Hi, On Tue, 3 Mar 2020 20:45:17 +0100 Martijn van Duren <openbsd+t...@list.imperialat.at> wrote:
> I don't agree with this diff, even though you're right with it being > broken. Right now the regress test uses it/tries to use it and even > though someone trying to run regress on an actual production machine > somewhat deserves to get shot in the foot, I don't think we should > make that our goal. > > Also, I can see this being a helpful feature for people doing some > development work (e.g. testing with delegations etc without setting > up a vm-environment). > > Could you please look into fixing the actual issue? this patch fixes only the two issues. I de-const'd "char * datadir" in ldapd to get rid of the new warning. Best regards Robert diff 1813335e849f285a868ea3d474b4704812b1843e /usr/src blob - c8564c5543f518a720e049c559556f87edda6b8a file + usr.sbin/ldapctl/ldapctl.c --- usr.sbin/ldapctl/ldapctl.c +++ usr.sbin/ldapctl/ldapctl.c @@ -150,7 +150,7 @@ index_namespace(struct namespace *ns, const char *data log_info("indexing namespace %s", ns->suffix); - if (asprintf(&path, "%s/%s_data.db", DATADIR, ns->suffix) == -1) + if (asprintf(&path, "%s/%s_data.db", datadir, ns->suffix) == -1) return -1; data_db = btree_open(path, BT_NOSYNC | BT_REVERSEKEY, 0644); free(path); blob - 797a36f89f33233c2d9655a307ec5e727b9fbaa1 file + usr.sbin/ldapd/ldapd.c --- usr.sbin/ldapd/ldapd.c +++ usr.sbin/ldapd/ldapd.c @@ -55,7 +55,7 @@ static pid_t start_child(enum ldapd_process, char *, struct ldapd_stats stats; pid_t ldape_pid; -const char *datadir = DATADIR; +char *datadir = DATADIR; void usage(void) @@ -415,7 +415,7 @@ static pid_t start_child(enum ldapd_process p, char *argv0, int fd, int debug, int verbose, char *csockpath, char *conffile) { - char *argv[9]; + char *argv[11]; int argc = 0; pid_t pid; @@ -459,7 +459,11 @@ start_child(enum ldapd_process p, char *argv0, int fd, argv[argc++] = "-f"; argv[argc++] = conffile; } - + if (datadir) { + argv[argc++] = "-r"; + argv[argc++] = datadir; + } + argv[argc++] = NULL; execvp(argv0, argv); blob - 2259f57bde3c2918a8b200747c194e5768ae40f1 file + usr.sbin/ldapd/namespace.c --- usr.sbin/ldapd/namespace.c +++ usr.sbin/ldapd/namespace.c @@ -29,7 +29,7 @@ #include "ldapd.h" #include "log.h" -extern const char *datadir; +extern char *datadir; /* Maximum number of requests to queue per namespace during compaction. * After this many requests, we return LDAP_BUSY. > > martijn@ > > On 3/2/20 8:00 PM, Robert Klein wrote: > > Hi, > > > > in ldapd and ldapctl the "-r directory" command line argument does > > not work: > > > > ldapd fork/execs itself but the directory command line argument is > > not given to the execvp call which then uses the default data > > directory. > > > > ldapctl has a thinko/typo which causes the data_db to be always > > opened in the default directory for indexing. > > > > The patch below removes the command line argument and corresponding > > global variable and instead uses a configuration file directive > > "datadir". Incidentally removes the global 'datadir' variable used > > before. > > > > Best regards > > Robert > > > > > > ----------------------------------------------- > > commit 6a71c90c19b5dc5850305c15696af3f14d26c168 (master) > > from: Robert Klein <rokl...