Resolves: #253069

Summary: cyclic dependency from getpwnam() in log rotation code
Description: Moved getpwnam call to the startup time, store the info in
slapdFrontendConfig to reuse.

ldap/servers/slapd/libglobs.c

@@ -2500,9 +2500,20 @@ config_set_localuser( const char *attrname, char *value, char *errorbuf, int app
   }
 
   if (apply) {
+    struct passwd *pw = NULL;
 	CFG_LOCK_WRITE(slapdFrontendConfig);
 	slapi_ch_free ( (void **) &slapdFrontendConfig->localuser );
 	slapdFrontendConfig->localuser = slapi_ch_strdup ( value );
+	if (slapdFrontendConfig->localuserinfo != NULL) {
+	  slapi_ch_free ( (void **) &(slapdFrontendConfig->localuserinfo) );
+	}
+	pw = getpwnam( value );
+	if ( pw ) {
+	  slapdFrontendConfig->localuserinfo =
+			  (struct passwd *)slapi_ch_malloc(sizeof(struct passwd));
+	  memcpy(slapdFrontendConfig->localuserinfo, pw, sizeof(struct passwd));
+	}
+
 	CFG_UNLOCK_WRITE(slapdFrontendConfig);
   }
   return retVal;

ldap/servers/slapd/log.c

@@ -3480,9 +3480,9 @@ log__open_errorlogfile(int logfile_state, int locked)
 	slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
 
 #ifndef _WIN32
-	if ( slapdFrontendConfig->localuser != NULL )  {
-		if ( (pw = getpwnam( slapdFrontendConfig->localuser )) == NULL )
-			return LOG_UNABLE_TO_OPENFILE;
+	if ( slapdFrontendConfig->localuser != NULL &&
+	     slapdFrontendConfig->localuserinfo != NULL ) {
+		pw = slapdFrontendConfig->localuserinfo;
 	}
 	else {
 		return LOG_UNABLE_TO_OPENFILE;

ldap/servers/slapd/main.c

@@ -247,8 +247,8 @@ chown_dir_files(char *name, struct passwd *pw, PRBool strip_fn)
     /* change the owner for each of the files in the dir */
     while( (entry = PR_ReadDir(dir , PR_SKIP_BOTH )) !=NULL ) 
     {
-	PR_snprintf(file,MAXPATHLEN+1,"%s/%s",log,entry->name);
-	slapd_chown_if_not_owner( file, pw->pw_uid, -1 ); 
+      PR_snprintf(file,MAXPATHLEN+1,"%s/%s",log,entry->name);
+      slapd_chown_if_not_owner( file, pw->pw_uid, -1 ); 
     }
     PR_CloseDir( dir );
   }
@@ -267,14 +267,23 @@ fix_ownership()
 
 	slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
 
-
-	if ( slapdFrontendConfig->localuser != NULL )  {
-	        if ( (pw = getpwnam( slapdFrontendConfig->localuser )) == NULL ) 
-		      return;
-	}
-	else {
-		return;
+	if (slapdFrontendConfig->localuser != NULL) {
+		if (slapdFrontendConfig->localuserinfo == NULL) {
+			pw = getpwnam( slapdFrontendConfig->localuser );
+			if ( NULL == pw ) {
+				LDAPDebug(LDAP_DEBUG_ANY, 
+					"Unable to find user %s in system account database, "
+					"errno %d (%s)\n",
+					slapdFrontendConfig->localuser, errno, strerror(errno));
+				return; 
+			}
+			slapdFrontendConfig->localuserinfo =
+					(struct passwd *)slapi_ch_malloc(sizeof(struct passwd));
+			memcpy(slapdFrontendConfig->localuserinfo, pw, sizeof(struct passwd));
+		}
+		pw = slapdFrontendConfig->localuserinfo;
 	}
+
 	/* config directory needs to be owned by the local user */
 	if (slapdFrontendConfig->configdir) {
 		chown_dir_files(slapdFrontendConfig->configdir, pw, PR_FALSE);

ldap/servers/slapd/protect_db.c

@@ -201,17 +201,16 @@ make_sure_dir_exists(char *dir)
     }
 
     /* Make sure it's owned by the correct user */
-    if (slapdFrontendConfig->localuser != NULL) {
-      if ( (pw = getpwnam(slapdFrontendConfig->localuser)) == NULL ) {
-        LDAPDebug(LDAP_DEBUG_ANY, GETPWNAM_WARNING, slapdFrontendConfig->localuser, errno, strerror(errno));
-      } else {
+    if (slapdFrontendConfig->localuser != NULL &&
+        slapdFrontendConfig->localuserinfo != NULL) {
+        pw = slapdFrontendConfig->localuserinfo;
         if (chown(dir, pw->pw_uid, -1) == -1) {
             stat(dir, &stat_buffer);
             if (stat_buffer.st_uid != pw->pw_uid) {
                 LDAPDebug(LDAP_DEBUG_ANY, CHOWN_WARNING, dir, 0, 0);
+                return 1;
             }
         }
-      } /* else */
     }
 
     return 0;
@@ -233,24 +232,23 @@ add_this_process_to(char *dir_name)
     file_name[sizeof(file_name)-1] = (char)0;
     
     if ((prfd = PR_Open(file_name, PR_RDWR | PR_CREATE_FILE, 0666)) == NULL) {
-    LDAPDebug(LDAP_DEBUG_ANY, FILE_CREATE_WARNING, file_name, 0, 0);
-    return;
+        LDAPDebug(LDAP_DEBUG_ANY, FILE_CREATE_WARNING, file_name, 0, 0);
+        return;
     }
     
     /* Make sure the owner is of the file is the user the server
      * runs as. */
-    if (slapdFrontendConfig->localuser != NULL) {
-      if ( (pw = getpwnam(slapdFrontendConfig->localuser)) == NULL ) {
-    LDAPDebug(LDAP_DEBUG_ANY, GETPWNAM_WARNING, slapdFrontendConfig->localuser, errno, strerror(errno));
-      } else {
+    if (slapdFrontendConfig->localuser != NULL &&
+        slapdFrontendConfig->localuserinfo != NULL) {
+        pw = slapdFrontendConfig->localuserinfo;
         if (chown(file_name, pw->pw_uid, -1) == -1) {
             stat(file_name, &stat_buffer);
             if (stat_buffer.st_uid != pw->pw_uid) {
                 LDAPDebug(LDAP_DEBUG_ANY, CHOWN_WARNING, file_name, 0, 0);
             }
         }
-      } /* else */
     }
+bail:
     PR_Close(prfd);
 }
 

ldap/servers/slapd/slap.h

@@ -1925,6 +1925,9 @@ typedef struct _slapdFrontendConfig {
   char *ldapi_gidnumber_type;   /* type that contains gid number */
   char *ldapi_search_base_dn;   /* base dn to search for mapped entries */
   char *ldapi_auto_dn_suffix;   /* suffix to be appended to auto gen DNs */
+#ifndef _WIN32
+  struct passwd *localuserinfo; /* userinfo of localuser */
+#endif /* _WIN32 */
 } slapdFrontendConfig_t;
 
 #define SLAPD_FULL	0