Arthur de Jong

-#define WRITE_TIMEOUT 60*1000

-#define WRITEBUFFER_MAXSIZE 1*1024*1024

-static int nslcd_debugging=0;

-static int nslcd_checkonly=0;

-static volatile int nslcd_exitsignal=0;

-static int nslcd_serversocket=-1;

- fprintf(fp,"%s\n",PACKAGE_STRING);

- fprintf(fp,"Written by Luke Howard and Arthur de Jong.\n\n");

- fprintf(fp,"Copyright (C) 1997-2012 Luke Howard, Arthur de Jong and West Consulting\n"

- "This is free software; see the source for copying conditions. There is NO\n"

- "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n");

-static void display_usage(FILE *fp,const char *program_name)

- fprintf(fp,"Usage: %s [OPTION]...\n",program_name);

- fprintf(fp,"Name Service LDAP connection daemon.\n");

- fprintf(fp," -c, --check check if the daemon already is running\n");

- fprintf(fp," -d, --debug don't fork and print debugging to stderr\n");

- fprintf(fp," --help display this help and exit\n");

- fprintf(fp," --version output version information and exit\n");

- fprintf(fp,"\n"

- "Report bugs to <%s>.\n",PACKAGE_BUGREPORT);

-static struct option const nslcd_options[] =

-{

- { "check", no_argument, NULL, 'c' },

- { "debug", no_argument, NULL, 'd' },

- { "help", no_argument, NULL, 'h' },

- { "version", no_argument, NULL, 'V' },

- { NULL, 0, NULL, 0 }

-static void parse_cmdline(int argc,char *argv[])

- while ((optc=getopt_long(argc,argv,NSLCD_OPTIONSTRING,nslcd_options,NULL))!=-1)

- case 'c': /* -c, --check check if the daemon already is running */

- nslcd_checkonly=1;

- break;

- case 'd': /* -d, --debug don't fork and print debugging to stderr */

- nslcd_debugging++;

- log_setdefaultloglevel(LOG_DEBUG);

- break;

- case 'h': /* --help display this help and exit */

- display_usage(stdout,argv[0]);

- exit(EXIT_SUCCESS);

- case 'V': /* --version output version information and exit */

- display_version(stdout);

- exit(EXIT_SUCCESS);

- case ':': /* missing required parameter */

- case '?': /* unknown option character or extraneous parameter */

- default:

- fprintf(stderr,"Try '%s --help' for more information.\n",

- argv[0]);

- exit(EXIT_FAILURE);

- if (optind<argc)

- fprintf(stderr,"%s: unrecognized option '%s'\n",

- argv[0],argv[optind]);

- fprintf(stderr,"Try '%s --help' for more information.\n",

- argv[0]);

- case SIGHUP: return "SIGHUP"; /* Hangup detected */

- case SIGINT: return "SIGINT"; /* Interrupt from keyboard */

- case SIGQUIT: return "SIGQUIT"; /* Quit from keyboard */

- case SIGILL: return "SIGILL"; /* Illegal Instruction */

- case SIGABRT: return "SIGABRT"; /* Abort signal from abort(3) */

- case SIGFPE: return "SIGFPE"; /* Floating point exception */

- case SIGKILL: return "SIGKILL"; /* Kill signal */

- case SIGSEGV: return "SIGSEGV"; /* Invalid memory reference */

- case SIGPIPE: return "SIGPIPE"; /* Broken pipe */

- case SIGALRM: return "SIGALRM"; /* Timer signal from alarm(2) */

- case SIGTERM: return "SIGTERM"; /* Termination signal */

- case SIGUSR1: return "SIGUSR1"; /* User-defined signal 1 */

- case SIGUSR2: return "SIGUSR2"; /* User-defined signal 2 */

- case SIGCHLD: return "SIGCHLD"; /* Child stopped or terminated */

- case SIGCONT: return "SIGCONT"; /* Continue if stopped */

- case SIGSTOP: return "SIGSTOP"; /* Stop process */

- case SIGTSTP: return "SIGTSTP"; /* Stop typed at tty */

- case SIGTTIN: return "SIGTTIN"; /* tty input for background process */

- case SIGTTOU: return "SIGTTOU"; /* tty output for background process */

- case SIGBUS: return "SIGBUS"; /* Bus error */

- case SIGPOLL: return "SIGPOLL"; /* Pollable event */

- case SIGPROF: return "SIGPROF"; /* Profiling timer expired */

- case SIGSYS: return "SIGSYS"; /* Bad argument to routine */

- case SIGTRAP: return "SIGTRAP"; /* Trace/breakpoint trap */

- case SIGURG: return "SIGURG"; /* Urgent condition on socket */

- case SIGVTALRM: return "SIGVTALRM"; /* Virtual alarm clock */

- case SIGXCPU: return "SIGXCPU"; /* CPU time limit exceeded */

- case SIGXFSZ: return "SIGXFSZ"; /* File size limit exceeded */

- default: return "UNKNOWN";

