(recv_conn): call setjob on crays;
(doit_passive): if fork fails with EAGAIN, don't shutdown, just close the connection re-implement `-t' flag git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6837 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
@@ -217,7 +217,11 @@ recv_conn (int sock, kx_context *kc,
|
|||||||
|
|
||||||
if (setgid (passwd->pw_gid) ||
|
if (setgid (passwd->pw_gid) ||
|
||||||
initgroups(passwd->pw_name, passwd->pw_gid) ||
|
initgroups(passwd->pw_name, passwd->pw_gid) ||
|
||||||
|
#ifdef HAVE_GETUDBNAM /* XXX this happens on crays */
|
||||||
|
setjob(passwd->pw_uid, 0) == -1 ||
|
||||||
|
#endif
|
||||||
setuid(passwd->pw_uid)) {
|
setuid(passwd->pw_uid)) {
|
||||||
|
syslog(LOG_ERR, "%m");
|
||||||
fatal (kc, sock, "cannot set uid");
|
fatal (kc, sock, "cannot set uid");
|
||||||
}
|
}
|
||||||
syslog (LOG_INFO, "from %s(%s): %s -> %s",
|
syslog (LOG_INFO, "from %s(%s): %s -> %s",
|
||||||
@@ -363,6 +367,49 @@ check_user_console (kx_context *kc, int fd)
|
|||||||
fatal (kc, fd, "Permission denied");
|
fatal (kc, fd, "Permission denied");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* close down the new connection with a reasonable error message */
|
||||||
|
static void
|
||||||
|
close_connection(int fd, const char *message)
|
||||||
|
{
|
||||||
|
char buf[264]; /* max message */
|
||||||
|
char *p;
|
||||||
|
int lsb = 0;
|
||||||
|
size_t mlen;
|
||||||
|
|
||||||
|
mlen = strlen(message);
|
||||||
|
if(mlen > 255)
|
||||||
|
mlen = 255;
|
||||||
|
|
||||||
|
/* read first part of connection packet, to get byte order */
|
||||||
|
if(read(fd, buf, 6) != 6) {
|
||||||
|
close(fd);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if(buf[0] == 0x6c)
|
||||||
|
lsb++;
|
||||||
|
p = buf;
|
||||||
|
*p++ = 0; /* failed */
|
||||||
|
*p++ = mlen; /* length of message */
|
||||||
|
p += 4; /* skip protocol version */
|
||||||
|
p += 2; /* skip additional length */
|
||||||
|
memcpy(p, message, mlen); /* copy message */
|
||||||
|
p += mlen;
|
||||||
|
while((p - buf) % 4) /* pad to multiple of 4 bytes */
|
||||||
|
*p++ = 0;
|
||||||
|
|
||||||
|
/* now fill in length of additional data */
|
||||||
|
if(lsb) {
|
||||||
|
buf[6] = (p - buf - 8) / 4;
|
||||||
|
buf[7] = 0;
|
||||||
|
}else{
|
||||||
|
buf[6] = 0;
|
||||||
|
buf[7] = (p - buf - 8) / 4;
|
||||||
|
}
|
||||||
|
write(fd, buf, p - buf);
|
||||||
|
close(fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Handle a passive session on `sock'
|
* Handle a passive session on `sock'
|
||||||
*/
|
*/
|
||||||
@@ -523,7 +570,9 @@ doit_passive (kx_context *kc,
|
|||||||
child = fork ();
|
child = fork ();
|
||||||
if (child < 0) {
|
if (child < 0) {
|
||||||
syslog (LOG_ERR, "fork: %m");
|
syslog (LOG_ERR, "fork: %m");
|
||||||
return 1;
|
if(errno != EAGAIN)
|
||||||
|
return 1;
|
||||||
|
close_connection(fd, strerror(errno));
|
||||||
} else if (child == 0) {
|
} else if (child == 0) {
|
||||||
for (i = 0; i < nsockets; ++i)
|
for (i = 0; i < nsockets; ++i)
|
||||||
close (sockets[i].fd);
|
close (sockets[i].fd);
|
||||||
@@ -615,6 +664,7 @@ static int help_flag = 0;
|
|||||||
struct getargs args[] = {
|
struct getargs args[] = {
|
||||||
{ "inetd", 'i', arg_negative_flag, &inetd_flag,
|
{ "inetd", 'i', arg_negative_flag, &inetd_flag,
|
||||||
"Not started from inetd" },
|
"Not started from inetd" },
|
||||||
|
{ "tcp", 't', arg_flag, &tcp_flag, "Use TCP" },
|
||||||
{ "port", 'p', arg_string, &port_str, "Use this port",
|
{ "port", 'p', arg_string, &port_str, "Use this port",
|
||||||
"port" },
|
"port" },
|
||||||
{ "version", 0, arg_flag, &version_flag },
|
{ "version", 0, arg_flag, &version_flag },
|
||||||
|
|||||||
Reference in New Issue
Block a user