taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add chmod() to set client unix domain socket to group writable regardless of umask

Browse Source
This commit is contained in:
Christian Grothoff 2021-01-06 10:22:49 +01:00
parent dc570d0c06
commit 09d6ee75fe
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
2 changed files with 89 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
src/util/crypto_helper_denom.c
View File

@ -92,6 +92,8 @@ do_disconnect (struct TALER_CRYPTO_DenominationHelper *dh)
static void static void
try_connect (struct TALER_CRYPTO_DenominationHelper *dh) try_connect (struct TALER_CRYPTO_DenominationHelper *dh)
{ {
char *tmpdir;
if (-1 != dh->sock) if (-1 != dh->sock)
return; return;
dh->sock = socket (AF_UNIX, dh->sock = socket (AF_UNIX,
@ -103,46 +105,53 @@ try_connect (struct TALER_CRYPTO_DenominationHelper *dh)
"socket"); "socket");
return; return;
} }
tmpdir = GNUNET_DISK_mktemp (dh->template);
if (NULL == tmpdir)
{ {
char *tmpdir; do_disconnect (dh);
return;
tmpdir = GNUNET_DISK_mktemp (dh->template);
if (NULL == tmpdir)
{
do_disconnect (dh);
return;
}
/* we use >= here because we want the sun_path to always
be 0-terminated */
if (strlen (tmpdir) >= sizeof (dh->sa.sun_path))
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"PATHS",
"TALER_RUNTIME_DIR",
"path too long");
GNUNET_free (tmpdir);
do_disconnect (dh);
return;
}
dh->my_sa.sun_family = AF_UNIX;
strncpy (dh->my_sa.sun_path,
tmpdir,
sizeof (dh->sa.sun_path));
if (0 != unlink (tmpdir))
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"unlink",
tmpdir);
GNUNET_free (tmpdir);
} }
/* we use >= here because we want the sun_path to always
be 0-terminated */
if (strlen (tmpdir) >= sizeof (dh->sa.sun_path))
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"PATHS",
"TALER_RUNTIME_DIR",
"path too long");
GNUNET_free (tmpdir);
do_disconnect (dh);
return;
}
dh->my_sa.sun_family = AF_UNIX;
strncpy (dh->my_sa.sun_path,
tmpdir,
sizeof (dh->sa.sun_path));
if (0 != unlink (tmpdir))
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"unlink",
tmpdir);
if (0 != bind (dh->sock, if (0 != bind (dh->sock,
(const struct sockaddr *) &dh->my_sa, (const struct sockaddr *) &dh->my_sa,
sizeof (dh->my_sa))) sizeof (dh->my_sa)))
{ {
GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"bind"); "bind",
tmpdir);
do_disconnect (dh); do_disconnect (dh);
GNUNET_free (tmpdir);
return; return;
} }
/* Fix permissions on UNIX domain socket, just
in case umask() is not set to enable group write */
if (0 != chmod (tmpdir,
S_IRUSR | S_IWUSR | S_IWGRP))
{
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"chmod",
tmpdir);
}
GNUNET_free (tmpdir);
{ {
struct GNUNET_MessageHeader hdr = { struct GNUNET_MessageHeader hdr = {
.size = htons (sizeof (hdr)), .size = htons (sizeof (hdr)),
@ -242,6 +251,15 @@ TALER_CRYPTO_helper_denom_connect (
return NULL; return NULL;
} }
dh->template = template; dh->template = template;
if (strlen (template) >= sizeof (dh->sa.sun_path))
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"PATHS",
"TALER_RUNTIME_DIR",
"path too long");
TALER_CRYPTO_helper_denom_disconnect (dh);
return NULL;
}
} }
TALER_CRYPTO_helper_denom_poll (dh); TALER_CRYPTO_helper_denom_poll (dh);
return dh; return dh;

71
src/util/crypto_helper_esign.c
View File

@ -93,6 +93,8 @@ do_disconnect (struct TALER_CRYPTO_ExchangeSignHelper *esh)
static void static void
try_connect (struct TALER_CRYPTO_ExchangeSignHelper *esh) try_connect (struct TALER_CRYPTO_ExchangeSignHelper *esh)
{ {
char *tmpdir;
if (-1 != esh->sock) if (-1 != esh->sock)
return; return;
esh->sock = socket (AF_UNIX, esh->sock = socket (AF_UNIX,
@ -104,46 +106,53 @@ try_connect (struct TALER_CRYPTO_ExchangeSignHelper *esh)
"socket"); "socket");
return; return;
} }
tmpdir = GNUNET_DISK_mktemp (esh->template);
if (NULL == tmpdir)
{ {
char *tmpdir; do_disconnect (esh);
return;
tmpdir = GNUNET_DISK_mktemp (esh->template);
if (NULL == tmpdir)
{
do_disconnect (esh);
return;
}
/* we use >= here because we want the sun_path to always
be 0-terminated */
if (strlen (tmpdir) >= sizeof (esh->sa.sun_path))
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"PATHS",
"TALER_RUNTIME_DIR",
"path too long");
GNUNET_free (tmpdir);
do_disconnect (esh);
return;
}
esh->my_sa.sun_family = AF_UNIX;
strncpy (esh->my_sa.sun_path,
tmpdir,
sizeof (esh->sa.sun_path));
if (0 != unlink (tmpdir))
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"unlink",
tmpdir);
GNUNET_free (tmpdir);
} }
/* we use >= here because we want the sun_path to always
be 0-terminated */
if (strlen (tmpdir) >= sizeof (esh->sa.sun_path))
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"PATHS",
"TALER_RUNTIME_DIR",
"path too long");
GNUNET_free (tmpdir);
do_disconnect (esh);
return;
}
esh->my_sa.sun_family = AF_UNIX;
strncpy (esh->my_sa.sun_path,
tmpdir,
sizeof (esh->sa.sun_path));
if (0 != unlink (tmpdir))
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"unlink",
tmpdir);
if (0 != bind (esh->sock, if (0 != bind (esh->sock,
(const struct sockaddr *) &esh->my_sa, (const struct sockaddr *) &esh->my_sa,
sizeof (esh->my_sa))) sizeof (esh->my_sa)))
{ {
GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"bind"); "bind",
tmpdir);
do_disconnect (esh); do_disconnect (esh);
GNUNET_free (tmpdir);
return; return;
} }
/* Fix permissions on UNIX domain socket, just
in case umask() is not set to enable group write */
if (0 != chmod (tmpdir,
S_IRUSR | S_IWUSR | S_IWGRP))
{
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"chmod",
tmpdir);
}
GNUNET_free (tmpdir);
{ {
struct GNUNET_MessageHeader hdr = { struct GNUNET_MessageHeader hdr = {
.size = htons (sizeof (hdr)), .size = htons (sizeof (hdr)),