1
0
mirror of https://github.com/weechat/weechat.git synced 2026-07-04 08:43:13 +02:00

relay: add option relay.network.unix_socket_permissions (closes #2317)

This commit is contained in:
Sébastien Helleu
2026-05-10 19:22:57 +02:00
parent acd3d91318
commit 815640b840
18 changed files with 207 additions and 20 deletions
+31
View File
@@ -93,6 +93,7 @@ struct t_config_option *relay_config_network_tls_cert_key = NULL;
struct t_config_option *relay_config_network_tls_priorities = NULL;
struct t_config_option *relay_config_network_totp_secret = NULL;
struct t_config_option *relay_config_network_totp_window = NULL;
struct t_config_option *relay_config_network_unix_socket_permissions = NULL;
struct t_config_option *relay_config_network_websocket_allowed_origins = NULL;
struct t_config_option *relay_config_network_websocket_permessage_deflate = NULL;
@@ -481,6 +482,27 @@ relay_config_change_network_tls_priorities (const void *pointer, void *data,
}
}
/*
* Check if option "relay.network.unix_socket_permissions" is valid.
*
* Return:
* 1: value is valid
* 0: value is not valid
*/
int
relay_config_check_network_unix_socket_permissions (const void *pointer, void *data,
struct t_config_option *option,
const char *value)
{
/* make C compiler happy */
(void) pointer;
(void) data;
(void) option;
return value && (strlen (value) == 3) && weechat_util_parse_long (value, 8, NULL);
}
/*
* Callback for changes on option "relay.network.websocket_allowed_origins".
*/
@@ -1757,6 +1779,15 @@ relay_config_init (void)
"(0 or 1 are recommended values)"),
NULL, 0, 256, "0", NULL, 0,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
relay_config_network_unix_socket_permissions = weechat_config_new_option (
relay_config_file, relay_config_section_network,
"unix_socket_permissions", "string",
N_("permissions for the Unix socket, as octal value (see man chmod); "
"it must be a number with 3 digits, each between 0 and 7"),
NULL, 0, 0, "700", NULL, 0,
&relay_config_check_network_unix_socket_permissions, NULL, NULL,
NULL, NULL, NULL,
NULL, NULL, NULL);
relay_config_network_websocket_allowed_origins = weechat_config_new_option (
relay_config_file, relay_config_section_network,
"websocket_allowed_origins", "string",
+1
View File
@@ -62,6 +62,7 @@ extern struct t_config_option *relay_config_network_tls_cert_key;
extern struct t_config_option *relay_config_network_tls_priorities;
extern struct t_config_option *relay_config_network_totp_secret;
extern struct t_config_option *relay_config_network_totp_window;
extern struct t_config_option *relay_config_network_unix_socket_permissions;
extern struct t_config_option *relay_config_network_websocket_allowed_origins;
extern struct t_config_option *relay_config_network_websocket_permessage_deflate;
+21 -2
View File
@@ -498,6 +498,7 @@ int
relay_server_create_socket (struct t_relay_server *server)
{
int domain, set, max_clients, addr_size, rc;
long unix_socket_perms;
struct sockaddr_in server_addr;
struct sockaddr_in6 server_addr6;
struct sockaddr_un server_addr_unix;
@@ -691,9 +692,27 @@ relay_server_create_socket (struct t_relay_server *server)
return 0;
}
/* change permissions: only the owner can use the unix socket */
/* change permissions on the unix socket */
if (server->unix_socket)
chmod (server->path, 0700);
{
if (!weechat_util_parse_long (
weechat_config_string (relay_config_network_unix_socket_permissions),
8, &unix_socket_perms))
{
/* default: owner only (rwx------) */
unix_socket_perms = 0700;
}
if (chmod (server->path, unix_socket_perms) < 0)
{
weechat_printf (
NULL,
_("%s%s: warning: failed to set permissions on path %s (%s): "
"error %d %s"),
weechat_prefix ("error"), RELAY_PLUGIN_NAME,
server->path, server->protocol_string,
errno, strerror (errno));
}
}
#ifdef SOMAXCONN
if (listen (server->sock, SOMAXCONN) != 0)