Code Review / vpp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: a54230d)
Add option to create clib_socket with group write permissions 44/7244/2
authorDamjan Marion <damarion@cisco.com>
Wed, 21 Jun 2017 10:01:37 +0000 (12:01 +0200)
committerDave Barach <openvpp@barachs.net>
Wed, 21 Jun 2017 15:22:40 +0000 (15:22 +0000)
Also allow group write as default for CLI socket connections.

Change-Id: I6af1f277f70581358cd9241bf0f5cb0752fe250f
Signed-off-by: Damjan Marion <damarion@cisco.com>
src/vlib/unix/cli.c patch | blob | history
src/vppinfra/socket.c patch | blob | history
src/vppinfra/socket.h patch | blob | history

diff --git a/src/vlib/unix/cli.c b/src/vlib/unix/cli.c
index 74dea16..953d133 100644 (file)
--- a/src/vlib/unix/cli.c
+++ b/src/vlib/unix/cli.c
@@ -57,6 +57,8 @@
 #include <unistd.h>
 #include <arpa/telnet.h>
 #include <sys/ioctl.h>
+#include <sys/types.h>
+#include <unistd.h>
 
 /** ANSI escape code. */
 #define ESC "\x1b"
@@ -2640,7 +2642,8 @@ unix_cli_config (vlib_main_t * vm, unformat_input_t * input)
       /* CLI listen. */
       unix_file_t template = { 0 };
 
-      s->flags = SOCKET_IS_SERVER;     /* listen, don't connect */
+      s->flags = SOCKET_IS_SERVER |    /* listen, don't connect */
+       SOCKET_ALLOW_GROUP_WRITE;       /* PF_LOCAL socket only */
       error = clib_socket_init (s);
 
       if (error)
diff --git a/src/vppinfra/socket.c b/src/vppinfra/socket.c
index 99b353f..4c23c23 100644 (file)
--- a/src/vppinfra/socket.c
+++ b/src/vppinfra/socket.c
@@ -38,6 +38,7 @@
 #include <sys/un.h>
 #include <sys/types.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <netdb.h>
@@ -348,6 +349,14 @@ clib_socket_init (clib_socket_t * s)
          error = clib_error_return_unix (0, "listen");
          goto done;
        }
+      if (addr.sa.sa_family == PF_LOCAL
+         && s->flags & SOCKET_ALLOW_GROUP_WRITE)
+       {
+         struct stat st = { 0 };
+         stat (((struct sockaddr_un *) &addr)->sun_path, &st);
+         st.st_mode |= S_IWGRP;
+         chmod (((struct sockaddr_un *) &addr)->sun_path, st.st_mode);
+       }
     }
   else
     {
diff --git a/src/vppinfra/socket.h b/src/vppinfra/socket.h
index 08e22e7..7503720 100644 (file)
--- a/src/vppinfra/socket.h
+++ b/src/vppinfra/socket.h
@@ -58,6 +58,7 @@ typedef struct _socket_t
 #define SOCKET_IS_SERVER (1 << 0)
 #define SOCKET_IS_CLIENT (0 << 0)
 #define SOCKET_NON_BLOCKING_CONNECT (1 << 1)
+#define SOCKET_ALLOW_GROUP_WRITE (1 << 2)
 
   /* Read returned end-of-file. */
 #define SOCKET_RX_END_OF_FILE (1 << 2)
Vector Packet Processing