@roklein.de> > > date: Mon Mar 2 18:50:12 2020 UTC > > > > fix ldapd/ldapctl data directory handling > > > > -r directive didn't work as intended in both > > ldapd and ldapctl. > > > > this patch replaces command line argument '-r directory' > > with a configuration file directive 'datadir'. > > > > diff f62b80b397c780e8273b5cc67d544b951c4c9d1f > > 35bb29194b2067dab925ec4566dfb82f9bf34d65 blob - > > 48cff01b435bca0deebf28f55e6f71675c5752f2 blob + > > 231af2ddbbee2da446d2f03c9c48e679e216e993 --- > > usr.sbin/ldapctl/ldapctl.8 +++ usr.sbin/ldapctl/ldapctl.8 > > @@ -24,7 +24,6 @@ > > .Nm ldapctl > > .Op Fl v > > .Op Fl f Ar file > > -.Op Fl r Ar directory > > .Op Fl s Ar socket > > .Ar command > > .Op Ar argument ... > > @@ -42,11 +41,6 @@ Use > > .Ar file > > as the configuration file, instead of the default > > .Pa /etc/ldapd.conf . > > -.It Fl r Ar directory > > -Store and read database files in > > -.Ar directory , > > -instead of the default > > -.Pa /var/db/ldap . > > .It Fl s Ar socket > > Use > > .Ar socket > > blob - c8564c5543f518a720e049c559556f87edda6b8a > > blob + 6830a603d153794390faafbc9aadc8ef0bd985c0 > > --- usr.sbin/ldapctl/ldapctl.c > > +++ usr.sbin/ldapctl/ldapctl.c > > @@ -58,10 +58,10 @@ void show_stats(struct imsg > > *imsg); void show_dbstats(const char *prefix, > > struct btree_stat *st); void show_nsstats(struct > > imsg *imsg); int compact_db(const char *path); > > -int compact_namespace(struct namespace *ns, const > > char *datadir); -int compact_namespaces(const char > > *datadir); -int index_namespace(struct namespace > > *ns, const char *datadir); -int > > index_namespaces(const char *datadir); +int > > compact_namespace(struct namespace *ns); +int > > compact_namespaces(void); +int > > index_namespace(struct namespace *ns); +int > > index_namespaces(void); int > > ssl_load_certfile(struct ldapd_config *, const char *, u_int8_t); > > __dead void > > @@ -70,7 +70,7 @@ usage(void) > > extern char *__progname; > > > > fprintf(stderr, > > - "usage: %s [-v] [-f file] [-r directory] [-s socket] " > > + "usage: %s [-v] [-f file] [-s socket] " > > "command [argument ...]\n", > > __progname); > > exit(1); > > @@ -97,11 +97,11 @@ compact_db(const char *path) > > } > > > > int > > -compact_namespace(struct namespace *ns, const char *datadir) > > +compact_namespace(struct namespace *ns) > > { > > char *path; > > > > - if (asprintf(&path, "%s/%s_data.db", datadir, ns->suffix) > > == -1) > > + if (asprintf(&path, "%s/%s_data.db", conf->datadir, > > ns->suffix) == -1) return -1; > > if (compact_db(path) != 0) { > > log_warn("%s", path); > > @@ -110,7 +110,7 @@ compact_namespace(struct namespace *ns, const > > char *da } > > free(path); > > > > - if (asprintf(&path, "%s/%s_indx.db", datadir, ns->suffix) > > == -1) > > + if (asprintf(&path, "%s/%s_indx.db", conf->datadir, > > ns->suffix) == -1) return -1; > > if (compact_db(path) != 0) { > > log_warn("%s", path); > > @@ -123,14 +123,14 @@ compact_namespace(struct namespace *ns, const > > char *da } > > > > int > > -compact_namespaces(const char *datadir) > > +compact_namespaces() > > { > > struct namespace *ns; > > > > TAILQ_FOREACH(ns, &conf->namespaces, next) { > > if (SLIST_EMPTY(&ns->referrals)) > > continue; > > - if (compact_namespace(ns, datadir) != 0) > > + if (compact_namespace(ns) != 0) > > return -1; > > } > > > > @@ -138,7 +138,7 @@ compact_namespaces(const char *datadir) > > } > > > > int > > -index_namespace(struct namespace *ns, const char *datadir) > > +index_namespace(struct namespace *ns) > > { > > struct btval key, val; > > struct btree *data_db, *indx_db; > > @@ -150,14 +150,14 @@ index_namespace(struct namespace *ns, const > > char *data > > log_info("indexing namespace %s", ns->suffix); > > > > - if (asprintf(&path, "%s/%s_data.db", DATADIR, ns->suffix) > > == -1) > > + if (asprintf(&path, "%s/%s_data.db", conf->datadir, > > ns->suffix) == -1) return -1; > > data_db = btree_open(path, BT_NOSYNC | BT_REVERSEKEY, > > 0644); free(path); > > if (data_db == NULL) > > return -1; > > > > - if (asprintf(&path, "%s/%s_indx.db", datadir, ns->suffix) > > == -1) > > + if (asprintf(&path, "%s/%s_indx.db", conf->datadir, > > ns->suffix) == -1) return -1; > > indx_db = btree_open(path, BT_NOSYNC, 0644); > > free(path); > > @@ -219,14 +219,14 @@ index_namespace(struct namespace *ns, const > > char *data } > > > > int > > -index_namespaces(const char *datadir) > > +index_namespaces() > > { > > struct namespace *ns; > > > > TAILQ_FOREACH(ns, &conf->namespaces, next) { > > if (SLIST_EMPTY(&ns->referrals)) > > continue; > > - if (index_namespace(ns, datadir) != 0) > > + if (index_namespace(ns) != 0) > > return -1; > > } > > > > @@ -247,7 +247,6 @@ main(int argc, char *argv[]) > > ssize_t n; > > int ch; > > enum action action = NONE; > > - const char *datadir = DATADIR; > > struct stat sb; > > const char *sock = LDAPD_SOCKET; > > char *conffile = CONFFILE; > > @@ -262,9 +261,6 @@ main(int argc, char *argv[]) > > case 'f': > > conffile = optarg; > > break; > > - case 'r': > > - datadir = optarg; > > - break; > > case 's': > > sock = optarg; > > break; > > @@ -282,11 +278,6 @@ main(int argc, char *argv[]) > > if (argc == 0) > > usage(); > > > > - if (stat(datadir, &sb) == -1) > > - err(1, "%s", datadir); > > - if (!S_ISDIR(sb.st_mode)) > > - errx(1, "%s is not a directory", datadir); > > - > > ldap_loginit(NULL, 1, verbose); > > > > if (strcmp(argv[0], "stats") == 0) > > @@ -311,13 +302,22 @@ main(int argc, char *argv[]) > > if (parse_config(conffile) != 0) > > exit(2); > > > > + if (conf->datadir == NULL) { > > + if (asprintf(&conf->datadir, "%s", > > LDAPD_DATADIR) == -1) > > + errx(1, "malloc failed"); > > + } > > + if (stat(conf->datadir, &sb) == -1) > > + err(1, "%s", conf->datadir); > > + if (!S_ISDIR(sb.st_mode)) > > + errx(1, "%s is not a directory", > > conf->datadir); + > > if (pledge("stdio rpath wpath cpath flock", NULL) > > == -1) err(1, "pledge"); > > > > if (action == COMPACT_DB) > > - return compact_namespaces(datadir); > > + return compact_namespaces(); > > else > > - return index_namespaces(datadir); > > + return index_namespaces(); > > } > > > > /* connect to ldapd control socket */ > > blob - db5a0be5ad93c11c0dd773d342ea131328dcaa82 > > blob + 8588bbe3dc5ffd81b91967cf809681b1998cbd69 > > --- usr.sbin/ldapd/ldapd.8 > > +++ usr.sbin/ldapd/ldapd.8 > > @@ -27,7 +27,6 @@ > > .Fl D Ar macro Ns = Ns Ar value > > .Oc > > .Op Fl f Ar file > > -.Op Fl r Ar directory > > .Op Fl s Ar file > > .Sh DESCRIPTION > > .Nm > > @@ -61,11 +60,6 @@ as the configuration file, instead of the default > > .It Fl n > > Configtest mode. > > Only check the configuration file for validity. > > -.It Fl r Ar directory > > -Store and read database files in > > -.Ar directory , > > -instead of the default > > -.Pa /var/db/ldap . > > .It Fl s Ar file > > Specify an alternative location for the socket file. > > .It Fl v > > blob - 797a36f89f33233c2d9655a307ec5e727b9fbaa1 > > blob + 69ae065ae99ba9ab326afd1fe0db5eeb820ea629 > > --- usr.sbin/ldapd/ldapd.c > > +++ usr.sbin/ldapd/ldapd.c > > @@ -55,7 +55,6 @@ static pid_t start_child(enum > > ldapd_process, char *, > > struct ldapd_stats stats; > > pid_t ldape_pid; > > -const char *datadir = DATADIR; > > > > void > > usage(void) > > @@ -63,7 +62,7 @@ usage(void) > > extern char *__progname; > > > > fprintf(stderr, "usage: %s [-dnv] [-D macro=value] " > > - "[-f file] [-r directory] [-s file]\n", __progname); > > + "[-f file] [-s file]\n", __progname); > > exit(1); > > } > > > > @@ -151,9 +150,6 @@ main(int argc, char *argv[]) > > case 'n': > > configtest = 1; > > break; > > - case 'r': > > - datadir = optarg; > > - break; > > case 's': > > csockpath = optarg; > > break; > > @@ -193,15 +189,20 @@ main(int argc, char *argv[]) > > exit(0); > > } > > > > + if (conf->datadir == NULL) { > > + if (asprintf(&conf->datadir, "%s", LDAPD_DATADIR) > > == -1) > > + errx(1, "malloc failed"); > > + } > > + > > log_init(debug, LOG_DAEMON); > > > > if (eflag) > > ldape(debug, verbose, csockpath); > > > > - if (stat(datadir, &sb) == -1) > > - err(1, "%s", datadir); > > + if (stat(conf->datadir, &sb) == -1) > > + err(1, "%s", conf->datadir); > > if (!S_ISDIR(sb.st_mode)) > > - errx(1, "%s is not a directory", datadir); > > + errx(1, "%s is not a directory", conf->datadir); > > > > if (!debug) { > > if (daemon(1, 0) == -1) > > @@ -213,7 +214,7 @@ main(int argc, char *argv[]) > > if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC | > > SOCK_NONBLOCK, PF_UNSPEC, pipe_parent2ldap) != 0) > > fatal("socketpair"); > > - > > + > > ldape_pid = start_child(PROC_LDAP_SERVER, saved_argv0, > > pipe_parent2ldap[1], debug, verbose, csockpath, > > conffile); > > @@ -392,7 +393,7 @@ ldapd_open_request(struct imsgev *iev, struct > > imsg *im /* make sure path is null-terminated */ > > oreq->path[PATH_MAX] = '\0'; > > > > - if (strncmp(oreq->path, datadir, strlen(datadir)) != 0) { > > + if (strncmp(oreq->path, conf->datadir, > > strlen(conf->datadir)) != 0) { log_warnx("refusing to open file > > %s", oreq->path); fatal("ldape sent invalid open request"); > > } > > @@ -459,7 +460,7 @@ start_child(enum ldapd_process p, char *argv0, > > int fd, argv[argc++] = "-f"; > > argv[argc++] = conffile; > > } > > - > > + > > argv[argc++] = NULL; > > > > execvp(argv0, argv); > > blob - 3da0137e137e8b3bc64f6351579fcd6a9344b1f8 > > blob + 31c894c3e39ab70f3324415ecac5efc1301e0a54 > > --- usr.sbin/ldapd/ldapd.conf.5 > > +++ usr.sbin/ldapd/ldapd.conf.5 > > @@ -130,6 +130,11 @@ The URL has the following format: > > ldap://ldap.example.com > > ldaps://ldap.example.com:3890 > > .Ed > > +.It datadir Ar directory > > +Store and read database files in > > +.Ar directory , > > +instead