diff options
Diffstat (limited to 'nscd')
| -rw-r--r-- | nscd/Makefile | 2 | ||||
| -rw-r--r-- | nscd/cache.c | 2 | ||||
| -rw-r--r-- | nscd/gai.c | 5 | ||||
| -rw-r--r-- | nscd/grpcache.c | 3 | ||||
| -rw-r--r-- | nscd/nscd-client.h | 10 | ||||
| -rw-r--r-- | nscd/nscd.c | 4 | ||||
| -rw-r--r-- | nscd/nscd.init | 9 | ||||
| -rw-r--r-- | nscd/nscd_getai.c | 71 | ||||
| -rw-r--r-- | nscd/nscd_getgr_r.c | 108 | ||||
| -rw-r--r-- | nscd/nscd_gethst_r.c | 147 | ||||
| -rw-r--r-- | nscd/nscd_getpw_r.c | 70 | ||||
| -rw-r--r-- | nscd/nscd_helper.c | 43 | ||||
| -rw-r--r-- | nscd/nscd_initgroups.c | 62 | ||||
| -rw-r--r-- | nscd/pwdcache.c | 3 | ||||
| -rw-r--r-- | nscd/selinux.c | 18 | ||||
| -rw-r--r-- | nscd/selinux.h | 4 |
16 files changed, 222 insertions, 339 deletions
diff --git a/nscd/Makefile b/nscd/Makefile index 9c98018217..21657abeb7 100644 --- a/nscd/Makefile +++ b/nscd/Makefile @@ -119,9 +119,7 @@ CFLAGS-initgrcache.c += $(nscd-cflags) CFLAGS-gai.c += $(nscd-cflags) ifeq (yesyes,$(have-fpie)$(build-shared)) -ifeq (yes,$(have-z-relro)) relro-LDFLAGS += -Wl,-z,now -endif $(objpfx)nscd: $(addprefix $(objpfx),$(nscd-modules:=.o)) $(LINK.o) -pie -Wl,-O1 $(nscd-cflags) \ diff --git a/nscd/cache.c b/nscd/cache.c index be9be2aa4f..ef986f374a 100644 --- a/nscd/cache.c +++ b/nscd/cache.c @@ -125,7 +125,7 @@ cache_add (int type, const void *key, size_t len, struct datahead *packet, dbg_log (_("add new entry \"%s\" of type %s for %s to cache%s"), str, serv2str[type], dbnames[table - dbs], - first ? " (first)" : ""); + first ? _(" (first)") : ""); } unsigned long int hash = __nis_hash (key, len) % table->head->module; diff --git a/nscd/gai.c b/nscd/gai.c index 68719d876a..2e706bdfe7 100644 --- a/nscd/gai.c +++ b/nscd/gai.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation, Inc. +/* Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@cygnus.com>, 2004. @@ -15,7 +15,6 @@ along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ -#include <alloca.h> /* This file uses the getaddrinfo code but it compiles it without NSCD support. We just need a few symbol renames. */ #define __getservbyname_r getservbyname_r @@ -27,8 +26,6 @@ #define __sendto sendto #define __strchrnul strchrnul #define __getline getline -/* nscd uses 1MB or 2MB thread stacks. */ -#define __libc_use_alloca(size) (size <= __MAX_ALLOCA_CUTOFF) #include <getaddrinfo.c> diff --git a/nscd/grpcache.c b/nscd/grpcache.c index c207492cc0..5a8fba4759 100644 --- a/nscd/grpcache.c +++ b/nscd/grpcache.c @@ -1,5 +1,5 @@ /* Cache handling for group lookup. - Copyright (C) 1998-2005, 2006, 2007 Free Software Foundation, Inc. + Copyright (C) 1998-2005, 2006 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998. @@ -279,7 +279,6 @@ cache_addgr (struct database_dyn *db, int fd, request_header *req, /* Adjust pointers into the memory block. */ gr_name = (char *) newp + (gr_name - (char *) dataset); cp = (char *) newp + (cp - (char *) dataset); - key_copy = (char *) newp + (key_copy - (char *) dataset); dataset = memcpy (newp, dataset, total + n); alloca_used = false; diff --git a/nscd/nscd-client.h b/nscd/nscd-client.h index 8946b6315b..0fd2d9f547 100644 --- a/nscd/nscd-client.h +++ b/nscd/nscd-client.h @@ -1,4 +1,4 @@ -/* Copyright (c) 1998, 1999, 2000, 2003, 2004, 2005, 2006, 2007 +/* Copyright (c) 1998, 1999, 2000, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998. @@ -307,10 +307,10 @@ static inline int __nscd_drop_map_ref (struct mapped_database *map, /* Search the mapped database. */ -extern struct datahead *__nscd_cache_search (request_type type, - const char *key, - size_t keylen, - const struct mapped_database *mapped); +extern const struct datahead *__nscd_cache_search (request_type type, + const char *key, + size_t keylen, + const struct mapped_database *mapped); /* Wrappers around read, readv and write that only read/write less than LEN bytes on error or EOF. */ diff --git a/nscd/nscd.c b/nscd/nscd.c index add4698406..b68ae2f413 100644 --- a/nscd/nscd.c +++ b/nscd/nscd.c @@ -1,4 +1,4 @@ -/* Copyright (c) 1998-2003, 2004, 2005, 2006 Free Software Foundation, Inc. +/* Copyright (c) 1998-2006, 2007 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998. @@ -402,7 +402,7 @@ print_version (FILE *stream, struct argp_state *state) Copyright (C) %s Free Software Foundation, Inc.\n\ This is free software; see the source for copying conditions. There is NO\n\ warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\ -"), "2006"); +"), "2007"); fprintf (stream, gettext ("Written by %s.\n"), "Thorsten Kukuk and Ulrich Drepper"); } diff --git a/nscd/nscd.init b/nscd/nscd.init index a0074b99e5..a882da7d8b 100644 --- a/nscd/nscd.init +++ b/nscd/nscd.init @@ -49,15 +49,8 @@ prog=nscd start () { [ -d /var/run/nscd ] || mkdir /var/run/nscd [ -d /var/db/nscd ] || mkdir /var/db/nscd - secure="" -# for table in passwd group hosts -# do -# if egrep -q '^'$table':.*nisplus' /etc/nsswitch.conf; then -# /usr/lib/nscd_nischeck $table || secure="$secure -S $table,yes" -# fi -# done echo -n $"Starting $prog: " - daemon /usr/sbin/nscd $secure + daemon /usr/sbin/nscd RETVAL=$? echo [ $RETVAL -eq 0 ] && touch /var/lock/subsys/nscd diff --git a/nscd/nscd_getai.c b/nscd/nscd_getai.c index 5df32dc6dc..b59c31ea26 100644 --- a/nscd/nscd_getai.c +++ b/nscd/nscd_getai.