted
1886	files. /*
1887	if (moved)
1888	inotify_rm_watch (inotify_fd, inev->i.wd);
1889	if (finfo->inotify_descr[TRACED_FILE] != -`1`)
1890	{
1891	dbg_log (_("monitored parent directory `%s` was %s, removing watch on `%s`"),
1892	finfo->dname, moved ? "moved" : "deleted", finfo->fname);
1893	if (inotify_rm_watch (inotify_fd, finfo->inotify_descr[TRACED_FILE]) < `0`)
1894	dbg_log (_("failed to remove file watch `%s`: %s"),
1895	finfo->dname, strerror (errno));
1896	}
1897	finfo->inotify_descr[TRACED_FILE] = -`1`;
1898	finfo->inotify_descr[TRACED_DIR] = -`1`;
1899	to_clear[dbcnt] = true;
1900	if (finfo->call_res_init)
1901	res_init ();
1902	/ Continue to the next entry since this might be the*
1903	parent directory for multiple registered files and
1904	we want to remove watches for all registered files. /*
1905	continue;
1906	}
1907	/ The parent directory had a create or moved to event. /
1908	if (finfo->inotify_descr[TRACED_DIR] == inev->i.wd
1909	&& ((inev->i.mask & IN_MOVED_TO)
1910	\|\| (inev->i.mask & IN_CREATE))
1911	&& strcmp (inev->i.name, finfo->sfname) == `0`)
1912	{
1913	/ We detected a directory change. We look for the creation*
1914	of the file we are tracking or the move of the same file
1915	into the directory. /*
1916	int ret;
1917	dbg_log (_("monitored file `%s` was %s, adding watch"),
1918	finfo->fname,
1919	inev->i.mask & IN_CREATE ? "created" : "moved into place");
1920	/ File was moved in or created. Regenerate the watch. /
1921	if (finfo->inotify_descr[TRACED_FILE] != -`1`)
1922	inotify_rm_watch (inotify_fd,
1923	finfo->inotify_descr[TRACED_FILE]);
1924
1925	ret = inotify_add_watch (inotify_fd,
1926	finfo->fname,
1927	TRACED_FILE_MASK);
1928	if (ret < `0`)
1929	dbg_log (_("failed to add file watch `%s`: %s"),
1930	finfo->fname, strerror (errno));
1931
1932	finfo->inotify_descr[TRACED_FILE] = ret;
1933
1934	/ The file is new or moved so mark cache as needing to*
1935	be cleared and reinitialize. /*
1936	to_clear[dbcnt] = true;
1937	if (finfo->call_res_init)
1938	res_init ();
1939
1940	/ Done re-adding the watch. Don't return, we may still*
1941	have other files in this same directory, same watch
1942	descriptor, and need to process them. /*
1943	}
1944	/ Other events are ignored, and we move on to the next file. /
1945	finfo = finfo->next;
1946	}
1947	}
1948	}
1949
1950	/ If an entry in the array of booleans TO_CLEAR is TRUE then clear the cache*
1951	for the associated database, otherwise do nothing. The TO_CLEAR array must
1952	have LASTDB entries. /*
1953	static inline void
1954	clear_db_cache (bool *to_clear)
1955	{
1956	for (size_t dbcnt = `0`; dbcnt < lastdb; ++dbcnt)
1957	if (to_clear[dbcnt])
1958	{
1959	pthread_mutex_lock (&dbs[dbcnt].prune_lock);
1960	dbs[dbcnt].clear_cache = `1`;
1961	pthread_mutex_unlock (&dbs[dbcnt].prune_lock);
1962	pthread_cond_signal (&dbs[dbcnt].prune_cond);
1963	}
1964	}
1965
1966	int
1967	handle_inotify_events (void)
1968	{
1969	bool to_clear[lastdb] = { false, };
1970	union __inev inev;
1971
1972	/ Read all inotify events for files registered via*
1973	register_traced_file(). /*
1974	while (`1`)
1975	{
1976	/ Potentially read multiple events into buf. /
