fix previous commit

diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c
index 8ad1f77e786903ef0934ad0e3b1860307ce0e319..4bc9e94a4d1a14e478d5c1f03bff399b435c7bfb 100644 (file)
--- a/servers/slapd/daemon.c
+++ b/servers/slapd/daemon.c
@@ -1308,39 +1308,43 @@ slap_open_listener(
 #ifdef LDAP_PF_LOCAL
                case AF_LOCAL:
 #ifdef LOCAL_CREDS
-               {
-                       int one = 1;
-                       setsockopt( l.sl_sd, 0, LOCAL_CREDS, &one, sizeof( one ) );
-               }
+                       {
+                               int one = 1;
+                               setsockopt( l.sl_sd, 0, LOCAL_CREDS, &one, sizeof( one ) );
+                       }
 #endif /* LOCAL_CREDS */
 
-               addrlen = sizeof( struct sockaddr_un );
+                       addrlen = sizeof( struct sockaddr_un );
+                       break;
+#endif /* LDAP_PF_LOCAL */
+               }
 
+#ifdef LDAP_PF_LOCAL
                /* create socket with all permissions set for those systems
                 * that honor permissions on sockets (e.g. Linux); typically,
                 * only write is required.  To exploit filesystem permissions,
                 * place the socket in a directory and use directory's
                 * permissions.  Need write perms to the directory to 
                 * create/unlink the socket; likely need exec perms to access
-                * the socket */
+                * the socket (ITS#4709) */
                {
                        mode_t old_umask;
 
                        old_umask = umask( 0 );
+#endif /* LDAP_PF_LOCAL */
                        rc = bind( l.sl_sd, *sal, addrlen );
+#ifdef LDAP_PF_LOCAL
                        umask( old_umask );
-                       if ( rc ) {
-                               err = sock_errno();
-                               Debug( LDAP_DEBUG_ANY,
-                                       "daemon: bind(%ld) failed errno=%d (%s)\n",
-                                       (long)l.sl_sd, err, sock_errstr( err ) );
-                               tcp_close( l.sl_sd );
-                               sal++;
-                               continue;
-                       }
                }
-               break;
 #endif /* LDAP_PF_LOCAL */
+               if ( rc ) {
+                       err = sock_errno();
+                       Debug( LDAP_DEBUG_ANY,
+                               "daemon: bind(%ld) failed errno=%d (%s)\n",
+                               (long)l.sl_sd, err, sock_errstr( err ) );
+                       tcp_close( l.sl_sd );
+                       sal++;
+                       continue;
                }
 
                switch ( (*sal)->sa_family ) {