From 8567ce8eedfc9ccfbefa44f973f13f5489a151f3 Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Sun, 15 Oct 2006 18:24:30 +0000 Subject: [PATCH] fix previous commit --- servers/slapd/daemon.c | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c index 8ad1f77e78..4bc9e94a4d 100644 --- a/servers/slapd/daemon.c +++ b/servers/slapd/daemon.c @@ -1308,39 +1308,43 @@ slap_open_listener( #ifdef LDAP_PF_LOCAL case AF_LOCAL: #ifdef LOCAL_CREDS - { - int one = 1; - setsockopt( l.sl_sd, 0, LOCAL_CREDS, &one, sizeof( one ) ); - } + { + int one = 1; + setsockopt( l.sl_sd, 0, LOCAL_CREDS, &one, sizeof( one ) ); + } #endif /* LOCAL_CREDS */ - addrlen = sizeof( struct sockaddr_un ); + addrlen = sizeof( struct sockaddr_un ); + break; +#endif /* LDAP_PF_LOCAL */ + } +#ifdef LDAP_PF_LOCAL /* create socket with all permissions set for those systems * that honor permissions on sockets (e.g. Linux); typically, * only write is required. To exploit filesystem permissions, * place the socket in a directory and use directory's * permissions. Need write perms to the directory to * create/unlink the socket; likely need exec perms to access - * the socket */ + * the socket (ITS#4709) */ { mode_t old_umask; old_umask = umask( 0 ); +#endif /* LDAP_PF_LOCAL */ rc = bind( l.sl_sd, *sal, addrlen ); +#ifdef LDAP_PF_LOCAL umask( old_umask ); - if ( rc ) { - err = sock_errno(); - Debug( LDAP_DEBUG_ANY, - "daemon: bind(%ld) failed errno=%d (%s)\n", - (long)l.sl_sd, err, sock_errstr( err ) ); - tcp_close( l.sl_sd ); - sal++; - continue; - } } - break; #endif /* LDAP_PF_LOCAL */ + if ( rc ) { + err = sock_errno(); + Debug( LDAP_DEBUG_ANY, + "daemon: bind(%ld) failed errno=%d (%s)\n", + (long)l.sl_sd, err, sock_errstr( err ) ); + tcp_close( l.sl_sd ); + sal++; + continue; } switch ( (*sal)->sa_family ) { -- 2.39.5