1977	ssize_t nb = TEMP_FAILURE_RETRY (read (inotify_fd,
1978	&inev.buf,
1979	sizeof (inev)));
1980	if (nb < (ssize_t) sizeof (struct inotify_event))
1981	{
1982	/ Not even 1 event. /
1983	if (__glibc_unlikely (nb == -`1` && errno != EAGAIN))
1984	return -`1`;
1985	/ Done reading events that are ready. /
1986	break;
1987	}
1988	/ Process all events. The normal inotify interface delivers*
1989	complete events on a read and never a partial event. /*
1990	char *eptr = &inev.buf[`0`];
1991	ssize_t count;
1992	while (`1`)
1993	{
1994	/ Check which of the files changed. /
1995	inotify_check_files (to_clear, &inev);
1996	count = sizeof (struct inotify_event) + inev.i.len;
1997	eptr += count;
1998	nb -= count;
1999	if (nb >= (ssize_t) sizeof (struct inotify_event))
2000	memcpy (&inev, eptr, nb);
2001	else
2002	break;
2003	}
2004	continue;
2005	}
2006	/ Actually perform the cache clearing. /
2007	clear_db_cache (to_clear);
2008	return `0`;
2009	}
2010
2011	#endif
2012
2013	static void
2014	__attribute__ ((__noreturn__))
2015	main_loop_poll (void)
2016	{
2017	struct pollfd conns = (struct* pollfd *) xmalloc (nconns
2018	* sizeof (conns[`0`]));
2019
2020	conns[`0`].fd = sock;
2021	conns[`0`].events = POLLRDNORM;
2022	size_t nused = `1`;
2023	size_t firstfree = `1`;
2024
2025	#ifdef HAVE_INOTIFY
2026	if (inotify_fd != -`1`)
2027	{
2028	conns[`1`].fd = inotify_fd;
2029	conns[`1`].events = POLLRDNORM;
2030	nused = `2`;
2031	firstfree = `2`;
2032	}
2033	#endif
2034
2035	#ifdef HAVE_NETLINK
2036	size_t idx_nl_status_fd = `0`;
2037	if (nl_status_fd != -`1`)
2038	{
2039	idx_nl_status_fd = nused;
2040	conns[nused].fd = nl_status_fd;
2041	conns[nused].events = POLLRDNORM;
2042	++nused;
2043	firstfree = nused;
2044	}
2045	#endif
2046
2047	while (`1`)
2048	{
2049	/ Wait for any event. We wait at most a couple of seconds so*
2050	that we can check whether we should close any of the accepted
2051	connections since we have not received a request. /*
2052	#define MAX_ACCEPT_TIMEOUT 30
2053	#define MIN_ACCEPT_TIMEOUT 5
2054	#define MAIN_THREAD_TIMEOUT \
2055	(MAX_ACCEPT_TIMEOUT * 1000 \
2056	- ((MAX_ACCEPT_TIMEOUT - MIN_ACCEPT_TIMEOUT) * 1000 * nused) / (2 * nconns))
2057
2058	int n = poll (conns, nused, MAIN_THREAD_TIMEOUT);
2059
2060	time_t now = time (NULL);
2061
2062	/ If there is a descriptor ready for reading or there is a new*
2063	connection, process this now. /*
2064	if (n > `0`)
2065	{
2066	if (conns[`0`].revents != `0`)
2067	{
2068	/ We have a new incoming connection. Accept the connection. /
2069	int fd = TEMP_FAILURE_RETRY (accept4 (sock, NULL, NULL,
2070	SOCK_NONBLOCK));
2071
2072	/ Use the descriptor if we have not reached the limit. /
2073	if (fd >= `0`)
2074	{
2075	if (firstfree < nconns)
2076	{
2077	conns[firstfree].fd = fd;
2078	conns[firstfree].events = POLLRDNORM;
2079	starttime[firstfree] = now;
2080	if (firstfree >= nused)
2081	nused = firstfree + `1`;
2082
2083	do
2084	++firstfree;
2085	while (firstfree < nused && conns[firstfree].fd != -`1`);
2086	}
2087	else
2088	/ We cannot use the connection so close it. /
2089	close (fd);
2090	}
2091
2092	--n;
2093	}
2094
2095	size_t first = `1`;
2096	#ifdef HAVE_INOTIFY
