X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Flibldap%2Fos-local.c;h=7f1f83100261afd615a09b55dfbbef5efad50abe;hb=d9a60db75ea1dbbc06d90d15e6f6969d8c075ee7;hp=20727a614e21cf7406738e96e743a0ff25b3444d;hpb=867fb2fd9fe29eef689f5ab0d6e1b7fe8d48a703;p=openldap
diff --git a/libraries/libldap/os-local.c b/libraries/libldap/os-local.c
index 20727a614e..7f1f831002 100644
--- a/libraries/libldap/os-local.c
+++ b/libraries/libldap/os-local.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
- * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Copyright 1998-2011 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -47,6 +47,9 @@
#ifdef HAVE_IO_H
#include
#endif /* HAVE_IO_H */
+#ifdef HAVE_FCNTL_H
+#include
+#endif
#include "ldap-int.h"
#include "ldap_defaults.h"
@@ -89,6 +92,9 @@ ldap_pvt_socket(LDAP *ld)
{
ber_socket_t s = socket(PF_LOCAL, SOCK_STREAM, 0);
oslocal_debug(ld, "ldap_new_socket: %d\n",s,0,0);
+#ifdef FD_CLOEXEC
+ fcntl(s, F_SETFD, FD_CLOEXEC);
+#endif
return ( s );
}
@@ -120,7 +126,7 @@ ldap_pvt_is_socket_ready(LDAP *ld, int s)
#if defined( notyet ) /* && defined( SO_ERROR ) */
{
int so_errno;
- socklen_t dummy = sizeof(so_errno);
+ ber_socklen_t dummy = sizeof(so_errno);
if ( getsockopt( s, SOL_SOCKET, SO_ERROR, &so_errno, &dummy )
== AC_SOCKET_ERROR )
{
@@ -138,12 +144,12 @@ ldap_pvt_is_socket_ready(LDAP *ld, int s)
/* error slippery */
struct sockaddr_un sa;
char ch;
- socklen_t dummy = sizeof(sa);
+ ber_socklen_t dummy = sizeof(sa);
if ( getpeername( s, (struct sockaddr *) &sa, &dummy )
== AC_SOCKET_ERROR )
{
/* XXX: needs to be replace with ber_stream_read() */
- read(s, &ch, 1);
+ (void)read(s, &ch, 1);
TRACE;
return -1;
}
@@ -182,15 +188,18 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s, struct sockaddr_un *sa, int async)
#ifdef LDAP_PF_LOCAL_SENDMSG
/* Send a dummy message with access rights. Remote side will
- * obtain our uid/gid by fstat'ing this descriptor.
+ * obtain our uid/gid by fstat'ing this descriptor. The
+ * descriptor permissions must match exactly, and we also
+ * send the socket name, which must also match.
*/
sendcred:
{
- fchmod( s, S_ISUID|S_IRWXU );
-
- /* Abandon, noop, has no reply */
- struct iovec iov;
- struct msghdr msg = {0};
+ int fds[2];
+ ber_socklen_t salen = sizeof(*sa);
+ if (pipe(fds) == 0) {
+ /* Abandon, noop, has no reply */
+ struct iovec iov;
+ struct msghdr msg = {0};
# ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
# ifndef CMSG_SPACE
# define CMSG_SPACE(len) (_CMSG_ALIGN( sizeof(struct cmsghdr)) + _CMSG_ALIGN(len) )
@@ -198,38 +207,44 @@ sendcred:
# ifndef CMSG_LEN
# define CMSG_LEN(len) (_CMSG_ALIGN( sizeof(struct cmsghdr)) + (len) )
# endif
- union {
- struct cmsghdr cm;
- unsigned char control[CMSG_SPACE(sizeof(int))];
- } control_un;
- struct cmsghdr *cmsg;
+ union {
+ struct cmsghdr cm;
+ unsigned char control[CMSG_SPACE(sizeof(int))];
+ } control_un;
+ struct cmsghdr *cmsg;
# endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
- msg.msg_name = NULL;
- msg.msg_namelen = 0;
- iov.iov_base = (char *) abandonPDU;
- iov.iov_len = sizeof abandonPDU;
- msg.msg_iov = &iov;
- msg.msg_iovlen = 1;
+ msg.msg_name = NULL;
+ msg.msg_namelen = 0;
+ iov.iov_base = (char *) abandonPDU;
+ iov.iov_len = sizeof abandonPDU;
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
# ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
- msg.msg_control = control_un.control;
- msg.msg_controllen = sizeof( control_un.control );
- msg.msg_flags = 0;
+ msg.msg_control = control_un.control;
+ msg.msg_controllen = sizeof( control_un.control );
+ msg.msg_flags = 0;
- cmsg = CMSG_FIRSTHDR( &msg );
- cmsg->cmsg_len = CMSG_LEN( sizeof(int) );
- cmsg->cmsg_level = SOL_SOCKET;
- cmsg->cmsg_type = SCM_RIGHTS;
+ cmsg = CMSG_FIRSTHDR( &msg );
+ cmsg->cmsg_len = CMSG_LEN( sizeof(int) );
+ cmsg->cmsg_level = SOL_SOCKET;
+ cmsg->cmsg_type = SCM_RIGHTS;
- *((int *)CMSG_DATA(cmsg)) = s;
+ *((int *)CMSG_DATA(cmsg)) = fds[0];
# else
- msg.msg_accrights = (char *)&s;
- msg.msg_accrightslen = sizeof(int);
+ msg.msg_accrights = (char *)fds;
+ msg.msg_accrightslen = sizeof(int);
# endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
- sendmsg( s, &msg, 0 );
- }
+ getpeername( s, (struct sockaddr *) sa, &salen );
+ fchmod( fds[0], S_ISUID|S_IRWXU );
+ write( fds[1], sa, salen );
+ sendmsg( s, &msg, 0 );
+ close(fds[0]);
+ close(fds[1]);
+ }
+ }
#endif
- return 0;
-}
+ return 0;
+ }
if ( errno != EINPROGRESS && errno != EWOULDBLOCK ) return -1;
@@ -304,19 +319,15 @@ sendcred:
}
int
-ldap_connect_to_path(LDAP *ld, Sockbuf *sb, const char *path, int async)
+ldap_connect_to_path(LDAP *ld, Sockbuf *sb, LDAPURLDesc *srv, int async)
{
struct sockaddr_un server;
ber_socket_t s;
int rc;
+ const char *path = srv->lud_host;
oslocal_debug(ld, "ldap_connect_to_path\n",0,0,0);
- s = ldap_pvt_socket( ld );
- if ( s == AC_SOCKET_INVALID ) {
- return -1;
- }
-
if ( path == NULL || path[0] == '\0' ) {
path = LDAPI_SOCK;
} else {
@@ -326,6 +337,11 @@ ldap_connect_to_path(LDAP *ld, Sockbuf *sb, const char *path, int async)
}
}
+ s = ldap_pvt_socket( ld );
+ if ( s == AC_SOCKET_INVALID ) {
+ return -1;
+ }
+
oslocal_debug(ld, "ldap_connect_to_path: Trying %s\n", path, 0, 0);
memset( &server, '\0', sizeof(server) );
@@ -335,8 +351,9 @@ ldap_connect_to_path(LDAP *ld, Sockbuf *sb, const char *path, int async)
rc = ldap_pvt_connect(ld, s, &server, async);
if (rc == 0) {
- ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_FD, (void *)&s );
- } else {
+ rc = ldap_int_connect_cbs( ld, sb, &s, srv, (struct sockaddr *)&server );
+ }
+ if ( rc ) {
ldap_pvt_close_socket(ld, s);
}
return rc;