diff --git a/meson.build b/meson.build index 7f3ebc9fcbd..8db73ec996c 100644 --- a/meson.build +++ b/meson.build @@ -1644,7 +1644,6 @@ foreach term : ['analyze', 'machined', 'mountfsd', 'networkd', - 'nscd', 'nsresourced', 'nss-myhostname', 'nss-systemd', @@ -3055,7 +3054,6 @@ foreach tuple : [ ['dmi'], ['idn'], ['polkit'], - ['nscd'], ['legacy-pkla', install_polkit_pkla], ['kmod'], ['xenctrl'], diff --git a/meson_options.txt b/meson_options.txt index d52ca4e4b56..7e65f65afca 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -56,7 +56,7 @@ option('initrd', type : 'boolean', option('compat-mutable-uid-boundaries', type : 'boolean', value : false, description : 'look at uid boundaries in /etc/login.defs for compatibility') option('nscd', type : 'boolean', - description : 'build support for flushing of the nscd caches') + description : 'This option is deprecated and will be removed in a future release') option('quotaon-path', type : 'string', description : 'path to quotaon') option('quotacheck-path', type : 'string', description : 'path to quotacheck') diff --git a/src/core/dynamic-user.c b/src/core/dynamic-user.c index 11de2ba82b1..acfa1f52afb 100644 --- a/src/core/dynamic-user.c +++ b/src/core/dynamic-user.c @@ -12,7 +12,6 @@ #include "fs-util.h" #include "iovec-util.h" #include "lock-util.h" -#include "nscd-flush.h" #include "parse-util.h" #include "random-util.h" #include "serialize.h" @@ -378,7 +377,6 @@ static int dynamic_user_realize( _cleanup_close_ int etc_passwd_lock_fd = -EBADF; uid_t num = UID_INVALID; /* a uid if is_user, and a gid otherwise */ gid_t gid = GID_INVALID; /* a gid if is_user, ignored otherwise */ - bool flush_cache = false; int r; assert(d); @@ -411,9 +409,9 @@ static int dynamic_user_realize( /* Let's see if a proper, static user or group by this name exists. Try to take the lock on * /etc/passwd, if that fails with EROFS then /etc is read-only. In that case it's fine if we don't * take the lock, given that users can't be added there anyway in this case. */ - etc_passwd_lock_fd = take_etc_passwd_lock(NULL); - if (etc_passwd_lock_fd < 0 && etc_passwd_lock_fd != -EROFS) - return etc_passwd_lock_fd; + r = etc_passwd_lock_fd = take_etc_passwd_lock(NULL); + if (r < 0 && r != -EROFS) + return r; /* First, let's parse this as numeric UID */ r = parse_uid(d->name, &num); @@ -465,12 +463,9 @@ static int dynamic_user_realize( unlink_uid_lock(uid_lock_fd, num, d->name); return r; } - - /* Great! Nothing is stored here, still. Store our newly acquired data. */ - flush_cache = true; } else { - /* Hmm, so as it appears there's now something stored in the storage socket. Throw away what we - * acquired, and use what's stored now. */ + /* Hmm, so as it appears there's now something stored in the storage socket. + * Throw away what we acquired, and use what's stored now. */ unlink_uid_lock(uid_lock_fd, num, d->name); safe_close(uid_lock_fd); @@ -496,14 +491,6 @@ static int dynamic_user_realize( if (r < 0) return r; - if (flush_cache) { - /* If we allocated a new dynamic UID, refresh nscd, so that it forgets about potentially cached - * negative entries. But let's do so after we release the /etc/passwd lock, so that there's no - * potential for nscd wanting to lock that for completing the invalidation. */ - etc_passwd_lock_fd = safe_close(etc_passwd_lock_fd); - (void) nscd_flush_cache(STRV_MAKE("passwd", "group")); - } - if (is_user) { *ret_uid = num; *ret_gid = gid != GID_INVALID ? gid : num; @@ -581,7 +568,6 @@ static int dynamic_user_close(DynamicUser *d) { /* This dynamic user was realized and dynamically allocated. In this case, let's remove the lock file. */ unlink_uid_lock(lock_fd, uid, d->name); - (void) nscd_flush_cache(STRV_MAKE("passwd", "group")); return 1; } diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c index a0bf1bfdc89..1adbb8eece2 100644 --- a/src/hostname/hostnamed.c +++ b/src/hostname/hostnamed.c @@ -27,7 +27,6 @@ #include "json-util.h" #include "main-func.h" #include "missing_capability.h" -#include "nscd-flush.h" #include "nulstr-util.h" #include "os-util.h" #include "parse-util.h" @@ -583,8 +582,6 @@ static int context_update_kernel_hostname( r = 1; } - (void) nscd_flush_cache(STRV_MAKE("hosts")); - if (r == 0) log_debug("Hostname was already set to <%s>.", hn); else { diff --git a/src/machine/machine.c b/src/machine/machine.c index a12ea7c16bb..518eabed107 100644 --- a/src/machine/machine.c +++ b/src/machine/machine.c @@ -547,7 +547,6 @@ int machine_start(Machine *m, sd_bus_message *properties, sd_bus_error *error) { machine_save(m); machine_send_signal(m, true); - (void) manager_enqueue_nscd_cache_flush(m->manager); return 0; } @@ -574,7 +573,6 @@ int machine_stop(Machine *m) { m->stopping = true; machine_save(m); - (void) manager_enqueue_nscd_cache_flush(m->manager); return 0; } diff --git a/src/machine/machined-core.c b/src/machine/machined-core.c index a7e1853b535..e3072a5503f 100644 --- a/src/machine/machined-core.c +++ b/src/machine/machined-core.c @@ -1,43 +1,9 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #include "machined.h" -#include "nscd-flush.h" #include "strv.h" #include "user-util.h" -#if ENABLE_NSCD -static int on_nscd_cache_flush_event(sd_event_source *s, void *userdata) { - /* Let's ask glibc's nscd daemon to flush its caches. We request this for the three database machines may show - * up in: the hosts database (for resolvable machine names) and the user and group databases (for the user ns - * ranges). */ - - (void) nscd_flush_cache(STRV_MAKE("passwd", "group", "hosts")); - return 0; -} - -int manager_enqueue_nscd_cache_flush(Manager *m) { - int r; - - assert(m); - - if (!m->nscd_cache_flush_event) { - r = sd_event_add_defer(m->event, &m->nscd_cache_flush_event, on_nscd_cache_flush_event, m); - if (r < 0) - return log_error_errno(r, "Failed to allocate NSCD cache flush event: %m"); - - sd_event_source_set_description(m->nscd_cache_flush_event, "nscd-cache-flush"); - } - - r = sd_event_source_set_enabled(m->nscd_cache_flush_event, SD_EVENT_ONESHOT); - if (r < 0) { - m->nscd_cache_flush_event = sd_event_source_unref(m->nscd_cache_flush_event); - return log_error_errno(r, "Failed to enable NSCD cache flush event: %m"); - } - - return 0; -} -#endif - int manager_find_machine_for_uid(Manager *m, uid_t uid, Machine **ret_machine, uid_t *ret_internal_uid) { Machine *machine; int r; diff --git a/src/machine/machined.c b/src/machine/machined.c index 4f2ca626e20..80621058a51 100644 --- a/src/machine/machined.c +++ b/src/machine/machined.c @@ -93,9 +93,6 @@ static Manager* manager_unref(Manager *m) { hashmap_free(m->image_cache); sd_event_source_unref(m->image_cache_defer_event); -#if ENABLE_NSCD - sd_event_source_unref(m->nscd_cache_flush_event); -#endif sd_event_source_disable_unref(m->deferred_gc_event_source); diff --git a/src/machine/machined.h b/src/machine/machined.h index 4c22382f2ad..9dbb76e8b62 100644 --- a/src/machine/machined.h +++ b/src/machine/machined.h @@ -38,10 +38,6 @@ struct Manager { LIST_HEAD(Operation, operations); unsigned n_operations; -#if ENABLE_NSCD - sd_event_source *nscd_cache_flush_event; -#endif - VarlinkServer *varlink_userdb_server; VarlinkServer *varlink_machine_server; }; @@ -62,12 +58,6 @@ int manager_unref_unit(Manager *m, const char *unit, sd_bus_error *error); int manager_unit_is_active(Manager *manager, const char *unit); int manager_job_is_active(Manager *manager, const char *path); -#if ENABLE_NSCD -int manager_enqueue_nscd_cache_flush(Manager *m); -#else -static inline void manager_enqueue_nscd_cache_flush(Manager *m) {} -#endif - int manager_find_machine_for_uid(Manager *m, uid_t host_uid, Machine **ret_machine, uid_t *ret_internal_uid); int manager_find_machine_for_gid(Manager *m, gid_t host_gid, Machine **ret_machine, gid_t *ret_internal_gid); diff --git a/src/shared/meson.build b/src/shared/meson.build index eac5b83972e..b7ae5959e83 