-/* Copyright (c) 1998-2008, 2009, 2010, 2011 Free Software Foundation, Inc.
+/* Copyright (c) 1998-2019 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998.
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software Foundation,
- Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
+ along with this program; if not, see <https://www.gnu.org/licenses/>. */
/* nscd - Name Service Cache Daemon. Caches passwd, group, and hosts. */
#include <sys/stat.h>
#include <sys/uio.h>
#include <sys/un.h>
+#include <sys/wait.h>
+#include <stdarg.h>
#include "dbg_log.h"
#include "nscd.h"
#ifdef HAVE_INOTIFY
# include <sys/inotify.h>
#endif
+#include <kernel-features.h>
/* Get libc version number. */
#include <version.h>
#define PACKAGE _libc_intl_domainname
-/* Structure used by main() thread to keep track of the number of
- active threads. Used to limit how many threads it will create
- and under a shutdown condition to wait till all in-progress
- requests have finished before "turning off the lights". */
-
-typedef struct
-{
- int num_active;
- pthread_cond_t thread_exit_cv;
- pthread_mutex_t mutex;
-} thread_info_t;
-
-thread_info_t thread_info;
-
int do_shutdown;
int disabled_passwd;
int disabled_group;
-int go_background = 1;
+
+typedef enum
+{
+ /* Running in background as daemon. */
+ RUN_DAEMONIZE,
+ /* Running in foreground but otherwise behave like a daemon,
+ i.e., detach from terminal and use syslog. This allows
+ better integration with services like systemd. */
+ RUN_FOREGROUND,
+ /* Run in foreground in debug mode. */
+ RUN_DEBUG
+} run_modes;
+
+static run_modes run_mode = RUN_DAEMONIZE;
static const char *conffile = _PATH_NSCDCONF;
static int check_pid (const char *file);
static int write_pid (const char *file);
+static int monitor_child (int fd);
/* Name and version of program. */
static void print_version (FILE *stream, struct argp_state *state);
N_("Read configuration data from NAME") },
{ "debug", 'd', NULL, 0,
N_("Do not fork and display messages on the current tty") },
+ { "foreground", 'F', NULL, 0,
+ N_("Do not fork, but otherwise behave like a daemon") },
{ "nthreads", 't', N_("NUMBER"), 0, N_("Start NUMBER threads") },
{ "shutdown", 'K', NULL, 0, N_("Shut the server down") },
{ "statistics", 'g', NULL, 0, N_("Print current configuration statistics") },
/* True if only statistics are requested. */
static bool get_stats;
+static int parent_fd = -1;
int
main (int argc, char **argv)
/* Determine page size. */
pagesize_m1 = getpagesize () - 1;
- /* Behave like a daemon. */
- if (go_background)
+ if (run_mode == RUN_DAEMONIZE || run_mode == RUN_FOREGROUND)
{
int i;
+ pid_t pid;
+
+ /* Behave like a daemon. */
+ if (run_mode == RUN_DAEMONIZE)
+ {
+ int fd[2];
+
+ if (pipe (fd) != 0)
+ error (EXIT_FAILURE, errno,
+ _("cannot create a pipe to talk to the child"));
- pid_t pid = fork ();
- if (pid == -1)
- error (EXIT_FAILURE, errno, _("cannot fork"));
- if (pid != 0)
- exit (0);
+ pid = fork ();
+ if (pid == -1)
+ error (EXIT_FAILURE, errno, _("cannot fork"));
+ if (pid != 0)
+ {
+ /* The parent only reads from the child. */
+ close (fd[1]);
+ exit (monitor_child (fd[0]));
+ }
+ else
+ {
+ /* The child only writes to the parent. */
+ close (fd[0]);
+ parent_fd = fd[1];
+ }
+ }
int nullfd = open (_PATH_DEVNULL, O_RDWR);
if (nullfd != -1)
char *endp;
long int fdn = strtol (dirent->d_name, &endp, 10);
- if (*endp == '\0' && fdn != dfdn && fdn >= min_close_fd)
+ if (*endp == '\0' && fdn != dfdn && fdn >= min_close_fd
+ && fdn != parent_fd)
close ((int) fdn);
}
}
else
for (i = min_close_fd; i < getdtablesize (); i++)
- close (i);
-
- pid = fork ();
- if (pid == -1)
- error (EXIT_FAILURE, errno, _("cannot fork"));
- if (pid != 0)
- exit (0);
+ if (i != parent_fd)
+ close (i);
setsid ();
if (chdir ("/") != 0)
- error (EXIT_FAILURE, errno,
- _("cannot change current working directory to \"/\""));
+ do_exit (EXIT_FAILURE, errno,
+ _("cannot change current working directory to \"/\""));
