X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Flibldap%2Fos-local.c;h=7f1f83100261afd615a09b55dfbbef5efad50abe;hb=d9a60db75ea1dbbc06d90d15e6f6969d8c075ee7;hp=20727a614e21cf7406738e96e743a0ff25b3444d;hpb=867fb2fd9fe29eef689f5ab0d6e1b7fe8d48a703;p=openldap

diff --git a/libraries/libldap/os-local.c b/libraries/libldap/os-local.c
index 20727a614e..7f1f831002 100644
--- a/libraries/libldap/os-local.c
+++ b/libraries/libldap/os-local.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Copyright 1998-2011 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -47,6 +47,9 @@
 #ifdef HAVE_IO_H
 #include <io.h>
 #endif /* HAVE_IO_H */
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
 
 #include "ldap-int.h"
 #include "ldap_defaults.h"
@@ -89,6 +92,9 @@ ldap_pvt_socket(LDAP *ld)
 {
 	ber_socket_t s = socket(PF_LOCAL, SOCK_STREAM, 0);
 	oslocal_debug(ld, "ldap_new_socket: %d\n",s,0,0);
+#ifdef FD_CLOEXEC
+	fcntl(s, F_SETFD, FD_CLOEXEC);
+#endif
 	return ( s );
 }
 
@@ -120,7 +126,7 @@ ldap_pvt_is_socket_ready(LDAP *ld, int s)
 #if defined( notyet ) /* && defined( SO_ERROR ) */
 {
 	int so_errno;
-	socklen_t dummy = sizeof(so_errno);
+	ber_socklen_t dummy = sizeof(so_errno);
 	if ( getsockopt( s, SOL_SOCKET, SO_ERROR, &so_errno, &dummy )
 		== AC_SOCKET_ERROR )
 	{
@@ -138,12 +144,12 @@ ldap_pvt_is_socket_ready(LDAP *ld, int s)
 	/* error slippery */
 	struct sockaddr_un sa;
 	char ch;
-	socklen_t dummy = sizeof(sa);
+	ber_socklen_t dummy = sizeof(sa);
 	if ( getpeername( s, (struct sockaddr *) &sa, &dummy )
 		== AC_SOCKET_ERROR )
 	{
 		/* XXX: needs to be replace with ber_stream_read() */
-		read(s, &ch, 1);
+		(void)read(s, &ch, 1);
 		TRACE;
 		return -1;
 	}
@@ -182,15 +188,18 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s, struct sockaddr_un *sa, int async)
 
 #ifdef LDAP_PF_LOCAL_SENDMSG
 	/* Send a dummy message with access rights. Remote side will
-	 * obtain our uid/gid by fstat'ing this descriptor.
+	 * obtain our uid/gid by fstat'ing this descriptor. The
+	 * descriptor permissions must match exactly, and we also
+	 * send the socket name, which must also match.
 	 */
 sendcred:
 		{
-			fchmod( s, S_ISUID|S_IRWXU );
-
-			/* Abandon, noop, has no reply */
-			struct iovec iov;
-			struct msghdr msg = {0};
+			int fds[2];
+			ber_socklen_t salen = sizeof(*sa);
+			if (pipe(fds) == 0) {
+				/* Abandon, noop, has no reply */
+				struct iovec iov;
+				struct msghdr msg = {0};
 # ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
 # ifndef CMSG_SPACE
 # define CMSG_SPACE(len)	(_CMSG_ALIGN( sizeof(struct cmsghdr)) + _CMSG_ALIGN(len) )
@@ -198,38 +207,44 @@ sendcred:
 # ifndef CMSG_LEN
 # define CMSG_LEN(len)		(_CMSG_ALIGN( sizeof(struct cmsghdr)) + (len) )
 # endif
-			union {
-				struct cmsghdr cm;
-				unsigned char control[CMSG_SPACE(sizeof(int))];
-			} control_un;
-			struct cmsghdr *cmsg;
+				union {
+					struct cmsghdr cm;
+					unsigned char control[CMSG_SPACE(sizeof(int))];
+				} control_un;
+				struct cmsghdr *cmsg;
 # endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
-			msg.msg_name = NULL;
-			msg.msg_namelen = 0;
-			iov.iov_base = (char *) abandonPDU;
-			iov.iov_len = sizeof abandonPDU;
-			msg.msg_iov = &iov;
-			msg.msg_iovlen = 1;
+				msg.msg_name = NULL;
+				msg.msg_namelen = 0;
+				iov.iov_base = (char *) abandonPDU;
+				iov.iov_len = sizeof abandonPDU;
+				msg.msg_iov = &iov;
+				msg.msg_iovlen = 1;
 # ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
-			msg.msg_control = control_un.control;
-			msg.msg_controllen = sizeof( control_un.control );
-			msg.msg_flags = 0;
+				msg.msg_control = control_un.control;
+				msg.msg_controllen = sizeof( control_un.control );
+				msg.msg_flags = 0;
 
