mirror of
https://github.com/zrepl/zrepl.git
synced 2025-02-22 21:31:21 +01:00
stdinserver: fixup ccd062e: assert socket is in private directory
This commit is contained in:
Christian Schwarz
parent
ccd062e238
commit
f3d3a7f5f8
@ -32,6 +32,10 @@ func parseStdinserverListenerFactory(c JobParsingContext, i map[string]interface
|
||||
|
||||
func (f *StdinserverListenerFactory) Listen() (al AuthenticatedChannelListener, err error) {
|
||||
|
||||
if err = PreparePrivateSockpath(f.sockpath); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
l, err := netssh.Listen(f.sockpath)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
||||
@ -7,28 +7,42 @@ import (
|
||||
"path/filepath"
|
||||
)
|
||||
|
||||
func ListenUnixPrivate(sockaddr *net.UnixAddr) (*net.UnixListener, error) {
|
||||
|
||||
sockdir := filepath.Dir(sockaddr.Name)
|
||||
func PreparePrivateSockpath(sockpath string) error {
|
||||
sockdir := filepath.Dir(sockpath)
|
||||
sdstat, err := os.Stat(sockdir)
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "cannot stat(2) '%s'", sockdir)
|
||||
return errors.Wrapf(err, "cannot stat(2) '%s'", sockdir)
|
||||
}
|
||||
if !sdstat.IsDir() {
|
||||
return nil, errors.Errorf("not a directory: %s", sockdir)
|
||||
return errors.Errorf("not a directory: %s", sockdir)
|
||||
}
|
||||
p := sdstat.Mode().Perm()
|
||||
if p&0007 != 0 {
|
||||
return nil, errors.Errorf("socket directory not be world-accessible: %s (permissions are %#o)", sockdir, p)
|
||||
return errors.Errorf("socket directory must not be world-accessible: %s (permissions are %#o)", sockdir, p)
|
||||
}
|
||||
|
||||
// Maybe things have not been cleaned up before
|
||||
s, err := os.Stat(sockaddr.Name)
|
||||
if err == nil {
|
||||
if s.Mode()&os.ModeSocket != 0 {
|
||||
// opportunistically try to remove it, but if this fails, it is not an error
|
||||
os.Remove(sockaddr.Name)
|
||||
}
|
||||
s, err := os.Stat(sockpath)
|
||||
if os.IsNotExist(err) {
|
||||
return nil
|
||||
}
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "cannot stat(2) '%s'", sockpath)
|
||||
}
|
||||
if s.Mode()&os.ModeSocket == 0 {
|
||||
return errors.Errorf("unexpected file type at path '%s'", sockpath)
|
||||
}
|
||||
err = os.Remove(sockpath)
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "cannot remove presumably stale socket '%s'", sockpath)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func ListenUnixPrivate(sockaddr *net.UnixAddr) (*net.UnixListener, error) {
|
||||
|
||||
if err := PreparePrivateSockpath(sockaddr.Name); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return net.ListenUnix("unix", sockaddr)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user