extern/zrepl
1
0
Fork 0
mirror of https://github.com/zrepl/zrepl.git synced 2025-02-22 21:31:21 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

stdinserver: fixup ccd062e: assert socket is in private directory

Browse Source
This commit is contained in:
Christian Schwarz 2018-02-17 14:12:44 +01:00
parent ccd062e238
commit f3d3a7f5f8
2 changed files with 30 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/config_serve_stdinserver.go
View File

@ -32,6 +32,10 @@ func parseStdinserverListenerFactory(c JobParsingContext, i map[string]interface
func (f *StdinserverListenerFactory) Listen() (al AuthenticatedChannelListener, err error) { func (f *StdinserverListenerFactory) Listen() (al AuthenticatedChannelListener, err error) {
if err = PreparePrivateSockpath(f.sockpath); err != nil {
return nil, err
}
l, err := netssh.Listen(f.sockpath) l, err := netssh.Listen(f.sockpath)
if err != nil { if err != nil {
return nil, err return nil, err

38
cmd/helpers.go
View File

@ -7,28 +7,42 @@ import (
"path/filepath" "path/filepath"
) )
func ListenUnixPrivate(sockaddr *net.UnixAddr) (*net.UnixListener, error) { func PreparePrivateSockpath(sockpath string) error {
sockdir := filepath.Dir(sockpath)
sockdir := filepath.Dir(sockaddr.Name)
sdstat, err := os.Stat(sockdir) sdstat, err := os.Stat(sockdir)
if err != nil { if err != nil {
return nil, errors.Wrapf(err, "cannot stat(2) '%s'", sockdir) return errors.Wrapf(err, "cannot stat(2) '%s'", sockdir)
} }
if !sdstat.IsDir() { if !sdstat.IsDir() {
return nil, errors.Errorf("not a directory: %s", sockdir) return errors.Errorf("not a directory: %s", sockdir)
} }
p := sdstat.Mode().Perm() p := sdstat.Mode().Perm()
if p&0007 != 0 { if p&0007 != 0 {
return nil, errors.Errorf("socket directory not be world-accessible: %s (permissions are %#o)", sockdir, p) return errors.Errorf("socket directory must not be world-accessible: %s (permissions are %#o)", sockdir, p)
} }
// Maybe things have not been cleaned up before // Maybe things have not been cleaned up before
s, err := os.Stat(sockaddr.Name) s, err := os.Stat(sockpath)
if err == nil { if os.IsNotExist(err) {
if s.Mode()&os.ModeSocket != 0 { return nil
// opportunistically try to remove it, but if this fails, it is not an error }
os.Remove(sockaddr.Name) if err != nil {
} return errors.Wrapf(err, "cannot stat(2) '%s'", sockpath)
}
if s.Mode()&os.ModeSocket == 0 {
return errors.Errorf("unexpected file type at path '%s'", sockpath)
}
err = os.Remove(sockpath)
if err != nil {
return errors.Wrapf(err, "cannot remove presumably stale socket '%s'", sockpath)
}
return nil
}
func ListenUnixPrivate(sockaddr *net.UnixAddr) (*net.UnixListener, error) {
if err := PreparePrivateSockpath(sockaddr.Name); err != nil {
return nil, err
} }
return net.ListenUnix("unix", sockaddr) return net.ListenUnix("unix", sockaddr)