Displaying 3 results from an estimated 3 matches for "controlsocketname".
2007 Oct 18
0
[PATCH] Use a control socket directory to restrict access
...G_ERR,
_("Cannot send greeting for new control connection: %s"),
@@ -213,52 +214,88 @@ static int control_compare(const struct event *a, const struct event *b) {
bool init_control() {
int result;
struct sockaddr_un addr;
+ char *lastslash;
+ const char *controlsocketbasename = controlsocketname;
- if(strlen(controlsocketname) >= sizeof addr.sun_path) {
+ control_socket = socket(PF_UNIX, SOCK_STREAM, 0);
+
+ if(control_socket < 0) {
+ logger(LOG_ERR, _("Creating UNIX socket failed: %s"), strerror(errno));
+ goto bail;
+ }
+
+ /*
+ * This is rather elaborate for securit...
2007 Oct 18
0
[PATCH] Use credentials and permissions on control socket where available
...ng) == -1) {
logger(LOG_ERR,
_("Cannot send greeting for new control connection: %s"),
@@ -213,6 +214,7 @@ static int control_compare(const struct event *a, const struct event *b) {
bool init_control() {
int result;
struct sockaddr_un addr;
+ mode_t old_umask;
if(strlen(controlsocketname) >= sizeof addr.sun_path) {
logger(LOG_ERR, _("Control socket filename too long!"));
@@ -230,7 +232,11 @@ bool init_control() {
return false;
}
- //unlink(controlsocketname);
+ /*
+ * Restrict access to the control socket.
+ * I believe this works everywhere but Solaris.
+...
2007 Jul 21
2
tincctl patches
(Second try to send this. I wonder if the first one gotten eaten by a
spam filter; I'll link to patches instead of attaching them.)
Here are the tincctl patches I've been working on. They apply to
http://www.tinc-vpn.org/svn/tinc/branches/1.1@1545. I intend to commit
them once the crypto stuff's fixed. Since they're basically done, I'm
emailing them now for review and in case