[thirdparty/glibc.git] / nscd / nscd.c

/* Copyright (c) 1998-2014 Free Software Foundation, Inc.
   This file is part of the GNU C Library.
   Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998.

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published
   by the Free Software Foundation; version 2 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, see <http://www.gnu.org/licenses/>.  */

/* nscd - Name Service Cache Daemon. Caches passwd, group, and hosts.  */

#include <argp.h>
#include <assert.h>
#include <dirent.h>
#include <errno.h>
#include <error.h>
#include <fcntl.h>
#include <libintl.h>
#include <locale.h>
#include <paths.h>
#include <pthread.h>
#include <signal.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <unistd.h>
#include <sys/mman.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/uio.h>
#include <sys/un.h>
#include <sys/wait.h>
#include <stdarg.h>

#include "dbg_log.h"
#include "nscd.h"
#include "selinux.h"
#include "../nss/nsswitch.h"
#include <device-nrs.h>
#ifdef HAVE_INOTIFY
# include <sys/inotify.h>
#endif
#include <kernel-features.h>

/* Get libc version number.  */
#include <version.h>

#define PACKAGE _libc_intl_domainname

int do_shutdown;
int disabled_passwd;
int disabled_group;

typedef enum
{
  /* Running in background as daemon.  */
  RUN_DAEMONIZE,
  /* Running in foreground but otherwise behave like a daemon,
     i.e., detach from terminal and use syslog.  This allows
     better integration with services like systemd.  */
  RUN_FOREGROUND,
  /* Run in foreground in debug mode.  */
  RUN_DEBUG
} run_modes;

static run_modes run_mode = RUN_DAEMONIZE;

static const char *conffile = _PATH_NSCDCONF;

time_t start_time;

uintptr_t pagesize_m1;

int paranoia;
time_t restart_time;
time_t restart_interval = RESTART_INTERVAL;
const char *oldcwd;
uid_t old_uid;
gid_t old_gid;

static int check_pid (const char *file);
static int write_pid (const char *file);
static int monitor_child (int fd);

/* Name and version of program.  */
static void print_version (FILE *stream, struct argp_state *state);
void (*argp_program_version_hook) (FILE *, struct argp_state *) = print_version;

/* Function to print some extra text in the help message.  */
static char *more_help (int key, const char *text, void *input);

/* Definitions of arguments for argp functions.  */
static const struct argp_option options[] =
{
  { "config-file", 'f', N_("NAME"), 0,
    N_("Read configuration data from NAME") },
  { "debug", 'd', NULL, 0,
    N_("Do not fork and display messages on the current tty") },
  { "foreground", 'F', NULL, 0,
    N_("Do not fork, but otherwise behave like a daemon") },
  { "nthreads", 't', N_("NUMBER"), 0, N_("Start NUMBER threads") },
  { "shutdown", 'K', NULL, 0, N_("Shut the server down") },
  { "statistics", 'g', NULL, 0, N_("Print current configuration statistics") },
  { "invalidate", 'i', N_("TABLE"), 0,
    N_("Invalidate the specified cache") },
  { "secure", 'S', N_("TABLE,yes"), OPTION_HIDDEN,
    N_("Use separate cache for each user")},
  { NULL, 0, NULL, 0, NULL }
};

/* Short description of program.  */
static const char doc[] = N_("Name Service Cache Daemon.");

/* Prototype for option handler.  */
static error_t parse_opt (int key, char *arg, struct argp_state *state);

/* Data structure to communicate with argp functions.  */
static struct argp argp =
{
  options, parse_opt, NULL, doc, NULL, more_help
};

/* True if only statistics are requested.  */
static bool get_stats;
static int parent_fd = -1;

int
main (int argc, char **argv)
{
  int remaining;

  /* Set locale via LC_ALL.  */
  setlocale (LC_ALL, "");
  /* Set the text message domain.  */
  textdomain (PACKAGE);

  /* Determine if the kernel has SELinux support.  */
  nscd_selinux_enabled (&selinux_enabled);

  /* Parse and process arguments.  */
  argp_parse (&argp, argc, argv, 0, &remaining, NULL);

  if (remaining != argc)
    {
      error (0, 0, gettext ("wrong number of arguments"));
      argp_help (&argp, stdout, ARGP_HELP_SEE, program_invocation_short_name);
      exit (1);
    }

  /* Read the configuration file.  */
  if (nscd_parse_file (conffile, dbs) != 0)
    /* We couldn't read the configuration file.  We don't start the
       server.  */
    error (EXIT_FAILURE, 0,
	   _("failure while reading configuration file; this is fatal"));

  /* Do we only get statistics?  */
  if (get_stats)
    /* Does not return.  */
    receive_print_stats ();

  /* Check if we are already running. */
  if (check_pid (_PATH_NSCDPID))
    error (EXIT_FAILURE, 0, _("already running"));

  /* Remember when we started.  */
  start_time = time (NULL);

  /* Determine page size.  */
  pagesize_m1 = getpagesize () - 1;

  if (run_mode == RUN_DAEMONIZE || run_mode == RUN_FOREGROUND)
    {
      int i;
      pid_t pid;

