glibc/nscd/nscd_stat.c
Ulrich Drepper 74a30a5851 Update.
2004-09-16  Ulrich Drepper  <drepper@redhat.com>

	* configure.in: Add test for required SELinux features.
	* config.make.in: Add have-selinux entry.
	* config.h.in: Add HAVE_SELINUX entry.
	* nscd/Makefile (nscd-modules): Add selinux.
	(CFLAGS-selinux.c): Add -fpie.
	Define selinux-LIBS and use in link line.
	* nscd/connections.c (handle_request): Check access SELinux permissions
	before processing request.
	* nscd/nscd.c (main): Initialize selinux_enabled and stop avc thread.
	* nscd/nscd_stat.c: Transmit and print AVC statistics.
	* nscd/selinux.c: New file.
	* nscd/selinux.h: New file.

2004-09-16  Jakub Jelinek  <jakub@redhat.com>

	* nscd/nscd_helper.c (__nscd_unmap, get_mapping): Use __munmap
	instead of munmap.

	* nscd/Makefile (CFLAGS-aicache.c): Set to -fpie.

2004-09-16  Thorsten Kukuk  <kukuk@suse.de>

	* sysdeps/posix/getaddrinfo.c (gaih_inet): Check
	__nss_not_use_nscd_hosts variable if nscd should be used or not.

2004-09-16  Ulrich Drepper  <drepper@redhat.com>

	* nscd/nscd_proto.h: Define NSS_NSCD_RETRY.
	Add __nscd_getai prototype.
	* nss/getXXbyYY_r.c: Remode definition of NSS_NSCD_RETRY.
	* nscd/nscd-client.h: Remove __nscd_getai prototype.
	* nscd/nscd_getai.c: Include nscd_proto.h.

	* elf/ldd.bash.in: Add support for SELinux environments.
	Patch by Stephen Smalley <sds@epoch.ncsc.mil>.
2004-09-17 00:04:18 +00:00

