changing UNIX domain socket access control to file permissions checks, instead of UDS credentials (#2887)

author: Christian Grothoff <christian@grothoff.org> 2013-10-09 20:03:31 +0000
committer: Christian Grothoff <christian@grothoff.org> 2013-10-09 20:03:31 +0000
commit: bc28ff95e287a6794890c75348075fa9bd7af2f7 (patch)
tree: 8311c91cfa435c7f0ecef9f27a277edc7ad99b96 /src/util/disk.c
parent: 7e332f5e005af87032decb86ac0a4bfbcc915cdc (diff)
download: gnunet-bc28ff95e287a6794890c75348075fa9bd7af2f7.tar.gz
gnunet-bc28ff95e287a6794890c75348075fa9bd7af2f7.zip
1 files changed, 29 insertions, 0 deletions
diff --git a/src/util/disk.c b/src/util/disk.c
index 0d24d5a09..03d169780 100644
--- a/src/util/disk.c
+++ b/src/util/disk.c
@@ -463,6 +463,35 @@ mkdtemp (char *fn)
  strcpy (fn, tfn);
  return fn;
 }
+#else
+/**
+ * Update POSIX permissions mask of a file on disk.  If both argumets
+ * are #GNUNET_NO, the file is made world-read-write-executable (777).
+ *
+ * @param fn name of the file to update
+ * @param require_uid_match #GNUNET_YES means 700
+ * @param require_gid_match #GNUNET_YES means 770 unless @a require_uid_match is set
+ */
+void
+GNUNET_DISK_fix_permissions (const char *fn,
+                             int require_uid_match,
+                             int require_gid_match)
+{
+  mode_t mode;
+  if (GNUNET_YES == require_uid_match)
+    mode = S_IRUSR | S_IWUSR | S_IXUSR;
+  else if (GNUNET_YES == require_gid_match)
+    mode = S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP;
+  else
+    mode = S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH;
+  if (0 != chmod (fn, mode))
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "chmod",
+                              fn);
+}
 #endif
 /**
author	Christian Grothoff <christian@grothoff.org>	2013-10-09 20:03:31 +0000
committer	Christian Grothoff <christian@grothoff.org>	2013-10-09 20:03:31 +0000
commit	bc28ff95e287a6794890c75348075fa9bd7af2f7 (patch)
tree	8311c91cfa435c7f0ecef9f27a277edc7ad99b96 /src/util/disk.c
parent	7e332f5e005af87032decb86ac0a4bfbcc915cdc (diff)
download	gnunet-bc28ff95e287a6794890c75348075fa9bd7af2f7.tar.gz gnunet-bc28ff95e287a6794890c75348075fa9bd7af2f7.zip

diff --git a/src/util/disk.c b/src/util/disk.c index 0d24d5a09..03d169780 100644 --- a/src/util/disk.c +++ b/src/util/disk.c
@@ -463,6 +463,35 @@ mkdtemp (char *fn)
463	strcpy (fn, tfn);	463	strcpy (fn, tfn);
464	return fn;	464	return fn;
465	}	465	}
		466	#else
		467
		468	/**
		469	* Update POSIX permissions mask of a file on disk. If both argumets
		470	* are #GNUNET_NO, the file is made world-read-write-executable (777).
		471	*
		472	* @param fn name of the file to update
		473	* @param require_uid_match #GNUNET_YES means 700
		474	* @param require_gid_match #GNUNET_YES means 770 unless @a require_uid_match is set
		475	*/
		476	void
		477	GNUNET_DISK_fix_permissions (const char *fn,
		478	int require_uid_match,
		479	int require_gid_match)
		480	{
		481	mode_t mode;
		482
		483	if (GNUNET_YES == require_uid_match)
		484	mode = S_IRUSR \| S_IWUSR \| S_IXUSR;
		485	else if (GNUNET_YES == require_gid_match)
		486	mode = S_IRUSR \| S_IWUSR \| S_IXUSR \| S_IRGRP \| S_IWGRP \| S_IXGRP;
		487	else
		488	mode = S_IRUSR \| S_IWUSR \| S_IXUSR \| S_IRGRP \| S_IWGRP \| S_IXGRP \| S_IROTH \| S_IWOTH \| S_IXOTH;
		489	if (0 != chmod (fn, mode))
		490	GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
		491	"chmod",
		492	fn);
		493	}
		494
466	#endif	495	#endif
467		496
468	/**	497	/**