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation, Inc. +/* Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@redhat.com>, 2004. @@ -42,7 +42,6 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop) { size_t keylen = strlen (key) + 1; int gc_cycle; - int nretries = 0; /* If the mapping is available, try to search there instead of communicating with the nscd. */ @@ -51,53 +50,49 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop) &gc_cycle); retry:; + const ai_response_header *ai_resp = NULL; struct nscd_ai_result *resultbuf = NULL; const char *recend = (const char *) ~UINTMAX_C (0); char *respdata = NULL; int retval = -1; int sock = -1; - ai_response_header ai_resp; if (mapped != NO_MAPPING) { - struct datahead *found = __nscd_cache_search (GETAI, key, keylen, - mapped); + const struct datahead *found = __nscd_cache_search (GETAI, key, keylen, + mapped); if (found != NULL) { - respdata = (char *) (&found->data[0].aidata + 1); - ai_resp = found->data[0].aidata; + ai_resp = &found->data[0].aidata; + respdata = (char *) (ai_resp + 1); recend = (const char *) found->data + found->recsize; - /* Now check if we can trust ai_resp fields. If GC is - in progress, it can contain anything. */ - if (mapped->head->gc_cycle != gc_cycle) - { - retval = -2; - goto out; - } } } /* If we do not have the cache mapped, try to get the data over the socket. */ - if (respdata == NULL) + ai_response_header ai_resp_mem; + if (ai_resp == NULL) { - sock = __nscd_open_socket (key, keylen, GETAI, &ai_resp, - sizeof (ai_resp)); + sock = __nscd_open_socket (key, keylen, GETAI, &ai_resp_mem, + sizeof (ai_resp_mem)); if (sock == -1) { /* nscd not running or wrong version. */ __nss_not_use_nscd_hosts = 1; goto out; } + + ai_resp = &ai_resp_mem; } - if (ai_resp.found == 1) + if (ai_resp->found == 1) { - size_t datalen = ai_resp.naddrs + ai_resp.addrslen + ai_resp.canonlen; + size_t datalen = ai_resp->naddrs + ai_resp->addrslen + ai_resp->canonlen; - /* This check really only affects the case where the data + /* This check is really only affects the case where the data comes from the mapped cache. */ - if (respdata + datalen > recend) + if ((char *) (ai_resp + 1) + datalen > recend) { assert (sock == -1); goto out; @@ -113,10 +108,10 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop) } /* Set up the data structure, including pointers. */ - resultbuf->naddrs = ai_resp.naddrs; + resultbuf->naddrs = ai_resp->naddrs; resultbuf->addrs = (char *) (resultbuf + 1); - resultbuf->family = (uint8_t *) (resultbuf->addrs + ai_resp.addrslen); - if (ai_resp.canonlen != 0) + resultbuf->family = (uint8_t *) (resultbuf->addrs + ai_resp->addrslen); + if (ai_resp->canonlen != 0) resultbuf->canon = (char *) (resultbuf->family + resultbuf->naddrs); else resultbuf->canon = NULL; @@ -142,13 +137,10 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop) /* Try to detect corrupt databases. */ if (resultbuf->canon != NULL - && resultbuf->canon[ai_resp.canonlen - 1] != '\0') + && resultbuf->canon[ai_resp->canonlen - 1] != '\0') /* We cannot use the database. */ { - if (mapped->head->gc_cycle != gc_cycle) - retval = -2; - else - free (resultbuf); + free (resultbuf); goto out_close; } @@ -158,7 +150,7 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop) } else { - if (__builtin_expect (ai_resp.found == -1, 0)) + if (__builtin_expect (ai_resp->found == -1, 0)) { /* The daemon does not cache this database. */ __nss_not_use_nscd_hosts = 1; @@ -166,7 +158,7 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop) } /* Store the error number. */ - *h_errnop = ai_resp.error; + *h_errnop = ai_resp->error; /* The `errno' to some value != ERANGE. */ __set_errno (ENOENT); @@ -178,25 +170,22 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop) if (sock != -1) close_not_cancel_no_status (sock); out: - if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0) + if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1) { /* When we come here this means there has been a GC cycle while we were looking for the data. This means the data might have been inconsistent. Retry if possible. */ - if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1) + if ((gc_cycle & 1) != 0) { /* nscd is just running gc now. Disable using the mapping. */ - if (atomic_decrement_val (&mapped->counter) == 0) - __nscd_unmap (mapped); + __nscd_unmap (mapped); mapped = NO_MAPPING; } - if (retval != -1) - { - *result = NULL; - free (resultbuf); - goto retry; - } + *result = NULL; + free (resultbuf); + + goto retry; } return retval; diff --git a/nscd/nscd_getgr_r.c b/nscd/nscd_getgr_r.c index fc036f2888..922b906c19 100644 --- a/nscd/nscd_getgr_r.c +++ b/nscd/nscd_getgr_r.c @@ -1,5 +1,4 @@ -/* Copyright (C) 1998-2000, 2002-2005, 2006, 2007 - Free Software Foundation, Inc. +/* Copyright (C) 1998-2000, 2002-2005, 2006 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Thorsten Kukuk <kukuk@uni-paderborn.de>, 1998. @@ -89,7 +88,6 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, struct group **result) { int gc_cycle; - int nretries = 0; const uint32_t *len = NULL; size_t lensize = 0; @@ -99,59 +97,55 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, &__gr_map_handle, &gc_cycle); retry:; + const gr_response_header *gr_resp = NULL; const char *gr_name = NULL; size_t gr_name_len = 0; int retval = -1; const char *recend = (const char *) ~UINTMAX_C (0); - gr_response_header gr_resp; if (mapped != NO_MAPPING) { - struct datahead *found = __nscd_cache_search (type, key, keylen, mapped); + const struct datahead *found = __nscd_cache_search (type, key, keylen, + mapped); if (found != NULL) { - len = (const uint32_t *) (&found->data[0].grdata + 1); - gr_resp = found->data[0].grdata; + gr_resp = &found->data[0].grdata; + len = (const uint32_t *) (gr_resp + 1); + /* The alignment is always sufficient. */ + assert (((uintptr_t) len & (__alignof__ (*len) - 1)) == 0); gr_name = ((const char *) len - + gr_resp.gr_mem_cnt * sizeof (uint32_t)); - gr_name_len = gr_resp.gr_name_len + gr_resp.gr_passwd_len; + + gr_resp->gr_mem_cnt * sizeof (uint32_t)); + gr_name_len = gr_resp->gr_name_len + gr_resp->gr_passwd_len; recend = (const char *) found->data + found->recsize; - /* Now check if we can trust gr_resp fields. If GC is - in progress, it can contain anything. */ - if (mapped->head->gc_cycle != gc_cycle) - { - retval = -2; - goto out; - } - - /* The alignment is always sufficient, unless GC is in progress. */ - assert (((uintptr_t) len & (__alignof__ (*len) - 1)) == 0); } } + gr_response_header gr_resp_mem; int sock = -1; - if (gr_name == NULL) + if (gr_resp == NULL) { - sock = __nscd_open_socket (key, keylen, type, &gr_resp, - sizeof (gr_resp)); + sock = __nscd_open_socket (key, keylen, type, &gr_resp_mem, + sizeof (gr_resp_mem)); if (sock == -1) { __nss_not_use_nscd_group = 1; goto out; } + + gr_resp = &gr_resp_mem; } /* No value found so far. */ *result = NULL; - if (__builtin_expect (gr_resp.found == -1, 0)) + if (__builtin_expect (gr_resp->found == -1, 0)) { /* The daemon does not cache this database. */ __nss_not_use_nscd_group = 1; goto out_close; } - if (gr_resp.found == 1) + if (gr_resp->found == 1) { struct iovec vec[2]; char *p = buffer; @@ -163,8 +157,8 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, align the pointer. */ align = ((__alignof__ (char *) - (p - ((char *) 0))) & (__alignof__ (char *) - 1)); - total_len = (align + (1 + gr_resp.gr_mem_cnt) * sizeof (char *) - + gr_resp.gr_name_len + gr_resp.gr_passwd_len); + total_len = (align + (1 + gr_resp->gr_mem_cnt) * sizeof (char *) + + gr_resp->gr_name_len + gr_resp->gr_passwd_len); if (__builtin_expect (buflen < total_len, 0)) { no_room: @@ -176,16 +170,16 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, p += align; resultbuf->gr_mem = (char **) p; - p += (1 + gr_resp.gr_mem_cnt) * sizeof (char *); + p += (1 + gr_resp->gr_mem_cnt) * sizeof (char *); /* Set pointers for strings. */ resultbuf->gr_name = p; - p += gr_resp.gr_name_len; + p += gr_resp->gr_name_len; resultbuf->gr_passwd = p; - p += gr_resp.gr_passwd_len; + p += gr_resp->gr_passwd_len; /* Fill in what we know now. */ - resultbuf->gr_gid = gr_resp.gr_gid; + resultbuf->gr_gid = gr_resp->gr_gid; /* Read the length information, group name, and password. */ if (gr_name == NULL) @@ -193,17 +187,17 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, /* Allocate array to store lengths. */ if (lensize == 0) { - lensize = gr_resp.gr_mem_cnt * sizeof (uint32_t); + lensize = gr_resp->gr_mem_cnt * sizeof (uint32_t); len = (uint32_t *) alloca (lensize); } - else if (gr_resp.gr_mem_cnt * sizeof (uint32_t) > lensize) + else if (gr_resp->gr_mem_cnt * sizeof (uint32_t) > lensize) len = extend_alloca (len, lensize, - gr_resp.gr_mem_cnt * sizeof (uint32_t)); + gr_resp->gr_mem_cnt * sizeof (uint32_t)); vec[0].iov_base = (void *) len; - vec[0].iov_len = gr_resp.gr_mem_cnt * sizeof (uint32_t); + vec[0].iov_len = gr_resp->gr_mem_cnt * sizeof (uint32_t); vec[1].iov_base = resultbuf->gr_name; - vec[1].iov_len = gr_resp.gr_name_len + gr_resp.gr_passwd_len; + vec[1].iov_len = gr_resp->gr_name_len + gr_resp->gr_passwd_len; total_len = vec[0].iov_len + vec[1].iov_len; /* Get this data. */ @@ -215,14 +209,14 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, /* We already have the data. Just copy the group name and password. */ memcpy (resultbuf->gr_name, gr_name, - gr_resp.gr_name_len + gr_resp.gr_passwd_len); + gr_resp->gr_name_len + gr_resp->gr_passwd_len); /* Clear the terminating entry. */ - resultbuf->gr_mem[gr_resp.gr_mem_cnt] = NULL; + resultbuf->gr_mem[gr_resp->gr_mem_cnt] = NULL; /* Prepare reading the group members. */ total_len = 0; - for (cnt = 0; cnt < gr_resp.gr_mem_cnt; ++cnt) + for (cnt = 0; cnt < gr_resp->gr_mem_cnt; ++cnt) { resultbuf->gr_mem[cnt] = p; total_len += len[cnt]; @@ -230,25 +224,9 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, } if (__builtin_expect (gr_name + gr_name_len + total_len > recend, 0)) - { - /* len array might contain garbage during nscd GC cycle, - retry rather than fail in that case. */ - if (gr_name != NULL && mapped->head->gc_cycle != gc_cycle) - retval = -2; - goto out_close; - } + goto out_close; if (__builtin_expect (total_len > buflen, 0)) - { - /* len array might contain garbage during nscd GC cycle, - retry rather than fail in that case. */ - if (gr_name != NULL && mapped->head->gc_cycle != gc_cycle) - { - retval = -2; - goto out_close; - } - else - goto no_room; - } + goto no_room; retval = 0; if (gr_name == NULL) @@ -270,14 +248,14 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, /* Try to detect corrupt databases. */ if (resultbuf->gr_name[gr_name_len - 