Univention Bugzilla – Attachment 10119 Details for
Bug 35173
ldap-group-to-file may run multiple times
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch (git:fbest/35173-lock-ldap-group-to-file)
35173.patch (text/plain), 4.13 KB, created by
Florian Best
on 2019-07-12 16:04:59 CEST
(
hide
)
Description:
patch (git:fbest/35173-lock-ldap-group-to-file)
Filename:
MIME Type:
Creator:
Florian Best
Created:
2019-07-12 16:04:59 CEST
Size:
4.13 KB
patch
obsolete
>commit 73184e85c931774e9bc432c6d08af69ca7695584 >Author: Florian Best <best@univention.de> >Date: Fri Jul 12 16:00:29 2019 +0200 > > YAML Bug #35173 > >diff --git a/doc/errata/staging/univention-pam.yaml b/doc/errata/staging/univention-pam.yaml >new file mode 100644 >index 0000000000..f55f0dcacd >--- /dev/null >+++ b/doc/errata/staging/univention-pam.yaml >@@ -0,0 +1,11 @@ >+product: ucs >+release: "4.4" >+version: [1] >+scope: ucs_4.4-0-errata4.4-1 >+src: univention-pam >+fix: >+desc: | >+ This update addresses the following issue(s): >+ * A locking mechanism for ldap-group-to-file.py has been implemented >+ so that it is ensured the process only runs once at a time. >+bug: [35173] > >commit c9e9b4459086358939b37fa6778672d94a812f4c >Author: Florian Best <best@univention.de> >Date: Fri Jul 12 15:59:23 2019 +0200 > > Bug #35173: add locking for ldap-group-to-file > >diff --git a/base/univention-pam/debian/changelog b/base/univention-pam/debian/changelog >index 4db4328ebe..79e3325d41 100644 >--- a/base/univention-pam/debian/changelog >+++ b/base/univention-pam/debian/changelog >@@ -1,3 +1,9 @@ >+univention-pam (12.0.2-2) unstable; urgency=medium >+ >+ * Bug #35173: add locking for ldap-group-to-file >+ >+ -- Florian Best <best@univention.de> Fri, 12 Jul 2019 15:59:01 +0200 >+ > univention-pam (12.0.2-1) unstable; urgency=medium > > * Bug #47233: close ssh connection properly when shutting down >diff --git a/base/univention-pam/ldap-group-to-file.py b/base/univention-pam/ldap-group-to-file.py >index 409a3b6225..3aecb5906d 100755 >--- a/base/univention-pam/ldap-group-to-file.py >+++ b/base/univention-pam/ldap-group-to-file.py >@@ -42,6 +42,9 @@ import tempfile > import subprocess > > >+LOCKFILE = '/var/run/ldap-group-to-file.pid' >+ >+ > def _get_members(lo, g, recursion_list, check_member=False): > result = [] > for m in g[1].get('uniqueMember', []): >@@ -76,7 +79,7 @@ def _get_members(lo, g, recursion_list, check_member=False): > if 'univentionGroup' in member[1].get('objectClass', []): > if member[0] not in recursion_list: > recursion_list.append(g[0]) >- result += _get_members(lo, member, recursion_list, options.check_member) >+ result += _get_members(lo, member, recursion_list, check_member) > else: > # Recursion !!! > pass >@@ -96,10 +99,10 @@ def _run_hooks(options): > p = subprocess.Popen(cmd, stdin=null, stdout=null, stderr=null, shell=False) > _stdout, _stderr = p.communicate() > elif options.verbose: >- print '%s does not exist' % HOOK_DIR >+ print('%s does not exist' % HOOK_DIR) > > >-if __name__ == '__main__': >+def main(): > parser = optparse.OptionParser() > parser.add_option("--file", dest="file", default='/var/lib/extrausers/group', action="store", help="write result to the given file, default is /var/lib/extrausers/group") > parser.add_option("--verbose", dest="verbose", default=False, action="store_true", help="verbose output") >@@ -109,16 +112,23 @@ if __name__ == '__main__': > try: > lo = univention.uldap.getMachineConnection(ldap_master=False) > except ldap.SERVER_DOWN: >- print "Abort: Can't contact LDAP server." >+ print("Abort: Can't contact LDAP server.") > sys.exit(1) > >- result = [] >+ _lock() >+ try: >+ return doit(options, lo) >+ finally: >+ _release_lock() >+ >+ >+def doit(options, lo): > groups = lo.search('objectClass=univentionGroup', attr=['uniqueMember', 'cn', 'gidNumber']) > if options.verbose: >- print 'Found %d ldap groups' % len(groups) >+ print('Found %d ldap groups' % len(groups)) > > if len(groups) < 1: >- print 'Abort: Did not found any LDAP group.' >+ print('Abort: Did not found any LDAP group.') > sys.exit(1) > > # Write to a temporary file >@@ -138,8 +148,27 @@ if __name__ == '__main__': > # Move the file > shutil.move(fdname, options.file) > if options.verbose: >- print 'The file %s was created.' % options.file >+ print('The file %s was created.' % options.file) > > _run_hooks(options) > > sys.exit(0) >+ >+ >+def _lock(): >+ if os.path.exists(LOCKFILE): >+ print('Process is locked by PID: %s' % (open(LOCKFILE).read()),) >+ sys.exit(2) >+ with open(LOCKFILE, 'w') as fd: >+ fd.write(str(os.getpid())) >+ >+ >+def _release_lock(): >+ try: >+ os.remove(LOCKFILE) >+ except EnvironmentError: >+ pass >+ >+ >+if __name__ == '__main__': >+ main()
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10119">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 35173
: 10119