From 375887543daf26003ff7d900cf6a69d0c0b58523 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Wed, 27 May 2020 22:33:50 +0200 Subject: [PATCH] DEBUG: only open child process log files when required There was no reason to keep child process log files open permanently. This patch: - helps to avoid issue when SIGHUP was ignored for child process logs; - somewhat reduces code duplication. Resolves: https://github.com/SSSD/sssd/issues/4667 Reviewed-by: Pawel Polawski --- src/providers/ad/ad_gpo.c | 17 +++-------------- src/providers/ad/ad_init.c | 7 ------- src/providers/ad/ad_machine_pw_renewal.c | 2 +- src/providers/ipa/ipa_init.c | 7 ------- src/providers/ipa/ipa_selinux.c | 17 +---------------- src/providers/krb5/krb5_child_handler.c | 2 +- src/providers/krb5/krb5_common.h | 1 - src/providers/krb5/krb5_init_shared.c | 8 -------- src/providers/ldap/ldap_common.c | 3 --- src/providers/ldap/ldap_common.h | 6 ------ src/providers/ldap/ldap_init.c | 7 ------- src/providers/ldap/sdap_child_helpers.c | 10 +--------- src/responder/pam/pamsrv.c | 1 - src/responder/pam/pamsrv.h | 2 -- src/responder/pam/pamsrv_cmd.c | 2 +- src/responder/pam/pamsrv_p11.c | 9 ++------- src/responder/ssh/ssh_private.h | 1 - src/responder/ssh/ssh_reply.c | 4 ++-- src/responder/ssh/sshsrv.c | 10 ---------- src/tests/cmocka/test_cert_utils.c | 12 ++++++------ src/util/cert.h | 2 +- src/util/cert/cert_common_p11_child.c | 9 ++++----- src/util/child_common.c | 21 +++++++++++++++++---- src/util/child_common.h | 6 ++---- 24 files changed, 42 insertions(+), 124 deletions(-) diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c index f17917552..bbe8d8a1e 100644 --- a/src/providers/ad/ad_gpo.c +++ b/src/providers/ad/ad_gpo.c @@ -99,15 +99,14 @@ #define GPO_CHILD SSSD_LIBEXEC_PATH"/gpo_child" #endif +#define GPO_CHILD_LOG_FILE "gpo_child" + /* If INI_PARSE_IGNORE_NON_KVP is not defined, use 0 (no effect) */ #ifndef INI_PARSE_IGNORE_NON_KVP #define INI_PARSE_IGNORE_NON_KVP 0 #warning INI_PARSE_IGNORE_NON_KVP not defined. #endif -/* fd used by the gpo_child process for logging */ -int gpo_child_debug_fd = -1; - /* == common data structures and declarations ============================= */ struct gp_som { @@ -1618,13 +1617,6 @@ ad_gpo_access_check(TALLOC_CTX *mem_ctx, return ret; } -#define GPO_CHILD_LOG_FILE "gpo_child" - -static errno_t gpo_child_init(void) -{ - return child_debug_init(GPO_CHILD_LOG_FILE, &gpo_child_debug_fd); -} - /* * This function retrieves the raw policy_setting_value for the input key from * the GPO_Result object in the sysdb cache. It then parses the raw value and @@ -1808,9 +1800,6 @@ ad_gpo_access_send(TALLOC_CTX *mem_ctx, hash_value_t val; enum gpo_map_type gpo_map_type; - /* setup logging for gpo child */ - gpo_child_init(); - req = tevent_req_create(mem_ctx, &state, struct ad_gpo_access_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n"); @@ -4763,7 +4752,7 @@ gpo_fork_child(struct tevent_req *req) if (pid == 0) { /* child */ exec_child_ex(state, pipefd_to_child, pipefd_from_child, - GPO_CHILD, gpo_child_debug_fd, NULL, false, + GPO_CHILD, GPO_CHILD_LOG_FILE, NULL, false, STDIN_FILENO, AD_GPO_CHILD_OUT_FILENO); /* We should never get here */ diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c index 05535fcb0..704e63a06 100644 --- a/src/providers/ad/ad_init.c +++ b/src/providers/ad/ad_init.c @@ -402,13 +402,6 @@ static errno_t ad_init_misc(struct be_ctx *be_ctx, sdap_id_ctx->opts->sdom->pvt = ad_id_ctx; - ret = sdap_setup_child(); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "sdap_setup_child() failed [%d]: %s\n", - ret, sss_strerror(ret)); - return ret; - } - ret = ad_init_srv_plugin(be_ctx, ad_options); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup SRV plugin [%d]: %s\n", diff --git a/src/providers/ad/ad_machine_pw_renewal.c b/src/providers/ad/ad_machine_pw_renewal.c index e0db5fad5..ce9bbe6f3 100644 --- a/src/providers/ad/ad_machine_pw_renewal.c +++ b/src/providers/ad/ad_machine_pw_renewal.c @@ -185,7 +185,7 @@ ad_machine_account_password_renewal_send(TALLOC_CTX *mem_ctx, child_pid = fork(); if (child_pid == 0) { /* child */ exec_child_ex(state, pipefd_to_child, pipefd_from_child, - renewal_data->prog_path, -1, + renewal_data->prog_path, NULL, extra_args, true, STDIN_FILENO, STDERR_FILENO); diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index cdfd11d7a..d8d592653 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -571,13 +571,6 @@ static errno_t ipa_init_misc(struct be_ctx *be_ctx, return ret; } - ret = sdap_setup_child(); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup sdap child [%d]: %s\n", - ret, sss_strerror(ret)); - return ret; - } - if (dp_opt_get_bool(ipa_options->basic, IPA_SERVER_MODE)) { ret = ipa_init_server_mode(be_ctx, ipa_options, ipa_id_ctx); if (ret != EOK) { diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index 630f68ad5..9ae37b90d 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -51,9 +51,6 @@ #include -/* fd used by the selinux_child process for logging */ -int selinux_child_debug_fd = -1; - static struct tevent_req * ipa_get_selinux_send(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, @@ -565,7 +562,6 @@ struct selinux_child_state { struct child_io_fds *io; }; -static errno_t selinux_child_init(void); static errno_t selinux_child_create_buffer(struct selinux_child_state *state); static errno_t selinux_fork_child(struct selinux_child_state *state); static void selinux_child_step(struct tevent_req *subreq); @@ -602,12 +598,6 @@ static struct tevent_req *selinux_child_send(TALLOC_CTX *mem_ctx, state->io->read_from_child_fd = -1; talloc_set_destructor((void *) state->io, child_io_destructor); - ret = selinux_child_init(); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to init the child\n"); - goto immediately; - } - ret = selinux_child_create_buffer(state); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Failed to create the send buffer\n"); @@ -638,11 +628,6 @@ immediately: return req; } -static errno_t selinux_child_init(void) -{ - return child_debug_init(SELINUX_CHILD_LOG_FILE, &selinux_child_debug_fd); -} - static errno_t selinux_child_create_buffer(struct selinux_child_state *state) { size_t rp; @@ -712,7 +697,7 @@ static errno_t selinux_fork_child(struct selinux_child_state *state) if (pid == 0) { /* child */ exec_child(state, pipefd_to_child, pipefd_from_child, - SELINUX_CHILD, selinux_child_debug_fd); + SELINUX_CHILD, SELINUX_CHILD_LOG_FILE); DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec selinux_child: [%d][%s].