[Pkg-shadow-commits] r1359 - in upstream/trunk: . lib

nekral-guest at alioth.debian.org nekral-guest at alioth.debian.org
Sat Nov 17 14:04:05 UTC 2007 

Author: nekral-guest
Date: 2007-11-17 14:04:05 +0000 (Sat, 17 Nov 2007)
New Revision: 1359

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/NEWS
   upstream/trunk/lib/commonio.c
   upstream/trunk/lib/nscd.c
   upstream/trunk/lib/nscd.h
Log:
* NEWS, lib/nscd.c: Execute nscd -i instead of using the private
  glibc socket to flush the nscd tables. This comes from the RedHat
  patch shadow-4.0.16-nscd.c.
* lib/commonio.c: Forbid inheritance of the passwd and group files
  to the spawed processes (like nscd). This comes from the RedHat
  patch shadow-4.0.17-notInheritFd.patch.
* lib/nscd.h: Update header.


Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog	2007-11-17 13:48:56 UTC (rev 1358)
+++ upstream/trunk/ChangeLog	2007-11-17 14:04:05 UTC (rev 1359)
@@ -1,5 +1,15 @@
 2007-11-17  Nicolas François  <nicolas.francois at centraliens.net>
 
+	* NEWS, lib/nscd.c: Execute nscd -i instead of using the private
+	glibc socket to flush the nscd tables. This comes from the RedHat
+	patch shadow-4.0.16-nscd.c.
+	* lib/commonio.c: Forbid inheritance of the passwd and group files
+	to the spawed processes (like nscd). This comes from the RedHat
+	patch shadow-4.0.17-notInheritFd.patch.
+	* lib/nscd.h: Update header.
+
+2007-11-17  Nicolas François  <nicolas.francois at centraliens.net>
+
 	* src/usermod.c (fail_exit): Add static variables pw_locked,
 	spw_locked, gr_locked, and sgr_locked to indicate which files must
 	be unlocked.

Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS	2007-11-17 13:48:56 UTC (rev 1358)
+++ upstream/trunk/NEWS	2007-11-17 14:04:05 UTC (rev 1359)
@@ -30,6 +30,8 @@
 - usermod: Update the group database before flushing the nscd caches.
 - usermod: Make sure the group modifications will be allowed before
   writing the passwd files.
+- Flush the nscd tables using nscd -i instead of the private glibc socket.
+  (RedHat patches shadow-4.0.16-nscd.c and shadow-4.0.17-notInheritFd.patch)
 
 shadow-4.0.18.1 -> shadow-4.0.18.2					28-10-2007
 

Modified: upstream/trunk/lib/commonio.c
===================================================================
--- upstream/trunk/lib/commonio.c	2007-11-17 13:48:56 UTC (rev 1358)
+++ upstream/trunk/lib/commonio.c	2007-11-17 14:04:05 UTC (rev 1359)
@@ -460,6 +460,10 @@
 		}
 		return 0;
 	}
+
+	/* Do not inherit fd in spawned processes (e.g. nscd) */
+	fcntl(fileno(db->fp), F_SETFD, FD_CLOEXEC);
+
 #ifdef WITH_SELINUX
 	db->scontext = NULL;
 	if ((is_selinux_enabled () > 0) && (!db->readonly)) {

Modified: upstream/trunk/lib/nscd.c
===================================================================
--- upstream/trunk/lib/nscd.c	2007-11-17 13:48:56 UTC (rev 1358)
+++ upstream/trunk/lib/nscd.c	2007-11-17 14:04:05 UTC (rev 1359)
@@ -1,101 +1,50 @@
-/* Copyright (c) 1999 SuSE GmbH Nuerenberg, Germany
-   Author: Thorsten Kukuk <kukuk at suse.de> */
+/* Author: Peter Vrabec <pvrabec at redhat.com> */
 
-#include <assert.h>
-#include <signal.h>
+/* because of TEMP_FAILURE_RETRY */
+#define _GNU_SOURCE
+
+#include <features.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <string.h>
 #include <unistd.h>
-#include <sys/socket.h>
-#include <sys/un.h>
+#include <spawn.h>
+#include <errno.h>
+#include <sys/wait.h>
+#include <sys/types.h>
 
-/* Version number of the daemon interface */
-#define NSCD_VERSION 2
-/* Path for the Unix domain socket.  */
-#define _PATH_NSCDSOCKET "/var/run/nscd/socket"
-#define _PATH_NSCDSOCKET_OLD "/var/run/.nscd_socket"
 