      /* Behave like a daemon.  */
      if (run_mode == RUN_DAEMONIZE)
	{
	  int fd[2];

	  if (pipe (fd) != 0)
	    error (EXIT_FAILURE, errno,
		   _("cannot create a pipe to talk to the child"));

	  pid = fork ();
	  if (pid == -1)
	    error (EXIT_FAILURE, errno, _("cannot fork"));
	  if (pid != 0)
	    {
	      /* The parent only reads from the child.  */
	      close (fd[1]);
	      exit (monitor_child (fd[0]));
	    }
	  else
	    {
	      /* The child only writes to the parent.  */
	      close (fd[0]);
	      parent_fd = fd[1];
	    }
	}

      int nullfd = open (_PATH_DEVNULL, O_RDWR);
      if (nullfd != -1)
	{
	  struct stat64 st;

	  if (fstat64 (nullfd, &st) == 0 && S_ISCHR (st.st_mode) != 0
#if defined DEV_NULL_MAJOR && defined DEV_NULL_MINOR
	      && st.st_rdev == makedev (DEV_NULL_MAJOR, DEV_NULL_MINOR)
#endif
	      )
	    {
	      /* It is the /dev/null special device alright.  */
	      (void) dup2 (nullfd, STDIN_FILENO);
	      (void) dup2 (nullfd, STDOUT_FILENO);
	      (void) dup2 (nullfd, STDERR_FILENO);

	      if (nullfd > 2)
		close (nullfd);
	    }
	  else
	    {
	      /* Ugh, somebody is trying to play a trick on us.  */
	      close (nullfd);
	      nullfd = -1;
	    }
	}
      int min_close_fd = nullfd == -1 ? 0 : STDERR_FILENO + 1;

      DIR *d = opendir ("/proc/self/fd");
      if (d != NULL)
	{
	  struct dirent64 *dirent;
	  int dfdn = dirfd (d);

	  while ((dirent = readdir64 (d)) != NULL)
	    {
	      char *endp;
	      long int fdn = strtol (dirent->d_name, &endp, 10);

	      if (*endp == '\0' && fdn != dfdn && fdn >= min_close_fd
		  && fdn != parent_fd)
		close ((int) fdn);
	    }

	  closedir (d);
	}
      else
	for (i = min_close_fd; i < getdtablesize (); i++)
	  if (i != parent_fd)
	    close (i);

      setsid ();

      if (chdir ("/") != 0)
	do_exit (EXIT_FAILURE, errno,
		 _("cannot change current working directory to \"/\""));

      openlog ("nscd", LOG_CONS | LOG_ODELAY, LOG_DAEMON);

      if (write_pid (_PATH_NSCDPID) < 0)
	dbg_log ("%s: %s", _PATH_NSCDPID, strerror (errno));

      if (!init_logfile ())
	dbg_log (_("Could not create log file"));

      /* Ignore job control signals.  */
      signal (SIGTTOU, SIG_IGN);
      signal (SIGTTIN, SIG_IGN);
      signal (SIGTSTP, SIG_IGN);
    }
  else
    /* In debug mode we are not paranoid.  */
    paranoia = 0;

  signal (SIGINT, termination_handler);
  signal (SIGQUIT, termination_handler);
  signal (SIGTERM, termination_handler);
  signal (SIGPIPE, SIG_IGN);

  /* Cleanup files created by a previous 'bind'.  */
  unlink (_PATH_NSCDSOCKET);

#ifdef HAVE_INOTIFY
  /* Use inotify to recognize changed files.  */
  inotify_fd = inotify_init1 (IN_NONBLOCK);
# ifndef __ASSUME_IN_NONBLOCK
  if (inotify_fd == -1 && errno == ENOSYS)
    {
      inotify_fd = inotify_init ();
      if (inotify_fd != -1)
	fcntl (inotify_fd, F_SETFL, O_RDONLY | O_NONBLOCK);
    }
# endif
#endif

#ifdef USE_NSCD
  /* Make sure we do not get recursive calls.  */
  __nss_disable_nscd (register_traced_file);
#endif

  /* Init databases.  */
  nscd_init ();

  /* Start the SELinux AVC.  */
  if (selinux_enabled)
    nscd_avc_init ();

  /* Handle incoming requests */
  start_threads ();

  return 0;
}


/* Handle program arguments.  */
static error_t
parse_opt (int key, char *arg, struct argp_state *state)
{
  switch (key)
    {
    case 'd':
      ++debug_level;
      run_mode = RUN_DEBUG;
      break;

    case 'F':
      run_mode = RUN_FOREGROUND;
      break;

    case 'f':
      conffile = arg;
      break;

    case 'K':
      if (getuid () != 0)
	error (4, 0, _("Only root is allowed to use this option!"));
      {
	int sock = nscd_open_socket ();

	if (sock == -1)
	  exit (EXIT_FAILURE);

	request_header req;
	req.version = NSCD_VERSION;
	req.type = SHUTDOWN;
	req.key_len = 0;

	ssize_t nbytes = TEMP_FAILURE_RETRY (send (sock, &req,
						   sizeof (request_header),
						   MSG_NOSIGNAL));
	close (sock);
	exit (nbytes != sizeof (request_header) ? EXIT_FAILURE : EXIT_SUCCESS);
      }

    case 'g':
      get_stats = true;
      break;

    case 'i':
      if (getuid () != 0)
	error (4, 0, _("Only root is allowed to use this option!"));
      else
	{
	  int sock = nscd_open_socket ();

	  if (sock == -1)
	    exit (EXIT_FAILURE);

	  dbtype cnt;
	  for (cnt = pwddb; cnt < lastdb; ++cnt)
	    if (strcmp (arg, dbnames[cnt]) == 0)
	      break;

	  if (cnt == lastdb)
	    {
	      argp_error (state, _("'%s' is not a known database"), arg);
	      return EINVAL;
	    }

	  size_t arg_len = strlen (arg) + 1;
	  struct
	  {
	    request_header req;
	    char arg[arg_len];
	  } reqdata;

	  reqdata.req.key_len = strlen (arg) + 1;
	  reqdata.req.version = NSCD_VERSION;
	  reqdata.req.type = INVALIDATE;
	  memcpy (reqdata.arg, arg, arg_len);

	  ssize_t nbytes = TEMP_FAILURE_RETRY (send (sock, &reqdata,
						     sizeof (request_header)
						     + arg_len,
						     MSG_NOSIGNAL));

	  if (nbytes != sizeof (request_header) + arg_len)
	    {
	      int err = errno;
	      close (sock);
	      error (EXIT_FAILURE, err, _("write incomplete"));
	    }

