File 0008-Logging-handle-hup-for-helper-fds.patch of Package sssd.33681
--- sssd-1.13.4/src/util/debug.c
+++ sssd-1.13.4/src/util/debug.c
@@ -411,16 +411,18 @@ int open_debug_file(void)
return open_debug_file_ex(NULL, NULL, true);
}
-int rotate_debug_files(void)
+int rotate_debug_file(const char *filename, FILE **filep)
{
int ret;
errno_t error;
if (!debug_to_file) return EOK;
+ if (filep == NULL) return EOK;
+
do {
error = 0;
- ret = fclose(debug_file);
+ ret = fclose(*filep);
if (ret != 0) {
error = errno;
}
@@ -440,14 +442,19 @@ int rotate_debug_files(void)
* leak and then proceed with opening the new file.
*/
sss_log(SSS_LOG_ALERT, "Could not close debug file [%s]. [%d][%s]\n",
- debug_log_file, error, strerror(error));
+ filename, error, strerror(error));
sss_log(SSS_LOG_ALERT, "Attempting to open new file anyway. "
"Be aware that this is a resource leak\n");
}
- debug_file = NULL;
+ *filep = NULL;
+
+ return open_debug_file_ex(filename, filep, false);
+}
- return open_debug_file();
+int rotate_debug_files(void)
+{
+ return rotate_debug_file(debug_log_file, &debug_file);
}
void talloc_log_fn(const char *message)
--- sssd-1.13.4/src/util/child_common.c
+++ sssd-1.13.4/src/util/child_common.c
@@ -46,6 +46,8 @@ struct sss_child_ctx {
struct sss_sigchild_ctx *sigchld_ctx;
};
+struct child_debug *child_debug_list = NULL;
+
static void sss_child_handler(struct tevent_context *ev,
struct tevent_signal *se,
int signum,
@@ -806,30 +808,36 @@ int child_io_destructor(void *ptr)
return EOK;
}
-errno_t child_debug_init(const char *logfile, int *debug_fd)
+errno_t child_debug_init(struct child_debug *cd)
{
int ret;
- FILE *debug_filep;
- if (debug_fd == NULL) {
+ if (cd == NULL) {
return EOK;
}
- if (debug_to_file != 0 && *debug_fd == -1) {
- ret = open_debug_file_ex(logfile, &debug_filep, false);
+ if (debug_to_file != 0 && cd->fd == -1) {
+ cd->filep = NULL;
+ cd->prev = NULL;
+ cd->next = NULL;
+ ret = open_debug_file_ex(cd->filename, &cd->filep, false);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Error setting up logging (%d) [%s]\n",
ret, sss_strerror(ret));
return ret;
}
- *debug_fd = fileno(debug_filep);
- if (*debug_fd == -1) {
+ cd->fd = fileno(cd->filep);
+ if (cd->fd == -1) {
DEBUG(SSSDBG_FATAL_FAILURE,
"fileno failed [%d][%s]\n", errno, strerror(errno));
ret = errno;
+ fclose(cd->filep);
+ cd->filep = NULL;
return ret;
}
+
+ DLIST_ADD(child_debug_list, cd);
}
return EOK;
--- sssd-1.13.4/src/util/child_common.h
+++ sssd-1.13.4/src/util/child_common.h
@@ -50,6 +50,16 @@ struct child_io_fds {
int write_to_child_fd;
};
+struct child_debug {
+ const char *filename;
+ int fd;
+ FILE *filep;
+ struct child_debug *prev;
+ struct child_debug *next;
+};
+
+extern struct child_debug *child_debug_list;
+
/* COMMON SIGCHLD HANDLING */
typedef void (*sss_child_fn_t)(int pid, int wait_status, void *pvt);
@@ -116,6 +126,6 @@ errno_t exec_child(TALLOC_CTX *mem_ctx,
int child_io_destructor(void *ptr);
-errno_t child_debug_init(const char *logfile, int *debug_fd);
+errno_t child_debug_init(struct child_debug *child_debug);
#endif /* __CHILD_COMMON_H__ */
--- sssd-1.13.4/src/providers/ad/ad_gpo.c
+++ sssd-1.13.4/src/providers/ad/ad_gpo.c
@@ -103,7 +103,10 @@
#endif
/* fd used by the gpo_child process for logging */
-int gpo_child_debug_fd = -1;
+struct child_debug gpo_child_debug = {
+ .fd = -1,
+ .filename = "gpo_child"
+};
/* == common data structures and declarations ============================= */
@@ -1405,11 +1408,9 @@ ad_gpo_access_check(TALLOC_CTX *mem_ctx,
return ret;
}
-#define GPO_CHILD_LOG_FILE "gpo_child"
-
static errno_t gpo_child_init(void)
{
- return child_debug_init(GPO_CHILD_LOG_FILE, &gpo_child_debug_fd);
+ return child_debug_init(&gpo_child_debug);
}
/*
@@ -4244,7 +4245,7 @@ gpo_fork_child(struct tevent_req *req)
