[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r30065 - in gnunet/src: arm include util
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] r30065 - in gnunet/src: arm include util |
|
Date: |
Wed, 9 Oct 2013 22:03:31 +0200 |
Author: grothoff
Date: 2013-10-09 22:03:31 +0200 (Wed, 09 Oct 2013)
New Revision: 30065
Modified:
gnunet/src/arm/gnunet-service-arm.c
gnunet/src/include/gnunet_disk_lib.h
gnunet/src/util/connection.c
gnunet/src/util/disk.c
gnunet/src/util/network.c
gnunet/src/util/server.c
gnunet/src/util/service.c
Log:
changing UNIX domain socket access control to file permissions checks, instead
of UDS credentials (#2887)
Modified: gnunet/src/arm/gnunet-service-arm.c
===================================================================
--- gnunet/src/arm/gnunet-service-arm.c 2013-10-09 19:22:59 UTC (rev 30064)
+++ gnunet/src/arm/gnunet-service-arm.c 2013-10-09 20:03:31 UTC (rev 30065)
@@ -582,34 +582,36 @@
static int on = 1;
struct GNUNET_NETWORK_Handle *sock;
struct ServiceListeningInfo *sli;
+ int match_uid;
+ int match_gid;
switch (sa->sa_family)
- {
- case AF_INET:
- sock = GNUNET_NETWORK_socket_create (PF_INET, SOCK_STREAM, 0);
- break;
- case AF_INET6:
- sock = GNUNET_NETWORK_socket_create (PF_INET6, SOCK_STREAM, 0);
- break;
- case AF_UNIX:
- if (strcmp (GNUNET_a2s (sa, addr_len), "@") == 0) /* Do not bind
to blank UNIX path! */
- return;
- sock = GNUNET_NETWORK_socket_create (PF_UNIX, SOCK_STREAM, 0);
- break;
- default:
- GNUNET_break (0);
- sock = NULL;
- errno = EAFNOSUPPORT;
- break;
- }
+ {
+ case AF_INET:
+ sock = GNUNET_NETWORK_socket_create (PF_INET, SOCK_STREAM, 0);
+ break;
+ case AF_INET6:
+ sock = GNUNET_NETWORK_socket_create (PF_INET6, SOCK_STREAM, 0);
+ break;
+ case AF_UNIX:
+ if (strcmp (GNUNET_a2s (sa, addr_len), "@") == 0) /* Do not bind to blank
UNIX path! */
+ return;
+ sock = GNUNET_NETWORK_socket_create (PF_UNIX, SOCK_STREAM, 0);
+ break;
+ default:
+ GNUNET_break (0);
+ sock = NULL;
+ errno = EAFNOSUPPORT;
+ break;
+ }
if (NULL == sock)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- _("Unable to create socket for service `%s': %s\n"),
- sl->name, STRERROR (errno));
- GNUNET_free (sa);
- return;
- }
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ _("Unable to create socket for service `%s': %s\n"),
+ sl->name, STRERROR (errno));
+ GNUNET_free (sa);
+ return;
+ }
if (GNUNET_NETWORK_socket_setsockopt
(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof (on)) != GNUNET_OK)
GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK,
@@ -624,22 +626,37 @@
if (GNUNET_OK !=
GNUNET_NETWORK_socket_bind (sock, (const struct sockaddr *) sa,
addr_len))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- _
- ("Unable to bind listening socket for service `%s' to address
`%s': %s\n"),
- sl->name, GNUNET_a2s (sa, addr_len), STRERROR (errno));
- GNUNET_break (GNUNET_OK == GNUNET_NETWORK_socket_close (sock));
- GNUNET_free (sa);
- return;
- }
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ _
+ ("Unable to bind listening socket for service `%s' to address
`%s': %s\n"),
+ sl->name, GNUNET_a2s (sa, addr_len), STRERROR (errno));