	  /* Wait for ack.  Older nscd just closed the socket when
	     prune_cache finished, silently ignore that.  */
	  int32_t resp = 0;
	  nbytes = TEMP_FAILURE_RETRY (read (sock, &resp, sizeof (resp)));
	  if (nbytes != 0 && nbytes != sizeof (resp))
	    {
	      int err = errno;
	      close (sock);
	      error (EXIT_FAILURE, err, _("cannot read invalidate ACK"));
	    }

	  close (sock);

	  if (resp != 0)
	    error (EXIT_FAILURE, resp, _("invalidation failed"));

	  exit (0);
	}

    case 't':
      nthreads = atol (arg);
      break;

    case 'S':
      error (0, 0, _("secure services not implemented anymore"));
      break;

    default:
      return ARGP_ERR_UNKNOWN;
    }

  return 0;
}

/* Print bug-reporting information in the help message.  */
static char *
more_help (int key, const char *text, void *input)
{
  char *tables, *tp = NULL;

  switch (key)
    {
    case ARGP_KEY_HELP_EXTRA:
      {
	dbtype cnt;

	tables = xmalloc (sizeof (dbnames) + 1);
	for (cnt = 0; cnt < lastdb; cnt++)
	  {
	    strcat (tables, dbnames[cnt]);
	    strcat (tables, " ");
	  }
      }

      /* We print some extra information.  */
      if (asprintf (&tp, gettext ("\
Supported tables:\n\
%s\n\
\n\
For bug reporting instructions, please see:\n\
%s.\n\
"), tables, REPORT_BUGS_TO) < 0)
	tp = NULL;
      free (tables);
      return tp;

    default:
      break;
    }

  return (char *) text;
}

/* Print the version information.  */
static void
print_version (FILE *stream, struct argp_state *state)
{
  fprintf (stream, "nscd %s%s\n", PKGVERSION, VERSION);
  fprintf (stream, gettext ("\
Copyright (C) %s Free Software Foundation, Inc.\n\
This is free software; see the source for copying conditions.  There is NO\n\
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\
"), "2014");
  fprintf (stream, gettext ("Written by %s.\n"),
	   "Thorsten Kukuk and Ulrich Drepper");
}


/* Create a socket connected to a name.  */
int
nscd_open_socket (void)
{
  struct sockaddr_un addr;
  int sock;

  sock = socket (PF_UNIX, SOCK_STREAM, 0);
  if (sock < 0)
    return -1;

  addr.sun_family = AF_UNIX;
  assert (sizeof (addr.sun_path) >= sizeof (_PATH_NSCDSOCKET));
  strcpy (addr.sun_path, _PATH_NSCDSOCKET);
  if (connect (sock, (struct sockaddr *) &addr, sizeof (addr)) < 0)
    {
      close (sock);
      return -1;
    }

  return sock;
}


/* Cleanup.  */
void
termination_handler (int signum)
{
  close_sockets ();

  /* Clean up the file created by 'bind'.  */
  unlink (_PATH_NSCDSOCKET);

  /* Clean up pid file.  */
  unlink (_PATH_NSCDPID);

  // XXX Terminate threads.

  /* Synchronize memory.  */
  for (int cnt = 0; cnt < lastdb; ++cnt)
    {
      if (!dbs[cnt].enabled || dbs[cnt].head == NULL)
	continue;

      /* Make sure nobody keeps using the database.  */
      dbs[cnt].head->timestamp = 0;

      if (dbs[cnt].persistent)
	// XXX async OK?
	msync (dbs[cnt].head, dbs[cnt].memsize, MS_ASYNC);
    }

  _exit (EXIT_SUCCESS);
}

/* Returns 1 if the process in pid file FILE is running, 0 if not.  */
static int
check_pid (const char *file)
{
  FILE *fp;

  fp = fopen (file, "r");
  if (fp)
    {
      pid_t pid;
      int n;

      n = fscanf (fp, "%d", &pid);
      fclose (fp);

      /* If we cannot parse the file default to assuming nscd runs.
	 If the PID is alive, assume it is running.  That all unless
	 the PID is the same as the current process' since tha latter
	 can mean we re-exec.  */
      if ((n != 1 || kill (pid, 0) == 0) && pid != getpid ())
	return 1;
    }

  return 0;
}

/* Write the current process id to the file FILE.
   Returns 0 if successful, -1 if not.  */
static int
write_pid (const char *file)
{
  FILE *fp;

  fp = fopen (file, "w");
  if (fp == NULL)
    return -1;

  fprintf (fp, "%d\n", getpid ());

  int result = fflush (fp) || ferror (fp) ? -1 : 0;

  fclose (fp);

  return result;
}

static int
monitor_child (int fd)
{
  int child_ret = 0;
  int ret = read (fd, &child_ret, sizeof (child_ret));

  /* The child terminated with an error, either via exit or some other abnormal
     method, like a segfault.  */
  if (ret <= 0 || child_ret != 0)
    {
      int err = wait (&child_ret);

      if (err < 0)
	{
	  fprintf (stderr, _("wait failed"));
	  return 1;
	}

      fprintf (stderr, _("child exited with status %d"),
	       WEXITSTATUS (child_ret));
      if (WIFSIGNALED (child_ret))
	fprintf (stderr, _(", terminated by signal %d.\n"),
		 WTERMSIG (child_ret));
      else
	fprintf (stderr, ".\n");
    }

