... | ... |
@@ -31,6 +31,17 @@ core: |
31 | 31 |
==, !=, ~= for strings |
32 | 32 |
==, !=, >, <, >=, <= for integers |
33 | 33 |
- new config variables: |
34 |
+ sock_mode = <permissions> (e.g. sock_mode=0600: default value = 0660) |
|
35 |
+ ser unix sockets and fifo will be created with this permissions |
|
36 |
+ (old name fifo_mode is still supported, but deprecated) |
|
37 |
+ sock_user = username|"uid" |
|
38 |
+ sock_group = groupname|"gid" |
|
39 |
+ change the owner and/or group of the ser unix sockets or fifo |
|
40 |
+ Short example config snippet: |
|
41 |
+ sock_mode=0600 # ser socket/fifo mode |
|
42 |
+ sock_user="www-data" # ser socket/fifo owner |
|
43 |
+ sock_group=nogroup |
|
44 |
+ user=nobody # ser user (ser will suid to it) |
|
34 | 45 |
disable_core_dump= yes|no |
35 | 46 |
by default core dump limits are set to unlimited or a high enough |
36 | 47 |
value, set this config variable o yes to disable core dump-ing |
... | ... |
@@ -1,15 +1,25 @@ |
1 | 1 |
$Id$ |
2 | 2 |
|
3 | 3 |
( - todo, x - done) |
4 |
- |
|
4 |
+- [core] parse_uri support for new uri params |
|
5 |
+- [core] on sig_child, kill the processes if they don't exit in a |
|
6 |
+ reasonable time |
|
5 | 7 |
- [doc] document force_rport() |
6 | 8 |
- [fifo] fix fgets error handling (it does not set errno always, |
7 | 9 |
, right now kills all ser if interrupted by a signal on ?solaris?) |
8 | 10 |
- [mem] make shm_realloc be fragmentation friendly: call shm_compact_frags |
9 | 11 |
for the small frags?, don't produce smaller frags -- be wastefull? |
10 |
-- [mem] qm_compact_frags (compacts frags if possible) |
|
12 |
+- [mem] qm_compact_frags (compacts frags if possible), keep a |
|
13 |
+ fragment count/bucket and if too much mem. is blocked in one bucket |
|
14 |
+ de-frag. |
|
15 |
+- [mem] investigate: don't produce frag if frag size < request |
|
16 |
+ (should reduce the unrequested fragments number) |
|
17 |
+- [mem] investigate: keep an used/unused flag per fragment, on free |
|
18 |
+ check if neighboring frags were not used and if so defragment |
|
11 | 19 |
- [timer] multiple timers? at least ticks should no be affected by the amount |
12 | 20 |
of work done in the timer handlers |
21 |
+- [tcp] ser intiated tcp connections use INADDR_ANY (they should be bound first |
|
22 |
+ to some ip/port ?function of the dest?) |
|
13 | 23 |
- [tcp] need to confirm fd receipt after send_fd, before closing it (this might |
14 | 24 |
happen in tcp_send new conn.) (see FreeBSD send BUGS for more info) |
15 | 25 |
x [tcp] make send_all, send non-blocking ready ? |
... | ... |
@@ -36,7 +46,7 @@ x update all package specs from stable |
36 | 46 |
should have it, but it would be slower on systems emulating it, like |
37 | 47 |
older linuxes) |
38 | 48 |
- [tcp] switch to epoll if HAVE_EPOLL defined (linux 2.6.*) |
39 |
