Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv963
Modified Files: Tag: Directory71RtmBranch log.c main.c util.c proto-slap.h Log Message: [173687] deadlock caused by error log rotation and logging Modified to change the owner to the "localuser" if the error log file is not owned by the user.
Index: log.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.c,v retrieving revision 1.6 retrieving revision 1.6.2.1 diff -u -r1.6 -r1.6.2.1 --- log.c 19 Apr 2005 22:07:36 -0000 1.6 +++ log.c 23 Nov 2005 01:22:16 -0000 1.6.2.1 @@ -48,6 +48,7 @@
#include "log.h" #include "fe.h" +#include <pwd.h> /* getpwnam */
#if defined( XP_WIN32 ) #include <fcntl.h> @@ -3225,6 +3226,17 @@ char tbuf[TBUFSIZE]; struct logfileinfo *logp; char buffer[BUFSIZ]; + struct passwd *pw = NULL; + + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + + if ( slapdFrontendConfig->localuser != NULL ) { + if ( (pw = getpwnam( slapdFrontendConfig->localuser )) == NULL ) + return LOG_UNABLE_TO_OPENFILE; + } + else { + return LOG_UNABLE_TO_OPENFILE; + }
if (!locked) LOG_ERROR_LOCK_WRITE( );
@@ -3287,6 +3299,12 @@ return LOG_UNABLE_TO_OPENFILE; }
+ /* make sure the logfile is owned by the localuser. If one of the + * alternate ns-slapd modes, such as db2bak, tries to log an error + * at startup, it will create the logfile as root! + */ + slapd_chown_if_not_owner(loginfo.log_error_file, pw->pw_uid, -1); + loginfo.log_error_fdes = fp; if (logfile_state == LOGFILE_REOPENED) { /* we have all the information */
Index: main.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/main.c,v retrieving revision 1.7 retrieving revision 1.7.2.1 diff -u -r1.7 -r1.7.2.1 --- main.c 19 Apr 2005 22:07:36 -0000 1.7 +++ main.c 23 Nov 2005 01:22:16 -0000 1.7.2.1 @@ -207,32 +207,6 @@
#ifndef WIN32
-/* Changes the ownership of the given file/directory iff not - already the owner - Returns 0 upon success or non-zero otherwise, usually -1 if - some system error occurred -*/ -static int -chown_if_not_owner(const char *filename, uid_t uid, gid_t gid) -{ - struct stat statbuf; - int result = 1; - if (!filename) - return result; - - memset(&statbuf, '\0', sizeof(statbuf)); - if (!(result = stat(filename, &statbuf))) - { - if (((uid != -1) && (uid != statbuf.st_uid)) || - ((gid != -1) && (gid != statbuf.st_gid))) - { - result = chown(filename, uid, gid); - } - } - - return result; -} - /* Four cases: - change ownership of all files in directory (strip_fn=PR_FALSE) @@ -258,7 +232,7 @@ if((ptr=strrchr(log,'/'))==NULL) { LDAPDebug(LDAP_DEBUG_ANY, "Caution changing ownership of ./%s \n",name,0,0); - chown_if_not_owner(log, pw->pw_uid, -1 ); + slapd_chown_if_not_owner(log, pw->pw_uid, -1 ); rc=1; } else if(log==ptr) { LDAPDebug(LDAP_DEBUG_ANY, "Caution changing ownership of / directory and its contents to %s\n",pw->pw_name,0,0); @@ -273,7 +247,7 @@ while( (entry = PR_ReadDir(dir , PR_SKIP_BOTH )) !=NULL ) { PR_snprintf(file,MAXPATHLEN+1,"%s/%s",log,entry->name); - chown_if_not_owner( file, pw->pw_uid, -1 ); + slapd_chown_if_not_owner( file, pw->pw_uid, -1 ); } PR_CloseDir( dir ); } @@ -302,7 +276,7 @@ }
/* The instance directory needs to be owned by the local user */ - chown_if_not_owner( slapdFrontendConfig->instancedir, pw->pw_uid, -1 ); + slapd_chown_if_not_owner( slapdFrontendConfig->instancedir, pw->pw_uid, -1 ); PR_snprintf(dirname,sizeof(dirname),"%s/config",slapdFrontendConfig->instancedir); chown_dir_files(dirname, pw, PR_FALSE); /* config directory */ chown_dir_files(slapdFrontendConfig->accesslog, pw, PR_TRUE); /* do access log directory */
Index: util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/util.c,v retrieving revision 1.6 retrieving revision 1.6.2.1 diff -u -r1.6 -r1.6.2.1 --- util.c 19 Apr 2005 22:07:37 -0000 1.6 +++ util.c 23 Nov 2005 01:22:16 -0000 1.6.2.1 @@ -631,3 +631,30 @@ return( rc ); } /*****************************************************************************/ + +/* Changes the ownership of the given file/directory if not + already the owner + Returns 0 upon success or non-zero otherwise, usually -1 if + some system error occurred +*/ +int +slapd_chown_if_not_owner(const char *filename, uid_t uid, gid_t gid) +{ + struct stat statbuf; + int result = 1; + if (!filename) + return result; + + memset(&statbuf, '\0', sizeof(statbuf)); + if (!(result = stat(filename, &statbuf))) + { + if (((uid != -1) && (uid != statbuf.st_uid)) || + ((gid != -1) && (gid != statbuf.st_gid))) + { + result = chown(filename, uid, gid); + } + } + + return result; +} +
Index: proto-slap.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/proto-slap.h,v retrieving revision 1.10.2.1 retrieving revision 1.10.2.2 diff -u -r1.10.2.1 -r1.10.2.2 --- proto-slap.h 25 Aug 2005 18:25:08 -0000 1.10.2.1 +++ proto-slap.h 23 Nov 2005 01:22:16 -0000 1.10.2.2 @@ -588,6 +588,7 @@ */ void slapd_nasty(char* str, int c, int err); int strarray2str( char **a, char *buf, size_t buflen, int include_quotes ); +int slapd_slapd_chown_if_not_owner(const char *filename, uid_t uid, gid_t gid);
/* * modify.c