]> git.ipfire.org Git - thirdparty/glibc.git/blob - nscd/pwdcache.c
projects / thirdparty / glibc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
[BZ #5209, BZ #5381]
[thirdparty/glibc.git] / nscd / pwdcache.c
1 /* Cache handling for passwd lookup.
2 Copyright (C) 1998-2005, 2006, 2007, 2008 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4 Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published
8 by the Free Software Foundation; version 2 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software Foundation,
18 Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
19
20 #include <alloca.h>
21 #include <assert.h>
22 #include <errno.h>
23 #include <error.h>
24 #include <libintl.h>
25 #include <pwd.h>
26 #include <stdbool.h>
27 #include <stddef.h>
28 #include <stdio.h>
29 #include <stdlib.h>
30 #include <string.h>
31 #include <time.h>
32 #include <unistd.h>
33 #include <sys/mman.h>
34 #include <sys/socket.h>
35 #include <stackinfo.h>
36
37 #include "nscd.h"
38 #include "dbg_log.h"
39 #ifdef HAVE_SENDFILE
40 # include <kernel-features.h>
41 #endif
42
43 /* This is the standard reply in case the service is disabled. */
44 static const pw_response_header disabled =
45 {
46 .version = NSCD_VERSION,
47 .found = -1,
48 .pw_name_len = 0,
49 .pw_passwd_len = 0,
50 .pw_uid = -1,
51 .pw_gid = -1,
52 .pw_gecos_len = 0,
53 .pw_dir_len = 0,
54 .pw_shell_len = 0
55 };
56
57 /* This is the struct describing how to write this record. */
58 const struct iovec pwd_iov_disabled =
59 {
60 .iov_base = (void *) &disabled,
61 .iov_len = sizeof (disabled)
62 };
63
64
65 /* This is the standard reply in case we haven't found the dataset. */
66 static const pw_response_header notfound =
67 {
68 .version = NSCD_VERSION,
69 .found = 0,
70 .pw_name_len = 0,
71 .pw_passwd_len = 0,
72 .pw_uid = -1,
73 .pw_gid = -1,
74 .pw_gecos_len = 0,
75 .pw_dir_len = 0,
76 .pw_shell_len = 0
77 };
78
79
80 static void
81 cache_addpw (struct database_dyn *db, int fd, request_header *req,
82 const void *key, struct passwd *pwd, uid_t owner,
83 struct hashentry *he, struct datahead *dh, int errval)
84 {
85 ssize_t total;
86 ssize_t written;
87 time_t t = time (NULL);
88
89 /* We allocate all data in one memory block: the iov vector,
90 the response header and the dataset itself. */
91 struct dataset
92 {
93 struct datahead head;
94 pw_response_header resp;
95 char strdata[0];
96 } *dataset;
97
98 assert (offsetof (struct dataset, resp) == offsetof (struct datahead, data));
99
100 if (pwd == NULL)
101 {
102 if (he != NULL && errval == EAGAIN)
103 {
104 /* If we have an old record available but cannot find one
105 now because the service is not available we keep the old
106 record and make sure it does not get removed. */
107 if (reload_count != UINT_MAX && dh->nreloads == reload_count)
108 /* Do not reset the value if we never not reload the record. */
109 dh->nreloads = reload_count - 1;
110
111 written = total = 0;
112 }
113 else
114 {
115 /* We have no data. This means we send the standard reply for this
116 case. */
117 written = total = sizeof (notfound);
118
119 if (fd != -1)
120 written = TEMP_FAILURE_RETRY (send (fd, &notfound, total,
121 MSG_NOSIGNAL));
122
123 dataset = mempool_alloc (db, sizeof (struct dataset) + req->key_len,
124 IDX_result_data);
125 /* If we cannot permanently store the result, so be it. */
126 if (dataset != NULL)
127 {
128 dataset->head.allocsize = sizeof (struct dataset) + req->key_len;
129 dataset->head.recsize = total;
130 dataset->head.notfound = true;
131 dataset->head.nreloads = 0;
132 dataset->head.usable = true;
133
134 /* Compute the timeout time. */
135 dataset->head.timeout = t + db->negtimeout;
136
137 /* This is the reply. */
138 memcpy (&dataset->resp, &notfound, total);
139
140 /* Copy the key data. */
141 char *key_copy = memcpy (dataset->strdata, key, req->key_len);
142
143 /* If necessary, we also propagate the data to disk. */
144 if (db->persistent)
145 {
146 // XXX async OK?
