nss-pam-ldapd commit: r2140 - in debian/nss-pam-ldapd/branches/jessie/debian: . patches

[Date Prev][Date Next] [Thread Prev][Thread Next]
From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: nss-pam-ldapd commit: r2140 - in debian/nss-pam-ldapd/branches/jessie/debian: . patches
Date: Sun, 30 Aug 2015 11:19:42 +0200 (CEST)
Author: arthur
Date: Sun Aug 30 11:19:41 2015
New Revision: 2140
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=2140&view=revision

Log:
fix-issues-withdaemonising.patch, avoid-signal-race.patch: patches to fix 
issues with daemonising nslcd and avoid a race condition in signal handling 
during start-up (closes: #759544)

Added:
   debian/nss-pam-ldapd/branches/jessie/debian/patches/avoid-signal-race.patch
   
debian/nss-pam-ldapd/branches/jessie/debian/patches/fix-issues-withdaemonising.patch
Modified:
   debian/nss-pam-ldapd/branches/jessie/debian/changelog
   debian/nss-pam-ldapd/branches/jessie/debian/patches/series

Modified: debian/nss-pam-ldapd/branches/jessie/debian/changelog
==============================================================================
--- debian/nss-pam-ldapd/branches/jessie/debian/changelog       Sun Aug 30 
10:59:42 2015        (r2139)
+++ debian/nss-pam-ldapd/branches/jessie/debian/changelog       Sun Aug 30 
11:19:41 2015        (r2140)
@@ -1,3 +1,11 @@
+nss-pam-ldapd (0.9.4-3+deb8u1) stable; urgency=low
+
+  * fix-issues-withdaemonising.patch, avoid-signal-race.patch: patches to
+    fix issues with daemonising nslcd and avoid a race condition in signal
+    handling during start-up (closes: #759544)
+
+ -- Arthur de Jong <adejong@debian.org>  Wed, 13 May 2015 23:14:48 +0200
+
 nss-pam-ldapd (0.9.4-3) unstable; urgency=low
 
