1/* Copyright (C) 2007-2018 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Ulrich Drepper <drepper@redhat.com>, 2007.
4
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
9
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <http://www.gnu.org/licenses/>. */
18
19#include <assert.h>
20#include <errno.h>
21#include <string.h>
22#include <not-cancel.h>
23#include <_itoa.h>
24#include <stdint.h>
25
26#include "nscd-client.h"
27#include "nscd_proto.h"
28
29
30int __nss_not_use_nscd_services;
31
32
33static int nscd_getserv_r (const char *crit, size_t critlen, const char *proto,
34 request_type type, struct servent *resultbuf,
35 char *buf, size_t buflen, struct servent **result);
36
37
38int
39__nscd_getservbyname_r (const char *name, const char *proto,
40 struct servent *result_buf, char *buf, size_t buflen,
41 struct servent **result)
42{
43 return nscd_getserv_r (name, strlen (name), proto, GETSERVBYNAME, result_buf,
44 buf, buflen, result);
45}
46
47
48int
49__nscd_getservbyport_r (int port, const char *proto,
50 struct servent *result_buf, char *buf, size_t buflen,
51 struct servent **result)
52{
53 char portstr[3 * sizeof (int) + 2];
54 portstr[sizeof (portstr) - 1] = '\0';
55 char *cp = _itoa_word (port, portstr + sizeof (portstr) - 1, 10, 0);
56
57 return nscd_getserv_r (cp, portstr + sizeof (portstr) - 1 - cp, proto,
58 GETSERVBYPORT, result_buf, buf, buflen, result);
59}
60
61
62libc_locked_map_ptr (, __serv_map_handle) attribute_hidden;
63/* Note that we only free the structure if necessary. The memory
64 mapping is not removed since it is not visible to the malloc
65 handling. */
66libc_freeres_fn (serv_map_free)
67{
68 if (__serv_map_handle.mapped != NO_MAPPING)
69 {
70 void *p = __serv_map_handle.mapped;
71 __serv_map_handle.mapped = NO_MAPPING;
72 free (p);
73 }
74}
75
76
77static int
78nscd_getserv_r (const char *crit, size_t critlen, const char *proto,
79 request_type type, struct servent *resultbuf,
80 char *buf, size_t buflen, struct servent **result)
81{
82 int gc_cycle;
83 int nretries = 0;
84 size_t alloca_used = 0;
85
86 /* If the mapping is available, try to search there instead of
87 communicating with the nscd. */
88 struct mapped_database *mapped;
89 mapped = __nscd_get_map_ref (GETFDSERV, "services", &__serv_map_handle,
90 &gc_cycle);
91 size_t protolen = proto == NULL ? 0 : strlen (proto);
92 size_t keylen = critlen + 1 + protolen + 1;
93 int alloca_key = __libc_use_alloca (keylen);
94 char *key;
95 if (alloca_key)
96 key = alloca_account (keylen, alloca_used);
97 else
98 {
99 key = malloc (keylen);
100 if (key == NULL)
101 return -1;
102 }
103 memcpy (__mempcpy (__mempcpy (key, crit, critlen),
104 "/", 1), proto ?: "", protolen + 1);
105
106 retry:;
107 const char *s_name = NULL;
108 const char *s_proto = NULL;
109 int alloca_aliases_len = 0;
110 const uint32_t *aliases_len = NULL;
111 const char *aliases_list = NULL;
112 int retval = -1;
113 const char *recend = (const char *) ~UINTMAX_C (0);
114 int sock = -1;
115 serv_response_header serv_resp;
116
117 if (mapped != NO_MAPPING)
118 {
119 struct datahead *found = __nscd_cache_search (type, key, keylen, mapped,
120 sizeof serv_resp);
121
122 if (found != NULL)
123 {
124 s_name = (char *) (&found->data[0].servdata + 1);
125 serv_resp = found->data[0].servdata;
126 s_proto = s_name + serv_resp.s_name_len;
127 alloca_aliases_len = 1;
128 aliases_len = (uint32_t *) (s_proto + serv_resp.s_proto_len);
129 aliases_list = ((char *) aliases_len
