diff options
author | Michal Zidek <mzidek@redhat.com> | 2014-10-15 17:35:12 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-22 15:44:33 +0200 |
commit | 2ce29e05e62b2702ba4df5f3316eaf250b0ada7f (patch) | |
tree | 405d24b2c569db2df4c2c0b024edfce14d67f53a /src/responder/common | |
parent | 5d19966eda424bd71964c6913b84d705dce3b350 (diff) | |
download | sssd-2ce29e05e62b2702ba4df5f3316eaf250b0ada7f.tar.gz sssd-2ce29e05e62b2702ba4df5f3316eaf250b0ada7f.tar.xz sssd-2ce29e05e62b2702ba4df5f3316eaf250b0ada7f.zip |
responder_common: Create fd for pipe in helper
Move creating of file descriptor for pipes into
helper function and make this function public.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'src/responder/common')
-rw-r--r-- | src/responder/common/responder.h | 2 | ||||
-rw-r--r-- | src/responder/common/responder_common.c | 135 |
2 files changed, 65 insertions, 72 deletions
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 97552ec47..d23371078 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -176,6 +176,8 @@ responder_get_domain(struct resp_ctx *rctx, const char *domain); errno_t responder_get_domain_by_id(struct resp_ctx *rctx, const char *id, struct sss_domain_info **_ret_dom); +int create_pipe_fd(const char *sock_name, int *fd, mode_t umaskval); + /* responder_cmd.c */ int sss_cmd_empty_packet(struct sss_packet *packet); int sss_cmd_send_empty(struct cli_ctx *cctx, TALLOC_CTX *freectx); diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 0ec2372e8..a262a2c14 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -584,10 +584,69 @@ static int sss_dp_init(struct resp_ctx *rctx, return EOK; } +int create_pipe_fd(const char *sock_name, int *fd, mode_t umaskval) +{ + struct sockaddr_un addr; + errno_t ret; + + *fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (*fd == -1) { + return EIO; + } + + umask(umaskval); + + ret = set_nonblocking(*fd); + if (ret != EOK) { + goto done; + } + + ret = set_close_on_exec(*fd); + if (ret != EOK) { + goto done; + } + + memset(&addr, 0, sizeof(addr)); + addr.sun_family = AF_UNIX; + strncpy(addr.sun_path, sock_name, sizeof(addr.sun_path) - 1); + addr.sun_path[sizeof(addr.sun_path) - 1] = '\0'; + + /* make sure we have no old sockets around */ + ret = unlink(sock_name); + if (ret != 0 && errno != ENOENT) { + ret = errno; + DEBUG(SSSDBG_MINOR_FAILURE, + "Cannot remove old socket (errno=%d), bind might fail!\n", ret); + } + + if (bind(*fd, (struct sockaddr *)&addr, sizeof(addr)) == -1) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to bind on socket '%s'\n", sock_name); + ret = EIO; + goto done; + } + if (listen(*fd, 10) != 0) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to listen on socket '%s'\n", sock_name); + ret = EIO; + goto done; + } + + ret = EOK; + +done: + /* we want default permissions on created files to be very strict, + so set our umask to 0177 */ + umask(0177); + if (ret != EOK) { + close(*fd); + } + return ret; +} + /* create a unix socket and listen to it */ static int set_unix_socket(struct resp_ctx *rctx) { - struct sockaddr_un addr; errno_t ret; struct accept_fd_ctx *accept_ctx; @@ -628,42 +687,11 @@ static int set_unix_socket(struct resp_ctx *rctx) #endif if (rctx->sock_name != NULL ) { - rctx->lfd = socket(AF_UNIX, SOCK_STREAM, 0); - if (rctx->lfd == -1) { - return EIO; - } - /* Set the umask so that permissions are set right on the socket. * It must be readable and writable by anybody on the system. */ - umask(0111); - - ret = set_nonblocking(rctx->lfd); - if (ret != EOK) { - goto failed; - } - - ret = set_close_on_exec(rctx->lfd); + ret = create_pipe_fd(rctx->sock_name, &rctx->lfd, 0111); if (ret != EOK) { - goto failed; - } - - memset(&addr, 0, sizeof(addr)); - addr.sun_family = AF_UNIX; - strncpy(addr.sun_path, rctx->sock_name, sizeof(addr.sun_path)-1); - addr.sun_path[sizeof(addr.sun_path)-1] = '\0'; - - /* make sure we have no old sockets around */ - unlink(rctx->sock_name); - - if (bind(rctx->lfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) { - DEBUG(SSSDBG_FATAL_FAILURE, - "Unable to bind on socket '%s'\n", rctx->sock_name); - goto failed; - } - if (listen(rctx->lfd, 10) != 0) { - DEBUG(SSSDBG_FATAL_FAILURE, - "Unable to listen on socket '%s'\n", rctx->sock_name); - goto failed; + return ret; } accept_ctx = talloc_zero(rctx, struct accept_fd_ctx); @@ -682,42 +710,11 @@ static int set_unix_socket(struct resp_ctx *rctx) if (rctx->priv_sock_name != NULL ) { /* create privileged pipe */ - rctx->priv_lfd = socket(AF_UNIX, SOCK_STREAM, 0); - if (rctx->priv_lfd == -1) { - close(rctx->lfd); - return EIO; - } - - umask(0177); - - ret = set_nonblocking(rctx->priv_lfd); + ret = create_pipe_fd(rctx->priv_sock_name, &rctx->priv_lfd, 0177); if (ret != EOK) { goto failed; } - ret = set_close_on_exec(rctx->priv_lfd); - if (ret != EOK) { - goto failed; - } - - memset(&addr, 0, sizeof(addr)); - addr.sun_family = AF_UNIX; - strncpy(addr.sun_path, rctx->priv_sock_name, sizeof(addr.sun_path)-1); - addr.sun_path[sizeof(addr.sun_path)-1] = '\0'; - - unlink(rctx->priv_sock_name); - - if (bind(rctx->priv_lfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) { - DEBUG(SSSDBG_FATAL_FAILURE, - "Unable to bind on socket '%s'\n", rctx->priv_sock_name); - goto failed; - } - if (listen(rctx->priv_lfd, 10) != 0) { - DEBUG(SSSDBG_FATAL_FAILURE, - "Unable to listen on socket '%s'\n", rctx->priv_sock_name); - goto failed; - } - accept_ctx = talloc_zero(rctx, struct accept_fd_ctx); if(!accept_ctx) goto failed; accept_ctx->rctx = rctx; @@ -733,15 +730,9 @@ static int set_unix_socket(struct resp_ctx *rctx) } } - /* we want default permissions on created files to be very strict, - so set our umask to 0177 */ - umask(0177); return EOK; failed: - /* we want default permissions on created files to be very strict, - so set our umask to 0177 */ - umask(0177); close(rctx->lfd); close(rctx->priv_lfd); return EIO; |