| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
The buffer to query netgroup entries is allocated sufficient space for
the netgroup entries and the key to be appended at the end, but it
sends in an incorrect available length to the NSS netgroup query
functions, resulting in overflow of the buffer in some special cases.
The fix here is to factor in the key length when sending the available
buffer and buffer length to the query functions.
|
|
|
|
|
|
|
|
| |
Currently the nscd service is installed in systemd as a simple
service, which means that it is able to handle its own errors and does
not quit. Since nscd does not fit that description, i.e. it can exit
on errors like, say, failing to parse nscd.conf, it should be declared
as forking instead.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the nscd parent process parses commandline options and
configuration, forks on startup and immediately exits with a success.
If the child process encounters some error after this, it goes
undetected and any services started up after it may have to repeatedly
check to make sure that the nscd service did actually start up and is
serving requests.
To make this process more reliable, I have added a pipe between the
parent and child process, through which the child process sends a
notification to the parent informing it of its status. The parent
waits for this status and once it receives it, exits with the
corresponding exit code. So if the child service sends a success
status (0), the parent exits with a success status. Similarly for
error conditions, the child sends the non-zero status code, which the
parent passes on as the exit code.
This, along with setting the nscd service type to forking in its
systemd configuration file, allows systemd to be certain that the nscd
service is ready and is accepting connections.
|
| |
|
|
|
|
|
|
| |
Using a buffer after it has been reallocated is undefined behaviour,
so get offsets of the triplets in the old buffer before reallocating
it.
|
|
|
|
|
|
|
|
|
| |
The _nss_*_getnetgrent_r query populates the netgroup results in the
allocated buffer and then sets the result triplet to point to strings
in the buffer. This is a problem when the buffer is reallocated since
the pointers to the triplet strings are no longer valid. The pointers
need to be adjusted so that they now point to strings in the
reallocated buffer.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
addgetnetgrentX has a buffer which is grown as per the needs of the
requested size either by using alloca or by falling back to malloc if
the size is larger than 1K. There are two problems with the alloca
bits: firstly, it doesn't really extend the buffer since it does not
use the return value of the extend_alloca macro, which is the location
of the reallocated buffer. Due to this the buffer does not actually
extend itself and hence a subsequent write may overwrite stuff on the
stack.
The second problem is more subtle - the buffer growth on the stack is
discontinuous due to block scope local variables. Combine that with
the fact that unlike realloc, extend_alloca does not copy over old
content and you have a situation where the buffer just has garbage in
the space where it should have had data.
This could have been fixed by adding code to copy over old data
whenever we call extend_alloca, but it seems unnecessarily
complicated. This code is not exactly a performance hotspot (it's
called when there is a cache miss, so factors like network lookup or
file reads will dominate over memory allocation/reallocation), so this
premature optimization is unnecessary.
Thanks Brad Hubbard <bhubbard@redhat.com> for his help with debugging
the problem.
|
|
|
|
|
|
| |
Usage output for option --invalidate=TABLE is not helpful without
list of tables. The list is also missing from nscd(8) manual which
made it pretty difficult to know what are the tables.
|
|
|
|
|
|
|
| |
nscd incorrectly returns a success even when the netgroup in question
is not found and adds a positive result in the cache. this patch
fixes this behaviour by adding a negative lookup entry to cache and
returning an error when the netgroup is not found.
|
|
|
|
|
|
|
|
|
| |
Currently, when a user looks up a netgroup that does not have any
members, nscd goes into an infinite loop trying to find members in the
group. This is because it does not handle cases when getnetgrent
returns an NSS_STATUS_NOTFOUND (which is what it does on empty group).
Fixed to handle this in the same way as NSS_STATUS_RETURN, similar to
what getgrent does by itself.
|
|
|
|
| |
Update copyright years that are not handled by scripts/update-copyright.
|
| |
|
|
|
|
| |
Provide an example systemd unit and tmpfile for running nscd.
|
| |
|
|
|
|
|
|
|
| |
Autoconf has been deprecating configure.in for quite a long time.