  /* We have the child status, so exit with that code.  */
  close (fd);

  return child_ret;
}

void
do_exit (int child_ret, int errnum, const char *format, ...)
{
  if (parent_fd != -1)
    {
      int ret = write (parent_fd, &child_ret, sizeof (child_ret));
      assert (ret == sizeof (child_ret));
      close (parent_fd);
    }

  if (format != NULL)
    {
      /* Emulate error() since we don't have a va_list variant for it.  */
      va_list argp;

      fflush (stdout);

      fprintf (stderr, "%s: ", program_invocation_name);

      va_start (argp, format);
      vfprintf (stderr, format, argp);
      va_end (argp);

      fprintf (stderr, ": %s\n", strerror (errnum));
      fflush (stderr);
    }

  /* Finally, exit.  */
  exit (child_ret);
}

void
notify_parent (int child_ret)
{
  if (parent_fd == -1)
    return;

  int ret = write (parent_fd, &child_ret, sizeof (child_ret));
  assert (ret == sizeof (child_ret));
  close (parent_fd);
  parent_fd = -1;
}
Commit	Line	Data
d4697bc9	1	/* Copyright (c) 1998-2014 Free Software Foundation, Inc.
d67281a7	2	This file is part of the GNU C Library.
a1c542bf	3	Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998.
d67281a7	4
43bc8ac6	5	This program is free software; you can redistribute it and/or modify
2e2efe65 RM	6	it under the terms of the GNU General Public License as published
	7	by the Free Software Foundation; version 2 of the License, or
	8	(at your option) any later version.
d67281a7	9
43bc8ac6	10	This program is distributed in the hope that it will be useful,
d67281a7	11	but WITHOUT ANY WARRANTY; without even the implied warranty of
43bc8ac6 UD	12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
43bc8ac6 UD	13	GNU General Public License for more details.
d67281a7	14
43bc8ac6	15	You should have received a copy of the GNU General Public License
59ba27a6	16	along with this program; if not, see <http://www.gnu.org/licenses/>. */
d67281a7	17
67479a70	18	/* nscd - Name Service Cache Daemon. Caches passwd, group, and hosts. */
d67281a7	19
4d06461a	20	#include <argp.h>
67479a70	21	#include <assert.h>
d4397629	22	#include <dirent.h>
d67281a7	23	#include <errno.h>
4d06461a	24	#include <error.h>
d4397629	25	#include <fcntl.h>
d67281a7 UD	26	#include <libintl.h>
d67281a7 UD	27	#include <locale.h>
d4397629	28	#include <paths.h>
d67281a7	29	#include <pthread.h>
d67281a7	30	#include <signal.h>
a12ce44f	31	#include <stdbool.h>
d67281a7 UD	32	#include <stdio.h>
	33	#include <stdlib.h>
	34	#include <string.h>
	35	#include <syslog.h>
4c223a7c	36	#include <unistd.h>
a95a08b4	37	#include <sys/mman.h>
d67281a7	38	#include <sys/socket.h>
d4397629	39	#include <sys/stat.h>
ead07d01	40	#include <sys/uio.h>
d67281a7	41	#include <sys/un.h>
532a6035 SP	42	#include <sys/wait.h>
532a6035 SP	43	#include <stdarg.h>
d67281a7 UD	44
	45	#include "dbg_log.h"
	46	#include "nscd.h"
74a30a58	47	#include "selinux.h"
ef4d5b32	48	#include "../nss/nsswitch.h"
d4397629	49	#include <device-nrs.h>
319b9ad4 UD	50	#ifdef HAVE_INOTIFY
	51	# include <sys/inotify.h>
	52	#endif
9bc6103d	53	#include <kernel-features.h>
d67281a7 UD	54
	55	/* Get libc version number. */
	56	#include <version.h>
	57
	58	#define PACKAGE _libc_intl_domainname
	59
a1c542bf UD	60	int do_shutdown;
	61	int disabled_passwd;
	62	int disabled_group;
bb90b80b	63
edfe0dbe	64	typedef enum
bb90b80b	65	{
edfe0dbe AJ	66	/* Running in background as daemon. */
edfe0dbe AJ	67	RUN_DAEMONIZE,
bb90b80b AJ	68	/* Running in foreground but otherwise behave like a daemon,
	69	i.e., detach from terminal and use syslog. This allows
	70	better integration with services like systemd. */
	71	RUN_FOREGROUND,
bb90b80b AJ	72	/* Run in foreground in debug mode. */
bb90b80b AJ	73	RUN_DEBUG
edfe0dbe AJ	74	} run_modes;
	75
	76	static run_modes run_mode = RUN_DAEMONIZE;
a1c542bf	77
67479a70	78	static const char *conffile = _PATH_NSCDCONF;
d67281a7	79
c86e6aec UD	80	time_t start_time;
c86e6aec UD	81
3418007e UD	82	uintptr_t pagesize_m1;
3418007e UD	83
4401d759 UD	84	int paranoia;
	85	time_t restart_time;
	86	time_t restart_interval = RESTART_INTERVAL;
	87	const char *oldcwd;
	88	uid_t old_uid;
	89	gid_t old_gid;
	90
d67281a7 UD	91	static int check_pid (const char *file);
