Exemple #1
0
 disable_nss_ldap()
 # TODO: implement
 #if myldap_set_debuglevel(cfg.debug) != LDAP_SUCCESS:
 #    sys.exit(1)
 # read configuration file
 cfg.read(constants.NSLCD_CONF_PATH)
 # set process title
 try:
     import setproctitle
     setproctitle.setproctitle('pynslcd')
 except ImportError:
     pass
 # set a default umask for the pidfile and socket
 os.umask(0022)
 # see if someone already locked the pidfile
 pidfile = mypidfile.MyPIDLockFile(constants.NSLCD_PIDFILE)
 # see if --check option was given
 if checkonly:
     if pidfile.is_locked():
         logging.debug('pidfile (%s) is locked', constants.NSLCD_PIDFILE)
         sys.exit(0)
     else:
         logging.debug('pidfile (%s) is not locked',
                       constants.NSLCD_PIDFILE)
         sys.exit(1)
 # normal check for pidfile locked
 if pidfile.is_locked():
     logging.error('daemon may already be active, cannot acquire lock (%s)',
                   constants.NSLCD_PIDFILE)
     sys.exit(1)
 # daemonize
Exemple #2
0
def main():  # noqa: C901 (long function)
    # parse options
    parse_cmdline()
    # clean the environment
    os.environ.clear()
    os.environ['HOME'] = '/'
    os.environ['TMPDIR'] = '/tmp'
    os.environ['LDAPNOINIT'] = '1'
    # set log level
    if debugging:
        logging.getLogger().setLevel(logging.DEBUG)
    # disable ldap lookups of host names to avoid lookup loop
    disable_nss_ldap()
    # TODO: implement
    # if myldap_set_debuglevel(cfg.debug) != LDAP_SUCCESS:
    #    sys.exit(1)
    # read configuration file
    cfg.read(constants.NSLCD_CONF_PATH)
    # set process title
    try:
        import setproctitle
        setproctitle.setproctitle('pynslcd')
    except ImportError:
        pass
    # set a default umask for the pidfile and socket
    os.umask(0o022)
    # see if someone already locked the pidfile
    pidfile = mypidfile.MyPIDLockFile(constants.NSLCD_PIDFILE)
    # see if --check option was given
    if checkonly:
        if pidfile.is_locked():
            logging.debug('pidfile (%s) is locked', constants.NSLCD_PIDFILE)
            sys.exit(0)
        else:
            logging.debug('pidfile (%s) is not locked', constants.NSLCD_PIDFILE)
            sys.exit(1)
    # normal check for pidfile locked
    if pidfile.is_locked():
        logging.error('daemon may already be active, cannot acquire lock (%s)',
                      constants.NSLCD_PIDFILE)
        sys.exit(1)
    # daemonize
    if debugging or nofork:
        ctx = pidfile
    else:
        ctx = daemon.DaemonContext(
            pidfile=pidfile,
            signal_map={
                signal.SIGTERM: u'terminate',
                signal.SIGINT: u'terminate',
                signal.SIGPIPE: None,
            })
    # start daemon
    with ctx:
        try:
            # start normal logging as configured
            if not debugging:
                for method, level in cfg.logs:
                    if method == 'syslog':
                        handler = MySysLogHandler()
                        handler.setFormatter(MyFormatter('%(prefix)s%(message)s'))
                    else:
                        handler = logging.FileHandler(method, encoding='utf-8')
                        handler.setFormatter(MyFormatter('%(asctime)s %(prefix)s%(message)s'))
                    handler.setLevel(level)
                    logging.getLogger().addHandler(handler)
                logging.getLogger().setLevel(min(level for method, level in cfg.logs))
                logging.getLogger().removeHandler(stderrhandler)
            logging.info('version %s starting', constants.VERSION)
            # start invalidator sub-process if needed
            if cfg.reconnect_invalidate:
                invalidator.start_invalidator()
            # create socket
            nslcd_serversocket = create_socket()
            # load supplementary groups
            if cfg.uid is not None:
                u, gid = cfg.get_usergid()
                # set supplementary groups, gid and uid
                os.initgroups(u.pw_name, gid)
                os.setgid(gid)
                os.setuid(u.pw_uid)
                os.environ['HOME'] = u.pw_dir
            logging.info('accepting connections')
            # set global LDAP configuration
            if cfg.tls_reqcert is not None:
                ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, cfg.tls_reqcert)
            if cfg.tls_cacertdir:
                ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, cfg.tls_cacertdir)
            if cfg.tls_cacertfile:
                ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, cfg.tls_cacertfile)
            if cfg.tls_randfile:
                ldap.set_option(ldap.OPT_X_TLS_RANDOM_FILE, cfg.tls_randfile)
            if cfg.tls_ciphers:
                ldap.set_option(ldap.OPT_X_TLS_CIPHER_SUITE, cfg.tls_ciphers)
            if cfg.tls_cert:
                ldap.set_option(ldap.OPT_X_TLS_CERTFILE, cfg.tls_cert)
            if cfg.tls_key:
                ldap.set_option(ldap.OPT_X_TLS_KEYFILE, cfg.tls_key)
            # start worker threads
            threads = []
            for i in range(cfg.threads):
                thread = threading.Thread(
                    target=worker, args=(nslcd_serversocket, ),
                    name='thread%d' % i)
                thread.setDaemon(True)
                thread.start()
                logging.debug('started thread %s', thread.getName())
                threads.append(thread)
            # wait for all threads to die
            for thread in threads:
                thread.join(10000)
        except Exception:
            logging.exception('main loop exit')