- nslcd_exitsignal=signum;

- log_log(LOG_WARNING,"problem closing server socket (ignored): %s",strerror(errno));

- if (unlink(NSLCD_SOCKET)<0)

- log_log(LOG_DEBUG,"unlink() of "NSLCD_SOCKET" failed (ignored): %s",

- if (unlink(NSLCD_PIDFILE)<0)

- log_log(LOG_DEBUG,"unlink() of "NSLCD_PIDFILE" failed (ignored): %s",

- log_log(LOG_INFO,"version %s bailing out",VERSION);

- char *tmpname,*path;

- tmpname=strdup(filename);

- if (tmpname==NULL) return;

- path=dirname(tmpname);

- if (mkdir(path,(mode_t)0755)==0)

- if (lchown(path,nslcd_cfg->ldc_uid,nslcd_cfg->ldc_gid)<0)

- log_log(LOG_WARNING,"problem setting permissions for %s: %s",path,strerror(errno));

- if ( (sock=socket(PF_UNIX,SOCK_STREAM,0))<0 )

- log_log(LOG_ERR,"cannot create socket: %s",strerror(errno));

- if (unlink(filename)<0)

- log_log(LOG_DEBUG,"unlink() of %s failed (ignored): %s",

- filename,strerror(errno));

- if ((i=fcntl(sock,F_GETFL,0))<0)

- log_log(LOG_ERR,"fctnl(F_GETFL) failed: %s",strerror(errno));

- log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno));

- if (fcntl(sock,F_SETFL,i|O_NONBLOCK)<0)

- log_log(LOG_ERR,"fctnl(F_SETFL,O_NONBLOCK) failed: %s",strerror(errno));

- log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno));

- memset(&addr,0,sizeof(struct sockaddr_un));

- addr.sun_family=AF_UNIX;

- strncpy(addr.sun_path,filename,sizeof(addr.sun_path));

- addr.sun_path[sizeof(addr.sun_path)-1]='\0';

- if (bind(sock,(struct sockaddr *)&addr,SUN_LEN(&addr)))

- log_log(LOG_ERR,"bind() to %s failed: %s",filename,strerror(errno));

- log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno));

- if (fcntl(sock,F_SETFD,FD_CLOEXEC)<0)

- log_log(LOG_ERR,"fctnl(F_SETFL,FD_CLOEXEC) on %s failed: %s",filename,strerror(errno));

- log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno));

- if (chmod(filename,(mode_t)0666))

- log_log(LOG_ERR,"chmod(0666) of %s failed: %s",filename,strerror(errno));

- log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno));

- if (listen(sock,SOMAXCONN)<0)

- log_log(LOG_ERR,"listen() failed: %s",strerror(errno));

- log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno));

-static int read_header(TFILE *fp,int32_t *action)

- READ_INT32(fp,protocol);

- if (protocol!=(int32_t)NSLCD_VERSION)

- log_log(LOG_DEBUG,"invalid nslcd version id: 0x%08x",(unsigned int)protocol);

- READ_INT32(fp,*action);

-static void handleconnection(int sock,MYLDAP_SESSION *session)

- uid_t uid=(uid_t)-1;

- gid_t gid=(gid_t)-1;

- pid_t pid=(pid_t)-1;

- if (getpeercred(sock,&uid,&gid,&pid))

- log_log(LOG_DEBUG,"connection from unknown client: %s",strerror(errno));

- log_log(LOG_DEBUG,"connection from pid=%d uid=%d gid=%d",

- (int)pid,(int)uid,(int)gid);

- if ((fp=tio_fdopen(sock,READ_TIMEOUT,WRITE_TIMEOUT,

- READBUFFER_MINSIZE,READBUFFER_MAXSIZE,

- WRITEBUFFER_MINSIZE,WRITEBUFFER_MAXSIZE))==NULL)

- log_log(LOG_WARNING,"cannot create stream for writing: %s",strerror(errno));

- if (read_header(fp,&action))

- case NSLCD_ACTION_CONFIG_GET: (void)nslcd_config_get(fp,session); break;

- case NSLCD_ACTION_ALIAS_BYNAME: (void)nslcd_alias_byname(fp,session); break;

