X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fdaemon.c;h=fb07060016e6216047d58765f8d82acb903c11d4;hb=7684514535dbe9f407b420bab76f06861ad7587d;hp=fd42334d941c5c7123e63a30d760e1f4126dd8b5;hpb=036289f9c4a17f9c1c2a30f065bbbd675a9e0eb6;p=openldap

diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c
index fd42334d94..fb07060016 100644
--- a/servers/slapd/daemon.c
+++ b/servers/slapd/daemon.c
@@ -328,7 +328,7 @@ static struct slap_daemon {
 } while (0)
 
 # define SLAP_DEVPOLL_SOCK_SET(s, mode) 	do { \
-	fprintf( stderr, "SLAP_SOCK_SET_%s(%d) = %d\n", \
+	Debug( LDAP_DEBUG_CONNS, "SLAP_SOCK_SET_%s(%d)=%d\n", \
 		(mode) == POLLIN ? "READ" : "WRITE", (s), \
 		( (SLAP_DEVPOLL_SOCK_EV((s)) & (mode)) != (mode) ) ); \
 	if ( (SLAP_DEVPOLL_SOCK_EV((s)) & (mode)) != (mode) ) { \
@@ -341,7 +341,7 @@ static struct slap_daemon {
 } while (0)
 
 # define SLAP_DEVPOLL_SOCK_CLR(s, mode)		do { \
-	fprintf( stderr, "SLAP_SOCK_CLR_%s(%d) = %d\n", \
+	Debug( LDAP_DEBUG_CONNS, "SLAP_SOCK_CLR_%s(%d)=%d\n", \
 		(mode) == POLLIN ? "READ" : "WRITE", (s), \
 		( (SLAP_DEVPOLL_SOCK_EV((s)) & (mode)) == (mode) ) ); \
 	if ((SLAP_DEVPOLL_SOCK_EV((s)) & (mode)) == (mode) ) { \
@@ -378,7 +378,7 @@ static struct slap_daemon {
  * need to shutdown.
  */
 # define SLAP_SOCK_ADD(s, l)		do { \
-	fprintf( stderr, "SLAP_SOCK_ADD(%d, %p)\n", (s), (l) ); \
+	Debug( LDAP_DEBUG_CONNS, "SLAP_SOCK_ADD(%d, %p)\n", (s), (l), 0 ); \
 	SLAP_DEVPOLL_SOCK_IX((s)) = slap_daemon.sd_nfds; \
 	SLAP_DEVPOLL_SOCK_LX((s)) = (l); \
 	SLAP_DEVPOLL_SOCK_FD((s)) = (s); \
@@ -391,7 +391,7 @@ static struct slap_daemon {
 
 # define SLAP_SOCK_DEL(s)		do { \
 	int fd, index = SLAP_DEVPOLL_SOCK_IX((s)); \
-	fprintf( stderr, "SLAP_SOCK_DEL(%d)\n", (s) ); \
+	Debug( LDAP_DEBUG_CONNS, "SLAP_SOCK_DEL(%d)\n", (s), 0, 0 ); \
 	if ( index < 0 ) break; \
 	if ( index < slap_daemon.sd_nfds - 1 ) { \
 		struct pollfd pfd = slap_daemon.sd_pollfd[index]; \
@@ -494,6 +494,7 @@ static struct slap_daemon {
 
 # define SLAP_SOCK_INIT			do { \
 	SLAP_SELECT_CHK_SETSIZE; \
+	FD_ZERO(&slap_daemon.sd_actives); \
 	FD_ZERO(&slap_daemon.sd_readers); \
 	FD_ZERO(&slap_daemon.sd_writers); \
 } while (0)
@@ -548,7 +549,7 @@ static struct slap_daemon {
 # define SLAP_EVENT_CLR_READ(fd) 	FD_CLR((fd), &readfds)
 # define SLAP_EVENT_CLR_WRITE(fd)	FD_CLR((fd), &writefds)
 
-# define SLAP_EVENT_WAIT(tvp, snp)	do { \
+# define SLAP_EVENT_WAIT(tvp, nsp)	do { \
 	*(nsp) = select( SLAP_EVENT_MAX, &readfds, \
 		nwriters > 0 ? &writefds : NULL, NULL, (tvp) ); \
 } while (0)
@@ -713,8 +714,8 @@ slapd_add( ber_socket_t s, int isactive, Listener *sl )
 
 	SLAP_SOCK_ADD(s, sl);
 
-	Debug( LDAP_DEBUG_CONNS, "daemon: added %ldr\n",
-		(long) s, 0, 0 );
+	Debug( LDAP_DEBUG_CONNS, "daemon: added %ldr%s listener=%p\n",
+		(long) s, isactive ? " (active)" : "", (void *)sl );
 
 	ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
 
@@ -1308,21 +1309,44 @@ slap_open_listener(
 #ifdef LDAP_PF_LOCAL
 		case AF_LOCAL:
 #ifdef LOCAL_CREDS
-		{
-			int one = 1;
-			setsockopt(l.sl_sd, 0, LOCAL_CREDS, &one, sizeof one);
-		}
+			{
+				int one = 1;
+				setsockopt( l.sl_sd, 0, LOCAL_CREDS, &one, sizeof( one ) );
+			}
 #endif /* LOCAL_CREDS */
-		addrlen = sizeof(struct sockaddr_un);
-		break;
+
+			addrlen = sizeof( struct sockaddr_un );
+			break;
 #endif /* LDAP_PF_LOCAL */
 		}
 