openlog ("nscd", LOG_CONS | LOG_ODELAY, LOG_DAEMON);
signal (SIGTSTP, SIG_IGN);
}
else
- /* In foreground mode we are not paranoid. */
+ /* In debug mode we are not paranoid. */
paranoia = 0;
- /* Start the SELinux AVC. */
- if (selinux_enabled)
- nscd_avc_init ();
-
signal (SIGINT, termination_handler);
signal (SIGQUIT, termination_handler);
signal (SIGTERM, termination_handler);
# endif
#endif
+#ifdef USE_NSCD
/* Make sure we do not get recursive calls. */
__nss_disable_nscd (register_traced_file);
+#endif
/* Init databases. */
nscd_init ();
+ /* Start the SELinux AVC. */
+ if (selinux_enabled)
+ nscd_avc_init ();
+
/* Handle incoming requests */
start_threads ();
}
+static void __attribute__ ((noreturn))
+invalidate_db (const char *dbname)
+{
+ int sock = nscd_open_socket ();
+
+ if (sock == -1)
+ exit (EXIT_FAILURE);
+
+ size_t dbname_len = strlen (dbname) + 1;
+ size_t reqlen = sizeof (request_header) + dbname_len;
+ struct
+ {
+ request_header req;
+ char dbname[];
+ } *reqdata = alloca (reqlen);
+
+ reqdata->req.key_len = dbname_len;
+ reqdata->req.version = NSCD_VERSION;
+ reqdata->req.type = INVALIDATE;
+ memcpy (reqdata->dbname, dbname, dbname_len);
+
+ ssize_t nbytes = TEMP_FAILURE_RETRY (send (sock, reqdata, reqlen,
+ MSG_NOSIGNAL));
+
+ if (nbytes != reqlen)
+ {
+ int err = errno;
+ close (sock);
+ error (EXIT_FAILURE, err, _("write incomplete"));
+ }
+
+ /* Wait for ack. Older nscd just closed the socket when
+ prune_cache finished, silently ignore that. */
+ int32_t resp = 0;
+ nbytes = TEMP_FAILURE_RETRY (read (sock, &resp, sizeof (resp)));
+ if (nbytes != 0 && nbytes != sizeof (resp))
+ {
+ int err = errno;
+ close (sock);
+ error (EXIT_FAILURE, err, _("cannot read invalidate ACK"));
+ }
+
+ close (sock);
+
+ if (resp != 0)
+ error (EXIT_FAILURE, resp, _("invalidation failed"));
+
+ exit (0);
+}
+
+static void __attribute__ ((noreturn))
+send_shutdown (void)
+{
+ int sock = nscd_open_socket ();
+
+ if (sock == -1)
+ exit (EXIT_FAILURE);
+
+ request_header req;
+ req.version = NSCD_VERSION;
+ req.type = SHUTDOWN;
+ req.key_len = 0;
+
+ ssize_t nbytes = TEMP_FAILURE_RETRY (send (sock, &req, sizeof req,
+ MSG_NOSIGNAL));
+ close (sock);
+ exit (nbytes != sizeof (request_header) ? EXIT_FAILURE : EXIT_SUCCESS);
+}
+
/* Handle program arguments. */
static error_t
parse_opt (int key, char *arg, struct argp_state *state)
{
case 'd':
++debug_level;
- go_background = 0;
+ run_mode = RUN_DEBUG;
+ break;
+
+ case 'F':
+ run_mode = RUN_FOREGROUND;
break;
case 'f':
case 'K':
if (getuid () != 0)
error (4, 0, _("Only root is allowed to use this option!"));
- {
- int sock = nscd_open_socket ();
-
- if (sock == -1)
- exit (EXIT_FAILURE);
-
- request_header req;
- req.version = NSCD_VERSION;
- req.type = SHUTDOWN;
- req.key_len = 0;
-
- ssize_t nbytes = TEMP_FAILURE_RETRY (send (sock, &req,
- sizeof (request_header),
- MSG_NOSIGNAL));
- close (sock);
- exit (nbytes != sizeof (request_header) ? EXIT_FAILURE : EXIT_SUCCESS);
- }
+ else
+ send_shutdown ();
+ break;
case 'g':
get_stats = true;
break;
case 'i':
+ {
+ /* Validate the database name. */
+
+ dbtype cnt;
+ for (cnt = pwddb; cnt < lastdb; ++cnt)
+ if (strcmp (arg, dbnames[cnt]) == 0)
+ break;
+
+ if (cnt == lastdb)
+ {
+ argp_error (state, _("'%s' is not a known database"), arg);
+ return EINVAL;
+ }
+ }
if (getuid () != 0)
error (4, 0, _("Only root is allowed to use this option!"));
else
- {
- int sock = nscd_open_socket ();
-
- if (sock == -1)
- exit (EXIT_FAILURE);
-
- dbtype cnt;
- for (cnt = pwddb; cnt < lastdb; ++cnt)
- if (strcmp (arg, dbnames[cnt]) == 0)
- break;
-
- if (cnt == lastdb)
- {
- argp_error (state, _("'%s' is not a known database"), arg);
- return EINVAL;
- }
-
- size_t arg_len = strlen (arg) + 1;
- struct
- {
- request_header req;
- char arg[arg_len];
- } reqdata;
-
- reqdata.req.key_len = strlen (arg) + 1;
- reqdata.req.version = NSCD_VERSION;
- reqdata.req.type = INVALIDATE;
- memcpy (reqdata.arg, arg, arg_len);