1] != '\0' - || resultbuf->gr_passwd[gr_resp.gr_passwd_len - 1] != '\0' - || ({for (cnt = 0; cnt < gr_resp.gr_mem_cnt; ++cnt) + || resultbuf->gr_passwd[gr_resp->gr_passwd_len - 1] != '\0' + || ({for (cnt = 0; cnt < gr_resp->gr_mem_cnt; ++cnt) if (resultbuf->gr_mem[cnt][len[cnt] - 1] != '\0') break; - cnt < gr_resp.gr_mem_cnt; })) + cnt < gr_resp->gr_mem_cnt; })) { /* We cannot use the database. */ - retval = mapped->head->gc_cycle != gc_cycle ? -2 : -1; + retval = -1; goto out_close; } @@ -296,21 +274,19 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, if (sock != -1) close_not_cancel_no_status (sock); out: - if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0) + if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1) { /* When we come here this means there has been a GC cycle while we were looking for the data. This means the data might have been inconsistent. Retry if possible. */ - if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1) + if ((gc_cycle & 1) != 0) { /* nscd is just running gc now. Disable using the mapping. */ - if (atomic_decrement_val (&mapped->counter) == 0) - __nscd_unmap (mapped); + __nscd_unmap (mapped); mapped = NO_MAPPING; } - if (retval != -1) - goto retry; + goto retry; } return retval; diff --git a/nscd/nscd_gethst_r.c b/nscd/nscd_gethst_r.c index 90e1815bdd..516977bcc4 100644 --- a/nscd/nscd_gethst_r.c +++ b/nscd/nscd_gethst_r.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1998-2005, 2006, 2007 Free Software Foundation, Inc. +/* Copyright (C) 1998-2005, 2006 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998. @@ -118,6 +118,7 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, &gc_cycle); retry:; + const hst_response_header *hst_resp = NULL; const char *h_name = NULL; const uint32_t *aliases_len = NULL; const char *addr_list = NULL; @@ -125,27 +126,18 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, int retval = -1; const char *recend = (const char *) ~UINTMAX_C (0); int sock = -1; - hst_response_header hst_resp; if (mapped != NO_MAPPING) { - /* No const qualifier, as it can change during garbage collection. */ - struct datahead *found = __nscd_cache_search (type, key, keylen, mapped); + const struct datahead *found = __nscd_cache_search (type, key, keylen, + mapped); if (found != NULL) { - h_name = (char *) (&found->data[0].hstdata + 1); - hst_resp = found->data[0].hstdata; - aliases_len = (uint32_t *) (h_name + hst_resp.h_name_len); + hst_resp = &found->data[0].hstdata; + h_name = (char *) (hst_resp + 1); + aliases_len = (uint32_t *) (h_name + hst_resp->h_name_len); addr_list = ((char *) aliases_len - + hst_resp.h_aliases_cnt * sizeof (uint32_t)); - addr_list_len = hst_resp.h_addr_list_cnt * INADDRSZ; - recend = (const char *) found->data + found->recsize; - /* Now check if we can trust hst_resp fields. If GC is - in progress, it can contain anything. */ - if (mapped->head->gc_cycle != gc_cycle) - { - retval = -2; - goto out; - } + + hst_resp->h_aliases_cnt * sizeof (uint32_t)); + addr_list_len = hst_resp->h_addr_list_cnt * INADDRSZ; #ifndef _STRING_ARCH_unaligned /* The aliases_len array in the mapped database might very @@ -155,47 +147,51 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, if (((uintptr_t) aliases_len & (__alignof__ (*aliases_len) - 1)) != 0) { - uint32_t *tmp = alloca (hst_resp.h_aliases_cnt + uint32_t *tmp = alloca (hst_resp->h_aliases_cnt * sizeof (uint32_t)); aliases_len = memcpy (tmp, aliases_len, - hst_resp.h_aliases_cnt + hst_resp->h_aliases_cnt * sizeof (uint32_t)); } #endif if (type != GETHOSTBYADDR && type != GETHOSTBYNAME) { - if (hst_resp.h_length == INADDRSZ) + if (hst_resp->h_length == INADDRSZ) addr_list += addr_list_len; - addr_list_len = hst_resp.h_addr_list_cnt * IN6ADDRSZ; + addr_list_len = hst_resp->h_addr_list_cnt * IN6ADDRSZ; } + recend = (const char *) found->data + found->recsize; if (__builtin_expect ((const char *) addr_list + addr_list_len > recend, 0)) - goto out; + goto out_close; } } - if (h_name == NULL) + hst_response_header hst_resp_mem; + if (hst_resp == NULL) { - sock = __nscd_open_socket (key, keylen, type, &hst_resp, - sizeof (hst_resp)); + sock = __nscd_open_socket (key, keylen, type, &hst_resp_mem, + sizeof (hst_resp_mem)); if (sock == -1) { __nss_not_use_nscd_hosts = 1; - goto out; + goto out;; } + + hst_resp = &hst_resp_mem; } /* No value found so far. */ *result = NULL; - if (__builtin_expect (hst_resp.found == -1, 0)) + if (__builtin_expect (hst_resp->found == -1, 0)) { /* The daemon does not cache this database. */ __nss_not_use_nscd_hosts = 1; goto out_close; } - if (hst_resp.found == 1) + if (hst_resp->found == 1) { struct iovec vec[4]; char *cp = buffer; @@ -211,15 +207,15 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, align the pointer and the base of the h_addr_list pointers. */ align1 = ((__alignof__ (char *) - (cp - ((char *) 0))) & (__alignof__ (char *) - 1)); - align2 = ((__alignof__ (char *) - ((cp + align1 + hst_resp.h_name_len) + align2 = ((__alignof__ (char *) - ((cp + align1 + hst_resp->h_name_len) - ((char *) 0))) & (__alignof__ (char *) - 1)); - if (buflen < (align1 + hst_resp.h_name_len + align2 - + ((hst_resp.h_aliases_cnt + hst_resp.h_addr_list_cnt + if (buflen < (align1 + hst_resp->h_name_len + align2 + + ((hst_resp->h_aliases_cnt + hst_resp->h_addr_list_cnt + 2) * sizeof (char *)) - + hst_resp.h_addr_list_cnt * (type == AF_INET - ? INADDRSZ : IN6ADDRSZ))) + + hst_resp->h_addr_list_cnt * (type == AF_INET + ? INADDRSZ : IN6ADDRSZ))) { no_room: *h_errnop = NETDB_INTERNAL; @@ -231,12 +227,12 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, /* Prepare the result as far as we can. */ resultbuf->h_aliases = (char **) cp; - cp += (hst_resp.h_aliases_cnt + 1) * sizeof (char *); + cp += (hst_resp->h_aliases_cnt + 1) * sizeof (char *); resultbuf->h_addr_list = (char **) cp; - cp += (hst_resp.h_addr_list_cnt + 1) * sizeof (char *); + cp += (hst_resp->h_addr_list_cnt + 1) * sizeof (char *); resultbuf->h_name = cp; - cp += hst_resp.h_name_len + align2; + cp += hst_resp->h_name_len + align2; if (type == GETHOSTBYADDR || type == GETHOSTBYNAME) { @@ -248,7 +244,7 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, resultbuf->h_addrtype = AF_INET6; resultbuf->h_length = IN6ADDRSZ; } - for (cnt = 0; cnt < hst_resp.h_addr_list_cnt; ++cnt) + for (cnt = 0; cnt < hst_resp->h_addr_list_cnt; ++cnt) { resultbuf->h_addr_list[cnt] = cp; cp += resultbuf->h_length; @@ -258,47 +254,47 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, if (h_name == NULL) { vec[0].iov_base = resultbuf->h_name; - vec[0].iov_len = hst_resp.h_name_len; - total_len = hst_resp.h_name_len; + vec[0].iov_len = hst_resp->h_name_len; + total_len = hst_resp->h_name_len; n = 1; - if (hst_resp.h_aliases_cnt > 0) + if (hst_resp->h_aliases_cnt > 0) { - aliases_len = alloca (hst_resp.h_aliases_cnt + aliases_len = alloca (hst_resp->h_aliases_cnt * sizeof (uint32_t)); vec[n].iov_base = (void *) aliases_len; - vec[n].iov_len = hst_resp.h_aliases_cnt * sizeof (uint32_t); + vec[n].iov_len = hst_resp->h_aliases_cnt * sizeof (uint32_t); - total_len += hst_resp.h_aliases_cnt * sizeof (uint32_t); + total_len += hst_resp->h_aliases_cnt * sizeof (uint32_t); ++n; } if (type == GETHOSTBYADDR || type == GETHOSTBYNAME) { vec[n].iov_base = resultbuf->h_addr_list[0]; - vec[n].iov_len = hst_resp.h_addr_list_cnt * INADDRSZ; + vec[n].iov_len = hst_resp->h_addr_list_cnt * INADDRSZ; - total_len += hst_resp.h_addr_list_cnt * INADDRSZ; + total_len += hst_resp->h_addr_list_cnt * INADDRSZ; ++n; } else { - if (hst_resp.h_length == INADDRSZ) + if (hst_resp->h_length == INADDRSZ) { - ignore = alloca (hst_resp.h_addr_list_cnt * INADDRSZ); + ignore = alloca (hst_resp->h_addr_list_cnt * INADDRSZ); vec[n].iov_base = ignore; - vec[n].iov_len = hst_resp.h_addr_list_cnt * INADDRSZ; + vec[n].iov_len = hst_resp->h_addr_list_cnt * INADDRSZ; - total_len += hst_resp.h_addr_list_cnt * INADDRSZ; + total_len += hst_resp->h_addr_list_cnt * INADDRSZ; ++n; } vec[n].iov_base = resultbuf->h_addr_list[0]; - vec[n].iov_len = hst_resp.h_addr_list_cnt * IN6ADDRSZ; + vec[n].iov_len = hst_resp->h_addr_list_cnt * IN6ADDRSZ; - total_len += hst_resp.h_addr_list_cnt * IN6ADDRSZ; + total_len += hst_resp->h_addr_list_cnt * IN6ADDRSZ; ++n; } @@ -308,13 +304,13 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, } else { - memcpy (resultbuf->h_name, h_name, hst_resp.h_name_len); + memcpy (resultbuf->h_name, h_name, hst_resp->h_name_len); memcpy (resultbuf->h_addr_list[0], addr_list, addr_list_len); } /* Now we also can read the aliases. */ total_len = 0; - for (cnt = 0; cnt < hst_resp.h_aliases_cnt; ++cnt) + for (cnt = 0; cnt < hst_resp->h_aliases_cnt; ++cnt) { resultbuf->h_aliases[cnt] = cp; cp += aliases_len[cnt]; @@ -324,25 +320,10 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, if (__builtin_expect ((const char *) addr_list + addr_list_len + total_len > recend, 0)) - { - /* aliases_len array might contain garbage during nscd GC cycle, - retry rather than fail in that case. */ - if (addr_list != NULL && mapped->head->gc_cycle != gc_cycle) - retval = -2; - goto out_close; - } + goto out_close; /* See whether this would exceed the buffer capacity. */ if (__builtin_expect (cp > buffer + buflen, 0)) - { - /* aliases_len array might contain garbage during nscd GC cycle, - retry rather than fail in that case. */ - if (addr_list != NULL && mapped->head->gc_cycle != gc_cycle) - { - retval = -2; - goto out_close; - } - goto no_room; - } + goto no_room; /* And finally read the aliases. */ if (addr_list == NULL) @@ -361,18 +342,14 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, (const char *) addr_list + addr_list_len, total_len); /* Try to detect corrupt databases. */ - if (resultbuf->h_name[hst_resp.h_name_len - 1] != '\0' - || ({for (cnt = 0; cnt < hst_resp.h_aliases_cnt; ++cnt) + if (resultbuf->h_name[hst_resp->h_name_len - 1] != '\0' + || ({for (cnt = 0; cnt < hst_resp->h_aliases_cnt; ++cnt) if (resultbuf->h_aliases[cnt][aliases_len[cnt] - 1] != '\0') break; - cnt < hst_resp.h_aliases_cnt; })) - { - /* We cannot use the database. */ - if (mapped->head->gc_cycle != gc_cycle) - retval = -2; - goto out_close; - } + cnt < hst_resp->h_aliases_cnt; })) + /* We cannot use the database. */ + goto out_close; retval = 0; *result = resultbuf; @@ -381,7 +358,7 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, else { /* Store the error number. */ - *h_errnop = hst_resp.error; + *h_errnop = hst_resp->error; /* The `errno' to some value != ERANGE. */ __set_errno (ENOENT); @@ -393,21 +370,19 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, if (sock != -1) close_not_cancel_no_status (sock); out: - if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0) + if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1) { /* When we come here this means there has been a GC cycle while we were looking for the data. This means the data might have been inconsistent. Retry if possible. */ - if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1) + if ((gc_cycle & 1) != 0 || ++nretries == 5) { /* nscd is just running gc now. Disable using the mapping. */ - if (atomic_decrement_val (&mapped->counter) == 0) - __nscd_unmap (mapped); + __nscd_unmap (mapped); mapped = NO_MAPPING; } - if (retval != -1) - goto retry; + goto retry; } return retval; diff --git a/nscd/nscd_getpw_r.c b/nscd/nscd_getpw_r.c index b84baa1a66..e8e4d7364f 100644 --- a/nscd/nscd_getpw_r.c +++ b/nscd/nscd_getpw_r.c @@ -1,5 +1,4 @@ -/* Copyright (C) 1998, 1999, 2003, 2004, 2005, 2007 - Free Software Foundation, Inc. +/* Copyright (C) 1998, 1999, 2003, 2004, 2005 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Thorsten Kukuk <kukuk@uni-paderborn.de>, 1998. @@ -89,81 +88,76 @@ nscd_getpw_r (const char *key, size_t keylen, request_type type, struct passwd **result) { int gc_cycle; - int nretries = 0; - /* If the mapping is available, try to search there instead of communicating with the nscd. */ struct mapped_database *mapped; mapped = __nscd_get_map_ref (GETFDPW, "passwd", &map_handle, &gc_cycle); retry:; + const pw_response_header *pw_resp = NULL; const char *pw_name = NULL; int retval = -1; const char *recend = (const char *) ~UINTMAX_C (0); - pw_response_header pw_resp; if (mapped != NO_MAPPING) { - struct datahead *found = __nscd_cache_search (type, key, keylen, mapped); + const struct datahead *found = __nscd_cache_search (type, key, keylen, + mapped); if (found != NULL) { - pw_name = (const char *) (&found->data[0].pwdata + 1); - pw_resp = found->data[0].pwdata; + pw_resp = &found->data[0].pwdata; + pw_name = (const char *) (pw_resp + 1); recend = (const char *) found->data + found->recsize; - /* Now check if we can trust pw_resp fields. If GC is - in progress, it can contain anything. */ - if (mapped->head->gc_cycle != gc_cycle) - { - retval = -2; - goto out; - } } } + pw_response_header pw_resp_mem; int sock = -1; - if (pw_name == NULL) + if (pw_resp == NULL) { - sock = __nscd_open_socket (key, keylen, type, &pw_resp, - sizeof (pw_resp)); + sock = __nscd_open_socket (key, keylen, type, &pw_resp_mem, + sizeof (pw_resp_mem)); if (sock == -1) { __nss_not_use_nscd_passwd = 1; goto out; } + + pw_resp = &pw_resp_mem; } /* No value found so far. */ *result = NULL; - if (__builtin_expect (pw_resp.found == -1, 0)) + if (__builtin_expect (pw_resp->found == -1, 0)) { /* The daemon does not cache this database. */ __nss_not_use_nscd_passwd = 1; goto out_close; } - if (pw_resp.found == 1) + if (pw_resp->found == 1) { /* Set the information we already have. */ - resultbuf->pw_uid = pw_resp.pw_uid; - resultbuf->pw_gid = pw_resp.pw_gid; + resultbuf->pw_uid = pw_resp->pw_uid; + resultbuf->pw_gid = pw_resp->pw_gid; char *p = buffer; /* get pw_name */ resultbuf->pw_name = p; - p += pw_resp.pw_name_len; + p += pw_resp->pw_name_len; /* get pw_passwd */ resultbuf->pw_passwd = p; - p += pw_resp.pw_passwd_len; + p += pw_resp->pw_passwd_len; /* get pw_gecos */ resultbuf->pw_gecos = p; - p += pw_resp.pw_gecos_len; + p += pw_resp->pw_gecos_len; /* get pw_dir */ resultbuf->pw_dir = p; - p += pw_resp.pw_dir_len; + p += pw_resp->pw_dir_len; /* get pw_pshell */ resultbuf->pw_shell = p; - p += pw_resp.pw_shell_len; + p += pw_resp->pw_shell_len; ssize_t total = p - buffer; if (__builtin_expect (pw_name + total > recend, 0)) @@ -195,14 +189,14 @@ nscd_getpw_r (const char *key, size_t keylen, request_type type, memcpy (resultbuf->pw_name, pw_name, total); /* Try to detect corrupt databases. */ - if (resultbuf->pw_name[pw_resp.pw_name_len - 1] != '\0' - || resultbuf->pw_passwd[pw_resp.pw_passwd_len - 1] != '\0' - || resultbuf->pw_gecos[pw_resp.pw_gecos_len - 1] != '\0' - || resultbuf->pw_dir[pw_resp.pw_dir_len - 1] != '\0' - || resultbuf->pw_shell[pw_resp.pw_shell_len - 1] != '\0') + if (resultbuf->pw_name[pw_resp->pw_name_len - 1] != '\0' + || resultbuf->pw_passwd[pw_resp->pw_passwd_len - 1] != '\0' + || resultbuf->pw_gecos[pw_resp->pw_gecos_len - 1] != '\0' + || resultbuf->pw_dir[pw_resp->pw_dir_len - 1] != '\0' + || resultbuf->pw_shell[pw_resp->pw_shell_len - 1] != '\0') { /* We cannot use the database. */ - retval = mapped->head->gc_cycle != gc_cycle ? -2 : -1; + retval = -1; goto out_close; } @@ -221,21 +215,19 @@ nscd_getpw_r (const char *key, size_t keylen, request_type type, if (sock != -1) close_not_cancel_no_status (sock); out: - if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0) + if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1) { /* When we come here this means there has been a GC cycle while we were looking for the data. This means the data might have been inconsistent. Retry if possible. */ - if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1) + if ((gc_cycle & 1) != 0) { /* nscd is just running gc now. Disable using the mapping. */ - if (atomic_decrement_val (&mapped->counter) == 0) - __nscd_unmap (mapped); + __nscd_unmap (mapped); mapped = NO_MAPPING; } - if (retval != -1) - goto retry; + goto retry; } return retval; diff --git