See the 'USING ENVIRONMENT VARIABLES' section for information
on how to use the variables.
- 3. edit the file include/ldapconfig.h.edit to configure
- the software for your site (the files are well-commented):
-
- % vi include/ldapconfig.h.edit
-
- 4. Configure the build system
+ 3. Configure the build system
% [env settings] ./configure [options]
appropriate settings. Use configure enable/with options and/or
environment variables to obtain desired results.
+ 4. Review the file include/ldapconfig.h.edit.
+ You generally do not need to modify this file.
+
+ % vi include/ldapconfig.h.edit
+
5. Build dependencies
% make depend
endgrent \
endpwent \
flock \
- getdtablesize \
+ getdtablesize \
getgrgid \
gethostname \
getpass \
getpwuid \
- gettimeofday \
+ gettimeofday \
+ initgroups \
lockf \
memcpy \
memmove \
recv \
recvfrom \
setpwfile \
+ setgid \
+ setegid \
setsid \
+ setuid \
+ seteuid \
signal \
sigset \
snprintf \
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:10844: checking for $ac_func" >&5
+echo "configure:10849: checking for $ac_func" >&5
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 10849 "configure"
+#line 10854 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
; return 0; }
EOF
-if { (eval echo configure:10872: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:10877: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
for ac_func in getopt tempnam
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:10900: checking for $ac_func" >&5
+echo "configure:10905: checking for $ac_func" >&5
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 10905 "configure"
+#line 10910 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
; return 0; }
EOF
-if { (eval echo configure:10928: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:10933: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
# Check Configuration
echo $ac_n "checking declaration of sys_errlist""... $ac_c" 1>&6
-echo "configure:10958: checking declaration of sys_errlist" >&5
+echo "configure:10963: checking declaration of sys_errlist" >&5
if eval "test \"`echo '$''{'ol_cv_dcl_sys_errlist'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 10964 "configure"
+#line 10969 "configure"
#include "confdefs.h"
#include <stdio.h>
char *c = (char *) *sys_errlist
; return 0; }
EOF
-if { (eval echo configure:10974: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:10979: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
ol_cv_dcl_sys_errlist=yes
else
EOF
echo $ac_n "checking existence of sys_errlist""... $ac_c" 1>&6
-echo "configure:10994: checking existence of sys_errlist" >&5
+echo "configure:10999: checking existence of sys_errlist" >&5
if eval "test \"`echo '$''{'ol_cv_have_sys_errlist'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 11000 "configure"
+#line 11005 "configure"
#include "confdefs.h"
#include <errno.h>
int main() {
char *c = (char *) *sys_errlist
; return 0; }
EOF
-if { (eval echo configure:11007: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:11012: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
ol_cv_have_sys_errlist=yes
else
echo $ac_n "checking strdup declaration""... $ac_c" 1>&6
-echo "configure:11031: checking strdup declaration" >&5
+echo "configure:11036: checking strdup declaration" >&5
if eval "test \"`echo '$''{'ol_cv_dcl_strdup'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 11037 "configure"
+#line 11042 "configure"
#include "confdefs.h"
#include <string.h>
extern char *strdup();
; return 0; }
EOF
-if { (eval echo configure:11045: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:11050: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
ol_cv_dcl_strdup=yes
else
endgrent \
endpwent \
flock \
- getdtablesize \
+ getdtablesize \
getgrgid \
gethostname \
getpass \
getpwuid \
- gettimeofday \
+ gettimeofday \
+ initgroups \
lockf \
memcpy \
memmove \
recv \
recvfrom \
setpwfile \
+ setgid \
+ setegid \
setsid \
+ setuid \
+ seteuid \
signal \
sigset \
snprintf \
.B LIBEXECDIR/slapd [\-d debug\-level]
.B [\-f slapd\-config\-file] [\-a address] [\-p port\-number]
.B [\-s syslog\-level] [\-l syslog\-local\-user] [\-i]
-.B [\-U user] [\-G group]
+.B [\-u user] [\-g group]
.B
.SH DESCRIPTION
.LP
will listen on the default LDAP port (389) unless this option is given
to override the default. A numeric port number is expected.
.TP
-.BI \-U " user"
+.BI \-u " user"
.B slapd
will run slapd with the specified user name or id, and that user's
supplementary group access list as set with initgroups(3). The group ID
-is also changed to this user's gid, unless the -G option is used to
+is also changed to this user's gid, unless the -g option is used to
override.
.TP
-.BI \-G " group"
+.BI \-g " group"
.B slapd
will run with the specified group name or id.