298 lines
8.8 KiB
C

/* Copyright (c) 1998, 2003, 2004 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1998.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, write to the Free
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA. */
#include <errno.h>
#include <error.h>
#include <inttypes.h>
#include <langinfo.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <libintl.h>
#include "nscd.h"
#include "dbg_log.h"
#include "selinux.h"
#ifdef HAVE_SELINUX
# include <selinux/selinux.h>
# include <selinux/avc.h>
#endif /* HAVE_SELINUX */
/* We use this to make sure the receiver is the same. */
static const char compilation[21] = __DATE__ " " __TIME__;
/* Statistic data for one database. */
struct dbstat
{
int enabled;
int check_file;
int shared;
int persistent;
size_t module;
unsigned long int postimeout;
unsigned long int negtimeout;
size_t nentries;
size_t maxnentries;
size_t maxnsearched;
size_t datasize;
size_t dataused;
uintmax_t poshit;
uintmax_t neghit;
uintmax_t posmiss;
uintmax_t negmiss;
uintmax_t rdlockdelayed;
uintmax_t wrlockdelayed;
uintmax_t addfailed;
};
/* Record for transmitting statistics. */
struct statdata
{
char version[sizeof (compilation)];
int debug_level;
time_t runtime;
unsigned long int client_queued;
int ndbs;
struct dbstat dbs[lastdb];
#ifdef HAVE_SELINUX
struct avc_cache_stats cstats;
#endif /* HAVE_SELINUX */
};
void
send_stats (int fd, struct database_dyn dbs[lastdb])
{
struct statdata data;
int cnt;
memcpy (data.version, compilation, sizeof (compilation));
data.debug_level = debug_level;
data.runtime = time (NULL) - start_time;
data.client_queued = client_queued;
data.ndbs = lastdb;
for (cnt = 0; cnt < lastdb; ++cnt)
{
memset (&data.dbs[cnt], 0, sizeof (data.dbs[cnt]));
data.dbs[cnt].enabled = dbs[cnt].enabled;
data.dbs[cnt].check_file = dbs[cnt].check_file;
data.dbs[cnt].shared = dbs[cnt].shared;
data.dbs[cnt].persistent = dbs[cnt].persistent;
data.dbs[cnt].postimeout = dbs[cnt].postimeout;
data.dbs[cnt].negtimeout = dbs[cnt].negtimeout;
if (dbs[cnt].head != NULL)
{
data.dbs[cnt].module = dbs[cnt].head->module;
data.dbs[cnt].poshit = dbs[cnt].head->poshit;
data.dbs[cnt].neghit = dbs[cnt].head->neghit;
data.dbs[cnt].posmiss = dbs[cnt].head->posmiss;
data.dbs[cnt].negmiss = dbs[cnt].head->negmiss;
data.dbs[cnt].nentries = dbs[cnt].head->nentries;
data.dbs[cnt].maxnentries = dbs[cnt].head->maxnentries;
data.dbs[cnt].datasize = dbs[cnt].head->data_size;
data.dbs[cnt].dataused = dbs[cnt].head->first_free;
data.dbs[cnt].maxnsearched = dbs[cnt].head->maxnsearched;
data.dbs[cnt].rdlockdelayed = dbs[cnt].head->rdlockdelayed;
data.dbs[cnt].wrlockdelayed = dbs[cnt].head->wrlockdelayed;
data.dbs[cnt].addfailed = dbs[cnt].head->addfailed;
}
}
if (selinux_enabled)
nscd_avc_cache_stats (&data.cstats);
if (TEMP_FAILURE_RETRY (write (fd, &data, sizeof (data))) != sizeof (data))
{
char buf[256];
dbg_log (_("cannot write statistics: %s"),
strerror_r (errno, buf, sizeof (buf)));
}
}
int
receive_print_stats (void)
{
struct statdata data;
request_header req;
ssize_t nbytes;
int fd;
int i;
uid_t uid = getuid ();
/* Find out whether there is another user but root allowed to
request statistics. */
if (uid != 0)
{
/* User specified? */
if(stat_user == NULL || stat_uid != uid)
{
if (stat_user != NULL)
error (EXIT_FAILURE, 0,
_("Only root or %s is allowed to use this option!"),
stat_user);
else
error (EXIT_FAILURE, 0,
_("Only root is allowed to use this option!"));
}
}
/* Open a socket to the running nscd. */
fd = nscd_open_socket ();
if (fd == -1)
error (EXIT_FAILURE, 0, _("nscd not running!\n"));
/* Send the request. */
req.version = NSCD_VERSION;
req.type = GETSTAT;
req.key_len = 0;
nbytes = TEMP_FAILURE_RETRY (write (fd, &req, sizeof (request_header)));
if (nbytes != sizeof (request_header))
{
int err = errno;
close (fd);
error (EXIT_FAILURE, err, _("write incomplete"));
}
/* Read as much data as we expect. */
if (TEMP_FAILURE_RETRY (read (fd, &data, sizeof (data))) != sizeof (data)
|| (memcmp (data.version, compilation, sizeof (compilation)) != 0
/* Yes, this is an assignment! */
&& (errno = EINVAL)))
{
/* Not the right version. */
int err = errno;
close (fd);
error (EXIT_FAILURE, err, _("cannot read statistics data"));
}
printf (_("nscd configuration:\n\n%15d server debug level\n"),
data.debug_level);
/* We know that we can simply subtract time_t values. */
unsigned long int diff = data.runtime;
unsigned int ndays = 0;
unsigned int nhours = 0;
unsigned int nmins = 0;
if (diff > 24 * 60 * 60)
{
ndays = diff / (24 * 60 * 60);
diff %= 24 * 60 * 60;
}
if (diff > 60 * 60)
{
nhours = diff / (60 * 60);
diff %= 60 * 60;
}
if (diff > 60)
{
nmins = diff / 60;
diff %= 60;
}
if (ndays != 0)
printf (_("%3ud %2uh %2um %2lus server runtime\n"),
ndays, nhours, nmins, diff);
else if (nhours != 0)
printf (_(" %2uh %2um %2lus server runtime\n"), nhours, nmins, diff);
else if (nmins != 0)
printf (_(" %2um %2lus server runtime\n"), nmins, diff);
else
printf (_(" %2lus server runtime\n"), diff);
printf (_("%15lu number of times clients had to wait\n"),
data.client_queued);
for (i = 0; i < lastdb; ++i)
{
unsigned long int hit = data.dbs[i].poshit + data.dbs[i].neghit;
unsigned long int all = hit + data.dbs[i].posmiss + data.dbs[i].negmiss;
const char *enabled = nl_langinfo (data.dbs[i].enabled ? YESSTR : NOSTR);
const char *check_file = nl_langinfo (data.dbs[i].check_file
? YESSTR : NOSTR);
const char *shared = nl_langinfo (data.dbs[i].shared ? YESSTR : NOSTR);
const char *persistent = nl_langinfo (data.dbs[i].persistent
? YESSTR : NOSTR);
if (enabled[0] == '\0')
/* The locale does not provide this information so we have to
translate it ourself. Since we should avoid short translation
terms we artifically increase the length. */
enabled = data.dbs[i].enabled ? _(" yes") : _(" no");
if (check_file[0] == '\0')
check_file = data.dbs[i].check_file ? _(" yes") : _(" no");
if (shared[0] == '\0')
shared = data.dbs[i].shared ? _(" yes") : _(" no");
if (persistent[0] == '\0')
persistent = data.dbs[i].persistent ? _(" yes") : _(" no");
if (all == 0)
/* If nothing happened so far report a 0% hit rate. */
all = 1;
printf (_("\n%s cache:\n\n"
"%15s cache is enabled\n"
"%15s cache is persistent\n"
"%15s cache is shared\n"
"%15zu suggested size\n"
"%15zu total data pool size\n"
"%15zu used data pool size\n"
"%15lu seconds time to live for positive entries\n"
"%15lu seconds time to live for negative entries\n"
"%15" PRIuMAX " cache hits on positive entries\n"
"%15" PRIuMAX " cache hits on negative entries\n"
"%15" PRIuMAX " cache misses on positive entries\n"
"%15" PRIuMAX " cache misses on negative entries\n"
"%15lu%% cache hit rate\n"
"%15zu current number of cached values\n"
"%15zu maximum number of cached values\n"
"%15zu maximum chain length searched\n"
"%15" PRIuMAX " number of delays on rdlock\n"
"%15" PRIuMAX " number of delays on wrlock\n"
"%15" PRIuMAX " memory allocations failed\n"
"%15s check /etc/%s for changes\n"),
dbnames[i], enabled, persistent, shared,
data.dbs[i].module,
data.dbs[i].datasize, data.dbs[i].dataused,
data.dbs[i].postimeout, data.dbs[i].negtimeout,
data.dbs[i].poshit, data.dbs[i].neghit,
data.dbs[i].posmiss, data.dbs[i].negmiss,
(100 * hit) / all,
data.dbs[i].nentries, data.dbs[i].maxnentries,
data.dbs[i].maxnsearched,
data.dbs[i].rdlockdelayed,
data.dbs[i].wrlockdelayed,
data.dbs[i].addfailed, check_file, dbnames[i]);
}
if (selinux_enabled)
nscd_avc_print_stats (&data.cstats);
close (fd);
exit (0);
}