diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2016-05-17 11:52:00 +0200 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-05-19 13:56:57 +0200 |
commit | de8815aba87d08b6b7ac5d502dcb1755787e0857 (patch) | |
tree | 32a7cf823321aa6ff5af4173d6613b06d89244ca /src/providers | |
parent | c2e3176eaff7c219d63f328570a79f6e5b6f4aec (diff) | |
download | sssd-de8815aba87d08b6b7ac5d502dcb1755787e0857.tar.gz sssd-de8815aba87d08b6b7ac5d502dcb1755787e0857.tar.xz sssd-de8815aba87d08b6b7ac5d502dcb1755787e0857.zip |
UTIL: exit() the forked process if exec()-ing a child process fails
When exec() fails, we should not attempt to continue, but just kill the
forked process. The patch adds this logic to the exec_child() and
exec_child_ex() functions to avoid code duplication
Resolves:
https://fedorahosted.org/sssd/ticket/3016
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ad/ad_gpo.c | 14 | ||||
-rw-r--r-- | src/providers/ad/ad_machine_pw_renewal.c | 16 | ||||
-rw-r--r-- | src/providers/ipa/ipa_selinux.c | 12 | ||||
-rw-r--r-- | src/providers/krb5/krb5_child_handler.c | 16 | ||||
-rw-r--r-- | src/providers/ldap/sdap_child_helpers.c | 12 |
5 files changed, 33 insertions, 37 deletions
diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c index 22ac80337..ec2ae2883 100644 --- a/src/providers/ad/ad_gpo.c +++ b/src/providers/ad/ad_gpo.c @@ -4189,13 +4189,13 @@ gpo_fork_child(struct tevent_req *req) pid = fork(); if (pid == 0) { /* child */ - err = exec_child_ex(state, - pipefd_to_child, pipefd_from_child, - GPO_CHILD, gpo_child_debug_fd, NULL, false, - STDIN_FILENO, AD_GPO_CHILD_OUT_FILENO); - DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec gpo_child: [%d][%s].\n", - err, strerror(err)); - return err; + exec_child_ex(state, + pipefd_to_child, pipefd_from_child, + GPO_CHILD, gpo_child_debug_fd, NULL, false, + STDIN_FILENO, AD_GPO_CHILD_OUT_FILENO); + + /* We should never get here */ + DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Could not exec gpo_child:\n"); } else if (pid > 0) { /* parent */ state->child_pid = pid; state->io->read_from_child_fd = pipefd_from_child[0]; diff --git a/src/providers/ad/ad_machine_pw_renewal.c b/src/providers/ad/ad_machine_pw_renewal.c index 7997fbb0c..3d79aa0a6 100644 --- a/src/providers/ad/ad_machine_pw_renewal.c +++ b/src/providers/ad/ad_machine_pw_renewal.c @@ -174,15 +174,13 @@ ad_machine_account_password_renewal_send(TALLOC_CTX *mem_ctx, child_pid = fork(); if (child_pid == 0) { /* child */ - ret = exec_child_ex(state, pipefd_to_child, pipefd_from_child, - renewal_data->prog_path, -1, - extra_args, true, - STDIN_FILENO, STDERR_FILENO); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec renewal child: [%d][%s].\n", - ret, strerror(ret)); - goto done; - } + exec_child_ex(state, pipefd_to_child, pipefd_from_child, + renewal_data->prog_path, -1, + extra_args, true, + STDIN_FILENO, STDERR_FILENO); + + /* We should never get here */ + DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec renewal child\n"); } else if (child_pid > 0) { /* parent */ state->read_from_child_fd = pipefd_from_child[0]; diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index 3e9efee32..c546d3a99 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -1047,12 +1047,12 @@ static errno_t selinux_fork_child(struct selinux_child_state *state) pid = fork(); if (pid == 0) { /* child */ - ret = exec_child(state, - pipefd_to_child, pipefd_from_child, - SELINUX_CHILD, selinux_child_debug_fd); - DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec selinux_child: [%d][%s].\n", - ret, sss_strerror(ret)); - return ret; + exec_child(state, + pipefd_to_child, pipefd_from_child, + SELINUX_CHILD, selinux_child_debug_fd); + + /* We should never get here */ + DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Could not exec selinux_child\n"); } else if (pid > 0) { /* parent */ state->io->read_from_child_fd = pipefd_from_child[0]; close(pipefd_from_child[1]); diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c index 167a2b2ad..1ca74fcd7 100644 --- a/src/providers/krb5/krb5_child_handler.c +++ b/src/providers/krb5/krb5_child_handler.c @@ -309,15 +309,13 @@ static errno_t fork_child(struct tevent_req *req) pid = fork(); if (pid == 0) { /* child */ - err = exec_child_ex(state, - pipefd_to_child, pipefd_from_child, - KRB5_CHILD, state->kr->krb5_ctx->child_debug_fd, - k5c_extra_args, false, STDIN_FILENO, STDOUT_FILENO); - if (err != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec KRB5 child: [%d][%s].\n", - err, strerror(err)); - return err; - } + exec_child_ex(state, + pipefd_to_child, pipefd_from_child, + KRB5_CHILD, state->kr->krb5_ctx->child_debug_fd, + k5c_extra_args, false, STDIN_FILENO, STDOUT_FILENO); + + /* We should never get here */ + DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Could not exec KRB5 child\n"); } else if (pid > 0) { /* parent */ state->child_pid = pid; state->io->read_from_child_fd = pipefd_from_child[0]; diff --git a/src/providers/ldap/sdap_child_helpers.c b/src/providers/ldap/sdap_child_helpers.c index 90330f13f..69b470dbf 100644 --- a/src/providers/ldap/sdap_child_helpers.c +++ b/src/providers/ldap/sdap_child_helpers.c @@ -96,12 +96,12 @@ static errno_t sdap_fork_child(struct tevent_context *ev, pid = fork(); if (pid == 0) { /* child */ - err = exec_child(child, - pipefd_to_child, pipefd_from_child, - LDAP_CHILD, ldap_child_debug_fd); - DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec LDAP child: [%d][%s].\n", - err, strerror(err)); - return err; + exec_child(child, + pipefd_to_child, pipefd_from_child, + LDAP_CHILD, ldap_child_debug_fd); + + /* We should never get here */ + DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Could not exec LDAP child\n"); } else if (pid > 0) { /* parent */ child->pid = pid; child->io->read_from_child_fd = pipefd_from_child[0]; |