static int internal_function nscd_getpw_r (const char *key, size_t keylen, request_type type, struct passwd *resultbuf, char *buffer, size_t buflen, struct passwd **result) { int gc_cycle; int nretries = 0; /* If the mapping is available, try to search there instead of communicating with the nscd. */ struct mapped_database *mapped; mapped = __nscd_get_map_ref (GETFDPW, "passwd", &map_handle, &gc_cycle); retry:; const char *pw_name = NULL; int retval = -1; const char *recend = (const char *) ~UINTMAX_C (0); pw_response_header pw_resp; if (mapped != NO_MAPPING) { struct datahead *found = __nscd_cache_search (type, key, keylen, mapped, sizeof pw_resp); if (found != NULL) { pw_name = (const char *) (&found->data[0].pwdata + 1); pw_resp = found->data[0].pwdata; recend = (const char *) found->data + found->recsize; /* Now check if we can trust pw_resp fields. If GC is in progress, it can contain anything. */ if (mapped->head->gc_cycle != gc_cycle) { retval = -2; goto out; } } } int sock = -1; if (pw_name == NULL) { sock = __nscd_open_socket (key, keylen, type, &pw_resp, sizeof (pw_resp)); if (sock == -1) { __nss_not_use_nscd_passwd = 1; goto out; } } /* No value found so far. */ *result = NULL; if (__glibc_unlikely (pw_resp.found == -1)) { /* The daemon does not cache this database. */ __nss_not_use_nscd_passwd = 1; goto out_close; } if (pw_resp.found == 1) { /* Set the information we already have. */ resultbuf->pw_uid = pw_resp.pw_uid; resultbuf->pw_gid = pw_resp.pw_gid; char *p = buffer; /* get pw_name */ resultbuf->pw_name = p; p += pw_resp.pw_name_len; /* get pw_passwd */ resultbuf->pw_passwd = p; p += pw_resp.pw_passwd_len; /* get pw_gecos */ resultbuf->pw_gecos = p; p += pw_resp.pw_gecos_len; /* get pw_dir */ resultbuf->pw_dir = p; p += pw_resp.pw_dir_len; /* get pw_pshell */ resultbuf->pw_shell = p; p += pw_resp.pw_shell_len; ssize_t total = p - buffer; if (__glibc_unlikely (pw_name + total > recend)) goto out_close; if (__glibc_unlikely (buflen < total)) { __set_errno (ERANGE); retval = ERANGE; goto out_close; } retval = 0; if (pw_name == NULL) { ssize_t nbytes = __readall (sock, buffer, total); if (__glibc_unlikely (nbytes != total)) { /* The `errno' to some value != ERANGE. */ __set_errno (ENOENT); retval = ENOENT; } else *result = resultbuf; } else { /* Copy the various strings. */ memcpy (resultbuf->pw_name, pw_name, total); /* Try to detect corrupt databases. */ if (resultbuf->pw_name[pw_resp.pw_name_len - 1] != '\0' || resultbuf->pw_passwd[pw_resp.pw_passwd_len - 1] != '\0' || resultbuf->pw_gecos[pw_resp.pw_gecos_len - 1] != '\0' || resultbuf->pw_dir[pw_resp.pw_dir_len - 1] != '\0' || resultbuf->pw_shell[pw_resp.pw_shell_len - 1] != '\0') { /* We cannot use the database. */ retval = mapped->head->gc_cycle != gc_cycle ? -2 : -1; goto out_close; } *result = resultbuf; } } else { /* Set errno to 0 to indicate no error, just no found record. */ __set_errno (0); /* Even though we have not found anything, the result is zero. */ retval = 0; } out_close: if (sock != -1) close_not_cancel_no_status (sock); out: if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0) { /* When we come here this means there has been a GC cycle while we were looking for the data. This means the data might have been inconsistent. Retry if possible. */ if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1) { /* nscd is just running gc now. Disable using the mapping. */ if (atomic_decrement_val (&mapped->counter) == 0) __nscd_unmap (mapped); mapped = NO_MAPPING; } if (retval != -1) goto retry; } return retval; }