+ GNUNET_break (GNUNET_OK == GNUNET_NETWORK_socket_close (sock));
+ GNUNET_free (sa);
+ return;
+ }
+#ifndef WINDOWS
+ if (AF_UNIX == sa->sa_family)
+ {
+ match_uid =
+ GNUNET_CONFIGURATION_get_value_yesno (cfg, sl->name,
+ "UNIX_MATCH_UID");
+ match_gid =
+ GNUNET_CONFIGURATION_get_value_yesno (cfg, sl->name,
+ "UNIX_MATCH_GID");
+ GNUNET_DISK_fix_permissions (((const struct sockaddr_un *)sa)->sun_path,
+ match_uid,
+ match_gid);
+
+ }
+#endif
if (GNUNET_NETWORK_socket_listen (sock, 5) != GNUNET_OK)
- {
- GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "listen");
- GNUNET_break (GNUNET_OK == GNUNET_NETWORK_socket_close (sock));
- GNUNET_free (sa);
- return;
- }
+ {
+ GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "listen");
+ GNUNET_break (GNUNET_OK == GNUNET_NETWORK_socket_close (sock));
+ GNUNET_free (sa);
+ return;
+ }
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
_("ARM now monitors connections to service `%s' at `%s'\n"),
sl->name, GNUNET_a2s (sa, addr_len));
Modified: gnunet/src/include/gnunet_disk_lib.h
===================================================================
--- gnunet/src/include/gnunet_disk_lib.h 2013-10-09 19:22:59 UTC (rev
30064)
+++ gnunet/src/include/gnunet_disk_lib.h 2013-10-09 20:03:31 UTC (rev
30065)
@@ -265,7 +265,7 @@
* Checks whether a handle is invalid
*
* @param h handle to check
- * @return GNUNET_YES if invalid, GNUNET_NO if valid
+ * @return #GNUNET_YES if invalid, #GNUNET_NO if valid
*/
int
GNUNET_DISK_handle_invalid (const struct GNUNET_DISK_FileHandle *h);
@@ -506,6 +506,21 @@
*/
struct GNUNET_DISK_FileHandle *
GNUNET_DISK_get_handle_from_w32_handle (HANDLE osfh);
+#else
+
+/**
+ * Update POSIX permissions mask of a file on disk. If both argumets
+ * are #GNUNET_NO, the file is made world-read-write-executable (777).
+ *
+ * @param fn name of the file to update
+ * @param require_uid_match #GNUNET_YES means 700
+ * @param require_gid_match #GNUNET_YES means 770 unless @a require_uid_match
is set
+ */
+void
+GNUNET_DISK_fix_permissions (const char *fn,
+ int require_uid_match,
+ int require_gid_match);
+
#endif
Modified: gnunet/src/util/connection.c
===================================================================
--- gnunet/src/util/connection.c 2013-10-09 19:22:59 UTC (rev 30064)
+++ gnunet/src/util/connection.c 2013-10-09 20:03:31 UTC (rev 30065)
@@ -419,7 +419,8 @@
(GNUNET_YES != (aret = access (access_cls, gcp, uaddr, addrlen))))
{
if (GNUNET_NO == aret)
- LOG (GNUNET_ERROR_TYPE_INFO, _("Access denied to `%s'\n"),
+ LOG (GNUNET_ERROR_TYPE_INFO,
+ _("Access denied to `%s'\n"),
GNUNET_a2s (uaddr, addrlen));
GNUNET_break (GNUNET_OK ==
GNUNET_NETWORK_socket_shutdown (sock, SHUT_RDWR));
Modified: gnunet/src/util/disk.c
===================================================================
--- gnunet/src/util/disk.c 2013-10-09 19:22:59 UTC (rev 30064)
+++ gnunet/src/util/disk.c 2013-10-09 20:03:31 UTC (rev 30065)
@@ -463,6 +463,35 @@
strcpy (fn, tfn);
return fn;
}
+#else
+
+/**
+ * Update POSIX permissions mask of a file on disk. If both argumets
+ * are #GNUNET_NO, the file is made world-read-write-executable (777).
