Bug#369484: [Pkg-openldap-devel] Bug#369484: slapd: Bug in initscript, could wreck database

Quanah Gibson-Mount quanah at openldap.org
Tue May 30 07:54:50 UTC 2006



--On Tuesday, May 30, 2006 8:53 AM +0200 Helge Hafting 
<helgehaf at aitel.hist.no> wrote:

> Package: slapd
> Version: 2.3.23-1
> Severity: normal
>
>
> I was reading the /etc/init.d/slapd script, in order to make
> an equivalent start/stop script for initng.
>
> I noticed this snippet of code which is wrong:
>
>         # Make sure there is no slapcat and no slapd running as we might
>         # break the DB in that case
>         if pidof /usr/lib/slapd >/dev/null; then
>                 echo -n " (slapd running, no recovery), "
> 		return 0
> 	fi
> 								
> The poblem here is that /usr/lib/slapd is the wrong path.
> slapd lives in /usr/sbin, so the correct would be
> 	if pidof /usr/sbin/slapd >/dev/null; then
>
> As it stands, the test will never ever trigger.  Now, the
> case where it is needed is unlikely to happen, but it is
> possible if slapd is started manually and then the initscript runs
> somehow.  Then BDB could break.
>
> The obvious fix is to change the line as above.  I have tested the
> pidof command,
> pidof /usr/lib/slapd   does nothing, while
> pidof /usr/sbin/slapd  gives me the correct pid.
>


I have to somewhat question the validity of this test at all.

(a) slapcat does not harm the database, and hasn't done so since at least 
OpenLDAP 2.1.  This sounds like an ancient holdover.
(b) OpenLDAP 2.3 already has a file (alock) that determines whether or not 
recover should be performed.  In no case should an init script be calling 
db_recover itself.  If that is the case, the init script is horribly broken.


--Quanah


--
Quanah Gibson-Mount
QA Engineer
<http://www.openldap.org>




More information about the Pkg-openldap-devel mailing list