-/* Available services.  */
-typedef enum {
-	GETPWBYNAME,
-	GETPWBYUID,
-	GETGRBYNAME,
-	GETGRBYGID,
-	GETHOSTBYNAME,
-	GETHOSTBYNAMEv6,
-	GETHOSTBYADDR,
-	GETHOSTBYADDRv6,
-	LASTDBREQ = GETHOSTBYADDRv6,
-	SHUTDOWN,		/* Shut the server down.  */
-	GETSTAT,		/* Get the server statistic.  */
-	INVALIDATE,		/* Invalidate one special cache.  */
-	LASTREQ
-} request_type;
-
-/* Header common to all requests */
-typedef struct {
-	int version;		/* Version number of the daemon interface.  */
-	request_type type;	/* Service requested.  */
-#if defined(__alpha__)
-	int64_t key_len;	/* Key length is 64bit on Alpha.  */
-#else
-	int32_t key_len;	/* Key length, 32bit on most plattforms.  */
-#endif
-} request_header;
-
-/* Create a socket connected to a name.  */
-static int nscd_open_socket (void)
+/*
+ * nscd_flush_cache - flush specified service buffer in nscd cache
+ */
+int nscd_flush_cache (const char *service)
 {
-	struct sockaddr_un addr;
-	int sock;
+	pid_t pid, termpid;
+	int err, status;
+	char *spawnedArgs[] = {"/usr/sbin/nscd", "nscd", "-i", service, NULL};
+	char *spawnedEnv[] = {NULL};
 
-	sock = socket (PF_UNIX, SOCK_STREAM, 0);
-	if (sock < 0)
+	/* spawn process */
+	if( (err=posix_spawn(&pid, spawnedArgs[0], NULL, NULL,
+			     spawnedArgs, spawnedEnv)) !=0 ) 
+	{
+		fprintf(stderr, "posix_spawn() error=%d\n", err);
 		return -1;
-
-	addr.sun_family = AF_UNIX;
-	assert (sizeof (addr.sun_path) >= sizeof (_PATH_NSCDSOCKET));
-	strcpy (addr.sun_path, _PATH_NSCDSOCKET);
-	if (connect (sock, (struct sockaddr *) &addr, sizeof (addr)) < 0) {
-		addr.sun_family = AF_UNIX;
-		assert (sizeof (addr.sun_path) >=
-			sizeof (_PATH_NSCDSOCKET_OLD));
-		strcpy (addr.sun_path, _PATH_NSCDSOCKET_OLD);
-		if (connect (sock, (struct sockaddr *) &addr, sizeof (addr)) <
-		    0) {
-			close (sock);
-			return -1;
-		}
 	}
 
-	return sock;
-}
-
-/*
- * nscd_flush_cache - flush specyfied service bufor in nscd cache
- */
-int nscd_flush_cache (char *service)
-{
-	int sock = nscd_open_socket ();
-	request_header req;
-	struct iovec iov[2];
-	ssize_t nbytes;
-
-	if (sock == -1)
+	/* Wait for the spawned process to exit */	
+	termpid = TEMP_FAILURE_RETRY (waitpid (pid, &status, 0));
+	if (termpid == -1)
+	{
+		perror("waitpid");
 		return -1;
+	}
+	else if (termpid != pid)
+	{
+		fprintf(stderr, "waitpid returned %ld != %ld\n",
+			 (long int) termpid, (long int) pid);
+		return -1;
+	}
 
-	req.version = NSCD_VERSION;
-	req.type = INVALIDATE;
-	req.key_len = strlen (service) + 1;
-
-	iov[0].iov_base = &req;
-	iov[0].iov_len = sizeof (req);
-	iov[1].iov_base = service;
-	iov[1].iov_len = req.key_len;
-
-	nbytes = writev (sock, iov, 2);
-
-	close (sock);
-	return (nbytes != iov[0].iov_len + iov[1].iov_len ? (-1) : 0);
+	return 0;
 }
+

Modified: upstream/trunk/lib/nscd.h
===================================================================
--- upstream/trunk/lib/nscd.h	2007-11-17 13:48:56 UTC (rev 1358)
+++ upstream/trunk/lib/nscd.h	2007-11-17 14:04:05 UTC (rev 1359)
@@ -1,11 +1,8 @@
-/* Copyright (c) 1999 SuSE GmbH Nuerenberg, Germany
-   Author: Thorsten Kukuk <kukuk at suse.de> */
+#ifndef _NSCD_H_
+#define _NSCD_H_
 
-#ifndef _FAILURE_H_
-#define _FAILURE_H_
-
 /*
- * nscd_flush_cache - flush specyfied service bufor in nscd cache
+ * nscd_flush_cache - flush specified service buffer in nscd cache
  */
 extern int nscd_flush_cache (char *service);

More information about the Pkg-shadow-commits mailing list