1 files changed, 83 insertions, 0 deletions
diff --git a/src/util/secmod_common.c b/src/util/secmod_common.c
new file mode 100644
index 000000000..cc2def19f
--- /dev/null
+++ b/src/util/secmod_common.c
@@ -0,0 +1,83 @@
+/*
+  This file is part of TALER
+  Copyright (C) 2020 Taler Systems SA
+  TALER is free software; you can redistribute it and/or modify it under the
+  terms of the GNU General Public License as published by the Free Software
+  Foundation; either version 3, or (at your option) any later version.
+  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+  You should have received a copy of the GNU General Public License along with
+  TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file util/secmod_common.c
+ * @brief Common functions for the exchange security modules
+ * @author Florian Dold <dold@taler.net>
+ */
+#include "platform.h"
+#include "taler_util.h"
+#include "taler_signatures.h"
+struct GNUNET_NETWORK_Handle *
+TES_open_socket (const char *unixpath)
+{
+  int sock;
+  sock = socket (PF_UNIX,
+                 SOCK_DGRAM,
+                 0);
+  if (-1 == sock)
+  {
+    GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
+                         "socket");
+    return NULL;
+  }
+  /* Change permissions so that group read/writes are allowed.
+   * We need this for multi-user exchange deployment with privilege
+   * separation, where taler-exchange-httpd is part of a group
+   * that allows it to talk to secmod.
+   *
+   * Importantly, we do this before binding the socket.
+   */
+  GNUNET_assert (0 == fchmod (sock, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP));
+  {
+    struct sockaddr_un un;
+    if (GNUNET_OK !=
+        GNUNET_DISK_directory_create_for_file (unixpath))
+    {
+      GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                                "mkdir(dirname)",
+                                unixpath);
+    }
+    if (0 != unlink (unixpath))
+    {
+      if (ENOENT != errno)
+        GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                                  "unlink",
+                                  unixpath);
+    }
+    memset (&un,
+            0,
+            sizeof (un));
+    un.sun_family = AF_UNIX;
+    strncpy (un.sun_path,
+             unixpath,
+             sizeof (un.sun_path) - 1);
+    if (0 != bind (sock,
+                   (const struct sockaddr *) &un,
+                   sizeof (un)))
+    {
+      GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
+                                "bind",
+                                unixpath);
+      GNUNET_break (0 == close (sock));
+      return NULL;
+    }
+  }
+  return GNUNET_NETWORK_socket_box_native (sock);
+}

diff --git a/src/util/secmod_common.c b/src/util/secmod_common.c new file mode 100644 index 000000000..cc2def19f --- /dev/null +++ b/src/util/secmod_common.c
@@ -0,0 +1,83 @@
	1	/*
	2	This file is part of TALER
	3	Copyright (C) 2020 Taler Systems SA
	4
	5	TALER is free software; you can redistribute it and/or modify it under the
	6	terms of the GNU General Public License as published by the Free Software
	7	Foundation; either version 3, or (at your option) any later version.
	8
	9	TALER is distributed in the hope that it will be useful, but WITHOUT ANY
	10	WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
	11	A PARTICULAR PURPOSE. See the GNU General Public License for more details.
	12
	13	You should have received a copy of the GNU General Public License along with
	14	TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
	15	*/
	16	/**
	17	* @file util/secmod_common.c
	18	* @brief Common functions for the exchange security modules
	19	* @author Florian Dold <dold@taler.net>
	20	*/
	21	#include "platform.h"
	22	#include "taler_util.h"
	23	#include "taler_signatures.h"
	24
	25	struct GNUNET_NETWORK_Handle *
	26	TES_open_socket (const char *unixpath)
	27	{
	28	int sock;
	29
	30	sock = socket (PF_UNIX,
	31	SOCK_DGRAM,
	32	0);
	33	if (-1 == sock)
	34	{
	35	GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
	36	"socket");
	37	return NULL;
	38	}
	39	/* Change permissions so that group read/writes are allowed.
	40	* We need this for multi-user exchange deployment with privilege
	41	* separation, where taler-exchange-httpd is part of a group
	42	* that allows it to talk to secmod.
	43	*
	44	* Importantly, we do this before binding the socket.
	45	*/
	46	GNUNET_assert (0 == fchmod (sock, S_IRUSR \| S_IWUSR \| S_IRGRP \| S_IWGRP));
	47	{
	48	struct sockaddr_un un;
	49
	50	if (GNUNET_OK !=
	51	GNUNET_DISK_directory_create_for_file (unixpath))
	52	{
	53	GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
	54	"mkdir(dirname)",
	55	unixpath);
	56	}
	57	if (0 != unlink (unixpath))
	58	{
	59	if (ENOENT != errno)
	60	GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
	61	"unlink",
	62	unixpath);
	63	}
	64	memset (&un,
	65	0,
	66	sizeof (un));
	67	un.sun_family = AF_UNIX;
	68	strncpy (un.sun_path,
	69	unixpath,
	70	sizeof (un.sun_path) - 1);
	71	if (0 != bind (sock,
	72	(const struct sockaddr *) &un,
	73	sizeof (un)))
	74	{
	75	GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
	76	"bind",
	77	unixpath);
	78	GNUNET_break (0 == close (sock));
	79	return NULL;
	80	}
	81	}
	82	return GNUNET_NETWORK_socket_box_native (sock);
	83	}