d67281a7 UD	92	static int write_pid (const char *file);
532a6035	93	static int monitor_child (int fd);
d67281a7	94
4d06461a UD	95	/* Name and version of program. */
	96	static void print_version (FILE stream, struct argp_state state);
	97	void (argp_program_version_hook) (FILE , struct argp_state *) = print_version;
	98
cbbcaf23 UD	99	/* Function to print some extra text in the help message. */
	100	static char more_help (int key, const char text, void *input);
	101
4d06461a UD	102	/* Definitions of arguments for argp functions. */
	103	static const struct argp_option options[] =
	104	{
	105	{ "config-file", 'f', N_("NAME"), 0,
	106	N_("Read configuration data from NAME") },
	107	{ "debug", 'd', NULL, 0,
	108	N_("Do not fork and display messages on the current tty") },
bb90b80b	109	{ "foreground", 'F', NULL, 0,
edfe0dbe	110	N_("Do not fork, but otherwise behave like a daemon") },
67479a70	111	{ "nthreads", 't', N_("NUMBER"), 0, N_("Start NUMBER threads") },
4d06461a	112	{ "shutdown", 'K', NULL, 0, N_("Shut the server down") },
1d20f7f8	113	{ "statistics", 'g', NULL, 0, N_("Print current configuration statistics") },
756409c4 UD	114	{ "invalidate", 'i', N_("TABLE"), 0,
756409c4 UD	115	N_("Invalidate the specified cache") },
3c12b91a UD	116	{ "secure", 'S', N_("TABLE,yes"), OPTION_HIDDEN,
3c12b91a UD	117	N_("Use separate cache for each user")},
4d06461a UD	118	{ NULL, 0, NULL, 0, NULL }
	119	};
	120
	121	/* Short description of program. */
67a96999	122	static const char doc[] = N_("Name Service Cache Daemon.");
4d06461a UD	123
4d06461a UD	124	/* Prototype for option handler. */
d8cf93f4	125	static error_t parse_opt (int key, char arg, struct argp_state state);
4d06461a UD	126
	127	/* Data structure to communicate with argp functions. */
	128	static struct argp argp =
	129	{
cbbcaf23	130	options, parse_opt, NULL, doc, NULL, more_help
4d06461a UD	131	};
4d06461a UD	132
a12ce44f UD	133	/* True if only statistics are requested. */
a12ce44f UD	134	static bool get_stats;
532a6035	135	static int parent_fd = -1;
a12ce44f	136
d67281a7 UD	137	int
	138	main (int argc, char **argv)
	139	{
4d06461a	140	int remaining;
d67281a7 UD	141
	142	/* Set locale via LC_ALL. */
	143	setlocale (LC_ALL, "");
	144	/* Set the text message domain. */
	145	textdomain (PACKAGE);
	146
74a30a58 UD	147	/* Determine if the kernel has SELinux support. */
	148	nscd_selinux_enabled (&selinux_enabled);
	149
4d06461a UD	150	/* Parse and process arguments. */
	151	argp_parse (&argp, argc, argv, 0, &remaining, NULL);
	152
14e9dd67	153	if (remaining != argc)
d67281a7	154	{
4d06461a UD	155	error (0, 0, gettext ("wrong number of arguments"));
4d06461a UD	156	argp_help (&argp, stdout, ARGP_HELP_SEE, program_invocation_short_name);
64d64de6	157	exit (1);
d67281a7 UD	158	}
d67281a7 UD	159
a12ce44f UD	160	/* Read the configuration file. */
a12ce44f UD	161	if (nscd_parse_file (conffile, dbs) != 0)
4fb5ab74 UD	162	/* We couldn't read the configuration file. We don't start the
	163	server. */
	164	error (EXIT_FAILURE, 0,
	165	_("failure while reading configuration file; this is fatal"));
a12ce44f UD	166
	167	/* Do we only get statistics? */
	168	if (get_stats)
	169	/* Does not return. */
	170	receive_print_stats ();
	171
d67281a7 UD	172	/* Check if we are already running. */
d67281a7 UD	173	if (check_pid (_PATH_NSCDPID))
67479a70	174	error (EXIT_FAILURE, 0, _("already running"));
d67281a7	175
c86e6aec UD	176	/* Remember when we started. */
	177	start_time = time (NULL);
	178
3418007e UD	179	/* Determine page size. */
	180	pagesize_m1 = getpagesize () - 1;
	181
91d8d69e	182	if (run_mode == RUN_DAEMONIZE \|\| run_mode == RUN_FOREGROUND)
d67281a7	183	{
6c202c68	184	int i;
bb90b80b	185	pid_t pid;
6c202c68	186
bb90b80b AJ	187	/* Behave like a daemon. */
	188	if (run_mode == RUN_DAEMONIZE)
	189	{
532a6035 SP	190	int fd[2];
	191
	192	if (pipe (fd) != 0)
	193	error (EXIT_FAILURE, errno,
	194	_("cannot create a pipe to talk to the child"));
	195
bb90b80b AJ	196	pid = fork ();
	197	if (pid == -1)
	198	error (EXIT_FAILURE, errno, _("cannot fork"));
	199	if (pid != 0)
532a6035 SP	200	{
	201	/* The parent only reads from the child. */
	202	close (fd[1]);
	203	exit (monitor_child (fd[0]));
	204	}
	205	else
	206	{
