diff options
| author | Martin Hedenfal <martinh@cvs.openbsd.org> | 2010-06-03 17:29:55 +0000 |
|---|---|---|
| committer | Martin Hedenfal <martinh@cvs.openbsd.org> | 2010-06-03 17:29:55 +0000 |
| commit | 39503557a09067aa36f1779fb9dcea1b261d47ec (patch) | |
| tree | e1fa5b63ea4a2f6706422c42150b58fc64723114 /usr.sbin/ldapd | |
| parent | ef81975243586cc59372b8289c080f3cc7f294f3 (diff) | |
Open database files before chrooting, and use an absolute path to
the database files, instead of relying on the chrooted-to path.
This breaks compaction as the ldape process can't re-open the
database files. This is being worked on.
ok gilles@
Diffstat (limited to 'usr.sbin/ldapd')
| -rw-r--r-- | usr.sbin/ldapd/ldapd.h | 3 | ||||
| -rw-r--r-- | usr.sbin/ldapd/ldape.c | 12 | ||||
| -rw-r--r-- | usr.sbin/ldapd/namespace.c | 6 |
3 files changed, 11 insertions, 10 deletions
diff --git a/usr.sbin/ldapd/ldapd.h b/usr.sbin/ldapd/ldapd.h index 13f8ba87b86..d6e573abbf5 100644 --- a/usr.sbin/ldapd/ldapd.h +++ b/usr.sbin/ldapd/ldapd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ldapd.h,v 1.1 2010/05/31 17:36:31 martinh Exp $ */ +/* $OpenBSD: ldapd.h,v 1.2 2010/06/03 17:29:54 martinh Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -37,6 +37,7 @@ #define CONFFILE "/etc/ldapd.conf" #define LDAPD_USER "_ldapd" #define LDAPD_SOCKET "/var/run/ldapd.sock" +#define DATADIR "/var/db/ldap" #define LDAP_PORT 389 #define LDAPS_PORT 636 #define LDAPD_SESSION_TIMEOUT 30 diff --git a/usr.sbin/ldapd/ldape.c b/usr.sbin/ldapd/ldape.c index 4071d9fe8a7..4862dfda826 100644 --- a/usr.sbin/ldapd/ldape.c +++ b/usr.sbin/ldapd/ldape.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ldape.c,v 1.2 2010/05/31 18:29:04 martinh Exp $ */ +/* $OpenBSD: ldape.c,v 1.3 2010/06/03 17:29:54 martinh Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -285,6 +285,11 @@ ldape(struct passwd *pw, char *csockpath, int pipe_parent2ldap[2]) ssl_setup(conf, l); } + TAILQ_FOREACH(ns, &conf->namespaces, next) { + if (namespace_open(ns) != 0) + fatal(ns->suffix); + } + if (pw != NULL) { if (chroot(pw->pw_dir) == -1) fatal("chroot"); @@ -297,11 +302,6 @@ ldape(struct passwd *pw, char *csockpath, int pipe_parent2ldap[2]) fatal("cannot drop privileges"); } - TAILQ_FOREACH(ns, &conf->namespaces, next) { - if (namespace_open(ns) != 0) - fatal(ns->suffix); - } - log_debug("ldape: entering event loop"); event_dispatch(); diff --git a/usr.sbin/ldapd/namespace.c b/usr.sbin/ldapd/namespace.c index e6e5aa2302d..28e1e0364d5 100644 --- a/usr.sbin/ldapd/namespace.c +++ b/usr.sbin/ldapd/namespace.c @@ -1,4 +1,4 @@ -/* $OpenBSD: namespace.c,v 1.2 2010/06/01 15:10:04 martinh Exp $ */ +/* $OpenBSD: namespace.c,v 1.3 2010/06/03 17:29:54 martinh Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -116,7 +116,7 @@ namespace_open(struct namespace *ns) if (ns->sync == 0) db_flags |= BT_NOSYNC; - if (asprintf(&ns->data_path, "%s_data.db", ns->suffix) < 0) + if (asprintf(&ns->data_path, "%s/%s_data.db", DATADIR, ns->suffix) < 0) return -1; log_info("opening namespace %s", ns->suffix); ns->data_db = btree_open(ns->data_path, db_flags | BT_REVERSEKEY, 0644); @@ -125,7 +125,7 @@ namespace_open(struct namespace *ns) btree_set_cache_size(ns->data_db, ns->cache_size); - if (asprintf(&ns->indx_path, "%s_indx.db", ns->suffix) < 0) + if (asprintf(&ns->indx_path, "%s/%s_indx.db", DATADIR, ns->suffix) < 0) return -1; ns->indx_db = btree_open(ns->indx_path, db_flags, 0644); if (ns->indx_db == NULL) |