.TP
/* Define if you have the gettimeofday function. */
#undef HAVE_GETTIMEOFDAY
+/* Define if you have the initgroups function. */
+#undef HAVE_INITGROUPS
+
/* Define if you have the lockf function. */
#undef HAVE_LOCKF
/* Define if you have the sched_yield function. */
#undef HAVE_SCHED_YIELD
+/* Define if you have the setegid function. */
+#undef HAVE_SETEGID
+
+/* Define if you have the seteuid function. */
+#undef HAVE_SETEUID
+
+/* Define if you have the setgid function. */
+#undef HAVE_SETGID
+
/* Define if you have the setpwfile function. */
#undef HAVE_SETPWFILE
/* Define if you have the setsid function. */
#undef HAVE_SETSID
+/* Define if you have the setuid function. */
+#undef HAVE_SETUID
+
/* Define if you have the signal function. */
#undef HAVE_SIGNAL
usage( char *name )
{
fprintf( stderr, "usage: %s [-d ?|debuglevel] [-f configfile] [-p portnumber] [-s sysloglevel]", name );
- fprintf( stderr, "\n [-a bind-address] [-i] [-u]" );
+ fprintf( stderr, "\n [-a bind-address] [-i]" );
+#if LDAP_CONNECTIONLESS
+ fprintf( stderr, " [-c]" );
+#endif
#ifdef SLAPD_BDB2
fprintf( stderr, " [-t]" );
#endif
#ifdef LOG_LOCAL4
fprintf( stderr, " [-l sysloguser]" );
#endif
-#if defined(HAVE_PWD_H) && defined(HAVE_GRP_H)
- fprintf( stderr, " [-U user] [-G group]" );
+#if defined(HAVE_SETUID) && defined(HAVE_SETGID)
+ fprintf( stderr, " [-u user] [-g group]" );
#endif
fprintf( stderr, "\n" );
}
#ifdef LOG_LOCAL4
int syslogUser = DEFAULT_SYSLOG_USER;
#endif
-#if defined(HAVE_PWD_H) && defined(HAVE_GRP_H)
+#if defined(HAVE_SETUID) && defined(HAVE_SETGID)
char *username = NULL, *groupname = NULL;
#endif
char *configfile;
g_argv = argv;
while ( (i = getopt( argc, argv,
- "d:f:ia:p:s:u"
+ "d:f:ia:p:s:c"
#ifdef LOG_LOCAL4
"l:"
#endif
#ifdef SLAPD_BDB2
"t"
#endif
-#if defined(HAVE_PWD_H) && defined(HAVE_GRP_H)
- "U:G:"
+#if defined(HAVE_SETUID) && defined(HAVE_SETGID)
+ "u:g:"
#endif
)) != EOF ) {
switch ( i ) {
break;
#endif
- case 'u': /* do udp */
+#ifdef LDAP_CONNECTIONLESS
+ case 'c': /* do connectionless (udp) */
udp = 1;
break;
+#endif
#ifdef SLAPD_BDB2
case 't': /* timed server */
break;
#endif
-#if defined(HAVE_PWD_H) && defined(HAVE_GRP_H)
- case 'U': /* user name */
+#if defined(HAVE_SETUID) && defined(HAVE_GETUID)
+ case 'u': /* user name */
+ if( username ) free(username);
username = ch_strdup( optarg );
break;
- case 'G': /* group name */
+ case 'g': /* group name */
+ if( groupname ) free(groupname);
groupname = ch_strdup( optarg );
break;
-#endif /* HAVE_PWD_H && HAVE_GRP_H */
+#endif /* SETUID && GETUID */
default:
usage( argv[0] );
tcps = set_socket( inetd ? NULL : &bind_addr );
-#if defined(HAVE_PWD_H) && defined(HAVE_GRP_H)
+#if defined(HAVE_SETUID) && defined(HAVE_SETGID)
if ( username != NULL || groupname != NULL )
slap_init_user( username, groupname );
#endif
#include "portable.h"
-#if defined(HAVE_PWD_H) && defined(HAVE_GRP_H)
+#if defined(HAVE_SETUID) && defined(HAVE_SETGID)
#include <stdio.h>
#include <stdlib.h>
+
+#ifdef HAVE_PWD_H
#include <pwd.h>
+#endif
+#ifdef HAVE_GRP_H
#include <grp.h>
+#endif
#include <ac/ctype.h>
#include <ac/unistd.h>
void
slap_init_user( char *user, char *group )
{
- uid_t uid = (gid_t) -1;
+ uid_t uid = (uid_t) -1;
gid_t gid = (gid_t) -1;
if ( user ) {
gid, 0, 0 );
exit( 1 );
}
+#ifdef HAVE_SETEGID
if ( setegid( gid ) != 0 ) {
Debug( LDAP_DEBUG_ANY, "Could not set effective group id to %d\n",
gid, 0, 0 );
exit( 1 );
}
+#endif
}
if ( uid >= 0 ) {
uid, 0, 0 );
exit( 1 );
}
+#ifdef HAVE_SETEUID
if ( seteuid( uid ) != 0 ) {
Debug( LDAP_DEBUG_ANY, "Could not set real user id to %d\n",
uid, 0, 0 );
exit( 1 );
}
+#endif
}
}
projects / openldap / commitdiff