handler = MySysLogHandler()
handler.setFormatter(
MyFormatter('%(prefix)s%(message)s'))
else:
handler = logging.FileHandler(method, encoding='utf-8')
handler.setFormatter(
MyFormatter('%(asctime)s %(prefix)s%(message)s'))
handler.setLevel(level)
logging.getLogger().addHandler(handler)
logging.getLogger().setLevel(
min(level for method, level in cfg.logs))
logging.getLogger().removeHandler(stderrhandler)
logging.info('version %s starting', constants.VERSION)
# start invalidator sub-process if needed
if cfg.reconnect_invalidate:
invalidator.start_invalidator()
# create socket
nslcd_serversocket = create_socket()
# load supplementary groups
if cfg.uid is not None:
import pwd
import grp
u = pwd.getpwnam(cfg.uid)
if cfg.gid is None:
gid = u.pw_gid
else:
gid = grp.getgrnam(cfg.gid).gr_gid
# set supplementary groups, gid and uid
os.initgroups(u.pw_name, gid)
os.setgid(gid)
os.setuid(u.pw_uid)
if not debugging:
for method, level in cfg.logs:
if method == 'syslog':
handler = MySysLogHandler()
handler.setFormatter(MyFormatter('%(prefix)s%(message)s'))
else:
handler = logging.FileHandler(method, encoding='utf-8')
handler.setFormatter(MyFormatter('%(asctime)s %(prefix)s%(message)s'))
handler.setLevel(level)
logging.getLogger().addHandler(handler)
logging.getLogger().setLevel(min(level for method, level in cfg.logs))
logging.getLogger().removeHandler(stderrhandler)
logging.info('version %s starting', constants.VERSION)
# start invalidator sub-process if needed
if cfg.reconnect_invalidate:
invalidator.start_invalidator()
# create socket
nslcd_serversocket = create_socket()
# load supplementary groups
if cfg.uid is not None:
import pwd
import grp
u = pwd.getpwnam(cfg.uid)
if cfg.gid is None:
gid = u.pw_gid
else:
gid = grp.getgrnam(cfg.gid).gr_gid
# set supplementary groups, gid and uid
os.initgroups(u.pw_name, gid)
os.setgid(gid)
os.setuid(u.pw_uid)
def main(): # noqa: C901 (long function)
# parse options
parse_cmdline()
# clean the environment
os.environ.clear()
os.environ['HOME'] = '/'
os.environ['TMPDIR'] = '/tmp'
os.environ['LDAPNOINIT'] = '1'
# set log level
if debugging:
logging.getLogger().setLevel(logging.DEBUG)
# disable ldap lookups of host names to avoid lookup loop
disable_nss_ldap()
# TODO: implement
# if myldap_set_debuglevel(cfg.debug) != LDAP_SUCCESS:
# sys.exit(1)
# read configuration file
cfg.read(constants.NSLCD_CONF_PATH)
# set process title
try:
import setproctitle
setproctitle.setproctitle('pynslcd')
except ImportError:
pass
# set a default umask for the pidfile and socket
os.umask(0o022)
# see if someone already locked the pidfile
pidfile = mypidfile.MyPIDLockFile(constants.NSLCD_PIDFILE)
# see if --check option was given
if checkonly:
if pidfile.is_locked():
logging.debug('pidfile (%s) is locked', constants.NSLCD_PIDFILE)
sys.exit(0)
else:
logging.debug('pidfile (%s) is not locked', constants.NSLCD_PIDFILE)
sys.exit(1)
# normal check for pidfile locked
if pidfile.is_locked():
logging.error('daemon may already be active, cannot acquire lock (%s)',
constants.NSLCD_PIDFILE)
sys.exit(1)
# daemonize
if debugging or nofork:
ctx = pidfile
else:
ctx = daemon.DaemonContext(
pidfile=pidfile,
signal_map={
signal.SIGTERM: u'terminate',
signal.SIGINT: u'terminate',
signal.SIGPIPE: None,
})
# start daemon
with ctx:
try:
# start normal logging as configured
if not debugging:
for method, level in cfg.logs:
if method == 'syslog':
handler = MySysLogHandler()
handler.setFormatter(MyFormatter('%(prefix)s%(message)s'))
else:
handler = logging.FileHandler(method, encoding='utf-8')
handler.setFormatter(MyFormatter('%(asctime)s %(prefix)s%(message)s'))
handler.setLevel(level)
logging.getLogger().addHandler(handler)
logging.getLogger().setLevel(min(level for method, level in cfg.logs))
logging.getLogger().removeHandler(stderrhandler)
logging.info('version %s starting', constants.VERSION)
# start invalidator sub-process if needed
if cfg.reconnect_invalidate:
invalidator.start_invalidator()
# create socket
nslcd_serversocket = create_socket()
# load supplementary groups
if cfg.uid is not None:
u, gid = cfg.get_usergid()
# set supplementary groups, gid and uid
os.initgroups(u.pw_name, gid)
os.setgid(gid)
os.setuid(u.pw_uid)
os.environ['HOME'] = u.pw_dir
logging.info('accepting connections')
# set global LDAP configuration
if cfg.tls_reqcert is not None:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, cfg.tls_reqcert)
if cfg.tls_cacertdir:
ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, cfg.tls_cacertdir)
if cfg.tls_cacertfile:
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, cfg.tls_cacertfile)
if cfg.tls_randfile:
ldap.set_option(ldap.OPT_X_TLS_RANDOM_FILE, cfg.tls_randfile)
if cfg.tls_ciphers:
ldap.set_option(ldap.OPT_X_TLS_CIPHER_SUITE, cfg.tls_ciphers)
if cfg.tls_cert:
ldap.set_option(ldap.OPT_X_TLS_CERTFILE, cfg.tls_cert)
if cfg.tls_key:
ldap.set_option(ldap.OPT_X_TLS_KEYFILE, cfg.tls_key)
# start worker threads
threads = []
for i in range(cfg.threads):
thread = threading.Thread(
target=worker, args=(nslcd_serversocket, ),
name='thread%d' % i)
thread.setDaemon(True)
thread.start()
logging.debug('started thread %s', thread.getName())
threads.append(thread)
# wait for all threads to die
for thread in threads:
thread.join(10000)
except Exception:
logging.exception('main loop exit')