diff options
| author | Florian Dold <florian@dold.me> | 2021-08-04 20:00:31 +0200 | 
|---|---|---|
| committer | Florian Dold <florian@dold.me> | 2021-08-04 20:01:28 +0200 | 
| commit | 07bcff123f7ee750bb0fc6d0008467f51d7e3b0d (patch) | |
| tree | 3648272fc99101ff39a987808323dd063e6cf69c | |
| parent | 99cbc5fbe260b921e8aa47e4c5e6941bf6e49b87 (diff) | |
call chmod on client socket path, not client socket directory
| -rw-r--r-- | debian/etc-taler-exchange/taler/conf.d/exchange-system.conf | 1 | ||||
| -rw-r--r-- | src/util/crypto_helper_denom.c | 23 | ||||
| -rw-r--r-- | src/util/crypto_helper_esign.c | 24 | 
3 files changed, 33 insertions, 15 deletions
| diff --git a/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf b/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf index 7fb65d98..75c670f7 100644 --- a/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf +++ b/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf @@ -2,7 +2,6 @@  # Read secret sections into configuration, but only  # if we have permission to do so. -@inline-secret@ exchange-account-1 ../secrets/exchange-accounts.secret.conf  @inline-secret@ exchangedb-postgres ../secrets/exchange-db.secret.conf  [exchange] diff --git a/src/util/crypto_helper_denom.c b/src/util/crypto_helper_denom.c index 2cc140c8..243dd296 100644 --- a/src/util/crypto_helper_denom.c +++ b/src/util/crypto_helper_denom.c @@ -142,14 +142,23 @@ try_connect (struct TALER_CRYPTO_DenominationHelper *dh)      GNUNET_free (tmpdir);      return;    } -  /* Fix permissions on UNIX domain socket, just -     in case umask() is not set to enable group write */ -  if (0 != chmod (tmpdir, -                  S_IRUSR | S_IWUSR | S_IWGRP)) +  /* Fix permissions on client UNIX domain socket, +     just in case umask() is not set to enable group write */    { -    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, -                              "chmod", -                              tmpdir); +    char path[sizeof (dh->my_sa) + 1]; + +    strncpy (path, +             (const char *) &dh->my_sa, +             sizeof (dh->my_sa)); +    path[sizeof (dh->my_sa)] = '\0'; + +    if (0 != chmod (path, +                    S_IRUSR | S_IWUSR | S_IWGRP)) +    { +      GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, +                                "chmod", +                                path); +    }    }    GNUNET_free (tmpdir);    { diff --git a/src/util/crypto_helper_esign.c b/src/util/crypto_helper_esign.c index d5baa934..1234ba4a 100644 --- a/src/util/crypto_helper_esign.c +++ b/src/util/crypto_helper_esign.c @@ -143,15 +143,25 @@ try_connect (struct TALER_CRYPTO_ExchangeSignHelper *esh)      GNUNET_free (tmpdir);      return;    } -  /* Fix permissions on UNIX domain socket, just -     in case umask() is not set to enable group write */ -  if (0 != chmod (tmpdir, -                  S_IRUSR | S_IWUSR | S_IWGRP)) +  /* Fix permissions on client UNIX domain socket, +     just in case umask() is not set to enable group write */    { -    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, -                              "chmod", -                              tmpdir); +    char path[sizeof (esh->my_sa) + 1]; + +    strncpy (path, +             (const char *) &esh->my_sa, +             sizeof (esh->my_sa)); +    path[sizeof (esh->my_sa)] = '\0'; + +    if (0 != chmod (path, +                    S_IRUSR | S_IWUSR | S_IWGRP)) +    { +      GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, +                                "chmod", +                                path); +    }    } +    GNUNET_free (tmpdir);    {      struct GNUNET_MessageHeader hdr = { | 
