summaryrefslogtreecommitdiff
path: root/nscd
Commit message (Collapse)AuthorAgeFilesLines
* Avoid overlapping addresses to stpcpy calls in nscd (BZ #16760)Siddhesh Poyarekar2015-12-201-6/+10
| | | | | | | | | | | | | | | | | | | | Calls to stpcpy from nscd netgroups code will have overlapping source and destination when all three values in the returned triplet are non-NULL and in the expected (host,user,domain) order. This is seen in valgrind as: ==3181== Source and destination overlap in stpcpy(0x19973b48, 0x19973b48) ==3181== at 0x4C2F30A: stpcpy (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==3181== by 0x12567A: addgetnetgrentX (string3.h:111) ==3181== by 0x12722D: addgetnetgrent (netgroupcache.c:665) ==3181== by 0x11114C: nscd_run_worker (connections.c:1338) ==3181== by 0x4E3C102: start_thread (pthread_create.c:309) ==3181== by 0x59B81AC: clone (clone.S:111) ==3181== Fix this by using memmove instead of stpcpy. (cherry picked from commit ea7d8b95e2fcb81f68b04ed7787a3dbda023991a)
* Fix nscd lookup for innetgr when netgroup has wildcards (BZ #16758)Siddhesh Poyarekar2015-12-201-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | nscd works correctly when the request in innetgr is a wildcard, i.e. when one or more of host, user or domain parameters is NULL. However, it does not work when the the triplet in the netgroup definition has a wildcard. This is easy to reproduce for a triplet defined as follows: foonet (,foo,) Here, an innetgr call that looks like this: innetgr ("foonet", "foohost", "foo", NULL); should succeed and so should: innetgr ("foonet", NULL, "foo", "foodomain"); It does succeed with nscd disabled, but not with nscd enabled. This fix adds this additional check for all three parts of the triplet so that it gives the correct result. [BZ #16758] * nscd/netgroupcache.c (addinnetgrX): Succeed if triplet has blank values. (cherry picked from commit fbd6b5a4052316f7eb03c4617eebfaafc59dcc06)
* Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (BZ #16878)Siddhesh Poyarekar2014-09-051-6/+8
| | | | | | | | | | | | | | | | | The netgroups nss modules in the glibc tree use NSS_STATUS_UNAVAIL (with errno as ERANGE) when the supplied buffer does not have sufficient space for the result. This is wrong, because the canonical way to indicate insufficient buffer is to set the errno to ERANGE and the status to NSS_STATUS_TRYAGAIN, as is used by all other modules. This fixes nscd behaviour when the nss_ldap module returns NSS_STATUS_TRYAGAIN to indicate that a netgroup entry is too long to fit into the supplied buffer. (cherry picked from commit c3ec475c5dd16499aa040908e11d382c3ded9692) Conflicts: NEWS
* Provide correct buffer length to netgroup queries in nscd (BZ #16695)Siddhesh Poyarekar2014-09-051-1/+1
| | | | | | | | | | | | | | The buffer to query netgroup entries is allocated sufficient space for the netgroup entries and the key to be appended at the end, but it sends in an incorrect available length to the NSS netgroup query functions, resulting in overflow of the buffer in some special cases. The fix here is to factor in the key length when sending the available buffer and buffer length to the query functions. (cherry picked from commit c44496df2f090a56d3bf75df930592dac6bba46f) Conflicts: NEWS
* Avoid undefined behaviour in netgroupcacheSiddhesh Poyarekar2014-01-271-5/+11
| | | | | | Using a buffer after it has been reallocated is undefined behaviour, so get offsets of the triplets in the old buffer before reallocating it.
* Adjust pointers to triplets in netgroup query data (BZ #16474)Siddhesh Poyarekar2014-01-241-1/+11
| | | | | | | | | The _nss_*_getnetgrent_r query populates the netgroup results in the allocated buffer and then sets the result triplet to point to strings in the buffer. This is a problem when the buffer is reallocated since the pointers to the triplet strings are no longer valid. The pointers need to be adjusted so that they now point to strings in the reallocated buffer.
* Don't use alloca in addgetnetgrentX (BZ #16453)Siddhesh Poyarekar2014-01-161-31/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | addgetnetgrentX has a buffer which is grown as per the needs of the requested size either by using alloca or by falling back to malloc if the size is larger than 1K. There are two problems with the alloca bits: firstly, it doesn't really extend the buffer since it does not use the return value of the extend_alloca macro, which is the location of the reallocated buffer. Due to this the buffer does not actually extend itself and hence a subsequent write may overwrite stuff on the stack. The second problem is more subtle - the buffer growth on the stack is discontinuous due to block scope local variables. Combine that with the fact that unlike realloc, extend_alloca does not copy over old content and you have a situation where the buffer just has garbage in the space where it should have had data. This could have been fixed by adding code to copy over old data whenever we call extend_alloca, but it seems unnecessarily complicated. This code is not exactly a performance hotspot (it's called when there is a cache miss, so factors like network lookup or file reads will dominate over memory allocation/reallocation), so this premature optimization is unnecessary. Thanks Brad Hubbard <bhubbard@redhat.com> for his help with debugging the problem.
