[Fedora-directory-commits] ldapserver/ldap/servers/slapd main.c, 1.8, 1.9
Richard Allen Megginson (rmeggins)
fedora-directory-commits at redhat.com
Fri Nov 18 21:10:05 UTC 2005
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3602/ldapserver/ldap/servers/slapd
Modified Files:
main.c
Log Message:
Move NSS/SSL initialization after the setuid so that key/cert/other nss
related files are owned by the correct user, but make that happen before
the detach so we can ask for the pin on the terminal.
Index: main.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/main.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- main.c 17 Nov 2005 17:41:11 -0000 1.8
+++ main.c 18 Nov 2005 21:09:46 -0000 1.9
@@ -645,7 +645,7 @@
{
int return_value = 0;
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
- daemon_ports_t arg = {0};
+ daemon_ports_t ports_info = {0};
Slapi_Backend *be = NULL;
int init_ssl;
#ifndef __LP64__
@@ -882,54 +882,6 @@
#endif
/*
- * Detach ourselves from the terminal (unless running in debug mode).
- * We must detach before we start any threads since detach forks() on
- * UNIX.
- */
- detach();
-
- /*
- * Now write our PID to the startup PID file.
- * This is used by the start up script to determine our PID quickly
- * after we fork, without needing to wait for the 'real' pid file to be
- * written. That could take minutes. And the start script will wait
- * that long looking for it. With this new 'early pid' file, it can avoid
- * doing that, by detecting the pid and watching for the process exiting.
- * This removes the blank stares all round from start-slapd when the server
- * fails to start for some reason
- */
- write_start_pid_file();
-
- /* Make sure we aren't going to run slapd in
- * a mode that is going to conflict with other
- * slapd processes that are currently running
- */
- if ((slapd_exemode != SLAPD_EXEMODE_REFERRAL) &&
- ( add_new_slapd_process(slapd_exemode, db2ldif_dump_replica,
- skip_db_protect_check) == -1 )) {
- LDAPDebug( LDAP_DEBUG_ANY,
- "Shutting down due to possible conflicts with other slapd processes\n",
- 0, 0, 0 );
- exit(1);
- }
-
-
- /*
- * Now it is safe to log our first startup message. If we were to
- * log anything earlier than now it would appear on the admin startup
- * screen twice because before we detach everything is sent to both
- * stderr and our error log. Yuck.
- */
- if (1) {
- char *versionstring = config_get_versionstring();
- char *buildnum = config_get_buildnum();
- LDAPDebug( LDAP_DEBUG_ANY, "%s B%s starting up\n",
- versionstring, buildnum, 0 );
- slapi_ch_free((void **)&buildnum);
- slapi_ch_free((void **)&versionstring);
- }
-
- /*
* After we read the config file we should make
* sure that everything we needed to read in has
* been read in and we'll start whatever threads,
@@ -946,19 +898,19 @@
*/
{
- arg.n_port = (unsigned short)n_port;
+ ports_info.n_port = (unsigned short)n_port;
if ( slapd_listenhost2addr( config_get_listenhost(),
- &arg.n_listenaddr ) != 0 ) {
+ &ports_info.n_listenaddr ) != 0 ) {
return(1);
}
- arg.s_port = (unsigned short)s_port;
+ ports_info.s_port = (unsigned short)s_port;
if ( slapd_listenhost2addr( config_get_securelistenhost(),
- &arg.s_listenaddr ) != 0 ) {
+ &ports_info.s_listenaddr ) != 0 ) {
return(1);
}
- return_value = daemon_pre_setuid_init(&arg);
+ return_value = daemon_pre_setuid_init(&ports_info);
if (0 != return_value) {
LDAPDebug( LDAP_DEBUG_ANY, "Failed to init daemon\n",
0, 0, 0 );
@@ -1006,6 +958,62 @@
exit( 1 );
}
+ if ( init_ssl && ( 0 != slapd_ssl_init2(&ports_info.s_socket, 0) ) ) {
+ LDAPDebug(LDAP_DEBUG_ANY,
+ "ERROR: SSL Initialization phase 2 Failed.\n", 0, 0, 0 );
+ exit( 1 );
+ }
+
+ /*
+ * Detach ourselves from the terminal (unless running in debug mode).
+ * We must detach before we start any threads since detach forks() on
+ * UNIX.
+ * Have to detach after ssl_init - the user may be prompted for the PIN
+ * on the terminal, so it must be open.
+ */
+ detach();
+
+ /*
+ * Now write our PID to the startup PID file.
+ * This is used by the start up script to determine our PID quickly
+ * after we fork, without needing to wait for the 'real' pid file to be
+ * written. That could take minutes. And the start script will wait
+ * that long looking for it. With this new 'early pid' file, it can avoid
+ * doing that, by detecting the pid and watching for the process exiting.
+ * This removes the blank stares all round from start-slapd when the server
+ * fails to start for some reason
+ */
+ write_start_pid_file();
+
+ /* Make sure we aren't going to run slapd in
+ * a mode that is going to conflict with other
+ * slapd processes that are currently running
+ */
+ if ((slapd_exemode != SLAPD_EXEMODE_REFERRAL) &&
+ ( add_new_slapd_process(slapd_exemode, db2ldif_dump_replica,
+ skip_db_protect_check) == -1 )) {
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "Shutting down due to possible conflicts with other slapd processes\n",
+ 0, 0, 0 );
+ exit(1);
+ }
+
+
+ /*
+ * Now it is safe to log our first startup message. If we were to
+ * log anything earlier than now it would appear on the admin startup
+ * screen twice because before we detach everything is sent to both
+ * stderr and our error log. Yuck.
+ */
+ if (1) {
+ char *versionstring = config_get_versionstring();
+ char *buildnum = config_get_buildnum();
+ LDAPDebug( LDAP_DEBUG_ANY, "%s B%s starting up\n",
+ versionstring, buildnum, 0 );
+ slapi_ch_free((void **)&buildnum);
+ slapi_ch_free((void **)&versionstring);
+ }
+
/* -sduloutre: compute_init() and entry_computed_attr_init() moved up */
if (slapd_exemode != SLAPD_EXEMODE_REFERRAL) {
@@ -1143,7 +1151,7 @@
{
time( &starttime );
- slapd_daemon(&arg);
+ slapd_daemon(&ports_info);
}
LDAPDebug( LDAP_DEBUG_ANY, "slapd stopped.\n", 0, 0, 0 );
reslimit_cleanup();
More information about the Fedora-directory-commits
mailing list