130 + serv_resp.s_aliases_cnt * sizeof (uint32_t));
131 recend = (const char *) found->data + found->recsize;
132 /* Now check if we can trust serv_resp fields. If GC is
133 in progress, it can contain anything. */
134 if (mapped->head->gc_cycle != gc_cycle)
135 {
136 retval = -2;
137 goto out;
138 }
139 if (__builtin_expect ((const char *) aliases_len
140 + serv_resp.s_aliases_cnt * sizeof (uint32_t)
141 > recend, 0))
142 goto out;
143
144#if !_STRING_ARCH_unaligned
145 /* The aliases_len array in the mapped database might very
146 well be unaligned. We will access it word-wise so on
147 platforms which do not tolerate unaligned accesses we
148 need to make an aligned copy. */
149 if (((uintptr_t) aliases_len & (__alignof__ (*aliases_len) - 1))
150 != 0)
151 {
152 uint32_t *tmp;
153 alloca_aliases_len
154 = __libc_use_alloca (alloca_used
155 + (serv_resp.s_aliases_cnt
156 * sizeof (uint32_t)));
157 if (alloca_aliases_len)
158 tmp = alloca_account (serv_resp.s_aliases_cnt
159 * sizeof (uint32_t),
160 alloca_used);
161 else
162 {
163 tmp = malloc (serv_resp.s_aliases_cnt * sizeof (uint32_t));
164 if (tmp == NULL)
165 {
166 retval = ENOMEM;
167 goto out;
168 }
169 }
170 aliases_len = memcpy (tmp, aliases_len,
171 serv_resp.s_aliases_cnt
172 * sizeof (uint32_t));
173 }
174#endif
175 }
176 }
177
178 if (s_name == NULL)
179 {
180 sock = __nscd_open_socket (key, keylen, type, &serv_resp,
181 sizeof (serv_resp));
182 if (sock == -1)
183 {
184 __nss_not_use_nscd_services = 1;
185 goto out;
186 }
187 }
188
189 /* No value found so far. */
190 *result = NULL;
191
192 if (__glibc_unlikely (serv_resp.found == -1))
193 {
194 /* The daemon does not cache this database. */
195 __nss_not_use_nscd_services = 1;
196 goto out_close;
197 }
198
199 if (serv_resp.found == 1)
200 {
201 char *cp = buf;
202 uintptr_t align1;
203 uintptr_t align2;
204 size_t total_len;
205 ssize_t cnt;
206 int n;
207
208 /* A first check whether the buffer is sufficiently large is possible. */
209 /* Now allocate the buffer the array for the group members. We must
210 align the pointer and the base of the h_addr_list pointers. */
211 align1 = ((__alignof__ (char *) - (cp - ((char *) 0)))
212 & (__alignof__ (char *) - 1));
213 align2 = ((__alignof__ (char *) - ((cp + align1 + serv_resp.s_name_len
214 + serv_resp.s_proto_len)
215 - ((char *) 0)))
216 & (__alignof__ (char *) - 1));
217 if (buflen < (align1 + serv_resp.s_name_len + serv_resp.s_proto_len
218 + align2
219 + (serv_resp.s_aliases_cnt + 1) * sizeof (char *)))
220 {
221 no_room:
222 __set_errno (ERANGE);
223 retval = ERANGE;
224 goto out_close;
225 }
226 cp += align1;
227
228 /* Prepare the result as far as we can. */
229 resultbuf->s_aliases = (char **) cp;
230 cp += (serv_resp.s_aliases_cnt + 1) * sizeof (char *);
231
232 resultbuf->s_name = cp;
233 cp += serv_resp.s_name_len;
234 resultbuf->s_proto = cp;
235 cp += serv_resp.s_proto_len + align2;
236 resultbuf->s_port = serv_resp.s_port;
237
238 if (s_name == NULL)
239 {
240 struct iovec vec[2];
241
242 vec[0].iov_base = resultbuf->s_name;
243 vec[0].iov_len = serv_resp.s_name_len + serv_resp.s_proto_len;
244 total_len = vec[0].iov_len;
245 n = 1;
246
247 if (serv_resp.s_aliases_cnt > 0)
248 {
249 assert (alloca_aliases_len == 0);
250 alloca_aliases_len
251 = __libc_use_alloca (alloca_used
252 + (serv_resp.s_aliases_cnt
253 * sizeof (uint32_t)));
254 if (alloca_aliases_len)
255 aliases_len = alloca_account (serv_resp.s_aliases_cnt
