Skip to content

Commit

Permalink
Merge pull request #192 from hug-dev/socket-path
Browse files Browse the repository at this point in the history
Modify socket path
  • Loading branch information
hug-dev authored Jul 2, 2020
2 parents 73da496 + 5892795 commit 6ca8010
Show file tree
Hide file tree
Showing 8 changed files with 1,693 additions and 26 deletions.
1,666 changes: 1,666 additions & 0 deletions Cargo.lock

Large diffs are not rendered by default.

15 changes: 9 additions & 6 deletions e2e_tests/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ use parsec_client::core::interface::operations::psa_key_attributes::{
Attributes, Lifetime, Policy, Type, UsageFlags,
};
use parsec_client::core::interface::requests::{Opcode, ProviderID, ResponseStatus, Result};
use parsec_client::core::secrecy::{ExposeSecret, Secret};
use parsec_client::error::Error;
use std::collections::HashSet;
use std::time::Duration;
Expand Down Expand Up @@ -48,7 +49,9 @@ impl TestClient {
/// a call to `list_providers`, followed by choosing the first non-Core provider.
pub fn new() -> TestClient {
let mut client = TestClient {
basic_client: BasicClient::new(AuthenticationData::AppIdentity(String::from("root"))),
basic_client: BasicClient::new(AuthenticationData::AppIdentity(Secret::new(
String::from("root"),
))),
created_keys: Some(HashSet::new()),
};

Expand Down Expand Up @@ -88,13 +91,13 @@ impl TestClient {
/// Set the client authentication string.
pub fn set_auth(&mut self, auth: String) {
self.basic_client
.set_auth_data(AuthenticationData::AppIdentity(auth));
.set_auth_data(AuthenticationData::AppIdentity(Secret::new(auth)));
}

/// Get client authentication string.
pub fn auth(&self) -> String {
if let AuthenticationData::AppIdentity(app_name) = self.basic_client.auth_data() {
app_name
app_name.expose_secret().to_string()
} else {
panic!("Client should always be using AppIdentity-based authentication");
}
Expand Down Expand Up @@ -162,7 +165,7 @@ impl TestClient {
data: Vec<u8>,
) -> Result<()> {
self.basic_client
.psa_import_key(key_name.clone(), data, attributes)
.psa_import_key(key_name.clone(), &data, attributes)
.map_err(convert_error)?;

let provider = self.provider().unwrap();
Expand Down Expand Up @@ -239,7 +242,7 @@ impl TestClient {
hash: Vec<u8>,
) -> Result<Vec<u8>> {
self.basic_client
.psa_sign_hash(key_name, hash, alg)
.psa_sign_hash(key_name, &hash, alg)
.map_err(convert_error)
}

Expand All @@ -263,7 +266,7 @@ impl TestClient {
signature: Vec<u8>,
) -> Result<()> {
self.basic_client
.psa_verify_hash(key_name, hash, alg, signature)
.psa_verify_hash(key_name, &hash, alg, &signature)
.map_err(convert_error)
}

Expand Down
2 changes: 1 addition & 1 deletion e2e_tests/src/raw_request.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ const MAX_BODY_SIZE: usize = 1 << 31;
#[derive(Copy, Clone, Debug)]
pub struct RawRequestClient;

static SOCKET_PATH: &str = "/tmp/security-daemon-socket";
static SOCKET_PATH: &str = "/tmp/parsec/parsec.sock";
const TIMEOUT: Duration = Duration::from_secs(5);

#[allow(clippy::new_without_default)]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -104,9 +104,7 @@ fn generate_public_rsa_check_modulus() -> Result<()> {
fn failed_created_key_should_be_removed() -> Result<()> {
let mut client = TestClient::new();
let key_name = String::from("failed_created_key_should_be_removed");
const GARBAGE_IMPORT_DATA: [u8; 1] = [
48,
];
const GARBAGE_IMPORT_DATA: [u8; 1] = [48];

// The data being imported is garbage, should fail
let _ = client
Expand Down
2 changes: 1 addition & 1 deletion e2e_tests/tests/per_provider/normal_tests/ping.rs
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ fn mangled_ping() {
let mut req = Request::new();
req.header.provider = ProviderID::Core;
req.header.opcode = Opcode::Ping;
req.auth = RequestAuth::from_bytes(Vec::from("root"));
req.auth = RequestAuth::new(Vec::from("root"));

req.body = RequestBody::_from_bytes(vec![0x11, 0x22, 0x33, 0x44, 0x55]);

Expand Down
10 changes: 9 additions & 1 deletion src/front/domain_socket.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,15 @@ use listener::Listen;
use listener::ReadWrite;
use log::error;
use std::fs;
use std::fs::Permissions;
use std::io::{Error, ErrorKind, Result};
use std::os::unix::fs::PermissionsExt;
use std::os::unix::io::FromRawFd;
use std::os::unix::net::UnixListener;
use std::path::Path;
use std::time::Duration;

static SOCKET_PATH: &str = "/tmp/security-daemon-socket";
static SOCKET_PATH: &str = "/tmp/parsec/parsec.sock";

/// Unix Domain Socket IPC manager
///
Expand Down Expand Up @@ -52,6 +54,11 @@ impl DomainSocketListener {
let listener = UnixListener::bind(SOCKET_PATH)?;
listener.set_nonblocking(true)?;

// Set the socket's permission to 666 to allow clients of different user to
// connect.
let permissions = Permissions::from_mode(0o666);
fs::set_permissions(SOCKET_PATH, permissions)?;

listener
}
1 => {
Expand All @@ -61,6 +68,7 @@ impl DomainSocketListener {
// Safe as listen_fds gives us the information that one file descriptor was
// received and its value starts from SD_LISTEN_FDS_START.
unsafe { UnixListener::from_raw_fd(nfd) }
// Expect the socket created by systemd to be 666 on permissions.
}
n => {
error!(
Expand Down
11 changes: 6 additions & 5 deletions systemd-daemon/parsec.service
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
[Unit]
Description=PARSEC Service
Documentation=https://github.com/parallaxsecond/parsec
Description=Parsec Service
Documentation=https://parallaxsecond.github.io/parsec-book/parsec_service/install_parsec_linux.html

[Service]
Type=notify
NonBlocking=true
Environment=RUST_LOG=info
WorkingDirectory=/home/parsec/
ExecStart=/home/parsec/.cargo/bin/parsec

[Install]
WantedBy=default.target
9 changes: 0 additions & 9 deletions systemd-daemon/parsec.socket

This file was deleted.

0 comments on commit 6ca8010

Please sign in to comment.