-- [tcp] switch to SIGIO if no epoll (linux only, better than poll?) |
|
49 |
+- [tcp] switch to SIGIO if no epoll (linux only, better than poll) |
|
40 | 50 |
x tcp_main_loop: BUG cases should "conitnue;" |
41 | 51 |
x change len_gt into and expr (e.g msg:len). |
42 | 52 |
x sipit: uri == myself doesn't match tls port = 5061 |
... | ... |
@@ -45,7 +45,9 @@ |
45 | 45 |
* 2003-10-28 added tcp_accept_aliases (andrei) |
46 | 46 |
* 2003-11-29 added {tcp_send, tcp_connect, tls_*}_timeout (andrei) |
47 | 47 |
* 2004-02-24 added LOAD_AVP_T and AVP_TO_URI_T (bogdan) |
48 |
- * 2004-03-30 added DISABLE_CORE and OPEN_FD_LIMIT (andrei) |
|
48 |
+ * 2004-03-30 added DISABLE_CORE and OPEN_FD_LIMIT (andrei) |
|
49 |
+ * 2004-04-28 added sock_mode (replaces fifo_mode), sock_user & |
|
50 |
+ * sock_group (andrei) |
|
49 | 51 |
*/ |
50 | 52 |
|
51 | 53 |
|
... | ... |
@@ -173,7 +175,9 @@ MEMLOG "memlog"|"mem_log" |
173 | 175 |
SIP_WARNING sip_warning |
174 | 176 |
FIFO fifo |
175 | 177 |
FIFO_DIR fifo_dir |
176 |
-FIFO_MODE fifo_mode |
|
178 |
+SOCK_MODE "fifo_mode"|"sock_mode"|"file_mode" |
|
179 |
+SOCK_USER "fifo_user"|"sock_user" |
|
180 |
+SOCK_GROUP "fifo_group"|"sock_group" |
|
177 | 181 |
FIFO_DB_URL fifo_db_url |
178 | 182 |
UNIX_SOCK unix_sock |
179 | 183 |
UNIX_SOCK_CHILDREN unix_sock_children |
... | ... |
@@ -371,7 +375,9 @@ EAT_ABLE [\ \t\b\r] |
371 | 375 |
<INITIAL>{FIFO} { count(); yylval.strval=yytext; return FIFO; } |
372 | 376 |
<INITIAL>{FIFO_DIR} { count(); yylval.strval=yytext; return FIFO_DIR; } |
373 | 377 |
<INITIAL>{FIFO_DB_URL} { count(); yylval.strval=yytext; return FIFO_DB_URL; } |
374 |
-<INITIAL>{FIFO_MODE} { count(); yylval.strval=yytext; return FIFO_MODE; } |
|
378 |
+<INITIAL>{SOCK_MODE} { count(); yylval.strval=yytext; return SOCK_MODE; } |
|
379 |
+<INITIAL>{SOCK_USER} { count(); yylval.strval=yytext; return SOCK_USER; } |
|
380 |
+<INITIAL>{SOCK_GROUP} { count(); yylval.strval=yytext; return SOCK_GROUP; } |
|
375 | 381 |
<INITIAL>{UNIX_SOCK} { count(); yylval.strval=yytext; return UNIX_SOCK; } |
376 | 382 |
<INITIAL>{UNIX_SOCK_CHILDREN} { count(); yylval.strval=yytext; return UNIX_SOCK_CHILDREN; } |
377 | 383 |
<INITIAL>{UNIX_TX_TIMEOUT} { count(); yylval.strval=yytext; return UNIX_TX_TIMEOUT; } |
... | ... |
@@ -52,6 +52,7 @@ |
52 | 52 |
* 2003-11-20 added {tcp_connect, tcp_send, tls_*}_timeout (andrei) |
53 | 53 |
* 2004-02-24 added LOAD_AVP_T and AVP_TO_URI_T (bogdan) |
54 | 54 |
* 2004-03-30 added DISABLE_CORE and OPEN_FD_LIMIT (andrei) |
55 |
+ * 2004-04-29 added SOCK_MODE, SOCK_USER & SOCK_GROUP (andrei) |
|
55 | 56 |
*/ |
56 | 57 |
|
57 | 58 |
|
... | ... |
@@ -199,7 +200,9 @@ static struct id_list* mk_listen_id(char*, int, int); |
199 | 200 |
%token SIP_WARNING |
200 | 201 |
%token FIFO |
201 | 202 |
%token FIFO_DIR |
202 |
-%token FIFO_MODE |
|
203 |
+%token SOCK_MODE |
|
204 |
