]>
git.ipfire.org Git - thirdparty/strongswan.git/blob - src/libstrongswan/networking/streams/stream_service_unix.c
a9b71d6fd1f29669bea7487300d5275dcd79e6fe
2 * Copyright (C) 2013 Martin Willi
3 * Copyright (C) 2013 revosec AG
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 #include <networking/streams/stream_unix.h>
21 #include <sys/socket.h>
28 stream_service_t
*stream_service_create_unix(char *uri
, int backlog
)
30 struct sockaddr_un addr
;
34 len
= stream_parse_uri_unix(uri
, &addr
);
37 DBG1(DBG_NET
, "invalid stream URI: '%s'", uri
);
40 if (!lib
->caps
->check(lib
->caps
, CAP_CHOWN
))
41 { /* required to chown(2) service socket */
42 DBG1(DBG_NET
, "cannot change ownership of socket '%s' without "
43 "CAP_CHOWN capability. socket directory should be accessible to "
44 "UID/GID under which the daemon will run", uri
);
46 fd
= socket(AF_UNIX
, SOCK_STREAM
, 0);
49 DBG1(DBG_NET
, "opening socket '%s' failed: %s", uri
, strerror(errno
));
52 unlink(addr
.sun_path
);
55 if (bind(fd
, (struct sockaddr
*)&addr
, len
) < 0)
57 DBG1(DBG_NET
, "binding socket '%s' failed: %s", uri
, strerror(errno
));
62 /* only attempt to chown() socket if we have CAP_CHOWN */
63 if (lib
->caps
->check(lib
->caps
, CAP_CHOWN
) &&
64 chown(addr
.sun_path
, lib
->caps
->get_uid(lib
->caps
),
65 lib
->caps
->get_gid(lib
->caps
)) != 0)
67 DBG1(DBG_NET
, "changing socket permissions for '%s' failed: %s",
68 uri
, strerror(errno
));
70 if (listen(fd
, backlog
) < 0)
72 DBG1(DBG_NET
, "listen on socket '%s' failed: %s", uri
, strerror(errno
));
73 unlink(addr
.sun_path
);
77 return stream_service_create_from_fd(fd
);