diff options
-rw-r--r-- | source3/lib/util_sock.c | 104 | ||||
-rw-r--r-- | source3/nsswitch/winbindd.c | 88 |
2 files changed, 105 insertions, 87 deletions
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index a56a974193..9f01d8223d 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -1,8 +1,9 @@ /* Unix SMB/Netbios implementation. - Version 1.9. + Version 3.0. Samba utility functions Copyright (C) Andrew Tridgell 1992-1998 + Copyright (C) Tim Potter 2000-2001 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1113,6 +1114,107 @@ int open_pipe_sock(char *path) } /******************************************************************* + Create protected unix domain socket. + + some unixen cannot set permissions on a ux-dom-sock, so we + have to make sure that the directory contains the protection + permissions, instead. + ******************************************************************/ +int create_pipe_sock(const char *socket_dir, + const char *socket_name, + mode_t dir_perms) +{ + struct sockaddr_un sunaddr; + struct stat st; + int sock; + mode_t old_umask; + pstring path; + + /* Create the socket directory or reuse the existing one */ + + if (lstat(socket_dir, &st) == -1) { + + if (errno == ENOENT) { + + /* Create directory */ + + if (mkdir(socket_dir, dir_perms) == -1) { + DEBUG(0, ("error creating socket directory " + "%s: %s\n", socket_dir, + strerror(errno))); + return -1; + } + + } else { + + DEBUG(0, ("lstat failed on socket directory %s: %s\n", + socket_dir, strerror(errno))); + return -1; + } + + } else { + + /* Check ownership and permission on existing directory */ + + if (!S_ISDIR(st.st_mode)) { + DEBUG(0, ("socket directory %s isn't a directory\n", + socket_dir)); + return -1; + } + + if ((st.st_uid != sec_initial_uid()) || + ((st.st_mode & 0777) != dir_perms)) { + DEBUG(0, ("invalid permissions on socket directory " + "%s\n", socket_dir)); + return -1; + } + } + + /* Create the socket file */ + + old_umask = umask(0); + + sock = socket(AF_UNIX, SOCK_STREAM, 0); + + if (sock == -1) { + perror("socket"); + umask(old_umask); + return -1; + } + + snprintf(path, sizeof(path), "%s/%s", socket_dir, socket_name); + + unlink(path); + memset(&sunaddr, 0, sizeof(sunaddr)); + sunaddr.sun_family = AF_UNIX; + safe_strcpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path)-1); + + if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { + DEBUG(0, ("bind failed on pipe socket %s: %s\n", + path, + strerror(errno))); + close(sock); + umask(old_umask); + return -1; + } + + if (listen(sock, 5) == -1) { + DEBUG(0, ("listen failed on pipe socket %s: %s\n", + path, + strerror(errno))); + close(sock); + umask(old_umask); + return -1; + } + + umask(old_umask); + + /* Success! */ + + return sock; +} + +/******************************************************************* this is like socketpair but uses tcp. It is used by the Samba regression test code The function guarantees that nobody else can attach to the socket, diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index 1a9eae7afa..25b69cee6d 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -187,92 +187,8 @@ static void sighup_handler(int signum) static int create_sock(void) { - struct sockaddr_un sunaddr; - struct stat st; - int sock; - mode_t old_umask; - pstring path; - - /* Create the socket directory or reuse the existing one */ - - if (lstat(WINBINDD_SOCKET_DIR, &st) == -1) { - - if (errno == ENOENT) { - - /* Create directory */ - - if (mkdir(WINBINDD_SOCKET_DIR, 0755) == -1) { - DEBUG(0, ("error creating socket directory " - "%s: %s\n", WINBINDD_SOCKET_DIR, - strerror(errno))); - return -1; - } - - } else { - - DEBUG(0, ("lstat failed on socket directory %s: %s\n", - WINBINDD_SOCKET_DIR, strerror(errno))); - return -1; - } - - } else { - - /* Check ownership and permission on existing directory */ - - if (!S_ISDIR(st.st_mode)) { - DEBUG(0, ("socket directory %s isn't a directory\n", - WINBINDD_SOCKET_DIR)); - return -1; - } - - if ((st.st_uid != sec_initial_uid()) || - ((st.st_mode & 0777) != 0755)) { - DEBUG(0, ("invalid permissions on socket directory " - "%s\n", WINBINDD_SOCKET_DIR)); - return -1; - } - } - - /* Create the socket file */ - - old_umask = umask(0); - - sock = socket(AF_UNIX, SOCK_STREAM, 0); - - if (sock == -1) { - perror("socket"); - return -1; - } - - snprintf(path, sizeof(path), "%s/%s", - WINBINDD_SOCKET_DIR, WINBINDD_SOCKET_NAME); - - unlink(path); - memset(&sunaddr, 0, sizeof(sunaddr)); - sunaddr.sun_family = AF_UNIX; - safe_strcpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path)-1); - - if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { - DEBUG(0, ("bind failed on winbind socket %s: %s\n", - path, - strerror(errno))); - close(sock); - return -1; - } - - if (listen(sock, 5) == -1) { - DEBUG(0, ("listen failed on winbind socket %s: %s\n", - path, - strerror(errno))); - close(sock); - return -1; - } - - umask(old_umask); - - /* Success! */ - - return sock; + return create_pipe_sock( WINBINDD_SOCKET_DIR, + WINBINDD_SOCKET_NAME, 0755); } struct dispatch_table { |