From 85238765033e2fa89b1879383421d5a8aafff17f Mon Sep 17 00:00:00 2001 From: Nathan Florea Date: Mon, 10 Oct 2011 11:21:15 -0700 Subject: [PATCH] Added a config directive for a Unix socket mask Added a configuration directive to allow a user to specify the permissions to be granted to the Unix socket file. I followed the format Pieter and Salvatore discusses in issue #85 ( https://github.com/antirez/redis/issues/85). --- redis.conf | 1 + src/anet.c | 5 ++++- src/anet.h | 2 +- src/config.c | 5 +++++ src/redis.c | 3 ++- src/redis.h | 1 + 6 files changed, 14 insertions(+), 3 deletions(-) diff --git a/redis.conf b/redis.conf index a2e83c6c..18a5dd03 100644 --- a/redis.conf +++ b/redis.conf @@ -34,6 +34,7 @@ port 6379 # on a unix socket when not specified. # # unixsocket /tmp/redis.sock +# unixsocketperm 755 # Close the connection after a client is idle for N seconds (0 to disable) timeout 300 diff --git a/src/anet.c b/src/anet.c index 692cef19..9aff4dfa 100644 --- a/src/anet.c +++ b/src/anet.c @@ -32,6 +32,7 @@ #include #include +#include #include #include #include @@ -291,7 +292,7 @@ int anetTcpServer(char *err, int port, char *bindaddr) return s; } -int anetUnixServer(char *err, char *path) +int anetUnixServer(char *err, char *path, mode_t perm) { int s; struct sockaddr_un sa; @@ -304,6 +305,8 @@ int anetUnixServer(char *err, char *path) strncpy(sa.sun_path,path,sizeof(sa.sun_path)-1); if (anetListen(err,s,(struct sockaddr*)&sa,sizeof(sa)) == ANET_ERR) return ANET_ERR; + if (perm) + chmod(sa.sun_path, perm); return s; } diff --git a/src/anet.h b/src/anet.h index 2b2dea45..406c5783 100644 --- a/src/anet.h +++ b/src/anet.h @@ -46,7 +46,7 @@ int anetUnixNonBlockConnect(char *err, char *path); int anetRead(int fd, char *buf, int count); int anetResolve(char *err, char *host, char *ipbuf); int anetTcpServer(char *err, int port, char *bindaddr); -int anetUnixServer(char *err, char *path); +int anetUnixServer(char *err, char *path, mode_t perm); int anetTcpAccept(char *err, int serversock, char *ip, int *port); int anetUnixAccept(char *err, int serversock); int anetWrite(int fd, char *buf, int count); diff --git a/src/config.c b/src/config.c index 31a12ea9..1c666ddf 100644 --- a/src/config.c +++ b/src/config.c @@ -73,6 +73,11 @@ void loadServerConfig(char *filename) { server.bindaddr = zstrdup(argv[1]); } else if (!strcasecmp(argv[0],"unixsocket") && argc == 2) { server.unixsocket = zstrdup(argv[1]); + } else if (!strcasecmp(argv[0],"unixsocketperm") && argc == 2) { + server.unixsocketperm = (mode_t)strtol(argv[1], NULL, 8); + if (errno || server.unixsocketperm > 0777) { + err = "Invalid socket file permissions"; goto loaderr; + } } else if (!strcasecmp(argv[0],"save") && argc == 3) { int seconds = atoi(argv[1]); int changes = atoi(argv[2]); diff --git a/src/redis.c b/src/redis.c index 568f2fc8..295936df 100644 --- a/src/redis.c +++ b/src/redis.c @@ -822,6 +822,7 @@ void initServerConfig() { server.port = REDIS_SERVERPORT; server.bindaddr = NULL; server.unixsocket = NULL; + server.unixsocketperm = 0; server.ipfd = -1; server.sofd = -1; server.dbnum = REDIS_DEFAULT_DBNUM; @@ -935,7 +936,7 @@ void initServer() { } if (server.unixsocket != NULL) { unlink(server.unixsocket); /* don't care if this fails */ - server.sofd = anetUnixServer(server.neterr,server.unixsocket); + server.sofd = anetUnixServer(server.neterr,server.unixsocket,server.unixsocketperm); if (server.sofd == ANET_ERR) { redisLog(REDIS_WARNING, "Opening socket: %s", server.neterr); exit(1); diff --git a/src/redis.h b/src/redis.h index 6b33d128..af08145e 100644 --- a/src/redis.h +++ b/src/redis.h @@ -515,6 +515,7 @@ struct redisServer { int port; char *bindaddr; char *unixsocket; + mode_t unixsocketperm; int ipfd; int sofd; int cfd; -- 2.45.2