From patchwork Wed Jan 18 09:16:31 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Kahl X-Patchwork-Id: 18935 Received: (qmail 87165 invoked by alias); 18 Jan 2017 09:16:57 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 87148 invoked by uid 89); 18 Jan 2017 09:16:55 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_LOW, SPF_PASS autolearn=ham version=3.3.2 spammy=db, Alexander, dbs, activation X-HELO: zucker.schokokeks.org User-agent: mu4e 0.9.18; emacs 25.1.1 From: Alexander Kahl To: libc-alpha@sourceware.org Subject: [PATCH] nscd: added passthru option value Date: Wed, 18 Jan 2017 10:16:31 +0100 Message-ID: <87bmv4ohhs.fsf@adorno.in.lshift.de> Mime-Version: 1.0 The addition of a "passthru" option value for the enable-cache option allows nscd to act as an nsd, name service daemon, without caching functionality. The effect is the same as using nscd with a cache TTL of 0, but without the overhead of actually looking up cached values or writing them. This adds the benefit that ns(c)d can be used as a safety mechanism to load potentially unsafe or broken NSS modules. The idea for this came up as a result of the discussion at https://sourceware.org/ml/libc-help/2016-12/msg00005.html. 2017-01-18 Alexander Kahl * nscd/nscd.c: Added passthru option value. * nscd/connections.c: Likewise. * nscd/grpcache.c: Likewise. * nscd/hstcache.c: Likewise. * nscd/netgroupcache.c: Likewise. * nscd/nscd.conf: Likewise. * nscd/nscd.h: Likewise. * nscd/nscd_conf.c: Likewise. * nscd/pwdcache.c: Likewise. * nscd/servicescache.c: Likewise. --- ChangeLog | 13 +++++++++++++ nscd/connections.c | 19 ++++++++++--------- nscd/grpcache.c | 5 ++++- nscd/hstcache.c | 6 ++++-- nscd/netgroupcache.c | 4 ++-- nscd/nscd.c | 2 +- nscd/nscd.conf | 2 +- nscd/nscd.h | 9 ++++++++- nscd/nscd_conf.c | 6 ++++-- nscd/pwdcache.c | 6 ++++-- nscd/servicescache.c | 4 +++- 11 files changed, 54 insertions(+), 22 deletions(-) diff --git a/nscd/connections.c b/nscd/connections.c index 26d2c00..e520d2c 100644 --- a/nscd/connections.c +++ b/nscd/connections.c @@ -520,7 +520,7 @@ nscd_init (void) nthreads = 4; for (size_t cnt = 0; cnt < lastdb; ++cnt) - if (dbs[cnt].enabled) + if (dbs[cnt].enabled == cache_enabled) { pthread_rwlock_init (&dbs[cnt].lock, NULL); pthread_mutex_init (&dbs[cnt].memlock, NULL); @@ -853,7 +853,7 @@ cannot set socket to close on exec: %s; disabling paranoia mode"), } #ifdef HAVE_NETLINK - if (dbs[hstdb].enabled) + if (dbs[hstdb].enabled != cache_disabled) { /* Try to open netlink socket to monitor network setting changes. */ nl_status_fd = socket (AF_NETLINK, @@ -1022,7 +1022,7 @@ invalidate_cache (char *key, int fd) return; } - if (dbs[number].enabled) + if (dbs[number].enabled == cache_enabled) { pthread_mutex_lock (&dbs[number].prune_run_lock); prune_cache (&dbs[number], LONG_MAX, fd); @@ -1135,7 +1135,8 @@ request from '%s' [%ld] not handled due to missing permission"), struct database_dyn *db = reqinfo[req->type].db; /* See whether we can service the request from the cache. */ - if (__builtin_expect (reqinfo[req->type].data_request, true)) + if (__builtin_expect (reqinfo[req->type].data_request, true) + && db->enabled != cache_passthru) { if (__builtin_expect (debug_level, 0) > 0) { @@ -1153,7 +1154,7 @@ request from '%s' [%ld] not handled due to missing permission"), } /* Is this service enabled? */ - if (__glibc_unlikely (!db->enabled)) + if (__glibc_unlikely (db->enabled == cache_disabled)) { /* No, sent the prepared record. */ if (TEMP_FAILURE_RETRY (send (fd, db->disabled_iov->iov_base, @@ -1461,7 +1462,7 @@ cannot change to old working directory: %s; disabling paranoia mode"), /* Synchronize memory. */ int32_t certainly[lastdb]; for (int cnt = 0; cnt < lastdb; ++cnt) - if (dbs[cnt].enabled) + if (dbs[cnt].enabled == cache_enabled) { /* Make sure nobody keeps using the database. */ dbs[cnt].head->timestamp = 0; @@ -1507,7 +1508,7 @@ cannot change to old working directory: %s; disabling paranoia mode"), /* Reenable the databases. */ time_t now = time (NULL); for (int cnt = 0; cnt < lastdb; ++cnt) - if (dbs[cnt].enabled) + if (dbs[cnt].enabled == cache_enabled) { dbs[cnt].head->timestamp = now; dbs[cnt].head->nscd_certainly_running = certainly[cnt]; @@ -1545,7 +1546,7 @@ __attribute__ ((__noreturn__)) nscd_run_prune (void *p) { const long int my_number = (long int) p; - assert (dbs[my_number].enabled); + assert (dbs[my_number].enabled == cache_enabled); int dont_need_update = setup_thread (&dbs[my_number]); @@ -2479,7 +2480,7 @@ start_threads (void) } pthread_t th; - if (dbs[i].enabled + if (dbs[i].enabled == cache_enabled && pthread_create (&th, &attr, nscd_run_prune, (void *) i) != 0) { dbg_log (_("could not start clean-up thread; terminating")); diff --git a/nscd/grpcache.c b/nscd/grpcache.c index d2ad535..a0975f2 100644 --- a/nscd/grpcache.c +++ b/nscd/grpcache.c @@ -495,7 +495,10 @@ addgrbyX (struct database_dyn *db, int fd, request_header *req, buffer = (char *) extend_alloca (buffer, buflen, 2 * buflen); } - time_t timeout = cache_addgr (db, fd, req, keystr, grp, uid, he, dh, errval); + time_t timeout = 0; + + if (db->enabled != cache_passthru) + timeout = cache_addgr (db, fd, req, keystr, grp, uid, he, dh, errval); if (use_malloc) free (buffer); diff --git a/nscd/hstcache.c b/nscd/hstcache.c index 9f6ce97..b2959cc 100644 --- a/nscd/hstcache.c +++ b/nscd/hstcache.c @@ -521,8 +521,10 @@ addhstbyX (struct database_dyn *db, int fd, request_header *req, buffer = (char *) extend_alloca (buffer, buflen, 2 * buflen); } - time_t timeout = cache_addhst (db, fd, req, key, hst, uid, he, dh, - h_errno == TRY_AGAIN ? errval : 0, ttl); + time_t timeout = 0; + if (db->enabled != cache_passthru) + timeout = cache_addhst (db, fd, req, key, hst, uid, he, dh, + h_errno == TRY_AGAIN ? errval : 0, ttl); if (use_malloc) free (buffer); diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c index cd0c3ea..102a1a5 100644 --- a/nscd/netgroupcache.c +++ b/nscd/netgroupcache.c @@ -442,7 +442,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, } } - if (cacheable) + if (cacheable && db->enabled != cache_passthru) { /* If necessary, we also propagate the data to disk. */ if (db->persistent) @@ -624,7 +624,7 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, } } - if (cacheable) + if (cacheable && db->enabled != cache_passthru) { /* If necessary, we also propagate the data to disk. */ if (db->persistent) diff --git a/nscd/nscd.c b/nscd/nscd.c index 69ef413..e9dd8c2 100644 --- a/nscd/nscd.c +++ b/nscd/nscd.c @@ -557,7 +557,7 @@ termination_handler (int signum) /* Synchronize memory. */ for (int cnt = 0; cnt < lastdb; ++cnt) { - if (!dbs[cnt].enabled || dbs[cnt].head == NULL) + if (dbs[cnt].enabled == cache_disabled || dbs[cnt].head == NULL) continue; /* Make sure nobody keeps using the database. */ diff --git a/nscd/nscd.conf b/nscd/nscd.conf index 39b8759..a5d64ef 100644 --- a/nscd/nscd.conf +++ b/nscd/nscd.conf @@ -16,7 +16,7 @@ # paranoia # restart-interval