nscd/nscd.c

   1 /* Copyright (c) 1998,1999,2000,2001,2002,2003 Free Software Foundation, Inc.
   2    This file is part of the GNU C Library.
   3    Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998.
   4
   5    The GNU C Library is free software; you can redistribute it and/or
   6    modify it under the terms of the GNU Lesser General Public
   7    License as published by the Free Software Foundation; either
   8    version 2.1 of the License, or (at your option) any later version.
   9
  10    The GNU C Library is distributed in the hope that it will be useful,
  11    but WITHOUT ANY WARRANTY; without even the implied warranty of
  12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  13    Lesser General Public License for more details.
  14
  15    You should have received a copy of the GNU Lesser General Public
  16    License along with the GNU C Library; if not, write to the Free
  17    Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
  18    02111-1307 USA.  */
  19
  20 /* nscd - Name Service Cache Daemon. Caches passwd, group, and hosts.  */
  21
  22 #include <argp.h>
  23 #include <assert.h>
  24 #include <dirent.h>
  25 #include <errno.h>
  26 #include <error.h>
  27 #include <fcntl.h>
  28 #include <libintl.h>
  29 #include <locale.h>
  30 #include <paths.h>
  31 #include <pthread.h>
  32 #include <signal.h>
  33 #include <stdio.h>
  34 #include <stdlib.h>
  35 #include <string.h>
  36 #include <syslog.h>
  37 #include <unistd.h>
  38 #include <sys/socket.h>
  39 #include <sys/stat.h>
  40 #include <sys/un.h>
  41
  42 #include "dbg_log.h"
  43 #include "nscd.h"
  44 #include <device-nrs.h>
  45
  46 /* Get libc version number.  */
  47 #include <version.h>
  48
  49 #define PACKAGE _libc_intl_domainname
  50
  51 /* Structure used by main() thread to keep track of the number of
  52    active threads.  Used to limit how many threads it will create
  53    and under a shutdown condition to wait till all in-progress
  54    requests have finished before "turning off the lights".  */
  55
  56 typedef struct
  57 {
  58   int             num_active;
  59   pthread_cond_t  thread_exit_cv;
  60   pthread_mutex_t mutex;
  61 } thread_info_t;
  62
  63 thread_info_t thread_info;
  64
  65 int do_shutdown;
  66 int disabled_passwd;
  67 int disabled_group;
  68 int go_background = 1;
  69
  70 int secure[lastdb];
  71 int secure_in_use;
  72 static const char *conffile = _PATH_NSCDCONF;
  73
  74 static int check_pid (const char *file);
  75 static int write_pid (const char *file);
  76
  77 /* Name and version of program.  */
  78 static void print_version (FILE *stream, struct argp_state *state);
  79 void (*argp_program_version_hook) (FILE *, struct argp_state *) = print_version;
  80
  81 /* Definitions of arguments for argp functions.  */
  82 static const struct argp_option options[] =
  83 {
  84   { "config-file", 'f', N_("NAME"), 0,
  85     N_("Read configuration data from NAME") },
  86   { "debug", 'd', NULL, 0,
  87     N_("Do not fork and display messages on the current tty") },
  88   { "nthreads", 't', N_("NUMBER"), 0, N_("Start NUMBER threads") },
  89   { "shutdown", 'K', NULL, 0, N_("Shut the server down") },
  90   { "statistic", 'g', NULL, 0, N_("Print current configuration statistic") },
  91   { "invalidate", 'i', N_("TABLE"), 0,
  92     N_("Invalidate the specified cache") },
  93   { "secure", 'S', N_("TABLE,yes"), 0, N_("Use separate cache for each user")},
  94   { NULL, 0, NULL, 0, NULL }
  95 };
  96
  97 /* Short description of program.  */
  98 static const char doc[] = N_("Name Service Cache Daemon.");
  99
 100 /* Prototype for option handler.  */
 101 static error_t parse_opt (int key, char *arg, struct argp_state *state);
 102
 103 /* Data structure to communicate with argp functions.  */
 104 static struct argp argp =
 105 {
 106   options, parse_opt, NULL, doc,
 107 };
 108
 109 int
 110 main (int argc, char **argv)
 111 {
 112   int remaining;
 113
 114   /* Set locale via LC_ALL.  */
 115   setlocale (LC_ALL, "");
 116   /* Set the text message domain.  */
 117   textdomain (PACKAGE);
 118
 119   /* Parse and process arguments.  */
 120   argp_parse (&argp, argc, argv, 0, &remaining, NULL);
 121
