1 /* Inner loops of cache daemon.
2 Copyright (C) 1998-2003, 2004, 2005 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4 Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.
6 The GNU C Library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
11 The GNU C Library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with the GNU C Library; if not, write to the Free
18 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
35 #include <arpa/inet.h>
37 # include <sys/epoll.h>
40 #include <sys/param.h>
42 #include <sys/socket.h>
51 /* Number of bytes of data we initially reserve for each hash table bucket. */
52 #define DEFAULT_DATASIZE_PER_BUCKET 1024
55 /* Wrapper functions with error checking for standard functions. */
56 extern void *xmalloc (size_t n);
57 extern void *xcalloc (size_t n, size_t s);
58 extern void *xrealloc (void *o, size_t n);
60 /* Support to run nscd as an unprivileged user */
61 const char *server_user;
62 static uid_t server_uid;
63 static gid_t server_gid;
64 const char *stat_user;
66 static gid_t *server_groups;
70 static int server_ngroups;
72 static pthread_attr_t attr;
74 static void begin_drop_privileges (void);
75 static void finish_drop_privileges (void);
77 /* Map request type to a string. */
78 const char *serv2str[LASTREQ] =
80 [GETPWBYNAME] = "GETPWBYNAME",
81 [GETPWBYUID] = "GETPWBYUID",
82 [GETGRBYNAME] = "GETGRBYNAME",
83 [GETGRBYGID] = "GETGRBYGID",
84 [GETHOSTBYNAME] = "GETHOSTBYNAME",
85 [GETHOSTBYNAMEv6] = "GETHOSTBYNAMEv6",
86 [GETHOSTBYADDR] = "GETHOSTBYADDR",
87 [GETHOSTBYADDRv6] = "GETHOSTBYADDRv6",
88 [SHUTDOWN] = "SHUTDOWN",
89 [GETSTAT] = "GETSTAT",
90 [INVALIDATE] = "INVALIDATE",
91 [GETFDPW] = "GETFDPW",
92 [GETFDGR] = "GETFDGR",
93 [GETFDHST] = "GETFDHST",
95 [INITGROUPS] = "INITGROUPS"
98 /* The control data structures for the services. */
99 struct database_dyn dbs[lastdb] =
102 .lock = PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP,
107 .filename = "/etc/passwd",
108 .db_filename = _PATH_NSCD_PASSWD_DB,
109 .disabled_iov = &pwd_iov_disabled,
117 .lock = PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP,
122 .filename = "/etc/group",
123 .db_filename = _PATH_NSCD_GROUP_DB,
124 .disabled_iov = &grp_iov_disabled,
132 .lock = PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP,
137 .filename = "/etc/hosts",
138 .db_filename = _PATH_NSCD_HOSTS_DB,
139 .disabled_iov = &hst_iov_disabled,
149 /* Mapping of request type to database. */
150 static struct database_dyn *const serv2db[LASTREQ] =
152 [GETPWBYNAME] = &dbs[pwddb],
153 [GETPWBYUID] = &dbs[pwddb],
154 [GETGRBYNAME] = &dbs[grpdb],
155 [GETGRBYGID] = &dbs[grpdb],
156 [GETHOSTBYNAME] = &dbs[hstdb],
157 [GETHOSTBYNAMEv6] = &dbs[hstdb],
158 [GETHOSTBYADDR] = &dbs[hstdb],
159 [GETHOSTBYADDRv6] = &dbs[hstdb],
160 [GETFDPW] = &dbs[pwddb],
161 [GETFDGR] = &dbs[grpdb],
162 [GETFDHST] = &dbs[hstdb],
163 [GETAI] = &dbs[hstdb],
164 [INITGROUPS] = &dbs[grpdb]
168 /* Number of seconds between two cache pruning runs. */
169 #define CACHE_PRUNE_INTERVAL 15
172 /* Initial number of threads to use. */
174 /* Maximum number of threads to use. */
175 int max_nthreads = 32;
177 /* Socket for incoming connections. */
180 /* Number of times clients had to wait. */
181 unsigned long int client_queued;
185 writeall (int fd, const void *buf, size_t len)
191 ret = TEMP_FAILURE_RETRY (write (fd, buf, n));
194 buf = (const char *) buf + ret;
198 return ret < 0 ? ret : len - n;
202 /* Initialize database information structures. */
206 /* Secure mode and unprivileged mode are incompatible */
207 if (server_user != NULL && secure_in_use)
209 dbg_log (_("Cannot run nscd in secure mode as unprivileged user"));
213 /* Look up unprivileged uid/gid/groups before we start listening on the
215 if (server_user != NULL)
216 begin_drop_privileges ();
219 /* No configuration for this value, assume a default. */
220 nthreads = 2 * lastdb;
222 for (size_t cnt = 0; cnt < lastdb; ++cnt)
223 if (dbs[cnt].enabled)
225 pthread_rwlock_init (&dbs[cnt].lock, NULL);
226 pthread_mutex_init (&dbs[cnt].memlock, NULL);
228 if (dbs[cnt].persistent)
230 /* Try to open the appropriate file on disk. */