+%token SOCK_USER |
|
205 |
+%token SOCK_GROUP |
|
203 | 206 |
%token FIFO_DB_URL |
204 | 207 |
%token UNIX_SOCK |
205 | 208 |
%token UNIX_SOCK_CHILDREN |
... | ... |
@@ -411,14 +414,20 @@ assign_stm: DEBUG EQUAL NUMBER { debug=$3; } |
411 | 414 |
| FIFO EQUAL error { yyerror("string value expected"); } |
412 | 415 |
| FIFO_DIR EQUAL STRING { fifo_dir=$3; } |
413 | 416 |
| FIFO_DIR EQUAL error { yyerror("string value expected"); } |
414 |
- | FIFO_MODE EQUAL NUMBER { fifo_mode=$3; } |
|
415 |
- | FIFO_MODE EQUAL error { yyerror("int value expected"); } |
|
417 |
+ | SOCK_MODE EQUAL NUMBER { sock_mode=$3; } |
|
418 |
+ | SOCK_MODE EQUAL error { yyerror("int value expected"); } |
|
419 |
+ | SOCK_USER EQUAL STRING { sock_user=$3; } |
|
420 |
+ | SOCK_USER EQUAL ID { sock_user=$3; } |
|
421 |
+ | SOCK_USER EQUAL error { yyerror("string value expected"); } |
|
422 |
+ | SOCK_GROUP EQUAL STRING { sock_group=$3; } |
|
423 |
+ | SOCK_GROUP EQUAL ID { sock_group=$3; } |
|
424 |
+ | SOCK_GROUP EQUAL error { yyerror("string value expected"); } |
|
416 | 425 |
| FIFO_DB_URL EQUAL STRING { fifo_db_url=$3; } |
417 | 426 |
| FIFO_DB_URL EQUAL error { yyerror("string value expected"); } |
418 |
- | UNIX_SOCK EQUAL STRING { unixsock_name=$3; } |
|
419 |
- | UNIX_SOCK EQUAL error { yyerror("string value expected"); } |
|
420 |
- | UNIX_SOCK_CHILDREN EQUAL NUMBER { unixsock_children=$3; } |
|
421 |
- | UNIX_SOCK_CHILDREN EQUAL error { yyerror("int value expected\n"); } |
|
427 |
+ | UNIX_SOCK EQUAL STRING { unixsock_name=$3; } |
|
428 |
+ | UNIX_SOCK EQUAL error { yyerror("string value expected"); } |
|
429 |
+ | UNIX_SOCK_CHILDREN EQUAL NUMBER { unixsock_children=$3; } |
|
430 |
+ | UNIX_SOCK_CHILDREN EQUAL error { yyerror("int value expected\n"); } |
|
422 | 431 |
| UNIX_TX_TIMEOUT EQUAL NUMBER { unixsock_tx_timeout=$3; } |
423 | 432 |
| UNIX_TX_TIMEOUT EQUAL error { yyerror("int value expected\n"); } |
424 | 433 |
| AVP_DB_URL EQUAL STRING { avp_db_url=$3; } |
... | ... |
@@ -166,14 +166,18 @@ error: |
166 | 166 |
|
167 | 167 |
int do_suid() |
168 | 168 |
{ |
169 |
- if (gid&&(setgid(gid)<0)){ |
|
170 |
- LOG(L_CRIT, "cannot change gid to %d: %s\n", gid, strerror(errno)); |
|
171 |
- goto error; |
|
169 |
+ if (gid){ |
|
170 |
+ if(setgid(gid)<0){ |
|
171 |
+ LOG(L_CRIT, "cannot change gid to %d: %s\n", gid, strerror(errno)); |
|
172 |
+ goto error; |
|
173 |
+ } |
|
172 | 174 |
} |
173 | 175 |
|
174 |
- if(uid&&(setuid(uid)<0)){ |
|
175 |
- LOG(L_CRIT, "cannot change uid to %d: %s\n", uid, strerror(errno)); |
|
176 |
- goto error; |
|
176 |
+ if(uid){ |
|
177 |
+ if(setuid(uid)<0){ |
|
178 |
+ LOG(L_CRIT, "cannot change uid to %d: %s\n", uid, strerror(errno)); |
|
179 |
+ goto error; |
|
180 |
+ } |
|
177 | 181 |
} |
178 | 182 |
return 0; |
179 | 183 |
error: |
... | ... |
@@ -61,6 +61,7 @@ |
61 | 61 |
* 2003-10-13 addef fifo_dir for reply fifos (andrei) |
