#include "gnunet_getopt_lib.h"
#include "gnunet_os_lib.h"
#include "gnunet_protocols.h"
+#include "gnunet_resolver_service.h"
#include "gnunet_server_lib.h"
#include "gnunet_service_lib.h"
*/
int require_found;
+ /**
+ * Do we require a matching UID for UNIX domain socket
+ * connections?
+ */
+ int match_uid;
+
+ /**
+ * Do we require a matching GID for UNIX domain socket
+ * connections?
+ */
+ int match_gid;
+
/**
* Our options.
*/
/**
* Check if access to the service is allowed from the given address.
+ *
+ * @param cls closure
+ * @param uc credentials, if available, otherwise NULL
+ * @param addr address
+ * @param addrlen length of address
+ * @return GNUNET_YES to allow, GNUNET_NO to deny, GNUNET_SYSERR
+ * for unknown address family (will be denied).
*/
static int
-check_access (void *cls, const struct sockaddr *addr, socklen_t addrlen)
+check_access (void *cls,
+ const struct GNUNET_CONNECTION_Credentials *uc,
+ const struct sockaddr *addr, socklen_t addrlen)
{
struct GNUNET_SERVICE_Context *sctx = cls;
const struct sockaddr_in *i4;
&& ((sctx->v6_denied == NULL) ||
(!check_ipv6_listed (sctx->v6_denied, &i6->sin6_addr)));
break;
+#ifndef WINDOWS
case AF_UNIX:
- /* FIXME: support checking UID/GID in the future... */
ret = GNUNET_OK; /* always OK for now */
+ if ( (sctx->match_uid == GNUNET_YES) ||
+ (sctx->match_gid == GNUNET_YES) )
+ ret = GNUNET_NO;
+ if ( (uc != NULL) &&
+ ( (sctx->match_uid != GNUNET_YES) ||
+ (uc->uid == geteuid()) ||
+ (uc->uid == getuid()) ) &&
+ ( (sctx->match_gid != GNUNET_YES) ||
+ (uc->gid == getegid()) ||
+ (uc->gid == getgid())) )
+ ret = GNUNET_YES;
+ else
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ _("Access denied to UID %d / GID %d\n"),
+ (uc == NULL) ? -1 : uc->uid,
+ (uc == NULL) ? -1 : uc->gid);
break;
+#endif
default:
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
_("Unknown address family %d\n"), addr->sa_family);
unixpath,
slen);
un->sun_path[slen] = '\0';
+ slen = sizeof (struct sockaddr_un);
#if LINUX
un->sun_path[0] = '\0';
- slen = sizeof (struct sockaddr_un);
-#else
- slen += sizeof (sa_family_t);
+#endif
+#if HAVE_SOCKADDR_IN_SIN_LEN
+ un->sun_len = (u_char) slen;
#endif
*saddrs = (struct sockaddr*) un;
*saddrlens = slen;
else
hostname = NULL;
+ unixpath = NULL;
#ifdef AF_UNIX
- if (GNUNET_CONFIGURATION_have_value (cfg,
- serviceName, "UNIXPATH"))
- {
- GNUNET_assert (GNUNET_OK ==
- GNUNET_CONFIGURATION_get_value_string (cfg,
+ if ((GNUNET_YES == GNUNET_CONFIGURATION_have_value (cfg,
+ serviceName, "UNIXPATH")) &&
+ (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg,
serviceName,
"UNIXPATH",
- &unixpath));
-
+ &unixpath)) &&
+ (0 < strlen(unixpath)))
+ {
/* probe UNIX support */
struct sockaddr_un s_un;
+
if (strlen(unixpath) >= sizeof(s_un.sun_path))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- _("UNIXPATH `%s' too long, maximum length is %llu\n"),unixpath, sizeof(s_un.sun_path));
- GNUNET_free_non_null (hostname);
- GNUNET_free (unixpath);
- return GNUNET_SYSERR;
- }
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ _("UNIXPATH `%s' too long, maximum length is %llu\n"),
+ unixpath,
+ sizeof(s_un.sun_path));