\n", ret, sss_strerror(ret)); return ret; diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c index b7fb54499..8546285b2 100644 --- a/src/providers/krb5/krb5_child_handler.c +++ b/src/providers/krb5/krb5_child_handler.c @@ -465,7 +465,7 @@ static errno_t fork_child(struct tevent_req *req) if (pid == 0) { /* child */ exec_child_ex(state, pipefd_to_child, pipefd_from_child, - KRB5_CHILD, state->kr->krb5_ctx->child_debug_fd, + KRB5_CHILD, KRB5_CHILD_LOG_FILE, krb5_child_extra_args, false, STDIN_FILENO, STDOUT_FILENO); diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h index 493d12e5f..f198e2684 100644 --- a/src/providers/krb5/krb5_common.h +++ b/src/providers/krb5/krb5_common.h @@ -124,7 +124,6 @@ struct krb5_ctx { struct dp_option *opts; struct krb5_service *service; struct krb5_service *kpasswd_service; - int child_debug_fd; sss_regexp_t *illegal_path_re; diff --git a/src/providers/krb5/krb5_init_shared.c b/src/providers/krb5/krb5_init_shared.c index afe15b365..ea3d32805 100644 --- a/src/providers/krb5/krb5_init_shared.c +++ b/src/providers/krb5/krb5_init_shared.c @@ -71,14 +71,6 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx, goto done; } - krb5_auth_ctx->child_debug_fd = -1; /* -1 means not initialized */ - ret = child_debug_init(KRB5_CHILD_LOG_FILE, - &krb5_auth_ctx->child_debug_fd); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Could not set krb5_child debugging!\n"); - goto done; - } - ret = parse_krb5_map_user(krb5_auth_ctx, dp_opt_get_cstring(krb5_auth_ctx->opts, KRB5_MAP_USER), diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 9d7806a2f..2133db36f 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -35,9 +35,6 @@ #include "providers/ldap/sdap_idmap.h" -/* a fd the child process would log into */ -int ldap_child_debug_fd = -1; - errno_t ldap_id_setup_tasks(struct sdap_id_ctx *ctx) { return sdap_id_setup_tasks(ctx->be, ctx, ctx->opts->sdom, diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index 63ee5dd84..13e6d4871 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -44,9 +44,6 @@ #define LDAP_ENUM_PURGE_TIMEOUT 10800 -/* a fd the child process would log into */ -extern int ldap_child_debug_fd; - struct sdap_id_ctx; struct sdap_id_conn_ctx { @@ -342,9 +339,6 @@ sdap_ipnetwork_handler_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct dp_reply_std *data); -/* setup child logging */ -int sdap_setup_child(void); - errno_t string_to_shadowpw_days(const char *s, long *d); diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index 1be5d13de..de64e5985 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -419,13 +419,6 @@ static errno_t ldap_init_misc(struct be_ctx *be_ctx, return ret; } - ret = sdap_setup_child(); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup sdap child [%d]: %s\n", - ret, sss_strerror(ret)); - return ret; - } - /* Setup SRV lookup plugin */ ret = be_fo_set_dns_srv_lookup_plugin(be_ctx, NULL); if (ret != EOK) { diff --git a/src/providers/ldap/sdap_child_helpers.c b/src/providers/ldap/sdap_child_helpers.c index a03d28c9c..9d25aea8b 100644 --- a/src/providers/ldap/sdap_child_helpers.c +++ b/src/providers/ldap/sdap_child_helpers.c @@ -111,7 +111,7 @@ static errno_t sdap_fork_child(struct tevent_context *ev, if (pid == 0) { /* child */ exec_child(child, pipefd_to_child, pipefd_from_child, - LDAP_CHILD, ldap_child_debug_fd); + LDAP_CHILD, LDAP_CHILD_LOG_FILE); /* We should never get here */ DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Could not exec LDAP child\n"); @@ -512,11 +512,3 @@ static errno_t set_tgt_child_timeout(struct tevent_req *req, return EOK; } - - - -/* Setup child logging */ -int sdap_setup_child(void) -{ - return child_debug_init(LDAP_CHILD_LOG_FILE, &ldap_child_debug_fd); -} diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c index a4c9ebbbb..dde44a472 100644 --- a/src/responder/pam/pamsrv.c +++ b/src/responder/pam/pamsrv.c @@ -277,7 +277,6 @@ static int pam_process_init(TALLOC_CTX *mem_ctx, goto done; } - pctx->p11_child_debug_fd = -1; if (pctx->cert_auth) { ret = p11_child_init(pctx); if (ret != EOK) { diff --git a/src/responder/pam/pamsrv.h b/src/responder/pam/pamsrv.h index 24bd9764d..478d91b93 100644 --- a/src/responder/pam/pamsrv.h +++ b/src/responder/pam/pamsrv.h @@ -54,7 +54,6 @@ struct pam_ctx { char **app_services; bool cert_auth; - int p11_child_debug_fd; char *nss_db; struct sss_certmap_ctx *sss_certmap_ctx; char **smartcard_services; @@ -110,7 +109,6 @@ void sss_cai_check_users(struct cert_auth_info **list, size_t *_cert_count, struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, - int child_debug_fd, const char *nss_db, time_t timeout, const char *verify_opts, diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index ddde9eda2..1cd901f15 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -1404,7 +1404,7 @@ static errno_t check_cert(TALLOC_CTX *mctx, return ret; } - req = pam_check_cert_send(mctx, ev, pctx->p11_child_debug_fd, + req = pam_check_cert_send(mctx, ev, pctx->nss_db, p11_child_timeout, cert_verification_opts, pctx->sss_certmap_ctx, uri, pd); diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c index 8e276b200..3f0afaeff 100644 --- a/src/responder/pam/pamsrv_p11.c +++ b/src/responder/pam/pamsrv_p11.c @@ -242,7 +242,7 @@ errno_t p11_child_init(struct pam_ctx *pctx) return ret; } - return child_debug_init(P11_CHILD_LOG_FILE, &pctx->p11_child_debug_fd); + return EOK; } static inline bool @@ -705,7 +705,6 @@ static void p11_child_timeout(struct tevent_context *ev, struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, - int child_debug_fd, const char *nss_db, time_t timeout, const char *verify_opts, @@ -838,14 +837,10 @@ struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx, goto done; } - if (child_debug_fd == -1) { - child_debug_fd = STDERR_FILENO; - } - child_pid = fork(); if (child_pid == 0) { /* child */ exec_child_ex(state, pipefd_to_child, pipefd_from_child, - P11_CHILD_PATH, child_debug_fd, extra_args, false, + P11_CHILD_PATH, P11_CHILD_LOG_FILE, extra_args, false, STDIN_FILENO, STDOUT_FILENO); /* We should never get here */ diff --git a/src/responder/ssh/ssh_private.h b/src/responder/ssh/ssh_private.h index 028ccd616..5aa7e37d6 100644 --- a/src/responder/ssh/ssh_private.h +++ b/src/responder/ssh/ssh_private.h @@ -36,7 +36,6 @@ struct ssh_ctx { char *ca_db; bool use_cert_keys; - int p11_child_debug_fd; time_t certmap_last_read; struct sss_certmap_ctx *sss_certmap_ctx; char **cert_rules; diff --git a/src/responder/ssh/ssh_reply.c b/src/responder/ssh/ssh_reply.c index 97914266d..edeb28765 100644 --- a/src/responder/ssh/ssh_reply.c +++ b/src/responder/ssh/ssh_reply.c @@ -249,7 +249,7 @@ struct tevent_req *ssh_get_output_keys_send(TALLOC_CTX *mem_ctx, : state->user_cert_override; subreq = cert_to_ssh_key_send(state, state->ev, - state->ssh_ctx->p11_child_debug_fd, + P11_CHILD_LOG_FILE, state->p11_child_timeout, state->ssh_ctx->ca_db, state->ssh_ctx->sss_certmap_ctx, @@ -335,7 +335,7 @@ void ssh_get_output_keys_done(struct tevent_req *subreq) goto done; } - subreq = cert_to_ssh_key_send(state, state->ev, -1, + subreq = cert_to_ssh_key_send(state, state->ev, NULL, state->p11_child_timeout, state->ssh_ctx->ca_db, state->ssh_ctx->sss_certmap_ctx, diff --git a/src/responder/ssh/sshsrv.c b/src/responder/ssh/sshsrv.c index 7765e91b8..6072a702c 100644 --- a/src/responder/ssh/sshsrv.c +++ b/src/responder/ssh/sshsrv.c @@ -126,16 +126,6 @@ int ssh_process_init(TALLOC_CTX *mem_ctx, goto fail; } - ssh_ctx->p11_child_debug_fd = -1; - if (ssh_ctx->use_cert_keys) { - ret = child_debug_init(P11_CHILD_LOG_FILE, - &ssh_ctx->p11_child_debug_fd); - if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, - "Failed to setup p11_child logging, ignored.