	207	/* The child only writes to the parent. */
	208	close (fd[0]);
	209	parent_fd = fd[1];
	210	}
bb90b80b	211	}
6c202c68	212
d4397629 UD	213	int nullfd = open (_PATH_DEVNULL, O_RDWR);
	214	if (nullfd != -1)
	215	{
	216	struct stat64 st;
	217
	218	if (fstat64 (nullfd, &st) == 0 && S_ISCHR (st.st_mode) != 0
	219	#if defined DEV_NULL_MAJOR && defined DEV_NULL_MINOR
	220	&& st.st_rdev == makedev (DEV_NULL_MAJOR, DEV_NULL_MINOR)
	221	#endif
	222	)
	223	{
	224	/* It is the /dev/null special device alright. */
	225	(void) dup2 (nullfd, STDIN_FILENO);
	226	(void) dup2 (nullfd, STDOUT_FILENO);
	227	(void) dup2 (nullfd, STDERR_FILENO);
	228
	229	if (nullfd > 2)
	230	close (nullfd);
	231	}
	232	else
	233	{
	234	/* Ugh, somebody is trying to play a trick on us. */
	235	close (nullfd);
	236	nullfd = -1;
	237	}
	238	}
	239	int min_close_fd = nullfd == -1 ? 0 : STDERR_FILENO + 1;
	240
	241	DIR *d = opendir ("/proc/self/fd");
	242	if (d != NULL)
	243	{
	244	struct dirent64 *dirent;
	245	int dfdn = dirfd (d);
	246
	247	while ((dirent = readdir64 (d)) != NULL)
	248	{
	249	char *endp;
4c5dd2a2	250	long int fdn = strtol (dirent->d_name, &endp, 10);
d4397629	251
532a6035 SP	252	if (*endp == '\0' && fdn != dfdn && fdn >= min_close_fd
532a6035 SP	253	&& fdn != parent_fd)
d4397629 UD	254	close ((int) fdn);
	255	}
	256
	257	closedir (d);
	258	}
	259	else
	260	for (i = min_close_fd; i < getdtablesize (); i++)
532a6035 SP	261	if (i != parent_fd)
532a6035 SP	262	close (i);
6c202c68	263
adcf0e4a UD	264	setsid ();
adcf0e4a UD	265
be686f18	266	if (chdir ("/") != 0)
532a6035 SP	267	do_exit (EXIT_FAILURE, errno,
532a6035 SP	268	_("cannot change current working directory to \"/\""));
6c202c68	269
d67281a7 UD	270	openlog ("nscd", LOG_CONS \| LOG_ODELAY, LOG_DAEMON);
d67281a7 UD	271
d67281a7	272	if (write_pid (_PATH_NSCDPID) < 0)
561470e0	273	dbg_log ("%s: %s", _PATH_NSCDPID, strerror (errno));
d67281a7	274
f4047366 UD	275	if (!init_logfile ())
	276	dbg_log (_("Could not create log file"));
	277
67479a70	278	/* Ignore job control signals. */
d67281a7 UD	279	signal (SIGTTOU, SIG_IGN);
	280	signal (SIGTTIN, SIG_IGN);
	281	signal (SIGTSTP, SIG_IGN);
	282	}
4401d759	283	else
bb90b80b	284	/* In debug mode we are not paranoid. */
4401d759	285	paranoia = 0;
6c202c68 UD	286
	287	signal (SIGINT, termination_handler);
	288	signal (SIGQUIT, termination_handler);
	289	signal (SIGTERM, termination_handler);
	290	signal (SIGPIPE, SIG_IGN);
	291
230c3e1e	292	/* Cleanup files created by a previous 'bind'. */
d67281a7 UD	293	unlink (_PATH_NSCDSOCKET);
d67281a7 UD	294
319b9ad4 UD	295	#ifdef HAVE_INOTIFY
	296	/* Use inotify to recognize changed files. */
	297	inotify_fd = inotify_init1 (IN_NONBLOCK);
	298	# ifndef __ASSUME_IN_NONBLOCK
	299	if (inotify_fd == -1 && errno == ENOSYS)
	300	{
	301	inotify_fd = inotify_init ();
	302	if (inotify_fd != -1)
	303	fcntl (inotify_fd, F_SETFL, O_RDONLY \| O_NONBLOCK);
	304	}
	305	# endif
	306	#endif
	307
3cc3ef96	308	#ifdef USE_NSCD
ef4d5b32	309	/* Make sure we do not get recursive calls. */
319b9ad4	310	__nss_disable_nscd (register_traced_file);
3cc3ef96	311	#endif
ef4d5b32	312
67479a70	313	/* Init databases. */
a12ce44f	314	nscd_init ();
d67281a7	315
a9ae54a1 AS	316	/* Start the SELinux AVC. */
	317	if (selinux_enabled)
	318	nscd_avc_init ();
	319
d67281a7	320	/* Handle incoming requests */
67479a70	321	start_threads ();
d67281a7 UD	322
	323	return 0;
	324	}
	325
4d06461a UD	326
	327	/* Handle program arguments. */
	328	static error_t
	329	parse_opt (int key, char arg, struct argp_state state)
	330	{
	331	switch (key)
	332	{
	333	case 'd':
67479a70	334	++debug_level;
bb90b80b AJ	335	run_mode = RUN_DEBUG;
	336	break;
	337
	338	case 'F':
	339	run_mode = RUN_FOREGROUND;
4d06461a	340	break;
67479a70	341
4d06461a UD	342	case 'f':
	343	conffile = arg;
	344	break;
67479a70	345
4d06461a UD	346	case 'K':
4d06461a UD	347	if (getuid () != 0)
64d64de6	348	error (4, 0, _("Only root is allowed to use this option!"));
4d06461a	349	{
67479a70	350	int sock = nscd_open_socket ();
4d06461a UD	351
	352	if (sock == -1)
	353	exit (EXIT_FAILURE);
	354
8c6d1043	355	request_header req;
4d06461a UD	356	req.version = NSCD_VERSION;
	357	req.type = SHUTDOWN;
	358	req.key_len = 0;