* nscd: list all tables in usage()Sami Kerola2014-01-041-3/+22
| | | | | | Usage output for option --invalidate=TABLE is not helpful without list of tables. The list is also missing from nscd(8) manual which made it pretty difficult to know what are the tables.
* Fix return code from getent netgroup when the netgroup is not found (bz #16366)Siddhesh Poyarekar2014-01-021-29/+62
| | | | | | | nscd incorrectly returns a success even when the netgroup in question is not found and adds a positive result in the cache. this patch fixes this behaviour by adding a negative lookup entry to cache and returning an error when the netgroup is not found.
* Fix infinite loop in nscd when netgroup is empty (bz #16365)Siddhesh Poyarekar2014-01-021-3/+4
| | | | | | | | | Currently, when a user looks up a netgroup that does not have any members, nscd goes into an infinite loop trying to find members in the group. This is because it does not handle cases when getnetgrent returns an NSS_STATUS_NOTFOUND (which is what it does on empty group). Fixed to handle this in the same way as NSS_STATUS_RETURN, similar to what getgrent does by itself.
* Update remaining copyright datesAllan McRae2014-01-011-1/+1
| | | | Update copyright years that are not handled by scripts/update-copyright.
* Update copyright notices with scripts/update-copyrightsAllan McRae2014-01-0139-39/+39
|
* Add systemd unit file for nscdAllan McRae2013-12-162-0/+22
| | | | Provide an example systemd unit and tmpfile for running nscd.
* Fix off-by-one in nscd getservbyport callAndreas Schwab2013-11-111-1/+1
|
* rename configure.in to configure.acMike Frysinger2013-10-301-1/+1
| | | | | | | Autoconf has been deprecating configure.in for quite a long time. Rename all our configure.in and preconfigure.in files to .ac. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* Properly cache the result from looking up the nss database configAndreas Schwab2013-09-302-16/+14
|
* Fix nesting of ifdefs in netgroupcache.cAllan McRae2013-09-091-2/+2
| | | | Fixes unclosed '{' if HAVE_SENDFILE is defined (BZ #15895).
* Use __glibc_unlikely instead of __builtin_expect (..., 0)Siddhesh Poyarekar2013-08-281-1/+1
|
* Initialize res_hconf in nscdSiddhesh Poyarekar2013-08-261-0/+4
| | | | Fixes BZ #15890.
* Fix indentation in aicache.cSiddhesh Poyarekar2013-08-261-1/+1
|
* Fix typo in commentSiddhesh Poyarekar2013-06-241-2/+2
|
* Fix handling of netgroup cache in nscdAndreas Schwab2013-06-113-14/+23
|
* Add #include <stdint.h> for uint[32|64]_t usage (except installed headers).Ryan S. Arnold2013-05-166-0/+6
|
* Properly check for short writes when sending the response in nscdAndreas Schwab2013-04-154-62/+91
|
* nscd: don't fork twiceAndreas Schwab2013-04-151-9/+0
|
* unify xmalloc prototypes & friendsMike Frysinger2013-02-181-6/+1
| | | | | | | | These prototypes are duplicated in many places. Add a dedicated header for holding prototypes for program-specific functions to avoid that. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* Refactor code out of nscd's two main poll loops.Carlos O'Donell2013-02-081-65/+83
| | | | | | | We refactor the inotify file checking code and the database clearing code out of the main_loop_poll and mail_loop_epoll functions. We document some the related functions with appropriate comments.
* Remove lots of inline keywords.Roland McGrath2013-02-072-3/+4
|
* Revert "Properly check for short writes when sending the response in nscd"Andreas Schwab2013-01-104-25/+8
| | | | This reverts commit dd31ac7a8e0d4cc24eee6815f9101caa5aa64291.
* Revert "* nscd/nscd.h: Move persistent storage back to /var/run/nscd"Andreas Schwab2013-01-101-5/+5
| | | | This reverts commit 70d3e06ed0ffabb6ce974cc94b2cff1d67252193.
* Revert "nscd: don't fork twice"Andreas Schwab2013-01-101-0/+9
| | | | This reverts commit 7e9b080575fd68c788c33623594ba5516fa7ceb0.
* nscd: don't fork twiceAndreas Schwab2013-01-101-9/+0
|
* * nscd/nscd.h: Move persistent storage back to /var/run/nscdThorsten Kukuk2013-01-101-5/+5
|
* Properly check for short writes when sending the response in nscdAndreas Schwab2013-01-104-8/+25
| | | | | | | | * nscd/grpcache.c (cache_addgr): Properly check for short write. * nscd/initgrcache.c (addinitgroupsX): Likewise. * nscd/pwdcache.c (cache_addpw): Likewise. * nscd/servicescache.c (cache_addserv): Likewise. Don't write more than recsize.
