From 37266ffacde14c1e249968e861263f9e9b4e7acf Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Mon, 25 Apr 2016 20:36:47 +0200 Subject: [PATCH] socket permissions --- src/exchange/exchange.conf | 4 ++-- src/exchange/taler-exchange-httpd.c | 35 +++++++++++++++++++++++++++-- 2 files changed, 35 insertions(+), 4 deletions(-) diff --git a/src/exchange/exchange.conf b/src/exchange/exchange.conf index 674f86df2..7dffdd7fa 100644 --- a/src/exchange/exchange.conf +++ b/src/exchange/exchange.conf @@ -16,8 +16,8 @@ SERVE = tcp # Unix domain socket to listen on, # only effective with "SERVE = unix" -UNIXPATH = ${TALER_SOCKET_DIR}/exchange -# UNIXPATH_MODE = 660 +UNIXPATH = ${TALER_RUNTIME_DIR}/exchange.http +UNIXPATH_MODE = 660 # HTTP port the exchange listens to # PORT = 8081 diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c index 30de6e76e..bf60cfd6e 100644 --- a/src/exchange/taler-exchange-httpd.c +++ b/src/exchange/taler-exchange-httpd.c @@ -101,11 +101,16 @@ static struct MHD_Daemon *mydaemon; static uint16_t serve_port; /** - * Path for the unix domain socket + * Path for the unix domain-socket * to run the daemon on. */ static char *serve_unixpath; +/** + * File mode for unix-domain socket. + */ +static mode_t unixpath_mode; + /** * Function called whenever MHD is done with a request. If the @@ -515,6 +520,8 @@ exchange_serve_process_config () else if (0 == strcmp (serve_type, "unix")) { struct sockaddr_un s_un; + unsigned long long mode; + if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, "exchange", @@ -536,6 +543,21 @@ exchange_serve_process_config () TMH_VALIDATION_done (); return GNUNET_SYSERR; } + + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_number (cfg, + "exchange", + "unixpath_mode", + &mode)) + { + GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, + "exchange", + "unixpath_mode", + "unixpath_mode required"); + TMH_VALIDATION_done (); + return GNUNET_SYSERR; + } + unixpath_mode = (mode_t) mode; } else { @@ -744,6 +766,7 @@ main (int argc, { struct GNUNET_NETWORK_Handle *nh; struct sockaddr_un *un; + int fh; if (sizeof (un->sun_path) <= strlen (serve_unixpath)) { @@ -773,11 +796,19 @@ main (int argc, return 1; } + fh = GNUNET_NETWORK_get_fd (nh); + + if (0 != fchmod (fh, unixpath_mode)) + { + fprintf (stderr, "chmod failed: %s\n", strerror (errno)); + return 1; + } + mydaemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY | MHD_USE_DEBUG, 0, NULL, NULL, &handle_mhd_request, NULL, - MHD_OPTION_LISTEN_SOCKET, GNUNET_NETWORK_get_fd (nh), + MHD_OPTION_LISTEN_SOCKET, fh, MHD_OPTION_EXTERNAL_LOGGER, &handle_mhd_logs, NULL, MHD_OPTION_NOTIFY_COMPLETED, &handle_mhd_completion_callback, NULL, MHD_OPTION_CONNECTION_TIMEOUT, connection_timeout,