diff options
Diffstat (limited to 'REORG.TODO/nscd/nscd.c')
-rw-r--r-- | REORG.TODO/nscd/nscd.c | 700 |
1 files changed, 700 insertions, 0 deletions
diff --git a/REORG.TODO/nscd/nscd.c b/REORG.TODO/nscd/nscd.c new file mode 100644 index 0000000000..69ef41366c --- /dev/null +++ b/REORG.TODO/nscd/nscd.c @@ -0,0 +1,700 @@ +/* Copyright (c) 1998-2017 Free Software Foundation, Inc. + This file is part of the GNU C Library. + Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, see <http://www.gnu.org/licenses/>. */ + +/* nscd - Name Service Cache Daemon. Caches passwd, group, and hosts. */ + +#include <argp.h> +#include <assert.h> +#include <dirent.h> +#include <errno.h> +#include <error.h> +#include <fcntl.h> +#include <libintl.h> +#include <locale.h> +#include <paths.h> +#include <pthread.h> +#include <signal.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <syslog.h> +#include <unistd.h> +#include <sys/mman.h> +#include <sys/socket.h> +#include <sys/stat.h> +#include <sys/uio.h> +#include <sys/un.h> +#include <sys/wait.h> +#include <stdarg.h> + +#include "dbg_log.h" +#include "nscd.h" +#include "selinux.h" +#include "../nss/nsswitch.h" +#include <device-nrs.h> +#ifdef HAVE_INOTIFY +# include <sys/inotify.h> +#endif +#include <kernel-features.h> + +/* Get libc version number. */ +#include <version.h> + +#define PACKAGE _libc_intl_domainname + +int do_shutdown; +int disabled_passwd; +int disabled_group; + +typedef enum +{ + /* Running in background as daemon. */ + RUN_DAEMONIZE, + /* Running in foreground but otherwise behave like a daemon, + i.e., detach from terminal and use syslog. This allows + better integration with services like systemd. */ + RUN_FOREGROUND, + /* Run in foreground in debug mode. */ + RUN_DEBUG +} run_modes; + +static run_modes run_mode = RUN_DAEMONIZE; + +static const char *conffile = _PATH_NSCDCONF; + +time_t start_time; + +uintptr_t pagesize_m1; + +int paranoia; +time_t restart_time; +time_t restart_interval = RESTART_INTERVAL; +const char *oldcwd; +uid_t old_uid; +gid_t old_gid; + +static int check_pid (const char *file); +static int write_pid (const char *file); +static int monitor_child (int fd); + +/* Name and version of program. */ +static void print_version (FILE *stream, struct argp_state *state); +void (*argp_program_version_hook) (FILE *, struct argp_state *) = print_version; + +/* Function to print some extra text in the help message. */ +static char *more_help (int key, const char *text, void *input); + +/* Definitions of arguments for argp functions. */ +static const struct argp_option options[] = +{ + { "config-file", 'f', N_("NAME"), 0, + N_("Read configuration data from NAME") }, + { "debug", 'd', NULL, 0, + N_("Do not fork and display messages on the current tty") }, + { "foreground", 'F', NULL, 0, + N_("Do not fork, but otherwise behave like a daemon") }, + { "nthreads", 't', N_("NUMBER"), 0, N_("Start NUMBER threads") }, + { "shutdown", 'K', NULL, 0, N_("Shut the server down") }, + { "statistics", 'g', NULL, 0, N_("Print current configuration statistics") }, + { "invalidate", 'i', N_("TABLE"), 0, + N_("Invalidate the specified cache") }, + { "secure", 'S', N_("TABLE,yes"), OPTION_HIDDEN, + N_("Use separate cache for each user")}, + { NULL, 0, NULL, 0, NULL } +}; + +/* Short description of program. */ +static const char doc[] = N_("Name Service Cache Daemon."); + +/* Prototype for option handler. */ +static error_t parse_opt (int key, char *arg, struct argp_state *state); + +/* Data structure to communicate with argp functions. */ +static struct argp argp = +{ + options, parse_opt, NULL, doc, NULL, more_help +}; + +/* True if only statistics are requested. */ +static bool get_stats; +static int parent_fd = -1; + +int +main (int argc, char **argv) +{ + int remaining; + + /* Set locale via LC_ALL. */ + setlocale (LC_ALL, ""); + /* Set the text message domain. */ + textdomain (PACKAGE); + + /* Determine if the kernel has SELinux support. */ + nscd_selinux_enabled (&selinux_enabled); + + /* Parse and process arguments. */ + argp_parse (&argp, argc, argv, 0, &remaining, NULL); + + if (remaining != argc) + { + error (0, 0, gettext ("wrong number of arguments")); + argp_help (&argp, stdout, ARGP_HELP_SEE, program_invocation_short_name); + exit (1); + } + + /* Read the configuration file. */ + if (nscd_parse_file (conffile, dbs) != 0) + /* We couldn't read the configuration file. We don't start the + server. */ + error (EXIT_FAILURE, 0, + _("failure while reading configuration file; this is fatal")); + + /* Do we only get statistics? */ + if (get_stats) + /* Does not return. */ + receive_print_stats (); + + /* Check if we are already running. */ + if (check_pid (_PATH_NSCDPID)) + error (EXIT_FAILURE, 0, _("already running")); + + /* Remember when we started. */ + start_time = time (NULL); + + /* Determine page size. */ + pagesize_m1 = getpagesize () - 1; + + if (run_mode == RUN_DAEMONIZE || run_mode == RUN_FOREGROUND) + { + int i; + pid_t pid; + + /* Behave like a daemon. */ + if (run_mode == RUN_DAEMONIZE) + { + int fd[2]; + + if (pipe (fd) != 0) + error (EXIT_FAILURE, errno, + _("cannot create a pipe to talk to the child")); + + pid = fork (); + if (pid == -1) + error (EXIT_FAILURE, errno, _("cannot fork")); + if (pid != 0) + { + /* The parent only reads from the child. */ + close (fd[1]); + exit (monitor_child (fd[0])); + } + else + { + /* The child only writes to the parent. */ + close (fd[0]); + parent_fd = fd[1]; + } + } + + int nullfd = open (_PATH_DEVNULL, O_RDWR); + if (nullfd != -1) + { + struct stat64 st; + + if (fstat64 (nullfd, &st) == 0 && S_ISCHR (st.st_mode) != 0 +#if defined DEV_NULL_MAJOR && defined DEV_NULL_MINOR + && st.st_rdev == makedev (DEV_NULL_MAJOR, DEV_NULL_MINOR) +#endif + ) + { + /* It is the /dev/null special device alright. */ + (void) dup2 (nullfd, STDIN_FILENO); + (void) dup2 (nullfd, STDOUT_FILENO); + (void) dup2 (nullfd, STDERR_FILENO); + + if (nullfd > 2) + close (nullfd); + } + else + { + /* Ugh, somebody is trying to play a trick on us. */ + close (nullfd); + nullfd = -1; + } + } + int min_close_fd = nullfd == -1 ? 0 : STDERR_FILENO + 1; + + DIR *d = opendir ("/proc/self/fd"); + if (d != NULL) + { + struct dirent64 *dirent; + int dfdn = dirfd (d); + + while ((dirent = readdir64 (d)) != NULL) + { + char *endp; + long int fdn = strtol (dirent->d_name, &endp, 10); + + if (*endp == '\0' && fdn != dfdn && fdn >= min_close_fd + && fdn != parent_fd) + close ((int) fdn); + } + + closedir (d); + } + else + for (i = min_close_fd; i < getdtablesize (); i++) + if (i != parent_fd) + close (i); + + setsid (); + + if (chdir ("/") != 0) + do_exit (EXIT_FAILURE, errno, + _("cannot change current working directory to \"/\"")); + + openlog ("nscd", LOG_CONS | LOG_ODELAY, LOG_DAEMON); + + if (write_pid (_PATH_NSCDPID) < 0) + dbg_log ("%s: %s", _PATH_NSCDPID, strerror (errno)); + + if (!init_logfile ()) + dbg_log (_("Could not create log file")); + + /* Ignore job control signals. */ + signal (SIGTTOU, SIG_IGN); + signal (SIGTTIN, SIG_IGN); + signal (SIGTSTP, SIG_IGN); + } + else + /* In debug mode we are not paranoid. */ + paranoia = 0; + + signal (SIGINT, termination_handler); + signal (SIGQUIT, termination_handler); + signal (SIGTERM, termination_handler); + signal (SIGPIPE, SIG_IGN); + + /* Cleanup files created by a previous 'bind'. */ + unlink (_PATH_NSCDSOCKET); + +#ifdef HAVE_INOTIFY + /* Use inotify to recognize changed files. */ + inotify_fd = inotify_init1 (IN_NONBLOCK); +# ifndef __ASSUME_IN_NONBLOCK + if (inotify_fd == -1 && errno == ENOSYS) + { + inotify_fd = inotify_init (); + if (inotify_fd != -1) + fcntl (inotify_fd, F_SETFL, O_RDONLY | O_NONBLOCK); + } +# endif +#endif + +#ifdef USE_NSCD + /* Make sure we do not get recursive calls. */ + __nss_disable_nscd (register_traced_file); +#endif + + /* Init databases. */ + nscd_init (); + + /* Start the SELinux AVC. */ + if (selinux_enabled) + nscd_avc_init (); + + /* Handle incoming requests */ + start_threads (); + + return 0; +} + + +static void __attribute__ ((noreturn)) +invalidate_db (const char *dbname) +{ + int sock = nscd_open_socket (); + + if (sock == -1) + exit (EXIT_FAILURE); + + size_t dbname_len = strlen (dbname) + 1; + size_t reqlen = sizeof (request_header) + dbname_len; + struct + { + request_header req; + char dbname[]; + } *reqdata = alloca (reqlen); + + reqdata->req.key_len = dbname_len; + reqdata->req.version = NSCD_VERSION; + reqdata->req.type = INVALIDATE; + memcpy (reqdata->dbname, dbname, dbname_len); + + ssize_t nbytes = TEMP_FAILURE_RETRY (send (sock, reqdata, reqlen, + MSG_NOSIGNAL)); + + if (nbytes != reqlen) + { + int err = errno; + close (sock); + error (EXIT_FAILURE, err, _("write incomplete")); + } + + /* Wait for ack. Older nscd just closed the socket when + prune_cache finished, silently ignore that. */ + int32_t resp = 0; + nbytes = TEMP_FAILURE_RETRY (read (sock, &resp, sizeof (resp))); + if (nbytes != 0 && nbytes != sizeof (resp)) + { + int err = errno; + close (sock); + error (EXIT_FAILURE, err, _("cannot read invalidate ACK")); + } + + close (sock); + + if (resp != 0) + error (EXIT_FAILURE, resp, _("invalidation failed")); + + exit (0); +} + +static void __attribute__ ((noreturn)) +send_shutdown (void) +{ + int sock = nscd_open_socket (); + + if (sock == -1) + exit (EXIT_FAILURE); + + request_header req; + req.version = NSCD_VERSION; + req.type = SHUTDOWN; + req.key_len = 0; + + ssize_t nbytes = TEMP_FAILURE_RETRY (send (sock, &req, sizeof req, + MSG_NOSIGNAL)); + close (sock); + exit (nbytes != sizeof (request_header) ? EXIT_FAILURE : EXIT_SUCCESS); +} + +/* Handle program arguments. */ +static error_t +parse_opt (int key, char *arg, struct argp_state *state) +{ + switch (key) + { + case 'd': + ++debug_level; + run_mode = RUN_DEBUG; + break; + + case 'F': + run_mode = RUN_FOREGROUND; + break; + + case 'f': + conffile = arg; + break; + + case 'K': + if (getuid () != 0) + error (4, 0, _("Only root is allowed to use this option!")); + else + send_shutdown (); + break; + + case 'g': + get_stats = true; + break; + + case 'i': + { + /* Validate the database name. */ + + dbtype cnt; + for (cnt = pwddb; cnt < lastdb; ++cnt) + if (strcmp (arg, dbnames[cnt]) == 0) + break; + + if (cnt == lastdb) + { + argp_error (state, _("'%s' is not a known database"), arg); + return EINVAL; + } + } + if (getuid () != 0) + error (4, 0, _("Only root is allowed to use this option!")); + else + invalidate_db (arg); + break; + + case 't': + nthreads = atol (arg); + break; + + case 'S': + error (0, 0, _("secure services not implemented anymore")); + break; + + default: + return ARGP_ERR_UNKNOWN; + } + + return 0; +} + +/* Print bug-reporting information in the help message. */ +static char * +more_help (int key, const char *text, void *input) +{ + switch (key) + { + case ARGP_KEY_HELP_EXTRA: + { + /* We print some extra information. */ + + char *tables = xstrdup (dbnames[0]); + for (dbtype i = 1; i < lastdb; ++i) + { + char *more_tables; + if (asprintf (&more_tables, "%s %s", tables, dbnames[i]) < 0) + more_tables = NULL; + free (tables); + if (more_tables == NULL) + return NULL; + tables = more_tables; + } + + char *tp; + if (asprintf (&tp, gettext ("\ +Supported tables:\n\ +%s\n\ +\n\ +For bug reporting instructions, please see:\n\ +%s.\n\ +"), tables, REPORT_BUGS_TO) < 0) + tp = NULL; + free (tables); + return tp; + } + + default: + break; + } + + return (char *) text; +} + +/* Print the version information. */ +static void +print_version (FILE *stream, struct argp_state *state) +{ + fprintf (stream, "nscd %s%s\n", PKGVERSION, VERSION); + fprintf (stream, gettext ("\ +Copyright (C) %s Free Software Foundation, Inc.