Skip to content

Commit 562f8ac

Browse files
berrangeberrange
committed
qgs: add -m=MODE parameter for UNIX socket mode
The UNIX socket mode default is controlled by the process umask, but it can be desirable to override this to open up the socket mode, while keeping the umask restrictive. For example, to allow QEMU to connect to the socket, it needs to be world accessible, while the default umask of 0700 set by systemd will normally limit its access to only the qgs user. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
1 parent 2562057 commit 562f8ac

File tree

1 file changed

+32
-3
lines changed

1 file changed

+32
-3
lines changed

QuoteGeneration/quote_wrapper/qgs/server_main.cpp

Lines changed: 32 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -73,9 +73,10 @@ int main(int argc, const char* argv[])
7373
bool no_daemon = false;
7474
unsigned long int port = 0;
7575
unsigned long int num_threads = 0;
76+
unsigned long int mode = 0;
7677
char *endptr = NULL;
7778
if (argc > 4) {
78-
cout << "Usage: " << argv[0] << "[--no-daemon] [-p=port_number] [-n=number_threads]"
79+
cout << "Usage: " << argv[0] << "[--no-daemon] [-p=port_number] [-m=unix_socket_mode] [-n=number_threads]"
7980
<< endl;
8081
exit(1);
8182
}
@@ -100,6 +101,19 @@ int main(int argc, const char* argv[])
100101
}
101102
cout << "port number [" << port << "] found in cmdline" << endl;
102103
continue;
104+
} else if (strncmp(argv[i], "-m=", 3 ) == 0) {
105+
if (strspn(argv[i] + 3, "0123456789") != strlen(argv[i] + 3)) {
106+
cout << "Please input valid socket mode" << endl;
107+
exit(1);
108+
}
109+
errno = 0;
110+
mode = strtoul(argv[i] + 3, &endptr, 8);
111+
if (errno || strlen(endptr) || (mode > UINT_MAX) ) {
112+
cout << "Please input valid socket mode" << endl;
113+
exit(1);
114+
}
115+
cout << "socket mode [" << mode << "] found in cmdline" << endl;
116+
continue;
103117
} else if (strncmp(argv[i], "-n=", 3) == 0) {
104118
if (strspn(argv[i] + 3, "0123456789") != strlen(argv[i] + 3)) {
105119
cout << "Please input valid thread number" << endl;
@@ -114,7 +128,7 @@ int main(int argc, const char* argv[])
114128
cout << "thread number [" << num_threads << "] found in cmdline" << endl;
115129
continue;
116130
} else {
117-
cout << "Usage: " << argv[0] << "[--no-daemon] [-p=port_number] [-n=number_threads]"
131+
cout << "Usage: " << argv[0] << "[--no-daemon] [-p=port_number] [-m=unix_socket_mode] [-n=number_threads]"
118132
<< endl;
119133
exit(1);
120134
}
@@ -123,7 +137,7 @@ int main(int argc, const char* argv[])
123137

124138
// Use the port number in QGS_CONFIG_FILE if no valid port number on
125139
// command line
126-
if (port == 0 || num_threads == 0) {
140+
if (port == 0 || num_threads == 0 || mode == 0) {
127141
ifstream config_file(QGS_CONFIG_FILE);
128142
if (config_file.is_open()) {
129143
string line;
@@ -155,6 +169,15 @@ int main(int argc, const char* argv[])
155169
<< QGS_CONFIG_FILE << endl;
156170
exit(1);
157171
}
172+
} else if (!mode && name.compare("socket_mode") == 0) {
173+
errno = 0;
174+
endptr = NULL;
175+
mode = strtoul(value, &endptr, 8);
176+
if (errno || strlen(endptr) || (mode > UINT_MAX)) {
177+
cout << "Please input valid socket mode in "
178+
<< QGS_CONFIG_FILE << endl;
179+
exit(1);
180+
}
158181
} else if (!num_threads && name.compare("number_threads") == 0) {
159182
errno = 0;
160183
endptr = NULL;
@@ -203,6 +226,12 @@ int main(int argc, const char* argv[])
203226
} else {
204227
asio::local::stream_protocol::endpoint unix_ep(QGS_UNIX_SOCKET_FILE);
205228
ep = unix_ep;
229+
/* Allow mode to be determined by umask by default,
230+
* overriding only if an explicit mode is requested
231+
*/
232+
if (mode != 0) {
233+
chmod(QGS_UNIX_SOCKET_FILE, mode);
234+
}
206235
}
207236
QGS_LOG_INFO("About to create QgsServer with num_thread = %d\n", (uint8_t)num_threads);
208237
server = new QgsServer(io_service, ep, (uint8_t)num_threads);

0 commit comments

Comments
 (0)