Rev 294: make sure the ctdb control socket is secure in http://samba.org/~tridge/ctdb

[tridge at samba.org]

------------------------------------------------------------
revno: 294
revision-id: tridge at samba.org-20070512232016-fdj2opy995c536bs
parent: tridge at samba.org-20070512112526-9t4ruf7033dstx0u
committer: Andrew Tridgell <tridge at samba.org>
branch nick: tridge
timestamp: Sun 2007-05-13 09:20:16 +1000
message:
  make sure the ctdb control socket is secure
modified:
  common/ctdb_daemon.c           ctdb_daemon.c-20070409200331-3el1kqgdb9m4ib0g-1
=== modified file 'common/ctdb_daemon.c'
--- a/common/ctdb_daemon.c	2007-05-12 11:25:26 +0000
+++ b/common/ctdb_daemon.c	2007-05-12 23:20:16 +0000
@@ -600,10 +600,15 @@
 
 	ctdb->daemon.sd = socket(AF_UNIX, SOCK_STREAM, 0);
 	if (ctdb->daemon.sd == -1) {
-		ctdb->daemon.sd = -1;
 		return -1;
 	}
 
+	if (fchown(ctdb->daemon.sd, geteuid(), getegid()) != 0 ||
+	    fchmod(ctdb->daemon.sd, 0700) != 0) {
+		DEBUG(0,("Unable to secure ctdb socket '%s', ctdb->daemon.name\n"));
+		goto failed;
+	}
+
 	set_non_blocking(ctdb->daemon.sd);
 
 	memset(&addr, 0, sizeof(addr));
@@ -611,13 +616,20 @@
 	strncpy(addr.sun_path, ctdb->daemon.name, sizeof(addr.sun_path));
 
 	if (bind(ctdb->daemon.sd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
-		close(ctdb->daemon.sd);
-		ctdb->daemon.sd = -1;
-		return -1;
+		DEBUG(0,("Unable to bind on ctdb socket '%s', ctdb->daemon.name\n"));
+		goto failed;
 	}	
-	listen(ctdb->daemon.sd, 1);
+	if (listen(ctdb->daemon.sd, 10) != 0) {
+		DEBUG(0,("Unable to listen on ctdb socket '%s', ctdb->daemon.name\n"));
+		goto failed;
+	}
 
 	return 0;
+
+failed:
+	close(ctdb->daemon.sd);
+	ctdb->daemon.sd = -1;
+	return -1;	
 }
 
 /*