aboutsummaryrefslogtreecommitdiff
path: root/src/util/secmod_common.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/util/secmod_common.c')
-rw-r--r--src/util/secmod_common.c26
1 files changed, 15 insertions, 11 deletions
diff --git a/src/util/secmod_common.c b/src/util/secmod_common.c
index cc2def19f..2e73e44b1 100644
--- a/src/util/secmod_common.c
+++ b/src/util/secmod_common.c
@@ -26,6 +26,15 @@ struct GNUNET_NETWORK_Handle *
26TES_open_socket (const char *unixpath) 26TES_open_socket (const char *unixpath)
27{ 27{
28 int sock; 28 int sock;
29 mode_t old_umask;
30 struct GNUNET_NETWORK_Handle *ret = NULL;
31
32 /* Change permissions so that group read/writes are allowed.
33 * We need this for multi-user exchange deployment with privilege
34 * separation, where taler-exchange-httpd is part of a group
35 * that allows it to talk to secmod.
36 */
37 old_umask = umask (S_IROTH | S_IWOTH | S_IXOTH);
29 38
30 sock = socket (PF_UNIX, 39 sock = socket (PF_UNIX,
31 SOCK_DGRAM, 40 SOCK_DGRAM,
@@ -34,16 +43,8 @@ TES_open_socket (const char *unixpath)
34 { 43 {
35 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, 44 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
36 "socket"); 45 "socket");
37 return NULL; 46 goto cleanup;
38 } 47 }
39 /* Change permissions so that group read/writes are allowed.
40 * We need this for multi-user exchange deployment with privilege
41 * separation, where taler-exchange-httpd is part of a group
42 * that allows it to talk to secmod.
43 *
44 * Importantly, we do this before binding the socket.
45 */
46 GNUNET_assert (0 == fchmod (sock, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP));
47 { 48 {
48 struct sockaddr_un un; 49 struct sockaddr_un un;
49 50
@@ -76,8 +77,11 @@ TES_open_socket (const char *unixpath)
76 "bind", 77 "bind",
77 unixpath); 78 unixpath);
78 GNUNET_break (0 == close (sock)); 79 GNUNET_break (0 == close (sock));
79 return NULL; 80 goto cleanup;
80 } 81 }
82 ret = GNUNET_NETWORK_socket_box_native (sock);
81 } 83 }
82 return GNUNET_NETWORK_socket_box_native (sock); 84cleanup:
85 (void) umask (old_umask);
86 return ret;
83} 87}