62 | 62 |
* 2003-10-30 DB interface exported via FIFO (bogdan) |
63 | 63 |
* 2004-03-09 open_fifo_server split into init_ and start_ (andrei) |
64 |
+ * 2004-04-29 added chown(sock_user, sock_group) (andrei) |
|
64 | 65 |
*/ |
65 | 66 |
|
66 | 67 |
|
... | ... |
@@ -94,7 +95,6 @@ |
94 | 95 |
/* FIFO server vars */ |
95 | 96 |
char *fifo=0; /* FIFO name */ |
96 | 97 |
char* fifo_dir=DEFAULT_FIFO_DIR; /* dir where reply fifos are allowed */ |
97 |
-int fifo_mode=S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP ; |
|
98 | 98 |
char *fifo_db_url = 0; |
99 | 99 |
pid_t fifo_pid; |
100 | 100 |
/* file descriptors */ |
... | ... |
@@ -565,20 +565,30 @@ int init_fifo_server() |
565 | 565 |
strerror(errno)); |
566 | 566 |
} |
567 | 567 |
/* create FIFO ... */ |
568 |
- if ((mkfifo(fifo, fifo_mode)<0)) { |
|
568 |
+ if ((mkfifo(fifo, sock_mode)<0)) { |
|
569 | 569 |
LOG(L_ERR, "ERROR: open_fifo_server; can't create FIFO: " |
570 | 570 |
"%s (mode=%d)\n", |
571 |
- strerror(errno), fifo_mode); |
|
571 |
+ strerror(errno), sock_mode); |
|
572 | 572 |
return -1; |
573 | 573 |
} |
574 | 574 |
DBG("DEBUG: FIFO created @ %s\n", fifo ); |
575 |
- if ((chmod(fifo, fifo_mode)<0)) { |
|
575 |
+ if ((chmod(fifo, sock_mode)<0)) { |
|
576 | 576 |
LOG(L_ERR, "ERROR: open_fifo_server; can't chmod FIFO: " |
577 | 577 |
"%s (mode=%d)\n", |
578 |
- strerror(errno), fifo_mode); |
|
578 |
+ strerror(errno), sock_mode); |
|
579 | 579 |
return -1; |
580 | 580 |
} |
581 |
- DBG("DEBUG: fifo %s opened, mode=%d\n", fifo, fifo_mode ); |
|
581 |
+ if ((sock_uid!=-1) || (sock_gid!=-1)){ |
|
582 |
+ if (chown(fifo, sock_uid, sock_gid)<0){ |
|
583 |
+ LOG(L_ERR, "ERROR: open_fifo_server: failed to change the" |
|
584 |
+ " owner/group for %s to %d.%d; %s[%d]\n", |
|
585 |
+ fifo, sock_uid, sock_gid, strerror(errno), errno); |
|
586 |
+ return -1; |
|
587 |
+ } |
|
588 |
+ } |
|
589 |
+ |
|
590 |
+ |
|
591 |
+ DBG("DEBUG: fifo %s opened, mode=%d\n", fifo, sock_mode ); |
|
582 | 592 |
time(&up_since); |
583 | 593 |
t=ctime(&up_since); |
584 | 594 |
if (strlen(t)+1>=MAX_CTIME_LEN) { |
... | ... |
@@ -93,6 +93,11 @@ extern int sip_warning; |
93 | 93 |
extern int server_signature; |
94 | 94 |
extern char* user; |
95 | 95 |
extern char* group; |
96 |
+extern char* sock_user; |
|
97 |
+extern char* sock_group; |
|
98 |
+extern int sock_uid; |
|
99 |
+extern int sock_gid; |
|
100 |
+extern int sock_mode; |
|
96 | 101 |
extern char* chroot_dir; |
97 | 102 |
extern char* working_dir; |
98 | 103 |
|
... | ... |
@@ -48,6 +48,8 @@ |
48 | 48 |
* 2004-02-06 added support for user pref. - init_avp_child() (bogdan) |
49 | 49 |
* 2004-03-30 core dump is enabled by default |
50 | 50 |
* added support for increasing the open files limit (andrei) |
51 |
+ * 2004-04-28 sock_{user,group,uid,gid,mode} added |
|
52 |
