/* Inner loops of cache daemon. Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998. The GNU C Library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. The GNU C Library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with the GNU C Library; see the file COPYING.LIB. If not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include <assert.h> #include <error.h> #include <errno.h> #include <pthread.h> #include <stdlib.h> #include <unistd.h> #include <libintl.h> #include <arpa/inet.h> #include <sys/param.h> #include <sys/poll.h> #include <sys/socket.h> #include <sys/stat.h> #include <sys/un.h> #include "nscd.h" #include "dbg_log.h" /* Mapping of request type to database. */ static const dbtype serv2db[LASTDBREQ + 1] = { [GETPWBYNAME] = pwddb, [GETPWBYUID] = pwddb, [GETGRBYNAME] = grpdb, [GETGRBYGID] = grpdb, [GETHOSTBYNAME] = hstdb, [GETHOSTBYNAMEv6] = hstdb, [GETHOSTBYADDR] = hstdb, [GETHOSTBYADDRv6] = hstdb, }; /* Map request type to a string. */ const char *serv2str[LASTREQ] = { [GETPWBYNAME] = "GETPWBYNAME", [GETPWBYUID] = "GETPWBYUID", [GETGRBYNAME] = "GETGRBYNAME", [GETGRBYGID] = "GETGRBYGID", [GETHOSTBYNAME] = "GETHOSTBYNAME", [GETHOSTBYNAMEv6] = "GETHOSTBYNAMEv6", [GETHOSTBYADDR] = "GETHOSTBYADDR", [GETHOSTBYADDRv6] = "GETHOSTBYADDRv6", [SHUTDOWN] = "SHUTDOWN", [GETSTAT] = "GETSTAT", [INVALIDATE] = "INVALIDATE" }; /* The control data structures for the services. */ static struct database dbs[lastdb] = { [pwddb] = { lock: PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP, enabled: 0, check_file: 1, filename: "/etc/passwd", module: 211, disabled_iov: &pwd_iov_disabled, postimeout: 3600, negtimeout: 20 }, [grpdb] = { lock: PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP, enabled: 0, check_file: 1, filename: "/etc/group", module: 211, disabled_iov: &grp_iov_disabled, postimeout: 3600, negtimeout: 60 }, [hstdb] = { lock: PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP, enabled: 0, check_file: 1, filename: "/etc/hosts", module: 211, disabled_iov: &hst_iov_disabled, postimeout: 3600, negtimeout: 20 } }; /* Number of seconds between two cache pruning runs. */ #define CACHE_PRUNE_INTERVAL 15 /* Number of threads to use. */ int nthreads = -1; /* Socket for incoming connections. */ static int sock; /* Initialize database information structures. */ void nscd_init (const char *conffile) { struct sockaddr_un sock_addr; size_t cnt; /* Read the configuration file. */ if (nscd_parse_file (conffile, dbs) != 0) { /* We couldn't read the configuration file. Disable all services by shutting down the srever. */ dbg_log (_("cannot read configuration file; this is fatal")); exit (1); } if (nthreads == -1) /* No configuration for this value, assume a default. */ nthreads = 2 * lastdb; for (cnt = 0; cnt < lastdb; ++cnt) if (dbs[cnt].enabled) { pthread_rwlock_init (&dbs[cnt].lock, NULL); dbs[cnt].array = (struct hashentry **) calloc (dbs[cnt].module, sizeof (struct hashentry *)); if (dbs[cnt].array == NULL) error (EXIT_FAILURE, errno, "while allocating cache"); if (dbs[cnt].check_file) { /* We need the modification date of the file. */ struct stat st; if (stat (dbs[cnt].filename, &st) < 0) { char buf[128]; /* We cannot stat() the file, disable file checking. */ dbg_log (_("cannot stat() file `%s': %s"), dbs[cnt].filename, strerror_r (errno, buf, sizeof (buf))); dbs[cnt].check_file = 0; } else dbs[cnt].file_mtime = st.st_mtime; } } /* Create the socket. */ sock = socket (AF_UNIX, SOCK_STREAM, 0); if (sock < 0) { dbg_log (_("cannot open socket: %s"), strerror (errno)); exit (1); } /* Bind a name to the socket. */ sock_addr.sun_family = AF_UNIX; strcpy (sock_addr.sun_path, _PATH_NSCDSOCKET); if (bind (sock, (struct sockaddr *) &sock_addr, sizeof (sock_addr)) < 0) { dbg_log ("%s: %s", _PATH_NSCDSOCKET, strerror (errno)); exit (1); } /* Set permissions for the socket. */ chmod (_PATH_NSCDSOCKET, 0666); /* Set the socket up to accept connections. */ if (listen (sock, SOMAXCONN) < 0) { dbg_log (_("cannot enable socket to accept connections: %s"), strerror (errno)); exit (1); } } /* Close the connections. */ void close_sockets (void) { close (sock); } static void invalidate_cache (char *key) { dbtype number; if (strcmp (key, "passwd") == 0) number = pwddb; else if (strcmp (key, "group") == 0) number = grpdb; else if (strcmp (key, "hosts") == 0) number = hstdb; else return; prune_cache (&dbs[number], LONG_MAX); } /* Handle new request. */ static void handle_request (int fd, request_header *req, void *key, uid_t uid) { if (debug_level > 0) dbg_log (_("handle_request: request received (Version = %d)"), req->version); if (req->version != NSCD_VERSION) { dbg_log (_("\ cannot handle old request version %d; current version is %d"), req->version, NSCD_VERSION); return; } if (req->type >= GETPWBYNAME && req->type <= LASTDBREQ) { struct hashentry *cached; struct database *db = &dbs[serv2db[req->type]]; if (debug_level > 0) { if (req->type == GETHOSTBYADDR || req->type == GETHOSTBYADDRv6) { char buf[INET6_ADDRSTRLEN]; dbg_log ("\t%s (%s)", serv2str[req->type], inet_ntop (req->type == GETHOSTBYADDR ? AF_INET : AF_INET6, key, buf, sizeof (buf))); } else dbg_log ("\t%s (%s)", serv2str[req->type], key); } /* Is this service enabled? */ if (!db->enabled) { /* No, sent the prepared record. */ if (TEMP_FAILURE_RETRY (write (fd, db->disabled_iov->iov_base, db->disabled_iov->iov_len)) != db->disabled_iov->iov_len) { /* We have problems sending the result. */ char buf[256]; dbg_log (_("cannot write result: %s"), strerror_r (errno, buf, sizeof (buf))); } return; } /* Be sure we can read the data. */ pthread_rwlock_rdlock (&db->lock); /* See whether we can handle it from the cache. */ cached = (struct hashentry *) cache_search (req->type, key, req->key_len, db, uid); if (cached != NULL) { /* Hurray it's in the cache. */ if (TEMP_FAILURE_RETRY (write (fd, cached->packet, cached->total)) != cached->total) { /* We have problems sending the result. */ char buf[256]; dbg_log (_("cannot write result: %s"), strerror_r (errno, buf, sizeof (buf))); } pthread_rwlock_unlock (&db->lock); return; } pthread_rwlock_unlock (&db->lock); } else if (debug_level > 0) { if (req->type == INVALIDATE) dbg_log ("\t%s (%s)", serv2str[req->type], key); else dbg_log ("\t%s", serv2str[req->type]); } /* Handle the request. */ switch (req->type) { case GETPWBYNAME: addpwbyname (&dbs[serv2db[req->type]], fd, req, key, uid); break; case GETPWBYUID: addpwbyuid (&dbs[serv2db[req->type]], fd, req, key, uid); break; case GETGRBYNAME: addgrbyname (&dbs[serv2db[req->type]], fd, req, key, uid); break; case GETGRBYGID: addgrbygid (&dbs[serv2db[req->type]], fd, req, key, uid); break; case GETHOSTBYNAME: addhstbyname (&dbs[serv2db[req->type]], fd, req, key, uid); break; case GETHOSTBYNAMEv6: addhstbynamev6 (&dbs[serv2db[req->type]], fd, req, key, uid); break; case GETHOSTBYADDR: addhstbyaddr (&dbs[serv2db[req->type]], fd, req, key, uid); break; case GETHOSTBYADDRv6: addhstbyaddrv6 (&dbs[serv2db[req->type]], fd, req, key, uid); break; case GETSTAT: case SHUTDOWN: case INVALIDATE: /* Accept shutdown, getstat and invalidate only from root */ if (secure_in_use && uid == 0) { if (req->type == GETSTAT) send_stats (fd, dbs); else if (req->type == INVALIDATE) invalidate_cache (key); else termination_handler (0); } else { struct ucred caller; socklen_t