 122   if (remaining != argc)
 123     {
 124       error (0, 0, gettext ("wrong number of arguments"));
 125       argp_help (&argp, stdout, ARGP_HELP_SEE, program_invocation_short_name);
 126       exit (EXIT_FAILURE);
 127     }
 128
 129   /* Check if we are already running. */
 130   if (check_pid (_PATH_NSCDPID))
 131     error (EXIT_FAILURE, 0, _("already running"));
 132
 133   /* Behave like a daemon.  */
 134   if (go_background)
 135     {
 136       int i;
 137
 138       if (fork ())
 139         exit (0);
 140
 141       int nullfd = open (_PATH_DEVNULL, O_RDWR);
 142       if (nullfd != -1)
 143         {
 144           struct stat64 st;
 145
 146           if (fstat64 (nullfd, &st) == 0 && S_ISCHR (st.st_mode) != 0
 147 #if defined DEV_NULL_MAJOR && defined DEV_NULL_MINOR
 148               && st.st_rdev == makedev (DEV_NULL_MAJOR, DEV_NULL_MINOR)
 149 #endif
 150               )
 151             {
 152               /* It is the /dev/null special device alright.  */
 153               (void) dup2 (nullfd, STDIN_FILENO);
 154               (void) dup2 (nullfd, STDOUT_FILENO);
 155               (void) dup2 (nullfd, STDERR_FILENO);
 156
 157               if (nullfd > 2)
 158                 close (nullfd);
 159             }
 160           else
 161             {
 162               /* Ugh, somebody is trying to play a trick on us.  */
 163               close (nullfd);
 164               nullfd = -1;
 165             }
 166         }
 167       int min_close_fd = nullfd == -1 ? 0 : STDERR_FILENO + 1;
 168
 169       DIR *d = opendir ("/proc/self/fd");
 170       if (d != NULL)
 171         {
 172           struct dirent64 *dirent;
 173           int dfdn = dirfd (d);
 174
 175           while ((dirent = readdir64 (d)) != NULL)
 176             {
 177               char *endp;
 178               unsigned long int fdn = strtoul (dirent->d_name, &endp, 10);
 179
 180               if (*endp == '\0' && fdn != dfdn && fdn >= min_close_fd)
 181                 close ((int) fdn);
 182             }
 183
 184           closedir (d);
 185         }
 186       else
 187         for (i = min_close_fd; i < getdtablesize (); i++)
 188           close (i);
 189
 190       if (fork ())
 191         exit (0);
 192
 193       setsid ();
 194
 195       chdir ("/");
 196
 197       openlog ("nscd", LOG_CONS | LOG_ODELAY, LOG_DAEMON);
 198
 199       if (write_pid (_PATH_NSCDPID) < 0)
 200         dbg_log ("%s: %s", _PATH_NSCDPID, strerror (errno));
 201
 202       /* Ignore job control signals.  */
 203       signal (SIGTTOU, SIG_IGN);
 204       signal (SIGTTIN, SIG_IGN);
 205       signal (SIGTSTP, SIG_IGN);
 206     }
 207
 208   signal (SIGINT, termination_handler);
 209   signal (SIGQUIT, termination_handler);
 210   signal (SIGTERM, termination_handler);
 211   signal (SIGPIPE, SIG_IGN);
 212
 213   /* Cleanup files created by a previous `bind'.  */
 214   unlink (_PATH_NSCDSOCKET);
 215
 216   /* Init databases.  */
 217   nscd_init (conffile);
 218
 219   /* Handle incoming requests */
 220   start_threads ();
 221
 222   return 0;
 223 }
 224
 225
 226 /* Handle program arguments.  */
 227 static error_t
 228 parse_opt (int key, char *arg, struct argp_state *state)
 229 {
 230   switch (key)
 231     {
 232     case 'd':
 233       ++debug_level;
 234       go_background = 0;
 235       break;
 236
 237     case 'f':
 238       conffile = arg;
 239       break;
 240
 241     case 'K':
 242       if (getuid () != 0)
 243         error (EXIT_FAILURE, 0, _("Only root is allowed to use this option!"));
 244       {
 245         int sock = nscd_open_socket ();
 246         request_header req;
 247         ssize_t nbytes;
 248
 249         if (sock == -1)
 250           exit (EXIT_FAILURE);
 251
 252         req.version = NSCD_VERSION;
 253         req.type = SHUTDOWN;
 254         req.key_len = 0;
 255         nbytes = TEMP_FAILURE_RETRY (write (sock, &req,
 256                                             sizeof (request_header)));
 257         close (sock);
 258         exit (nbytes != sizeof (request_header) ? EXIT_FAILURE : EXIT_SUCCESS);
 259       }
 260
 261     case 'g':
 262       if (getuid () != 0)
 263         error (EXIT_FAILURE, 0, _("Only root is allowed to use this option!"));
