diff options
author | Ulrich Drepper <drepper@redhat.com> | 2003-05-04 07:00:44 +0000 |
---|---|---|
committer | Ulrich Drepper <drepper@redhat.com> | 2003-05-04 07:00:44 +0000 |
commit | a12ce44f6992d8249f779e95db730a9634571654 (patch) | |
tree | 27b9bac188927e65f23574bc15258aeac868ddff /nscd/connections.c | |
parent | f866314b89d56845f55e6f365e18b31ec978ec3a (diff) | |
download | glibc-a12ce44f6992d8249f779e95db730a9634571654.tar.gz |
Update.
2003-05-03 Ulrich Drepper <drepper@redhat.com>
* nscd/nscd.c (main): Parse config file right after parsing
parameters. Then, if get_stats is true, call receive_print_stats.
Drop parameter from nscd_init call.
(get_stats): New variable.
(parse_opt): Set get_stats, don't call receive_print_stats here.
* nscd/nscd.h: Declare dbs, stat_user, and stat_uid. Adjust nscd_init
prototype.
* nscd/connections.c (stat_user, stat_uid): New variables.
(dbs): Make global.
(nscd_init): Don't read configuration file here. Drop parameter.
(handle_request): Cleanup handling of non-database lookup requests.
* nscd/nscd_conf.c (nscd_parse_file): Recognize stat-user entry.
Get UID of the specified user. Use xstrdup instead of strdup.
* nscd/nscd_stat.c (receive_print_stats): Check UID. If not zero,
check stat_user.
* nscd/Makefile (nscd-modules): Add xstrdup.
* nscd/nscd.conf: Document stat-user entry.
2003-05-03 H.J. Lu <hongjiu.lu@intel.com>
* sysdeps/unix/sysv/linux/ia64/sysdep.h (__NR_semtimedop): Define
if not defined.
Diffstat (limited to 'nscd/connections.c')
-rw-r--r-- | nscd/connections.c | 67 |
1 files changed, 31 insertions, 36 deletions
diff --git a/nscd/connections.c b/nscd/connections.c index c80ba96dc5..5cb73eb252 100644 --- a/nscd/connections.c +++ b/nscd/connections.c @@ -48,6 +48,8 @@ extern void *xrealloc (void *o, size_t n); const char *server_user; static uid_t server_uid; static gid_t server_gid; +const char *stat_user; +uid_t stat_uid; static gid_t *server_groups; #ifndef NGROUPS # define NGROUPS 32 @@ -88,7 +90,7 @@ const char *serv2str[LASTREQ] = }; /* The control data structures for the services. */ -static struct database dbs[lastdb] = +struct database dbs[lastdb] = { [pwddb] = { .lock = PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP, @@ -137,20 +139,11 @@ unsigned long int client_queued; /* Initialize database information structures. */ void -nscd_init (const char *conffile) +nscd_init (void) { struct sockaddr_un sock_addr; size_t cnt; - /* Read the configuration file. */ - if (nscd_parse_file (conffile, dbs) != 0) - { - /* We couldn't read the configuration file. Disable all services - by shutting down the srever. */ - dbg_log (_("cannot read configuration file; this is fatal")); - exit (1); - } - /* Secure mode and unprivileged mode are incompatible */ if (server_user != NULL && secure_in_use) { @@ -237,6 +230,7 @@ close_sockets (void) close (sock); } + static void invalidate_cache (char *key) { @@ -384,20 +378,9 @@ cannot handle old request version %d; current version is %d"), case GETSTAT: case SHUTDOWN: case INVALIDATE: - /* Accept shutdown, getstat and invalidate only from root */ - if (secure_in_use && uid == 0) + if (! secure_in_use) { - if (req->type == GETSTAT) - send_stats (fd, dbs); - else if (req->type == INVALIDATE) - invalidate_cache (key); - else - termination_handler (0); - } - else - { - /* Some systems have no SO_PEERCRED implementation. They don't - care about security so we don't as well. */ + /* Get the callers credentials. */ #ifdef SO_PEERCRED struct ucred caller; socklen_t optlen = sizeof (caller); @@ -408,18 +391,30 @@ cannot handle old request version %d; current version is %d"), dbg_log (_("error getting callers id: %s"), strerror_r (errno, buf, sizeof (buf))); + break; } - else - if (caller.uid == 0) + + uid = caller.uid; +#else + /* Some systems have no SO_PEERCRED implementation. They don't + care about security so we don't as well. */ + uid = 0; #endif - { - if (req->type == GETSTAT) - send_stats (fd, dbs); - else if (req->type == INVALIDATE) - invalidate_cache (key); - else - termination_handler (0); - } + } + + /* Accept shutdown, getstat and invalidate only from root. For + the stat call also allow the user specified in the config file. */ + if (req->type == GETSTAT) + { + if (uid == 0 || uid == stat_uid) + send_stats (fd, dbs); + } + else if (uid == 0) + { + if (req->type == INVALIDATE) + invalidate_cache (key); + else + termination_handler (0); } break; @@ -480,7 +475,7 @@ nscd_run (void *p) int fd = TEMP_FAILURE_RETRY (accept (conn.fd, NULL, NULL)); request_header req; char buf[256]; - uid_t uid = 0; + uid_t uid = -1; #ifdef SO_PEERCRED pid_t pid = 0; #endif @@ -526,7 +521,7 @@ nscd_run (void *p) || secure[serv2db[req.type]]) uid = caller.uid; - pid = caller.pid; + pid = caller.pid; } else if (__builtin_expect (debug_level > 0, 0)) { |