+ * user2uid() & user2gid() added (andrei) |
|
51 | 53 |
* |
52 | 54 |
*/ |
53 | 55 |
|
... | ... |
@@ -329,6 +331,12 @@ char* user=0; |
329 | 331 |
char* group=0; |
330 | 332 |
int uid = 0; |
331 | 333 |
int gid = 0; |
334 |
+char* sock_user=0; |
|
335 |
+char* sock_group=0; |
|
336 |
+int sock_uid= -1; |
|
337 |
+int sock_gid= -1; |
|
338 |
+int sock_mode= S_IRUSR| S_IWUSR| S_IRGRP| S_IWGRP; /* rw-rw---- */ |
|
339 |
+ |
|
332 | 340 |
/* more config stuff */ |
333 | 341 |
int disable_core_dump=0; /* by default enabled */ |
334 | 342 |
int open_files_limit=-1; /* don't touch it by default */ |
... | ... |
@@ -644,6 +652,57 @@ error: |
644 | 652 |
|
645 | 653 |
|
646 | 654 |
|
655 |
+/* converts a username into uid:gid, |
|
656 |
+ * returns -1 on error & 0 on success */ |
|
657 |
+static int user2uid(int* uid, int* gid, char* user) |
|
658 |
+{ |
|
659 |
+ char* tmp; |
|
660 |
+ struct passwd *pw_entry; |
|
661 |
+ |
|
662 |
+ if (user){ |
|
663 |
+ *uid=strtol(user, &tmp, 10); |
|
664 |
+ if ((tmp==0) ||(*tmp)){ |
|
665 |
+ /* maybe it's a string */ |
|
666 |
+ pw_entry=getpwnam(user); |
|
667 |
+ if (pw_entry==0){ |
|
668 |
+ goto error; |
|
669 |
+ } |
|
670 |
+ *uid=pw_entry->pw_uid; |
|
671 |
+ if (gid) *gid=pw_entry->pw_gid; |
|
672 |
+ } |
|
673 |
+ return 0; |
|
674 |
+ } |
|
675 |
+error: |
|
676 |
+ return -1; |
|
677 |
+} |
|
678 |
+ |
|
679 |
+ |
|
680 |
+ |
|
681 |
+/* converts a group name into a gid |
|
682 |
+ * returns -1 on error, 0 on success */ |
|
683 |
+static int group2gid(int* gid, char* group) |
|
684 |
+{ |
|
685 |
+ char* tmp; |
|
686 |
+ struct group *gr_entry; |
|
687 |
+ |
|
688 |
+ if (group){ |
|
689 |
+ *gid=strtol(group, &tmp, 10); |
|
690 |
+ if ((tmp==0) ||(*tmp)){ |
|
691 |
+ /* maybe it's a string */ |
|
692 |
+ gr_entry=getgrnam(group); |
|
693 |
+ if (gr_entry==0){ |
|
694 |
+ goto error; |
|
695 |
+ } |
|
696 |
+ *gid=gr_entry->gr_gid; |
|
697 |
+ } |
|
698 |
+ return 0; |
|
699 |
+ } |
|
700 |
+error: |
|
701 |
+ return -1; |
|
702 |
+} |
|
703 |
+ |
|
704 |
+ |
|
705 |
+ |
|
647 | 706 |
/* main loop */ |
648 | 707 |
int main_loop() |
649 | 708 |
{ |
... | ... |
@@ -1042,8 +1101,6 @@ int main(int argc, char** argv) |
1042 | 1101 |
char *tmp; |
1043 | 1102 |
char *options; |
1044 | 1103 |
int ret; |
1045 |
- struct passwd *pw_entry; |
|
1046 |
- struct group *gr_entry; |
|
1047 | 1104 |
unsigned int seed; |
1048 | 1105 |
int rfd; |
1049 | 1106 |
|
... | ... |
@@ -1299,31 +1356,30 @@ try_again: |
1299 | 1356 |
|
1300 | 1357 |
/* get uid/gid */ |
1301 | 1358 |
if (user){ |
1302 |
- uid=strtol(user, &tmp, 10); |
|
1303 |
- if ((tmp==0) ||(*tmp)){ |
|
1304 |
- /* maybe it's a string */ |
|
1305 |
- pw_entry=getpwnam(user); |
|
1306 |
- if (pw_entry==0){ |
|
1307 |
- fprintf(stderr, "bad user name/uid number: -u %s\n", user); |
|
1308 |
- goto error; |
|
1309 |
- } |
|
1310 |
- uid=pw_entry->pw_uid; |