+ *
+ * @param fn name of the file to update
+ * @param require_uid_match #GNUNET_YES means 700
+ * @param require_gid_match #GNUNET_YES means 770 unless @a require_uid_match
is set
+ */
+void
+GNUNET_DISK_fix_permissions (const char *fn,
+ int require_uid_match,
+ int require_gid_match)
+{
+ mode_t mode;
+
+ if (GNUNET_YES == require_uid_match)
+ mode = S_IRUSR | S_IWUSR | S_IXUSR;
+ else if (GNUNET_YES == require_gid_match)
+ mode = S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP;
+ else
+ mode = S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH
| S_IWOTH | S_IXOTH;
+ if (0 != chmod (fn, mode))
+ GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+ "chmod",
+ fn);
+}
+
#endif
/**
Modified: gnunet/src/util/network.c
===================================================================
--- gnunet/src/util/network.c 2013-10-09 19:22:59 UTC (rev 30064)
+++ gnunet/src/util/network.c 2013-10-09 20:03:31 UTC (rev 30065)
@@ -87,8 +87,8 @@
{
if (EAFNOSUPPORT == errno)
return GNUNET_NO;
- GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- "Failed to create test socket: %s\n",
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "Failed to create test socket: %s\n",
STRERROR (errno));
return GNUNET_SYSERR;
}
@@ -400,11 +400,14 @@
{
const struct sockaddr_un *address_un = (const struct sockaddr_un *)address;
if (address_un->sun_path[0] == '\0')
+ {
bind_address_len = \
sizeof (struct sockaddr_un) \
- sizeof (address_un->sun_path) \
+ strnlen (address_un->sun_path + 1, sizeof (address_un->sun_path) -
1) \
+ 1;
+ GNUNET_break (0);
+ }
}
#endif
@@ -413,7 +416,7 @@
{
const int on = 1;
- if (desc->af == AF_INET6)
+ if (AF_INET6 == desc->af)
if (setsockopt (desc->fd, IPPROTO_IPV6, IPV6_V6ONLY,
(const void *) &on,
sizeof (on)))
@@ -431,7 +434,22 @@
LOG_STRERROR (GNUNET_ERROR_TYPE_DEBUG, "setsockopt");
}
#endif
- ret = bind (desc->fd, address, bind_address_len);
+#ifndef WINDOWS
+ {
+ /* set permissions of newly created UNIX domain socket to "user-only";
applications
+ can choose to relax this later */
+ mode_t old_mask;
+
+ if (AF_UNIX == address->sa_family)
+ old_mask = umask (S_IWGRP | S_IRGRP | S_IXGRP | S_IWOTH | S_IROTH |
S_IXOTH);
+#endif
+
+ ret = bind (desc->fd, address, bind_address_len);
+#ifndef WINDOWS
+ if (AF_UNIX == address->sa_family)
+ (void) umask (old_mask);
+ }
+#endif
#ifdef MINGW
if (SOCKET_ERROR == ret)
SetErrnoFromWinsockError (WSAGetLastError ());
@@ -477,8 +495,8 @@
const struct sockaddr_un *un = (const struct sockaddr_un *) desc->addr;
if (0 != unlink (un->sun_path))
- LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING,
- "unlink",
+ LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING,
+ "unlink",
un->sun_path);
}
#endif
@@ -550,12 +568,15 @@
if (address->sa_family == AF_UNIX)
{
const struct sockaddr_un *address_un = (const struct sockaddr_un *)address;
- if(address_un->sun_path[0] == '\0')
- address_len = \
+ if (address_un->sun_path[0] == '\0')
+ {
+ address_len = \
sizeof (struct sockaddr_un) \
- sizeof (address_un->sun_path) \
+ strnlen (address_un->sun_path + 1, sizeof (address_un->sun_path) -
1) \
+ 1;
+ GNUNET_break (0);
+ }
}
#endif
ret = connect (desc->fd, address, address_len);
Modified: gnunet/src/util/server.c
===================================================================
--- gnunet/src/util/server.c 2013-10-09 19:22:59 UTC (rev 30064)
+++ gnunet/src/util/server.c 2013-10-09 20:03:31 UTC (rev 30065)
@@ -392,7 +392,8 @@
* @param tc reason why we are running right now
*/
static void
-process_listen_socket (void *cls, const struct GNUNET_SCHEDULER_TaskContext
*tc)
+process_listen_socket (void *cls,
+ const struct GNUNET_SCHEDULER_TaskContext *tc)
{
struct GNUNET_SERVER_Handle *server = cls;
struct GNUNET_CONNECTION_Handle *sock;
@@ -417,7 +418,8 @@
server->listen_sockets[i]);
if (NULL != sock)
{
- LOG (GNUNET_ERROR_TYPE_DEBUG, "Server accepted incoming
connection.\n");
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "Server accepted incoming connection.\n");
client = GNUNET_SERVER_connect_socket (server, sock);
/* decrement reference count, we don't keep "client" alive */
GNUNET_SERVER_client_drop (client);
@@ -434,7 +436,7 @@
* Create and initialize a listen socket for the server.
