Attachment #10119 for bug #35173

View | Details | Raw Unified | Return to bug 35173
Collapse All | Expand All




product: ucs
release: "4.4"
version: [1]
scope: ucs_4.4-0-errata4.4-1
src: univention-pam
fix: 
desc: |
 This update addresses the following issue(s):
 * A locking mechanism for ldap-group-to-file.py has been implemented
   so that it is ensured the process only runs once at a time.
bug: [35173]
   Bug #35173: add locking for ldap-group-to-file

(-)a/base/univention-pam/debian/changelog (+6 lines)

Lines 1-3	Link Here

univention-pam (12.0.2-2) unstable; urgency=medium

  * Bug #35173: add locking for ldap-group-to-file

 -- Florian Best <best@univention.de>  Fri, 12 Jul 2019 15:59:01 +0200

univention-pam (12.0.2-1) unstable; urgency=medium

univention-pam (12.0.2-1) unstable; urgency=medium

  * Bug #47233: close ssh connection properly when shutting down

  * Bug #47233: close ssh connection properly when shutting down

(-)a/base/univention-pam/ldap-group-to-file.py (-8 / +37 lines)

Lines 42-47 import tempfile	Link Here

import subprocess

import subprocess

LOCKFILE = '/var/run/ldap-group-to-file.pid'

def _get_members(lo, g, recursion_list, check_member=False):

def _get_members(lo, g, recursion_list, check_member=False):

	result = []

	result = []

	for m in g[1].get('uniqueMember', []):

	for m in g[1].get('uniqueMember', []):

Lines 76-82 def _get_members(lo, g, recursion_list, check_member=False):	Link Here

			if 'univentionGroup' in member[1].get('objectClass', []):

			if 'univentionGroup' in member[1].get('objectClass', []):

				if member[0] not in recursion_list:

				if member[0] not in recursion_list:

					recursion_list.append(g[0])

					recursion_list.append(g[0])

					result += _get_members(lo, member, recursion_list, options.check_member)

					result += _get_members(lo, member, recursion_list, check_member)

				else:

				else:

					# Recursion !!!

					# Recursion !!!

					pass

					pass

Lines 96-105 def _run_hooks(options):	Link Here

				p = subprocess.Popen(cmd, stdin=null, stdout=null, stderr=null, shell=False)

				p = subprocess.Popen(cmd, stdin=null, stdout=null, stderr=null, shell=False)

		_stdout, _stderr = p.communicate()

100

		_stdout, _stderr = p.communicate()

	elif options.verbose:

101

	elif options.verbose:

		print '%s does not exist' % HOOK_DIR

102

		print('%s does not exist' % HOOK_DIR)

100

103

101

104

102

if __name__ == '__main__':

105

def main():

103

	parser = optparse.OptionParser()

106

	parser = optparse.OptionParser()

104

	parser.add_option("--file", dest="file", default='/var/lib/extrausers/group', action="store", help="write result to the given file, default is /var/lib/extrausers/group")

107

	parser.add_option("--file", dest="file", default='/var/lib/extrausers/group', action="store", help="write result to the given file, default is /var/lib/extrausers/group")

105

	parser.add_option("--verbose", dest="verbose", default=False, action="store_true", help="verbose output")

108

	parser.add_option("--verbose", dest="verbose", default=False, action="store_true", help="verbose output")

Lines 109-124 if __name__ == '__main__':	Link Here

109

	try:

112

	try:

110

		lo = univention.uldap.getMachineConnection(ldap_master=False)

113

		lo = univention.uldap.getMachineConnection(ldap_master=False)

111

	except ldap.SERVER_DOWN:

114

	except ldap.SERVER_DOWN:

112

		print "Abort: Can't contact LDAP server."

115

		print("Abort: Can't contact LDAP server.")

113

		sys.exit(1)

116

		sys.exit(1)

114

117

115

	result = []

118

	_lock()

119

	try:

120

		return doit(options, lo)

121

	finally:

122

		_release_lock()

123

124

125

def doit(options, lo):

116

	groups = lo.search('objectClass=univentionGroup', attr=['uniqueMember', 'cn', 'gidNumber'])

126

	groups = lo.search('objectClass=univentionGroup', attr=['uniqueMember', 'cn', 'gidNumber'])

117

	if options.verbose:

127

	if options.verbose:

118

		print 'Found %d ldap groups' % len(groups)

128

		print('Found %d ldap groups' % len(groups))

119

129

120

	if len(groups) < 1:

130

	if len(groups) < 1:

121

		print 'Abort: Did not found any LDAP group.'

131

		print('Abort: Did not found any LDAP group.')

122

		sys.exit(1)

132

		sys.exit(1)

123

133

124

	# Write to a temporary file

134

	# Write to a temporary file

Lines 138-145 if __name__ == '__main__':	Link Here

138

	# Move the file

148

	# Move the file

139

	shutil.move(fdname, options.file)

149

	shutil.move(fdname, options.file)

140

	if options.verbose:

150

	if options.verbose:

141

		print 'The file %s was created.' % options.file

151

		print('The file %s was created.' % options.file)

142

152

143

	_run_hooks(options)

153

	_run_hooks(options)

144

154

145

	sys.exit(0)

155

	sys.exit(0)

156

157

158

def _lock():

159

	if os.path.exists(LOCKFILE):

160

		print('Process is locked by PID: %s' % (open(LOCKFILE).read()),)

161

		sys.exit(2)

162

	with open(LOCKFILE, 'w') as fd:

163

		fd.write(str(os.getpid()))

164

165

166

def _release_lock():

167

	try:

168

		os.remove(LOCKFILE)

169

	except EnvironmentError:

170

		pass

171

172

173

if __name__ == '__main__':

174

	main()

Return to bug 35173