octoleo/syncthing
1
0
Fork 0
mirror of https://github.com/octoleo/syncthing.git synced 2024-11-08 22:31:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

lib/config, gui: Set unix socket permissions for GUI listen address (fixes #5979) (#6310)

Browse Source
This commit is contained in:
Tyler Kropp 2020-02-18 02:52:12 -05:00 committed by GitHub
parent 3e0241ea31
commit 4026625c2d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
gui/default/syncthing/core/syncthingController.js
View File

@ -2491,4 +2491,11 @@ angular.module('syncthing.core')
$scope.config.options.crashReportingEnabled = enabled; $scope.config.options.crashReportingEnabled = enabled;
$scope.saveConfig(); $scope.saveConfig();
}; };
$scope.isUnixAddress = function (address) {
return address != null &&
(address.startsWith('/') ||
address.startsWith('unix://') ||
address.startsWith('unixs://'));
}
}); });

7
gui/default/syncthing/settings/settingsModalView.html
View File

@ -172,6 +172,13 @@
</div> </div>
</div> </div>
<div class="col-md-6"> <div class="col-md-6">
<div ng-if="isUnixAddress(tmpGUI.address)" class="form-group" ng-class="{'has-error': settingsEditor.UnixSocketPermissions.$invalid && settingsEditor.UnixSocketPermissions.$dirty}">
<label translate>UNIX Permissions</label>
<input id="UnixSocketPermissions" name="UnixSocketPermissions" class="form-control" type="text" ng-model="tmpGUI.unixSocketPermissions" ng-pattern="/^0?[0-7]{0,3}$/" />
<p class="help-block" ng-show="settingsEditor.UnixSocketPermissions.$invalid" translate>
Enter up to three octal digits.
</p>
</div>
</div> </div>
</div> </div>
</div> </div>

9
lib/api/api.go
View File

@ -187,6 +187,15 @@ func (s *service) getListener(guiCfg config.GUIConfiguration) (net.Listener, err
return nil, err return nil, err
} }
if guiCfg.Network() == "unix" && guiCfg.UnixSocketPermissions() != 0 {
// We should error if this fails under the assumption that these permissions are
// required for operation.
err = os.Chmod(guiCfg.Address(), guiCfg.UnixSocketPermissions())
if err != nil {
return nil, err
}
}
listener := &tlsutil.DowngradingListener{ listener := &tlsutil.DowngradingListener{
Listener: rawListener, Listener: rawListener,
TLSConfig: tlsCfg, TLSConfig: tlsCfg,

11
lib/config/guiconfiguration.go
View File

@ -9,12 +9,14 @@ package config
import ( import (
"net/url" "net/url"
"os" "os"
"strconv"
"strings" "strings"
) )
type GUIConfiguration struct { type GUIConfiguration struct {
Enabled bool `xml:"enabled,attr" json:"enabled" default:"true"` Enabled bool `xml:"enabled,attr" json:"enabled" default:"true"`
RawAddress string `xml:"address" json:"address" default:"127.0.0.1:8384"` RawAddress string `xml:"address" json:"address" default:"127.0.0.1:8384"`
RawUnixSocketPermissions string `xml:"unixSocketPermissions,omitempty" json:"unixSocketPermissions"`
User string `xml:"user,omitempty" json:"user"` User string `xml:"user,omitempty" json:"user"`
Password string `xml:"password,omitempty" json:"password"` Password string `xml:"password,omitempty" json:"password"`
AuthMode AuthMode `xml:"authMode,omitempty" json:"authMode"` AuthMode AuthMode `xml:"authMode,omitempty" json:"authMode"`
@ -59,6 +61,15 @@ func (c GUIConfiguration) Address() string {
return c.RawAddress return c.RawAddress
} }
func (c GUIConfiguration) UnixSocketPermissions() os.FileMode {
perm, err := strconv.ParseUint(c.RawUnixSocketPermissions, 8, 32)
if err != nil {
// ignore incorrectly formatted permissions
return 0
}
return os.FileMode(perm) & os.ModePerm
}
func (c GUIConfiguration) Network() string { func (c GUIConfiguration) Network() string {
if override := os.Getenv("STGUIADDRESS"); strings.Contains(override, "/") { if override := os.Getenv("STGUIADDRESS"); strings.Contains(override, "/") {
url, err := url.Parse(override) url, err := url.Parse(override)