Bug#369484: [Pkg-openldap-devel] Bug#369484: slapd: Bug in initscript, could wreck database

Helge Hafting helge.hafting at aitel.hist.no
Tue May 30 09:43:38 UTC 2006 

Quanah Gibson-Mount wrote:
>
>
> --On Tuesday, May 30, 2006 8:53 AM +0200 Helge Hafting 
> <helgehaf at aitel.hist.no> wrote:
>
>> Package: slapd
>> Version: 2.3.23-1
>> Severity: normal
>>
>>
>> I was reading the /etc/init.d/slapd script, in order to make
>> an equivalent start/stop script for initng.
>>
>> I noticed this snippet of code which is wrong:
>>
>>         # Make sure there is no slapcat and no slapd running as we might
>>         # break the DB in that case
>>         if pidof /usr/lib/slapd >/dev/null; then
>>                 echo -n " (slapd running, no recovery), "
>>         return 0
>>     fi
>>                                
>> The poblem here is that /usr/lib/slapd is the wrong path.
>> slapd lives in /usr/sbin, so the correct would be
>>     if pidof /usr/sbin/slapd >/dev/null; then
>>
>> As it stands, the test will never ever trigger.  Now, the
>> case where it is needed is unlikely to happen, but it is
>> possible if slapd is started manually and then the initscript runs
>> somehow.  Then BDB could break.
>>
>> The obvious fix is to change the line as above.  I have tested the
>> pidof command,
>> pidof /usr/lib/slapd   does nothing, while
>> pidof /usr/sbin/slapd  gives me the correct pid.
>>
>
>
> I have to somewhat question the validity of this test at all.
>
> (a) slapcat does not harm the database, and hasn't done so since at 
> least OpenLDAP 2.1.  This sounds like an ancient holdover.
> (b) OpenLDAP 2.3 already has a file (alock) that determines whether or 
> not recover should be performed.  In no case should an init script be 
> calling db_recover itself.  If that is the case, the init script is 
> horribly broken.
>
Either way, the slapd package needs fixing.  What I saw was clearly wrong,
the script ran 'pidof'  against a nonexistant filename.  So I tried to
fix that.  Of course my simple fix doesn't help if what the script tries to
do is wrong anyway.  I do not know the details of slapd & bdb,
I assumed the comments were accurate with just an implementation error.
I am now looking forward for the proper fix, which I don't know
enough to make myself.

Helge Hafting

More information about the Pkg-openldap-devel mailing list