mirror of
https://github.com/weechat/weechat.git
synced 2026-07-04 08:43:13 +02:00
relay: add option relay.network.unix_socket_permissions (closes #2317)
This commit is contained in:
@@ -93,6 +93,7 @@ struct t_config_option *relay_config_network_tls_cert_key = NULL;
|
||||
struct t_config_option *relay_config_network_tls_priorities = NULL;
|
||||
struct t_config_option *relay_config_network_totp_secret = NULL;
|
||||
struct t_config_option *relay_config_network_totp_window = NULL;
|
||||
struct t_config_option *relay_config_network_unix_socket_permissions = NULL;
|
||||
struct t_config_option *relay_config_network_websocket_allowed_origins = NULL;
|
||||
struct t_config_option *relay_config_network_websocket_permessage_deflate = NULL;
|
||||
|
||||
@@ -481,6 +482,27 @@ relay_config_change_network_tls_priorities (const void *pointer, void *data,
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Check if option "relay.network.unix_socket_permissions" is valid.
|
||||
*
|
||||
* Return:
|
||||
* 1: value is valid
|
||||
* 0: value is not valid
|
||||
*/
|
||||
|
||||
int
|
||||
relay_config_check_network_unix_socket_permissions (const void *pointer, void *data,
|
||||
struct t_config_option *option,
|
||||
const char *value)
|
||||
{
|
||||
/* make C compiler happy */
|
||||
(void) pointer;
|
||||
(void) data;
|
||||
(void) option;
|
||||
|
||||
return value && (strlen (value) == 3) && weechat_util_parse_long (value, 8, NULL);
|
||||
}
|
||||
|
||||
/*
|
||||
* Callback for changes on option "relay.network.websocket_allowed_origins".
|
||||
*/
|
||||
@@ -1757,6 +1779,15 @@ relay_config_init (void)
|
||||
"(0 or 1 are recommended values)"),
|
||||
NULL, 0, 256, "0", NULL, 0,
|
||||
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
|
||||
relay_config_network_unix_socket_permissions = weechat_config_new_option (
|
||||
relay_config_file, relay_config_section_network,
|
||||
"unix_socket_permissions", "string",
|
||||
N_("permissions for the Unix socket, as octal value (see man chmod); "
|
||||
"it must be a number with 3 digits, each between 0 and 7"),
|
||||
NULL, 0, 0, "700", NULL, 0,
|
||||
&relay_config_check_network_unix_socket_permissions, NULL, NULL,
|
||||
NULL, NULL, NULL,
|
||||
NULL, NULL, NULL);
|
||||
relay_config_network_websocket_allowed_origins = weechat_config_new_option (
|
||||
relay_config_file, relay_config_section_network,
|
||||
"websocket_allowed_origins", "string",
|
||||
|
||||
@@ -62,6 +62,7 @@ extern struct t_config_option *relay_config_network_tls_cert_key;
|
||||
extern struct t_config_option *relay_config_network_tls_priorities;
|
||||
extern struct t_config_option *relay_config_network_totp_secret;
|
||||
extern struct t_config_option *relay_config_network_totp_window;
|
||||
extern struct t_config_option *relay_config_network_unix_socket_permissions;
|
||||
extern struct t_config_option *relay_config_network_websocket_allowed_origins;
|
||||
extern struct t_config_option *relay_config_network_websocket_permessage_deflate;
|
||||
|
||||
|
||||
@@ -498,6 +498,7 @@ int
|
||||
relay_server_create_socket (struct t_relay_server *server)
|
||||
{
|
||||
int domain, set, max_clients, addr_size, rc;
|
||||
long unix_socket_perms;
|
||||
struct sockaddr_in server_addr;
|
||||
struct sockaddr_in6 server_addr6;
|
||||
struct sockaddr_un server_addr_unix;
|
||||
@@ -691,9 +692,27 @@ relay_server_create_socket (struct t_relay_server *server)
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* change permissions: only the owner can use the unix socket */
|
||||
/* change permissions on the unix socket */
|
||||
if (server->unix_socket)
|
||||
chmod (server->path, 0700);
|
||||
{
|
||||
if (!weechat_util_parse_long (
|
||||
weechat_config_string (relay_config_network_unix_socket_permissions),
|
||||
8, &unix_socket_perms))
|
||||
{
|
||||
/* default: owner only (rwx------) */
|
||||
unix_socket_perms = 0700;
|
||||
}
|
||||
if (chmod (server->path, unix_socket_perms) < 0)
|
||||
{
|
||||
weechat_printf (
|
||||
NULL,
|
||||
_("%s%s: warning: failed to set permissions on path %s (%s): "
|
||||
"error %d %s"),
|
||||
weechat_prefix ("error"), RELAY_PLUGIN_NAME,
|
||||
server->path, server->protocol_string,
|
||||
errno, strerror (errno));
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef SOMAXCONN
|
||||
if (listen (server->sock, SOMAXCONN) != 0)
|
||||
|
||||
Reference in New Issue
Block a user