if (pid == 0) { /* child */
err = exec_child_ex(state,
pipefd_to_child, pipefd_from_child,
- GPO_CHILD, gpo_child_debug_fd, NULL, false,
+ GPO_CHILD, gpo_child_debug.fd, NULL, false,
STDIN_FILENO, AD_GPO_CHILD_OUT_FILENO);
DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec gpo_child: [%d][%s].\n",
err, strerror(err));
--- sssd-1.13.4/src/providers/ipa/ipa_selinux.c
+++ sssd-1.13.4/src/providers/ipa/ipa_selinux.c
@@ -53,7 +53,10 @@
#include <selinux/selinux.h>
/* fd used by the selinux_child process for logging */
-int selinux_child_debug_fd = -1;
+struct child_debug selinux_child_debug = {
+ .fd = -1,
+ .filename = SELINUX_CHILD_LOG_FILE
+};
static struct tevent_req *
ipa_get_selinux_send(TALLOC_CTX *mem_ctx,
@@ -976,7 +979,7 @@ immediately:
static errno_t selinux_child_init(void)
{
- return child_debug_init(SELINUX_CHILD_LOG_FILE, &selinux_child_debug_fd);
+ return child_debug_init(&selinux_child_debug);
}
static errno_t selinux_child_create_buffer(struct selinux_child_state *state)
@@ -1049,7 +1052,7 @@ static errno_t selinux_fork_child(struct
if (pid == 0) { /* child */
ret = exec_child(state,
pipefd_to_child, pipefd_from_child,
- SELINUX_CHILD, selinux_child_debug_fd);
+ SELINUX_CHILD, selinux_child_debug.fd);
DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec selinux_child: [%d][%s].\n",
ret, sss_strerror(ret));
return ret;
--- sssd-1.13.4/src/providers/krb5/krb5_child_handler.c
+++ sssd-1.13.4/src/providers/krb5/krb5_child_handler.c
@@ -311,7 +311,7 @@ static errno_t fork_child(struct tevent_
if (pid == 0) { /* child */
err = exec_child_ex(state,
pipefd_to_child, pipefd_from_child,
- KRB5_CHILD, state->kr->krb5_ctx->child_debug_fd,
+ KRB5_CHILD, state->kr->krb5_ctx->child_debug.fd,
k5c_extra_args, false, STDIN_FILENO, STDOUT_FILENO);
if (err != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec KRB5 child: [%d][%s].\n",
--- sssd-1.13.4/src/providers/krb5/krb5_common.h
+++ sssd-1.13.4/src/providers/krb5/krb5_common.h
@@ -31,6 +31,7 @@
#include "providers/dp_backend.h"
#include "util/util.h"
+#include "util/child_common.h"
#include "util/sss_krb5.h"
#define SSSD_KRB5_KDC "SSSD_KRB5_KDC"
@@ -123,7 +124,7 @@ struct krb5_ctx {
struct dp_option *opts;
struct krb5_service *service;
struct krb5_service *kpasswd_service;
- int child_debug_fd;
+ struct child_debug child_debug;
pcre *illegal_path_re;
--- sssd-1.13.4/src/providers/krb5/krb5_init_shared.c
+++ sssd-1.13.4/src/providers/krb5/krb5_init_shared.c
@@ -83,9 +83,9 @@ errno_t krb5_child_init(struct krb5_ctx
goto done;
}
- krb5_auth_ctx->child_debug_fd = -1; /* -1 means not initialized */
- ret = child_debug_init(KRB5_CHILD_LOG_FILE,
- &krb5_auth_ctx->child_debug_fd);
+ krb5_auth_ctx->child_debug.fd = -1; /* -1 means not initialized */
+ krb5_auth_ctx->child_debug.filename = KRB5_CHILD_LOG_FILE;
+ ret = child_debug_init(&krb5_auth_ctx->child_debug);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "Could not set krb5_child debugging!\n");
goto done;
--- sssd-1.13.4/src/providers/ldap/ldap_common.c
+++ sssd-1.13.4/src/providers/ldap/ldap_common.c
@@ -36,7 +36,10 @@
#include "providers/ldap/sdap_idmap.h"
/* a fd the child process would log into */
-int ldap_child_debug_fd = -1;
+struct child_debug ldap_child_debug = {
+ .fd = -1,
+ .filename = LDAP_CHILD_LOG_FILE
+};
void sdap_handler_done(struct be_req *req, int dp_err,
int error, const char *errstr)
--- sssd-1.13.4/src/providers/ldap/ldap_common.h
+++ sssd-1.13.4/src/providers/ldap/ldap_common.h
@@ -43,7 +43,7 @@
#define LDAP_ALLOWED_WILDCARDS "*"
/* a fd the child process would log into */
-extern int ldap_child_debug_fd;
+extern struct child_debug ldap_child_debug;
struct sdap_id_ctx;
--- sssd-1.13.4/src/providers/ldap/sdap_child_helpers.c
+++ sssd-1.13.4/src/providers/ldap/sdap_child_helpers.c