231 int fd = open (dbs[cnt].db_filename, O_RDWR);
237 struct database_pers_head head;
238 ssize_t n = TEMP_FAILURE_RETRY (read (fd, &head,
240 if (n != sizeof (head) || fstat64 (fd, &st) != 0)
243 dbg_log (_("invalid persistent database file \"%s\": %s"),
244 dbs[cnt].db_filename, strerror (errno));
245 dbs[cnt].persistent = 0;
247 else if (head.module == 0 && head.data_size == 0)
249 /* The file has been created, but the head has not been
250 initialized yet. Remove the old file. */
251 unlink (dbs[cnt].db_filename);
253 else if (head.header_size != (int) sizeof (head))
255 dbg_log (_("invalid persistent database file \"%s\": %s"),
256 dbs[cnt].db_filename,
257 _("header size does not match"));
258 dbs[cnt].persistent = 0;
260 else if ((total = (sizeof (head)
261 + roundup (head.module * sizeof (ref_t),
266 dbg_log (_("invalid persistent database file \"%s\": %s"),
267 dbs[cnt].db_filename,
268 _("file size does not match"));
269 dbs[cnt].persistent = 0;
271 else if ((mem = mmap (NULL, total, PROT_READ | PROT_WRITE,
272 MAP_SHARED, fd, 0)) == MAP_FAILED)
276 /* Success. We have the database. */
278 dbs[cnt].memsize = total;
279 dbs[cnt].data = (char *)
280 &dbs[cnt].head->array[roundup (dbs[cnt].head->module,
281 ALIGN / sizeof (ref_t))];
282 dbs[cnt].mmap_used = true;
284 if (dbs[cnt].suggested_module > head.module)
285 dbg_log (_("suggested size of table for database %s larger than the persistent database's table"),
290 /* We also need a read-only descriptor. */
293 dbs[cnt].ro_fd = open (dbs[cnt].db_filename, O_RDONLY);
294 if (dbs[cnt].ro_fd == -1)
296 cannot create read-only descriptor for \"%s\"; no mmap"),
297 dbs[cnt].db_filename);
300 // XXX Shall we test whether the descriptors actually
301 // XXX point to the same file?
304 /* Close the file descriptors in case something went
305 wrong in which case the variable have not been
312 if (dbs[cnt].head == NULL)
314 /* No database loaded. Allocate the data structure,
316 struct database_pers_head head;
317 size_t total = (sizeof (head)
318 + roundup (dbs[cnt].suggested_module
319 * sizeof (ref_t), ALIGN)
320 + (dbs[cnt].suggested_module
321 * DEFAULT_DATASIZE_PER_BUCKET));
323 /* Try to create the database. If we do not need a
324 persistent database create a temporary file. */
327 if (dbs[cnt].persistent)
329 fd = open (dbs[cnt].db_filename,
330 O_RDWR | O_CREAT | O_EXCL | O_TRUNC,
332 if (fd != -1 && dbs[cnt].shared)
333 ro_fd = open (dbs[cnt].db_filename, O_RDONLY);
337 char fname[] = _PATH_NSCD_XYZ_DB_TMP;
338 fd = mkstemp (fname);
340 /* We do not need the file name anymore after we
341 opened another file descriptor in read-only mode. */
345 ro_fd = open (fname, O_RDONLY);
355 dbg_log (_("database for %s corrupted or simultaneously used; remove %s manually if necessary and restart"),
356 dbnames[cnt], dbs[cnt].db_filename);
357 // XXX Correct way to terminate?
361 if (dbs[cnt].persistent)
362 dbg_log (_("cannot create %s; no persistent database used"),
363 dbs[cnt].db_filename);
365 dbg_log (_("cannot create %s; no sharing possible"),
366 dbs[cnt].db_filename);
368 dbs[cnt].persistent = 0;
369 // XXX remember: no mmap
373 /* Tell the user if we could not create the read-only
375 if (ro_fd == -1 && dbs[cnt].shared)
377 cannot create read-only descriptor for \"%s\"; no mmap"),
378 dbs[cnt].db_filename);
380 /* Before we create the header, initialiye the hash
381 table. So that if we get interrupted if writing
382 the header we can recognize a partially initialized
384 size_t ps = sysconf (_SC_PAGESIZE);
386 assert (~ENDREF == 0);
387 memset (tmpbuf, '\xff', ps);
389 size_t remaining = dbs[cnt].suggested_module * sizeof (ref_t);
390 off_t offset = sizeof (head);
393 if (offset % ps != 0)
395 towrite = MIN (remaining, ps - (offset % ps));
396 if (pwrite (fd, tmpbuf, towrite, offset) != towrite)
399 remaining -= towrite;
402 while (remaining > ps)
404 if (pwrite (fd, tmpbuf, ps, offset) == -1)
411 && pwrite (fd, tmpbuf, remaining, offset) != remaining)
414 /* Create the header of the file. */
415 struct database_pers_head head =
417 .version = DB_VERSION,
418 .header_size = sizeof (head),
419 .module = dbs[cnt].suggested_module,
420 .data_size = (dbs[cnt].suggested_module
