diff options
| author | Anton Luka Šijanec <anton@sijanec.eu> | 2024-06-06 20:24:08 +0200 |
|---|---|---|
| committer | Anton Luka Šijanec <anton@sijanec.eu> | 2024-06-06 20:24:08 +0200 |
| commit | 4b642834e01b0cf512c23666a1f959810d5cbe6e (patch) | |
| tree | 4b51cbd8cf8c503e6bcf3ce33ae0f6be135bcda0 | |
| parent | listen on custom network (ex. unix socket) (diff) | |
| download | pamldapd-4b642834e01b0cf512c23666a1f959810d5cbe6e.tar pamldapd-4b642834e01b0cf512c23666a1f959810d5cbe6e.tar.gz pamldapd-4b642834e01b0cf512c23666a1f959810d5cbe6e.tar.bz2 pamldapd-4b642834e01b0cf512c23666a1f959810d5cbe6e.tar.lz pamldapd-4b642834e01b0cf512c23666a1f959810d5cbe6e.tar.xz pamldapd-4b642834e01b0cf512c23666a1f959810d5cbe6e.tar.zst pamldapd-4b642834e01b0cf512c23666a1f959810d5cbe6e.zip | |
| -rw-r--r-- | README.adoc | 2 | ||||
| -rw-r--r-- | main.go | 29 |
2 files changed, 26 insertions, 5 deletions
diff --git a/README.adoc b/README.adoc index d5ba33d..efd59d3 100644 --- a/README.adoc +++ b/README.adoc @@ -63,7 +63,7 @@ Example Configuration: `listen` :: Listen IP address and port like `0.0.0.0:0000` -You may optionally listen on a UNIX socket by setting the JSON configuration key "network" to "unix" and "listen" to "/path/to/your.sock". You may actually listen on any network that is supported by https://pkg.go.dev/net#Listen +You may optionally listen on a UNIX socket by setting the JSON configuration key "network" to "unix" and "listen" to "/path/to/your.sock". You may actually listen on any network that is supported by https://pkg.go.dev/net#Listen -- When you're listening on a UNIX socket, you can use the setgid bit of the directory that will contain your socket file. This way, the socket file will preserve the group ownership of the directory. You can also set the umask to decide who can connect to your socket and who can't. Just make sure that you create the logfile beforehand so that the logfile has different (perhaps more strict) permissions. `pamservicename` :: PAM authentication requires service-name like `login`, `su`. You can choose existing service or create a new. Existing service can be seen typing `ls /etc/pam.d/` @@ -12,6 +12,8 @@ import ( "net" "os" "os/user" + "os/signal" + "syscall" "strings" ) @@ -77,10 +79,28 @@ func main() { l.SearchFunc("", backend) l.CloseFunc("", backend) backend.logger.Printf("LDAP server listen: %s, network %s", backend.Listen, backend.Network) - if err := l.ListenAndServe(backend.Listen, backend.Network); err != nil { - backend.logger.Printf("LDAP server listen failed: %s", err.Error()) - os.Exit(1) - } + can_quit := make(chan bool, 1) + go func() { + if err := l.ListenAndServe(backend.Listen, backend.Network); err != nil { + backend.logger.Printf("LDAP server listen failed: %s", err.Error()) + os.Exit(1) + } + can_quit <- true + }() + sigs := make(chan os.Signal, 1) + signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM, syscall.SIGHUP) + done := make(chan bool, 1) + go func() { + sig := <-sigs + backend.logger.Printf("Received a signal %s", sig.String()) + done <- true + }() + backend.logger.Printf("Running ...") + <-done + l.Quit <- true + backend.logger.Printf("Signalling LDAP server to terminate ..."); + <-can_quit + backend.logger.Printf("Exiting ...") } func (b Backend) Bind(bindDN, bindSimplePw string, conn net.Conn) (resultCode ldap.LDAPResultCode, err error) { @@ -159,6 +179,7 @@ func (b Backend) Search(bindDN string, req ldap.SearchRequest, conn net.Conn) (r func (b Backend) Close(bindDN string, conn net.Conn) (err error) { b.logger.Printf("Close addr=%s", conn.RemoteAddr().String()) + conn.Close() return nil } |