git: fe4dc1fd7105 - main - net/nss-pam-ldapd: use closefrom in nslcd

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Alan Somers <asomers_at_FreeBSD.org>
Date: Tue, 11 Oct 2022 18:49:13 UTC
The branch main has been updated by asomers (src committer):

URL: https://cgit.FreeBSD.org/ports/commit/?id=fe4dc1fd7105b8d28031f9fab5b1260fbd0bbcaa

commit fe4dc1fd7105b8d28031f9fab5b1260fbd0bbcaa
Author:     Alan Somers <asomers@FreeBSD.org>
AuthorDate: 2022-10-11 18:44:51 +0000
Commit:     Alan Somers <asomers@FreeBSD.org>
CommitDate: 2022-10-11 18:48:50 +0000

    net/nss-pam-ldapd: use closefrom in nslcd
    
    nslcd tries to close all file descriptors on startup.  It does that by
    calling close() in a loop, running down from _SC_OPEN_MAX to 0.  Since
    _SC_OPEN_MAX autoscales with available RAM, this can take more than a
    minute on large servers.  The solution is to use closefrom.  Upstream
    has already made that change in the master branch, but due to its slow
    release cadence we're applying it here as well.
    
    PR:             266970
    Approved by:    zi (maintainer)
    Sponsored by:   Axcient
---
 net/nss-pam-ldapd/Makefile                        |  1 +
 net/nss-pam-ldapd/files/patch-config.h.in         | 12 +++++++++
 net/nss-pam-ldapd/files/patch-configure           | 16 +++++++++++
 net/nss-pam-ldapd/files/patch-nslcd_daemonize.c   | 33 +++++++++++++++++++++++
 net/nss-pam-ldapd/files/patch-nslcd_invalidator.c | 29 ++++++++++++++++++++
 5 files changed, 91 insertions(+)

diff --git a/net/nss-pam-ldapd/Makefile b/net/nss-pam-ldapd/Makefile
index 28d6cdc1f8fd..149d5edfd438 100644
--- a/net/nss-pam-ldapd/Makefile
+++ b/net/nss-pam-ldapd/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=		nss-pam-ldapd
 PORTVERSION=		0.9.12
+PORTREVISION=		1
 CATEGORIES=		net
 MASTER_SITES=		http://arthurdejong.org/nss-pam-ldapd/ \
 			ZI
diff --git a/net/nss-pam-ldapd/files/patch-config.h.in b/net/nss-pam-ldapd/files/patch-config.h.in
new file mode 100644
index 000000000000..e9ab0c2bf48b
--- /dev/null
+++ b/net/nss-pam-ldapd/files/patch-config.h.in
@@ -0,0 +1,12 @@
+--- config.h.in.orig	2022-10-10 21:16:40 UTC
++++ config.h.in
+@@ -30,6 +30,9 @@
+ /* Define to 1 if you have the `clearenv' function. */
+ #undef HAVE_CLEARENV
+ 
++/* Define to 1 if you have the `closefrom' function. */
++#undef HAVE_CLOSEFROM
++
+ /* Define to 1 if you have the <ctype.h> header file. */
+ #undef HAVE_CTYPE_H
+ 
diff --git a/net/nss-pam-ldapd/files/patch-configure b/net/nss-pam-ldapd/files/patch-configure
new file mode 100644
index 000000000000..d97e0366b1af
--- /dev/null
+++ b/net/nss-pam-ldapd/files/patch-configure
@@ -0,0 +1,16 @@
+--- configure.orig	2021-11-20 13:07:41 UTC
++++ configure
+@@ -9684,6 +9684,13 @@ then :
+ 
+ fi
+ 
++  ac_fn_c_check_func "$LINENO" "closefrom" "ac_cv_func_closefrom"
++if test "x$ac_cv_func_closefrom" = xyes
++then :
++  printf "%s\n" "#define HAVE_CLOSEFROM 1" >>confdefs.h
++
++fi
++
+ 
+   # replace some functions if they are not on the system
+   ac_fn_c_check_func "$LINENO" "getopt_long" "ac_cv_func_getopt_long"
diff --git a/net/nss-pam-ldapd/files/patch-nslcd_daemonize.c b/net/nss-pam-ldapd/files/patch-nslcd_daemonize.c
new file mode 100644
index 000000000000..8a8901baaa80
--- /dev/null
+++ b/net/nss-pam-ldapd/files/patch-nslcd_daemonize.c
@@ -0,0 +1,33 @@
+--- nslcd/daemonize.c.orig	2022-10-11 18:31:44 UTC
++++ nslcd/daemonize.c
+@@ -1,7 +1,7 @@
+ /*
+    daemoninze.c - functions for properly daemonising an application
+ 
+-   Copyright (C) 2014-2015 Arthur de Jong
++   Copyright (C) 2014-2022 Arthur de Jong
+ 
+    This library is free software; you can redistribute it and/or
+    modify it under the terms of the GNU Lesser General Public
+@@ -43,15 +43,19 @@ void daemonize_closefds(void)
+ 
+ void daemonize_closefds(void)
+ {
+-  int i;
+   /* close all file descriptors (except stdin/out/err) */
++#ifdef HAVE_CLOSEFROM
++  closefrom(3);
++#else
++  int i;
+   i = sysconf(_SC_OPEN_MAX) - 1;
+   /* if the system does not have OPEN_MAX just close the first 32 and
+      hope we closed enough */
+   if (i < 0)
+     i = 32;
+-  for (; i > 3; i--)
++  for (; i > 2; i--)
+     close(i);
++#endif
+ }
+ 
+ void daemonize_redirect_stdio(void)
diff --git a/net/nss-pam-ldapd/files/patch-nslcd_invalidator.c b/net/nss-pam-ldapd/files/patch-nslcd_invalidator.c
new file mode 100644
index 000000000000..c4bfe8ffe3e7
--- /dev/null
+++ b/net/nss-pam-ldapd/files/patch-nslcd_invalidator.c
@@ -0,0 +1,29 @@
+--- nslcd/invalidator.c.orig	2021-11-15 19:40:49 UTC
++++ nslcd/invalidator.c
+@@ -1,7 +1,7 @@
+ /*
+    invalidator.c - functions for invalidating external caches
+ 
+-   Copyright (C) 2013-2014 Arthur de Jong
++   Copyright (C) 2013-2022 Arthur de Jong
+ 
+    This library is free software; you can redistribute it and/or
+    modify it under the terms of the GNU Lesser General Public
+@@ -97,6 +97,9 @@ static void exec_invalidate(const char *db)
+   {
+     case 0: /* we are the child */
+       /* close all file descriptors */
++#ifdef HAVE_CLOSEFROM
++      closefrom(0);
++#else
+       i = sysconf(_SC_OPEN_MAX) - 1;
+       /* if the system does not have OPEN_MAX just close the first 32 and
+          hope we have closed enough */
+@@ -104,6 +107,7 @@ static void exec_invalidate(const char *db)
+         i = 32;
+       for (; i >= 0; i--)
+         close(i);
++#endif
+       /* execute command */
+ #ifdef HAVE_EXECVPE
+       execvpe(argv[0], argv, newenviron);