Now we can have a group of server administrators.
As part of this, move the change of permissions after the change of
ownership to avoid a brief window where the wrong group might have
access to the socket.
${port+-S-p}${port} \
${user+-U}${user} \
${group+-G}${group} \
+ ${sockmode+-m}${sockmode} \
${trace+-S-T}${trace} \
${tunnel+-S-n}${tunnel} \
${miscopts}
##
#group=tripe
+## The permissions to set on the administration socket. The default is 600,
+## which allows only the configured user to connect. Setting 660 allows
+## all members of the group to administer the server, which might be useful.
+## Setting this to 666 is probably a really bad idea.
+#mode=600
+
## Trace options to pass to tripe. The default is no tracing. The setting
## `A-cp' gives maxmimum possible verbosity without leaking important
## secrets.
* Arguments: @const char *name@ = socket name to create
* @uid_t u@ = user to own the socket
* @gid_t g@ = group to own the socket
+ * @mode_t m@ = permissions to set on the socket
*
* Returns: ---
*
* Use: Creates the admin listening socket.
*/
-void a_init(const char *name, uid_t u, gid_t g)
+void a_init(const char *name, uid_t u, gid_t g, mode_t m)
{
int fd;
int n = 5;
close(fd);
goto again;
}
- if (chmod(sun.sun_path, 0600)) {
- die(EXIT_FAILURE, "failed to set socket permissions: %s",
- strerror(errno));
- }
if (chown(sun.sun_path, u, g)) {
die(EXIT_FAILURE, "failed to set socket owner: %s",
strerror(errno));
}
+ if (chmod(sun.sun_path, m)) {
+ die(EXIT_FAILURE, "failed to set socket permissions: %s",
+ strerror(errno));
+ }
umask(omask);
fdflags(fd, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC);
if (listen(fd, 5))
.IR group ]
.RB [ \-a
.IR socket ]
+.RB [ \-m
+.IR mode ]
.RB [ \-T
.IR trace-opts ]
.br
.B "\*(/s/tripesock"
is used instead.
.TP
+.BI "\-m, \-\-admin\-perms=" mode
+Permissions (as an octal number) to set on the administration socket. The
+default is 600, which allows only the socket owner. Setting 660 allows
+members of the
+.I group
+configured through the
+.B \-G
+option to connect to the socket, which may be useful. Allowing world access
+is a terrible idea.
+.TP
.BI "\-T, \-\-trace=" trace-opts
Allows the enabling or disabling of various internal diagnostics. See
below for the list of options.
static void usage(FILE *fp)
{
pquis(fp, "Usage: $ [-DF] [-d DIR] [-b ADDR] [-p PORT] [-n TUNNEL]\n\
- [-U USER] [-G GROUP] [-a SOCKET] [-T TRACE-OPTS]\n\
+ [-U USER] [-G GROUP] [-a SOCKET] [-m MODE] [-T TRACE-OPTS]\n\
[-k PRIV-KEYRING] [-K PUB-KEYRING] [-t KEY-TAG]\n");
}
-K, --pub-keyring=FILE Get public keys from FILE.\n\
-t, --tag=KEYTAG Use private key labelled TAG.\n\
-a, --admin-socket=FILE Use FILE as the adminstration socket.\n\
+-m, --admin-perms=MODE Permissions to set on admin socket [default 600].\n\
" T( "\
-T, --trace=OPTIONS Turn on tracing options.\n\
" ) "\
const char *kr_priv = "keyring", *kr_pub = "keyring.pub";
const char *tag_priv = 0;
const char *csock = SOCKETDIR "/tripesock";
+ int csockmode = 0600;
const char *dir = CONFIGDIR;
const char *p;
unsigned port = TRIPE_PORT;
{ "pub-keyring", OPTF_ARGREQ, 0, 'K' },
{ "tag", OPTF_ARGREQ, 0, 't' },
{ "admin-socket", OPTF_ARGREQ, 0, 'a' },
+ { "admin-perms", OPTF_ARGREQ, 0, 'm' },
#ifndef NTRACE
{ "trace", OPTF_ARGREQ, 0, 'T' },
#endif
{ 0, 0, 0, 0 }
};
- i = mdwopt(argc, argv, "hvuDFU:G:b:n:p:d:k:K:t:a:" T("T:"),
+ i = mdwopt(argc, argv, "hvuDFU:G:b:n:p:d:k:K:t:a:m:" T("T:"),
opts, 0, 0, 0);
if (i < 0)
break;
case 'a':
csock = optarg;
break;
+ case 'm': {
+ char *p;
+ csockmode = strtol(optarg, &p, 8);
+ if (*p) die(EXIT_FAILURE, "bad permissions: `%s'", optarg);
+ } break;
case 't':
tag_priv = optarg;
break;
a_create(STDIN_FILENO, STDOUT_FILENO, af);
}
ps_split(f & f_daemon);
- a_init(csock, u, g);
+ a_init(csock, u, g, csockmode);
u_setugid(u, g);
km_init(kr_priv, kr_pub, tag_priv);
if (f & f_daemon) {
* Arguments: @const char *sock@ = socket name to create
* @uid_t u@ = user to own the socket
* @gid_t g@ = group to own the socket
+ * @mode_t m@ = permissions to set on the socket
*
* Returns: ---
*
* Use: Creates the admin listening socket.
*/
-extern void a_init(const char */*sock*/, uid_t /*u*/, gid_t /*g*/);
+extern void a_init(const char */*sock*/,
+ uid_t /*u*/, gid_t /*g*/, mode_t /*m*/);
/*----- Mapping with addresses as keys ------------------------------------*/
~mdw / tripe / commitdiff