   * use-ip-range-for-tests.patch: use a different IP range for running the

Added: 
debian/nss-pam-ldapd/branches/jessie/debian/patches/avoid-signal-race.patch
==============================================================================
--- /dev/null   00:00:00 1970   (empty, because file is newly added)
+++ debian/nss-pam-ldapd/branches/jessie/debian/patches/avoid-signal-race.patch 
Sun Aug 30 11:19:41 2015        (r2140)
@@ -0,0 +1,71 @@
+From: Arthur de Jong <arthur@arthurdejong.org>
+Subject: Avoid signal race condition on start-up
+
+This only restores the signal mask after signal handlers are in place
+and the daemon has completely daemonised to avoid a race condition in
+the start-up phase of nslcd where a signal could be sent to nslcd
+causing it to quit or fail to write information to the parent process.
+
+This also block signals sooner in an attempt to avoid race conditions.
+
+Origin: upstream, 
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=1d3b19b1ecd3b10f36e8925e8a752a28e3e74b56
+Origin: upstream, 
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=530cc24c83dd5d2d347acb40d64c3ae06a43a293
+Bug-Debian: http://bugs.debian.org/759544
+
+--- a/nslcd/nslcd.c
++++ b/nslcd/nslcd.c
+@@ -648,6 +648,17 @@ int main(int argc, char *argv[])
+ #ifdef HAVE_PTHREAD_TIMEDJOIN_NP
+   struct timespec ts;
+ #endif /* HAVE_PTHREAD_TIMEDJOIN_NP */
++  /* block all these signals so our worker threads won't handle them */
++  sigemptyset(&signalmask);
++  sigaddset(&signalmask, SIGHUP);
++  sigaddset(&signalmask, SIGINT);
++  sigaddset(&signalmask, SIGQUIT);
++  sigaddset(&signalmask, SIGABRT);
++  sigaddset(&signalmask, SIGPIPE);
++  sigaddset(&signalmask, SIGTERM);
++  sigaddset(&signalmask, SIGUSR1);
++  sigaddset(&signalmask, SIGUSR2);
++  pthread_sigmask(SIG_BLOCK, &signalmask, &oldmask);
+   /* close all file descriptors (except stdin/out/err) */
+   daemonize_closefds();
+   /* parse the command line */
+@@ -785,17 +796,6 @@ int main(int argc, char *argv[])
+     }
+     log_log(LOG_DEBUG, "setuid(%d) done", (int)nslcd_cfg->uid);
+   }
+-  /* block all these signals so our worker threads won't handle them */
+-  sigemptyset(&signalmask);
+-  sigaddset(&signalmask, SIGHUP);
+-  sigaddset(&signalmask, SIGINT);
+-  sigaddset(&signalmask, SIGQUIT);
+-  sigaddset(&signalmask, SIGABRT);
+-  sigaddset(&signalmask, SIGPIPE);
+-  sigaddset(&signalmask, SIGTERM);
+-  sigaddset(&signalmask, SIGUSR1);
+-  sigaddset(&signalmask, SIGUSR2);
+-  pthread_sigmask(SIG_BLOCK, &signalmask, &oldmask);
+   /* start worker threads */
+   log_log(LOG_INFO, "accepting connections");
+   nslcd_threads = (pthread_t *)malloc(nslcd_cfg->threads * sizeof(pthread_t));
+@@ -815,8 +815,7 @@ int main(int argc, char *argv[])
+       exit(EXIT_FAILURE);
+     }
+   }
+-  pthread_sigmask(SIG_SETMASK, &oldmask, NULL);
+-  /* install signalhandlers for some signals */
++  /* install signal handlers for some signals */
+   install_sighandler(SIGHUP, sig_handler);
+   install_sighandler(SIGINT, sig_handler);
+   install_sighandler(SIGQUIT, sig_handler);
+@@ -827,6 +826,8 @@ int main(int argc, char *argv[])
+   install_sighandler(SIGUSR2, SIG_IGN);
+   /* signal the starting process to exit because we can provide services now 
*/
+   daemonize_ready(EXIT_SUCCESS, NULL);
++  /* enable receiving of signals */
++  pthread_sigmask(SIG_SETMASK, &oldmask, NULL);
+   /* wait until we received a signal */
+   while ((nslcd_receivedsignal == 0) || (nslcd_receivedsignal == SIGUSR1))
+   {