421 * DEFAULT_DATASIZE_PER_BUCKET),
426 if ((TEMP_FAILURE_RETRY (write (fd, &head, sizeof (head)))
428 || ftruncate (fd, total) != 0
429 || (mem = mmap (NULL, total, PROT_READ | PROT_WRITE,
430 MAP_SHARED, fd, 0)) == MAP_FAILED)
433 unlink (dbs[cnt].db_filename);
434 dbg_log (_("cannot write to database file %s: %s"),
435 dbs[cnt].db_filename, strerror (errno));
436 dbs[cnt].persistent = 0;
442 dbs[cnt].data = (char *)
443 &dbs[cnt].head->array[roundup (dbs[cnt].head->module,
444 ALIGN / sizeof (ref_t))];
445 dbs[cnt].memsize = total;
446 dbs[cnt].mmap_used = true;
448 /* Remember the descriptors. */
450 dbs[cnt].ro_fd = ro_fd;
463 && ((dbs[cnt].wr_fd != -1
464 && fcntl (dbs[cnt].wr_fd, F_SETFD, FD_CLOEXEC) == -1)
465 || (dbs[cnt].ro_fd != -1
466 && fcntl (dbs[cnt].ro_fd, F_SETFD, FD_CLOEXEC) == -1)))
469 cannot set socket to close on exec: %s; disabling paranoia mode"),
474 if (dbs[cnt].head == NULL)
476 /* We do not use the persistent database. Just
477 create an in-memory data structure. */
478 assert (! dbs[cnt].persistent);
480 dbs[cnt].head = xmalloc (sizeof (struct database_pers_head)
481 + (dbs[cnt].suggested_module
483 memset (dbs[cnt].head, '\0', sizeof (dbs[cnt].head));
484 assert (~ENDREF == 0);
485 memset (dbs[cnt].head->array, '\xff',
486 dbs[cnt].suggested_module * sizeof (ref_t));
487 dbs[cnt].head->module = dbs[cnt].suggested_module;
488 dbs[cnt].head->data_size = (DEFAULT_DATASIZE_PER_BUCKET
489 * dbs[cnt].head->module);
490 dbs[cnt].data = xmalloc (dbs[cnt].head->data_size);
491 dbs[cnt].head->first_free = 0;
494 assert (dbs[cnt].ro_fd == -1);
497 if (dbs[cnt].check_file)
499 /* We need the modification date of the file. */
502 if (stat (dbs[cnt].filename, &st) < 0)
504 /* We cannot stat() the file, disable file checking. */
505 dbg_log (_("cannot stat() file `%s': %s"),
506 dbs[cnt].filename, strerror (errno));
507 dbs[cnt].check_file = 0;
510 dbs[cnt].file_mtime = st.st_mtime;
514 /* Create the socket. */
515 sock = socket (AF_UNIX, SOCK_STREAM, 0);
518 dbg_log (_("cannot open socket: %s"), strerror (errno));
519 exit (errno == EACCES ? 4 : 1);
521 /* Bind a name to the socket. */
522 struct sockaddr_un sock_addr;
523 sock_addr.sun_family = AF_UNIX;
524 strcpy (sock_addr.sun_path, _PATH_NSCDSOCKET);
525 if (bind (sock, (struct sockaddr *) &sock_addr, sizeof (sock_addr)) < 0)
527 dbg_log ("%s: %s", _PATH_NSCDSOCKET, strerror (errno));
528 exit (errno == EACCES ? 4 : 1);
531 /* We don't want to get stuck on accept. */
532 int fl = fcntl (sock, F_GETFL);
533 if (fl == -1 || fcntl (sock, F_SETFL, fl | O_NONBLOCK) == -1)
535 dbg_log (_("cannot change socket to nonblocking mode: %s"),
540 /* The descriptor needs to be closed on exec. */
541 if (paranoia && fcntl (sock, F_SETFD, FD_CLOEXEC) == -1)
543 dbg_log (_("cannot set socket to close on exec: %s"),
548 /* Set permissions for the socket. */
549 chmod (_PATH_NSCDSOCKET, DEFFILEMODE);
551 /* Set the socket up to accept connections. */
552 if (listen (sock, SOMAXCONN) < 0)
554 dbg_log (_("cannot enable socket to accept connections: %s"),
559 /* Change to unprivileged uid/gid/groups if specifed in config file */
560 if (server_user != NULL)
561 finish_drop_privileges ();
565 /* Close the connections. */
574 invalidate_cache (char *key)
578 if (strcmp (key, "passwd") == 0)
580 else if (strcmp (key, "group") == 0)
582 else if (__builtin_expect (strcmp (key, "hosts"), 0) == 0)
586 /* Re-initialize the resolver. resolv.conf might have changed. */
592 if (dbs[number].enabled)
593 prune_cache (&dbs[number], LONG_MAX);
599 send_ro_fd (struct database_dyn *db, char *key, int fd)
601 /* If we do not have an read-only file descriptor do nothing. */
605 /* We need to send some data along with the descriptor. */
607 iov[0].iov_base = key;
608 iov[0].iov_len = strlen (key) + 1;
610 /* Prepare the control message to transfer the descriptor. */
614 char bytes[CMSG_SPACE (sizeof (int))];
616 struct msghdr msg = { .msg_iov = iov, .msg_iovlen = 1,
617 .msg_control = buf.bytes,
618 .msg_controllen = sizeof (buf) };
619 struct cmsghdr *cmsg = CMSG_FIRSTHDR (&msg);
621 cmsg->cmsg_level = SOL_SOCKET;
622 cmsg->cmsg_type = SCM_RIGHTS;
