ipc: Get socket dir via secure_getenv()

Using /var/run means needing privilege to run.
This commit is contained in:
Nicolas Williams
2019-10-22 22:53:18 -05:00
parent b54107ee2b
commit ec858b3a46
2 changed files with 17 additions and 7 deletions

View File

@@ -339,7 +339,8 @@ connect_unix(struct path_ctx *s)
} }
static int static int
common_path_init(const char *service, common_path_init(const char *base,
const char *service,
const char *file, const char *file,
void **ctx) void **ctx)
{ {
@@ -350,7 +351,7 @@ common_path_init(const char *service,
return ENOMEM; return ENOMEM;
s->fd = -1; s->fd = -1;
if (asprintf(&s->path, "/var/run/.heim_%s-%s", service, file) == -1) { if (asprintf(&s->path, "%s/.heim_%s-%s", base, service, file) == -1) {
free(s); free(s);
return ENOMEM; return ENOMEM;
} }
@@ -363,9 +364,10 @@ static int
unix_socket_init(const char *service, unix_socket_init(const char *service,
void **ctx) void **ctx)
{ {
const char *base = secure_getenv("HEIM_IPC_DIR");
int ret; int ret;
ret = common_path_init(service, "socket", ctx); ret = common_path_init(base ? base : _PATH_VARRUN, service, "socket", ctx);
if (ret) if (ret)
return ret; return ret;
ret = connect_unix(*ctx); ret = connect_unix(*ctx);
@@ -438,10 +440,11 @@ static int
door_init(const char *service, door_init(const char *service,
void **ctx) void **ctx)
{ {
const char *base = secure_getenv("HEIM_IPC_DIR");
int ret; int ret;
struct path_ctx *d; struct path_ctx *d;
ret = common_path_init(service, "door", ctx); ret = common_path_init(base ? base : _PATH_VARRUN, service, "door", ctx);
if (ret) if (ret)
return ret; return ret;

View File

@@ -1094,12 +1094,15 @@ heim_sipc_service_unix(const char *service,
void *user, heim_sipc *ctx) void *user, heim_sipc *ctx)
{ {
struct sockaddr_un un; struct sockaddr_un un;
const char *d = secure_getenv("HEIM_IPC_DIR");
int fd, ret; int fd, ret;
un.sun_family = AF_UNIX; un.sun_family = AF_UNIX;
snprintf(un.sun_path, sizeof(un.sun_path), if (snprintf(un.sun_path, sizeof(un.sun_path),
"/var/run/.heim_%s-socket", service); "%s/.heim_%s-socket", d ? d : _PATH_VARRUN,
service) > sizeof(un.sun_path) + sizeof("-s") - 1)
return ENAMETOOLONG;
fd = socket(AF_UNIX, SOCK_STREAM, 0); fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd < 0) if (fd < 0)
return errno; return errno;
@@ -1276,7 +1279,11 @@ heim_sipc_service_door(const char *service,
ct->userctx = user; ct->userctx = user;
ct->callback = callback; ct->callback = callback;
snprintf(path, sizeof(path), "/var/run/.heim_%s-door", service); if (snprintf(path, sizeof(path), "/var/run/.heim_%s-door",
service) >= sizeof(path) + sizeof("-d") - 1) {
ret = ENAMETOOLONG;
goto cleanup;
}
fd = door_create(door_callback, ct, DOOR_REFUSE_DESC | DOOR_NO_CANCEL); fd = door_create(door_callback, ct, DOOR_REFUSE_DESC | DOOR_NO_CANCEL);
if (fd < 0) { if (fd < 0) {
ret = errno; ret = errno;