Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 304994 Details for
Bug 436390
LDAPI: support auto-bind
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
cvs diff slap.h getsocketpeer.c daemon.c
slapd.diffs (text/plain), 5.79 KB, created by
Noriko Hosoi
on 2008-05-09 23:52:46 UTC
(
hide
)
Description:
cvs diff slap.h getsocketpeer.c daemon.c
Filename:
MIME Type:
Creator:
Noriko Hosoi
Created:
2008-05-09 23:52:46 UTC
Size:
5.79 KB
patch
obsolete
>Index: slap.h >=================================================================== >RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slap.h,v >retrieving revision 1.31 >diff -t -w -U4 -r1.31 slap.h >--- slap.h 3 Apr 2008 16:52:46 -0000 1.31 >+++ slap.h 9 May 2008 23:17:39 -0000 >@@ -1247,8 +1247,9 @@ > int c_enable_sasl_io; /* Flag to tell us to enable SASL I/O on the next read */ > int c_sasl_io; /* Flag to tell us to enable SASL I/O on the next read */ > int c_sasl_ssf; /* flag to tell us the SASL SSF */ > int c_unix_local; /* flag true for LDAPI */ >+ int c_local_valid; /* flag true if the uid/gid are valid */ > uid_t c_local_uid; /* uid of connecting process */ > gid_t c_local_gid; /* gid of connecting process */ > } Connection; > #define CONN_FLAG_SSL 1 /* Is this connection an SSL connection or not ? >Index: getsocketpeer.c >=================================================================== >RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/getsocketpeer.c,v >retrieving revision 1.3 >diff -t -w -U4 -r1.3 getsocketpeer.c >--- getsocketpeer.c 27 Feb 2007 20:16:08 -0000 1.3 >+++ getsocketpeer.c 9 May 2008 23:17:39 -0000 >@@ -69,69 +69,86 @@ > ret = 0; > } > } > >-#elif 0 /*defined(HAVE_GETPEERUCRED)*/ /* solaris */ >+#elif defined(HAVE_GETPEERUCRED) /* solaris10 */ > > ucred_t *creds = 0; > > if(0 == getpeerucred(fd, &creds)) > { > if(uid) > { >- uid = ucred_getruid(creds); >+ *uid = ucred_getruid(creds); > if(-1 != uid) > ret = 0; > } > > if(gid) > { >- gid = ucred_getrgid(creds); >- if(-1 == gid) >+ *gid = ucred_getrgid(creds); >+ if(-1 == *gid) > ret = -1; > else > ret = 0; > } > > ucred_free(creds); > } > >-#elif 0 /* defined(HAVE_GETPEEREID) */ /* osx / some BSDs */ >+#elif defined(HAVE_GETPEEREID) /* osx / some BSDs */ > > if(0 == getpeereid(fd, &uid, &gid)) > ret = 0; > >-#elif 0 /* hpux / some BSDs - file descriptor cooperative auth */ >- >+#else /* hpux / Solaris9 / some BSDs - file descriptor cooperative auth */ >+#include <string.h> >+#include <sys/types.h> >+#include <sys/stat.h> >+#include <errno.h> > struct msghdr msg; > struct iovec iov; > char dummy[8]; >- int fd[2]; >+ int pass_sd[2]; >+ int rc = 0; >+ unsigned int retrycnt = 0xffffffff; /* safety net */ >+ int myerrno = 0; > >- memset(msg, 0, sizeof(msg)); >+ memset((void *)&msg, 0, sizeof(msg)); > > iov.iov_base = dummy; > iov.iov_len = sizeof(dummy); > msg.msg_iov = &iov; > msg.msg_iovlen = 1; >- msg.msg_accrights = (char*)fd; >- msg.msg_accrightslen = sizeof(fd); >+ msg.msg_accrights = (caddr_t)&pass_sd; >+ msg.msg_accrightslen = sizeof(pass_sd); /* Initialize it with 8 bytes. >+ If recvmsg is successful, >+ 4 is supposed to be returned. */ >+ /* >+ Since PR_SockOpt_Nonblocking is set to the socket, >+ recvmsg returns immediately if no data is waiting to be received. >+ If recvmsg returns an error and EGAIN (== EWOULDBLOCK) is set to errno, >+ we should retry some time. >+ */ >+ while ((rc = recvmsg(fd, &msg, MSG_PEEK)) < 0 && (EAGAIN == (myerrno = errno)) && retrycnt-- >= 0) >+ ; > >- if(recvmsg(fd, &msg, MSG_PEEK) >= 0 && msg.msg_accrightslen == sizeof(int)) >+ if (rc >= 0 && msg.msg_accrightslen == sizeof(int)) > { > struct stat st; > >- ret = fstat(fd[0], &st); >- close(fd[0]); >+ ret = fstat(pass_sd[0], &st); > > if(0 == ret && S_ISFIFO(st.st_mode) && >- 0 == st.st_mode & (S_IRWXG|S_IRWXO)) >+ 0 == (st.st_mode & (S_IRWXG|S_IRWXO))) > { > if(uid) >- uid = st.st_uid; >+ *uid = st.st_uid; > > if(gid) >- gid = st.st_gid; >+ *gid = st.st_gid; >+ } else { >+ ret = -1; > } > } > > #endif >Index: daemon.c >=================================================================== >RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/daemon.c,v >retrieving revision 1.18 >diff -t -w -U4 -r1.18 daemon.c >--- daemon.c 14 Nov 2007 20:18:53 -0000 1.18 >+++ daemon.c 9 May 2008 23:17:39 -0000 >@@ -1962,13 +1962,15 @@ > { > int ret = -1; > uid_t uid = 0; > gid_t gid = 0; >+ conn->c_local_valid = 0; > > if(0 == slapd_get_socket_peer(conn->c_prfd, &uid, &gid)) > { > conn->c_local_uid = uid; > conn->c_local_gid = gid; >+ conn->c_local_valid = 1; > > ret = 0; > } > >@@ -1982,8 +1984,13 @@ > int ret = -1; > uid_t uid = conn->c_local_uid; > gid_t gid = conn->c_local_gid; > >+ if (!conn->c_local_valid) >+ { >+ goto bail; >+ } >+ > /* observe configuration for auto binding */ > /* bind at all? */ > if(config_get_ldapi_bind_switch()) > {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=304994">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 436390
: 304994 |
305257
|
305709