mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Move the socket startup to localise it to the acceptor (#1678)

Browse source
This commit is contained in:
Firstyear 2023-05-31 16:06:26 +10:00 committed by GitHub
parent e3d5f3c8ae
commit 466acb4729
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
unix_integration/src/daemon.rs
View file

@ -657,17 +657,8 @@ async fn main() -> ExitCode {
let cachelayer = Arc::new(cl_inner); let cachelayer = Arc::new(cl_inner);
// Set the umask while we open the path for most clients. // Setup the root-only socket. Take away all other access bits.
let before = unsafe { umask(0) }; let before = unsafe { umask(0o0077) };
let listener = match UnixListener::bind(cfg.sock_path.as_str()) {
Ok(l) => l,
Err(_e) => {
error!("Failed to bind UNIX socket at {}", cfg.sock_path.as_str());
return ExitCode::FAILURE
}
};
// Setup the root-only socket. Take away all others.
let _ = unsafe { umask(0o0077) };
let task_listener = match UnixListener::bind(cfg.task_sock_path.as_str()) { let task_listener = match UnixListener::bind(cfg.task_sock_path.as_str()) {
Ok(l) => l, Ok(l) => l,
Err(_e) => { Err(_e) => {
@ -675,10 +666,10 @@ async fn main() -> ExitCode {
return ExitCode::FAILURE return ExitCode::FAILURE
} }
}; };
// Undo umask changes.
// Undo it.
let _ = unsafe { umask(before) }; let _ = unsafe { umask(before) };
// Setup the tasks socket first.
let (task_channel_tx, mut task_channel_rx) = channel(16); let (task_channel_tx, mut task_channel_rx) = channel(16);
let task_channel_tx = Arc::new(task_channel_tx); let task_channel_tx = Arc::new(task_channel_tx);
@ -732,6 +723,19 @@ async fn main() -> ExitCode {
}); });
// TODO: Setup a task that handles pre-fetching here. // TODO: Setup a task that handles pre-fetching here.
// Set the umask while we open the path for most clients.
let before = unsafe { umask(0) };
let listener = match UnixListener::bind(cfg.sock_path.as_str()) {
Ok(l) => l,
Err(_e) => {
error!("Failed to bind UNIX socket at {}", cfg.sock_path.as_str());
return ExitCode::FAILURE
}
};
// Undo umask changes.
let _ = unsafe { umask(before) };
let task_a = tokio::spawn(async move { let task_a = tokio::spawn(async move {
loop { loop {
let tc_tx = task_channel_tx_cln.clone(); let tc_tx = task_channel_tx_cln.clone();