+ GNUNET_free_non_null (hostname);
+ GNUNET_free (unixpath);
+ return GNUNET_SYSERR;
+ }
desc = GNUNET_NETWORK_socket_create (AF_UNIX, SOCK_STREAM, 0);
if (NULL == desc)
{
- if ((errno == ENOBUFS) ||
- (errno == ENOMEM) || (errno == ENFILE) || (errno == EACCES))
+ if ( (errno == ENOBUFS) ||
+ (errno == ENOMEM) || (errno == ENFILE) || (errno == EACCES))
{
GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "socket");
GNUNET_free_non_null (hostname);
desc = NULL;
}
}
- else
- unixpath = NULL;
-#else
- unixpath = NULL;
#endif
if ( (port == 0) &&
saddrlens = GNUNET_malloc (2 * sizeof (socklen_t));
add_unixpath (saddrs, saddrlens, unixpath);
GNUNET_free_non_null (unixpath);
- GNUNET_free_non_null(hostname);
+ GNUNET_free_non_null (hostname);
*addrs = saddrs;
*addr_lens = saddrlens;
return 1;
_("Failed to resolve `%s': %s\n"),
hostname, gai_strerror (ret));
GNUNET_free (hostname);
- GNUNET_free (unixpath);
+ GNUNET_free_non_null (unixpath);
return GNUNET_SYSERR;
}
next = res;
disablev6 ? "IPv4 " : "", hostname);
freeaddrinfo (res);
GNUNET_free (hostname);
- GNUNET_free (unixpath);
+ GNUNET_free_non_null (unixpath);
return GNUNET_SYSERR;
}
resi = i;
next = pos->ai_next;
if ( (disablev6) && (pos->ai_family == AF_INET6))
continue;
+ if ( (pos->ai_protocol != IPPROTO_TCP) && (pos->ai_protocol != 0) )
+ continue; /* not TCP */
+ if ( (pos->ai_socktype != SOCK_STREAM) && (pos->ai_socktype != 0) )
+ continue; /* huh? */
#if DEBUG_SERVICE
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Service `%s' will bind to `%s'\n",
}
GNUNET_free (hostname);
freeaddrinfo (res);
+ resi = i;
}
else
{
&sctx->addrlens)) )
return GNUNET_SYSERR;
sctx->require_found = tolerant ? GNUNET_NO : GNUNET_YES;
-
+ sctx->match_uid = GNUNET_CONFIGURATION_get_value_yesno (sctx->cfg,
+ sctx->serviceName,
+ "UNIX_MATCH_UID");
+ sctx->match_gid = GNUNET_CONFIGURATION_get_value_yesno (sctx->cfg,
+ sctx->serviceName,
+ "UNIX_MATCH_GID");
process_acl4 (&sctx->v4_denied, sctx, "REJECT_FROM");
process_acl4 (&sctx->v4_allowed, sctx, "ACCEPT_FROM");
process_acl6 (&sctx->v6_denied, sctx, "REJECT_FROM6");
struct GNUNET_SERVICE_Context *sctx = cls;
unsigned int i;
+ GNUNET_RESOLVER_connect (sctx->cfg);
if (sctx->lsocks != NULL)
sctx->server = GNUNET_SERVER_create_with_sockets (&check_access,
sctx,
char *logfile;
int do_daemonize;
unsigned int i;
+ unsigned long long skew_offset;
+ unsigned long long skew_variance;
+ long long clock_offset;
struct GNUNET_SERVICE_Context sctx;
struct GNUNET_CONFIGURATION_Handle *cfg;
struct GNUNET_GETOPT_CommandLineOption service_options[] = {
"Service `%s' runs with configuration from `%s'\n",
serviceName, cfg_fn);
#endif
+ if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_number(sctx.cfg, "testing", "skew_offset", &skew_offset) &&
+ (GNUNET_OK == GNUNET_CONFIGURATION_get_value_number(sctx.cfg, "testing", "skew_variance", &skew_variance)))
+ {
+ clock_offset = skew_offset - skew_variance;
+ GNUNET_TIME_set_offset(clock_offset);
+#if DEBUG_SERVICE
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Skewing clock by %dll\n", clock_offset);
+#endif
+ }
/* actually run service */
GNUNET_SCHEDULER_run (&service_task, &sctx);