- case NSLCD_ACTION_ALIAS_ALL: (void)nslcd_alias_all(fp,session); break;

- case NSLCD_ACTION_ETHER_BYNAME: (void)nslcd_ether_byname(fp,session); break;

- case NSLCD_ACTION_ETHER_BYETHER: (void)nslcd_ether_byether(fp,session); break;

- case NSLCD_ACTION_ETHER_ALL: (void)nslcd_ether_all(fp,session); break;

- case NSLCD_ACTION_GROUP_BYNAME: (void)nslcd_group_byname(fp,session); break;

- case NSLCD_ACTION_GROUP_BYGID: (void)nslcd_group_bygid(fp,session); break;

- case NSLCD_ACTION_GROUP_BYMEMBER: (void)nslcd_group_bymember(fp,session); break;

- case NSLCD_ACTION_GROUP_ALL: (void)nslcd_group_all(fp,session); break;

- case NSLCD_ACTION_HOST_BYNAME: (void)nslcd_host_byname(fp,session); break;

- case NSLCD_ACTION_HOST_BYADDR: (void)nslcd_host_byaddr(fp,session); break;

- case NSLCD_ACTION_HOST_ALL: (void)nslcd_host_all(fp,session); break;

- case NSLCD_ACTION_NETGROUP_BYNAME: (void)nslcd_netgroup_byname(fp,session); break;

- case NSLCD_ACTION_NETWORK_BYNAME: (void)nslcd_network_byname(fp,session); break;

- case NSLCD_ACTION_NETWORK_BYADDR: (void)nslcd_network_byaddr(fp,session); break;

- case NSLCD_ACTION_NETWORK_ALL: (void)nslcd_network_all(fp,session); break;

- case NSLCD_ACTION_PASSWD_BYNAME: (void)nslcd_passwd_byname(fp,session,uid); break;

- case NSLCD_ACTION_PASSWD_BYUID: (void)nslcd_passwd_byuid(fp,session,uid); break;

- case NSLCD_ACTION_PASSWD_ALL: (void)nslcd_passwd_all(fp,session,uid); break;

- case NSLCD_ACTION_PROTOCOL_BYNAME: (void)nslcd_protocol_byname(fp,session); break;

- case NSLCD_ACTION_PROTOCOL_BYNUMBER:(void)nslcd_protocol_bynumber(fp,session); break;

- case NSLCD_ACTION_PROTOCOL_ALL: (void)nslcd_protocol_all(fp,session); break;

- case NSLCD_ACTION_RPC_BYNAME: (void)nslcd_rpc_byname(fp,session); break;

- case NSLCD_ACTION_RPC_BYNUMBER: (void)nslcd_rpc_bynumber(fp,session); break;

- case NSLCD_ACTION_RPC_ALL: (void)nslcd_rpc_all(fp,session); break;

- case NSLCD_ACTION_SERVICE_BYNAME: (void)nslcd_service_byname(fp,session); break;

- case NSLCD_ACTION_SERVICE_BYNUMBER: (void)nslcd_service_bynumber(fp,session); break;

- case NSLCD_ACTION_SERVICE_ALL: (void)nslcd_service_all(fp,session); break;

- case NSLCD_ACTION_SHADOW_BYNAME: if (uid==0) (void)nslcd_shadow_byname(fp,session);

- else log_log(LOG_DEBUG,"denied shadow request by non-root user"); break;

- case NSLCD_ACTION_SHADOW_ALL: if (uid==0) (void)nslcd_shadow_all(fp,session);

- else log_log(LOG_DEBUG,"denied shadow request by non-root user"); break;

- case NSLCD_ACTION_PAM_AUTHC: (void)nslcd_pam_authc(fp,session,uid); break;

- case NSLCD_ACTION_PAM_AUTHZ: (void)nslcd_pam_authz(fp,session); break;

- case NSLCD_ACTION_PAM_SESS_O: (void)nslcd_pam_sess_o(fp,session); break;

- case NSLCD_ACTION_PAM_SESS_C: (void)nslcd_pam_sess_c(fp,session); break;

- case NSLCD_ACTION_PAM_PWMOD: (void)nslcd_pam_pwmod(fp,session,uid); break;

- log_log(LOG_WARNING,"invalid request id: 0x%08x",(unsigned int)action);

-static int is_locked(const char* filename)

- if (filename!=NULL)

- errno=0;

- if ((fd=open(filename,O_RDWR,0644))<0)

- if (errno==ENOENT)

- log_log(LOG_ERR,"cannot open lock file (%s): %s",filename,strerror(errno));

- if (lockf(fd,F_TEST,0)<0)

