Fossil SCM
Get --socket-owner working.
Commit
efc7475e180bb40143773ffdc61a4577a2dce5d9c57912572e6abdf12c7bc392
Parent
28de3fab86bcc78…
2 files changed
+11
-7
+1
-2
+11
-7
| --- src/cgi.c | ||
| +++ src/cgi.c | ||
| @@ -2548,20 +2548,17 @@ | ||
| 2548 | 2548 | if( listener<0 ){ |
| 2549 | 2549 | fossil_fatal("unable to create a unix socket named %s", |
| 2550 | 2550 | g.zSockName); |
| 2551 | 2551 | } |
| 2552 | 2552 | /* Set the access permission for the new socket. Default to 0660. |
| 2553 | - ** But use an alternative specified by --socket-mode if available */ | |
| 2553 | + ** But use an alternative specified by --socket-mode if available. | |
| 2554 | + ** Do this before bind() to avoid a race condition. */ | |
| 2554 | 2555 | if( g.zSockMode ){ |
| 2555 | 2556 | file_set_mode(g.zSockName, listener, g.zSockMode, 0); |
| 2556 | 2557 | }else{ |
| 2557 | 2558 | file_set_mode(g.zSockName, listener, "0660", 1); |
| 2558 | 2559 | } |
| 2559 | - /* Set the owner of the socket if requested by --socket-owner */ | |
| 2560 | - if( g.zSockOwner ){ | |
| 2561 | - file_set_owner(g.zSockName, listener, g.zSockOwner); | |
| 2562 | - } | |
| 2563 | 2560 | }else{ |
| 2564 | 2561 | /* Initialize a TCP/IP socket on port iPort */ |
| 2565 | 2562 | memset(&inaddr, 0, sizeof(inaddr)); |
| 2566 | 2563 | inaddr.sin_family = AF_INET; |
| 2567 | 2564 | if( zIpAddr ){ |
| @@ -2585,10 +2582,17 @@ | ||
| 2585 | 2582 | /* if we can't terminate nicely, at least allow the socket to be reused */ |
| 2586 | 2583 | setsockopt(listener,SOL_SOCKET,SO_REUSEADDR,&opt,sizeof(opt)); |
| 2587 | 2584 | |
| 2588 | 2585 | if( flags & HTTP_SERVER_UNIXSOCKET ){ |
| 2589 | 2586 | rc = bind(listener, (struct sockaddr*)&uxaddr, sizeof(uxaddr)); |
| 2587 | + /* Set the owner of the socket if requested by --socket-owner. This | |
| 2588 | + ** must wait until after bind(), after the filesystem object has been | |
| 2589 | + ** created. See https://lkml.org/lkml/2004/11/1/84 and | |
| 2590 | + ** https://fossil-scm.org/forum/forumpost/7517680ef9684c57 */ | |
| 2591 | + if( g.zSockOwner ){ | |
| 2592 | + file_set_owner(g.zSockName, listener, g.zSockOwner); | |
| 2593 | + } | |
| 2590 | 2594 | }else{ |
| 2591 | 2595 | rc = bind(listener, (struct sockaddr*)&inaddr, sizeof(inaddr)); |
| 2592 | 2596 | } |
| 2593 | 2597 | if( rc<0 ){ |
| 2594 | 2598 | close(listener); |
| @@ -2608,13 +2612,13 @@ | ||
| 2608 | 2612 | } |
| 2609 | 2613 | } |
| 2610 | 2614 | if( iPort>mxPort ) return 1; |
| 2611 | 2615 | listen(listener,10); |
| 2612 | 2616 | if( flags & HTTP_SERVER_UNIXSOCKET ){ |
| 2613 | - fossil_print("Listening for %s requests on unix-domain socket %s\n", | |
| 2617 | + fossil_print("Listening for %s requests on unix socket %s\n", | |
| 2614 | 2618 | (flags & HTTP_SERVER_SCGI)!=0 ? "SCGI" : |
| 2615 | - g.httpUseSSL?"TLS-encrypted HTTPS":"HTTP", zIpAddr); | |
| 2619 | + g.httpUseSSL?"TLS-encrypted HTTPS":"HTTP", g.zSockName); | |
| 2616 | 2620 | }else{ |
| 2617 | 2621 | fossil_print("Listening for %s requests on TCP port %d\n", |