*
* @param server_addr address to listen on
- * @param socklen length of address
+ * @param socklen length of @a server_addr
* @return NULL on error, otherwise the listen socket
*/
static struct GNUNET_NETWORK_Handle *
@@ -543,7 +545,7 @@
{
struct GNUNET_SERVER_Handle *server;
- server = GNUNET_malloc (sizeof (struct GNUNET_SERVER_Handle));
+ server = GNUNET_new (struct GNUNET_SERVER_Handle);
server->idle_timeout = idle_timeout;
server->listen_sockets = lsocks;
server->access = access;
@@ -843,7 +845,7 @@
{
struct HandlerList *p;
- p = GNUNET_malloc (sizeof (struct HandlerList));
+ p = GNUNET_new (struct HandlerList);
p->handlers = handlers;
p->next = server->handlers;
server->handlers = p;
@@ -977,7 +979,7 @@
(GNUNET_SCHEDULER_NO_TASK == sender->warn_task) )
{
GNUNET_break (0 != type); /* type should never be 0 here, as we
don't use 0 */
- sender->warn_start = GNUNET_TIME_absolute_get ();
+ sender->warn_start = GNUNET_TIME_absolute_get ();
sender->warn_task =
GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_MINUTES,
&warn_no_receive_done, sender);
@@ -1235,7 +1237,7 @@
struct GNUNET_SERVER_Client *client;
struct NotifyList *n;
- client = GNUNET_malloc (sizeof (struct GNUNET_SERVER_Client));
+ client = GNUNET_new (struct GNUNET_SERVER_Client);
client->connection = connection;
client->reference_count = 1;
client->server = server;
Modified: gnunet/src/util/service.c
===================================================================
--- gnunet/src/util/service.c 2013-10-09 19:22:59 UTC (rev 30064)
+++ gnunet/src/util/service.c 2013-10-09 20:03:31 UTC (rev 30065)
@@ -532,17 +532,17 @@
/**
* Do we require a matching UID for UNIX domain socket connections?
- * GNUNET_NO means that the UID does not have to match (however,
- * "match_gid" may still impose other access control checks).
+ * #GNUNET_NO means that the UID does not have to match (however,
+ * @e match_gid may still impose other access control checks).
*/
int match_uid;
/**
* Do we require a matching GID for UNIX domain socket connections?
- * Ignored if "match_uid" is GNUNET_YES. Note that this is about
+ * Ignored if @e match_uid is #GNUNET_YES. Note that this is about
* checking that the client's UID is in our group OR that the
- * client's GID is our GID. If both "match_gid" and "match_uid" are
- * "GNUNET_NO", all users on the local system have access.
+ * client's GID is our GID. If both "match_gid" and @e match_uid are
+ * #GNUNET_NO, all users on the local system have access.
*/
int match_gid;
@@ -626,7 +626,7 @@
* @param uc credentials, if available, otherwise NULL
* @param addr address
* @param addrlen length of address
- * @return GNUNET_YES to allow, GNUNET_NO to deny, GNUNET_SYSERR
+ * @return #GNUNET_YES to allow, #GNUNET_NO to deny, #GNUNET_SYSERR
* for unknown address family (will be denied).
*/
static int
@@ -658,56 +658,7 @@
break;
#ifndef WINDOWS
case AF_UNIX:
- ret = GNUNET_OK; /* always OK for now */
- if (GNUNET_YES == sctx->match_uid)
- {
- /* UID match required */
- ret = (NULL != uc) && ( (0 == uc->uid) || (uc->uid == geteuid ()) );
- }
- else if ( (GNUNET_YES == sctx->match_gid) &&
- ( (NULL == uc) ||
- ( (0 != uc->uid) &&
- (uc->uid != geteuid ()) ) ) )
- {
- /* group match required and UID does not match */
- if (NULL == uc)
- {
- /* no credentials, group match not possible */
- ret = GNUNET_NO;
- }
- else
- {
- struct group *grp;
- unsigned int i;
-
- if (uc->gid != getegid())
- {
- /* default group did not match, but maybe the user is in our group,
let's check */
- grp = getgrgid (getegid ());
- if (NULL == grp)
- {
- GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "getgrgid");
- return GNUNET_NO;
- }
- ret = GNUNET_NO;
- for (i=0; NULL != grp->gr_mem[i]; i++)
- {
- struct passwd *nam = getpwnam (grp->gr_mem[i]);
- if (NULL == nam)
