diff options
| author | Jonathan Matthew <jmatthew@cvs.openbsd.org> | 2015-11-02 04:48:44 +0000 |
|---|---|---|
| committer | Jonathan Matthew <jmatthew@cvs.openbsd.org> | 2015-11-02 04:48:44 +0000 |
| commit | 593e20f497f2748e8838c1df28ef01da4bd206be (patch) | |
| tree | 782471a883ee7f4b3099a0ede921eda43b802eff /usr.sbin/ldapd/ldape.c | |
| parent | b8cf0e07986c7a5e38e332ad913733d299851593 (diff) | |
Both ldapd processes need "stdio" to talk to clients and each other.
The parent process opens database files ("rpath wpath cpath"), sends fds to
the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc
exec").
The child process accepts client connections ("inet unix"), receives fds from
the parent ("recvfd") and locks database files ("flock").
ok deraadt@
Diffstat (limited to 'usr.sbin/ldapd/ldape.c')
| -rw-r--r-- | usr.sbin/ldapd/ldape.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.sbin/ldapd/ldape.c b/usr.sbin/ldapd/ldape.c index 48bc298db74..9d833c66b74 100644 --- a/usr.sbin/ldapd/ldape.c +++ b/usr.sbin/ldapd/ldape.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ldape.c,v 1.20 2015/06/03 02:24:36 millert Exp $ */ +/* $OpenBSD: ldape.c,v 1.21 2015/11/02 04:48:43 jmatthew Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -445,6 +445,9 @@ ldape(struct passwd *pw, char *csockpath, int pipe_parent2ldap[2]) fatal("cannot drop privileges"); } + if (pledge("stdio flock inet unix recvfd", NULL) == -1) + fatal("pledge"); + log_debug("ldape: entering event loop"); event_dispatch(); |