We define the meaning of the various log levels in the man page
for krb5_openlog(3). If logging configured and levels are not
specified, we change the default levels to 0-3 which should exclude
debugging messages which are generally only desired in exceptional
circumstances.
We also go through the KDC and adjust the levels to be appropriate.
- Simplify child process creation rate limit by moving
select_sleep() to happen right after the parent fork().
- Consider child pid table slots to be empty if the pid is
non-positive, rather than just -1 or just 0.
- Log warnings should we ever spawn a child with no free
slot to track it, or reap a child that does not match
a tracked slot.
When the termination of a child process is observed by reap_kid() it
clears the pids[] element by assigning it the invalid pid value
(pid_t)-1. However, start_kdc() assumes that the unused pid[[] element
value is 0. As a result, each pid[] element's associated child process
can only be restarted once since start_kdc() will not be able to locate
an unused element.
This change alters start_kdc() to initialize all elements of pids[] to
(pid_t)-1 and use that as the marker for unused elements. By doing so
start_kdc() can properly record child process pids and indefinitely
restart child processes as necessary.
Change-Id: Ia93c9284ab21289994eca7fc9cf1278be7c00683
The kdc nowadays forks and restarts worker children. This is nice, but
for leak checking in tests on OS X with leak(1) we really need the
worker to be the one process.
The prior structure of the code was safe but can appear otherwise to
static analyzers since the assignment to pids[i] occurs after exitting
the for() loop.
While here use calloc() instead of malloc()/memset().
Change-Id: I8455aa259fd8c7c17778827937ec26127fe0785c
We now fork(2) a number of separate KDC processes rather than a single
process. By default, the number is selected by asking how many CPUs
the machine has. We also have a master process which monitors all
of the children (which do the actual work) and it will restart kids
who die for any reason. The children will die when the parent dies.
In the case of MacOS X, we also move the bonjour code into another
separate child as it creates threads and this is known to play
rather poorly with fork(2). We could move this logic into a
designated child at some point in the future.
We slow down the spawning to one every 25ms to prevent instant crashes
and restarts from consuming all available system time. This approach
may want to be revisited in the future.
Tests that start daemons have to "wait" for them to start.
This commit makes Heimdal daemons prep to detach (when requested) by
forking early, then having the child signal readiness to the parent when
the child really is ready. The parent exits only which the child is
ready. This means that tests will no longer need to wait for daemons.
However, tests will still need a pidfile or such so they can stop the
daemons.
Note that the --detach options should not be used on OS X from launchd,
only from tests.
