disable_nss_ldap() # TODO: implement #if myldap_set_debuglevel(cfg.debug) != LDAP_SUCCESS: # sys.exit(1) # read configuration file cfg.read(constants.NSLCD_CONF_PATH) # set process title try: import setproctitle setproctitle.setproctitle('pynslcd') except ImportError: pass # set a default umask for the pidfile and socket os.umask(0022) # see if someone already locked the pidfile pidfile = mypidfile.MyPIDLockFile(constants.NSLCD_PIDFILE) # see if --check option was given if checkonly: if pidfile.is_locked(): logging.debug('pidfile (%s) is locked', constants.NSLCD_PIDFILE) sys.exit(0) else: logging.debug('pidfile (%s) is not locked', constants.NSLCD_PIDFILE) sys.exit(1) # normal check for pidfile locked if pidfile.is_locked(): logging.error('daemon may already be active, cannot acquire lock (%s)', constants.NSLCD_PIDFILE) sys.exit(1) # daemonize
def main(): # noqa: C901 (long function) # parse options parse_cmdline() # clean the environment os.environ.clear() os.environ['HOME'] = '/' os.environ['TMPDIR'] = '/tmp' os.environ['LDAPNOINIT'] = '1' # set log level if debugging: logging.getLogger().setLevel(logging.DEBUG) # disable ldap lookups of host names to avoid lookup loop disable_nss_ldap() # TODO: implement # if myldap_set_debuglevel(cfg.debug) != LDAP_SUCCESS: # sys.exit(1) # read configuration file cfg.read(constants.NSLCD_CONF_PATH) # set process title try: import setproctitle setproctitle.setproctitle('pynslcd') except ImportError: pass # set a default umask for the pidfile and socket os.umask(0o022) # see if someone already locked the pidfile pidfile = mypidfile.MyPIDLockFile(constants.NSLCD_PIDFILE) # see if --check option was given if checkonly: if pidfile.is_locked(): logging.debug('pidfile (%s) is locked', constants.NSLCD_PIDFILE) sys.exit(0) else: logging.debug('pidfile (%s) is not locked', constants.NSLCD_PIDFILE) sys.exit(1) # normal check for pidfile locked if pidfile.is_locked(): logging.error('daemon may already be active, cannot acquire lock (%s)', constants.NSLCD_PIDFILE) sys.exit(1) # daemonize if debugging or nofork: ctx = pidfile else: ctx = daemon.DaemonContext( pidfile=pidfile, signal_map={ signal.SIGTERM: u'terminate', signal.SIGINT: u'terminate', signal.SIGPIPE: None, }) # start daemon with ctx: try: # start normal logging as configured if not debugging: for method, level in cfg.logs: if method == 'syslog': handler = MySysLogHandler() handler.setFormatter(MyFormatter('%(prefix)s%(message)s')) else: handler = logging.FileHandler(method, encoding='utf-8') handler.setFormatter(MyFormatter('%(asctime)s %(prefix)s%(message)s')) handler.setLevel(level) logging.getLogger().addHandler(handler) logging.getLogger().setLevel(min(level for method, level in cfg.logs)) logging.getLogger().removeHandler(stderrhandler) logging.info('version %s starting', constants.VERSION) # start invalidator sub-process if needed if cfg.reconnect_invalidate: invalidator.start_invalidator() # create socket nslcd_serversocket = create_socket() # load supplementary groups if cfg.uid is not None: u, gid = cfg.get_usergid() # set supplementary groups, gid and uid os.initgroups(u.pw_name, gid) os.setgid(gid) os.setuid(u.pw_uid) os.environ['HOME'] = u.pw_dir logging.info('accepting connections') # set global LDAP configuration if cfg.tls_reqcert is not None: ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, cfg.tls_reqcert) if cfg.tls_cacertdir: ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, cfg.tls_cacertdir) if cfg.tls_cacertfile: ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, cfg.tls_cacertfile) if cfg.tls_randfile: ldap.set_option(ldap.OPT_X_TLS_RANDOM_FILE, cfg.tls_randfile) if cfg.tls_ciphers: ldap.set_option(ldap.OPT_X_TLS_CIPHER_SUITE, cfg.tls_ciphers) if cfg.tls_cert: ldap.set_option(ldap.OPT_X_TLS_CERTFILE, cfg.tls_cert) if cfg.tls_key: ldap.set_option(ldap.OPT_X_TLS_KEYFILE, cfg.tls_key) # start worker threads threads = [] for i in range(cfg.threads): thread = threading.Thread( target=worker, args=(nslcd_serversocket, ), name='thread%d' % i) thread.setDaemon(True) thread.start() logging.debug('started thread %s', thread.getName()) threads.append(thread) # wait for all threads to die for thread in threads: thread.join(10000) except Exception: logging.exception('main loop exit')