100644 --- a/src/shared/meson.build +++ b/src/shared/meson.build @@ -247,10 +247,6 @@ if conf.get('HAVE_PAM') == 1 shared_sources += files('pam-util.c') endif -if conf.get('ENABLE_NSCD') == 1 - shared_sources += files('nscd-flush.c') -endif - if conf.get('HAVE_LIBFIDO2') == 1 and conf.get('HAVE_LIBCRYPTSETUP') == 1 shared_sources += files('cryptsetup-fido2.c') endif diff --git a/src/shared/nscd-flush.c b/src/shared/nscd-flush.c deleted file mode 100644 index 3d47ae36554..00000000000 --- a/src/shared/nscd-flush.c +++ /dev/null @@ -1,142 +0,0 @@ -/* SPDX-License-Identifier: LGPL-2.1-or-later */ - -#include -#include - -#include "fd-util.h" -#include "io-util.h" -#include "nscd-flush.h" -#include "socket-util.h" -#include "strv.h" -#include "time-util.h" - -#define NSCD_FLUSH_CACHE_TIMEOUT_USEC (5*USEC_PER_SEC) - -struct nscdInvalidateRequest { - int32_t version; - int32_t type; /* in glibc this is an enum. We don't replicate this here 1:1. Also, wtf, how unportable is that - * even? */ - int32_t key_len; - char dbname[]; -}; - -static int nscd_flush_cache_one(const char *database, usec_t end) { - size_t req_size, has_written = 0, has_read = 0, l; - struct nscdInvalidateRequest *req; - _cleanup_close_ int fd = -EBADF; - int32_t resp; - int events, r; - - assert(database); - - l = strlen(database); - req_size = offsetof(struct nscdInvalidateRequest, dbname) + l + 1; - - req = alloca_safe(req_size); - *req = (struct nscdInvalidateRequest) { - .version = 2, - .type = 10, - .key_len = l + 1, - }; - - strcpy(req->dbname, database); - - fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0); - if (fd < 0) - return log_debug_errno(errno, "Failed to allocate nscd socket: %m"); - - /* Note: connect() returns EINPROGRESS if O_NONBLOCK is set and establishing a connection takes time. The - * kernel lets us know this way that the connection is now being established, and we should watch with poll() - * to learn when it is fully established. That said, AF_UNIX on Linux never triggers this IRL (connect() is - * always instant on AF_UNIX), hence handling this is mostly just an exercise in defensive, protocol-agnostic - * programming. - * - * connect() returns EAGAIN if the socket's backlog limit has been reached. When we see this we give up right - * away, after all this entire function here is written in a defensive style so that a non-responding nscd - * doesn't stall us for good. (Even if we wanted to handle this better: the Linux kernel doesn't really have a - * nice way to connect() to a server synchronously with a time limit that would also cover dealing with the - * backlog limit. After all SO_RCVTIMEO and SR_SNDTIMEO don't apply to connect(), and alarm() is frickin' ugly - * and not really reasonably usable from threads-aware code.) */ - r = connect_unix_path(fd, AT_FDCWD, "/run/nscd/socket"); - if (r < 0) { - if (r == -EAGAIN) - return log_debug_errno(r, "nscd is overloaded (backlog limit reached) and refuses to take further connections: %m"); - if (r != -EINPROGRESS) - return log_debug_errno(r, "Failed to connect to nscd socket: %m"); - - /* Continue in case of EINPROGRESS, but don't bother with send() or recv() until being notified that - * establishing the connection is complete. */ - events = 0; - } else - events = POLLIN|POLLOUT; /* Let's assume initially that we can write and read to the fd, to suppress - * one poll() invocation */ - for (;;) { - usec_t p; - - if (events & POLLOUT) { - ssize_t m; - - assert(has_written < req_size); - - m = send(fd, (uint8_t*) req + has_written, req_size - has_written, MSG_NOSIGNAL); - if (m < 0) { - if (errno != EAGAIN) /* Note that EAGAIN is returned by the kernel whenever it can't - * take the data right now, and that includes if the connect() is - * asynchronous and we saw EINPROGRESS on it, and it hasn't - * completed yet. */ - return log_debug_errno(errno, "Failed to write to nscd socket: %m"); - } else - has_written += m; - } - - if (events & (POLLIN|POLLERR|POLLHUP)) { - ssize_t m; - - if (has_read >= sizeof(resp)) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Response from nscd longer than expected."); - - m = recv(fd, (uint8_t*) &resp + has_read, sizeof(resp) - has_read, 0); - if (m < 0) { - if (errno != EAGAIN) - return log_debug_errno(errno, "Failed to read from nscd socket: %m"); - } else if (m == 0) { /* EOF */ - if (has_read == 0 && has_written >= req_size) /* Older nscd immediately terminated the - * connection, accept that as OK */ - return 1; - - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "nscd prematurely ended connection."); - } else - has_read += m; - } - - if (has_written >= req_size && has_read >= sizeof(resp)) { /* done? */ - if (resp < 0) - return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "nscd sent us a negative error number: %i", resp); - if (resp > 0) - return log_debug_errno(resp, "nscd return failure code on invalidating '%s'.", database); - return 1; - } - - p = now(CLOCK_MONOTONIC); - if (p >= end) - return -ETIMEDOUT; - - events = fd_wait_for_event(fd, POLLIN | (has_written < req_size ? POLLOUT : 0), end - p); - if (events < 0) - return events; - } -} - -int nscd_flush_cache(char **databases) { - int r = 0; - - /* Tries to invalidate the specified database in nscd. We do this carefully, with a 5s timeout, - * so that we don't block indefinitely on another service. */ - - usec_t end = usec_add(now(CLOCK_MONOTONIC), NSCD_FLUSH_CACHE_TIMEOUT_USEC); - - STRV_FOREACH(i, databases) - RET_GATHER(r, nscd_flush_cache_one(*i, end)); - - return r; -} diff --git a/src/shared/nscd-flush.h b/src/shared/nscd-flush.h deleted file mode 100644 index dac223e658b..00000000000 --- a/src/shared/nscd-flush.h +++ /dev/null @@ -1,8 +0,0 @@ -/* SPDX-License-Identifier: LGPL-2.1-or-later */ -#pragma once - -#if ENABLE_NSCD -int nscd_flush_cache(char **databases); -#else -static inline void nscd_flush_cache(char **databases) {} -#endif diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c index 9471c1843e1..b3fde5097e3 100644 --- a/src/sysusers/sysusers.c +++ b/src/sysusers/sysusers.c @@ -21,7 +21,6 @@ #include "main-func.h" #include "memory-util.h" #include "mount-util.h" -#include "nscd-flush.h" #include "pager.h" #include "parse-argument.h" #include "path-util.h" @@ -970,9 +969,6 @@ static int write_files(Context *c) { return log_error_errno(r, "Failed to rename %s to %s: %m", group_tmp, group_path); group_tmp = mfree(group_tmp); - - if (!arg_root && !arg_image) - (void) nscd_flush_cache(STRV_MAKE("group")); } if (gshadow) { r = rename_and_apply_smack_floor_label(gshadow_tmp, gshadow_path); @@ -990,9 +986,6 @@ static int write_files(Context *c) { passwd_tmp, passwd_path); passwd_tmp = mfree(passwd_tmp); - - if (!arg_root && !arg_image) - (void) nscd_flush_cache(STRV_MAKE("passwd")); } if (shadow) { r = rename_and_apply_smack_floor_label(shadow_tmp, shadow_path); diff --git a/src/test/meson.build b/src/test/meson.build index 217f38bb058..8b2b8b98da8 100644 --- a/src/test/meson.build +++ b/src/test/meson.build @@ -345,11 +345,6 @@ executables += [ 'sources' : files('test-nft-set.c'), 'type' : 'manual', }, - test_template + { - 'sources' : files('test-nscd-flush.c'), - 'conditions' : ['ENABLE_NSCD'], - 'type' : 'manual', - }, test_template + { 'sources' : files( 'test-nss-hosts.c', diff --git a/src/test/test-nscd-flush.c b/src/test/test-nscd-flush.c deleted file mode 100644 index 1a5a8082f3c..00000000000 --- a/src/test/test-nscd-flush.c +++ /dev/null @@ -1,20 +0,0 @@ -/* SPDX-License-Identifier: LGPL-2.1-or-later */ - -#include "main-func.h" -#include "nscd-flush.h" -#include "strv.h" -#include "tests.h" - -static int run(int argc, char *argv[]) { - int r; - - test_setup_logging(LOG_DEBUG); - - r = nscd_flush_cache(STRV_MAKE("group", "passwd", "hosts")); - if (r < 0) - return log_error_errno(r, "Failed to flush NSCD cache"); - - return 0; -} - -DEFINE_MAIN_FUNCTION(run);