|
1311 |
- gid=pw_entry->pw_gid; |
|
1359 |
+ if (user2uid(&uid, &gid, user)<0){ |
|
1360 |
+ fprintf(stderr, "bad user name/uid number: -u %s\n", user); |
|
1361 |
+ goto error; |
|
1312 | 1362 |
} |
1313 | 1363 |
} |
1314 | 1364 |
if (group){ |
1315 |
- gid=strtol(group, &tmp, 10); |
|
1316 |
- if ((tmp==0) ||(*tmp)){ |
|
1317 |
- /* maybe it's a string */ |
|
1318 |
- gr_entry=getgrnam(group); |
|
1319 |
- if (gr_entry==0){ |
|
1365 |
+ if (group2gid(&gid, group)<0){ |
|
1320 | 1366 |
fprintf(stderr, "bad group name/gid number: -u %s\n", group); |
1321 |
- goto error; |
|
1322 |
- } |
|
1323 |
- gid=gr_entry->gr_gid; |
|
1367 |
+ goto error; |
|
1368 |
+ } |
|
1369 |
+ } |
|
1370 |
+ /* fix sock/fifo uid/gid */ |
|
1371 |
+ if (sock_user){ |
|
1372 |
+ if (user2uid(&sock_uid, 0, sock_user)<0){ |
|
1373 |
+ fprintf(stderr, "bad socket user name/uid number %s\n", user); |
|
1374 |
+ goto error; |
|
1375 |
+ } |
|
1376 |
+ } |
|
1377 |
+ if (sock_group){ |
|
1378 |
+ if (group2gid(&sock_gid, sock_group)<0){ |
|
1379 |
+ fprintf(stderr, "bad group name/gid number: -u %s\n", group); |
|
1380 |
+ goto error; |
|
1324 | 1381 |
} |
1325 | 1382 |
} |
1326 |
- |
|
1327 | 1383 |
if (fix_all_socket_lists()!=0){ |
1328 | 1384 |
fprintf(stderr, "failed to initialize liste addresses\n"); |
1329 | 1385 |
goto error; |
... | ... |
@@ -492,7 +492,7 @@ static int fix_socket_list(struct socket_info **list) |
492 | 492 |
l->name.s, l->address_str.s); |
493 | 493 |
#endif |
494 | 494 |
/* add the name to the alias list*/ |
495 |
- if ((!(l->flags&& SI_IS_IP)) && ( |
|
495 |
+ if ((!(l->flags& SI_IS_IP)) && ( |
|
496 | 496 |
(l->name.len!=si->name.len)|| |
497 | 497 |
(strncmp(l->name.s, si->name.s, si->name.len)!=0)) |
498 | 498 |
) |
... | ... |
@@ -29,6 +29,7 @@ |
29 | 29 |
/* History: |
30 | 30 |
* created by janakj |
31 | 31 |
* 2004-03-03 added tcp init code (andrei) |
32 |
+ * 2004-04-29 added chmod(sock_perm) & chown(sock_user,sock_group) (andrei) |
|
32 | 33 |
*/ |
33 | 34 |
|
34 | 35 |
#include <unistd.h> |
... | ... |
@@ -311,7 +312,7 @@ int init_unixsock_socket(void) |
311 | 312 |
DBG("init_unixsock_socket: Unix domain socket server disabled\n"); |
312 | 313 |
return 1; |
313 | 314 |
} else if (len > 107) { |
314 |
- LOG(L_ERR, "init_unixsock_socket: Socket name too long\n"); |
|
315 |
+ LOG(L_ERR, "ERROR: init_unixsock_socket: Socket name too long\n"); |
|
315 | 316 |
return -1; |
316 | 317 |
} |
317 | 318 |
|
... | ... |
@@ -320,7 +321,7 @@ int init_unixsock_socket(void) |
320 | 321 |
|
321 | 322 |
if (unlink(unixsock_name) == -1) { |
322 | 323 |
if (errno != ENOENT) { |
323 |
- LOG(L_ERR, "init_unixsock_socket: Error while unlinking " |
|
324 |
+ LOG(L_ERR, "ERROR: init_unixsock_socket: Error while unlinking " |
|
324 | 325 |
"old socket (%s): %s\n", unixsock_name, strerror(errno)); |
325 | 326 |
return -1; |