| 2618 | 2622 | (flags & HTTP_SERVER_SCGI)!=0 ? "SCGI" : |
| 2619 | 2623 | g.httpUseSSL?"TLS-encrypted HTTPS":"HTTP", iPort); |
| 2620 | 2624 | } |
| 2621 | 2625 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -2548,20 +2548,17 @@ | |
| 2548 | if( listener<0 ){ |
| 2549 | fossil_fatal("unable to create a unix socket named %s", |
| 2550 | g.zSockName); |
| 2551 | } |
| 2552 | /* Set the access permission for the new socket. Default to 0660. |
| 2553 | ** But use an alternative specified by --socket-mode if available */ |
| 2554 | if( g.zSockMode ){ |
| 2555 | file_set_mode(g.zSockName, listener, g.zSockMode, 0); |
| 2556 | }else{ |
| 2557 | file_set_mode(g.zSockName, listener, "0660", 1); |
| 2558 | } |
| 2559 | /* Set the owner of the socket if requested by --socket-owner */ |
| 2560 | if( g.zSockOwner ){ |
| 2561 | file_set_owner(g.zSockName, listener, g.zSockOwner); |
| 2562 | } |
| 2563 | }else{ |
| 2564 | /* Initialize a TCP/IP socket on port iPort */ |
| 2565 | memset(&inaddr, 0, sizeof(inaddr)); |
| 2566 | inaddr.sin_family = AF_INET; |
| 2567 | if( zIpAddr ){ |
| @@ -2585,10 +2582,17 @@ | |
| 2585 | /* if we can't terminate nicely, at least allow the socket to be reused */ |
| 2586 | setsockopt(listener,SOL_SOCKET,SO_REUSEADDR,&opt,sizeof(opt)); |
| 2587 | |
| 2588 | if( flags & HTTP_SERVER_UNIXSOCKET ){ |
| 2589 | rc = bind(listener, (struct sockaddr*)&uxaddr, sizeof(uxaddr)); |
| 2590 | }else{ |
| 2591 | rc = bind(listener, (struct sockaddr*)&inaddr, sizeof(inaddr)); |
| 2592 | } |
| 2593 | if( rc<0 ){ |
| 2594 | close(listener); |
| @@ -2608,13 +2612,13 @@ | |
| 2608 | } |
| 2609 | } |
| 2610 | if( iPort>mxPort ) return 1; |
| 2611 | listen(listener,10); |
| 2612 | if( flags & HTTP_SERVER_UNIXSOCKET ){ |
| 2613 | fossil_print("Listening for %s requests on unix-domain socket %s\n", |
| 2614 | (flags & HTTP_SERVER_SCGI)!=0 ? "SCGI" : |
| 2615 | g.httpUseSSL?"TLS-encrypted HTTPS":"HTTP", zIpAddr); |
| 2616 | }else{ |
| 2617 | fossil_print("Listening for %s requests on TCP port %d\n", |
| 2618 | (flags & HTTP_SERVER_SCGI)!=0 ? "SCGI" : |
| 2619 | g.httpUseSSL?"TLS-encrypted HTTPS":"HTTP", iPort); |
| 2620 | } |
| 2621 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -2548,20 +2548,17 @@ | |
| 2548 | if( listener<0 ){ |
| 2549 | fossil_fatal("unable to create a unix socket named %s", |
| 2550 | g.zSockName); |
| 2551 | } |
| 2552 | /* Set the access permission for the new socket. Default to 0660. |
| 2553 | ** But use an alternative specified by --socket-mode if available. |
| 2554 | ** Do this before bind() to avoid a race condition. */ |
| 2555 | if( g.zSockMode ){ |
| 2556 | file_set_mode(g.zSockName, listener, g.zSockMode, 0); |
| 2557 | }else{ |
| 2558 | file_set_mode(g.zSockName, listener, "0660", 1); |
| 2559 | } |
| 2560 | }else{ |
| 2561 | /* Initialize a TCP/IP socket on port iPort */ |
| 2562 | memset(&inaddr, 0, sizeof(inaddr)); |
| 2563 | inaddr.sin_family = AF_INET; |
| 2564 | if( zIpAddr ){ |
