summaryrefslogtreecommitdiffstats
path: root/src/responder/common
diff options
context:
space:
mode:
authorMichal Zidek <mzidek@redhat.com>2014-10-15 17:35:12 +0200
committerJakub Hrozek <jhrozek@redhat.com>2014-10-22 15:44:33 +0200
commit2ce29e05e62b2702ba4df5f3316eaf250b0ada7f (patch)
tree405d24b2c569db2df4c2c0b024edfce14d67f53a /src/responder/common
parent5d19966eda424bd71964c6913b84d705dce3b350 (diff)
downloadsssd-2ce29e05e62b2702ba4df5f3316eaf250b0ada7f.tar.gz
sssd-2ce29e05e62b2702ba4df5f3316eaf250b0ada7f.tar.xz
sssd-2ce29e05e62b2702ba4df5f3316eaf250b0ada7f.zip
responder_common: Create fd for pipe in helper
Move creating of file descriptor for pipes into helper function and make this function public. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'src/responder/common')
-rw-r--r--src/responder/common/responder.h2
-rw-r--r--src/responder/common/responder_common.c135
2 files changed, 65 insertions, 72 deletions
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index 97552ec47..d23371078 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -176,6 +176,8 @@ responder_get_domain(struct resp_ctx *rctx, const char *domain);
errno_t responder_get_domain_by_id(struct resp_ctx *rctx, const char *id,
struct sss_domain_info **_ret_dom);
+int create_pipe_fd(const char *sock_name, int *fd, mode_t umaskval);
+
/* responder_cmd.c */
int sss_cmd_empty_packet(struct sss_packet *packet);
int sss_cmd_send_empty(struct cli_ctx *cctx, TALLOC_CTX *freectx);
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 0ec2372e8..a262a2c14 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -584,10 +584,69 @@ static int sss_dp_init(struct resp_ctx *rctx,
return EOK;
}
+int create_pipe_fd(const char *sock_name, int *fd, mode_t umaskval)
+{
+ struct sockaddr_un addr;
+ errno_t ret;
+
+ *fd = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (*fd == -1) {
+ return EIO;
+ }
+
+ umask(umaskval);
+
+ ret = set_nonblocking(*fd);
+ if (ret != EOK) {
+ goto done;
+ }
+
+ ret = set_close_on_exec(*fd);
+ if (ret != EOK) {
+ goto done;
+ }
+
+ memset(&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ strncpy(addr.sun_path, sock_name, sizeof(addr.sun_path) - 1);
+ addr.sun_path[sizeof(addr.sun_path) - 1] = '\0';
+
+ /* make sure we have no old sockets around */
+ ret = unlink(sock_name);
+ if (ret != 0 && errno != ENOENT) {
+ ret = errno;
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Cannot remove old socket (errno=%d), bind might fail!\n", ret);
+ }
+
+ if (bind(*fd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Unable to bind on socket '%s'\n", sock_name);
+ ret = EIO;
+ goto done;
+ }
+ if (listen(*fd, 10) != 0) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Unable to listen on socket '%s'\n", sock_name);
+ ret = EIO;
+ goto done;
+ }
+
+ ret = EOK;
+
+done:
+ /* we want default permissions on created files to be very strict,
+ so set our umask to 0177 */
+ umask(0177);
+ if (ret != EOK) {
+ close(*fd);
+ }
+ return ret;
+}
+
/* create a unix socket and listen to it */
static int set_unix_socket(struct resp_ctx *rctx)
{
- struct sockaddr_un addr;
errno_t ret;
struct accept_fd_ctx *accept_ctx;
@@ -628,42 +687,11 @@ static int set_unix_socket(struct resp_ctx *rctx)
#endif
if (rctx->sock_name != NULL ) {
- rctx->lfd = socket(AF_UNIX, SOCK_STREAM, 0);
- if (rctx->lfd == -1) {
- return EIO;
- }
-
/* Set the umask so that permissions are set right on the socket.
* It must be readable and writable by anybody on the system. */
- umask(0111);
-
- ret = set_nonblocking(rctx->lfd);
- if (ret != EOK) {
- goto failed;
- }
-
- ret = set_close_on_exec(rctx->lfd);
+ ret = create_pipe_fd(rctx->sock_name, &rctx->lfd, 0111);
if (ret != EOK) {
- goto failed;
- }
-
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- strncpy(addr.sun_path, rctx->sock_name, sizeof(addr.sun_path)-1);
- addr.sun_path[sizeof(addr.sun_path)-1] = '\0';
-
- /* make sure we have no old sockets around */
- unlink(rctx->sock_name);
-
- if (bind(rctx->lfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- "Unable to bind on socket '%s'\n", rctx->sock_name);
- goto failed;
- }
- if (listen(rctx->lfd, 10) != 0) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- "Unable to listen on socket '%s'\n", rctx->sock_name);
- goto failed;
+ return ret;
}
accept_ctx = talloc_zero(rctx, struct accept_fd_ctx);
@@ -682,42 +710,11 @@ static int set_unix_socket(struct resp_ctx *rctx)
if (rctx->priv_sock_name != NULL ) {
/* create privileged pipe */
- rctx->priv_lfd = socket(AF_UNIX, SOCK_STREAM, 0);
- if (rctx->priv_lfd == -1) {
- close(rctx->lfd);
- return EIO;
- }
-
- umask(0177);
-
- ret = set_nonblocking(rctx->priv_lfd);
+ ret = create_pipe_fd(rctx->priv_sock_name, &rctx->priv_lfd, 0177);
if (ret != EOK) {
goto failed;
}
- ret = set_close_on_exec(rctx->priv_lfd);
- if (ret != EOK) {
- goto failed;
- }
-
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- strncpy(addr.sun_path, rctx->priv_sock_name, sizeof(addr.sun_path)-1);
- addr.sun_path[sizeof(addr.sun_path)-1] = '\0';
-
- unlink(rctx->priv_sock_name);
-
- if (bind(rctx->priv_lfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- "Unable to bind on socket '%s'\n", rctx->priv_sock_name);
- goto failed;
- }
- if (listen(rctx->priv_lfd, 10) != 0) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- "Unable to listen on socket '%s'\n", rctx->priv_sock_name);
- goto failed;
- }
-
accept_ctx = talloc_zero(rctx, struct accept_fd_ctx);
if(!accept_ctx) goto failed;
accept_ctx->rctx = rctx;
@@ -733,15 +730,9 @@ static int set_unix_socket(struct resp_ctx *rctx)
}
}
- /* we want default permissions on created files to be very strict,
- so set our umask to 0177 */
- umask(0177);
return EOK;
failed:
- /* we want default permissions on created files to be very strict,
- so set our umask to 0177 */
- umask(0177);
close(rctx->lfd);
close(rctx->priv_lfd);
return EIO;