8c6d1043 UD	359
	360	ssize_t nbytes = TEMP_FAILURE_RETRY (send (sock, &req,
	361	sizeof (request_header),
	362	MSG_NOSIGNAL));
4d06461a	363	close (sock);
67479a70	364	exit (nbytes != sizeof (request_header) ? EXIT_FAILURE : EXIT_SUCCESS);
4d06461a	365	}
67479a70	366
4d06461a	367	case 'g':
a12ce44f UD	368	get_stats = true;
a12ce44f UD	369	break;
67479a70	370
756409c4 UD	371	case 'i':
756409c4 UD	372	if (getuid () != 0)
64d64de6	373	error (4, 0, _("Only root is allowed to use this option!"));
756409c4 UD	374	else
	375	{
	376	int sock = nscd_open_socket ();
756409c4 UD	377
	378	if (sock == -1)
	379	exit (EXIT_FAILURE);
	380
b21fa963 UD	381	dbtype cnt;
	382	for (cnt = pwddb; cnt < lastdb; ++cnt)
	383	if (strcmp (arg, dbnames[cnt]) == 0)
	384	break;
	385
	386	if (cnt == lastdb)
251fe50c RM	387	{
	388	argp_error (state, _("'%s' is not a known database"), arg);
	389	return EINVAL;
	390	}
756409c4	391
8c6d1043 UD	392	size_t arg_len = strlen (arg) + 1;
	393	struct
	394	{
	395	request_header req;
	396	char arg[arg_len];
	397	} reqdata;
756409c4	398
8c6d1043 UD	399	reqdata.req.key_len = strlen (arg) + 1;
	400	reqdata.req.version = NSCD_VERSION;
	401	reqdata.req.type = INVALIDATE;
	402	memcpy (reqdata.arg, arg, arg_len);
ead07d01	403
8c6d1043 UD	404	ssize_t nbytes = TEMP_FAILURE_RETRY (send (sock, &reqdata,
	405	sizeof (request_header)
	406	+ arg_len,
	407	MSG_NOSIGNAL));
902c4291	408
8c6d1043	409	if (nbytes != sizeof (request_header) + arg_len)
902c4291 UD	410	{
	411	int err = errno;
	412	close (sock);
	413	error (EXIT_FAILURE, err, _("write incomplete"));
	414	}
	415
	416	/* Wait for ack. Older nscd just closed the socket when
	417	prune_cache finished, silently ignore that. */
	418	int32_t resp = 0;
	419	nbytes = TEMP_FAILURE_RETRY (read (sock, &resp, sizeof (resp)));
	420	if (nbytes != 0 && nbytes != sizeof (resp))
	421	{
	422	int err = errno;
	423	close (sock);
	424	error (EXIT_FAILURE, err, _("cannot read invalidate ACK"));
	425	}
756409c4 UD	426
	427	close (sock);
	428
902c4291 UD	429	if (resp != 0)
	430	error (EXIT_FAILURE, resp, _("invalidation failed"));
	431
	432	exit (0);
756409c4 UD	433	}
756409c4 UD	434
67479a70 UD	435	case 't':
	436	nthreads = atol (arg);
	437	break;
	438
a1c542bf	439	case 'S':
3c12b91a	440	error (0, 0, _("secure services not implemented anymore"));
a1c542bf UD	441	break;
a1c542bf UD	442
4d06461a UD	443	default:
	444	return ARGP_ERR_UNKNOWN;
	445	}
67479a70	446
4d06461a UD	447	return 0;
	448	}
	449
cbbcaf23 UD	450	/* Print bug-reporting information in the help message. */
	451	static char *
	452	more_help (int key, const char text, void input)
	453	{
0c813d1f SK	454	char tables, tp = NULL;
0c813d1f SK	455
cbbcaf23 UD	456	switch (key)
	457	{
	458	case ARGP_KEY_HELP_EXTRA:
0c813d1f SK	459	{
	460	dbtype cnt;
	461
	462	tables = xmalloc (sizeof (dbnames) + 1);
	463	for (cnt = 0; cnt < lastdb; cnt++)
	464	{
	465	strcat (tables, dbnames[cnt]);
	466	strcat (tables, " ");
	467	}
	468	}
	469
cbbcaf23	470	/* We print some extra information. */
8b748aed	471	if (asprintf (&tp, gettext ("\
0c813d1f SK	472	Supported tables:\n\
	473	%s\n\
	474	\n\
cbbcaf23	475	For bug reporting instructions, please see:\n\
0c813d1f SK	476	%s.\n\
	477	"), tables, REPORT_BUGS_TO) < 0)
	478	tp = NULL;
	479	free (tables);
8b748aed	480	return tp;
0c813d1f	481
cbbcaf23 UD	482	default:
	483	break;
	484	}
0c813d1f	485
cbbcaf23 UD	486	return (char *) text;
	487	}
	488
4d06461a UD	489	/* Print the version information. */
	490	static void
	491	print_version (FILE stream, struct argp_state state)
	492	{
8b748aed	493	fprintf (stream, "nscd %s%s\n", PKGVERSION, VERSION);
4d06461a UD	494	fprintf (stream, gettext ("\
	495	Copyright (C) %s Free Software Foundation, Inc.\n\
	496	This is free software; see the source for copying conditions. There is NO\n\
	497	warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\
88726d48	498	"), "2014");
67479a70 UD	499	fprintf (stream, gettext ("Written by %s.\n"),
67479a70 UD	500	"Thorsten Kukuk and Ulrich Drepper");
4d06461a UD	501	}
	502
	503
67479a70	504	/* Create a socket connected to a name. */
d67281a7	505	int
67479a70	506	nscd_open_socket (void)
d67281a7 UD	507	{
	508	struct sockaddr_un addr;
	509	int sock;
	510
