From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Sep 27 12:10:00 2013 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 78F8F7B7 for ; Fri, 27 Sep 2013 12:10:00 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 575F62724 for ; Fri, 27 Sep 2013 12:10:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r8RCA0wU059880 for ; Fri, 27 Sep 2013 12:10:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r8RCA042059879; Fri, 27 Sep 2013 12:10:00 GMT (envelope-from gnats) Resent-Date: Fri, 27 Sep 2013 12:10:00 GMT Resent-Message-Id: <201309271210.r8RCA042059879@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Mark Felder Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 553D779D for ; Fri, 27 Sep 2013 12:07:51 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 298FB2715 for ; Fri, 27 Sep 2013 12:07:51 +0000 (UTC) Received: from oldred.freebsd.org ([127.0.1.6]) by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id r8RC7p4i060206 for ; Fri, 27 Sep 2013 12:07:51 GMT (envelope-from nobody@oldred.freebsd.org) Received: (from nobody@localhost) by oldred.freebsd.org (8.14.5/8.14.5/Submit) id r8RC7p9W060199; Fri, 27 Sep 2013 12:07:51 GMT (envelope-from nobody) Message-Id: <201309271207.r8RC7p9W060199@oldred.freebsd.org> Date: Fri, 27 Sep 2013 12:07:51 GMT From: Mark Felder To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: ports/182441: [PATCH] net/nss-pam-ldapd: supervise nslcd with daemon X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Sep 2013 12:10:00 -0000 >Number: 182441 >Category: ports >Synopsis: [PATCH] net/nss-pam-ldapd: supervise nslcd with daemon >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Sep 27 12:10:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Mark Felder >Release: >Organization: >Environment: >Description: This patch adds supervision of the nslcd via daemon(8). It will auto-restart it if it crashes, and also continue trying to start the process in the background during boot under conditions where it would have normally failed to start because of networking not being completely up yet. Without this functionality this port is vastly inferior to the old style net/nss_ldap and security/pam_ldap which do not use a daemon process and instead map shared libraries into every process which is a performance and security concern. nslcd also lowers the amount of ldap connections to your ldap servers as it keeps persistent connections open. This patch adds the needed reliability to keep yourself from being locked out of your server or have other ldap-aware services fail because the nslcd daemon crashed. >How-To-Repeat: >Fix: Patch attached with submission follows: Index: nslcd.in =================================================================== --- nslcd.in (revision 328001) +++ nslcd.in (working copy) @@ -5,14 +5,12 @@ # PROVIDE: nslcd # REQUIRE: ldconfig resolv # BEFORE: syslogd +# KEYWORD: shutdown # # Add the following line to /etc/rc.conf to enable the nslcd daemon: # # nslcd_enable="YES" # -# Optional: -# nslcd_debug="NO" - start nslcd in debugging mode (does not daemonize). -# . /etc/rc.subr @@ -21,27 +19,33 @@ load_rc_config ${name} -: ${nslcd_enable="NO"} -: ${nslcd_debug="NO"} +: ${nslcd_enable:=NO} -command="%%PREFIX%%/sbin/${name}" -pidfile="/var/run/${name}.pid" -start_precmd="nslcd_prestart" -start_postcmd="nslcd_poststart" +command="/usr/sbin/daemon" +command_args="-f -r %%PREFIX%%/sbin/nslcd -d" +status_cmd=nslcd_status +stop_cmd=nslcd_stop -nslcd_prestart () { - if checkyesno nslcd_debug - then - command_args="-d" +nslcd_status() +{ + mypid=$(pgrep -f "daemon: %%PREFIX%%/sbin/nslcd") + if [ ! ${mypid} = '' ]; then + echo "${name} is running with PID ${mypid}"; + else + echo "${name} not running?"; fi } -nslcd_poststart () { - until $(%%PREFIX%%/sbin/${name} -c); do - echo " Waiting for nslcd to start" - sleep 1 - done +nslcd_stop() +{ + mypid=$(pgrep -f "daemon: %%PREFIX%%/sbin/nslcd") + if [ ! ${mypid} = '' ]; then + echo "Stopping ${name}"; + kill -TERM ${mypid}; + wait_for_pids ${mypid}; + else + echo "${name} not running?"; + fi } - run_rc_command "$1" >Release-Note: >Audit-Trail: >Unformatted: