[Pkg-cyrus-sasl2-commits] r224 - in /cyrus-sasl-2.1/trunk/debian: changelog sasl2-bin.README.Debian sasl2-bin.saslauthd.default sasl2-bin.saslauthd.init
fabbe at users.alioth.debian.org
fabbe at users.alioth.debian.org
Thu Jun 7 10:32:24 UTC 2007
Author: fabbe
Date: Thu Jun 7 10:32:23 2007
New Revision: 224
URL: http://svn.debian.org/wsvn/pkg-cyrus-sasl2/?sc=1&rev=224
Log:
Rewritten init script to support multiple saslauthd instances, plus documentation.
Modified:
cyrus-sasl-2.1/trunk/debian/changelog
cyrus-sasl-2.1/trunk/debian/sasl2-bin.README.Debian
cyrus-sasl-2.1/trunk/debian/sasl2-bin.saslauthd.default
cyrus-sasl-2.1/trunk/debian/sasl2-bin.saslauthd.init
Modified: cyrus-sasl-2.1/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-cyrus-sasl2/cyrus-sasl-2.1/trunk/debian/changelog?rev=224&op=diff
==============================================================================
--- cyrus-sasl-2.1/trunk/debian/changelog (original)
+++ cyrus-sasl-2.1/trunk/debian/changelog Thu Jun 7 10:32:23 2007
@@ -1,8 +1,14 @@
cyrus-sasl2 (2.1.22.dfsg1-11) UNRELEASED; urgency=low
- * NOT RELEASED YET
-
- -- Roberto C. Sanchez <roberto at connexer.com> Fri, 11 May 2007 19:13:52 -0400
+ [ Fabian Fagerholm ]
+ * debian/sasl2-bin.saslauthd.init: Complete rewrite to allow managing
+ multiple saslauthd instances with a single init script. (Closes: #320377)
+ * debian/sasl2-bin.saslauthd.default: Adjust main default file to new
+ init script requirements.
+ * debian/sasl2-bin.README.Debian: Document the new init script setup for
+ sysadmins.
+
+ -- Fabian Fagerholm <fabbe at debian.org> Thu, 7 Jun 2007 13:29:08 +0300
cyrus-sasl2 (2.1.22.dfsg1-10) unstable; urgency=high
Modified: cyrus-sasl-2.1/trunk/debian/sasl2-bin.README.Debian
URL: http://svn.debian.org/wsvn/pkg-cyrus-sasl2/cyrus-sasl-2.1/trunk/debian/sasl2-bin.README.Debian?rev=224&op=diff
==============================================================================
--- cyrus-sasl-2.1/trunk/debian/sasl2-bin.README.Debian (original)
+++ cyrus-sasl-2.1/trunk/debian/sasl2-bin.README.Debian Thu Jun 7 10:32:23 2007
@@ -4,7 +4,13 @@
saslauthd
---------
-Using saslauthd with Postfix:
+Using a single saslauthd instance with Postfix or another chrooted server:
+
+ NOTE: this applies only if you run Postfix or another server in
+ a chroot, which is the Debian default. If you run a mixed environment
+ (some instances of Postfix's smtpd in a chroot, some outside chroot,
+ for example) then see the section on multiple instances of saslauthd
+ below.
If you run a chrooted server such as Postfix and wish to use saslauthd, you
must place the saslauthd socket ("mux") inside the Postfix chroot. You must
@@ -28,4 +34,74 @@
also configure Postfix correctly. There are many options related to SASL. See
the Postfix documentation for how to do this.
- -- Fabian Fagerholm <fabbe at debian.org>, Tue, 14 Nov 2006 14:21:50 +0200
+Running multiple instances of saslauthd:
+
+ By default, the Debian package runs a single instance of saslauthd.
+ However, the init script supports running several instances using the
+ method described subsequently. Note that it's your responsibility to keep
+ track of each instance: where its configuration file resides, where you
+ put its communication socket, and how you configure programs to look for
+ the right socket. The Debian infrastructure only provides a way to start,
+ stop, restart and reload these saslauthd instances, and nothing else.
+
+ To create a new instance of saslauthd, you must do three things:
+ 1. Create a defaults file for the new instance,
+ 2. create a statoverride for the run directory of that instance, and
+ 3. configure programs to use the right socket.
+
+ 1. To create a defaults file for the new instance, copy the file
+ /etc/default/saslauthd to /etc/default/saslauthd-<name>, where <name> is a
+ string describing your new instance. For example:
+ cp /etc/default/saslauthd /etc/default/saslauthd-postfix_chroot
+
+ NOTE: <name> MUST NOT include any characters that need escaping
+ to be a valid file name. You can't put spaces or any other strange
+ characters in it. The formal definition is that you can use only the
+ characters a-z, A-Z, numbers 0-9, and the characters - and _. Things
+ will break if you use characters that need escaping. The name is case-
+ sensitive.
+
+ Then, edit that file and set the following:
+ DESC -- a description of this saslauthd instance, for example
+ "Postfix chroot SASL Authentication Daemon"
+ NAME -- a short name for this saslauthd instance, for example
+ "saslauthd-postfix_chroot"
+ OPTIONS -- must include the -m flag and the run directory of this
+ instance, for example
+ "-c -m /var/spool/postfix/var/run/saslauthd"
+
+ It's *very* important that you set the -m option differently for each
+ instance! Also note that you MUST set the -m option for EVERY instance.
+ Things will break if you don't do these things.
+
+ 2. You must also create a statoverride entry to tell the init script
+ which permissions you want for the run directory. Example:
+ dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
+
+ The init script will ensure that the directory exists, and create it with the
+ proper permissions if it doesn't. Note that the directory MUST match what you
+ specified for the -m option in step one.
+
+ 3. Finally, you must configure your programs to communicate with each
+ saslauthd instance on their respective sockets. This is usually accomplished
+ by setting the saslauthd_path option in the sasl configuration of the
+ program. For example, Postfix uses the SASL application name "smtpd", and it
+ sets the SASL configuration file path to /etc/postfix/sasl. This means that
+ SASL will look for settings in /etc/postfix/sasl/smtpd.conf. So, to set the
+ socket path, put this in /etc/postfix/sasl/smtpd.conf:
+ saslauthd_path: /var/run/saslauthd
+
+ NOTE: If you run a chrooted server, such as Postfix with default Debian
+ settings, the saslauthd_path is relative to the chroot directory. You have to
+ take this into account when configuring the -m option in the saslauthd
+ default file (see above).
+
+ If all this seems daunting to you, then take one step at a time, and make
+ sure you understand what you've done, and why, before proceeding to the next
+ step. The interactions of the SASL software, the server software using SASL
+ and the Debian system are fairly complex, and it's easy to get confused if
+ you are in a hurry or try to do things too fast. It really does pay off to
+ spend the 5-15 minutes it takes to do this right, instead of rushing off and
+ breaking your system.
+
+ -- Fabian Fagerholm <fabbe at debian.org>, Tue, 7 Jun 2007 13:28:11 +0300
Modified: cyrus-sasl-2.1/trunk/debian/sasl2-bin.saslauthd.default
URL: http://svn.debian.org/wsvn/pkg-cyrus-sasl2/cyrus-sasl-2.1/trunk/debian/sasl2-bin.saslauthd.default?rev=224&op=diff
==============================================================================
--- cyrus-sasl-2.1/trunk/debian/sasl2-bin.saslauthd.default (original)
+++ cyrus-sasl-2.1/trunk/debian/sasl2-bin.saslauthd.default Thu Jun 7 10:32:23 2007
@@ -4,6 +4,12 @@
# Should saslauthd run automatically on startup? (default: no)
START=no
+
+# Description of this saslauthd instance. (default: SASL Authentication Daemon)
+DESC="SASL Authentication Daemon"
+
+# Short name of this saslauthd instance. (default: saslauthd)
+NAME="saslauthd"
# Which authentication mechanisms should saslauthd use? (default: pam)
#
@@ -30,9 +36,11 @@
# A value of 0 will fork a new process for each connection.
THREADS=5
-# Other options (default: -c)
-# See the saslauthd man page for information about these options.
+# Other options (default: -c -m /var/run/saslauthd)
+# Note: You MUST specify the -m option or saslauthd won't run!
+#
+# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
+# See the saslauthd man page for general information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
-# Note: See /usr/share/doc/sasl2-bin/README.Debian
-OPTIONS="-c"
+OPTIONS="-c -m /var/run/saslauthd"
Modified: cyrus-sasl-2.1/trunk/debian/sasl2-bin.saslauthd.init
URL: http://svn.debian.org/wsvn/pkg-cyrus-sasl2/cyrus-sasl-2.1/trunk/debian/sasl2-bin.saslauthd.init?rev=224&op=diff
==============================================================================
--- cyrus-sasl-2.1/trunk/debian/sasl2-bin.saslauthd.init (original)
+++ cyrus-sasl-2.1/trunk/debian/sasl2-bin.saslauthd.init Thu Jun 7 10:32:23 2007
@@ -11,207 +11,293 @@
### END INIT INFO
# Author: Fabian Fagerholm <fabbe at debian.org>
-#
-# Based on previous work by Dima Barsky.
# Do NOT "set -e"
# PATH should only include /usr/* if it runs after the mountnfs.sh script
-PATH=/usr/sbin:/usr/bin:/sbin:/bin
-DESC="SASL Authentication Daemon"
-NAME=saslauthd
-DAEMON=/usr/sbin/$NAME
-DAEMON_ARGS=""
-SCRIPTNAME=/etc/init.d/$NAME
-FALLBACK_RUN_DIR=/var/run/$NAME
-EXIT_ERROR_CODE=1
-
-# Exit if the daemon is not installed
-test -x "$DAEMON" || exit 0
-
-# Read configuration variable file if it is present
-[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+# Global variables
+DAEMON=/usr/sbin/saslauthd
+DEFAULT_FILES=`find /etc/default -regex '/etc/default/saslauthd[_a-zA-Z0-9\-]*$' -print | sort`
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
# Load the VERBOSE setting and other rcS variables
-[ -f /etc/default/rcS ] && . /etc/default/rcS
+. /lib/init/vars.sh
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions
-# Determine run directory and pid file location by looking for an -m option.
-RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
-if [ -z "$RUN_DIR" ]; then
- # No run directory defined in defaults file, use fallback
- RUN_DIR=$FALLBACK_RUN_DIR
-fi
-PIDFILE=$RUN_DIR/saslauthd.pid
-
-# If the daemon is not enabled, give the user a warning and then exit,
-# unless we are stopping the daemon
-if [ "$START" != "yes" -a "$1" != "stop" ]; then
- log_warning_msg "To enable $NAME, edit /etc/default/$NAME and set START=yes"
- exit 0
-fi
-
-# If no mechanisms are defined, log this and exit
-if [ -z "$MECHANISMS" ]; then
- log_failure_msg "No mechanisms defined in /etc/default/$NAME," \
- "not starting $NAME"
- exit $EXIT_ERROR_CODE
-fi
-
-# If there are mechanism options defined, prepare them for use with the -O flag
-if [ -n "$MECH_OPTIONS" ]; then
- MECH_OPTIONS="-O $MECH_OPTIONS"
-fi
-
-# If there is a threads option defined, prepare it for use with the -n flag
-if [ -n "$THREADS" ]; then
- THREAD_OPTIONS="-n $THREADS"
-fi
-
-# Construct argument string
-DAEMON_ARGS="$DAEMON_ARGS -a $MECHANISMS $MECH_OPTIONS $OPTIONS $THREAD_OPTIONS"
-
-#
+# Function that starts all saslauthd instances
+# Parameters: none
+# Return value: none
+do_startall()
+{
+ for instance in $DEFAULT_FILES
+ do
+ start_instance $instance
+ done
+}
+
+# Function that stops all saslauthd instances
+# Parameters: none
+# Return value: none
+do_stopall()
+{
+ for instance in $DEFAULT_FILES
+ do
+ stop_instance $instance
+ done
+}
+
+# Function that sends a SIGHUP to all saslauthd instances
+# Parameters: none
+# Return value: none
+do_reloadall()
+{
+ for instance in $DEFAULT_FILES
+ do
+ reload_instance $instance
+ done
+}
+
+# Function that starts a single saslauthd instance
+# Parameters:
+# $1 = path of default file for this instance
+# Return value:
+# 0 on success (does not mean the instance started)
+# 1 on failure
+start_instance()
+{
+ # Load defaults file for this instance.
+ . $1
+
+ # If the daemon is not enabled, give the user a warning and stop.
+ if [ "$START" != "yes" ]; then
+ log_warning_msg "To enable $NAME, edit $1 and set START=yes"
+ return 0
+ fi
+
+ log_daemon_msg "Starting $DESC" "$NAME"
+
+ # Determine run directory and pid file location by looking
+ # for an -m option.
+ RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
+ if [ -z "$RUN_DIR" ]; then
+ # No run directory defined in defaults file, fail.
+ log_failure_msg "No run directory defined for $NAME, not starting"
+ return 1
+ fi
+ PIDFILE=$RUN_DIR/saslauthd.pid
+
+ # If no mechanisms are defined, fail.
+ if [ -z "$MECHANISMS" ]; then
+ log_failure_msg "No mechanisms defined in $1, not starting $NAME"
+ return 1
+ fi
+
+ # If there are mechanism options defined, prepare them for use with
+ # the -O flag.
+ if [ -n "$MECH_OPTIONS" ]; then
+ MECH_OPTIONS="-O $MECH_OPTIONS"
+ fi
+
+ # If there is a threads option defined, prepare it for use with
+ # the -n flag.
+ if [ -n "$THREADS" ]; then
+ THREAD_OPTIONS="-n $THREADS"
+ fi
+
+ # Construct argument string.
+ DAEMON_ARGS="-a $MECHANISMS $MECH_OPTIONS $OPTIONS $THREAD_OPTIONS"
+
+ # If there is a statoverride for the run directory, then pull
+ # permission and ownership information from it and create the directory.
+ # Otherwise, we create the directory with default permissions and
+ # ownership (root:sasl, 710).
+ if dpkg-statoverride --list $RUN_DIR > /dev/null; then
+ createdir `dpkg-statoverride --list $RUN_DIR`
+ else
+ createdir root sasl 710 $RUN_DIR
+ fi
+
+ # Start the daemon, phase 1: see if it is already running.
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
+ --exec $DAEMON --test > /dev/null
+ if [ "$?" != 0 ]; then
+ log_progress_msg "(already running)"
+ log_end_msg 0
+ return 0
+ fi
+
+ # Start the daemon, phase 2: it was not running, so actually start it now.
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
+ --exec $DAEMON -- $DAEMON_ARGS
+ if [ "$?" != 0 ]; then
+ log_end_msg 1
+ return 1
+ fi
+
+ # Started successfully.
+ log_end_msg 0
+ return 0
+}
+
+# Function that stops a single saslauthd instance
+# Parameters:
+# $1 = path of default file for this instance
+# Return value:
+# 0 on success (daemon was stopped)
+# 1 if the daemon was already stopped
+# 2 if the daemon could not be stopped
+stop_instance()
+{
+ # Load defaults file for this instance.
+ . $1
+
+ # Determine run directory and pid file location by looking
+ # for an -m option.
+ RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
+ if [ -z "$RUN_DIR" ]; then
+ # No run directory defined in defaults file, fail.
+ log_failure_msg "No run directory defined for $NAME, cannot stop"
+ return 2
+ fi
+ PIDFILE=$RUN_DIR/saslauthd.pid
+
+ log_daemon_msg "Stopping $DESC" "$NAME"
+
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
+ --pidfile $PIDFILE --exec $DAEMON
+
+ if [ "$?" = 2 ]; then
+ # Failed to stop.
+ log_end_msg 1
+ return 2
+ fi
+
+ if [ "$?" = 1 ]; then
+ # Already stopped.
+ log_progress_msg "(not running)"
+ fi
+
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+
+ # Stopped successfully.
+ log_end_msg 0
+ return $RETVAL
+}
+
+# Function that sends a SIGHUP to a single saslauthd instance
+# Parameters:
+# $1 = path of default file for this instance
+# Return value:
+# 0 on success (does not mean the daemon was reloaded)
+# other values on failure
+reload_instance()
+{
+ # Load defaults file for this instance.
+ . $1
+
+ # Determine run directory and pid file location by looking
+ # for an -m option.
+ RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
+ if [ -z "$RUN_DIR" ]; then
+ # No run directory defined in defaults file, fail.
+ log_failure_msg "No run directory defined for $NAME, cannot reload"
+ return 2
+ fi
+ PIDFILE=$RUN_DIR/saslauthd.pid
+
+ log_daemon_msg "Reloading $DESC" "$NAME"
+
+ # Reload the daemon. First, see if it is already running.
+ start-stop-daemon --start --quiet --pidfile $PIDFILE \
+ --exec $DAEMON --test > /dev/null
+
+ if [ "$?" == 0 ]; then
+ # Not running, signal this and stop.
+ log_progress_msg "(not running)"
+ log_end_msg 0
+ return 0
+ fi
+
+ start-stop-daemon --stop --signal 1 \
+ --pidfile $PIDFILE --exec $DAEMON
+ log_end_msg $?
+}
+
# Function that creates a directory with the specified
# ownership and permissions
-#
+# Parameters:
+# $1 = user
+# $2 = group
+# $3 = permissions (octal)
+# $4 = path to directory
+# Return value: none
createdir()
{
-# $1 = user
-# $2 = group
-# $3 = permissions (octal)
-# $4 = path to directory
- # In the future, use -P/-Z to have SE Linux enhancement.
+ # In the future, use -P/-Z to have SE Linux enhancement
install -d --group="$2" --mode="$3" --owner="$1" "$4"
}
-#
-# Function that starts the daemon/service
-#
-do_start()
-{
- # Return
- # 0 if daemon has been started
- # 1 if daemon was already running
- # 2 if daemon could not be started
-
- if dpkg-statoverride --list $RUN_DIR > /dev/null; then
- dir=`dpkg-statoverride --list $RUN_DIR`
- fi
- test -z "$dir" || createdir $dir
-
- start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
- --exec $DAEMON --test > /dev/null \
- || return 1
- start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
- --exec $DAEMON -- $DAEMON_ARGS \
- || return 2
- # Add code here, if necessary, that waits for the process to be ready
- # to handle requests from services started subsequently which depend
- # on this one. As a last resort, sleep for some time.
-}
-
-#
-# Function that stops the daemon/service
-#
-do_stop()
-{
- # Return
- # 0 if daemon has been stopped
- # 1 if daemon was already stopped
- # 2 if daemon could not be stopped
- # other if a failure occurred
- start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
- --pidfile $PIDFILE --name $NAME
- RETVAL="$?"
- [ "$RETVAL" = 2 ] && return 2
- # Wait for children to finish too if this is a daemon that forks
- # and if the daemon is only ever run from this initscript.
- # If the above conditions are not satisfied then add some other code
- # that waits for the process to drop all resources that could be
- # needed by services started subsequently. A last resort is to
- # sleep for some time.
- start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 \
- --exec $DAEMON
- [ "$?" = 2 ] && return 2
- # Many daemons don't delete their pidfiles when they exit.
- rm -f $PIDFILE
- return "$RETVAL"
-}
-
-#
-# Function that sends a SIGHUP to the daemon/service
-#
-do_reload() {
- #
- # If the daemon can reload its configuration without
- # restarting (for example, when it is sent a SIGHUP),
- # then implement that here.
- #
- start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE \
- --name $NAME
- return 0
-}
-
+# Action switch
case "$1" in
- start)
- [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
- do_start
- case "$?" in
- 0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
- 1) [ "$VERBOSE" != no ] && log_progress_msg "(already running)" && \
- log_end_msg 0 ;;
- 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
- esac
- ;;
- stop)
- [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
- do_stop
- case "$?" in
- 0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
- 1) [ "$VERBOSE" != no ] && log_progress_msg "(not running)" && \
- log_end_msg 0 ;;
- 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
- esac
- ;;
- #reload|force-reload)
- #
- # If do_reload() is not implemented then leave this commented out
- # and leave 'force-reload' as an alias for 'restart'.
- #
- #log_daemon_msg "Reloading $DESC" "$NAME"
- #do_reload
- #log_end_msg $?
- #;;
- restart|force-reload)
- #
- # If the "reload" option is implemented then remove the
- # 'force-reload' alias
- #
- log_daemon_msg "Restarting $DESC" "$NAME"
- do_stop
- case "$?" in
- 0|1)
- do_start
- case "$?" in
- 0) log_end_msg 0 ;;
- 1) log_end_msg 1 ;; # Old process is still running
- *) log_end_msg 1 ;; # Failed to start
- esac
- ;;
- *)
- # Failed to stop
- log_end_msg 1
- ;;
- esac
- ;;
- *)
- echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
- exit 3
- ;;
+ start)
+ do_startall
+ ;;
+ stop)
+ do_stopall
+ ;;
+ reload|force-reload)
+ do_reloadall
+ ;;
+ restart)
+ do_stopall
+ do_startall
+ ;;
+ start-instance)
+ if [ -f /etc/default/$2 ]; then
+ start_instance /etc/default/$2
+ else
+ log_failure_msg "Instance $2 does not exist."
+ fi
+ ;;
+ stop-instance)
+ if [ -f /etc/default/$2 ]; then
+ stop_instance /etc/default/$2
+ else
+ log_failure_msg "Instance $2 does not exist."
+ fi
+ ;;
+ reload-instance|force-reload-instance)
+ if [ -f /etc/default/$2 ]; then
+ reload_instance /etc/default/$2
+ else
+ log_failure_msg "Instance $2 does not exist."
+ fi
+ ;;
+ restart-instance)
+ if [ -f /etc/default/$2 ]; then
+ stop_instance /etc/default/$2
+ start_instance /etc/default/$2
+ else
+ log_failure_msg "Instance $2 does not exist."
+ fi
+ ;;
+ *)
+ SCRIPTNAME=$0
+ echo -ne "Usage: $SCRIPTNAME"\
+ "{start|stop|restart|reload|force-reload}\n" \
+ " or {start-instance|stop-instance|restart-instance|\n" \
+ " reload-instance|force-reload-instance} <instance name>\n" \
+ >&2
+ exit 3
+ ;;
esac
:
More information about the Pkg-cyrus-sasl2-commits
mailing list