\n\ +This is free software; see the source for copying conditions. There is NO\n\ +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\ +"), "2017"); + fprintf (stream, gettext ("Written by %s.\n"), + "Thorsten Kukuk and Ulrich Drepper"); +} + + +/* Create a socket connected to a name. */ +int +nscd_open_socket (void) +{ + struct sockaddr_un addr; + int sock; + + sock = socket (PF_UNIX, SOCK_STREAM, 0); + if (sock < 0) + return -1; + + addr.sun_family = AF_UNIX; + assert (sizeof (addr.sun_path) >= sizeof (_PATH_NSCDSOCKET)); + strcpy (addr.sun_path, _PATH_NSCDSOCKET); + if (connect (sock, (struct sockaddr *) &addr, sizeof (addr)) < 0) + { + close (sock); + return -1; + } + + return sock; +} + + +/* Cleanup. */ +void +termination_handler (int signum) +{ + close_sockets (); + + /* Clean up the file created by 'bind'. */ + unlink (_PATH_NSCDSOCKET); + + /* Clean up pid file. */ + unlink (_PATH_NSCDPID); + + // XXX Terminate threads. + + /* Synchronize memory. */ + for (int cnt = 0; cnt < lastdb; ++cnt) + { + if (!dbs[cnt].enabled || dbs[cnt].head == NULL) + continue; + + /* Make sure nobody keeps using the database. */ + dbs[cnt].head->timestamp = 0; + + if (dbs[cnt].persistent) + // XXX async OK? + msync (dbs[cnt].head, dbs[cnt].memsize, MS_ASYNC); + } + + _exit (EXIT_SUCCESS); +} + +/* Returns 1 if the process in pid file FILE is running, 0 if not. */ +static int +check_pid (const char *file) +{ + FILE *fp; + + fp = fopen (file, "r"); + if (fp) + { + pid_t pid; + int n; + + n = fscanf (fp, "%d", &pid); + fclose (fp); + + /* If we cannot parse the file default to assuming nscd runs. + If the PID is alive, assume it is running. That all unless + the PID is the same as the current process' since tha latter + can mean we re-exec. */ + if ((n != 1 || kill (pid, 0) == 0) && pid != getpid ()) + return 1; + } + + return 0; +} + +/* Write the current process id to the file FILE. + Returns 0 if successful, -1 if not. */ +static int +write_pid (const char *file) +{ + FILE *fp; + + fp = fopen (file, "w"); + if (fp == NULL) + return -1; + + fprintf (fp, "%d\n", getpid ()); + + int result = fflush (fp) || ferror (fp) ? -1 : 0; + + fclose (fp); + + return result; +} + +static int +monitor_child (int fd) +{ + int child_ret = 0; + int ret = read (fd, &child_ret, sizeof (child_ret)); + + /* The child terminated with an error, either via exit or some other abnormal + method, like a segfault. */ + if (ret <= 0 || child_ret != 0) + { + int status; + int err = wait (&status); + + if (err < 0) + { + fprintf (stderr, _("'wait' failed\n")); + return 1; + } + + if (WIFEXITED (status)) + { + child_ret = WEXITSTATUS (status); + fprintf (stderr, _("child exited with status %d\n"), child_ret); + } + if (WIFSIGNALED (status)) + { + child_ret = WTERMSIG (status); + fprintf (stderr, _("child terminated by signal %d\n"), child_ret); + } + } + + /* We have the child status, so exit with that code. */ + close (fd); + + return child_ret; +} + +void +do_exit (int child_ret, int errnum, const char *format, ...) +{ + if (parent_fd != -1) + { + int ret __attribute__ ((unused)); + ret = write (parent_fd, &child_ret, sizeof (child_ret)); + assert (ret == sizeof (child_ret)); + close (parent_fd); + } + + if (format != NULL) + { + /* Emulate error() since we don't have a va_list variant for it. */ + va_list argp; + + fflush (stdout); + + fprintf (stderr, "%s: ", program_invocation_name); + + va_start (argp, format); + vfprintf (stderr, format, argp); + va_end (argp); + + fprintf (stderr, ": %s\n", strerror (errnum)); + fflush (stderr); + } + + /* Finally, exit. */ + exit (child_ret); +} + +void +notify_parent (int child_ret) +{ + if (parent_fd == -1) + return; + + int ret __attribute__ ((unused)); + ret = write (parent_fd, &child_ret, sizeof (child_ret)); + assert (ret == sizeof (child_ret)); + close (parent_fd); + parent_fd = -1; +} |