 264       receive_print_stats ();
 265       /* Does not return.  */
 266
 267     case 'i':
 268       if (getuid () != 0)
 269         error (EXIT_FAILURE, 0, _("Only root is allowed to use this option!"));
 270       else
 271         {
 272           int sock = nscd_open_socket ();
 273           request_header req;
 274           ssize_t nbytes;
 275
 276           if (sock == -1)
 277             exit (EXIT_FAILURE);
 278
 279           if (strcmp (arg, "passwd") == 0)
 280             req.key_len = sizeof "passwd";
 281           else if (strcmp (arg, "group") == 0)
 282             req.key_len = sizeof "group";
 283           else if (strcmp (arg, "hosts") == 0)
 284             req.key_len = sizeof "hosts";
 285           else
 286             return ARGP_ERR_UNKNOWN;
 287
 288           req.version = NSCD_VERSION;
 289           req.type = INVALIDATE;
 290           nbytes = TEMP_FAILURE_RETRY (write (sock, &req,
 291                                               sizeof (request_header)));
 292           if (nbytes != sizeof (request_header))
 293             {
 294               close (sock);
 295               exit (EXIT_FAILURE);
 296             }
 297
 298           nbytes = TEMP_FAILURE_RETRY (write (sock, (void *)arg, req.key_len));
 299
 300           close (sock);
 301
 302           exit (nbytes != req.key_len ? EXIT_FAILURE : EXIT_SUCCESS);
 303         }
 304
 305     case 't':
 306       nthreads = atol (arg);
 307       break;
 308
 309     case 'S':
 310       if (strcmp (arg, "passwd,yes") == 0)
 311         secure_in_use = secure[pwddb] = 1;
 312       else if (strcmp (arg, "group,yes") == 0)
 313         secure_in_use = secure[grpdb] = 1;
 314       else if (strcmp (arg, "hosts,yes") == 0)
 315         secure_in_use = secure[hstdb] = 1;
 316       break;
 317
 318     default:
 319       return ARGP_ERR_UNKNOWN;
 320     }
 321
 322   return 0;
 323 }
 324
 325 /* Print the version information.  */
 326 static void
 327 print_version (FILE *stream, struct argp_state *state)
 328 {
 329   fprintf (stream, "nscd (GNU %s) %s\n", PACKAGE, VERSION);
 330   fprintf (stream, gettext ("\
 331 Copyright (C) %s Free Software Foundation, Inc.\n\
 332 This is free software; see the source for copying conditions.  There is NO\n\
 333 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\
 334 "), "2003");
 335   fprintf (stream, gettext ("Written by %s.\n"),
 336            "Thorsten Kukuk and Ulrich Drepper");
 337 }
 338
 339
 340 /* Create a socket connected to a name.  */
 341 int
 342 nscd_open_socket (void)
 343 {
 344   struct sockaddr_un addr;
 345   int sock;
 346
 347   sock = socket (PF_UNIX, SOCK_STREAM, 0);
 348   if (sock < 0)
 349     return -1;
 350
 351   addr.sun_family = AF_UNIX;
 352   assert (sizeof (addr.sun_path) >= sizeof (_PATH_NSCDSOCKET));
 353   strcpy (addr.sun_path, _PATH_NSCDSOCKET);
 354   if (connect (sock, (struct sockaddr *) &addr, sizeof (addr)) < 0)
 355     {
 356       close (sock);
 357       return -1;
 358     }
 359
 360   return sock;
 361 }
 362
 363 /* Cleanup.  */
 364 void
 365 termination_handler (int signum)
 366 {
 367   close_sockets ();
 368
 369   /* Clean up the file created by `bind'.  */
 370   unlink (_PATH_NSCDSOCKET);
 371
 372   /* Clean up pid file.  */
 373   unlink (_PATH_NSCDPID);
 374
 375   exit (EXIT_SUCCESS);
 376 }
 377
 378 /* Returns 1 if the process in pid file FILE is running, 0 if not.  */
 379 static int
 380 check_pid (const char *file)
 381 {
 382   FILE *fp;
 383
 384   fp = fopen (file, "r");
 385   if (fp)
 386     {
 387       pid_t pid;
 388       int n;
 389
 390       n = fscanf (fp, "%d", &pid);
 391       fclose (fp);
 392
 393       if (n != 1 || kill (pid, 0) == 0)
 394         return 1;
 395     }
 396
 397   return 0;
 398 }
 399
 400 /* Write the current process id to the file FILE.
 401    Returns 0 if successful, -1 if not.  */
 402 static int
 403 write_pid (const char *file)
 404 {
 405   FILE *fp;
 406
 407   fp = fopen (file, "w");
 408   if (fp == NULL)
 409     return -1;
 410
 411   fprintf (fp, "%d\n", getpid ());
 412   if (fflush (fp) || ferror (fp))
 413     return -1;
 414
 415   fclose (fp);
 416
 417   return 0;
 418 }