- continue; /* name in group that is not in user DB !? */
- if (nam->pw_uid == uc->uid)
- {
- /* yes, uid is in our group, allow! */
- ret = GNUNET_YES;
- break;
- }
- }
- }
- }
- }
- if (GNUNET_NO == ret)
- LOG (GNUNET_ERROR_TYPE_WARNING, _("Access denied to UID %d / GID %d\n"),
- (NULL == uc) ? -1 : uc->uid, (NULL == uc) ? -1 : uc->gid);
+ ret = GNUNET_OK; /* controlled using file-system ACL now */
break;
#endif
default:
@@ -752,7 +703,7 @@
* @param ret location where to write the ACL (set)
* @param sctx service context to use to get the configuration
* @param option name of the ACL option to parse
- * @return GNUNET_SYSERR on parse error, GNUNET_OK on success (including
+ * @return #GNUNET_SYSERR on parse error, #GNUNET_OK on success (including
* no ACL configured)
*/
static int
@@ -789,7 +740,7 @@
* @param ret location where to write the ACL (set)
* @param sctx service context to use to get the configuration
* @param option name of the ACL option to parse
- * @return GNUNET_SYSERR on parse error, GNUNET_OK on success (including
+ * @return #GNUNET_SYSERR on parse error, #GNUNET_OK on success (including
* no ACL configured)
*/
static int
@@ -835,7 +786,7 @@
#ifdef AF_UNIX
struct sockaddr_un *un;
- un = GNUNET_malloc (sizeof (struct sockaddr_un));
+ un = GNUNET_new (struct sockaddr_un);
un->sun_family = AF_UNIX;
strncpy (un->sun_path, unixpath, sizeof (un->sun_path) - 1);
#if HAVE_SOCKADDR_IN_SIN_LEN
@@ -864,11 +815,11 @@
* of the respective 'struct sockaddr' struct in the 'addrs'
* array (on success)
* @return number of addresses found on success,
- * GNUNET_SYSERR if the configuration
+ * #GNUNET_SYSERR if the configuration
* did not specify reasonable finding information or
* if it specified a hostname that could not be resolved;
- * GNUNET_NO if the number of addresses configured is
- * zero (in this case, '*addrs' and '*addr_lens' will be
+ * #GNUNET_NO if the number of addresses configured is
+ * zero (in this case, `*addrs` and `*addr_lens` will be
* set to NULL).
*/
int
@@ -1000,8 +951,7 @@
return GNUNET_SYSERR;
}
LOG (GNUNET_ERROR_TYPE_INFO,
- _
- ("Disabling UNIX domain socket support for service `%s', failed to
create UNIX domain socket: %s\n"),
+ _("Disabling UNIX domain socket support for service `%s', failed to
create UNIX domain socket: %s\n"),
service_name, STRERROR (errno));
GNUNET_free (unixpath);
unixpath = NULL;
@@ -1017,8 +967,7 @@
if ((0 == port) && (NULL == unixpath))
{
LOG (GNUNET_ERROR_TYPE_ERROR,
- _
- ("Have neither PORT nor UNIXPATH for service `%s', but one is
required\n"),
+ _("Have neither PORT nor UNIXPATH for service `%s', but one is
required\n"),
service_name);
GNUNET_free_non_null (hostname);
return GNUNET_SYSERR;
@@ -1185,8 +1134,8 @@
* Read listen sockets from the parent process (ARM).
*
* @param sctx service context to initialize
- * @return GNUNET_YES if ok, GNUNET_NO if not ok (must bind yourself),
- * and GNUNET_SYSERR on error.
+ * @return #GNUNET_YES if ok, #GNUNET_NO if not ok (must bind yourself),
+ * and #GNUNET_SYSERR on error.
*/
static int
receive_sockets_from_parent (struct GNUNET_SERVICE_Context *sctx)
@@ -1280,7 +1229,7 @@
* - REJECT_FROM6 (disallow allow connections from specified IPv6 subnets)
*
* @param sctx service context to initialize
- * @return GNUNET_OK if configuration succeeded
+ * @return #GNUNET_OK if configuration succeeded
*/
static int
setup_service (struct GNUNET_SERVICE_Context *sctx)
@@ -1404,12 +1353,13 @@
return un;
}
+
/**
* Write PID file.
*
* @param sctx service context
* @param pid PID to write (should be equal to 'getpid()'
- * @return GNUNET_OK on success (including no work to be done)
+ * @return #GNUNET_OK on success (including no work to be done)
*/
static int
write_pid_file (struct GNUNET_SERVICE_Context *sctx, pid_t pid)
@@ -1467,7 +1417,7 @@
/**
* Task run during shutdown. Stops the server/service.