326 | 327 |
} |
... | ... |
@@ -328,8 +329,8 @@ int init_unixsock_socket(void) |
328 | 329 |
|
329 | 330 |
rx_sock = socket(PF_LOCAL, SOCK_DGRAM, 0); |
330 | 331 |
if (rx_sock == -1) { |
331 |
- LOG(L_ERR, "init_unixsock_socket: Cannot create RX socket: %s\n", |
|
332 |
- strerror(errno)); |
|
332 |
+ LOG(L_ERR, "ERROR: init_unixsock_socket: Cannot create RX " |
|
333 |
+ "socket: %s\n", strerror(errno)); |
|
333 | 334 |
return -1; |
334 | 335 |
} |
335 | 336 |
|
... | ... |
@@ -338,28 +339,46 @@ int init_unixsock_socket(void) |
338 | 339 |
memcpy(addr.sun_path, unixsock_name, len); |
339 | 340 |
|
340 | 341 |
if (bind(rx_sock, (struct sockaddr*)&addr, SUN_LEN(&addr)) == -1) { |
341 |
- LOG(L_ERR, "init_unixsock_socket: bind: %s\n", strerror(errno)); |
|
342 |
+ LOG(L_ERR, "ERROR: init_unixsock_socket: bind: %s\n", strerror(errno)); |
|
342 | 343 |
goto err_rx; |
343 | 344 |
} |
345 |
+ /* try to change the permissions */ |
|
346 |
+ if (sock_mode){ /* sock_mode==0 doesn't make sense, nobody can read/write*/ |
|
347 |
+ if (chmod(unixsock_name, sock_mode)<0){ |
|
348 |
+ LOG(L_ERR, "ERROR: init_unixsock_socket: failed to change the" |
|
349 |
+ " permissions for %s to %04o: %s[%d]\n", |
|
350 |
+ unixsock_name, sock_mode, strerror(errno), errno); |
|
351 |
+ goto err_rx; |
|
352 |
+ } |
|
353 |
+ } |
|
354 |
+ /* try to change the ownership */ |
|
355 |
+ if ((sock_uid!=-1) || (sock_gid!=-1)){ |
|
356 |
+ if (chown(unixsock_name, sock_uid, sock_gid)<0){ |
|
357 |
+ LOG(L_ERR, "ERROR: init_unixsock_socket: failed to change the" |
|
358 |
+ " owner/group for %s to %d.%d; %s[%d]\n", |
|
359 |
+ unixsock_name, sock_uid, sock_gid, strerror(errno), errno); |
|
360 |
+ goto err_rx; |
|
361 |
+ } |
|
362 |
+ } |
|
344 | 363 |
|
345 | 364 |
tx_sock = socket(PF_LOCAL, SOCK_DGRAM, 0); |
346 | 365 |
if (tx_sock == -1) { |
347 |
- LOG(L_ERR, "init_unixsock_socket: Cannot create TX socket: %s\n", |
|
348 |
- strerror(errno)); |
|
366 |
+ LOG(L_ERR, "ERROR: init_unixsock_socket: Cannot create TX socket:" |
|
367 |
+ " %s\n", strerror(errno)); |
|
349 | 368 |
goto err_rx; |
350 | 369 |
} |
351 | 370 |
|
352 | 371 |
/* Turn non-blocking mode on */ |
353 | 372 |
flags = fcntl(tx_sock, F_GETFL); |
354 | 373 |
if (flags == -1){ |
355 |
- LOG(L_ERR, "init_unixsock_socket: fcntl failed: %s\n", |
|
374 |
+ LOG(L_ERR, "ERROR: init_unixsock_socket: fcntl failed: %s\n", |
|
356 | 375 |
strerror(errno)); |
357 | 376 |
goto err_both; |
358 | 377 |
} |
359 | 378 |
|
360 | 379 |
if (fcntl(tx_sock, F_SETFL, flags | O_NONBLOCK) == -1) { |
361 |
- LOG(L_ERR, "init_unixsock_socket: fcntl: set non-blocking failed:" |
|
362 |
- " %s\n", strerror(errno)); |
|
380 |
+ LOG(L_ERR, "ERROR: init_unixsock_socket: fcntl: " |
|
381 |
+ "set non-blocking failed: %s\n", strerror(errno)); |
|
363 | 382 |
goto err_both; |
364 | 383 |
} |
365 | 384 |
|