\n"); - } - } - ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n"); diff --git a/src/tests/cmocka/test_cert_utils.c b/src/tests/cmocka/test_cert_utils.c index 848ed1a8d..1ff20576a 100644 --- a/src/tests/cmocka/test_cert_utils.c +++ b/src/tests/cmocka/test_cert_utils.c @@ -391,7 +391,7 @@ void test_cert_to_ssh_key_send(void **state) ev = tevent_context_init(ts); assert_non_null(ev); - req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT, + req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT, #ifdef HAVE_NSS "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb", #else @@ -465,7 +465,7 @@ void test_cert_to_ssh_2keys_send(void **state) ev = tevent_context_init(ts); assert_non_null(ev); - req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT, + req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT, #ifdef HAVE_NSS "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb", #else @@ -548,7 +548,7 @@ void test_cert_to_ssh_2keys_invalid_send(void **state) ev = tevent_context_init(ts); assert_non_null(ev); - req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT, + req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT, #ifdef HAVE_NSS "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb", #else @@ -614,7 +614,7 @@ void test_ec_cert_to_ssh_key_send(void **state) ev = tevent_context_init(ts); assert_non_null(ev); - req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT, + req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT, #ifdef HAVE_NSS "sql:" ABS_BUILD_DIR "/src/tests/test_ECC_CA/p11_ecc_nssdb", #else @@ -691,7 +691,7 @@ void test_cert_to_ssh_2keys_with_certmap_send(void **state) ev = tevent_context_init(ts); assert_non_null(ev); - req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT, + req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT, #ifdef HAVE_NSS "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb", #else @@ -769,7 +769,7 @@ void test_cert_to_ssh_2keys_with_certmap_2_send(void **state) ev = tevent_context_init(ts); assert_non_null(ev); - req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT, + req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT, #ifdef HAVE_NSS "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb", #else diff --git a/src/util/cert.h b/src/util/cert.h index d038a99f6..16dda37b3 100644 --- a/src/util/cert.h +++ b/src/util/cert.h @@ -57,7 +57,7 @@ errno_t get_ssh_key_from_derb64(TALLOC_CTX *mem_ctx, const char *derb64, struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, - int child_debug_fd, time_t timeout, + const char *logfile, time_t timeout, const char *ca_db, struct sss_certmap_ctx *sss_certmap_ctx, size_t cert_count, diff --git a/src/util/cert/cert_common_p11_child.c b/src/util/cert/cert_common_p11_child.c index 1846ff89a..18a331f23 100644 --- a/src/util/cert/cert_common_p11_child.c +++ b/src/util/cert/cert_common_p11_child.c @@ -24,7 +24,7 @@ struct cert_to_ssh_key_state { struct tevent_context *ev; - int child_debug_fd; + const char *logfile; time_t timeout; const char **extra_args; const char **certs; @@ -45,7 +45,7 @@ static void cert_to_ssh_key_done(int child_status, struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, - int