147 uintptr_t pval = (uintptr_t) dataset & ~pagesize_m1;
148 msync ((void *) pval,
149 ((uintptr_t) dataset & pagesize_m1)
150 + sizeof (struct dataset) + req->key_len, MS_ASYNC);
151 }
152
153 /* Now get the lock to safely insert the records. */
154 pthread_rwlock_rdlock (&db->lock);
155
156 if (cache_add (req->type, key_copy, req->key_len,
157 &dataset->head, true, db, owner) < 0)
158 /* Ensure the data can be recovered. */
159 dataset->head.usable = false;
160
161
162 pthread_rwlock_unlock (&db->lock);
163
164 /* Mark the old entry as obsolete. */
165 if (dh != NULL)
166 dh->usable = false;
167 }
168 else
169 ++db->head->addfailed;
170 }
171 }
172 else
173 {
174 /* Determine the I/O structure. */
175 size_t pw_name_len = strlen (pwd->pw_name) + 1;
176 size_t pw_passwd_len = strlen (pwd->pw_passwd) + 1;
177 size_t pw_gecos_len = strlen (pwd->pw_gecos) + 1;
178 size_t pw_dir_len = strlen (pwd->pw_dir) + 1;
179 size_t pw_shell_len = strlen (pwd->pw_shell) + 1;
180 char *cp;
181 const size_t key_len = strlen (key);
182 const size_t buf_len = 3 * sizeof (pwd->pw_uid) + key_len + 1;
183 char *buf = alloca (buf_len);
184 ssize_t n;
185
186 /* We need this to insert the `byuid' entry. */
187 int key_offset;
188 n = snprintf (buf, buf_len, "%d%c%n%s", pwd->pw_uid, '\0',
189 &key_offset, (char *) key) + 1;
190
191 written = total = (sizeof (struct dataset) + pw_name_len + pw_passwd_len
192 + pw_gecos_len + pw_dir_len + pw_shell_len);
193
194 /* If we refill the cache, first assume the reconrd did not
195 change. Allocate memory on the cache since it is likely
196 discarded anyway. If it turns out to be necessary to have a
197 new record we can still allocate real memory. */
198 bool alloca_used = false;
199 dataset = NULL;
200
201 if (he == NULL)
202 {
203 dataset = (struct dataset *) mempool_alloc (db, total + n,
204 IDX_result_data);
205 if (dataset == NULL)
206 ++db->head->addfailed;
207 }
208
209 if (dataset == NULL)
210 {
211 /* We cannot permanently add the result in the moment. But
212 we can provide the result as is. Store the data in some
213 temporary memory. */
214 dataset = (struct dataset *) alloca (total + n);
215
216 /* We cannot add this record to the permanent database. */
217 alloca_used = true;
218 }
219
220 dataset->head.allocsize = total + n;
221 dataset->head.recsize = total - offsetof (struct dataset, resp);
222 dataset->head.notfound = false;
223 dataset->head.nreloads = he == NULL ? 0 : (dh->nreloads + 1);
224 dataset->head.usable = true;
225
226 /* Compute the timeout time. */
227 dataset->head.timeout = t + db->postimeout;
228
229 dataset->resp.version = NSCD_VERSION;
230 dataset->resp.found = 1;
231 dataset->resp.pw_name_len = pw_name_len;
232 dataset->resp.pw_passwd_len = pw_passwd_len;
233 dataset->resp.pw_uid = pwd->pw_uid;
234 dataset->resp.pw_gid = pwd->pw_gid;
235 dataset->resp.pw_gecos_len = pw_gecos_len;
236 dataset->resp.pw_dir_len = pw_dir_len;
237 dataset->resp.pw_shell_len = pw_shell_len;
238
239 cp = dataset->strdata;
240
241 /* Copy the strings over into the buffer. */
242 cp = mempcpy (cp, pwd->pw_name, pw_name_len);
243 cp = mempcpy (cp, pwd->pw_passwd, pw_passwd_len);
244 cp = mempcpy (cp, pwd->pw_gecos, pw_gecos_len);
245 cp = mempcpy (cp, pwd->pw_dir, pw_dir_len);
246 cp = mempcpy (cp, pwd->pw_shell, pw_shell_len);
247
248 /* Finally the stringified UID value. */
249 memcpy (cp, buf, n);
250 char *key_copy = cp + key_offset;
251 assert (key_copy == (char *) rawmemchr (cp, '\0') + 1);
252
253 /* Now we can determine whether on refill we have to create a new
254 record or not. */
255 if (he != NULL)
256 {
257 assert (fd == -1);
258
259 if (total + n == dh->allocsize
260 && total - offsetof (struct dataset, resp) == dh->recsize
261 && memcmp (&dataset->resp, dh->data,
262 dh->allocsize - offsetof (struct dataset, resp)) == 0)
263 {
264 /* The data has not changed. We will just bump the
265 timeout value. Note that the new record has been
