about summary refs log tree commit diff
path: root/nscd/netgroupcache.c
Commit message (Collapse)AuthorAgeFilesLines
* Update copyright dates with scripts/update-copyrightsJoseph Myers2023-01-061-1/+1
|
* Update copyright dates with scripts/update-copyrightsPaul Eggert2022-01-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 7061 files FOO. I then removed trailing white space from math/tgmath.h, support/tst-support-open-dev-null-range.c, and sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following obscure pre-commit check failure diagnostics from Savannah. I don't know why I run into these diagnostics whereas others evidently do not. remote: *** 912-#endif remote: *** 913: remote: *** 914- remote: *** error: lines with trailing whitespace found ... remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
* Remove "Contributed by" linesSiddhesh Poyarekar2021-09-031-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | We stopped adding "Contributed by" or similar lines in sources in 2012 in favour of git logs and keeping the Contributors section of the glibc manual up to date. Removing these lines makes the license header a bit more consistent across files and also removes the possibility of error in attribution when license blocks or files are copied across since the contributed-by lines don't actually reflect reality in those cases. Move all "Contributed by" and similar lines (Written by, Test by, etc.) into a new file CONTRIBUTED-BY to retain record of these contributions. These contributors are also mentioned in manual/contrib.texi, so we just maintain this additional record as a courtesy to the earlier developers. The following scripts were used to filter a list of files to edit in place and to clean up the CONTRIBUTED-BY file respectively. These were not added to the glibc sources because they're not expected to be of any use in future given that this is a one time task: https://gist.github.com/siddhesh/b5ecac94eabfd72ed2916d6d8157e7dc https://gist.github.com/siddhesh/15ea1f5e435ace9774f485030695ee02 Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* nss: fix nss_database_lookup2's alternate handling [BZ #27416]DJ Delorie2021-03-091-1/+1
| | | | | | | | | | | | | | | | | | | | __nss_database_lookup2's extra arguments were left unused in the nsswitch reloading patch set; this broke compat (default config ignored) and shadow files (secondary name ignored) which relies on these fallbacks. This patch adds in the previous behavior by correcting the initialization of the database list to reflect the fallbacks. This means that the nss_database_lookup2 interface no longer needs to be passed the fallback info, so API and callers were adjusted. Since all callers needed to be edited anyway, the calls were changed from __nss_database_lookup2 to the faster __nss_database_get. This was an intended optimization which was deferred during the initial lookup changes to avoid touching so many files. The test case verifies that compat targets work (passwd) and that the default configuration works (group). Tested on x86-64.
* nscd: Fix double free in netgroupcache [BZ #27462]DJ Delorie2021-03-021-2/+2
| | | | | | | | | | | | | In commit 745664bd798ec8fd50438605948eea594179fba1 a use-after-free was fixed, but this led to an occasional double-free. This patch tracks the "live" allocation better. Tested manually by a third party. Related: RHBZ 1927877 Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Update copyright dates with scripts/update-copyrightsPaul Eggert2021-01-021-1/+1
| | | | | | | | | | | | | | | | I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 6694 files FOO. I then removed trailing white space from benchtests/bench-pthread-locks.c and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this diagnostic from Savannah: remote: *** pre-commit check failed ... remote: *** error: lines with trailing whitespace found remote: error: hook declined to update refs/heads/master
* nsswitch: use new internal API (callers)DJ Delorie2020-12-041-2/+2
| | | | | | Stitch new ABI and types throughout all NSS callers. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Update copyright dates with scripts/update-copyrights.Joseph Myers2020-01-011-1/+1
|
* Prefer https to http for gnu.org and fsf.org URLsPaul Eggert2019-09-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also, change sources.redhat.com to sourceware.org. This patch was automatically generated by running the following shell script, which uses GNU sed, and which avoids modifying files imported from upstream: sed -ri ' s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g ' \ $(find $(git ls-files) -prune -type f \ ! -name '*.po' \ ! -name 'ChangeLog*' \ ! -path COPYING ! -path COPYING.LIB \ ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \ ! -path manual/texinfo.tex ! -path scripts/config.guess \ ! -path scripts/config.sub ! -path scripts/install-sh \ ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \ ! -path INSTALL ! -path locale/programs/charmap-kw.h \ ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \ ! '(' -name configure \ -execdir test -f configure.ac -o -f configure.in ';' ')' \ ! '(' -name preconfigure \ -execdir test -f preconfigure.ac ';' ')' \ -print) and then by running 'make dist-prepare' to regenerate files built from the altered files, and then executing the following to cleanup: chmod a+x sysdeps/unix/sysv/linux/riscv/configure # Omit irrelevant whitespace and comment-only changes, # perhaps from a slightly-different Autoconf version. git checkout -f \ sysdeps/csky/configure \ sysdeps/hppa/configure \ sysdeps/riscv/configure \ sysdeps/unix/sysv/linux/csky/configure # Omit changes that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines git checkout -f \ sysdeps/powerpc/powerpc64/ppc-mcount.S \ sysdeps/unix/sysv/linux/s390/s390-64/syscall.S # Omit change that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
* nss: Turn __nss_database_lookup into a compatibility symbolFlorian Weimer2019-05-151-1/+1
| | | | | | | | | | | | | The function uses the internal service_user type, so it is not really usable from the outside of glibc. Rename the function to __nss_database_lookup2 for internal use, and change __nss_database_lookup to always indicate failure to the caller. __nss_next already was a compatibility symbol. The new implementation always fails and no longer calls __nss_next2. unscd, the alternative nscd implementation, does not use __nss_database_lookup, so it is not affected by this change.