-		if (bind(l.sl_sd, *sal, addrlen)) {
+#ifdef LDAP_PF_LOCAL
+		/* create socket with all permissions set for those systems
+		 * that honor permissions on sockets (e.g. Linux); typically,
+		 * only write is required.  To exploit filesystem permissions,
+		 * place the socket in a directory and use directory's
+		 * permissions.  Need write perms to the directory to 
+		 * create/unlink the socket; likely need exec perms to access
+		 * the socket (ITS#4709) */
+		{
+			mode_t old_umask;
+
+			if ( (*sal)->sa_family == AF_LOCAL ) {
+				old_umask = umask( 0 );
+			}
+#endif /* LDAP_PF_LOCAL */
+			rc = bind( l.sl_sd, *sal, addrlen );
+#ifdef LDAP_PF_LOCAL
+			if ( (*sal)->sa_family == AF_LOCAL ) {
+				umask( old_umask );
+			}
+		}
+#endif /* LDAP_PF_LOCAL */
+		if ( rc ) {
 			err = sock_errno();
 			Debug( LDAP_DEBUG_ANY,
 				"daemon: bind(%ld) failed errno=%d (%s)\n",
-				(long) l.sl_sd, err, sock_errstr(err) );
+				(long)l.sl_sd, err, sock_errstr( err ) );
 			tcp_close( l.sl_sd );
 			sal++;
 			continue;
@@ -1364,9 +1388,9 @@ slap_open_listener(
 			inet_ntop( AF_INET6, &((struct sockaddr_in6 *)*sal)->sin6_addr,
 				addr, sizeof addr);
 			port = ntohs( ((struct sockaddr_in6 *)*sal)->sin6_port );
-			l.sl_name.bv_len = strlen(addr) + sizeof("IP= 65535");
+			l.sl_name.bv_len = strlen(addr) + sizeof("IP=[]:65535");
 			l.sl_name.bv_val = ber_memalloc( l.sl_name.bv_len );
-			snprintf( l.sl_name.bv_val, l.sl_name.bv_len, "IP=%s %d", 
+			snprintf( l.sl_name.bv_val, l.sl_name.bv_len, "IP=[%s]:%d", 
 				addr, port );
 			l.sl_name.bv_len = strlen( l.sl_name.bv_val );
 		} break;
@@ -1571,11 +1595,15 @@ slap_listener(
 #ifdef LDAP_PF_LOCAL
 	char peername[MAXPATHLEN + sizeof("PATH=")];
 #elif defined(LDAP_PF_INET6)
-	char peername[sizeof("IP=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 65535")];
+	char peername[sizeof("IP=[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535")];
 #else /* ! LDAP_PF_LOCAL && ! LDAP_PF_INET6 */
 	char peername[sizeof("IP=255.255.255.255:65336")];
 #endif /* LDAP_PF_LOCAL */
 
+	Debug( LDAP_DEBUG_TRACE,
+		">>> slap_listener(%s)",
+		sl->sl_url.bv_val, 0, 0 );
+
 	peername[0] = '\0';
 
 #ifdef LDAP_CONNECTIONLESS
@@ -1731,7 +1759,7 @@ slap_listener(
 		peeraddr = (char *) inet_ntop( AF_INET6,
 				      &from.sa_in6_addr.sin6_addr,
 				      addr, sizeof addr );
-		sprintf( peername, "IP=%s %d",
+		sprintf( peername, "IP=[%s]:%d",
 			 peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
 			 (unsigned) ntohs( from.sa_in6_addr.sin6_port ) );
 	}
@@ -1739,10 +1767,10 @@ slap_listener(
 #  endif /* LDAP_PF_INET6 */
 
 	case AF_INET:
-	peeraddr = inet_ntoa( from.sa_in_addr.sin_addr );
-	sprintf( peername, "IP=%s:%d",
-		peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
-		(unsigned) ntohs( from.sa_in_addr.sin_port ) );
+		peeraddr = inet_ntoa( from.sa_in_addr.sin_addr );
+		sprintf( peername, "IP=%s:%d",
+			peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
+			(unsigned) ntohs( from.sa_in_addr.sin_port ) );
 		break;
 
 	default:
@@ -1827,13 +1855,15 @@ slap_listener_thread(
 	void* ctx,
 	void* ptr )
 {
-	int rc;
+	int		rc;
+	Listener	*sl = (Listener *)ptr;
 
-	rc = slap_listener( (Listener*)ptr );
+	rc = slap_listener( sl );
 
 	if( rc != LDAP_SUCCESS ) {
 		Debug( LDAP_DEBUG_ANY,
-			"listener_thread: failed %d", rc, 0, 0 );
+			"slap_listener_thread(%s): failed err=%d",
+			sl->sl_url.bv_val, rc, 0 );
 	}
 
 	return (void*)NULL;