Nico Erfurth wrote:
> John Dalbec wrote:
>
>>I wrote a Perl script to test this. It opens an LDAP connection and
>>binds to the directory. It forks a child that runs a search then sleeps
>>for a while. The parent sleeps to allow the child search to complete,
>>then forks a second child that runs the same search and then sleeps for
>>a while. If I set up the LDAP connection unencrypted, the script runs
>>fine. If I set up the LDAP connection encrypted, the second search gets
>>an I/O error.
>>
>>I think a reasonable workaround is if Exim caches the PID along with the
>>other connection information for encrypted connections and then uses the
>>encrypted connection only with that PID. Does anyone have a better idea?
>
>
> IIRC exim calls the tidyup-function of all lookuptypes before spawning a
> new process, so this shouldn't happen as long as ldap_tidyup is
> implemented correctly.
I don't think that's happening in rda.c:
/* We need to run the processing code in a sub-process. However, if we can
determine the non-existence of a file first, we can decline without having to
create the sub-process. */
if (rdata->isfile && rda_exists(data, error) == FILE_NOT_EXIST)
return FF_NONEXIST;
/* If the file does exist, or we can't tell (non-root mounted NFS directory)
we have to create the subprocess to do everything as the given user. The
results of processing are passed back via a pipe. */
if (pipe(pfd) != 0)
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "creation of pipe for filter or "
":include: failed for %s: %s", rname, strerror(errno));
/* Ensure that SIGCHLD is set to SIG_DFL before forking, so that the child
process can be waited for. We sometimes get here with it set otherwise. Save
the old state for resetting on the wait. */
oldsignal = signal(SIGCHLD, SIG_DFL);
if ((pid = fork()) == 0)
{
header_line *waslast = header_last; /* Save last header */
fd = pfd[pipe_write];
(void)close(pfd[pipe_read]);
exim_setugid(ugid->uid, ugid->gid, FALSE, rname);
/* Addresses can get rewritten in filters; if we are not root or the exim
user (and we probably are not), turn off rewrite logging, because we cannot
write to the log now. */
if (ugid->uid != root_uid && ugid->uid != exim_uid)
{
DEBUG(D_rewrite) debug_printf("turned off address rewrite logging (not "
"root or exim in this process)\n");
log_write_selector &= ~L_address_rewrite;
}
/* Now do the business */
yield = rda_extract(rdata, options, include_directory,
sieve_vacation_directory, sieve_useraddress, sieve_subaddress, generated,
error, eblockp, filtertype);
I see nothing about tidying up in this code. What should I add?
Thanks,
John
>
> Nico
>