of the default > > +.Pa /var/db/ldap . > > .It rootdn Ar dn > > Specify the distinguished name of the root user for all namespaces. > > The root user is always allowed to read and write entries in all > > blob - 3f995d184b442f094a95f089e3bb4a727eabf559 > > blob + 2736d366bf5f92e3579f915f4ceb2a3610d27d54 > > --- usr.sbin/ldapd/ldapd.h > > +++ usr.sbin/ldapd/ldapd.h > > @@ -41,7 +41,7 @@ > > #define CONFFILE "/etc/ldapd.conf" > > #define LDAPD_USER "_ldapd" > > #define LDAPD_SOCKET "/var/run/ldapd.sock" > > -#define DATADIR "/var/db/ldap" > > +#define LDAPD_DATADIR "/var/db/ldap" > > #define LDAP_PORT 389 > > #define LDAPS_PORT 636 > > #define LDAPD_SESSION_TIMEOUT 30 > > @@ -252,6 +252,7 @@ struct ldapd_config > > struct schema *schema; > > char *rootdn; > > char *rootpw; > > + char *datadir; > > }; > > > > struct ldapd_stats > > blob - 2259f57bde3c2918a8b200747c194e5768ae40f1 > > blob + 2e39abf6cc94ac6f301876df996a6229a032a7b7 > > --- usr.sbin/ldapd/namespace.c > > +++ usr.sbin/ldapd/namespace.c > > @@ -29,8 +29,6 @@ > > #include "ldapd.h" > > #include "log.h" > > > > -extern const char *datadir; > > - > > /* Maximum number of requests to queue per namespace during > > compaction. > > * After this many requests, we return LDAP_BUSY. > > */ > > @@ -118,7 +116,8 @@ namespace_open(struct namespace *ns) > > if (ns->sync == 0) > > db_flags |= BT_NOSYNC; > > > > - if (asprintf(&ns->data_path, "%s/%s_data.db", datadir, > > ns->suffix) == -1) > > + if (asprintf(&ns->data_path, "%s/%s_data.db", > > conf->datadir, > > + ns->suffix) == -1) > > return -1; > > log_info("opening namespace %s", ns->suffix); > > ns->data_db = btree_open(ns->data_path, db_flags | > > BT_REVERSEKEY, 0644); @@ -127,7 +126,8 @@ namespace_open(struct > > namespace *ns) > > btree_set_cache_size(ns->data_db, ns->cache_size); > > > > - if (asprintf(&ns->indx_path, "%s/%s_indx.db", datadir, > > ns->suffix) == -1) > > + if (asprintf(&ns->indx_path, "%s/%s_indx.db", > > conf->datadir, > > + ns->suffix) == -1) > > return -1; > > ns->indx_db = btree_open(ns->indx_path, db_flags, 0644); > > if (ns->indx_db == NULL) > > blob - bad9bc630403e5280e3b0db41d8ec1247db70352 > > blob + b72e4d89324b332498f8e5e0d1d8db822d4588f9 > > --- usr.sbin/ldapd/parse.y > > +++ usr.sbin/ldapd/parse.y > > @@ -117,7 +117,7 @@ static struct namespace *current_ns = NULL; > > %} > > > > %token ERROR LISTEN ON TLS LDAPS PORT NAMESPACE ROOTDN > > ROOTPW INDEX -%token SECURE RELAX STRICT SCHEMA USE > > COMPRESSION LEVEL +%token SECURE RELAX STRICT SCHEMA USE > > COMPRESSION LEVEL DATADIR %token INCLUDE CERTIFICATE FSYNC > > CACHE_SIZE INDEX_CACHE_SIZE %token DENY ALLOW READ WRITE > > BIND ACCESS TO ROOT REFERRAL %token ANY CHILDREN OF > > ATTRIBUTE IN SUBTREE BY SELF @@ -225,6 +225,7 @@ conf_main : > > LISTEN ON STRING port ssl certname { > > normalize_dn(conf->rootdn); } > > | ROOTPW STRING { > > conf->rootpw = $2; } > > + | DATADIR STRING { conf->datadir = > > $2; } ; > > > > namespace : NAMESPACE STRING '{' '\n' { > > @@ -441,6 +442,7 @@ lookup(char *s) > > { "certificate", CERTIFICATE }, > > { "children", CHILDREN }, > > { "compression", COMPRESSION }, > > + { "datadir", DATADIR }, > > { "deny", DENY }, > > { "fsync", FSYNC }, > > { "in", IN }, > >