* Update copyright notices with scripts/update-copyrights.Joseph Myers2013-01-0238-41/+38
|
* Update copyright years.David S. Miller2013-01-011-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | * catgets/gencat.c: Update copyright year. * csu/version.c: Likewise. * debug/catchsegv.sh: Likewise. * debug/pcprofiledump.c: Likewise. * debug/xtrace.sh: Likewise. * elf/ldconfig.c: Likewise. * elf/ldd.bash.in: Likewise. * elf/pldd.c: Likewise. * elf/sotruss.ksh: Likewise. * elf/sprof.c: Likewise. * iconv/iconv_prog.c: Likewise. * iconv/iconvconfig.c: Likewise. * locale/programs/locale.c: Likewise. * locale/programs/localedef.c: Likewise. * login/programs/pt_chown.c: Likewise. * malloc/memusage.sh: Likewise. * malloc/memusagestat.c: Likewise. * malloc/mtrace.pl: Likewise. * nscd/nscd.c: Likewise. * nss/getent.c: Likewise. * nss/makedb.c: Likewise. * posix/getconf.c: Likewise.
* [BZ #13761]Jeff Law2012-11-291-8/+25
| | | | | | * nscd/grpcache.c (cache_addgr): Rename alloca_used to dataset_temporary. Track alloca usage into alloca_used. If dataset is large allocate and release it via malloc/free.
* Support --with-pkgversion and --with-bugurl.Joseph Myers2012-11-091-3/+6
|
* BZ#14743: Move clock_* symbols from librt to libc.Roland McGrath2012-10-241-4/+2
|
* nscd: fix compilation flagsDmitry V. Levin2012-10-021-34/+7
| | | | | | | | | | | | | Commit 61653dfb81b776bb72ce4304175b861d77c357a8 added support for compilers predefining _FORTIFY_SOURCE by adding -U_FORTIFY_SOURCE to CPPFLAGS for these compilers, but that change doesn't work quite well in case of nscd: its Makefile sets _FORTIFY_SOURCE using CFLAGS instead of CPPFLAGS and, thanks to compilation rules defined in Makerules, CPPFLAGS are passed to compiler after CFLAGS, resulting to a build with _FORTIFY_SOURCE turned off. This change implements a more safe method of passing preprocessor and compiler flags so that no nscd modules could be accidentally forgotten.
* Fix shadow, gshadow, networks, protocols, rpc, aliases, and nscd routines ↵Roland McGrath2012-08-229-8/+35
| | | | for USE_NSCD case.
* Add --disable-build-nscd configure option.Roland McGrath2012-08-221-1/+1
|
* BZ#13696: Add --disable-nscd configure option.Roland McGrath2012-08-222-2/+6
|
* Remove pre-2.4.21 Linux kernel support.Joseph Myers2012-07-251-5/+1
|
* Fix formatting in last change.Roland McGrath2012-05-151-1/+2
|
* Avoid race in nscdAndreas Jaeger2012-05-153-18/+39
| | | | | | | | | | | | | 2012-05-15 Jeff Law <law@redhat.com> Andreas Jaeger <aj@suse.de> [BZ #13594] * nscd/nscd-client.h (__nscd_acquire_maplock): New function, split out from... * nscd/nscd_helper.c (__nscd_get_map_ref): ... here. * nscd/nscd-client.h: Add __nscd_acquire_maplock. * nscd/nscd_gethst_r.c (__nscd_get_nl_timestamp): Add locking to code changing __hst_map_handle.map.
* Hurd: #include <kernel-features.h>Thomas Schwinge2012-05-102-8/+6
|
* Cleanup nscd.cAndreas Jaeger2012-05-091-7/+7
| | | | | | | | | | 2012-05-09 Andreas Jaeger <aj@suse.de> * nscd/nscd.c (run_modes): Make named enum, reorder so that default is first entry. (run_mode): Set type. (main): Remove informal message about syslog. (options): Fix typo.
* Cleanup last patch for nscd/nscd.cAndreas Jaeger2012-05-091-4/+3
| | | | | * nscd/nscd.c (run_mode): Use enum. (main): Cleanup coding style issue.
* Add --foreground option for nscdAndreas Jaeger2012-05-091-16/+43
| | | | | | | | | | | | | | | For a better integration of nscd with systemd, we should run nscd not as daemon but in the foreground. A new --foreground option should be added. 2012-05-09 Alexandre Oliva <aoliva@redhat.com> Andreas Jaeger <aj@suse.de> * nscd/nscd.c (go_background): Replaced with... (run_mode): ... this. (RUN_FOREGROUND, RUN_DAEMONIZE, RUN_DEBUG): Add. (options): Add -F --foreground. (main): Implement it. (parse_opt): Parse it.