2097	if (inotify_fd != -`1` && conns[`1`].fd == inotify_fd)
2098	{
2099	if (conns[`1`].revents != `0`)
2100	{
2101	int ret;
2102	ret = handle_inotify_events ();
2103	if (ret == -`1`)
2104	{
2105	/ Something went wrong when reading the inotify*
2106	data. Better disable inotify. /*
2107	dbg_log (_("disabled inotify-based monitoring after read error %d"), errno);
2108	conns[`1`].fd = -`1`;
2109	firstfree = `1`;
2110	if (nused == `2`)
2111	nused = `1`;
2112	close (inotify_fd);
2113	inotify_fd = -`1`;
2114	}
2115	--n;
2116	}
2117
2118	first = `2`;
2119	}
2120	#endif
2121
2122	#ifdef HAVE_NETLINK
2123	if (idx_nl_status_fd != `0` && conns[idx_nl_status_fd].revents != `0`)
2124	{
2125	char buf[`4096`];
2126	/ Read all the data. We do not interpret it here. /
2127	while (TEMP_FAILURE_RETRY (read (nl_status_fd, buf,
2128	sizeof (buf))) != -`1`)
2129	;
2130
2131	dbs[hstdb].head->extra_data[NSCD_HST_IDX_CONF_TIMESTAMP]
2132	= __bump_nl_timestamp ();
2133	}
2134	#endif
2135
2136	for (size_t cnt = first; cnt < nused && n > `0`; ++cnt)
2137	if (conns[cnt].revents != `0`)
2138	{
2139	fd_ready (conns[cnt].fd);
2140
2141	/ Clean up the CONNS array. /
2142	conns[cnt].fd = -`1`;
2143	if (cnt < firstfree)
2144	firstfree = cnt;
2145	if (cnt == nused - `1`)
2146	do
2147	--nused;
2148	while (conns[nused - `1`].fd == -`1`);
2149
2150	--n;
2151	}
2152	}
2153
2154	/ Now find entries which have timed out. /
2155	assert (nused > `0`);
2156
2157	/ We make the timeout length depend on the number of file*
2158	descriptors currently used. /*
2159	#define ACCEPT_TIMEOUT \
2160	(MAX_ACCEPT_TIMEOUT \
2161	- ((MAX_ACCEPT_TIMEOUT - MIN_ACCEPT_TIMEOUT) * nused) / nconns)
2162	time_t laststart = now - ACCEPT_TIMEOUT;
2163
2164	for (size_t cnt = nused - `1`; cnt > `0`; --cnt)
2165	{
2166	if (conns[cnt].fd != -`1` && starttime[cnt] < laststart)
2167	{
2168	/ Remove the entry, it timed out. /
2169	(void) close (conns[cnt].fd);
2170	conns[cnt].fd = -`1`;
2171
2172	if (cnt < firstfree)
2173	firstfree = cnt;
2174	if (cnt == nused - `1`)
2175	do
2176	--nused;
2177	while (conns[nused - `1`].fd == -`1`);
2178	}
2179	}
2180
2181	if (restart_p (now))
2182	restart ();
2183	}
2184	}
2185
2186
2187	#ifdef HAVE_EPOLL
2188	static void
2189	main_loop_epoll (int efd)
2190	{
2191	struct epoll_event ev = { `0`, };
2192	int nused = `1`;
2193	size_t highest = `0`;
2194
2195	/ Add the socket. /
2196	ev.events = EPOLLRDNORM;
2197	ev.data.fd = sock;
2198	if (epoll_ctl (efd, EPOLL_CTL_ADD, sock, &ev) == -`1`)
2199	/ We cannot use epoll. /
2200	return;
2201
2202	# ifdef HAVE_INOTIFY
2203	if (inotify_fd != -`1`)
2204	{
2205	ev.events = EPOLLRDNORM;
2206	ev.data.fd = inotify_fd;
2207	if (epoll_ctl (efd, EPOLL_CTL_ADD, inotify_fd, &ev) == -`1`)
2208	/ We cannot use epoll. /
2209	return;
2210	nused = `2`;
2211	}
2212	# endif
2213
2214	# ifdef HAVE_NETLINK
2215	if (nl_status_fd != -`1`)
2216	{
2217	ev.events = EPOLLRDNORM;
2218	ev.data.fd = nl_status_fd;
2219	if (epoll_ctl (efd, EPOLL_CTL_ADD, nl_status_fd, &ev) == -`1`)
2220	/ We cannot use epoll. /
2221	return;
2222	}
2223	# endif
2224
2225	while (`1`)
2226	{
2227	struct epoll_event revs[`100`];
2228	# define nrevs (sizeof (revs) / sizeof (revs[0]))
2229
