umask: enable group write perms, prevent other (rwx) perms.

This commit is contained in:
Philippe Pittoli 2023-02-13 22:09:57 +01:00
parent b446c98518
commit 2e192aef1b

View File

@ -3,6 +3,10 @@ const testing = std.testing;
const net = std.net; const net = std.net;
const os = std.os; const os = std.os;
const fmt = std.fmt; const fmt = std.fmt;
const c = std.c;
// TODO: to remove once PR https://github.com/ziglang/zig/pull/14639 is accepted.
pub extern "c" fn umask(mode: c.mode_t) c.mode_t;
const log = std.log.scoped(.libipc_context); const log = std.log.scoped(.libipc_context);
@ -228,6 +232,11 @@ pub const Context = struct {
var fbs = std.io.fixedBufferStream(&buffer); var fbs = std.io.fixedBufferStream(&buffer);
var writer = fbs.writer(); var writer = fbs.writer();
// Allow to create a unix socket with the right permissions.
// Group should include write permissions.
var previous_mask = umask(0o117);
defer _ = umask(previous_mask);
try self.server_path(service_name, writer); try self.server_path(service_name, writer);
var path = fbs.getWritten(); var path = fbs.getWritten();
@ -239,6 +248,7 @@ pub const Context = struct {
// Store the path in the Connection structure, so the UNIX socket file can be removed later. // Store the path in the Connection structure, so the UNIX socket file can be removed later.
var newcon = Connection.init(Connection.Type.SERVER, try self.allocator.dupeZ(u8, path)); var newcon = Connection.init(Connection.Type.SERVER, try self.allocator.dupeZ(u8, path));
try self.add_(newcon, newfd); try self.add_(newcon, newfd);
return server; return server;
} }
@ -561,14 +571,14 @@ const CommunicationTestThread = struct {
defer _ = gpa.deinit(); defer _ = gpa.deinit();
const allocator = gpa.allocator(); const allocator = gpa.allocator();
var c = try Context.init(allocator); var ctx = try Context.init(allocator);
defer c.deinit(); // There. Can't leak. Isn't Zig wonderful? defer ctx.deinit(); // There. Can't leak. Isn't Zig wonderful?
var buffer: [1000]u8 = undefined; var buffer: [1000]u8 = undefined;
var fbs = std.io.fixedBufferStream(&buffer); var fbs = std.io.fixedBufferStream(&buffer);
var writer = fbs.writer(); var writer = fbs.writer();
try c.server_path("simple-context-test", writer); try ctx.server_path("simple-context-test", writer);
var path = fbs.getWritten(); var path = fbs.getWritten();
const socket = try net.connectUnixSocket(path); const socket = try net.connectUnixSocket(path);
defer socket.close(); defer socket.close();
@ -583,17 +593,17 @@ test "Context - creation, display and memory check" {
const allocator = gpa.allocator(); const allocator = gpa.allocator();
var c = try Context.init(allocator); var ctx = try Context.init(allocator);
defer c.deinit(); // There. Can't leak. Isn't Zig wonderful? defer ctx.deinit(); // There. Can't leak. Isn't Zig wonderful?
var buffer: [1000]u8 = undefined; var buffer: [1000]u8 = undefined;
var fbs = std.io.fixedBufferStream(&buffer); var fbs = std.io.fixedBufferStream(&buffer);
var writer = fbs.writer(); var writer = fbs.writer();
try c.server_path("simple-context-test", writer); try ctx.server_path("simple-context-test", writer);
var path = fbs.getWritten(); var path = fbs.getWritten();
// SERVER SIDE: creating a service. // SERVER SIDE: creating a service.
var server = c.server_init("simple-context-test") catch |err| switch (err) { var server = ctx.server_init("simple-context-test") catch |err| switch (err) {
error.FileNotFound => { error.FileNotFound => {
log.err("cannot init server at {s}", .{path}); log.err("cannot init server at {s}", .{path});
return err; return err;
@ -624,13 +634,13 @@ const ConnectThenSendMessageThread = struct {
defer _ = gpa.deinit(); defer _ = gpa.deinit();
const allocator = gpa.allocator(); const allocator = gpa.allocator();
var c = try Context.init(allocator); var ctx = try Context.init(allocator);
defer c.deinit(); // There. Can't leak. Isn't Zig wonderful? defer ctx.deinit(); // There. Can't leak. Isn't Zig wonderful?
var path_buffer: [1000]u8 = undefined; var path_buffer: [1000]u8 = undefined;
var path_fbs = std.io.fixedBufferStream(&path_buffer); var path_fbs = std.io.fixedBufferStream(&path_buffer);
var path_writer = path_fbs.writer(); var path_writer = path_fbs.writer();
try c.server_path("simple-context-test", path_writer); try ctx.server_path("simple-context-test", path_writer);
var path = path_fbs.getWritten(); var path = path_fbs.getWritten();
// Actual UNIX socket connection. // Actual UNIX socket connection.
@ -658,17 +668,17 @@ test "Context - creation, echo once" {
const allocator = gpa.allocator(); const allocator = gpa.allocator();
var c = try Context.init(allocator); var ctx = try Context.init(allocator);
defer c.deinit(); // There. Can't leak. Isn't Zig wonderful? defer ctx.deinit(); // There. Can't leak. Isn't Zig wonderful?
var buffer: [1000]u8 = undefined; var buffer: [1000]u8 = undefined;
var fbs = std.io.fixedBufferStream(&buffer); var fbs = std.io.fixedBufferStream(&buffer);
var writer = fbs.writer(); var writer = fbs.writer();
try c.server_path("simple-context-test", writer); try ctx.server_path("simple-context-test", writer);
var path = fbs.getWritten(); var path = fbs.getWritten();
// SERVER SIDE: creating a service. // SERVER SIDE: creating a service.
var server = c.server_init("simple-context-test") catch |err| switch (err) { var server = ctx.server_init("simple-context-test") catch |err| switch (err) {
error.FileNotFound => { error.FileNotFound => {
log.err("cannot init server at {s}", .{path}); log.err("cannot init server at {s}", .{path});
return err; return err;