diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-09-30 06:11:38 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-09-30 06:11:38 +0000 |
commit | bb564a5950a14139f59305e549ca8665b8f31cb8 (patch) | |
tree | 62054c12921f4e364b607b1cf3fded0df5605632 /socket.c | |
parent | Version 2.1_rc12 (diff) | |
download | openvpn-bb564a5950a14139f59305e549ca8665b8f31cb8.tar.xz |
Management interface can now listen on a unix
domain socket, for example:
management /tmp/openvpn unix
Also added management-client-user and management-client-group
directives to control which processes are allowed to connect
to the socket.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3396 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r-- | socket.c | 122 |
1 files changed, 122 insertions, 0 deletions
@@ -2627,3 +2627,125 @@ socket_set (struct link_socket *s, } return rwflags; } + +void +sd_close (socket_descriptor_t *sd) +{ + if (sd && socket_defined (*sd)) + { + openvpn_close_socket (*sd); + *sd = SOCKET_UNDEFINED; + } +} + +#if UNIX_SOCK_SUPPORT + +/* + * code for unix domain sockets + */ + +const char * +sockaddr_unix_name (const struct sockaddr_un *local, const char *null) +{ + if (local && local->sun_family == PF_UNIX) + return local->sun_path; + else + return null; +} + +socket_descriptor_t +create_socket_unix (void) +{ + socket_descriptor_t sd; + + if ((sd = socket (PF_UNIX, SOCK_STREAM, 0)) < 0) + msg (M_SOCKERR, "Cannot create unix domain socket"); + return sd; +} + +void +socket_bind_unix (socket_descriptor_t sd, + struct sockaddr_un *local, + const char *prefix) +{ + struct gc_arena gc = gc_new (); + +#ifdef HAVE_UMASK + const mode_t orig_umask = umask (0); +#endif + + if (bind (sd, (struct sockaddr *) local, sizeof (struct sockaddr_un))) + { + const int errnum = openvpn_errno_socket (); + msg (M_FATAL, "%s: Socket bind[%d] failed on unix domain socket %s: %s", + prefix, + (int)sd, + sockaddr_unix_name (local, "NULL"), + strerror_ts (errnum, &gc)); + } + +#ifdef HAVE_UMASK + umask (orig_umask); +#endif + + gc_free (&gc); +} + +socket_descriptor_t +socket_accept_unix (socket_descriptor_t sd, + struct sockaddr_un *remote) +{ + socklen_t remote_len = sizeof (struct sockaddr_un); + socket_descriptor_t ret; + + CLEAR (*remote); + ret = accept (sd, (struct sockaddr *) remote, &remote_len); + return ret; +} + +void +sockaddr_unix_init (struct sockaddr_un *local, const char *path) +{ + local->sun_family = PF_UNIX; + strncpynt (local->sun_path, path, sizeof (local->sun_path)); +} + +void +socket_delete_unix (const struct sockaddr_un *local) +{ + const char *name = sockaddr_unix_name (local, NULL); +#ifdef HAVE_UNLINK + if (name && strlen (name)) + unlink (name); +#endif +} + +bool +unix_socket_get_peer_uid_gid (const socket_descriptor_t sd, int *uid, int *gid) +{ +#ifdef HAVE_GETPEEREID + uid_t u; + gid_t g; + if (getpeereid (sd, &u, &g) == -1) + return false; + if (uid) + *uid = u; + if (gid) + *gid = g; + return true; +#elif defined(SO_PEERCRED) + struct ucred peercred; + socklen_t so_len = sizeof(peercred); + if (getsockopt(sd, SOL_SOCKET, SO_PEERCRED, &peercred, &so_len) == -1) + return false; + if (uid) + *uid = peercred.uid; + if (gid) + *gid = peercred.gid; + return true; +#else + return false; +#endif +} + +#endif |