diff options
Diffstat (limited to 'src/util/secmod_common.c')
-rw-r--r-- | src/util/secmod_common.c | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/src/util/secmod_common.c b/src/util/secmod_common.c index cc2def19f..2e73e44b1 100644 --- a/src/util/secmod_common.c +++ b/src/util/secmod_common.c | |||
@@ -26,6 +26,15 @@ struct GNUNET_NETWORK_Handle * | |||
26 | TES_open_socket (const char *unixpath) | 26 | TES_open_socket (const char *unixpath) |
27 | { | 27 | { |
28 | int sock; | 28 | int sock; |
29 | mode_t old_umask; | ||
30 | struct GNUNET_NETWORK_Handle *ret = NULL; | ||
31 | |||
32 | /* Change permissions so that group read/writes are allowed. | ||
33 | * We need this for multi-user exchange deployment with privilege | ||
34 | * separation, where taler-exchange-httpd is part of a group | ||
35 | * that allows it to talk to secmod. | ||
36 | */ | ||
37 | old_umask = umask (S_IROTH | S_IWOTH | S_IXOTH); | ||
29 | 38 | ||
30 | sock = socket (PF_UNIX, | 39 | sock = socket (PF_UNIX, |
31 | SOCK_DGRAM, | 40 | SOCK_DGRAM, |
@@ -34,16 +43,8 @@ TES_open_socket (const char *unixpath) | |||
34 | { | 43 | { |
35 | GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, | 44 | GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, |
36 | "socket"); | 45 | "socket"); |
37 | return NULL; | 46 | goto cleanup; |
38 | } | 47 | } |
39 | /* Change permissions so that group read/writes are allowed. | ||
40 | * We need this for multi-user exchange deployment with privilege | ||
41 | * separation, where taler-exchange-httpd is part of a group | ||
42 | * that allows it to talk to secmod. | ||
43 | * | ||
44 | * Importantly, we do this before binding the socket. | ||
45 | */ | ||
46 | GNUNET_assert (0 == fchmod (sock, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP)); | ||
47 | { | 48 | { |
48 | struct sockaddr_un un; | 49 | struct sockaddr_un un; |
49 | 50 | ||
@@ -76,8 +77,11 @@ TES_open_socket (const char *unixpath) | |||
76 | "bind", | 77 | "bind", |
77 | unixpath); | 78 | unixpath); |
78 | GNUNET_break (0 == close (sock)); | 79 | GNUNET_break (0 == close (sock)); |
79 | return NULL; | 80 | goto cleanup; |
80 | } | 81 | } |
82 | ret = GNUNET_NETWORK_socket_box_native (sock); | ||
81 | } | 83 | } |
82 | return GNUNET_NETWORK_socket_box_native (sock); | 84 | cleanup: |
85 | (void) umask (old_umask); | ||
86 | return ret; | ||
83 | } | 87 | } |