2230	int n = epoll_wait (efd, revs, nrevs, MAIN_THREAD_TIMEOUT);
2231
2232	time_t now = time (NULL);
2233
2234	for (int cnt = `0`; cnt < n; ++cnt)
2235	if (revs[cnt].data.fd == sock)
2236	{
2237	/ A new connection. /
2238	int fd = TEMP_FAILURE_RETRY (accept4 (sock, NULL, NULL,
2239	SOCK_NONBLOCK));
2240
2241	/ Use the descriptor if we have not reached the limit. /
2242	if (fd >= `0`)
2243	{
2244	/ Try to add the new descriptor. /
2245	ev.data.fd = fd;
2246	if (fd >= nconns
2247	\|\| epoll_ctl (efd, EPOLL_CTL_ADD, fd, &ev) == -`1`)
2248	/ The descriptor is too large or something went*
2249	wrong. Close the descriptor. /*
2250	close (fd);
2251	else
2252	{
2253	/ Remember when we accepted the connection. /
2254	starttime[fd] = now;
2255
2256	if (fd > highest)
2257	highest = fd;
2258
2259	++nused;
2260	}
2261	}
2262	}
2263	# ifdef HAVE_INOTIFY
2264	else if (revs[cnt].data.fd == inotify_fd)
2265	{
2266	int ret;
2267	ret = handle_inotify_events ();
2268	if (ret == -`1`)
2269	{
2270	/ Something went wrong when reading the inotify*
2271	data. Better disable inotify. /*
2272	dbg_log (_("disabled inotify-based monitoring after read error %d"), errno);
2273	(void) epoll_ctl (efd, EPOLL_CTL_DEL, inotify_fd, NULL);
2274	close (inotify_fd);
2275	inotify_fd = -`1`;
2276	break;
2277	}
2278	}
2279	# endif
2280	# ifdef HAVE_NETLINK
2281	else if (revs[cnt].data.fd == nl_status_fd)
2282	{
2283	char buf[`4096`];
2284	/ Read all the data. We do not interpret it here. /
2285	while (TEMP_FAILURE_RETRY (read (nl_status_fd, buf,
2286	sizeof (buf))) != -`1`)
2287	;
2288
2289	__bump_nl_timestamp ();
2290	}
2291	# endif
2292	else
2293	{
2294	/ Remove the descriptor from the epoll descriptor. /
2295	(void) epoll_ctl (efd, EPOLL_CTL_DEL, revs[cnt].data.fd, NULL);
2296
2297	/ Get a worker to handle the request. /
2298	fd_ready (revs[cnt].data.fd);
2299
2300	/ Reset the time. /
2301	starttime[revs[cnt].data.fd] = `0`;
2302	if (revs[cnt].data.fd == highest)
2303	do
2304	--highest;
2305	while (highest > `0` && starttime[highest] == `0`);
2306
2307	--nused;
2308	}
2309
2310	/ Now look for descriptors for accepted connections which have*
2311	no reply in too long of a time. /*
2312	time_t laststart = now - ACCEPT_TIMEOUT;
2313	assert (starttime[sock] == `0`);
2314	# ifdef HAVE_INOTIFY
2315	assert (inotify_fd == -`1` \|\| starttime[inotify_fd] == `0`);
2316	# endif
2317	assert (nl_status_fd == -`1` \|\| starttime[nl_status_fd] == `0`);
2318	for (int cnt = highest; cnt > STDERR_FILENO; --cnt)
2319	if (starttime[cnt] != `0` && starttime[cnt] < laststart)
2320	{
2321	/ We are waiting for this one for too long. Close it. /
2322	(void) epoll_ctl (efd, EPOLL_CTL_DEL, cnt, NULL);
2323
2324	(void) close (cnt);
2325
2326	starttime[cnt] = `0`;
2327	if (cnt == highest)
2328	--highest;
2329	}
2330	else if (cnt != sock && starttime[cnt] == `0` && cnt == highest)
2331	--highest;
2332
2333	if (restart_p (now))
2334	restart ();
2335	}
2336	}
2337	#endif
2338
2339
2340	/ Start all the threads we want. The initial process is thread no. 1. /
2341	void
2342	start_threads (void)
2343	{
2344	/ Initialize the conditional variable we will use. The only*
