diff options
| author | Florian Dold <florian.dold@gmail.com> | 2016-04-25 20:36:47 +0200 | 
|---|---|---|
| committer | Florian Dold <florian.dold@gmail.com> | 2016-04-25 20:36:47 +0200 | 
| commit | 37266ffacde14c1e249968e861263f9e9b4e7acf (patch) | |
| tree | d795f2114e482911bad94bd26555c7460c3b8b32 /src/exchange | |
| parent | edd704fa739232f532e72fd01a15a5bd1535c827 (diff) | |
socket permissions
Diffstat (limited to 'src/exchange')
| -rw-r--r-- | src/exchange/exchange.conf | 4 | ||||
| -rw-r--r-- | src/exchange/taler-exchange-httpd.c | 35 | 
2 files changed, 35 insertions, 4 deletions
| diff --git a/src/exchange/exchange.conf b/src/exchange/exchange.conf index 674f86df..7dffdd7f 100644 --- a/src/exchange/exchange.conf +++ b/src/exchange/exchange.conf @@ -16,8 +16,8 @@ SERVE = tcp  # Unix domain socket to listen on,  # only effective with "SERVE = unix" -UNIXPATH = ${TALER_SOCKET_DIR}/exchange -# UNIXPATH_MODE = 660 +UNIXPATH = ${TALER_RUNTIME_DIR}/exchange.http +UNIXPATH_MODE = 660  # HTTP port the exchange listens to  # PORT = 8081 diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c index 30de6e76..bf60cfd6 100644 --- a/src/exchange/taler-exchange-httpd.c +++ b/src/exchange/taler-exchange-httpd.c @@ -101,11 +101,16 @@ static struct MHD_Daemon *mydaemon;  static uint16_t serve_port;  /** - * Path for the unix domain socket + * Path for the unix domain-socket   * to run the daemon on.   */  static char *serve_unixpath; +/** + * File mode for unix-domain socket. + */ +static mode_t unixpath_mode; +  /**   * Function called whenever MHD is done with a request.  If the @@ -515,6 +520,8 @@ exchange_serve_process_config ()      else if (0 == strcmp (serve_type, "unix"))      {        struct sockaddr_un s_un; +      unsigned long long mode; +        if (GNUNET_OK !=            GNUNET_CONFIGURATION_get_value_filename (cfg,                                                     "exchange", @@ -536,6 +543,21 @@ exchange_serve_process_config ()          TMH_VALIDATION_done ();          return GNUNET_SYSERR;        } + +      if (GNUNET_OK != +          GNUNET_CONFIGURATION_get_value_number (cfg, +                                                 "exchange", +                                                 "unixpath_mode", +                                                 &mode)) +      { +        GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, +                                   "exchange", +                                   "unixpath_mode", +                                   "unixpath_mode required"); +        TMH_VALIDATION_done (); +        return GNUNET_SYSERR; +      } +      unixpath_mode = (mode_t) mode;      }      else      { @@ -744,6 +766,7 @@ main (int argc,    {      struct GNUNET_NETWORK_Handle *nh;      struct sockaddr_un *un; +    int fh;      if (sizeof (un->sun_path) <= strlen (serve_unixpath))      { @@ -773,11 +796,19 @@ main (int argc,        return 1;      } +    fh = GNUNET_NETWORK_get_fd (nh); + +    if (0 != fchmod (fh, unixpath_mode)) +    { +      fprintf (stderr, "chmod failed: %s\n", strerror (errno)); +      return 1; +    } +      mydaemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY | MHD_USE_DEBUG,                                   0,                                   NULL, NULL,                                   &handle_mhd_request, NULL, -                                 MHD_OPTION_LISTEN_SOCKET, GNUNET_NETWORK_get_fd (nh), +                                 MHD_OPTION_LISTEN_SOCKET, fh,                                   MHD_OPTION_EXTERNAL_LOGGER, &handle_mhd_logs, NULL,                                   MHD_OPTION_NOTIFY_COMPLETED, &handle_mhd_completion_callback, NULL,                                   MHD_OPTION_CONNECTION_TIMEOUT, connection_timeout, | 
