| /* SPDX-License-Identifier: LGPL-2.1+ */ |
| #include <sys/poll.h> |
| |
| #include "fd-util.h" |
| #include "io-util.h" |
| #include "nscd-flush.h" |
| #include "socket-util.h" |
| #include "strv.h" |
| #include "time-util.h" |
| |
| #define NSCD_FLUSH_CACHE_TIMEOUT_USEC (5*USEC_PER_SEC) |
| |
| struct nscdInvalidateRequest { |
| int32_t version; |
| int32_t type; /* in glibc this is an enum. We don't replicate this here 1:1. Also, wtf, how unportable is that |
| * even? */ |
| int32_t key_len; |
| char dbname[]; |
| }; |
| |
| static const union sockaddr_union nscd_sa = { |
| .un.sun_family = AF_UNIX, |
| .un.sun_path = "/run/nscd/socket", |
| }; |
| |
| static int nscd_flush_cache_one(const char *database, usec_t end) { |
| size_t req_size, has_written = 0, has_read = 0, l; |
| struct nscdInvalidateRequest *req; |
| _cleanup_close_ int fd = -1; |
| int32_t resp; |
| int events; |
| |
| assert(database); |
| |
| l = strlen(database); |
| req_size = offsetof(struct nscdInvalidateRequest, dbname) + l + 1; |
| |
| req = alloca(req_size); |
| *req = (struct nscdInvalidateRequest) { |
| .version = 2, |
| .type = 10, |
| .key_len = l + 1, |
| }; |
| |
| strcpy(req->dbname, database); |
| |
| fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0); |
| if (fd < 0) |
| return log_debug_errno(errno, "Failed to allocate nscd socket: %m"); |
| |
| /* Note: connect() returns EINPROGRESS if O_NONBLOCK is set and establishing a connection takes time. The |
| * kernel lets us know this way that the connection is now being established, and we should watch with poll() |
| * to learn when it is fully established. That said, AF_UNIX on Linux never triggers this IRL (connect() is |
| * always instant on AF_UNIX), hence handling this is mostly just an exercise in defensive, protocol-agnostic |
| * programming. |
| * |
| * connect() returns EAGAIN if the socket's backlog limit has been reached. When we see this we give up right |
| * away, after all this entire function here is written in a defensive style so that a non-responding nscd |
| * doesn't stall us for good. (Even if we wanted to handle this better: the Linux kernel doesn't really have a |
| * nice way to connect() to a server synchronously with a time limit that would also cover dealing with the |
| * backlog limit. After all SO_RCVTIMEO and SR_SNDTIMEO don't apply to connect(), and alarm() is frickin' ugly |
| * and not really reasonably usable from threads-aware code.) */ |
| if (connect(fd, &nscd_sa.sa, SOCKADDR_UN_LEN(nscd_sa.un)) < 0) { |
| if (errno == EAGAIN) |
| return log_debug_errno(errno, "nscd is overloaded (backlog limit reached) and refuses to take further connections: %m"); |
| if (errno != EINPROGRESS) |
| return log_debug_errno(errno, "Failed to connect to nscd socket: %m"); |
| |
| /* Continue in case of EINPROGRESS, but don't bother with send() or recv() until being notified that |
| * establishing the connection is complete. */ |
| events = 0; |
| } else |
| events = POLLIN|POLLOUT; /* Let's assume initially that we can write and read to the fd, to suppress |
| * one poll() invocation */ |
| for (;;) { |
| usec_t p; |
| |
| if (events & POLLOUT) { |
| ssize_t m; |
| |
| assert(has_written < req_size); |
| |
| m = send(fd, (uint8_t*) req + has_written, req_size - has_written, MSG_NOSIGNAL); |
| if (m < 0) { |
| if (errno != EAGAIN) /* Note that EAGAIN is returned by the kernel whenever it can't |
| * take the data right now, and that includes if the connect() is |
| * asynchronous and we saw EINPROGRESS on it, and it hasn't |
| * completed yet. */ |
| return log_debug_errno(errno, "Failed to write to nscd socket: %m"); |
| } else |
| has_written += m; |
| } |
| |
| if (events & (POLLIN|POLLERR|POLLHUP)) { |
| ssize_t m; |
| |
| if (has_read >= sizeof(resp)) |
| return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Response from nscd longer than expected: %m"); |
| |
| m = recv(fd, (uint8_t*) &resp + has_read, sizeof(resp) - has_read, 0); |
| if (m < 0) { |
| if (errno != EAGAIN) |
| return log_debug_errno(errno, "Failed to read from nscd socket: %m"); |
| } else if (m == 0) { /* EOF */ |
| if (has_read == 0 && has_written >= req_size) /* Older nscd immediately terminated the |
| * connection, accept that as OK */ |
| return 1; |
| |
| return log_debug_errno(SYNTHETIC_ERRNO(EIO), "nscd prematurely ended connection."); |
| } else |
| has_read += m; |
| } |
| |
| if (has_written >= req_size && has_read >= sizeof(resp)) { /* done? */ |
| if (resp < 0) |
| return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "nscd sent us a negative error number: %i", resp); |
| if (resp > 0) |
| return log_debug_errno(resp, "nscd return failure code on invalidating '%s'.", database); |
| return 1; |
| } |
| |
| p = now(CLOCK_MONOTONIC); |
| if (p >= end) |
| return -ETIMEDOUT; |
| |
| events = fd_wait_for_event(fd, POLLIN | (has_written < req_size ? POLLOUT : 0), end - p); |
| if (events < 0) |
| return events; |
| } |
| } |
| |
| int nscd_flush_cache(char **databases) { |
| usec_t end; |
| int r = 0; |
| char **i; |
| |
| /* Tries to invalidate the specified database in nscd. We do this carefully, with a 5s time-out, so that we |
| * don't block indefinitely on another service. */ |
| |
| end = usec_add(now(CLOCK_MONOTONIC), NSCD_FLUSH_CACHE_TIMEOUT_USEC); |
| |
| STRV_FOREACH(i, databases) { |
| int k; |
| |
| k = nscd_flush_cache_one(*i, end); |
| if (k < 0 && r >= 0) |
| r = k; |
| } |
| |
| return r; |
| } |