Fix up unix socket setup, add socket permission setting
This commit is contained in:
Jeremy Kescher
parent
8434521954
commit
2ba17c03a6
|
|
@ -6,6 +6,7 @@ import (
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"os"
|
"os"
|
||||||
"runtime"
|
"runtime"
|
||||||
|
"strconv"
|
||||||
|
|
||||||
"github.com/rs/zerolog"
|
"github.com/rs/zerolog"
|
||||||
"github.com/spf13/viper"
|
"github.com/spf13/viper"
|
||||||
|
|
@ -28,8 +29,11 @@ var (
|
||||||
// These are also the paths that HellPot will respond for. Other paths will throw a warning and will serve a 404.
|
// These are also the paths that HellPot will respond for. Other paths will throw a warning and will serve a 404.
|
||||||
Paths []string
|
Paths []string
|
||||||
|
|
||||||
UseUnixSocket bool
|
UseUnixSocket bool
|
||||||
UnixSocketPath = ""
|
// UnixSocketPath is defined via our toml configuration file. It is the path of the socket HellPot listens on
|
||||||
|
// if UseUnixSocket, also defined via our toml configuration file, is set to true.
|
||||||
|
UnixSocketPath = ""
|
||||||
|
UnixSocketPermissions uint32
|
||||||
)
|
)
|
||||||
|
|
||||||
// "performance"
|
// "performance"
|
||||||
|
|
@ -160,10 +164,11 @@ func setDefaults() {
|
||||||
"use_date_filename": true,
|
"use_date_filename": true,
|
||||||
}
|
}
|
||||||
Opt["http"] = map[string]interface{}{
|
Opt["http"] = map[string]interface{}{
|
||||||
"use_unix_socket": false,
|
"use_unix_socket": false,
|
||||||
"unix_socket_path": "/var/run/hellpot",
|
"unix_socket_path": "/var/run/hellpot",
|
||||||
"bind_addr": "127.0.0.1",
|
"unix_socket_permissions": "0666",
|
||||||
"bind_port": "8080",
|
"bind_addr": "127.0.0.1",
|
||||||
|
"bind_port": "8080",
|
||||||
"paths": []string{
|
"paths": []string{
|
||||||
"wp-login.php",
|
"wp-login.php",
|
||||||
"wp-login",
|
"wp-login",
|
||||||
|
|
@ -265,6 +270,10 @@ func associate() {
|
||||||
}
|
}
|
||||||
if UseUnixSocket {
|
if UseUnixSocket {
|
||||||
UnixSocketPath = snek.GetString("http.unix_socket_path")
|
UnixSocketPath = snek.GetString("http.unix_socket_path")
|
||||||
|
parsedPermissions, err := strconv.ParseUint(snek.GetString("http.unix_socket_permissions"), 8, 32)
|
||||||
|
if err == nil {
|
||||||
|
UnixSocketPermissions = uint32(parsedPermissions)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if Debug {
|
if Debug {
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"bufio"
|
"bufio"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
|
"os"
|
||||||
"syscall"
|
"syscall"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
|
@ -65,10 +66,17 @@ func listenOnUnixSocket(addr string, r *router.Router) error {
|
||||||
unixAddr, err = net.ResolveUnixAddr("unix", addr)
|
unixAddr, err = net.ResolveUnixAddr("unix", addr)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
// Always unlink sockets before listening on them
|
// Always unlink sockets before listening on them
|
||||||
syscall.Unlink(addr)
|
_ = syscall.Unlink(addr)
|
||||||
|
// Before we set socket permissions, we want to make sure only the user HellPot is running under
|
||||||
|
// has permission to the socket.
|
||||||
|
oldmask := syscall.Umask(0077)
|
||||||
unixListener, err = net.ListenUnix("unix", unixAddr)
|
unixListener, err = net.ListenUnix("unix", unixAddr)
|
||||||
|
syscall.Umask(oldmask)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
err = fasthttp.Serve(unixListener, r.Handler)
|
err = os.Chmod(unixAddr.Name, os.FileMode(config.UnixSocketPermissions))
|
||||||
|
if err == nil {
|
||||||
|
err = fasthttp.Serve(unixListener, r.Handler)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return err
|
return err
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue