]>
Commit | Line | Data |
---|---|---|
fe043501 CR |
1 | // Copyright 2012 Google Inc. All Rights Reserved. |
2 | // | |
3 | // Licensed under the Apache License, Version 2.0 (the "License"); | |
4 | // you may not use this file except in compliance with the License. | |
5 | // You may obtain a copy of the License at | |
6 | // | |
7 | // http://www.apache.org/licenses/LICENSE-2.0 | |
8 | // | |
9 | // Unless required by applicable law or agreed to in writing, software | |
10 | // distributed under the License is distributed on an "AS IS" BASIS, | |
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
12 | // See the License for the specific language governing permissions and | |
13 | // limitations under the License. | |
14 | ||
15 | package main | |
16 | ||
17 | import ( | |
18 | "fmt" | |
19 | "log" | |
20 | "net" | |
21 | "os" | |
22 | "path/filepath" | |
23 | "syscall" | |
24 | ) | |
25 | ||
26 | // A Socket is a wrapper around a Unix socket that verifies directory | |
27 | // permissions. | |
28 | type Socket struct { | |
29 | Dir string | |
30 | } | |
31 | ||
32 | func defaultDir() string { | |
33 | sockPath := ".git-credential-cache" | |
34 | if home := os.Getenv("HOME"); home != "" { | |
35 | return filepath.Join(home, sockPath) | |
36 | } | |
37 | log.Printf("socket: cannot find HOME path. using relative directory %q for socket", sockPath) | |
38 | return sockPath | |
39 | } | |
40 | ||
41 | // DefaultSocket is a Socket in the $HOME/.git-credential-cache directory. | |
42 | var DefaultSocket = Socket{Dir: defaultDir()} | |
43 | ||
44 | // Listen announces the local network address of the unix socket. The | |
45 | // permissions on the socket directory are verified before attempting | |
46 | // the actual listen. | |
47 | func (s Socket) Listen() (net.Listener, error) { | |
48 | network, addr := "unix", s.Path() | |
49 | if err := s.mkdir(); err != nil { | |
50 | return nil, &net.OpError{Op: "listen", Net: network, Addr: &net.UnixAddr{Name: addr, Net: network}, Err: err} | |
51 | } | |
52 | return net.Listen(network, addr) | |
53 | } | |
54 | ||
55 | // Dial connects to the unix socket. The permissions on the socket directory | |
56 | // are verified before attempting the actual dial. | |
57 | func (s Socket) Dial() (net.Conn, error) { | |
58 | network, addr := "unix", s.Path() | |
59 | if err := s.checkPermissions(); err != nil { | |
60 | return nil, &net.OpError{Op: "dial", Net: network, Addr: &net.UnixAddr{Name: addr, Net: network}, Err: err} | |
61 | } | |
62 | return net.Dial(network, addr) | |
63 | } | |
64 | ||
65 | // Path returns the fully specified file name of the unix socket. | |
66 | func (s Socket) Path() string { | |
67 | return filepath.Join(s.Dir, "persistent-https-proxy-socket") | |
68 | } | |
69 | ||
70 | func (s Socket) mkdir() error { | |
71 | if err := s.checkPermissions(); err == nil { | |
72 | return nil | |
73 | } else if !os.IsNotExist(err) { | |
74 | return err | |
75 | } | |
76 | if err := os.MkdirAll(s.Dir, 0700); err != nil { | |
77 | return err | |
78 | } | |
79 | return s.checkPermissions() | |
80 | } | |
81 | ||
82 | func (s Socket) checkPermissions() error { | |
83 | fi, err := os.Stat(s.Dir) | |
84 | if err != nil { | |
85 | return err | |
86 | } | |
87 | if !fi.IsDir() { | |
88 | return fmt.Errorf("socket: got file, want directory for %q", s.Dir) | |
89 | } | |
90 | if fi.Mode().Perm() != 0700 { | |
91 | return fmt.Errorf("socket: got perm %o, want 700 for %q", fi.Mode().Perm(), s.Dir) | |
92 | } | |
93 | if st := fi.Sys().(*syscall.Stat_t); int(st.Uid) != os.Getuid() { | |
94 | return fmt.Errorf("socket: got uid %d, want %d for %q", st.Uid, os.Getuid(), s.Dir) | |
95 | } | |
96 | return nil | |
97 | } |