That code is deprecated and should be removed; essentially, because most
of the UN*X flavors simply ignore socket permissions, and the few that
do require "write" to operate the socket (i.e., execute, write, read).
The appropriate approach to using sockets is placing them in a specific
directory, and use the directory permissions to limit access to the
socket. This should be taken care of by system administrators, and not
by OpenLDAP code.
p.
mitrohin a.s. wrote:
helo.
ldapi:///????!x-mod=0777 unsupported now?
openldap-2.2.27 "servers/slapd/daemon.c" line 891
switch ( (*sal)->sa_family ) {
#ifdef LDAP_PF_LOCAL
case AF_LOCAL: {
char *addr = ((struct sockaddr_un *)*sal)->sun_path;
#if 0 /* don't muck with socket perms */
if ( chmod( addr, l.sl_perms ) < 0 && crit ) {
int err = sock_errno();
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, INFO,
"slap_open_listener: fchmod(%ld) failed errno=%d
(%s)\n",
(long)l.sl_sd, err, sock_errstr(err) );
#else
Debug( LDAP_DEBUG_ANY, "daemon: fchmod(%ld) failed errno=%d
(%s)",
(long) l.sl_sd, err, sock_errstr(err) );
#endif
tcp_close( l.sl_sd );
slap_free_listener_addresses(psal);
return -1;
}
#endif
l.sl_name.bv_len = strlen(addr) + sizeof("PATH=") - 1;
l.sl_name.bv_val = ber_memalloc( l.sl_name.bv_len + 1 );
snprintf( l.sl_name.bv_val, l.sl_name.bv_len + 1,
"PATH=%s", addr );
} break;
#endif /* LDAP_PF_LOCAL */
why?
/swp
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497