| @@ -2585,10 +2582,17 @@ | |
| 2582 | /* if we can't terminate nicely, at least allow the socket to be reused */ |
| 2583 | setsockopt(listener,SOL_SOCKET,SO_REUSEADDR,&opt,sizeof(opt)); |
| 2584 | |
| 2585 | if( flags & HTTP_SERVER_UNIXSOCKET ){ |
| 2586 | rc = bind(listener, (struct sockaddr*)&uxaddr, sizeof(uxaddr)); |
| 2587 | /* Set the owner of the socket if requested by --socket-owner. This |
| 2588 | ** must wait until after bind(), after the filesystem object has been |
| 2589 | ** created. See https://lkml.org/lkml/2004/11/1/84 and |
| 2590 | ** https://fossil-scm.org/forum/forumpost/7517680ef9684c57 */ |
| 2591 | if( g.zSockOwner ){ |
| 2592 | file_set_owner(g.zSockName, listener, g.zSockOwner); |
| 2593 | } |
| 2594 | }else{ |
| 2595 | rc = bind(listener, (struct sockaddr*)&inaddr, sizeof(inaddr)); |
| 2596 | } |
| 2597 | if( rc<0 ){ |
| 2598 | close(listener); |
| @@ -2608,13 +2612,13 @@ | |
| 2612 | } |
| 2613 | } |
| 2614 | if( iPort>mxPort ) return 1; |
| 2615 | listen(listener,10); |
| 2616 | if( flags & HTTP_SERVER_UNIXSOCKET ){ |
| 2617 | fossil_print("Listening for %s requests on unix socket %s\n", |
| 2618 | (flags & HTTP_SERVER_SCGI)!=0 ? "SCGI" : |
| 2619 | g.httpUseSSL?"TLS-encrypted HTTPS":"HTTP", g.zSockName); |
| 2620 | }else{ |
| 2621 | fossil_print("Listening for %s requests on TCP port %d\n", |
| 2622 | (flags & HTTP_SERVER_SCGI)!=0 ? "SCGI" : |
| 2623 | g.httpUseSSL?"TLS-encrypted HTTPS":"HTTP", iPort); |
| 2624 | } |
| 2625 |
+1
-2
| --- src/file.c | ||
| +++ src/file.c | ||
| @@ -767,12 +767,11 @@ | ||
| 767 | 767 | if( grp==0 ){ |
| 768 | 768 | fossil_fatal("no such group: \"%s\"", zGrp); |
| 769 | 769 | } |
| 770 | 770 | gid = grp->gr_gid; |
| 771 | 771 | } |
| 772 | -printf("fd=%d zFN=%s uid=%d gid=%d\n", (int)fd, zFN, (int)uid, (int)gid); | |
| 773 | - if( fchown(fd, uid, gid) ){ | |
| 772 | + if( chown(zFN, uid, gid) ){ | |
| 774 | 773 | fossil_fatal("cannot change ownership of %s to %s",zFN, zOwner); |
| 775 | 774 | } |
| 776 | 775 | if( zOwner!=zUsr ){ |
| 777 | 776 | fossil_free((char*)zUsr); |
| 778 | 777 | } |
| 779 | 778 |
| --- src/file.c | |
| +++ src/file.c | |
| @@ -767,12 +767,11 @@ | |
| 767 | if( grp==0 ){ |
| 768 | fossil_fatal("no such group: \"%s\"", zGrp); |
| 769 | } |
| 770 | gid = grp->gr_gid; |
| 771 | } |
| 772 | printf("fd=%d zFN=%s uid=%d gid=%d\n", (int)fd, zFN, (int)uid, (int)gid); |
| 773 | if( fchown(fd, uid, gid) ){ |
| 774 | fossil_fatal("cannot change ownership of %s to %s",zFN, zOwner); |
| 775 | } |
| 776 | if( zOwner!=zUsr ){ |
| 777 | fossil_free((char*)zUsr); |
| 778 | } |
| 779 |
| --- src/file.c | |
| +++ src/file.c | |
| @@ -767,12 +767,11 @@ | |
| 767 | if( grp==0 ){ |
| 768 | fossil_fatal("no such group: \"%s\"", zGrp); |
| 769 | } |
| 770 | gid = grp->gr_gid; |
| 771 | } |
| 772 | if( chown(zFN, uid, gid) ){ |
| 773 | fossil_fatal("cannot change ownership of %s to %s",zFN, zOwner); |
| 774 | } |
| 775 | if( zOwner!=zUsr ){ |
| 776 | fossil_free((char*)zUsr); |
| 777 | } |
| 778 |