266 allocated on the stack and need not be freed. */
267 dh->timeout = dataset->head.timeout;
268 ++dh->nreloads;
269 }
270 else
271 {
272 /* We have to create a new record. Just allocate
273 appropriate memory and copy it. */
274 struct dataset *newp
275 = (struct dataset *) mempool_alloc (db, total + n,
276 IDX_result_data);
277 if (newp != NULL)
278 {
279 /* Adjust pointer into the memory block. */
280 cp = (char *) newp + (cp - (char *) dataset);
281 key_copy = (char *) newp + (key_copy - (char *) dataset);
282
283 dataset = memcpy (newp, dataset, total + n);
284 alloca_used = false;
285 }
286 else
287 ++db->head->addfailed;
288
289 /* Mark the old record as obsolete. */
290 dh->usable = false;
291 }
292 }
293 else
294 {
295 /* We write the dataset before inserting it to the database
296 since while inserting this thread might block and so would
297 unnecessarily let the receiver wait. */
298 assert (fd != -1);
299
300 #ifdef HAVE_SENDFILE
301 if (__builtin_expect (db->mmap_used, 1) && !alloca_used)
302 {
303 assert (db->wr_fd != -1);
304 assert ((char *) &dataset->resp > (char *) db->data);
305 assert ((char *) &dataset->resp - (char *) db->head
306 + total
307 <= (sizeof (struct database_pers_head)
308 + db->head->module * sizeof (ref_t)
309 + db->head->data_size));
310 written = sendfileall (fd, db->wr_fd,
311 (char *) &dataset->resp
312 - (char *) db->head, total);
313 # ifndef __ASSUME_SENDFILE
314 if (written == -1 && errno == ENOSYS)
315 goto use_write;
316 # endif
317 }
318 else
319 # ifndef __ASSUME_SENDFILE
320 use_write:
321 # endif
322 #endif
323 written = writeall (fd, &dataset->resp, total);
324 }
325
326
327 /* Add the record to the database. But only if it has not been
328 stored on the stack. */
329 if (! alloca_used)
330 {
331 /* If necessary, we also propagate the data to disk. */
332 if (db->persistent)
333 {
334 // XXX async OK?
335 uintptr_t pval = (uintptr_t) dataset & ~pagesize_m1;
336 msync ((void *) pval,
337 ((uintptr_t) dataset & pagesize_m1) + total + n,
338 MS_ASYNC);
339 }
340
341 /* Now get the lock to safely insert the records. */
342 pthread_rwlock_rdlock (&db->lock);
343
344 /* NB: in the following code we always must add the entry
345 marked with FIRST first. Otherwise we end up with
346 dangling "pointers" in case a latter hash entry cannot be
347 added. */
348 bool first = true;
349
350 /* If the request was by UID, add that entry first. */
351 if (req->type == GETPWBYUID)
352 {
353 if (cache_add (GETPWBYUID, cp, key_offset, &dataset->head, true,
354 db, owner) < 0)
355 {
356 /* Could not allocate memory. Make sure the data gets
357 discarded. */
358 dataset->head.usable = false;
359 goto out;
360 }
361
362 first = false;
363 }
364 /* If the key is different from the name add a separate entry. */
365 else if (strcmp (key_copy, dataset->strdata) != 0)
366 {
367 if (cache_add (GETPWBYNAME, key_copy, key_len + 1,
368 &dataset->head, true, db, owner) < 0)
369 {
370 /* Could not allocate memory. Make sure the data gets
371 discarded. */
372 dataset->head.usable = false;
373 goto out;
374 }
375
376 first = false;
377 }
378
379 /* We have to add the value for both, byname and byuid. */
380 if ((req->type == GETPWBYNAME || db->propagate)
381 && __builtin_expect (cache_add (GETPWBYNAME, dataset->strdata,
382 pw_name_len, &dataset->head,
383 first, db, owner) == 0, 1))
384 {
385 if (req->type == GETPWBYNAME && db->propagate)
386 (void) cache_add (GETPWBYUID, cp, key_offset, &dataset->head,
387 req->type != GETPWBYNAME, db, owner);
388 }
389 else if (first)
390 /* Could not allocate memory. Make sure the data gets
391 discarded. */
392 dataset->head.usable = false;
393
394 out:
395 pthread_rwlock_unlock (&db->lock);
396 }
397 }
398
399 if (__builtin_expect (written != total, 0) && debug_level > 0)
400 {
401 char buf[256];
402 dbg_log (_("short write in %s: %s"), __FUNCTION__,
403 strerror_r (errno, buf, sizeof (buf)));
404 }
405 }