623 cmsg->cmsg_len = CMSG_LEN (sizeof (int));
625 *(int *) CMSG_DATA (cmsg) = db->ro_fd;
627 msg.msg_controllen = cmsg->cmsg_len;
629 /* Send the control message. We repeat when we are interrupted but
630 everything else is ignored. */
632 # define MSG_NOSIGNAL 0
634 (void) TEMP_FAILURE_RETRY (sendmsg (fd, &msg, MSG_NOSIGNAL));
636 if (__builtin_expect (debug_level > 0, 0))
637 dbg_log (_("provide access to FD %d, for %s"), db->ro_fd, key);
639 #endif /* SCM_RIGHTS */
642 /* Handle new request. */
644 handle_request (int fd, request_header *req, void *key, uid_t uid)
646 if (__builtin_expect (req->version, NSCD_VERSION) != NSCD_VERSION)
650 cannot handle old request version %d; current version is %d"),
651 req->version, NSCD_VERSION);
655 /* Make the SELinux check before we go on to the standard checks. We
656 need to verify that the request type is valid, since it has not
657 yet been checked at this point. */
659 && __builtin_expect (req->type, GETPWBYNAME) >= GETPWBYNAME
660 && __builtin_expect (req->type, LASTREQ) < LASTREQ
661 && nscd_request_avc_has_perm (fd, req->type) != 0)
664 struct database_dyn *db = serv2db[req->type];
666 // XXX Clean up so that each new command need not introduce a
667 // XXX new conditional.
668 if ((__builtin_expect (req->type, GETPWBYNAME) >= GETPWBYNAME
669 && __builtin_expect (req->type, LASTDBREQ) <= LASTDBREQ)
670 || req->type == GETAI || req->type == INITGROUPS)
672 if (__builtin_expect (debug_level, 0) > 0)
674 if (req->type == GETHOSTBYADDR || req->type == GETHOSTBYADDRv6)
676 char buf[INET6_ADDRSTRLEN];
678 dbg_log ("\t%s (%s)", serv2str[req->type],
679 inet_ntop (req->type == GETHOSTBYADDR
680 ? AF_INET : AF_INET6,
681 key, buf, sizeof (buf)));
684 dbg_log ("\t%s (%s)", serv2str[req->type], (char *) key);
687 /* Is this service enabled? */
690 /* No, sent the prepared record. */
691 if (TEMP_FAILURE_RETRY (write (fd, db->disabled_iov->iov_base,
692 db->disabled_iov->iov_len))
693 != (ssize_t) db->disabled_iov->iov_len
694 && __builtin_expect (debug_level, 0) > 0)
696 /* We have problems sending the result. */
698 dbg_log (_("cannot write result: %s"),
699 strerror_r (errno, buf, sizeof (buf)));
705 /* Be sure we can read the data. */
706 if (__builtin_expect (pthread_rwlock_tryrdlock (&db->lock) != 0, 0))
708 ++db->head->rdlockdelayed;
709 pthread_rwlock_rdlock (&db->lock);
712 /* See whether we can handle it from the cache. */
713 struct datahead *cached;
714 cached = (struct datahead *) cache_search (req->type, key, req->key_len,
718 /* Hurray it's in the cache. */
719 if (writeall (fd, cached->data, cached->recsize)
721 && __builtin_expect (debug_level, 0) > 0)
723 /* We have problems sending the result. */
725 dbg_log (_("cannot write result: %s"),
726 strerror_r (errno, buf, sizeof (buf)));
729 pthread_rwlock_unlock (&db->lock);
734 pthread_rwlock_unlock (&db->lock);
736 else if (__builtin_expect (debug_level, 0) > 0)
738 if (req->type == INVALIDATE)
739 dbg_log ("\t%s (%s)", serv2str[req->type], (char *) key);
741 dbg_log ("\t%s", serv2str[req->type]);
744 /* Handle the request. */
748 addpwbyname (db, fd, req, key, uid);
752 addpwbyuid (db, fd, req, key, uid);
756 addgrbyname (db, fd, req, key, uid);
760 addgrbygid (db, fd, req, key, uid);
764 addhstbyname (db, fd, req, key, uid);
767 case GETHOSTBYNAMEv6:
768 addhstbynamev6 (db, fd, req, key, uid);
772 addhstbyaddr (db, fd, req, key, uid);
775 case GETHOSTBYADDRv6:
776 addhstbyaddrv6 (db, fd, req, key, uid);
780 addhstai (db, fd, req, key, uid);
784 addinitgroups (db, fd, req, key, uid);
792 /* Get the callers credentials. */
795 socklen_t optlen = sizeof (caller);
797 if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &caller, &optlen) < 0)
801 dbg_log (_("error getting callers id: %s"),
802 strerror_r (errno, buf, sizeof (buf)));
808 /* Some systems have no SO_PEERCRED implementation. They don't
809 care about security so we don't as well. */
814 /* Accept shutdown, getstat and invalidate only from root. For
815 the stat call also allow the user specified in the config file. */
816 if (req->type == GETSTAT)
818 if (uid == 0 || uid == stat_uid)
819 send_stats (fd, dbs);
823 if (req->type == INVALIDATE)