2345	non-standard attribute we might use is the clock selection. /*
2346	pthread_condattr_t condattr;
2347	pthread_condattr_init (&condattr);
2348
2349	#if defined _POSIX_CLOCK_SELECTION && _POSIX_CLOCK_SELECTION >= 0 \
2350	&& defined _POSIX_MONOTONIC_CLOCK && _POSIX_MONOTONIC_CLOCK >= 0
2351	/ Determine whether the monotonous clock is available. /
2352	struct timespec dummy;
2353	# if _POSIX_MONOTONIC_CLOCK == 0
2354	if (sysconf (_SC_MONOTONIC_CLOCK) > `0`)
2355	# endif
2356	# if _POSIX_CLOCK_SELECTION == 0
2357	if (sysconf (_SC_CLOCK_SELECTION) > `0`)
2358	# endif
2359	if (clock_getres (CLOCK_MONOTONIC, &dummy) == `0`
2360	&& pthread_condattr_setclock (&condattr, CLOCK_MONOTONIC) == `0`)
2361	timeout_clock = CLOCK_MONOTONIC;
2362	#endif
2363
2364	/ Create the attribute for the threads. They are all created*
2365	detached. /*
2366	pthread_attr_init (&attr);
2367	pthread_attr_setdetachstate (&attr, PTHREAD_CREATE_DETACHED);
2368	/ Use 1MB stacks, twice as much for 64-bit architectures. /
2369	pthread_attr_setstacksize (&attr, NSCD_THREAD_STACKSIZE);
2370
2371	/ We allow less than LASTDB threads only for debugging. /
2372	if (debug_level == `0`)
2373	nthreads = MAX (nthreads, lastdb);
2374
2375	/ Create the threads which prune the databases. /
2376	// XXX Ideally this work would be done by some of the worker threads.
2377	// XXX But this is problematic since we would need to be able to wake
2378	// XXX them up explicitly as well as part of the group handling the
2379	// XXX ready-list. This requires an operation where we can wait on
2380	// XXX two conditional variables at the same time. This operation
2381	// XXX does not exist (yet).
2382	for (long int i = `0`; i < lastdb; ++i)
2383	{
2384	/ Initialize the conditional variable. /
2385	if (pthread_cond_init (&dbs[i].prune_cond, &condattr) != `0`)
2386	{
2387	dbg_log (_("could not initialize conditional variable"));
2388	do_exit (`1`, `0`, NULL);
2389	}
2390
2391	pthread_t th;
2392	if (dbs[i].enabled
2393	&& pthread_create (&th, &attr, nscd_run_prune, (void *) i) != `0`)
2394	{
2395	dbg_log (_("could not start clean-up thread; terminating"));
2396	do_exit (`1`, `0`, NULL);
2397	}
2398	}
2399
2400	pthread_condattr_destroy (&condattr);
2401
2402	for (long int i = `0`; i < nthreads; ++i)
2403	{
2404	pthread_t th;
2405	if (pthread_create (&th, &attr, nscd_run_worker, NULL) != `0`)
2406	{
2407	if (i == `0`)
2408	{
2409	dbg_log (_("could not start any worker thread; terminating"));
2410	do_exit (`1`, `0`, NULL);
2411	}
2412
2413	break;
2414	}
2415	}
2416
2417	/ Now it is safe to let the parent know that we're doing fine and it can*
2418	exit. /*
2419	notify_parent (`0`);
2420
2421	/ Determine how much room for descriptors we should initially*
2422	allocate. This might need to change later if we cap the number
2423	with MAXCONN. /*
2424	const long int nfds = sysconf (_SC_OPEN_MAX);
2425	#define MINCONN 32
2426	#define MAXCONN 16384
2427	if (nfds == -`1` \|\| nfds > MAXCONN)
2428	nconns = MAXCONN;
2429	else if (nfds < MINCONN)
2430	nconns = MINCONN;
2431	else
2432	nconns = nfds;
2433
2434	/ We need memory to pass descriptors on to the worker threads. /
2435	fdlist = (struct fdlist ) xcalloc (nconns, sizeof* (fdlist[`0`]));