- log_log(LOG_WARNING,"problem closing fd: %s",strerror(errno));

- log_log(LOG_WARNING,"problem closing fd: %s",strerror(errno));

- if (filename!=NULL)

- if ((fd=open(filename,O_RDWR|O_CREAT,0644))<0)

- log_log(LOG_ERR,"cannot create pid file (%s): %s",filename,strerror(errno));

- if (lockf(fd,F_TLOCK,0)<0)

- log_log(LOG_ERR,"cannot lock pid file (%s): %s",filename,strerror(errno));

- if (ftruncate(fd,0)<0)

- log_log(LOG_ERR,"cannot truncate pid file (%s): %s",filename,strerror(errno));

- mysnprintf(buffer,sizeof(buffer),"%d\n",(int)getpid());

- if (write(fd,buffer,strlen(buffer))!=(int)strlen(buffer))

- log_log(LOG_ERR,"error writing pid file (%s): %s",filename,strerror(errno));

-static void install_sighandler(int signum,void (*handler) (int))

- memset(&act,0,sizeof(struct sigaction));

- act.sa_handler=handler;

- act.sa_flags=SA_RESTART|SA_NOCLDSTOP;

- if (sigaction(signum,&act,NULL)!=0)

- log_log(LOG_ERR,"error installing signal handler for '%s': %s",signame(signum),strerror(errno));

- MYLDAP_SESSION *session=(MYLDAP_SESSION *)arg;

- session=myldap_create_session();

- pthread_cleanup_push(worker_cleanup,session);

- FD_SET(nslcd_serversocket,&fds);

- tv.tv_sec=nslcd_cfg->ldc_idle_timelimit;

- tv.tv_usec=0;

- j=select(nslcd_serversocket+1,&fds,NULL,NULL,nslcd_cfg->ldc_idle_timelimit>0?&tv:NULL);

- if (j<0)

- if (errno==EINTR)

- log_log(LOG_DEBUG,"select() failed (ignored): %s",strerror(errno));

- log_log(LOG_ERR,"select() failed: %s",strerror(errno));

- if (!FD_ISSET(nslcd_serversocket,&fds))

- alen=(socklen_t)sizeof(struct sockaddr_storage);

- csock=accept(nslcd_serversocket,(struct sockaddr *)&addr,&alen);

- if (csock<0)

- if ((errno==EINTR)||(errno==EAGAIN)||(errno==EWOULDBLOCK))

- log_log(LOG_DEBUG,"accept() failed (ignored): %s",strerror(errno));

- log_log(LOG_ERR,"accept() failed: %s",strerror(errno));

- if ((j=fcntl(csock,F_GETFL,0))<0)

- log_log(LOG_ERR,"fctnl(F_GETFL) failed: %s",strerror(errno));

- log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno));

- if (fcntl(csock,F_SETFL,j&~O_NONBLOCK)<0)

- log_log(LOG_ERR,"fctnl(F_SETFL,~O_NONBLOCK) failed: %s",strerror(errno));

- log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno));

- handleconnection(csock,session);

- handle=dlopen(NSS_LDAP_SONAME,RTLD_LAZY|RTLD_NODELETE);

- handle=dlopen(NSS_LDAP_SONAME,RTLD_LAZY);

- if (handle==NULL)

- log_log(LOG_WARNING,"Warning: LDAP NSS module not loaded: %s",dlerror());

- enable_flag=(int *)dlsym(handle,"_nss_ldap_enablelookups");

- error=dlerror();

- if (error!=NULL)

- log_log(LOG_WARNING,"Warning: %s (probably older NSS module loaded)",error);

- if (__nss_configure_lookup("hosts","files dns"))

- log_log(LOG_ERR,"unable to override hosts lookup method: %s",strerror(errno));

- *enable_flag=0;

-int main(int argc,char *argv[])

- sigset_t signalmask,oldmask;

- parse_cmdline(argc,argv);

- if ( clearenv() ||

- putenv("HOME=/") ||

- putenv("TMPDIR=/tmp") ||

- putenv("LDAPNOINIT=1") )

- log_log(LOG_ERR,"clearing environment failed");

- environ=sane_environment;

- if (myldap_set_debuglevel(nslcd_debugging)!=LDAP_SUCCESS)

- if --check option was given:

- exit TRUE if daemon runs (pidfile locked), FALSE otherwise */

- log_log(LOG_DEBUG,"pidfile (%s) is locked",NSLCD_PIDFILE);

- log_log(LOG_DEBUG,"pidfile (%s) is not locked",NSLCD_PIDFILE);

