From 2a873d79f2d29ddcc706d4daf443f85eaaa6dcb9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 16 Nov 2016 09:22:04 -0800 Subject: [PATCH] s3: lib: messaging: Solaris/Illumos sendmsg() is broken. Solaris/Illumos kernel should *NOT* be doing security checks on a connect()'ed unix domain socket at sendmsg() time, only at connect() time. Ensure we never queue messages on this platform. Based on an idea from Volker. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12429 Signed-off-by: Jeremy Allison --- source3/lib/unix_msg/unix_msg.c | 14 ++++++++++++++ source3/wscript | 8 ++++++++ 2 files changed, 22 insertions(+) diff --git a/source3/lib/unix_msg/unix_msg.c b/source3/lib/unix_msg/unix_msg.c index bcfef28..f1da2c9 100644 --- a/source3/lib/unix_msg/unix_msg.c +++ b/source3/lib/unix_msg/unix_msg.c @@ -79,6 +79,7 @@ struct unix_dgram_ctx { static void unix_dgram_recv_handler(struct poll_watch *w, int fd, short events, void *private_data); +#if !defined(BROKEN_SENDMSG) /* Set socket non blocking. */ static int prepare_socket_nonblock(int sock) { @@ -105,6 +106,19 @@ static int prepare_socket_nonblock(int sock) #undef FLAG_TO_SET return 0; } +#else +/* + * sendmsg() on Solaris is broken. It checks for access + * even on a connected socket. The only way around this + * is to never queue a message send by forcing all senmsg() + * calls to block. See bug: + * https://bugzilla.samba.org/show_bug.cgi?id=12429 + */ +static int prepare_socket_nonblock(int sock) +{ + return 0; +} +#endif /* Set socket close on exec. */ static int prepare_socket_cloexec(int sock) diff --git a/source3/wscript b/source3/wscript index cd63f74..d50a264 100644 --- a/source3/wscript +++ b/source3/wscript @@ -1482,6 +1482,14 @@ main() { conf.env['legacy_quota_libs'] = legacy_quota_libs # + # sendmsg() is broken on Solaris/Illumos. It checks permissions + # on a connected unix domain socket on every call, not only at + # connect time. See bug https://bugzilla.samba.org/show_bug.cgi?id=12429 + # + if (host_os.rfind('solaris') > -1): + conf.DEFINE('BROKEN_SENDMSG', '1') + + # # cluster support (CTDB) # if not Options.options.with_cluster_support: -- 2.8.0.rc3.226.g39d4020