2436	/ Array to keep track when connection was accepted. /
2437	starttime = (time_t ) xcalloc (nconns, sizeof* (starttime[`0`]));
2438
2439	/ In the main thread we execute the loop which handles incoming*
2440	connections. /*
2441	#ifdef HAVE_EPOLL
2442	int efd = epoll_create (`100`);
2443	if (efd != -`1`)
2444	{
2445	main_loop_epoll (efd);
2446	close (efd);
2447	}
2448	#endif
2449
2450	main_loop_poll ();
2451	}
2452
2453
2454	/ Look up the uid, gid, and supplementary groups to run nscd as. When*
2455	this function is called, we are not listening on the nscd socket yet so
2456	we can just use the ordinary lookup functions without causing a lockup /*
2457	static void
2458	begin_drop_privileges (void)
2459	{
2460	struct passwd *pwd = getpwnam (server_user);
2461
2462	if (pwd == NULL)
2463	{
2464	dbg_log (_("Failed to run nscd as user '%s'"), server_user);
2465	do_exit (EXIT_FAILURE, `0`,
2466	_("Failed to run nscd as user '%s'"), server_user);
2467	}
2468
2469	server_uid = pwd->pw_uid;
2470	server_gid = pwd->pw_gid;
2471
2472	/ Save the old UID/GID if we have to change back. /
2473	if (paranoia)
2474	{
2475	old_uid = getuid ();
2476	old_gid = getgid ();
2477	}
2478
2479	if (getgrouplist (server_user, server_gid, NULL, &server_ngroups) == `0`)
2480	{
2481	/ This really must never happen. /
2482	dbg_log (_("Failed to run nscd as user '%s'"), server_user);
2483	do_exit (EXIT_FAILURE, errno,
2484	_("initial getgrouplist failed"));
2485	}
2486
2487	server_groups = (gid_t ) xmalloc (server_ngroups sizeof (gid_t));
2488
2489	if (getgrouplist (server_user, server_gid, server_groups, &server_ngroups)
2490	== -`1`)
2491	{
2492	dbg_log (_("Failed to run nscd as user '%s'"), server_user);
2493	do_exit (EXIT_FAILURE, errno, _("getgrouplist failed"));
2494	}
2495	}
2496
2497
2498	/ Call setgroups(), setgid(), and setuid() to drop root privileges and*
2499	run nscd as the user specified in the configuration file. /*
2500	static void
2501	finish_drop_privileges (void)
2502	{
2503	#if defined HAVE_LIBAUDIT && defined HAVE_LIBCAP
2504	/ We need to preserve the capabilities to connect to the audit daemon. /
2505	cap_t new_caps = preserve_capabilities ();
2506	#endif
2507
2508	if (setgroups (server_ngroups, server_groups) == -`1`)
2509	{
2510	dbg_log (_("Failed to run nscd as user '%s'"), server_user);
2511	do_exit (EXIT_FAILURE, errno, _("setgroups failed"));
2512	}
2513
2514	int res;
2515	if (paranoia)
2516	res = setresgid (server_gid, server_gid, old_gid);
2517	else
2518	res = setgid (server_gid);
2519	if (res == -`1`)
2520	{
2521	dbg_log (_("Failed to run nscd as user '%s'"), server_user);
2522	do_exit (`4`, errno, "setgid");
2523	}
2524
2525	if (paranoia)
2526	res = setresuid (server_uid, server_uid, old_uid);
2527	else
2528	res = setuid (server_uid);
2529	if (res == -`1`)
2530	{
2531	dbg_log (_("Failed to run nscd as user '%s'"), server_user);
2532	do_exit (`4`, errno, "setuid");
2533	}
2534
2535	#if defined HAVE_LIBAUDIT && defined HAVE_LIBCAP
2536	/ Remove the temporary capabilities. /
2537	install_real_capabilities (new_caps);
2538	#endif
2539	}
2540

Browse the source code of glibc_src_2.28/nscd/connections.c