- log_log(LOG_ERR,"daemon may already be active, cannot acquire lock (%s): %s",NSLCD_PIDFILE,strerror(errno));

- i=sysconf(_SC_OPEN_MAX)-1;

- if (i<0)

- i=32;

- for (;i>3;i--)

- if ((!nslcd_debugging)&&(daemon(0,0)<0))

- log_log(LOG_ERR,"unable to daemonize: %s",strerror(errno));

- log_log(LOG_INFO,"version %s starting",VERSION);

- log_log(LOG_ERR,"atexit() failed: %s",strerror(errno));

- nslcd_serversocket=create_socket(NSLCD_SOCKET);

- if ((nslcd_cfg->ldc_gid!=NOGID)&&(nslcd_cfg->ldc_uidname!=NULL))

- if (initgroups(nslcd_cfg->ldc_uidname,nslcd_cfg->ldc_gid)<0)

- log_log(LOG_WARNING,"cannot initgroups(\"%s\",%d) (ignored): %s",

- nslcd_cfg->ldc_uidname,(int)nslcd_cfg->ldc_gid,strerror(errno));

- log_log(LOG_DEBUG,"initgroups(\"%s\",%d) done",

- nslcd_cfg->ldc_uidname,(int)nslcd_cfg->ldc_gid);

- if (setgroups(0,NULL)<0)

- log_log(LOG_WARNING,"cannot setgroups(0,NULL) (ignored): %s",strerror(errno));

- log_log(LOG_DEBUG,"setgroups(0,NULL) done");

- log_log(LOG_DEBUG,"neither initgroups() or setgroups() available");

- if (nslcd_cfg->ldc_gid!=NOGID)

- if (setgid(nslcd_cfg->ldc_gid)!=0)

- log_log(LOG_ERR,"cannot setgid(%d): %s",(int)nslcd_cfg->ldc_gid,strerror(errno));

- log_log(LOG_DEBUG,"setgid(%d) done",(int)nslcd_cfg->ldc_gid);

- if (nslcd_cfg->ldc_uid!=NOUID)

- if (setuid(nslcd_cfg->ldc_uid)!=0)

- log_log(LOG_ERR,"cannot setuid(%d): %s",(int)nslcd_cfg->ldc_uid,strerror(errno));

- log_log(LOG_DEBUG,"setuid(%d) done",(int)nslcd_cfg->ldc_uid);

- sigaddset(&signalmask,SIGHUP);

- sigaddset(&signalmask,SIGINT);

- sigaddset(&signalmask,SIGQUIT);

- sigaddset(&signalmask,SIGABRT);

- sigaddset(&signalmask,SIGPIPE);

- sigaddset(&signalmask,SIGTERM);

- sigaddset(&signalmask,SIGUSR1);

- sigaddset(&signalmask,SIGUSR2);

- pthread_sigmask(SIG_BLOCK,&signalmask,&oldmask);

- log_log(LOG_INFO,"accepting connections");

- nslcd_threads=(pthread_t *)malloc(nslcd_cfg->ldc_threads*sizeof(pthread_t));

- if (nslcd_threads==NULL)

- log_log(LOG_CRIT,"main(): malloc() failed to allocate memory");

- for (i=0;i<nslcd_cfg->ldc_threads;i++)

- if (pthread_create(&nslcd_threads[i],NULL,worker,NULL))

- log_log(LOG_ERR,"unable to start worker thread %d: %s",i,strerror(errno));

- pthread_sigmask(SIG_SETMASK,&oldmask,NULL);

- install_sighandler(SIGQUIT,sigexit_handler);

- install_sighandler(SIGABRT,sigexit_handler);

- install_sighandler(SIGPIPE,SIG_IGN);

- install_sighandler(SIGTERM,sigexit_handler);

- install_sighandler(SIGUSR1,sigexit_handler);

- install_sighandler(SIGUSR2,sigexit_handler);

- while (nslcd_exitsignal==0)

- log_log(LOG_INFO,"caught signal %s (%d), shutting down",

- signame(nslcd_exitsignal),nslcd_exitsignal);

- for (i=0;i<nslcd_cfg->ldc_threads;i++)

- log_log(LOG_WARNING,"failed to stop thread %d (ignored): %s",i,strerror(errno));

- nslcd_serversocket=-1;

- ts.tv_sec=time(NULL)+3;

- ts.tv_nsec=0;

- for (i=0;i<nslcd_cfg->ldc_threads;i++)

- pthread_timedjoin_np(nslcd_threads[i],NULL,&ts);

- if (pthread_kill(nslcd_threads[i],0)==0)

- log_log(LOG_ERR,"thread %d is still running, shutting down anyway",i);