From 2d5dbb5dbe674f012fc044f03441538b9b400983 Mon Sep 17 00:00:00 2001

From: Michal Zidek <mzidek@redhat.com>

Date: Wed, 15 Oct 2014 17:35:12 +0200

Subject: [PATCH 33/46] responder_common: Create fd for pipe in helper

Move creating of file descriptor for pipes into

helper function and make this function public.

Reviewed-by: Pavel Reichl <preichl@redhat.com>

Reviewed-by: Simo Sorce <simo@redhat.com>

(cherry picked from commit 2ce29e05e62b2702ba4df5f3316eaf250b0ada7f)

---

 src/responder/common/responder.h        |   2 +

 src/responder/common/responder_common.c | 135 +++++++++++++++-----------------

 2 files changed, 65 insertions(+), 72 deletions(-)

diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h

index 97552ec472c5baa285b41cc48b51149f3ef6adb5..d233710782fe7df1bbcc338e3815d1701557519e 100644

--- a/src/responder/common/responder.h

+++ b/src/responder/common/responder.h

@@ -176,6 +176,8 @@ responder_get_domain(struct resp_ctx *rctx, const char *domain);

 errno_t responder_get_domain_by_id(struct resp_ctx *rctx, const char *id,

                                    struct sss_domain_info **_ret_dom);

+int create_pipe_fd(const char *sock_name, int *fd, mode_t umaskval);

+

 /* responder_cmd.c */

 int sss_cmd_empty_packet(struct sss_packet *packet);

 int sss_cmd_send_empty(struct cli_ctx *cctx, TALLOC_CTX *freectx);

diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c

index 0ec2372e8d08f1002b303b5edc6897f17cee9699..a262a2c1487c786404b6d0d4c720edd1679279d0 100644

--- a/src/responder/common/responder_common.c

+++ b/src/responder/common/responder_common.c

@@ -584,10 +584,69 @@ static int sss_dp_init(struct resp_ctx *rctx,

     return EOK;

 }

+int create_pipe_fd(const char *sock_name, int *fd, mode_t umaskval)

+{

+    struct sockaddr_un addr;

+    errno_t ret;

+

+    *fd = socket(AF_UNIX, SOCK_STREAM, 0);

+    if (*fd == -1) {

+        return EIO;

+    }

+

+    umask(umaskval);

+

+    ret = set_nonblocking(*fd);

+    if (ret != EOK) {

+        goto done;

+    }

+

+    ret = set_close_on_exec(*fd);

+    if (ret != EOK) {

+        goto done;

+    }

+

+    memset(&addr, 0, sizeof(addr));

+    addr.sun_family = AF_UNIX;

+    strncpy(addr.sun_path, sock_name, sizeof(addr.sun_path) - 1);

+    addr.sun_path[sizeof(addr.sun_path) - 1] = '\0';

+

+    /* make sure we have no old sockets around */

+    ret = unlink(sock_name);

+    if (ret != 0 && errno != ENOENT) {

+        ret = errno;

+        DEBUG(SSSDBG_MINOR_FAILURE,

+              "Cannot remove old socket (errno=%d), bind might fail!\n", ret);

+    }

+

+    if (bind(*fd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {

+        DEBUG(SSSDBG_FATAL_FAILURE,

+              "Unable to bind on socket '%s'\n", sock_name);

+        ret = EIO;

+        goto done;

+    }

+    if (listen(*fd, 10) != 0) {

+        DEBUG(SSSDBG_FATAL_FAILURE,

+              "Unable to listen on socket '%s'\n", sock_name);

+        ret = EIO;

+        goto done;

+    }

+

+    ret = EOK;

+

+done:

+    /* we want default permissions on created files to be very strict,

+       so set our umask to 0177 */

+    umask(0177);

+    if (ret != EOK) {

+        close(*fd);

+    }

+    return ret;

+}

+

 /* create a unix socket and listen to it */

 static int set_unix_socket(struct resp_ctx *rctx)

 {

-    struct sockaddr_un addr;

     errno_t ret;

     struct accept_fd_ctx *accept_ctx;

@@ -628,42 +687,11 @@ static int set_unix_socket(struct resp_ctx *rctx)

 #endif

     if (rctx->sock_name != NULL ) {

-        rctx->lfd = socket(AF_UNIX, SOCK_STREAM, 0);

-        if (rctx->lfd == -1) {

-            return EIO;

-        }

-

         /* Set the umask so that permissions are set right on the socket.