824 invalidate_cache (key);
826 termination_handler (0);
834 send_ro_fd (serv2db[req->type], key, fd);
839 /* Ignore the command, it's nothing we know. */
845 /* Restart the process. */
849 /* First determine the parameters. We do not use the parameters
850 passed to main() since in case nscd is started by running the
851 dynamic linker this will not work. Yes, this is not the usual
852 case but nscd is part of glibc and we occasionally do this. */
853 size_t buflen = 1024;
854 char *buf = alloca (buflen);
856 int fd = open ("/proc/self/cmdline", O_RDONLY);
860 cannot open /proc/self/cmdline: %s; disabling paranoia mode"),
869 ssize_t n = TEMP_FAILURE_RETRY (read (fd, buf + readlen,
874 cannot open /proc/self/cmdline: %s; disabling paranoia mode"),
884 if (readlen < buflen)
887 /* We might have to extend the buffer. */
888 size_t old_buflen = buflen;
889 char *newp = extend_alloca (buf, buflen, 2 * buflen);
890 buf = memmove (newp, buf, old_buflen);
895 /* Parse the command line. Worst case scenario: every two
896 characters form one parameter (one character plus NUL). */
897 char **argv = alloca ((readlen / 2 + 1) * sizeof (argv[0]));
901 while (cp < buf + readlen)
904 cp = (char *) rawmemchr (cp, '\0') + 1;
908 /* Second, change back to the old user if we changed it. */
909 if (server_user != NULL)
911 if (setuid (old_uid) != 0)
914 cannot change to old UID: %s; disabling paranoia mode"),
921 if (setgid (old_gid) != 0)
924 cannot change to old GID: %s; disabling paranoia mode"),
933 /* Next change back to the old working directory. */
934 if (chdir (oldcwd) == -1)
937 cannot change to old working directory: %s; disabling paranoia mode"),
940 if (server_user != NULL)
949 /* Synchronize memory. */
950 for (int cnt = 0; cnt < lastdb; ++cnt)
952 /* Make sure nobody keeps using the database. */
953 dbs[cnt].head->timestamp = 0;
955 if (dbs[cnt].persistent)
957 msync (dbs[cnt].head, dbs[cnt].memsize, MS_ASYNC);
960 /* The preparations are done. */
961 execv ("/proc/self/exe", argv);
963 /* If we come here, we will never be able to re-exec. */
964 dbg_log (_("re-exec failed: %s; disabling paranoia mode"),
967 if (server_user != NULL)
972 if (chdir ("/") != 0)
973 dbg_log (_("cannot change current working directory to \"/\": %s"),
979 /* List of file descriptors. */
985 /* Memory allocated for the list. */
986 static struct fdlist *fdlist;
987 /* List of currently ready-to-read file descriptors. */
988 static struct fdlist *readylist;
990 /* Conditional variable and mutex to signal availability of entries in
991 READYLIST. The condvar is initialized dynamically since we might
992 use a different clock depending on availability. */
993 static pthread_cond_t readylist_cond;
994 static pthread_mutex_t readylist_lock = PTHREAD_MUTEX_INITIALIZER;
996 /* The clock to use with the condvar. */
997 static clockid_t timeout_clock = CLOCK_REALTIME;
999 /* Number of threads ready to handle the READYLIST. */
1000 static unsigned long int nready;
1003 /* This is the main loop. It is replicated in different threads but the
1004 `poll' call makes sure only one thread handles an incoming connection. */
1006 __attribute__ ((__noreturn__))
1009 const long int my_number = (long int) p;
1010 const int run_prune = my_number < lastdb && dbs[my_number].enabled;
1011 struct timespec prune_ts;
1017 setup_thread (&dbs[my_number]);
1019 /* We are running. */
1020 dbs[my_number].head->timestamp = time (NULL);
1022 if (clock_gettime (timeout_clock, &prune_ts) == -1)
1023 /* Should never happen. */
1026 /* Compute timeout time. */
1027 prune_ts.tv_sec += CACHE_PRUNE_INTERVAL;
1030 /* Initial locking. */
1031 pthread_mutex_lock (&readylist_lock);
1033 /* One more thread available. */
1038 while (readylist == NULL)
1042 /* Wait, but not forever. */
1043 to = pthread_cond_timedwait (&readylist_cond, &readylist_lock,
1046 /* If we were woken and there is no work to be done,
1047 just start pruning. */
1048 if (readylist == NULL && to == ETIMEDOUT)
1051 pthread_mutex_unlock (&readylist_lock);
1056 /* No need to timeout. */
1057 pthread_cond_wait (&readylist_cond, &readylist_lock);
1060 struct fdlist *it = readylist->next;