child_debug_fd, time_t timeout, + const char *logfile, time_t timeout, const char *ca_db, struct sss_certmap_ctx *sss_certmap_ctx, size_t cert_count, @@ -70,8 +70,7 @@ struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx, } state->ev = ev; - state->child_debug_fd = (child_debug_fd == -1) ? STDERR_FILENO - : child_debug_fd; + state->logfile = logfile; state->timeout = timeout; state->io = talloc(state, struct child_io_fds); if (state->io == NULL) { @@ -205,7 +204,7 @@ static errno_t cert_to_ssh_key_step(struct tevent_req *req) child_pid = fork(); if (child_pid == 0) { /* child */ exec_child_ex(state, pipefd_to_child, pipefd_from_child, P11_CHILD_PATH, - state->child_debug_fd, state->extra_args, false, + state->logfile, state->extra_args, false, STDIN_FILENO, STDOUT_FILENO); /* We should never get here */ DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Could not exec p11 child\n"); diff --git a/src/util/child_common.c b/src/util/child_common.c index 3a07580c2..5cac725ca 100644 --- a/src/util/child_common.c +++ b/src/util/child_common.c @@ -47,6 +47,8 @@ struct sss_child_ctx { struct sss_sigchild_ctx *sigchld_ctx; }; +static errno_t child_debug_init(const char *logfile, int *debug_fd); + static void sss_child_handler(struct tevent_context *ev, struct tevent_signal *se, int signum, @@ -725,13 +727,24 @@ fail: void exec_child_ex(TALLOC_CTX *mem_ctx, int *pipefd_to_child, int *pipefd_from_child, - const char *binary, int debug_fd, + const char *binary, const char *logfile, const char *extra_argv[], bool extra_args_only, int child_in_fd, int child_out_fd) { int ret; errno_t err; char **argv; + int debug_fd = -1; + + if (logfile) { + ret = child_debug_init(logfile, &debug_fd); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "child_debug_init() failed.\n"); + exit(EXIT_FAILURE); + } + } else { + debug_fd = STDERR_FILENO; + } close(pipefd_to_child[1]); ret = dup2(pipefd_to_child[0], child_in_fd); @@ -767,10 +780,10 @@ void exec_child_ex(TALLOC_CTX *mem_ctx, void exec_child(TALLOC_CTX *mem_ctx, int *pipefd_to_child, int *pipefd_from_child, - const char *binary, int debug_fd) + const char *binary, const char *logfile) { exec_child_ex(mem_ctx, pipefd_to_child, pipefd_from_child, - binary, debug_fd, NULL, false, + binary, logfile, NULL, false, STDIN_FILENO, STDOUT_FILENO); } @@ -803,7 +816,7 @@ int child_io_destructor(void *ptr) return EOK; } -errno_t child_debug_init(const char *logfile, int *debug_fd) +static errno_t child_debug_init(const char *logfile, int *debug_fd) { int ret; FILE *debug_filep; diff --git a/src/util/child_common.h b/src/util/child_common.h index 37116e2a7..92d66a500 100644 --- a/src/util/child_common.h +++ b/src/util/child_common.h @@ -106,7 +106,7 @@ void fd_nonblocking(int fd); /* Never returns EOK, ether returns an error, or doesn't return on success */ void exec_child_ex(TALLOC_CTX *mem_ctx, int *pipefd_to_child, int *pipefd_from_child, - const char *binary, int debug_fd, + const char *binary, const char *logfile, const char *extra_argv[], bool extra_args_only, int child_in_fd, int child_out_fd); @@ -115,10 +115,8 @@ void exec_child_ex(TALLOC_CTX *mem_ctx, */ void exec_child(TALLOC_CTX *mem_ctx, int *pipefd_to_child, int *pipefd_from_child, - const char *binary, int debug_fd); + const char *binary, const char *logfile); int child_io_destructor(void *ptr); -errno_t child_debug_init(const char *logfile, int *debug_fd); - #endif /* __CHILD_COMMON_H__ */ -- 2.21.3