a/nscd/nscd_helper.c b/nscd/nscd_helper.c index 71ea53e19d..7c45981586 100644 --- a/nscd/nscd_helper.c +++ b/nscd/nscd_helper.c @@ -1,5 +1,4 @@ -/* Copyright (C) 1998-2002,2003,2004,2005,2006,2007 - Free Software Foundation, Inc. +/* Copyright (C) 1998-2002,2003,2004,2005,2006 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998. @@ -22,7 +21,6 @@ #include <errno.h> #include <fcntl.h> #include <stdbool.h> -#include <string.h> #include <time.h> #include <unistd.h> #include <sys/mman.h> @@ -188,7 +186,6 @@ get_mapping (request_type type, const char *key, request_header req; char key[keylen]; } reqdata; - size_t real_sizeof_reqdata = sizeof (request_header) + keylen; int sock = open_socket (); if (sock < 0) @@ -203,9 +200,9 @@ get_mapping (request_type type, const char *key, # define MSG_NOSIGNAL 0 # endif if (__builtin_expect (TEMP_FAILURE_RETRY (__send (sock, &reqdata, - real_sizeof_reqdata, + sizeof (reqdata), MSG_NOSIGNAL)) - != real_sizeof_reqdata, 0)) + != sizeof (reqdata), 0)) /* We cannot even write the request. */ goto out_close2; @@ -243,13 +240,12 @@ get_mapping (request_type type, const char *key, != keylen, 0)) goto out_close2; - if (__builtin_expect (CMSG_FIRSTHDR (&msg) == NULL - || (CMSG_FIRSTHDR (&msg)->cmsg_len - != CMSG_LEN (sizeof (int))), 0)) - goto out_close2; - mapfd = *(int *) CMSG_DATA (cmsg); + if (__builtin_expect (CMSG_FIRSTHDR (&msg)->cmsg_len + != CMSG_LEN (sizeof (int)), 0)) + goto out_close; + struct stat64 st; if (__builtin_expect (strcmp (resdata, key) != 0, 0) || __builtin_expect (fstat64 (mapfd, &st) != 0, 0) @@ -366,10 +362,7 @@ __nscd_get_map_ref (request_type type, const char *name, } -/* Don't return const struct datahead *, as eventhough the record - is normally constant, it can change arbitrarily during nscd - garbage collection. */ -struct datahead * +const struct datahead * __nscd_cache_search (request_type type, const char *key, size_t keylen, const struct mapped_database *mapped) { @@ -381,32 +374,16 @@ __nscd_cache_search (request_type type, const char *key, size_t keylen, { struct hashentry *here = (struct hashentry *) (mapped->data + work); -#ifndef _STRING_ARCH_unaligned - /* Although during garbage collection when moving struct hashentry - records around we first copy from old to new location and then - adjust pointer from previous hashentry to it, there is no barrier - between those memory writes. It is very unlikely to hit it, - so check alignment only if a misaligned load can crash the - application. */ - if ((uintptr_t) here & (__alignof__ (*here) - 1)) - return NULL; -#endif - if (type == here->type && keylen == here->len - && here->key + keylen <= datasize + && here->key + here->len <= datasize && memcmp (key, mapped->data + here->key, keylen) == 0 && here->packet + sizeof (struct datahead) <= datasize) { /* We found the entry. Increment the appropriate counter. */ - struct datahead *dh + const struct datahead *dh = (struct datahead *) (mapped->data + here->packet); -#ifndef _STRING_ARCH_unaligned - if ((uintptr_t) dh & (__alignof__ (*dh) - 1)) - return NULL; -#endif - /* See whether we must ignore the entry or whether something is wrong because garbage collection is in progress. */ if (dh->usable && here->packet + dh->allocsize <= datasize) diff --git a/nscd/nscd_initgroups.c b/nscd/nscd_initgroups.c index 866455a96c..97a037d4a9 100644 --- a/nscd/nscd_initgroups.c +++ b/nscd/nscd_initgroups.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation, Inc. +/* Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@redhat.com>, 2004. @@ -39,7 +39,6 @@ __nscd_getgrouplist (const char *user, gid_t group, long int *size, { size_t userlen = strlen (user) + 1; int gc_cycle; - int nretries = 0; /* If the mapping is available, try to search there instead of communicating with the nscd. */ @@ -47,49 +46,44 @@ __nscd_getgrouplist (const char *user, gid_t group, long int *size, mapped = __nscd_get_map_ref (GETFDGR, "group", &__gr_map_handle, &gc_cycle); retry:; + const initgr_response_header *initgr_resp = NULL; char *respdata = NULL; int retval = -1; int sock = -1; - initgr_response_header initgr_resp; if (mapped != NO_MAPPING) { - struct datahead *found = __nscd_cache_search (INITGROUPS, user, - userlen, mapped); + const struct datahead *found = __nscd_cache_search (INITGROUPS, user, + userlen, mapped); if (found != NULL) { - respdata = (char *) (&found->data[0].initgrdata + 1); - initgr_resp = found->data[0].initgrdata; + initgr_resp = &found->data[0].initgrdata; + respdata = (char *) (initgr_resp + 1); char *recend = (char *) found->data + found->recsize; - /* Now check if we can trust initgr_resp fields. If GC is - in progress, it can contain anything. */ - if (mapped->head->gc_cycle != gc_cycle) - { - retval = -2; - goto out; - } - - if (respdata + initgr_resp.ngrps * sizeof (int32_t) > recend) + if (respdata + initgr_resp->ngrps * sizeof (int32_t) > recend) goto out; } } /* If we do not have the cache mapped, try to get the data over the socket. */ - if (respdata == NULL) + initgr_response_header initgr_resp_mem; + if (initgr_resp == NULL) { - sock = __nscd_open_socket (user, userlen, INITGROUPS, &initgr_resp, - sizeof (initgr_resp)); + sock = __nscd_open_socket (user, userlen, INITGROUPS, &initgr_resp_mem, + sizeof (initgr_resp_mem)); if (sock == -1) { /* nscd not running or wrong