-
- ssize_t nbytes = TEMP_FAILURE_RETRY (send (sock, &reqdata,
- sizeof (request_header)
- + arg_len,
- MSG_NOSIGNAL));
-
- if (nbytes != sizeof (request_header) + arg_len)
- {
- int err = errno;
- close (sock);
- error (EXIT_FAILURE, err, _("write incomplete"));
- }
-
- /* Wait for ack. Older nscd just closed the socket when
- prune_cache finished, silently ignore that. */
- int32_t resp = 0;
- nbytes = TEMP_FAILURE_RETRY (read (sock, &resp, sizeof (resp)));
- if (nbytes != 0 && nbytes != sizeof (resp))
- {
- int err = errno;
- close (sock);
- error (EXIT_FAILURE, err, _("cannot read invalidate ACK"));
- }
-
- close (sock);
-
- if (resp != 0)
- error (EXIT_FAILURE, resp, _("invalidation failed"));
-
- exit (0);
- }
+ invalidate_db (arg);
+ break;
case 't':
nthreads = atol (arg);
switch (key)
{
case ARGP_KEY_HELP_EXTRA:
- /* We print some extra information. */
- return strdup (gettext ("\
+ {
+ /* We print some extra information. */
+
+ char *tables = xstrdup (dbnames[0]);
+ for (dbtype i = 1; i < lastdb; ++i)
+ {
+ char *more_tables;
+ if (asprintf (&more_tables, "%s %s", tables, dbnames[i]) < 0)
+ more_tables = NULL;
+ free (tables);
+ if (more_tables == NULL)
+ return NULL;
+ tables = more_tables;
+ }
+
+ char *tp;
+ if (asprintf (&tp, gettext ("\
+Supported tables:\n\
+%s\n\
+\n\
For bug reporting instructions, please see:\n\
-<http://www.gnu.org/software/libc/bugs.html>.\n"));
+%s.\n\
+"), tables, REPORT_BUGS_TO) < 0)
+ tp = NULL;
+ free (tables);
+ return tp;
+ }
+
default:
break;
}
+
return (char *) text;
}
static void
print_version (FILE *stream, struct argp_state *state)
{
- fprintf (stream, "nscd (GNU %s) %s\n", PACKAGE, VERSION);
+ fprintf (stream, "nscd %s%s\n", PKGVERSION, VERSION);
fprintf (stream, gettext ("\
Copyright (C) %s Free Software Foundation, Inc.\n\
This is free software; see the source for copying conditions. There is NO\n\
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\
-"), "2011");
+"), "2019");
fprintf (stream, gettext ("Written by %s.\n"),
"Thorsten Kukuk and Ulrich Drepper");
}
/* Synchronize memory. */
for (int cnt = 0; cnt < lastdb; ++cnt)
{
- if (!dbs[cnt].enabled)
+ if (!dbs[cnt].enabled || dbs[cnt].head == NULL)
continue;
/* Make sure nobody keeps using the database. */
return result;
}
+
+static int
+monitor_child (int fd)
+{
+ int child_ret = 0;
+ int ret = read (fd, &child_ret, sizeof (child_ret));
+
+ /* The child terminated with an error, either via exit or some other abnormal
+ method, like a segfault. */
+ if (ret <= 0 || child_ret != 0)
+ {
+ int status;
+ int err = wait (&status);
+
+ if (err < 0)
+ {
+ fprintf (stderr, _("'wait' failed\n"));
+ return 1;
+ }
+
+ if (WIFEXITED (status))
+ {
+ child_ret = WEXITSTATUS (status);
+ fprintf (stderr, _("child exited with status %d\n"), child_ret);
+ }
+ if (WIFSIGNALED (status))
+ {
+ child_ret = WTERMSIG (status);
+ fprintf (stderr, _("child terminated by signal %d\n"), child_ret);
+ }
+ }
+
+ /* We have the child status, so exit with that code. */
+ close (fd);
+
+ return child_ret;
+}
+
+void
+do_exit (int child_ret, int errnum, const char *format, ...)
+{
+ if (parent_fd != -1)
+ {
+ int ret __attribute__ ((unused));
+ ret = write (parent_fd, &child_ret, sizeof (child_ret));
+ assert (ret == sizeof (child_ret));
+ close (parent_fd);
+ }
+
+ if (format != NULL)
+ {
+ /* Emulate error() since we don't have a va_list variant for it. */
+ va_list argp;
+
+ fflush (stdout);
+
+ fprintf (stderr, "%s: ", program_invocation_name);
+
+ va_start (argp, format);
+ vfprintf (stderr, format, argp);
+ va_end (argp);
+
+ fprintf (stderr, ": %s\n", strerror (errnum));
+ fflush (stderr);
+ }
+
+ /* Finally, exit. */
+ exit (child_ret);
+}
+
+void
+notify_parent (int child_ret)
+{
+ if (parent_fd == -1)
+ return;
+
+ int ret __attribute__ ((unused));
+ ret = write (parent_fd, &child_ret, sizeof (child_ret));
+ assert (ret == sizeof (child_ret));
+ close (parent_fd);
+ parent_fd = -1;
+}