Rename all our configure.in and preconfigure.in files to .ac.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
|
|
| |
Fixes unclosed '{' if HAVE_SENDFILE is defined (BZ #15895).
|
| |
|
|
|
|
| |
Fixes BZ #15890.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
These prototypes are duplicated in many places. Add a dedicated
header for holding prototypes for program-specific functions to
avoid that.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
We refactor the inotify file checking code and the
database clearing code out of the main_loop_poll and
mail_loop_epoll functions. We document some the related
functions with appropriate comments.
|
| |
|
|
|
|
| |
This reverts commit dd31ac7a8e0d4cc24eee6815f9101caa5aa64291.
|
|
|
|
| |
This reverts commit 70d3e06ed0ffabb6ce974cc94b2cff1d67252193.
|
|
|
|
| |
This reverts commit 7e9b080575fd68c788c33623594ba5516fa7ceb0.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
* nscd/grpcache.c (cache_addgr): Properly check for short write.
* nscd/initgrcache.c (addinitgroupsX): Likewise.
* nscd/pwdcache.c (cache_addpw): Likewise.
* nscd/servicescache.c (cache_addserv): Likewise. Don't write
more than recsize.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* catgets/gencat.c: Update copyright year.
* csu/version.c: Likewise.
* debug/catchsegv.sh: Likewise.
* debug/pcprofiledump.c: Likewise.
* debug/xtrace.sh: Likewise.
* elf/ldconfig.c: Likewise.
* elf/ldd.bash.in: Likewise.
* elf/pldd.c: Likewise.
* elf/sotruss.ksh: Likewise.
* elf/sprof.c: Likewise.
* iconv/iconv_prog.c: Likewise.
* iconv/iconvconfig.c: Likewise.
* locale/programs/locale.c: Likewise.
* locale/programs/localedef.c: Likewise.
* login/programs/pt_chown.c: Likewise.
* malloc/memusage.sh: Likewise.
* malloc/memusagestat.c: Likewise.
* malloc/mtrace.pl: Likewise.
* nscd/nscd.c: Likewise.
* nss/getent.c: Likewise.
* nss/makedb.c: Likewise.
* posix/getconf.c: Likewise.
|
|
|
|
|
|
| |
* nscd/grpcache.c (cache_addgr): Rename alloca_used to
dataset_temporary. Track alloca usage into alloca_used.
If dataset is large allocate and release it via malloc/free.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 61653dfb81b776bb72ce4304175b861d77c357a8 added support for
compilers predefining _FORTIFY_SOURCE by adding -U_FORTIFY_SOURCE to
CPPFLAGS for these compilers, but that change doesn't work quite well in
case of nscd: its Makefile sets _FORTIFY_SOURCE using CFLAGS instead of
CPPFLAGS and, thanks to compilation rules defined in Makerules, CPPFLAGS
are passed to compiler after CFLAGS, resulting to a build with
_FORTIFY_SOURCE turned off.
This change implements a more safe method of passing preprocessor and
compiler flags so that no nscd modules could be accidentally forgotten.
|
|
|
|
| |
for USE_NSCD case.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2012-05-15 Jeff Law <law@redhat.com>
Andreas Jaeger <aj@suse.de>
[BZ #13594]
* nscd/nscd-client.h (__nscd_acquire_maplock): New function, split
out from...
* nscd/nscd_helper.c (__nscd_get_map_ref): ... here.
* nscd/nscd-client.h: Add __nscd_acquire_maplock.
* nscd/nscd_gethst_r.c (__nscd_get_nl_timestamp): Add locking to
code changing __hst_map_handle.map.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
2012-05-09 Andreas Jaeger <aj@suse.de>
* nscd/nscd.c (run_modes): Make named enum, reorder so that
default is first entry.
(run_mode): Set type.
(main): Remove informal message about syslog.
(options): Fix typo.
|
|
|
|
|
| |
* nscd/nscd.c (run_mode): Use enum.
(main): Cleanup coding style issue.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For a better integration of nscd with systemd, we should run nscd not as
daemon but in the foreground. A new --foreground option should be added.
2012-05-09 Alexandre Oliva <aoliva@redhat.com>
Andreas Jaeger <aj@suse.de>
* nscd/nscd.c (go_background): Replaced with...
(run_mode): ... this.
(RUN_FOREGROUND, RUN_DAEMONIZE, RUN_DEBUG): Add.
(options): Add -F --foreground.
(main): Implement it.
(parse_opt): Parse it.
|