Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow file permissions to be set for UNIX domain listening socket #311

Merged
merged 1 commit into from
Jan 12, 2015
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 27 additions & 2 deletions src/nc_conf.c
Original file line number Diff line number Diff line change
Expand Up @@ -275,6 +275,7 @@ conf_pool_each_transform(void *elem, void *data)
sp->family = cp->listen.info.family;
sp->addrlen = cp->listen.info.addrlen;
sp->addr = (struct sockaddr *)&cp->listen.info.addr;
sp->perm = cp->listen.perm;

sp->key_hash_type = cp->hash;
sp->key_hash = hash_algos[cp->hash];
Expand Down Expand Up @@ -1440,8 +1441,32 @@ conf_set_listen(struct conf *cf, struct command *cmd, void *conf)
}

if (value->data[0] == '/') {
name = value->data;
namelen = value->len;
uint8_t *q, *start, *perm;
uint32_t permlen;


/* parse "socket_path permissions" from the end */
p = value->data + value->len -1;
start = value->data;
q = nc_strrchr(p, start, ' ');
if (q == NULL) {
/* no permissions field, so use defaults */
name = value->data;
namelen = value->len;
} else {
perm = q + 1;
permlen = (uint32_t)(p - perm + 1);

p = q - 1;
name = start;
namelen = (uint32_t)(p - start + 1);

errno = 0;
field->perm = (mode_t)strtol((char *)perm, NULL, 8);
if (errno || field->perm > 0777) {
return "has an invalid file permission in \"socket_path permission\" format string";
}
}
} else {
uint8_t *q, *start, *port;
uint32_t portlen;
Expand Down
1 change: 1 addition & 0 deletions src/nc_conf.h
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ struct conf_listen {
struct string pname; /* listen: as "name:port" */
struct string name; /* name */
int port; /* port */
mode_t perm; /* socket permissions */
struct sockinfo info; /* listen socket info */
unsigned valid:1; /* valid? */
};
Expand Down
11 changes: 11 additions & 0 deletions src/nc_proxy.c
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
* limitations under the License.
*/

#include <sys/stat.h>
#include <sys/un.h>

#include <nc_core.h>
Expand Down Expand Up @@ -148,6 +149,16 @@ proxy_listen(struct context *ctx, struct conn *p)
return NC_ERROR;
}

if (p->family == AF_UNIX && pool->perm) {
struct sockaddr_un *un = (struct sockaddr_un *)p->addr;
status = chmod(un->sun_path, pool->perm);
if (status < 0) {
log_error("chmod on p %d on addr '%.*s' failed: %s", p->sd,
pool->addrstr.len, pool->addrstr.data, strerror(errno));
return NC_ERROR;
}
}

status = listen(p->sd, pool->backlog);
if (status < 0) {
log_error("listen on p %d on addr '%.*s' failed: %s", p->sd,
Expand Down
1 change: 1 addition & 0 deletions src/nc_server.h
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,7 @@ struct server_pool {
int family; /* socket family */
socklen_t addrlen; /* socket length */
struct sockaddr *addr; /* socket address (ref in conf_pool) */
mode_t perm; /* socket permission */
int dist_type; /* distribution type (dist_type_t) */
int key_hash_type; /* key hash type (hash_type_t) */
hash_t key_hash; /* key hasher */
Expand Down