406
407
408 union keytype
409 {
410 void *v;
411 uid_t u;
412 };
413
414
415 static int
416 lookup (int type, union keytype key, struct passwd *resultbufp, char *buffer,
417 size_t buflen, struct passwd **pwd)
418 {
419 if (type == GETPWBYNAME)
420 return __getpwnam_r (key.v, resultbufp, buffer, buflen, pwd);
421 else
422 return __getpwuid_r (key.u, resultbufp, buffer, buflen, pwd);
423 }
424
425
426 static void
427 addpwbyX (struct database_dyn *db, int fd, request_header *req,
428 union keytype key, const char *keystr, uid_t c_uid,
429 struct hashentry *he, struct datahead *dh)
430 {
431 /* Search for the entry matching the key. Please note that we don't
432 look again in the table whether the dataset is now available. We
433 simply insert it. It does not matter if it is in there twice. The
434 pruning function only will look at the timestamp. */
435 size_t buflen = 1024;
436 char *buffer = (char *) alloca (buflen);
437 struct passwd resultbuf;
438 struct passwd *pwd;
439 bool use_malloc = false;
440 int errval = 0;
441
442 if (__builtin_expect (debug_level > 0, 0))
443 {
444 if (he == NULL)
445 dbg_log (_("Haven't found \"%s\" in password cache!"), keystr);
446 else
447 dbg_log (_("Reloading \"%s\" in password cache!"), keystr);
448 }
449
450 while (lookup (req->type, key, &resultbuf, buffer, buflen, &pwd) != 0
451 && (errval = errno) == ERANGE)
452 {
453 errno = 0;
454
455 if (__builtin_expect (buflen > 32768, 0))
456 {
457 char *old_buffer = buffer;
458 buflen *= 2;
459 buffer = (char *) realloc (use_malloc ? buffer : NULL, buflen);
460 if (buffer == NULL)
461 {
462 /* We ran out of memory. We cannot do anything but
463 sending a negative response. In reality this should
464 never happen. */
465 pwd = NULL;
466 buffer = old_buffer;
467
468 /* We set the error to indicate this is (possibly) a
469 temporary error and that it does not mean the entry
470 is not available at all. */
471 errval = EAGAIN;
472 break;
473 }
474 use_malloc = true;
475 }
476 else
477 /* Allocate a new buffer on the stack. If possible combine it
478 with the previously allocated buffer. */
479 buffer = (char *) extend_alloca (buffer, buflen, 2 * buflen);
480 }
481
482 /* Add the entry to the cache. */
483 cache_addpw (db, fd, req, keystr, pwd, c_uid, he, dh, errval);
484
485 if (use_malloc)
486 free (buffer);
487 }
488
489
490 void
491 addpwbyname (struct database_dyn *db, int fd, request_header *req,
492 void *key, uid_t c_uid)
493 {
494 union keytype u = { .v = key };
495
496 addpwbyX (db, fd, req, u, key, c_uid, NULL, NULL);
497 }
498
499
500 void
501 readdpwbyname (struct database_dyn *db, struct hashentry *he,
502 struct datahead *dh)
503 {
504 request_header req =
505 {
506 .type = GETPWBYNAME,
507 .key_len = he->len
508 };
509 union keytype u = { .v = db->data + he->key };
510
511 addpwbyX (db, -1, &req, u, db->data + he->key, he->owner, he, dh);
512 }
513
514
515 void
516 addpwbyuid (struct database_dyn *db, int fd, request_header *req,
517 void *key, uid_t c_uid)
518 {
519 char *ep;
520 uid_t uid = strtoul ((char *) key, &ep, 10);
521
522 if (*(char *) key == '\0' || *ep != '\0') /* invalid numeric uid */
523 {
524 if (debug_level > 0)
525 dbg_log (_("Invalid numeric uid \"%s\"!"), (char *) key);
526
527 errno = EINVAL;
528 return;
529 }
530
531 union keytype u = { .u = uid };
532
533 addpwbyX (db, fd, req, u, key, c_uid, NULL, NULL);
534 }
535
536
537 void
538 readdpwbyuid (struct database_dyn *db, struct hashentry *he,
539 struct datahead *dh)
540 {
541 char *ep;
542 uid_t uid = strtoul (db->data + he->key, &ep, 10);
543
544 /* Since the key has been added before it must be OK. */
545 assert (*(db->data + he->key) != '\0' && *ep == '\0');
546
547 request_header req =
548 {
549 .type = GETPWBYUID,
550 .key_len = he->len
551 };
552 union keytype u = { .u = uid };
553
554 addpwbyX (db, -1, &req, u, db->data + he->key, he->owner, he, dh);
555 }
A mirror of the official glibc repository