1061 if (readylist->next == readylist)
1062 /* Just one entry on the list. */
1065 readylist->next = it->next;
1067 /* Extract the information and mark the record ready to be used
1072 /* One more thread available. */
1075 /* We are done with the list. */
1076 pthread_mutex_unlock (&readylist_lock);
1078 /* We do not want to block on a short read or so. */
1079 int fl = fcntl (fd, F_GETFL);
1080 if (fl == -1 || fcntl (fd, F_SETFL, fl | O_NONBLOCK) == -1)
1083 /* Now read the request. */
1085 if (__builtin_expect (TEMP_FAILURE_RETRY (read (fd, &req, sizeof (req)))
1086 != sizeof (req), 0))
1088 /* We failed to read data. Note that this also might mean we
1089 failed because we would have blocked. */
1090 if (debug_level > 0)
1091 dbg_log (_("short read while reading request: %s"),
1092 strerror_r (errno, buf, sizeof (buf)));
1096 /* Check whether this is a valid request type. */
1097 if (req.type < GETPWBYNAME || req.type >= LASTREQ)
1100 /* Some systems have no SO_PEERCRED implementation. They don't
1101 care about security so we don't as well. */
1108 struct ucred caller;
1109 socklen_t optlen = sizeof (caller);
1111 if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &caller, &optlen) < 0)
1113 dbg_log (_("error getting callers id: %s"),
1114 strerror_r (errno, buf, sizeof (buf)));
1118 if (req.type < GETPWBYNAME || req.type > LASTDBREQ
1119 || serv2db[req.type]->secure)
1124 else if (__builtin_expect (debug_level > 0, 0))
1126 struct ucred caller;
1127 socklen_t optlen = sizeof (caller);
1129 if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &caller, &optlen) == 0)
1134 /* It should not be possible to crash the nscd with a silly
1135 request (i.e., a terribly large key). We limit the size to 1kb. */
1136 #define MAXKEYLEN 1024
1137 if (__builtin_expect (req.key_len, 1) < 0
1138 || __builtin_expect (req.key_len, 1) > MAXKEYLEN)
1140 if (debug_level > 0)
1141 dbg_log (_("key length in request too long: %d"), req.key_len);
1146 char keybuf[MAXKEYLEN];
1148 if (__builtin_expect (TEMP_FAILURE_RETRY (read (fd, keybuf,
1152 /* Again, this can also mean we would have blocked. */
1153 if (debug_level > 0)
1154 dbg_log (_("short read while reading request key: %s"),
1155 strerror_r (errno, buf, sizeof (buf)));
1159 if (__builtin_expect (debug_level, 0) > 0)
1164 handle_request: request received (Version = %d) from PID %ld"),
1165 req.version, (long int) pid);
1169 handle_request: request received (Version = %d)"), req.version);
1172 /* Phew, we got all the data, now process it. */
1173 handle_request (fd, &req, keybuf, uid);
1180 /* Check whether we should be pruning the cache. */
1181 assert (run_prune || to == 0);
1182 if (to == ETIMEDOUT)
1185 /* The pthread_cond_timedwait() call timed out. It is time
1186 to clean up the cache. */
1187 assert (my_number < lastdb);
1188 prune_cache (&dbs[my_number], time (NULL));
1190 if (clock_gettime (timeout_clock, &prune_ts) == -1)
1191 /* Should never happen. */
1194 /* Compute next timeout time. */
1195 prune_ts.tv_sec += CACHE_PRUNE_INTERVAL;
1197 /* In case the list is emtpy we do not want to run the prune
1198 code right away again. */
1203 pthread_mutex_lock (&readylist_lock);
1205 /* One more thread available. */
1211 static unsigned int nconns;
1216 pthread_mutex_lock (&readylist_lock);
1218 /* Find an empty entry in FDLIST. */
1220 for (inner = 0; inner < nconns; ++inner)
1221 if (fdlist[inner].next == NULL)
1223 assert (inner < nconns);
1225 fdlist[inner].fd = fd;
1227 if (readylist == NULL)
1228 readylist = fdlist[inner].next = &fdlist[inner];
1231 fdlist[inner].next = readylist->next;
1232 readylist = readylist->next = &fdlist[inner];
1235 bool do_signal = true;
1236 if (__builtin_expect (nready == 0, 0))
1241 /* Try to start another thread to help out. */
1243 if (nthreads < max_nthreads
1244 && pthread_create (&th, &attr, nscd_run,
1245 (void *) (long int) nthreads) == 0)
1247 /* We got another thread. */
1249 /* The new thread might new a kick. */
1255 pthread_mutex_unlock (&readylist_lock);
1257 /* Tell one of the worker threads there is work to do. */
1259 pthread_cond_signal (&readylist_cond);
1263 /* Check whether restarting should happen. */
