Annoying Minor Bug In Winbind 2.2.x
Boyce, Nick
nick.boyce at eds.com
Mon Feb 17 21:22:46 GMT 2003
On 7 Feb 2003, Martin Poole wrote:
> On 7 Feb 2003, "Boyce, Nick" <nick.boyce at eds.com> wrote:
>
>> Thanks - that was it. I now have a script /usr/local/bin/winbind, which
>> does
>> umask 000
>> /etc/init.d/winbind $1
>
> You would be better off -- and you would be helping us too -- if you
> would apply the patch and let us know if it works
OK - I've been trying to apply the patch that Tim posted (to supersede
Martin's first cut) to the Samba 2.2.7a source file for util_sock.c, but get
errors applying the patch no matter what I do. I guess the posted patch was
against CVS, so could someone please repost the patch for the 2.2.7a-rel
version of the file ?
Here's what I get if I apply the posted patch :
MYBOX:/usr/local/src/samba-2.2.7a/source/lib# patch util_sock.c
patch-util_sock.txt.orig
patching file util_sock.c
Hunk #1 succeeded at 1018 with fuzz 2 (offset 133 lines).
Hunk #2 FAILED at 1037.
Hunk #3 FAILED at 1094.
2 out of 3 hunks FAILED -- saving rejects to file util_sock.c.rej
After deleting the line containing "#ifdef HAVE_UNIXSOCKET" (because I
noticed it doesn't appear in my 2.2.7a version of util_sock.c), I get a
little further :
MYBOX:/usr/local/src/samba-2.2.7a/source/lib# patch util_sock.c
patch-util_sock.txt
patching file util_sock.c
Hunk #1 succeeded at 1018 with fuzz 2 (offset 133 lines).
patch: **** malformed patch at line 102: @@ -966,25 +961,26 @@
But now I'm completely stumped, and don't really know what I'm doing (...) -
I have no idea what "patch" is objecting to (it's not very helpful, is it ?
- even if you run it with --verbose it doesn't get any better .. sigh).
I've attached the patch from Tim that I'm trying to apply, to avoid any
confusion.
Cheers
Nick Boyce
EDS Southwest Solution Centre, Bristol, UK
-------------- next part --------------
Index: lib/util_sock.c
===================================================================
RCS file: /data/cvs/samba/source/lib/util_sock.c,v
retrieving revision 1.75
diff -u -r1.75 util_sock.c
--- lib/util_sock.c 9 Jan 2003 06:58:07 -0000 1.75
+++ lib/util_sock.c 7 Feb 2003 04:51:10 -0000
@@ -885,13 +885,18 @@
}
-/*******************************************************************
- Create protected unix domain socket.
-
- some unixen cannot set permissions on a ux-dom-sock, so we
- have to make sure that the directory contains the protection
- permissions, instead.
- ******************************************************************/
+/**
+ * Create protected unix domain socket.
+ *
+ * Some unixen cannot set permissions on a ux-dom-sock, so we have to
+ * make sure that the directory contains the protection permissions,
+ * instead.
+ *
+ * It must be possible to access the socket from unprivileged
+ * programs, even if the daemon is started with a restrictive umask.
+ * Therefore is is temporarily removed while creating the directory
+ * and socket.
+ **/
int create_pipe_sock(const char *socket_dir,
const char *socket_name,
mode_t dir_perms)
@@ -899,60 +904,50 @@
#ifdef HAVE_UNIXSOCKET
struct sockaddr_un sunaddr;
struct stat st;
- int sock;
+ int sock = -1;
mode_t old_umask;
pstring path;
+ old_umask = umask(0);
+
/* Create the socket directory or reuse the existing one */
if (lstat(socket_dir, &st) == -1) {
-
if (errno == ENOENT) {
-
- /* Create directory */
-
if (mkdir(socket_dir, dir_perms) == -1) {
DEBUG(0, ("error creating socket directory"
"%s: %s\n", socket_dir,
strerror(errno)));
- return -1;
+ goto error;
}
-
} else {
-
DEBUG(0, ("lstat failed on socket directory %s: %s\n",
socket_dir, strerror(errno)));
- return -1;
+ goto error;
}
-
} else {
-
/* Check ownership and permission on existing directory */
-
if (!S_ISDIR(st.st_mode)) {
DEBUG(0, ("socket directory %s isn't a directory\n",
socket_dir));
- return -1;
+ goto error;
}
if ((st.st_uid != sec_initial_uid()) ||
((st.st_mode & 0777) != dir_perms)) {
DEBUG(0, ("invalid permissions on socket directory"
"%s\n", socket_dir));
- return -1;
+ goto error;
}
}
/* Create the socket file */
- old_umask = umask(0);
-
sock = socket(AF_UNIX, SOCK_STREAM, 0);
if (sock == -1) {
perror("socket");
- umask(old_umask);
- return -1;
+ goto error;
}
snprintf(path, sizeof(path), "%s/%s", socket_dir, socket_name);
@@ -966,25 +961,26 @@
DEBUG(0, ("bind failed on pipe socket %s: %s\n",
path,
strerror(errno)));
- close(sock);
- umask(old_umask);
- return -1;
+ goto error;
}
if (listen(sock, 5) == -1) {
DEBUG(0, ("listen failed on pipe socket %s: %s\n",
path,
strerror(errno)));
- close(sock);
- umask(old_umask);
- return -1;
+ goto error;
}
umask(old_umask);
-
- /* Success! */
-
- return sock;
+ return sock; /* success */
+
+error:
+ if (sock != -1)
+ close(sock);
+
+ umask(old_umask);
+ return -1;
+
#else
DEBUG(0, ("create_pipe_sock: No Unix sockets on this system\n"));
return -1;
More information about the samba-technical
mailing list