* Update copyright dates with scripts/update-copyrights.Joseph Myers2019-01-011-1/+1
| | | | | | | * All files with FSF copyright notices: Update copyright dates using scripts/update-copyrights. * locale/programs/charmap-kw.h: Regenerated. * locale/programs/locfile-kw.h: Likewise.
* nscd: Fix use-after-free in addgetnetgrentX [BZ #23520]Florian Weimer2018-08-281-13/+29
| | | | | addinnetgrX may use the heap-allocated buffer, so free the buffer in this function.
* Fix concurrent changes on nscd aware files (BZ #23178)Adhemerval Zanella2018-05-161-56/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As indicated by BZ#23178, concurrent access on some files read by nscd may result non expected data send through service requisition. This is due 'sendfile' Linux implementation where for sockets with zero-copy support, callers must ensure the transferred portions of the the file reffered by input file descriptor remain unmodified until the reader on the other end of socket has consumed the transferred data. I could not find any explicit documentation stating this behaviour on Linux kernel documentation. However man-pages sendfile entry [1] states in NOTES the aforementioned remark. It was initially pushed on man-pages with an explicit testcase [2] that shows changing the file used in 'sendfile' call prior the socket input data consumption results in previous data being lost. From commit message it stated on tested Linux version (3.15) only TCP socket showed this issues, however on recent kernels (4.4) I noticed the same behaviour for local sockets as well. Since sendfile on HURD is a read/write operation and the underlying issue on Linux, the straightforward fix is just remove sendfile use altogether. I am really skeptical it is hitting some hotstop (there are indication over internet that sendfile is helpfull only for large files, more than 10kb) here to justify that extra code complexity or to pursuit other possible fix (through memory or file locks for instance, which I am not sure it is doable). Checked on x86_64-linux-gnu. [BZ #23178] * nscd/nscd-client.h (sendfileall): Remove prototype. * nscd/connections.c [HAVE_SENDFILE] (sendfileall): Remove function. (handle_request): Use writeall instead of sendfileall. * nscd/aicache.c (addhstaiX): Likewise. * nscd/grpcache.c (cache_addgr): Likewise. * nscd/hstcache.c (cache_addhst): Likewise. * nscd/initgrcache.c (addinitgroupsX): Likewise. * nscd/netgroupcache.c (addgetnetgrentX, addinnetgrX): Likewise. * nscd/pwdcache.c (cache_addpw): Likewise. * nscd/servicescache.c (cache_addserv): Likewise. * sysdeps/unix/sysv/linux/Makefile [$(subdir) == nscd] (sysdep-CFLAGS): Remove -DHAVE_SENDFILE. * sysdeps/unix/sysv/linux/kernel-features.h (__ASSUME_SENDFILE): Remove define. [1] http://man7.org/linux/man-pages/man2/sendfile.2.html [2] https://github.com/mkerrisk/man-pages/commit/7b6a3299776b5c1c4f169a591434a855d50c68b4#diff-efd6af3a70f0f07c578e85b51e83b3c3
* [BZ #22342] Fix netgroup cache keys.DJ Delorie2018-03-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unlike other nscd caches, the netgroup cache contains two types of records - those for "iterate through a netgroup" (i.e. setnetgrent()) and those for "is this user in this netgroup" (i.e. innetgr()), i.e. full and partial records. The timeout code assumes these records have the same key for the group name, so that the collection of records that is "this netgroup" can be expired as a unit. However, the keys are not the same, as the in-netgroup key is generated by nscd rather than being passed to it from elsewhere, and is generated without the trailing NUL. All other keys have the trailing NUL, and as noted in the linked BZ, debug statements confirm that two keys for the same netgroup are added to the cache with two different lengths. The result of this is that as records in the cache expire, the purge code only cleans out one of the two types of entries, resulting in stale, possibly incorrect, and possibly inconsistent cache data. The patch simply includes the existing NUL in the computation for the key length ('key' points to the char after the NUL, and 'group' to the first char of the group, so 'key-group' includes the first char to the NUL, inclusive). [BZ #22342] * nscd/netgroupcache.c (addinnetgrX): Include trailing NUL in key value. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Update copyright dates with scripts/update-copyrights.Joseph Myers2018-01-011-1/+1
| | | | | | | * All files with FSF copyright notices: Update copyright dates using scripts/update-copyrights. * locale/programs/charmap-kw.h: Regenerated. * locale/programs/locfile-kw.h: Likewise.