1265 restart_p (time_t now)
1267 return (paranoia && readylist == NULL && nready == nthreads
1268 && now >= restart_time);
1272 /* Array for times a connection was accepted. */
1273 static time_t *starttime;
1277 __attribute__ ((__noreturn__))
1278 main_loop_poll (void)
1280 struct pollfd *conns = (struct pollfd *) xmalloc (nconns
1281 * sizeof (conns[0]));
1284 conns[0].events = POLLRDNORM;
1286 size_t firstfree = 1;
1290 /* Wait for any event. We wait at most a couple of seconds so
1291 that we can check whether we should close any of the accepted
1292 connections since we have not received a request. */
1293 #define MAX_ACCEPT_TIMEOUT 30
1294 #define MIN_ACCEPT_TIMEOUT 5
1295 #define MAIN_THREAD_TIMEOUT \
1296 (MAX_ACCEPT_TIMEOUT * 1000 \
1297 - ((MAX_ACCEPT_TIMEOUT - MIN_ACCEPT_TIMEOUT) * 1000 * nused) / (2 * nconns))
1299 int n = poll (conns, nused, MAIN_THREAD_TIMEOUT);
1301 time_t now = time (NULL);
1303 /* If there is a descriptor ready for reading or there is a new
1304 connection, process this now. */
1307 if (conns[0].revents != 0)
1309 /* We have a new incoming connection. Accept the connection. */
1310 int fd = TEMP_FAILURE_RETRY (accept (sock, NULL, NULL));
1312 /* use the descriptor if we have not reached the limit. */
1313 if (fd >= 0 && firstfree < nconns)
1315 conns[firstfree].fd = fd;
1316 conns[firstfree].events = POLLRDNORM;
1317 starttime[firstfree] = now;
1318 if (firstfree >= nused)
1319 nused = firstfree + 1;
1323 while (firstfree < nused && conns[firstfree].fd != -1);
1329 for (size_t cnt = 1; cnt < nused && n > 0; ++cnt)
1330 if (conns[cnt].revents != 0)
1332 fd_ready (conns[cnt].fd);
1334 /* Clean up the CONNS array. */
1336 if (cnt < firstfree)
1338 if (cnt == nused - 1)
1341 while (conns[nused - 1].fd == -1);
1347 /* Now find entries which have timed out. */
1350 /* We make the timeout length depend on the number of file
1351 descriptors currently used. */
1352 #define ACCEPT_TIMEOUT \
1353 (MAX_ACCEPT_TIMEOUT \
1354 - ((MAX_ACCEPT_TIMEOUT - MIN_ACCEPT_TIMEOUT) * nused) / nconns)
1355 time_t laststart = now - ACCEPT_TIMEOUT;
1357 for (size_t cnt = nused - 1; cnt > 0; --cnt)
1359 if (conns[cnt].fd != -1 && starttime[cnt] < laststart)
1361 /* Remove the entry, it timed out. */
1362 (void) close (conns[cnt].fd);
1365 if (cnt < firstfree)
1367 if (cnt == nused - 1)
1370 while (conns[nused - 1].fd == -1);
1374 if (restart_p (now))
1382 main_loop_epoll (int efd)
1384 struct epoll_event ev = { 0, };
1388 /* Add the socket. */
1389 ev.events = EPOLLRDNORM;
1391 if (epoll_ctl (efd, EPOLL_CTL_ADD, sock, &ev) == -1)
1392 /* We cannot use epoll. */
1397 struct epoll_event revs[100];
1398 # define nrevs (sizeof (revs) / sizeof (revs[0]))
1400 int n = epoll_wait (efd, revs, nrevs, MAIN_THREAD_TIMEOUT);
1402 time_t now = time (NULL);
1404 for (int cnt = 0; cnt < n; ++cnt)
1405 if (revs[cnt].data.fd == sock)
1407 /* A new connection. */
1408 int fd = TEMP_FAILURE_RETRY (accept (sock, NULL, NULL));
1412 /* Try to add the new descriptor. */
1415 || epoll_ctl (efd, EPOLL_CTL_ADD, fd, &ev) == -1)
1416 /* The descriptor is too large or something went
1417 wrong. Close the descriptor. */
1421 /* Remember when we accepted the connection. */
1422 starttime[fd] = now;
1433 /* Remove the descriptor from the epoll descriptor. */
1434 struct epoll_event ev = { 0, };
1435 (void) epoll_ctl (efd, EPOLL_CTL_DEL, revs[cnt].data.fd, &ev);
1437 /* Get a worked to handle the request. */
1438 fd_ready (revs[cnt].data.fd);
1440 /* Reset the time. */
1441 starttime[revs[cnt].data.fd] = 0;
1442 if (revs[cnt].data.fd == highest)
1445 while (highest > 0 && starttime[highest] == 0);
1450 /* Now look for descriptors for accepted connections which have
1451 no reply in too long of a time. */
1452 time_t laststart = now - ACCEPT_TIMEOUT;
1453 for (int cnt = highest; cnt > STDERR_FILENO; --cnt)
1454 if (cnt != sock && starttime[cnt] != 0 && starttime[cnt] < laststart)
1456 /* We are waiting for this one for too long. Close it. */
1457 struct epoll_event ev = {0, };
1458 (void) epoll_ctl (efd, EPOLL_CTL_DEL, cnt, &ev);
1466 else if (cnt != sock && starttime[cnt] == 0 && cnt == highest)
1469 if (restart_p (now))
