Added check for sendmsg(). Added hack to use BSD sendmsg()/recvmsg() to

propagate peer creds if no explicit PEERCRED facility exists. Works
on Solaris 8.

diff --git a/configure.in b/configure.in
index f4821fde2554be1f9b95bbca0aa13ffb34a04ff6..e0594ebed2e7a6079397cba709b64d8768e9b9a9 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -2475,6 +2475,7 @@ AC_CHECK_FUNCS(           \
        wait4                   \
        write                   \
        send                    \
+       sendmsg                 \
        sendto                  \
 )
 

diff --git a/libraries/libldap/os-local.c b/libraries/libldap/os-local.c
index b752a382feb454182a27cd29298001362bc40b9d..9bd69ca92c7775c9e74a1c869e56f35eeb719ce5 100644 (file)
--- a/libraries/libldap/os-local.c
+++ b/libraries/libldap/os-local.c
@@ -131,6 +131,10 @@ ldap_pvt_is_socket_ready(LDAP *ld, int s)
 }
 #undef TRACE
 
+#if !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED) && !defined(LOCAL_PEERCRED) && defined(HAVE_SENDMSG)
+#define DO_SENDMSG
+#endif
+
 static int
 ldap_pvt_connect(LDAP *ld, ber_socket_t s, struct sockaddr_un *sa, int async)
 {
@@ -155,6 +159,25 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s, struct sockaddr_un *sa, int async)
                if ( ldap_pvt_ndelay_off(ld, s) == -1 ) {
                        return ( -1 );
                }
+#ifdef DO_SENDMSG
+       /* Send a dummy message with access rights. Remote side will
+        * obtain our uid/gid by fstat'ing this descriptor.
+        */
+sendcred:       {
+                       int fds[2];
+                       struct iovec iov = {(char *)fds, sizeof(int)};
+                       struct msghdr msg = {0};
+                       if (pipe(fds) == 0) {
+                               msg.msg_iov = &iov;
+                               msg.msg_iovlen = 1;
+                               msg.msg_accrights = (char *)fds;
+                               msg.msg_accrightslen = sizeof(int);
+                               sendmsg( s, &msg, 0 );
+                               close(fds[0]);
+                               close(fds[1]);
+                       }
+               }
+#endif
                return ( 0 );
        }
 
@@ -181,7 +204,11 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s, struct sockaddr_un *sa, int async)
                        return ( -1 );
                if ( ldap_pvt_ndelay_off(ld, s) == -1 )
                        return ( -1 );
+#ifdef DO_SENDMSG
+               goto sendcred;
+#else
                return ( 0 );
+#endif
        }
        oslocal_debug(ld, "ldap_connect_timeout: timed out\n",0,0,0);
        ldap_pvt_set_errno( ETIMEDOUT );

diff --git a/libraries/liblutil/getpeereid.c b/libraries/liblutil/getpeereid.c
index c64c98429b3da0a0deeb17e559afc4efaee0ec09..80d90d1ffe59a7601fb3a0e46988aa1ba42a6883 100644 (file)
--- a/libraries/liblutil/getpeereid.c
+++ b/libraries/liblutil/getpeereid.c
@@ -18,6 +18,11 @@
 #include <sys/ucred.h>
 #endif
 
+#if !defined(SO_PEERCRED) && !defined(LOCAL_PEERCRED) && defined(HAVE_SENDMSG)
+#define DO_SENDMSG
+#include <sys/stat.h>
+#endif
+
 int getpeereid( int s, uid_t *euid, gid_t *egid )
 {
 #ifdef LDAP_PF_LOCAL
@@ -46,6 +51,26 @@ int getpeereid( int s, uid_t *euid, gid_t *egid )
                *egid = peercred.cr_gid;
                return 0;
        }
+#elif defined( DO_SENDMSG )
+       int dummy, fd[2];
+       struct iovec iov = {(char *)&dummy, sizeof(dummy)};
+       struct msghdr msg = {0};
+       struct stat st;
+       msg.msg_iov = &iov;
+       msg.msg_iovlen = 1;
+       msg.msg_accrights = (char *)fd;
+       msg.msg_accrightslen = sizeof(fd);
+       if( recvmsg( s, &msg, 0) >= 0 && msg.msg_accrightslen == sizeof(int) )
+       {
+               dummy = fstat( fd, &st );
+               close(fd[0]);
+               if( dummy == 0 )
+               {
+                       *euid = st.st_uid;
+                       *egid = st.st_gid;
+                       return 0;
+               }
+       }
 #endif
 #endif