* nscd: Release read lock after resetting timeout.DJ Delorie2017-09-251-0/+2
| | | | | | | | | | | | [BZ #22161] * nscd/netgroupcache.c (addinnetgrX): Release read lock after resetting timeout. Reviewed-by: Jonathan Nieder <jrnieder@gmail.com> Reviewed-by: Andreas Schwab <schwab@suse.de> A lock is held by mempool_allocate() when CACHEABLE is true; we must release this lock if we exit early.
* Update copyright dates with scripts/update-copyrights.Joseph Myers2017-01-011-1/+1
|
* Update copyright dates with scripts/update-copyrights.Joseph Myers2016-01-041-1/+1
|
* Update copyright dates with scripts/update-copyrights.Joseph Myers2015-01-021-1/+1
|
* Rework some nscd code not to use variable-length struct types.Roland McGrath2014-10-221-8/+6
|
* Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (BZ #16878)Siddhesh Poyarekar2014-05-261-6/+8
| | | | | | | | | | | | The netgroups nss modules in the glibc tree use NSS_STATUS_UNAVAIL (with errno as ERANGE) when the supplied buffer does not have sufficient space for the result. This is wrong, because the canonical way to indicate insufficient buffer is to set the errno to ERANGE and the status to NSS_STATUS_TRYAGAIN, as is used by all other modules. This fixes nscd behaviour when the nss_ldap module returns NSS_STATUS_TRYAGAIN to indicate that a netgroup entry is too long to fit into the supplied buffer.
* Consolidate code to initialize nscd dataset headerSiddhesh Poyarekar2014-04-301-21/+12
| | | | | | | | | | This patch consolidates the code to initialize the header of a dataset into a single set of functions (one for positive and another for negative datasets) primarily to reduce repetition of code. The secondary reason is to simplify Patch 2/2 which fixes the problem of an uninitialized byte in the header by initializing an unused field in the structure and hence preventing a possible data leak into the cache file.
* Avoid overlapping addresses to stpcpy calls in nscd (BZ #16760)Siddhesh Poyarekar2014-03-271-6/+10
| | | | | | | | | | | | | | | | | | Calls to stpcpy from nscd netgroups code will have overlapping source and destination when all three values in the returned triplet are non-NULL and in the expected (host,user,domain) order. This is seen in valgrind as: ==3181== Source and destination overlap in stpcpy(0x19973b48, 0x19973b48) ==3181== at 0x4C2F30A: stpcpy (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==3181== by 0x12567A: addgetnetgrentX (string3.h:111) ==3181== by 0x12722D: addgetnetgrent (netgroupcache.c:665) ==3181== by 0x11114C: nscd_run_worker (connections.c:1338) ==3181== by 0x4E3C102: start_thread (pthread_create.c:309) ==3181== by 0x59B81AC: clone (clone.S:111) ==3181== Fix this by using memmove instead of stpcpy.
* Fix nscd lookup for innetgr when netgroup has wildcards (BZ #16758)Siddhesh Poyarekar2014-03-271-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | nscd works correctly when the request in innetgr is a wildcard, i.e. when one or more of host, user or domain parameters is NULL. However, it does not work when the the triplet in the netgroup definition has a wildcard. This is easy to reproduce for a triplet defined as follows: foonet (,foo,) Here, an innetgr call that looks like this: innetgr ("foonet", "foohost", "foo", NULL); should succeed and so should: innetgr ("foonet", NULL, "foo", "foodomain"); It does succeed with nscd disabled, but not with nscd enabled. This fix adds this additional check for all three parts of the triplet so that it gives the correct result. [BZ #16758] * nscd/netgroupcache.c (addinnetgrX): Succeed if triplet has blank values.