version. */ __nss_not_use_nscd_group = 1; goto out; } + + initgr_resp = &initgr_resp_mem; } - if (initgr_resp.found == 1) + if (initgr_resp->found == 1) { /* The following code assumes that gid_t and int32_t are the same size. This is the case for al existing implementation. @@ -97,40 +91,40 @@ __nscd_getgrouplist (const char *user, gid_t group, long int *size, doesn't use memcpy but instead copies each array element one by one. */ assert (sizeof (int32_t) == sizeof (gid_t)); - assert (initgr_resp.ngrps >= 0); + assert (initgr_resp->ngrps >= 0); /* Make sure we have enough room. We always count GROUP in even though we might not end up adding it. */ - if (*size < initgr_resp.ngrps + 1) + if (*size < initgr_resp->ngrps + 1) { gid_t *newp = realloc (*groupsp, - (initgr_resp.ngrps + 1) * sizeof (gid_t)); + (initgr_resp->ngrps + 1) * sizeof (gid_t)); if (newp == NULL) /* We cannot increase the buffer size. */ goto out_close; *groupsp = newp; - *size = initgr_resp.ngrps + 1; + *size = initgr_resp->ngrps + 1; } if (respdata == NULL) { /* Read the data from the socket. */ - if ((size_t) __readall (sock, *groupsp, initgr_resp.ngrps + if ((size_t) __readall (sock, *groupsp, initgr_resp->ngrps * sizeof (gid_t)) - == initgr_resp.ngrps * sizeof (gid_t)) - retval = initgr_resp.ngrps; + == initgr_resp->ngrps * sizeof (gid_t)) + retval = initgr_resp->ngrps; } else { /* Just copy the data. */ - retval = initgr_resp.ngrps; + retval = initgr_resp->ngrps; memcpy (*groupsp, respdata, retval * sizeof (gid_t)); } } else { - if (__builtin_expect (initgr_resp.found == -1, 0)) + if (__builtin_expect (initgr_resp->found == -1, 0)) { /* The daemon does not cache this database. */ __nss_not_use_nscd_group = 1; @@ -159,21 +153,19 @@ __nscd_getgrouplist (const char *user, gid_t group, long int *size, if (sock != -1) close_not_cancel_no_status (sock); out: - if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0) + if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1) { /* When we come here this means there has been a GC cycle while we were looking for the data. This means the data might have been inconsistent. Retry if possible. */ - if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1) + if ((gc_cycle & 1) != 0) { /* nscd is just running gc now. Disable using the mapping. */ - if (atomic_decrement_val (&mapped->counter) == 0) - __nscd_unmap (mapped); + __nscd_unmap (mapped); mapped = NO_MAPPING; } - if (retval != -1) - goto retry; + goto retry; } return retval; diff --git a/nscd/pwdcache.c b/nscd/pwdcache.c index ae579df510..01c223add5 100644 --- a/nscd/pwdcache.c +++ b/nscd/pwdcache.c @@ -1,5 +1,5 @@ /* Cache handling for passwd lookup. - Copyright (C) 1998-2005, 2006, 2007 Free Software Foundation, Inc. + Copyright (C) 1998-2005, 2006 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998. @@ -274,7 +274,6 @@ cache_addpw (struct database_dyn *db, int fd, request_header *req, { /* Adjust pointer into the memory block. */ cp = (char *) newp + (cp - (char *) dataset); - key_copy = (char *) newp + (key_copy - (char *) dataset); dataset = memcpy (newp, dataset, total + n); alloca_used = false; diff --git a/nscd/selinux.c b/nscd/selinux.c index b826031150..f0620d1012 100644 --- a/nscd/selinux.c +++ b/nscd/selinux.c @@ -1,5 +1,5 @@ /* SELinux access controls for nscd. - Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation, Inc. + Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Matthew Rickard <mjricka@epoch.ncsc.mil>, 2004. @@ -182,22 +182,18 @@ preserve_capabilities (void) if (tmp_caps == NULL || new_caps == NULL) { if (tmp_caps != NULL) - cap_free (tmp_caps); + free_caps (tmp_caps); dbg_log (_("Failed to initialize drop of capabilities")); error (EXIT_FAILURE, 0, _("cap_init failed")); } /* There is no reason why these should not work. */ - cap_set_flag (new_caps, CAP_PERMITTED, nnew_cap_list, - (cap_value_t *) new_cap_list, CAP_SET); - cap_set_flag (new_caps, CAP_EFFECTIVE, nnew_cap_list, - (cap_value_t *) new_cap_list, CAP_SET); + cap_set_flag (new_caps, CAP_PERMITTED, nnew_cap_list, new_cap_list, CAP_SET); + cap_set_flag (new_caps, CAP_EFFECTIVE, nnew_cap_list, new_cap_list, CAP_SET); - cap_set_flag (tmp_caps, CAP_PERMITTED, ntmp_cap_list, - (cap_value_t *) tmp_cap_list, CAP_SET); - cap_set_flag (tmp_caps, CAP_EFFECTIVE, ntmp_cap_list, - (cap_value_t *) tmp_cap_list, CAP_SET); + cap_set_flag (tmp_caps, CAP_PERMITTED, ntmp_cap_list, tmp_cap_list, CAP_SET); + cap_set_flag (tmp_caps, CAP_EFFECTIVE, ntmp_cap_list, tmp_cap_list, CAP_SET); int res = cap_set_proc (tmp_caps); @@ -206,7 +202,7 @@ preserve_capabilities (void) if (__builtin_expect (res != 0, 0)) { cap_free (new_caps); - dbg_log (_("Failed to drop capabilities\n")); + dbg_log (_("Failed to drop capabilities")); error (EXIT_FAILURE, 0, _("cap_set_proc failed")); } diff --git a/nscd/selinux.h b/nscd/selinux.h index 27afcd6e86..9ce0628486 100644 --- a/nscd/selinux.h +++ b/nscd/selinux.h @@ -1,5 +1,5 @@ /* Header for nscd SELinux access controls. - Copyright (C) 2004, 2006, 2007 Free Software Foundation, Inc. + Copyright (C) 2004, 2006 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Matthew Rickard <mjricka@epoch.ncsc.mil>, 2004. @@ -23,7 +23,7 @@ #include "nscd.h" #ifdef HAVE_LIBCAP -# include <sys/capability.h> +# include <sys/capabilities.h> #endif #ifdef HAVE_SELINUX |