	511	sock = socket (PF_UNIX, SOCK_STREAM, 0);
	512	if (sock < 0)
	513	return -1;
	514
	515	addr.sun_family = AF_UNIX;
67479a70	516	assert (sizeof (addr.sun_path) >= sizeof (_PATH_NSCDSOCKET));
d67281a7 UD	517	strcpy (addr.sun_path, _PATH_NSCDSOCKET);
	518	if (connect (sock, (struct sockaddr *) &addr, sizeof (addr)) < 0)
	519	{
	520	close (sock);
	521	return -1;
	522	}
	523
	524	return sock;
	525	}
	526
4401d759	527
d67281a7	528	/* Cleanup. */
67479a70	529	void
d67281a7 UD	530	termination_handler (int signum)
	531	{
	532	close_sockets ();
	533
230c3e1e	534	/* Clean up the file created by 'bind'. */
d67281a7 UD	535	unlink (_PATH_NSCDSOCKET);
	536
	537	/* Clean up pid file. */
	538	unlink (_PATH_NSCDPID);
	539
a95a08b4 UD	540	// XXX Terminate threads.
	541
	542	/* Synchronize memory. */
	543	for (int cnt = 0; cnt < lastdb; ++cnt)
74fef3bb	544	{
feb1eb0b	545	if (!dbs[cnt].enabled \|\| dbs[cnt].head == NULL)
6aa10807 UD	546	continue;
6aa10807 UD	547
74fef3bb UD	548	/* Make sure nobody keeps using the database. */
	549	dbs[cnt].head->timestamp = 0;
	550
	551	if (dbs[cnt].persistent)
	552	// XXX async OK?
	553	msync (dbs[cnt].head, dbs[cnt].memsize, MS_ASYNC);
	554	}
a95a08b4	555
230c3e1e	556	_exit (EXIT_SUCCESS);
d67281a7 UD	557	}
d67281a7 UD	558
d67281a7 UD	559	/* Returns 1 if the process in pid file FILE is running, 0 if not. */
	560	static int
	561	check_pid (const char *file)
	562	{
	563	FILE *fp;
	564
	565	fp = fopen (file, "r");
	566	if (fp)
	567	{
	568	pid_t pid;
67479a70	569	int n;
d67281a7	570
67479a70	571	n = fscanf (fp, "%d", &pid);
d67281a7 UD	572	fclose (fp);
d67281a7 UD	573
4401d759 UD	574	/* If we cannot parse the file default to assuming nscd runs.
	575	If the PID is alive, assume it is running. That all unless
	576	the PID is the same as the current process' since tha latter
	577	can mean we re-exec. */
	578	if ((n != 1 \|\| kill (pid, 0) == 0) && pid != getpid ())
561470e0	579	return 1;
d67281a7 UD	580	}
	581
	582	return 0;
	583	}
	584
	585	/* Write the current process id to the file FILE.
	586	Returns 0 if successful, -1 if not. */
	587	static int
	588	write_pid (const char *file)
	589	{
	590	FILE *fp;
	591
	592	fp = fopen (file, "w");
	593	if (fp == NULL)
	594	return -1;
	595
	596	fprintf (fp, "%d\n", getpid ());
0292b0dd UD	597
0292b0dd UD	598	int result = fflush (fp) \|\| ferror (fp) ? -1 : 0;
d67281a7 UD	599
	600	fclose (fp);
	601
0292b0dd	602	return result;
d67281a7	603	}
532a6035 SP	604
	605	static int
	606	monitor_child (int fd)
	607	{
	608	int child_ret = 0;
	609	int ret = read (fd, &child_ret, sizeof (child_ret));
	610
	611	/* The child terminated with an error, either via exit or some other abnormal
	612	method, like a segfault. */
	613	if (ret <= 0 \|\| child_ret != 0)
	614	{
	615	int err = wait (&child_ret);
	616
	617	if (err < 0)
	618	{
	619	fprintf (stderr, _("wait failed"));
	620	return 1;
	621	}
	622
	623	fprintf (stderr, _("child exited with status %d"),
	624	WEXITSTATUS (child_ret));
	625	if (WIFSIGNALED (child_ret))
	626	fprintf (stderr, _(", terminated by signal %d.\n"),
	627	WTERMSIG (child_ret));
	628	else
	629	fprintf (stderr, ".\n");
	630	}
	631
	632	/* We have the child status, so exit with that code. */
	633	close (fd);
	634
	635	return child_ret;
	636	}
	637
	638	void
	639	do_exit (int child_ret, int errnum, const char *format, ...)
	640	{
	641	if (parent_fd != -1)
	642	{
	643	int ret = write (parent_fd, &child_ret, sizeof (child_ret));
	644	assert (ret == sizeof (child_ret));
	645	close (parent_fd);
	646	}
	647
	648	if (format != NULL)
	649	{
	650	/* Emulate error() since we don't have a va_list variant for it. */
	651	va_list argp;
	652
	653	fflush (stdout);
	654
	655	fprintf (stderr, "%s: ", program_invocation_name);
	656
	657	va_start (argp, format);
	658	vfprintf (stderr, format, argp);
	659	va_end (argp);
	660
	661	fprintf (stderr, ": %s\n", strerror (errnum));
	662	fflush (stderr);
	663	}
	664
	665	/* Finally, exit. */
	666	exit (child_ret);
	667	}
668
669	void
670	notify_parent (int child_ret)
671	{
672	if (parent_fd == -1)
673	return;
674
675	int ret = write (parent_fd, &child_ret, sizeof (child_ret));
676	assert (ret == sizeof (child_ret));
677	close (parent_fd);
678	parent_fd = -1;
679	}