*
- * @param cls the 'struct GNUNET_SERVICE_Context'
+ * @param cls the `struct GNUNET_SERVICE_Context`
* @param tc unused
*/
static void
@@ -1501,33 +1451,37 @@
(void) GNUNET_SPEEDUP_start_ (sctx->cfg);
GNUNET_RESOLVER_connect (sctx->cfg);
if (NULL != sctx->lsocks)
- sctx->server =
- GNUNET_SERVER_create_with_sockets (&check_access, sctx, sctx->lsocks,
+ sctx->server
+ = GNUNET_SERVER_create_with_sockets (&check_access, sctx, sctx->lsocks,
sctx->timeout, sctx->require_found);
else
- sctx->server =
- GNUNET_SERVER_create (&check_access, sctx, sctx->addrs, sctx->addrlens,
+ sctx->server
+ = GNUNET_SERVER_create (&check_access, sctx, sctx->addrs, sctx->addrlens,
sctx->timeout, sctx->require_found);
if (NULL == sctx->server)
{
if (NULL != sctx->addrs)
- {
- i = 0;
- while (NULL != sctx->addrs[i])
- {
- LOG (GNUNET_ERROR_TYPE_INFO, _("Failed to start `%s' at `%s'\n"),
+ for (i = 0; NULL != sctx->addrs[i]; i++)
+ LOG (GNUNET_ERROR_TYPE_INFO,
+ _("Failed to start `%s' at `%s'\n"),
sctx->service_name, GNUNET_a2s (sctx->addrs[i],
sctx->addrlens[i]));
- i++;
- }
- }
sctx->ret = GNUNET_SYSERR;
return;
}
+ if (NULL != sctx->addrs)
+ for (i = 0; NULL != sctx->addrs[i]; i++)
+ if (AF_UNIX == sctx->addrs[i]->sa_family)
+ GNUNET_DISK_fix_permissions (((const struct sockaddr_un
*)sctx->addrs[i])->sun_path,
+ sctx->match_uid,
+ sctx->match_gid);
+
+
if (0 == (sctx->options & GNUNET_SERVICE_OPTION_MANUAL_SHUTDOWN))
{
/* install a task that will kill the server
* process if the scheduler ever gets a shutdown signal */
- sctx->shutdown_task = GNUNET_SCHEDULER_add_delayed
(GNUNET_TIME_UNIT_FOREVER_REL, &shutdown_task,
+ sctx->shutdown_task = GNUNET_SCHEDULER_add_delayed
(GNUNET_TIME_UNIT_FOREVER_REL,
+ &shutdown_task,
sctx);
}
sctx->my_handlers = GNUNET_malloc (sizeof (defhandlers));
@@ -1642,7 +1596,7 @@
* Set user ID.
*
* @param sctx service context
- * @return GNUNET_OK on success, GNUNET_SYSERR on error
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
*/
static int
set_user_id (struct GNUNET_SERVICE_Context *sctx)
@@ -1717,8 +1671,10 @@
* if we shutdown nicely
*/
int
-GNUNET_SERVICE_run (int argc, char *const *argv, const char *service_name,
- enum GNUNET_SERVICE_Options options, GNUNET_SERVICE_Main
task,
+GNUNET_SERVICE_run (int argc, char *const *argv,
+ const char *service_name,
+ enum GNUNET_SERVICE_Options options,
+ GNUNET_SERVICE_Main task,
void *task_cls)
{
#define HANDLE_ERROR do { GNUNET_break (0); goto shutdown; } while (0)
@@ -1891,7 +1847,7 @@
int i;
struct GNUNET_SERVICE_Context *sctx;
- sctx = GNUNET_malloc (sizeof (struct GNUNET_SERVICE_Context));
+ sctx = GNUNET_new (struct GNUNET_SERVICE_Context);
sctx->ready_confirm_fd = -1; /* no daemonizing */
sctx->ret = GNUNET_OK;
sctx->timeout = GNUNET_TIME_UNIT_FOREVER_REL;
@@ -1919,6 +1875,12 @@
GNUNET_SERVICE_stop (sctx);
return NULL;
}
+ if (NULL != sctx->addrs)
+ for (i = 0; NULL != sctx->addrs[i]; i++)
+ if (AF_UNIX == sctx->addrs[i]->sa_family)
+ GNUNET_DISK_fix_permissions (((const struct sockaddr_un
*)sctx->addrs[i])->sun_path,
+ sctx->match_uid,
+ sctx->match_gid);
sctx->my_handlers = GNUNET_malloc (sizeof (defhandlers));
memcpy (sctx->my_handlers, defhandlers, sizeof (defhandlers));
i = 0;
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r30065 - in gnunet/src: arm include util,
gnunet <=