optlen = sizeof (caller); /* Some systems have no SO_PEERCRED implementation. They don't care about security so we don't as well. */ #ifdef SO_PEERCRED if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &caller, &optlen) < 0) { char buf[256]; dbg_log (_("error getting callers id: %s"), strerror_r (errno, buf, sizeof (buf))); } else if (caller.uid == 0) #endif { if (req->type == GETSTAT) send_stats (fd, dbs); else if (req->type == INVALIDATE) invalidate_cache (key); else termination_handler (0); } } break; default: /* Ignore the command, it's nothing we know. */ break; } } /* This is the main loop. It is replicated in different threads but the `poll' call makes sure only one thread handles an incoming connection. */ static void * __attribute__ ((__noreturn__)) nscd_run (void *p) { long int my_number = (long int) p; struct pollfd conn; int run_prune = my_number < lastdb && dbs[my_number].enabled; time_t now = time (NULL); time_t next_prune = now + CACHE_PRUNE_INTERVAL; int timeout = run_prune ? 1000 * (next_prune - now) : -1; conn.fd = sock; conn.events = POLLRDNORM; while (1) { int nr = poll (&conn, 1, timeout); if (nr == 0) { /* The `poll' call timed out. It's time to clean up the cache. */ assert (my_number < lastdb); now = time (NULL); prune_cache (&dbs[my_number], now); next_prune = now + CACHE_PRUNE_INTERVAL; timeout = 1000 * (next_prune - now); continue; } /* We have a new incoming connection. */ if (conn.revents & (POLLRDNORM|POLLERR|POLLHUP|POLLNVAL)) { /* Accept the connection. */ int fd = accept (conn.fd, NULL, NULL); request_header req; char buf[256]; uid_t uid = 0; if (fd < 0) { dbg_log (_("while accepting connection: %s"), strerror_r (errno, buf, sizeof (buf))); continue; } /* Now read the request. */ if (TEMP_FAILURE_RETRY (read (fd, &req, sizeof (req))) != sizeof (req)) { dbg_log (_("short read while reading request: %s"), strerror_r (errno, buf, sizeof (buf))); close (fd); continue; } /* Some systems have no SO_PEERCRED implementation. They don't care about security so we don't as well. */ #ifdef SO_PEERCRED if (secure_in_use) { struct ucred caller; socklen_t optlen = sizeof (caller); if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &caller, &optlen) < 0) { dbg_log (_("error getting callers id: %s"), strerror_r (errno, buf, sizeof (buf))); close (fd); continue; } if (req.type < GETPWBYNAME || req.type > LASTDBREQ || secure[serv2db[req.type]]) uid = caller.uid; } #endif /* It should not be possible to crash the nscd with a silly request (i.e., a terribly large key). We limit the size to 1kb. */ if (req.key_len < 0 || req.key_len > 1024) { dbg_log (_("key length in request too long: %zd"), req.key_len); close (fd); continue; } else { /* Get the key. */ char keybuf[req.key_len]; if (TEMP_FAILURE_RETRY (read (fd, keybuf, req.key_len)) != req.key_len) { dbg_log (_("short read while reading request key: %s"), strerror_r (errno, buf, sizeof (buf))); close (fd); continue; } /* Phew, we got all the data, now process it. */ handle_request (fd, &req, keybuf, uid); /* We are done. */ close (fd); } } if (run_prune) { now = time (NULL); timeout = now < next_prune ? 1000 * (next_prune - now) : 0; } } } /* Start all the threads we want. The initial process is thread no. 1. */ void start_threads (void) { long int i; pthread_attr_t attr; pthread_t th; pthread_attr_init (&attr); pthread_attr_setdetachstate (&attr, PTHREAD_CREATE_DETACHED); /* We allow less than LASTDB threads only for debugging. */ if (debug_level == 0) nthreads = MAX (nthreads, lastdb); for (i = 1; i < nthreads; ++i) pthread_create (&th, &attr, nscd_run, (void *) i); pthread_attr_destroy (&attr); nscd_run ((void *) 0); }