Added: 
debian/nss-pam-ldapd/branches/jessie/debian/patches/fix-issues-withdaemonising.patch
==============================================================================
--- /dev/null   00:00:00 1970   (empty, because file is newly added)
+++ 
debian/nss-pam-ldapd/branches/jessie/debian/patches/fix-issues-withdaemonising.patch
        Sun Aug 30 11:19:41 2015        (r2140)
@@ -0,0 +1,93 @@
+From: Arthur de Jong <arthur@arthurdejong.org>
+Subject: Fix issues with daemonising
+
+This fixes a problem with a buffer that could end up padded with
+garbage.
+
+This also clarifies the code a bit and adds extra logging for errors
+that could occur during daemonising.
+
+Origin: upstream, 
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=a726d291b0f6794abec0a0192cf2b2a742648e4a
+
+--- a/nslcd/daemonize.c
++++ b/nslcd/daemonize.c
+@@ -57,13 +57,13 @@ void daemonize_closefds(void)
+ void daemonize_redirect_stdio(void)
+ {
+   /* close stdin, stdout and stderr */
+-  close(0);   /* stdin */
+-  close(1);   /* stdout */
+-  close(2);   /* stderr */
++  (void)close(0);   /* stdin */
++  (void)close(1);   /* stdout */
++  (void)close(2);   /* stderr */
+   /* reconnect to /dev/null */
+-  open("/dev/null", O_RDWR);  /* stdin, fd=0 */
+-  dup(0);     /* stdout, fd=1 */
+-  dup(0);     /* stderr, fd=2 */
++  (void)open("/dev/null", O_RDWR);  /* stdin, fd=0 */
++  (void)dup(0);     /* stdout, fd=1 */
++  (void)dup(0);     /* stderr, fd=2 */
+ }
+ 
+ /* try to fill the buffer until EOF or error */
+@@ -95,18 +95,27 @@ static int wait_for_response(int fd)
+   int i, l, rc;
+   char buffer[1024];
+   /* read return code */
++  errno = 0;
+   i = read_response(fd, (void *)&rc, sizeof(int));
++  log_log(LOG_DEBUG, "DEBUG: wait_for_response(): i=%d, rc=%d", i, rc);
+   if (i != sizeof(int))
++  {
++    log_log(LOG_ERR, "wait_for_response(): read_response() returned %d 
(expected %d)",
++            i, (int)sizeof(int));
++    if (errno == 0)
++      errno = ENODATA;
+     return -1;
++  }
+   /* read string length */
+   i = read_response(fd, (void *)&l, sizeof(int));
++  log_log(LOG_DEBUG, "DEBUG: wait_for_response(): i=%d, l=%d", i, l);
+   if ((i != sizeof(int)) || (l <= 0))
+     _exit(rc);
+   /* read string */
+   if ((size_t)l > (sizeof(buffer) - 1))
+     l = sizeof(buffer) - 1;
+   i = read_response(fd, buffer, l);
+-  buffer[sizeof(buffer) - 1] = '\0';
++  buffer[l] = '\0';
+   if (i == l)
+     fprintf(stderr, "%s", buffer);
+   _exit(rc);
+@@ -200,22 +209,23 @@ int daemonize_daemon(void)
+ 
+ void daemonize_ready(int status, const char *message)
+ {
++  int l;
+   if (daemonizefd >= 0)
+   {
+     /* we ignore any errors writing */
+-    write(daemonizefd, &status, sizeof(int));
++    (void)write(daemonizefd, &status, sizeof(int));
+     if ((message == NULL) || (message[0] == '\0'))
+     {
+-      status = 0;
+-      write(daemonizefd, &status, sizeof(int));
++      l = 0;
++      (void)write(daemonizefd, &l, sizeof(int));
+     }
+     else
+     {
+-      status = strlen(message);
+-      write(daemonizefd, &status, sizeof(int));
+-      write(daemonizefd, message, status);
++      l = strlen(message);
++      (void)write(daemonizefd, &l, sizeof(int));
++      (void)write(daemonizefd, message, l);
+     }
+-    close(daemonizefd);
++    (void)close(daemonizefd);
+     daemonizefd = -1;
+   }
+ }

Modified: debian/nss-pam-ldapd/branches/jessie/debian/patches/series
==============================================================================
--- debian/nss-pam-ldapd/branches/jessie/debian/patches/series  Sun Aug 30 
10:59:42 2015        (r2139)
+++ debian/nss-pam-ldapd/branches/jessie/debian/patches/series  Sun Aug 30 
11:19:41 2015        (r2140)
@@ -1 +1,3 @@
 use-ip-range-for-tests.patch
+fix-issues-withdaemonising.patch
+avoid-signal-race.patch
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits/
nss-pam-ldapd commit: r2140 - in debian/nss-pam-ldapd/branches/jessie/debian: . patches, Commits of the nss-pam-ldapd project
Prev by Date: nss-pam-ldapd commit: r2139 - debian/nss-pam-ldapd/branches/jessie
Next by Date: nss-pam-ldapd commit: r2141 - in debian/nss-pam-ldapd/trunk/debian: . patches
Previous by thread: nss-pam-ldapd commit: r2139 - debian/nss-pam-ldapd/branches/jessie
Next by thread: nss-pam-ldapd commit: r2141 - in debian/nss-pam-ldapd/trunk/debian: . patches