set FD_CLOEXEC in NSS and PAM modules to ensure that nslcd file descriptor is not leaked to child processes

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1821 ef36b2f9-881f-0410-afb5-c4e39611909c
author: Arthur de Jong <arthur@arthurdejong.org> 2012-11-11 16:40:41 +0000
committer: Arthur de Jong <arthur@arthurdejong.org> 2012-11-11 16:40:41 +0000
commit: 11fc34e1c519e73dbde252cb1bd3886be6b9366f (patch)
tree: cafd54b38ab6453c953bd93bc213a6e2c7d95028
parent: 3e982207a1b0dd9c433d2b0a141b3280ac053c83 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/common/nslcd-prot.c b/common/nslcd-prot.c
index 3bb3e0c..66c10af 100644
--- a/common/nslcd-prot.c
+++ b/common/nslcd-prot.c
@@ -33,6 +33,7 @@
 #include <sys/stat.h>
 #include <errno.h>
 #include <string.h>
+#include <fcntl.h>
 
 #include "nslcd.h"
 #include "nslcd-prot.h"
@@ -62,6 +63,7 @@ TFILE *nslcd_client_open()
   int sock;
   struct sockaddr_un addr;
   TFILE *fp;
+  int flags;
   /* create a socket */
   if ( (sock=socket(PF_UNIX,SOCK_STREAM,0))<0 )
     return NULL;
@@ -70,6 +72,10 @@ TFILE *nslcd_client_open()
   addr.sun_family=AF_UNIX;
   strncpy(addr.sun_path,NSLCD_SOCKET,sizeof(addr.sun_path));
   addr.sun_path[sizeof(addr.sun_path)-1]='\0';
+  /* close the file descriptor on exec (ignore errors) */
+  flags=fcntl(sock,F_GETFL);
+  if (flags>=0)
+    (void)fcntl(sock,F_SETFD,flags|FD_CLOEXEC);
   /* connect to the socket */
   if (connect(sock,(struct sockaddr *)&addr,SUN_LEN(&addr))<0)
   {
author	Arthur de Jong <arthur@arthurdejong.org>	2012-11-11 16:40:41 +0000
committer	Arthur de Jong <arthur@arthurdejong.org>	2012-11-11 16:40:41 +0000
commit	11fc34e1c519e73dbde252cb1bd3886be6b9366f (patch)
tree	cafd54b38ab6453c953bd93bc213a6e2c7d95028
parent	3e982207a1b0dd9c433d2b0a141b3280ac053c83 (diff)