51 lines
1.7 KiB
Diff
51 lines
1.7 KiB
Diff
From 3760b43241b579406242961c551b9fb25b0c673b Mon Sep 17 00:00:00 2001
|
|
From: Arthur de Jong <arthur@arthurdejong.org>
|
|
Date: Sat, 21 Jul 2018 11:14:08 +0200
|
|
Subject: [PATCH 01/10] Create /var/run/nslcd/socket after dropping privileges
|
|
|
|
This is needed to avoid a problem where a call to initgroups() can
|
|
result in NSS lookups. If nscd is configured the mechanism to avoid
|
|
loopback lookups using nss_ldap_enablelookups will not work and cause
|
|
for delays on start-up.
|
|
|
|
Note that this changes ownership of the socket to the user running
|
|
nslcd.
|
|
---
|
|
nslcd/nslcd.c | 6 +++---
|
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/nslcd/nslcd.c b/nslcd/nslcd.c
|
|
index 82c09ab..be14ac9 100644
|
|
--- a/nslcd/nslcd.c
|
|
+++ b/nslcd/nslcd.c
|
|
@@ -2,7 +2,7 @@
|
|
nslcd.c - ldap local connection daemon
|
|
|
|
Copyright (C) 2006 West Consulting
|
|
- Copyright (C) 2006-2017 Arthur de Jong
|
|
+ Copyright (C) 2006-2018 Arthur de Jong
|
|
|
|
This library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Lesser General Public
|
|
@@ -769,8 +769,6 @@ int main(int argc, char *argv[])
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
adjust_oom_score();
|
|
- /* create socket */
|
|
- nslcd_serversocket = create_socket(NSLCD_SOCKET);
|
|
/* start subprocess to do invalidating if reconnect_invalidate is set */
|
|
for (i = 0; i < LM_NONE; i++)
|
|
if (nslcd_cfg->reconnect_invalidate[i])
|
|
@@ -825,6 +823,8 @@ int main(int argc, char *argv[])
|
|
}
|
|
log_log(LOG_DEBUG, "setuid(%lu) done", (unsigned long int)nslcd_cfg->uid);
|
|
}
|
|
+ /* create socket */
|
|
+ nslcd_serversocket = create_socket(NSLCD_SOCKET);
|
|
/* start worker threads */
|
|
log_log(LOG_INFO, "accepting connections");
|
|
nslcd_threads = (pthread_t *)malloc(nslcd_cfg->threads * sizeof(pthread_t));
|
|
--
|
|
2.19.1
|
|
|