1476 /* Start all the threads we want. The initial process is thread no. 1. */
1478 start_threads (void)
1480 /* Initialize the conditional variable we will use. The only
1481 non-standard attribute we might use is the clock selection. */
1482 pthread_condattr_t condattr;
1483 pthread_condattr_init (&condattr);
1485 #if defined _POSIX_CLOCK_SELECTION && _POSIX_CLOCK_SELECTION >= 0 \
1486 && defined _POSIX_MONOTONIC_CLOCK && _POSIX_MONOTONIC_CLOCK >= 0
1487 /* Determine whether the monotonous clock is available. */
1488 struct timespec dummy;
1489 # if _POSIX_MONOTONIC_CLOCK == 0
1490 if (sysconf (_SC_MONOTONIC_CLOCK) > 0)
1492 # if _POSIX_CLOCK_SELECTION == 0
1493 if (sysconf (_SC_CLOCK_SELECTION) > 0)
1495 if (clock_getres (CLOCK_MONOTONIC, &dummy) == 0
1496 && pthread_condattr_setclock (&condattr, CLOCK_MONOTONIC) == 0)
1497 timeout_clock = CLOCK_MONOTONIC;
1500 pthread_cond_init (&readylist_cond, &condattr);
1501 pthread_condattr_destroy (&condattr);
1504 /* Create the attribute for the threads. They are all created
1506 pthread_attr_init (&attr);
1507 pthread_attr_setdetachstate (&attr, PTHREAD_CREATE_DETACHED);
1508 /* Use 1MB stacks, twice as much for 64-bit architectures. */
1509 pthread_attr_setstacksize (&attr, 1024 * 1024 * (sizeof (void *) / 4));
1511 /* We allow less than LASTDB threads only for debugging. */
1512 if (debug_level == 0)
1513 nthreads = MAX (nthreads, lastdb);
1516 for (long int i = 0; i < nthreads; ++i)
1519 if (pthread_create (&th, &attr, nscd_run, (void *) (i - nfailed)) != 0)
1522 if (nthreads - nfailed < lastdb)
1524 /* We could not start enough threads. */
1525 dbg_log (_("could only start %d threads; terminating"),
1526 nthreads - nfailed);
1530 /* Determine how much room for descriptors we should initially
1531 allocate. This might need to change later if we cap the number
1533 const long int nfds = sysconf (_SC_OPEN_MAX);
1535 #define MAXCONN 16384
1536 if (nfds == -1 || nfds > MAXCONN)
1538 else if (nfds < MINCONN)
1543 /* We need memory to pass descriptors on to the worker threads. */
1544 fdlist = (struct fdlist *) xcalloc (nconns, sizeof (fdlist[0]));
1545 /* Array to keep track when connection was accepted. */
1546 starttime = (time_t *) xcalloc (nconns, sizeof (starttime[0]));
1548 /* In the main thread we execute the loop which handles incoming
1551 int efd = epoll_create (100);
1554 main_loop_epoll (efd);
1563 /* Look up the uid, gid, and supplementary groups to run nscd as. When
1564 this function is called, we are not listening on the nscd socket yet so
1565 we can just use the ordinary lookup functions without causing a lockup */
1567 begin_drop_privileges (void)
1569 struct passwd *pwd = getpwnam (server_user);
1573 dbg_log (_("Failed to run nscd as user '%s'"), server_user);
1574 error (EXIT_FAILURE, 0, _("Failed to run nscd as user '%s'"),
1578 server_uid = pwd->pw_uid;
1579 server_gid = pwd->pw_gid;
1581 /* Save the old UID/GID if we have to change back. */
1584 old_uid = getuid ();
1585 old_gid = getgid ();
1588 if (getgrouplist (server_user, server_gid, NULL, &server_ngroups) == 0)
1590 /* This really must never happen. */
1591 dbg_log (_("Failed to run nscd as user '%s'"), server_user);
1592 error (EXIT_FAILURE, errno, _("initial getgrouplist failed"));
1595 server_groups = (gid_t *) xmalloc (server_ngroups * sizeof (gid_t));
1597 if (getgrouplist (server_user, server_gid, server_groups, &server_ngroups)
1600 dbg_log (_("Failed to run nscd as user '%s'"), server_user);
1601 error (EXIT_FAILURE, errno, _("getgrouplist failed"));
1606 /* Call setgroups(), setgid(), and setuid() to drop root privileges and
1607 run nscd as the user specified in the configuration file. */
1609 finish_drop_privileges (void)
1611 if (setgroups (server_ngroups, server_groups) == -1)
1613 dbg_log (_("Failed to run nscd as user '%s'"), server_user);
1614 error (EXIT_FAILURE, errno, _("setgroups failed"));
1617 if (setgid (server_gid) == -1)
1619 dbg_log (_("Failed to run nscd as user '%s'"), server_user);
1624 if (setuid (server_uid) == -1)
1626 dbg_log (_("Failed to run nscd as user '%s'"), server_user);
projects / platform / upstream / glibc.git / blob