* Provide correct buffer length to netgroup queries in nscd (BZ #16695)Siddhesh Poyarekar2014-03-121-1/+1
| | | | | | | | | The buffer to query netgroup entries is allocated sufficient space for the netgroup entries and the key to be appended at the end, but it sends in an incorrect available length to the NSS netgroup query functions, resulting in overflow of the buffer in some special cases. The fix here is to factor in the key length when sending the available buffer and buffer length to the query functions.
* Use glibc_likely instead __builtin_expect.Ondřej Bílka2014-02-101-4/+4
|
* Avoid undefined behaviour in netgroupcacheSiddhesh Poyarekar2014-01-271-5/+11
| | | | | | Using a buffer after it has been reallocated is undefined behaviour, so get offsets of the triplets in the old buffer before reallocating it.
* Adjust pointers to triplets in netgroup query data (BZ #16474)Siddhesh Poyarekar2014-01-241-1/+11
| | | | | | | | | The _nss_*_getnetgrent_r query populates the netgroup results in the allocated buffer and then sets the result triplet to point to strings in the buffer. This is a problem when the buffer is reallocated since the pointers to the triplet strings are no longer valid. The pointers need to be adjusted so that they now point to strings in the reallocated buffer.
* Don't use alloca in addgetnetgrentX (BZ #16453)Siddhesh Poyarekar2014-01-161-31/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | addgetnetgrentX has a buffer which is grown as per the needs of the requested size either by using alloca or by falling back to malloc if the size is larger than 1K. There are two problems with the alloca bits: firstly, it doesn't really extend the buffer since it does not use the return value of the extend_alloca macro, which is the location of the reallocated buffer. Due to this the buffer does not actually extend itself and hence a subsequent write may overwrite stuff on the stack. The second problem is more subtle - the buffer growth on the stack is discontinuous due to block scope local variables. Combine that with the fact that unlike realloc, extend_alloca does not copy over old content and you have a situation where the buffer just has garbage in the space where it should have had data. This could have been fixed by adding code to copy over old data whenever we call extend_alloca, but it seems unnecessarily complicated. This code is not exactly a performance hotspot (it's called when there is a cache miss, so factors like network lookup or file reads will dominate over memory allocation/reallocation), so this premature optimization is unnecessary. Thanks Brad Hubbard <bhubbard@redhat.com> for his help with debugging the problem.
* Fix return code from getent netgroup when the netgroup is not found (bz #16366)Siddhesh Poyarekar2014-01-021-29/+62
| | | | | | | nscd incorrectly returns a success even when the netgroup in question is not found and adds a positive result in the cache. this patch fixes this behaviour by adding a negative lookup entry to cache and returning an error when the netgroup is not found.
* Fix infinite loop in nscd when netgroup is empty (bz #16365)Siddhesh Poyarekar2014-01-021-3/+4
| | | | | | | | | Currently, when a user looks up a netgroup that does not have any members, nscd goes into an infinite loop trying to find members in the group. This is because it does not handle cases when getnetgrent returns an NSS_STATUS_NOTFOUND (which is what it does on empty group). Fixed to handle this in the same way as NSS_STATUS_RETURN, similar to what getgrent does by itself.
* Update copyright notices with scripts/update-copyrightsAllan McRae2014-01-011-1/+1
|
* Fix nesting of ifdefs in netgroupcache.cAllan McRae2013-09-091-2/+2
| | | | Fixes unclosed '{' if HAVE_SENDFILE is defined (BZ #15895).
* Fix handling of netgroup cache in nscdAndreas Schwab2013-06-111-12/+20
|
* Update copyright notices with scripts/update-copyrights.Joseph Myers2013-01-021-1/+1
|
* Hurd: #include <kernel-features.h>Thomas Schwinge2012-05-101-4/+3
|
* Replace FSF snail mail address with URLs.Paul Eggert2012-02-091-2/+1
|
* Fix nesting of #ifdefs in netgroupcache.cUlrich Drepper2011-10-171-2/+2
|
* Implement caching of nscdUlrich Drepper2011-10-071-0/+669