sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

From Chris Cowan

Browse Source 
secure the domain socket and set permissions properly

(This used to be ctdb commit ac6a362fc2fc4a56b4c310478a96eb12daace176)
This commit is contained in:
Ronnie Sahlberg 2008-04-10 06:51:53 +10:00
parent b902e09350
commit 2da3fe1b17
1 changed files with 8 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
ctdb/server/ctdb_daemon.c
View File

@ -582,18 +582,7 @@ static int ux_socket_bind(struct ctdb_context *ctdb)
return -1;
}
set_nonblocking(ctdb->daemon.sd);
set_close_on_exec(ctdb->daemon.sd);
#if 0
/* AIX doesn't like this :( */
if (fchown(ctdb->daemon.sd, geteuid(), getegid()) != 0 ||
fchmod(ctdb->daemon.sd, 0700) != 0) {
DEBUG(DEBUG_CRIT,("Unable to secure ctdb socket '%s', ctdb->daemon.name\n"));
goto failed;
}
#endif
set_nonblocking(ctdb->daemon.sd);
memset(&addr, 0, sizeof(addr));
@ -604,6 +593,14 @@ static int ux_socket_bind(struct ctdb_context *ctdb)
DEBUG(DEBUG_CRIT,("Unable to bind on ctdb socket '%s'\n", ctdb->daemon.name));
goto failed;
}
if (chown(ctdb->daemon.name, geteuid(), getegid()) != 0 ||
chmod(ctdb->daemon.name, 0700) != 0) {
DEBUG(DEBUG_CRIT,("Unable to secure ctdb socket '%s', ctdb->daemon.name\n"));
goto failed;
}
if (listen(ctdb->daemon.sd, 10) != 0) {
DEBUG(DEBUG_CRIT,("Unable to listen on ctdb socket '%s'\n", ctdb->daemon.name));
goto failed;