add chmod() to set client unix domain socket to group writable regardless of umask

2021-01-06 10:22:49 +01:00 · 2021-01-06 10:22:49 +01:00 · 09d6ee75fe
commit 09d6ee75fe
parent dc570d0c06
2 changed files with 89 additions and 62 deletions
--- a/src/util/crypto_helper_denom.c
+++ b/src/util/crypto_helper_denom.c
@ -92,6 +92,8 @@ do_disconnect (struct TALER_CRYPTO_DenominationHelper *dh)
 static void
 try_connect (struct TALER_CRYPTO_DenominationHelper *dh)
 {
+  char *tmpdir;
+
  if (-1 != dh->sock)
    return;
  dh->sock = socket (AF_UNIX,
@ -103,9 +105,6 @@ try_connect (struct TALER_CRYPTO_DenominationHelper *dh)
                         "socket");
    return;
  }
-  {
-    char *tmpdir;
-
  tmpdir = GNUNET_DISK_mktemp (dh->template);
  if (NULL == tmpdir)
  {
@ -132,17 +131,27 @@ try_connect (struct TALER_CRYPTO_DenominationHelper *dh)
    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
                              "unlink",
                              tmpdir);
-    GNUNET_free (tmpdir);
-  }
  if (0 != bind (dh->sock,
                 (const struct sockaddr *) &dh->my_sa,
                 sizeof (dh->my_sa)))
  {
-    GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
-                         "bind");
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "bind",
+                              tmpdir);
    do_disconnect (dh);
+    GNUNET_free (tmpdir);
    return;
  }
+  /* Fix permissions on UNIX domain socket, just
+     in case umask() is not set to enable group write */
+  if (0 != chmod (tmpdir,
+                  S_IRUSR | S_IWUSR | S_IWGRP))
+  {
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "chmod",
+                              tmpdir);
+  }
+  GNUNET_free (tmpdir);
  {
    struct GNUNET_MessageHeader hdr = {
      .size = htons (sizeof (hdr)),
@ -242,6 +251,15 @@ TALER_CRYPTO_helper_denom_connect (
      return NULL;
    }
    dh->template = template;
+    if (strlen (template) >= sizeof (dh->sa.sun_path))
+    {
+      GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+                                 "PATHS",
+                                 "TALER_RUNTIME_DIR",
+                                 "path too long");
+      TALER_CRYPTO_helper_denom_disconnect (dh);
+      return NULL;
+    }
  }
  TALER_CRYPTO_helper_denom_poll (dh);
  return dh;
--- a/src/util/crypto_helper_esign.c
+++ b/src/util/crypto_helper_esign.c
@ -93,6 +93,8 @@ do_disconnect (struct TALER_CRYPTO_ExchangeSignHelper *esh)
 static void
 try_connect (struct TALER_CRYPTO_ExchangeSignHelper *esh)
 {
+  char *tmpdir;
+
  if (-1 != esh->sock)
    return;
  esh->sock = socket (AF_UNIX,
@ -104,9 +106,6 @@ try_connect (struct TALER_CRYPTO_ExchangeSignHelper *esh)
                         "socket");
    return;
  }
-  {
-    char *tmpdir;
-
  tmpdir = GNUNET_DISK_mktemp (esh->template);
  if (NULL == tmpdir)
  {
@ -133,17 +132,27 @@ try_connect (struct TALER_CRYPTO_ExchangeSignHelper *esh)
    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
                              "unlink",
                              tmpdir);
-    GNUNET_free (tmpdir);
-  }
  if (0 != bind (esh->sock,
                 (const struct sockaddr *) &esh->my_sa,
                 sizeof (esh->my_sa)))
  {
-    GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
-                         "bind");
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "bind",
+                              tmpdir);
    do_disconnect (esh);
+    GNUNET_free (tmpdir);
    return;
  }
+  /* Fix permissions on UNIX domain socket, just
+     in case umask() is not set to enable group write */
+  if (0 != chmod (tmpdir,
+                  S_IRUSR | S_IWUSR | S_IWGRP))
+  {
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "chmod",
+                              tmpdir);
+  }
+  GNUNET_free (tmpdir);
  {
    struct GNUNET_MessageHeader hdr = {
      .size = htons (sizeof (hdr)),