-			cmsg = CMSG_FIRSTHDR( &msg );
-			cmsg->cmsg_len = CMSG_LEN( sizeof(int) );
-			cmsg->cmsg_level = SOL_SOCKET;
-			cmsg->cmsg_type = SCM_RIGHTS;
+				cmsg = CMSG_FIRSTHDR( &msg );
+				cmsg->cmsg_len = CMSG_LEN( sizeof(int) );
+				cmsg->cmsg_level = SOL_SOCKET;
+				cmsg->cmsg_type = SCM_RIGHTS;
 
-			*((int *)CMSG_DATA(cmsg)) = s;
+				*((int *)CMSG_DATA(cmsg)) = fds[0];
 # else
-			msg.msg_accrights = (char *)&s;
-			msg.msg_accrightslen = sizeof(int);
+				msg.msg_accrights = (char *)fds;
+				msg.msg_accrightslen = sizeof(int);
 # endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
-			sendmsg( s, &msg, 0 );
-	}
+				getpeername( s, (struct sockaddr *) sa, &salen );
+				fchmod( fds[0], S_ISUID|S_IRWXU );
+				write( fds[1], sa, salen );
+				sendmsg( s, &msg, 0 );
+				close(fds[0]);
+				close(fds[1]);
+			}
+		}
 #endif
-	return 0;
-}
+		return 0;
+	}
 
 	if ( errno != EINPROGRESS && errno != EWOULDBLOCK ) return -1;
 	
@@ -304,19 +319,15 @@ sendcred:
 }
 
 int
-ldap_connect_to_path(LDAP *ld, Sockbuf *sb, const char *path, int async)
+ldap_connect_to_path(LDAP *ld, Sockbuf *sb, LDAPURLDesc *srv, int async)
 {
 	struct sockaddr_un	server;
 	ber_socket_t		s;
 	int			rc;
+	const char *path = srv->lud_host;
 
 	oslocal_debug(ld, "ldap_connect_to_path\n",0,0,0);
 
-	s = ldap_pvt_socket( ld );
-	if ( s == AC_SOCKET_INVALID ) {
-		return -1;
-	}
-
 	if ( path == NULL || path[0] == '\0' ) {
 		path = LDAPI_SOCK;
 	} else {
@@ -326,6 +337,11 @@ ldap_connect_to_path(LDAP *ld, Sockbuf *sb, const char *path, int async)
 		}
 	}
 
+	s = ldap_pvt_socket( ld );
+	if ( s == AC_SOCKET_INVALID ) {
+		return -1;
+	}
+
 	oslocal_debug(ld, "ldap_connect_to_path: Trying %s\n", path, 0, 0);
 
 	memset( &server, '\0', sizeof(server) );
@@ -335,8 +351,9 @@ ldap_connect_to_path(LDAP *ld, Sockbuf *sb, const char *path, int async)
 	rc = ldap_pvt_connect(ld, s, &server, async);
 
 	if (rc == 0) {
-		ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_FD, (void *)&s );
-	} else {
+		rc = ldap_int_connect_cbs( ld, sb, &s, srv, (struct sockaddr *)&server );
+	}
+	if ( rc ) {
 		ldap_pvt_close_socket(ld, s);
 	}
 	return rc;