@@ -98,7 +98,7 @@ static errno_t sdap_fork_child(struct te
if (pid == 0) { /* child */
err = exec_child(child,
pipefd_to_child, pipefd_from_child,
- LDAP_CHILD, ldap_child_debug_fd);
+ LDAP_CHILD, ldap_child_debug.fd);
DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec LDAP child: [%d][%s].\n",
err, strerror(err));
return err;
@@ -461,5 +461,5 @@ static errno_t set_tgt_child_timeout(str
/* Setup child logging */
int sdap_setup_child(void)
{
- return child_debug_init(LDAP_CHILD_LOG_FILE, &ldap_child_debug_fd);
+ return child_debug_init(&ldap_child_debug);
}
--- sssd-1.13.4/src/responder/pam/pamsrv.c
+++ sssd-1.13.4/src/responder/pam/pamsrv.c
@@ -315,7 +315,6 @@ static int pam_process_init(TALLOC_CTX *
goto done;
}
- pctx->p11_child_debug_fd = -1;
if (pctx->cert_auth) {
ret = p11_child_init(pctx);
if (ret != EOK) {
--- sssd-1.13.4/src/responder/pam/pamsrv.h
+++ sssd-1.13.4/src/responder/pam/pamsrv.h
@@ -24,6 +24,7 @@
#include <security/pam_appl.h>
#include "util/util.h"
+#include "util/child_common.h"
#include "sbus/sssd_dbus.h"
#include "responder/common/responder.h"
@@ -45,7 +46,7 @@ struct pam_ctx {
int public_domains_count;
bool cert_auth;
- int p11_child_debug_fd;
+ struct child_debug p11_child_debug;
char *nss_db;
};
--- sssd-1.13.4/src/responder/pam/pamsrv_cmd.c
+++ sssd-1.13.4/src/responder/pam/pamsrv_cmd.c
@@ -1072,7 +1072,7 @@ static errno_t check_cert(TALLOC_CTX *mc
return ret;
}
- req = pam_check_cert_send(mctx, ev, pctx->p11_child_debug_fd,
+ req = pam_check_cert_send(mctx, ev, pctx->p11_child_debug.fd,
pctx->nss_db, p11_child_timeout,
cert_verification_opts, pd);
if (req == NULL) {
--- sssd-1.13.4/src/responder/pam/pamsrv_p11.c
+++ sssd-1.13.4/src/responder/pam/pamsrv_p11.c
@@ -37,7 +37,9 @@
errno_t p11_child_init(struct pam_ctx *pctx)
{
- return child_debug_init(P11_CHILD_LOG_FILE, &pctx->p11_child_debug_fd);
+ pctx->p11_child_debug.filename = P11_CHILD_LOG_FILE;
+ pctx->p11_child_debug.fd = -1;
+ return child_debug_init(&pctx->p11_child_debug);
}
bool may_do_cert_auth(struct pam_ctx *pctx, struct pam_data *pd)
--- sssd-1.13.4/src/util/util.h
+++ sssd-1.13.4/src/util/util.h
@@ -120,6 +120,7 @@ int chown_debug_file(const char *filenam
int open_debug_file_ex(const char *filename, FILE **filep, bool want_cloexec);
int open_debug_file(void);
int rotate_debug_files(void);
+int rotate_debug_file(const char *filename, FILE **filep);
void talloc_log_fn(const char *msg);
/* From sss_log.c */
--- sssd-1.13.4/src/util/server.c
+++ sssd-1.13.4/src/util/server.c
@@ -30,6 +30,7 @@
#include <unistd.h>
#include <ldb.h>
#include "util/util.h"
+#include "util/child_common.h"
#include "confdb/confdb.h"
#include "monitor/monitor_interfaces.h"
@@ -383,6 +384,33 @@ static void te_server_hup(struct tevent_
}
}
+static int rotate_child_debug_files(void)
+{
+ struct child_debug *cd;
+ int ret;
+ int final_ret = EOK;
+
+ DLIST_FOR_EACH(cd, child_debug_list) {
+ ret = rotate_debug_file(cd->filename, &cd->filep);
+ if (ret == EOK) {
+ cd->fd = fileno(cd->filep);
+ if (cd->fd != -1) continue;
+
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "fileno failed [%d][%s]\n", errno, strerror(errno));
+ ret = errno;
+ fclose(cd->filep);
+ cd->filep = NULL;
+ }
+ /* save the first error and try to rotate remaining files */
+ if (final_ret == EOK) {
+ final_ret = ret;
+ }
+ }
+
+ return final_ret;
+}
+
errno_t server_common_rotate_logs(struct confdb_ctx *confdb,
const char *conf_path)
{
@@ -395,6 +423,13 @@ errno_t server_common_rotate_logs(struct
ret, strerror(ret));
return ret;
}
+
+ ret = rotate_child_debug_files();
+ if (ret) {
+ sss_log(SSS_LOG_ALERT, "Could not rotate child debug files! [%d][%s]\n",
+ ret, strerror(ret));
+ return ret;
+ }
/* Get new debug level from the confdb */
ret = confdb_get_int(confdb, conf_path,