/* Try to get a file descriptor for the shared meory segment containing the database. */ static struct mapped_database * get_mapping (request_type type, const char *key, struct mapped_database **mappedp) { struct mapped_database *result = NO_MAPPING; #ifdef SCM_RIGHTS const size_t keylen = strlen (key) + 1; char resdata[keylen]; int saved_errno = errno; int mapfd = -1; /* Send the request. */ struct iovec iov[2]; request_header req; int sock = open_socket (); if (sock < 0) goto out; req.version = NSCD_VERSION; req.type = type; req.key_len = keylen; iov[0].iov_base = &req; iov[0].iov_len = sizeof (req); iov[1].iov_base = (void *) key; iov[1].iov_len = keylen; if (__builtin_expect (TEMP_FAILURE_RETRY (__writev (sock, iov, 2)) != iov[0].iov_len + iov[1].iov_len, 0)) /* We cannot even write the request. */ goto out_close2; /* Room for the data sent along with the file descriptor. We expect the key name back. */ iov[0].iov_base = resdata; iov[0].iov_len = keylen; union { struct cmsghdr hdr; char bytes[CMSG_SPACE (sizeof (int))]; } buf; struct msghdr msg = { .msg_iov = iov, .msg_iovlen = 1, .msg_control = buf.bytes, .msg_controllen = sizeof (buf) }; struct cmsghdr *cmsg = CMSG_FIRSTHDR (&msg); cmsg->cmsg_level = SOL_SOCKET; cmsg->cmsg_type = SCM_RIGHTS; cmsg->cmsg_len = CMSG_LEN (sizeof (int)); /* This access is well-aligned since BUF is correctly aligned for an int and CMSG_DATA preserves this alignment. */ *(int *) CMSG_DATA (cmsg) = -1; msg.msg_controllen = cmsg->cmsg_len; if (wait_on_socket (sock) <= 0) goto out_close2; # ifndef MSG_NOSIGNAL # define MSG_NOSIGNAL 0 # endif if (__builtin_expect (TEMP_FAILURE_RETRY (__recvmsg (sock, &msg, MSG_NOSIGNAL)) != keylen, 0)) goto out_close2; mapfd = *(int *) CMSG_DATA (cmsg); if (__builtin_expect (CMSG_FIRSTHDR (&msg)->cmsg_len != CMSG_LEN (sizeof (int)), 0)) goto out_close; struct stat64 st; if (__builtin_expect (strcmp (resdata, key) != 0, 0) || __builtin_expect (fstat64 (mapfd, &st) != 0, 0) || __builtin_expect (st.st_size < sizeof (struct database_pers_head), 0)) goto out_close; struct database_pers_head head; if (__builtin_expect (TEMP_FAILURE_RETRY (__pread (mapfd, &head, sizeof (head), 0)) != sizeof (head), 0)) goto out_close; if (__builtin_expect (head.version != DB_VERSION, 0) || __builtin_expect (head.header_size != sizeof (head), 0) /* This really should not happen but who knows, maybe the update thread got stuck. */ || __builtin_expect (! head.nscd_certainly_running && head.timestamp + MAPPING_TIMEOUT < time (NULL), 0)) goto out_close; size_t size = (sizeof (head) + roundup (head.module * sizeof (ref_t), ALIGN) + head.data_size); if (__builtin_expect (st.st_size < size, 0)) goto out_close; /* The file is large enough, map it now. */ void *mapping = __mmap (NULL, size, PROT_READ, MAP_SHARED, mapfd, 0); if (__builtin_expect (mapping != MAP_FAILED, 1)) { /* Allocate a record for the mapping. */ struct mapped_database *newp = malloc (sizeof (*newp)); if (newp == NULL) { /* Ugh, after all we went through the memory allocation failed. */ __munmap (mapping, size); goto out_close; } newp->head = mapping; newp->data = ((char *) mapping + head.header_size + roundup (head.module * sizeof (ref_t), ALIGN)); newp->mapsize = size; /* Set counter to 1 to show it is usable. */ newp->counter = 1; result = newp; } out_close: __close (mapfd); out_close2: __close (sock); out: __set_errno (saved_errno); #endif /* SCM_RIGHTS */ struct mapped_database *oldval = *mappedp; *mappedp = result; if (oldval != NULL && atomic_decrement_val (&oldval->counter) == 0) __nscd_unmap (oldval); return result; } struct mapped_database * __nscd_get_map_ref (request_type type, const char *name, struct locked_map_ptr *mapptr, int *gc_cyclep) { struct mapped_database *cur = mapptr->mapped; if (cur == NO_MAPPING) return cur; int cnt = 0; while (atomic_compare_and_exchange_val_acq (&mapptr->lock, 1, 0) != 0) { // XXX Best number of rounds? if (++cnt > 5) return NO_MAPPING; atomic_delay (); } cur = mapptr->mapped; if (__builtin_expect (cur != NO_MAPPING, 1)) { /* If not mapped or timestamp not updated, request new map. */ if (cur == NULL || (cur->head->nscd_certainly_running == 0 && cur->head->timestamp + MAPPING_TIMEOUT < time (NULL))) cur = get_mapping (type, name, &mapptr->mapped); if (__builtin_expect (cur != NO_MAPPING, 1)) { if (__builtin_expect (((*gc_cyclep = cur->head->gc_cycle) & 1) != 0, 0)) cur = NO_MAPPING; else atomic_increment (&cur->counter); } } mapptr->lock = 0; return cur; } const struct datahead * __nscd_cache_search (request_type type, const char *key, size_t keylen, const struct mapped_database *mapped) { unsigned long int hash = __nis_hash (key, keylen) % mapped->head->module; ref_t work = mapped->head->array[hash]; while (work != ENDREF) { struct hashentry *here = (struct hashentry *) (mapped->data + work); if (type == here->type && keylen == here->len && memcmp (key, mapped->data + here->key, keylen) == 0) { /* We found the entry. Increment the appropriate counter. */ const struct datahead *dh = (struct datahead *) (mapped->data + here->packet); /* See whether we must ignore the entry or whether something is wrong because garbage collection is in progress. */ if (dh->usable && ((char *) dh + dh->allocsize <= (char *) mapped->head + mapped->mapsize)) return dh; } work = here->next; } return NULL; }
int __nscd_getgrouplist (const char *user, gid_t group, long int *size, gid_t **groupsp, long int limit) { size_t userlen = strlen (user) + 1; int gc_cycle; int nretries = 0; /* If the mapping is available, try to search there instead of communicating with the nscd. */ struct mapped_database *mapped; mapped = __nscd_get_map_ref (GETFDGR, "group", &__gr_map_handle, &gc_cycle); retry:; char *respdata = NULL; int retval = -1; int sock = -1; initgr_response_header initgr_resp; if (mapped != NO_MAPPING) { struct datahead *found = __nscd_cache_search (INITGROUPS, user, userlen, mapped, sizeof initgr_resp); if (found != NULL) { respdata = (char *) (&found->data[0].initgrdata + 1); initgr_resp = found->data[0].initgrdata; char *recend = (char *) found->data + found->recsize; /* Now check if we can trust initgr_resp fields. If GC is in progress, it can contain anything. */ if (mapped->head->gc_cycle != gc_cycle) { retval = -2; goto out; } if (respdata + initgr_resp.ngrps * sizeof (int32_t) > recend) goto out; } } /* If we do not have the cache mapped, try to get the data over the socket. */ if (respdata == NULL) { sock = __nscd_open_socket (user, userlen, INITGROUPS, &initgr_resp, sizeof (initgr_resp)); if (sock == -1) { /* nscd not running or wrong version. */ __nss_not_use_nscd_group = 1; goto out; } } if (initgr_resp.found == 1) { /* The following code assumes that gid_t and int32_t are the same size. This is the case for al existing implementation. If this should change some code needs to be added which doesn't use memcpy but instead copies each array element one by one. */ assert (sizeof (int32_t) == sizeof (gid_t)); assert (initgr_resp.ngrps >= 0); /* Make sure we have enough room. We always count GROUP in even though we might not end up adding it. */ if (*size < initgr_resp.ngrps + 1) { gid_t *newp = realloc (*groupsp, (initgr_resp.ngrps + 1) * sizeof (gid_t)); if (newp == NULL) /* We cannot increase the buffer size. */ goto out_close; *groupsp = newp; *size = initgr_resp.ngrps + 1; } if (respdata == NULL) { /* Read the data from the socket. */ if ((size_t) __readall (sock, *groupsp, initgr_resp.ngrps * sizeof (gid_t)) == initgr_resp.ngrps * sizeof (gid_t)) retval = initgr_resp.ngrps; } else { /* Just copy the data. */ retval = initgr_resp.ngrps; memcpy (*groupsp, respdata, retval * sizeof (gid_t)); } } else { if (__glibc_unlikely (initgr_resp.found == -1)) { /* The daemon does not cache this database. */ __nss_not_use_nscd_group = 1; goto out_close; } /* No group found yet. */ retval = 0; assert (*size >= 1); } /* Check whether GROUP is part of the mix. If not, add it. */ if (retval >= 0) { int cnt; for (cnt = 0; cnt < retval; ++cnt) if ((*groupsp)[cnt] == group) break; if (cnt == retval) (*groupsp)[retval++] = group; } out_close: if (sock != -1) close_not_cancel_no_status (sock); out: if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0) { /* When we come here this means there has been a GC cycle while we were looking for the data. This means the data might have been inconsistent. Retry if possible. */ if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1) { /* nscd is just running gc now. Disable using the mapping. */ if (atomic_decrement_val (&mapped->counter) == 0) __nscd_unmap (mapped); mapped = NO_MAPPING; } if (retval != -1) goto retry; } return retval; }
int __nscd_setnetgrent (const char *group, struct __netgrent *datap) { int gc_cycle; int nretries = 0; size_t group_len = strlen (group) + 1; /* If the mapping is available, try to search there instead of communicating with the nscd. */ struct mapped_database *mapped; mapped = __nscd_get_map_ref (GETFDNETGR, "netgroup", &map_handle, &gc_cycle); retry:; char *respdata = NULL; int retval = -1; netgroup_response_header netgroup_resp; if (mapped != NO_MAPPING) { struct datahead *found = __nscd_cache_search (GETNETGRENT, group, group_len, mapped, sizeof netgroup_resp); if (found != NULL) { respdata = (char *) (&found->data[0].netgroupdata + 1); netgroup_resp = found->data[0].netgroupdata; /* Now check if we can trust pw_resp fields. If GC is in progress, it can contain anything. */ if (mapped->head->gc_cycle != gc_cycle) { retval = -2; goto out; } } } int sock = -1; if (respdata == NULL) { sock = __nscd_open_socket (group, group_len, GETNETGRENT, &netgroup_resp, sizeof (netgroup_resp)); if (sock == -1) { /* nscd not running or wrong version. */ __nss_not_use_nscd_netgroup = 1; goto out; } } if (netgroup_resp.found == 1) { size_t datalen = netgroup_resp.result_len; /* If we do not have to read the data here it comes from the mapped data and does not have to be freed. */ if (respdata == NULL) { /* The data will come via the socket. */ respdata = malloc (datalen); if (respdata == NULL) goto out_close; if ((size_t) __readall (sock, respdata, datalen) != datalen) { free (respdata); goto out_close; } } datap->data = respdata; datap->data_size = datalen; datap->cursor = respdata; datap->first = 1; datap->nip = (service_user *) -1l; datap->known_groups = NULL; datap->needed_groups = NULL; retval = 1; } else { if (__glibc_unlikely (netgroup_resp.found == -1)) { /* The daemon does not cache this database. */ __nss_not_use_nscd_netgroup = 1; goto out_close; } /* Set errno to 0 to indicate no error, just no found record. */ __set_errno (0); /* Even though we have not found anything, the result is zero. */ retval = 0; } out_close: if (sock != -1) close_not_cancel_no_status (sock); out: if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0) { /* When we come here this means there has been a GC cycle while we were looking for the data. This means the data might have been inconsistent. Retry if possible. */ if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1) { /* nscd is just running gc now. Disable using the mapping. */ if (atomic_decrement_val (&mapped->counter) == 0) __nscd_unmap (mapped); mapped = NO_MAPPING; } if (retval != -1) goto retry; } return retval; }