          * It must be readable and writable by anybody on the system. */

-        umask(0111);

-

-        ret = set_nonblocking(rctx->lfd);

+        ret = create_pipe_fd(rctx->sock_name, &rctx->lfd, 0111);

         if (ret != EOK) {

-            goto failed;

-        }

-

-        ret = set_close_on_exec(rctx->lfd);

-        if (ret != EOK) {

-            goto failed;

-        }

-

-        memset(&addr, 0, sizeof(addr));

-        addr.sun_family = AF_UNIX;

-        strncpy(addr.sun_path, rctx->sock_name, sizeof(addr.sun_path)-1);

-        addr.sun_path[sizeof(addr.sun_path)-1] = '\0';

-

-        /* make sure we have no old sockets around */

-        unlink(rctx->sock_name);

-

-        if (bind(rctx->lfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {

-            DEBUG(SSSDBG_FATAL_FAILURE,

-                  "Unable to bind on socket '%s'\n", rctx->sock_name);

-            goto failed;

-        }

-        if (listen(rctx->lfd, 10) != 0) {

-            DEBUG(SSSDBG_FATAL_FAILURE,

-                  "Unable to listen on socket '%s'\n", rctx->sock_name);

-            goto failed;

+            return ret;

         }

         accept_ctx = talloc_zero(rctx, struct accept_fd_ctx);

@@ -682,42 +710,11 @@ static int set_unix_socket(struct resp_ctx *rctx)

     if (rctx->priv_sock_name != NULL ) {

         /* create privileged pipe */

-        rctx->priv_lfd = socket(AF_UNIX, SOCK_STREAM, 0);

-        if (rctx->priv_lfd == -1) {

-            close(rctx->lfd);

-            return EIO;

-        }

-

-        umask(0177);

-

-        ret = set_nonblocking(rctx->priv_lfd);

+        ret = create_pipe_fd(rctx->priv_sock_name, &rctx->priv_lfd, 0177);

         if (ret != EOK) {

             goto failed;

         }

-        ret = set_close_on_exec(rctx->priv_lfd);

-        if (ret != EOK) {

-            goto failed;

-        }

-

-        memset(&addr, 0, sizeof(addr));

-        addr.sun_family = AF_UNIX;

-        strncpy(addr.sun_path, rctx->priv_sock_name, sizeof(addr.sun_path)-1);

-        addr.sun_path[sizeof(addr.sun_path)-1] = '\0';

-

-        unlink(rctx->priv_sock_name);

-

-        if (bind(rctx->priv_lfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {

-            DEBUG(SSSDBG_FATAL_FAILURE,

-                  "Unable to bind on socket '%s'\n", rctx->priv_sock_name);

-            goto failed;

-        }

-        if (listen(rctx->priv_lfd, 10) != 0) {

-            DEBUG(SSSDBG_FATAL_FAILURE,

-                  "Unable to listen on socket '%s'\n", rctx->priv_sock_name);

-            goto failed;

-        }

-

         accept_ctx = talloc_zero(rctx, struct accept_fd_ctx);

         if(!accept_ctx) goto failed;

         accept_ctx->rctx = rctx;

@@ -733,15 +730,9 @@ static int set_unix_socket(struct resp_ctx *rctx)

         }

     }

-    /* we want default permissions on created files to be very strict,

-       so set our umask to 0177 */

-    umask(0177);

     return EOK;

 failed:

-    /* we want default permissions on created files to be very strict,

-       so set our umask to 0177 */

-    umask(0177);

     close(rctx->lfd);

     close(rctx->priv_lfd);

     return EIO;

-- 

1.9.3