256 * sizeof (uint32_t),
257 alloca_used);
258 else
259 {
260 aliases_len = malloc (serv_resp.s_aliases_cnt
261 * sizeof (uint32_t));
262 if (aliases_len == NULL)
263 {
264 retval = ENOMEM;
265 goto out_close;
266 }
267 }
268 vec[n].iov_base = (void *) aliases_len;
269 vec[n].iov_len = serv_resp.s_aliases_cnt * sizeof (uint32_t);
270
271 total_len += serv_resp.s_aliases_cnt * sizeof (uint32_t);
272 ++n;
273 }
274
275 if ((size_t) __readvall (sock, vec, n) != total_len)
276 goto out_close;
277 }
278 else
279 memcpy (resultbuf->s_name, s_name,
280 serv_resp.s_name_len + serv_resp.s_proto_len);
281
282 /* Now we also can read the aliases. */
283 total_len = 0;
284 for (cnt = 0; cnt < serv_resp.s_aliases_cnt; ++cnt)
285 {
286 resultbuf->s_aliases[cnt] = cp;
287 cp += aliases_len[cnt];
288 total_len += aliases_len[cnt];
289 }
290 resultbuf->s_aliases[cnt] = NULL;
291
292 if (__builtin_expect ((const char *) aliases_list + total_len > recend,
293 0))
294 {
295 /* aliases_len array might contain garbage during nscd GC cycle,
296 retry rather than fail in that case. */
297 if (aliases_list != NULL && mapped->head->gc_cycle != gc_cycle)
298 retval = -2;
299 goto out_close;
300 }
301
302 /* See whether this would exceed the buffer capacity. */
303 if (__glibc_unlikely (cp > buf + buflen))
304 {
305 /* aliases_len array might contain garbage during nscd GC cycle,
306 retry rather than fail in that case. */
307 if (aliases_list != NULL && mapped->head->gc_cycle != gc_cycle)
308 {
309 retval = -2;
310 goto out_close;
311 }
312 goto no_room;
313 }
314
315 /* And finally read the aliases. */
316 if (aliases_list == NULL)
317 {
318 if (total_len == 0
319 || ((size_t) __readall (sock, resultbuf->s_aliases[0], total_len)
320 == total_len))
321 {
322 retval = 0;
323 *result = resultbuf;
324 }
325 }
326 else
327 {
328 memcpy (resultbuf->s_aliases[0], aliases_list, total_len);
329
330 /* Try to detect corrupt databases. */
331 if (resultbuf->s_name[serv_resp.s_name_len - 1] != '\0'
332 || resultbuf->s_proto[serv_resp.s_proto_len - 1] != '\0'
333 || ({for (cnt = 0; cnt < serv_resp.s_aliases_cnt; ++cnt)
334 if (resultbuf->s_aliases[cnt][aliases_len[cnt] - 1]
335 != '\0')
336 break;
337 cnt < serv_resp.s_aliases_cnt; }))
338 {
339 /* We cannot use the database. */
340 if (mapped->head->gc_cycle != gc_cycle)
341 retval = -2;
342 goto out_close;
343 }
344
345 retval = 0;
346 *result = resultbuf;
347 }
348 }
349 else
350 {
351 /* Set errno to 0 to indicate no error, just no found record. */
352 __set_errno (0);
353 /* Even though we have not found anything, the result is zero. */
354 retval = 0;
355 }
356
357 out_close:
358 if (sock != -1)
359 __close_nocancel_nostatus (sock);
360 out:
361 if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0)
362 {
363 /* When we come here this means there has been a GC cycle while we
364 were looking for the data. This means the data might have been
365 inconsistent. Retry if possible. */
366 if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1)
367 {
368 /* nscd is just running gc now. Disable using the mapping. */
369 if (atomic_decrement_val (&mapped->counter) == 0)
370 __nscd_unmap (mapped);
371 mapped = NO_MAPPING;
372 }
373
374 if (retval != -1)
375 {
376 if (!alloca_aliases_len)
377 free ((void *) aliases_len);
378 goto retry;
379 }
380 }
381
382 if (!alloca_aliases_len)
383 free ((void *) aliases_len);
384 if (!alloca_key)
385 free (key);
386
387 return retval;
388}
389