server config UPDATE cmake configurable unixsock basepath

Roytak · Roytak · commit 6017f59d7668 · 2025-11-27T16:41:47.000+09:00
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -100,6 +100,7 @@ set(MAX_PSPOLL_THREAD_COUNT 6 CACHE STRING "Maximum number of threads that could
 set(TIMEOUT_STEP 100 CACHE STRING "Number of microseconds tasks are repeated until timeout elapses")
 set(YANG_MODULE_DIR "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATADIR}/yang/modules/libnetconf2" CACHE STRING "Directory where to copy the YANG modules to")
 set(CLIENT_SEARCH_DIR "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATADIR}/yang/modules" CACHE STRING "Default NC client YANG module search directory")
+set(UNIX_SOCKET_DIR "/tmp" CACHE PATH "Base directory for UNIX sockets")
 
 #
 # sources
diff --git a/src/config.h.in b/src/config.h.in
@@ -80,6 +80,11 @@
  */
 #define NC_TIMEOUT_STEP @TIMEOUT_STEP@
 
+/*
+ * The default base directory for UNIX sockets.
+ */
+#define NC_UNIX_SOCKET_DIR "@UNIX_SOCKET_DIR@"
+
 /* Portability feature-check macros. */
 #cmakedefine HAVE_PTHREAD_RWLOCKATTR_SETKIND_NP
 
diff --git a/src/proxy_unix.c b/src/proxy_unix.c
@@ -36,9 +36,15 @@ nc_proxy_unix_connect(const char *address, const char *username)
     struct sockaddr_un sun;
     struct passwd *pw, pw_buf;
     int sock = -1;
-    char *buf = NULL;
+    char *buf = NULL, *sock_path = NULL;
     size_t buf_size = 0;
 
+    /* construct the path to the UNIX socket */
+    if (asprintf(&sock_path, "%s/%s", NC_UNIX_SOCKET_DIR, address) == -1) {
+        ERRMEM;
+        goto error;
+    }
+
     /* connect to the UNIX socket */
     sock = socket(AF_UNIX, SOCK_STREAM, 0);
     if (sock < 0) {
@@ -48,10 +54,10 @@ nc_proxy_unix_connect(const char *address, const char *username)
 
     memset(&sun, 0, sizeof(sun));
     sun.sun_family = AF_UNIX;
-    snprintf(sun.sun_path, sizeof(sun.sun_path), "%s", address);
+    snprintf(sun.sun_path, sizeof(sun.sun_path), "%s", sock_path);
 
     if (connect(sock, (struct sockaddr *)&sun, sizeof(sun)) < 0) {
-        ERR(NULL, "Cannot connect to sock server %s (%s)", address, strerror(errno));
+        ERR(NULL, "Cannot connect to sock server %s (%s)", sock_path, strerror(errno));
         goto error;
     }
 
@@ -76,13 +82,15 @@ nc_proxy_unix_connect(const char *address, const char *username)
     }
 
     free(buf);
+    free(sock_path);
     return sock;
 
 error:
     if (sock > -1) {
         close(sock);
     }
     free(buf);
+    free(sock_path);
     return -1;
 }
 
diff --git a/src/server_config.c b/src/server_config.c
@@ -360,7 +360,7 @@ nc_server_config_free(struct nc_server_config *config)
     struct nc_ch_client *ch_client;
     struct nc_ch_endpt *ch_endpt;
     LY_ARRAY_COUNT_TYPE i, j;
-    const char *socket_path = NULL;
+    char *socket_path = NULL;
 
     if (!config) {
         return;
@@ -397,6 +397,11 @@ nc_server_config_free(struct nc_server_config *config)
         }
         LY_ARRAY_FREE(endpt->binds);
 
+        if (endpt->ti == NC_TI_UNIX) {
+            free(socket_path);
+            socket_path = NULL;
+        }
+
         /* free transport specific options */
         switch (endpt->ti) {
 #ifdef NC_ENABLED_SSH_TLS
@@ -5035,7 +5040,8 @@ static int
 nc_server_config_bindings_match(const struct nc_endpt *e1, const struct nc_bind *b1,
         const struct nc_endpt *e2, const struct nc_bind *b2)
 {
-    const char *addr1, *addr2;
+    int rc = 1;
+    char *addr1 = NULL, *addr2 = NULL;
 
     if (e1->ti != e2->ti) {
         /* different transport protocols */
@@ -5052,15 +5058,22 @@ nc_server_config_bindings_match(const struct nc_endpt *e1, const struct nc_bind
     }
     if (!addr1 || !addr2) {
         /* unable to get the address */
-        return 0;
+        rc = 0;
+        goto cleanup;
     }
 
     if (strcmp(addr1, addr2) || (b1->port != b2->port)) {
         /* different addresses or ports */
-        return 0;
+        rc = 0;
+        goto cleanup;
     }
 
-    return 1;
+cleanup:
+    if (e1->ti == NC_TI_UNIX) {
+        free(addr1);
+        free(addr2);
+    }
+    return rc;
 }
 
 /**
diff --git a/src/session_client.c b/src/session_client.c
@@ -1448,13 +1448,19 @@ nc_connect_unix(const char *address, struct ly_ctx *ctx)
     struct nc_session *session = NULL;
     struct sockaddr_un sun;
     struct passwd *pw, pw_buf;
-    char *username;
+    char *username, *sock_path = NULL;
     int sock = -1;
     char *buf = NULL;
     size_t buf_size = 0;
 
     NC_CHECK_ARG_RET(NULL, address, NULL);
 
+    /* construct the path to the UNIX socket */
+    if (asprintf(&sock_path, "%s/%s", NC_UNIX_SOCKET_DIR, address) == -1) {
+        ERRMEM;
+        goto fail;
+    }
+
     sock = socket(AF_UNIX, SOCK_STREAM, 0);
     if (sock < 0) {
         ERR(NULL, "Failed to create socket (%s).", strerror(errno));
@@ -1463,10 +1469,10 @@ nc_connect_unix(const char *address, struct ly_ctx *ctx)
 
     memset(&sun, 0, sizeof(sun));
     sun.sun_family = AF_UNIX;
-    snprintf(sun.sun_path, sizeof(sun.sun_path), "%s", address);
+    snprintf(sun.sun_path, sizeof(sun.sun_path), "%s", sock_path);
 
     if (connect(sock, (struct sockaddr *)&sun, sizeof(sun)) < 0) {
-        ERR(NULL, "Cannot connect to sock server %s (%s)", address, strerror(errno));
+        ERR(NULL, "Cannot connect to sock server %s (%s)", sock_path, strerror(errno));
         goto fail;
     }
 
@@ -1485,8 +1491,9 @@ nc_connect_unix(const char *address, struct ly_ctx *ctx)
     session->ti.unixsock.sock = sock;
     sock = -1;
 
-    /* socket path */
-    session->path = strdup(address);
+    /* transfer socket path ownership to session */
+    session->path = sock_path;
+    sock_path = NULL;
 
     /* NETCONF username */
     if (unix_opts.username) {
@@ -1536,6 +1543,7 @@ nc_connect_unix(const char *address, struct ly_ctx *ctx)
     if (sock >= 0) {
         close(sock);
     }
+    free(sock_path);
     return NULL;
 }
 
diff --git a/src/session_p.h b/src/session_p.h
@@ -977,10 +977,13 @@ void *nc_realloc(void *ptr, size_t size);
 /**
  * @brief Get the UNIX socket path for the given endpoint.
  *
+ * Finds the socket filename based on the @p endpt and then appends it
+ * to ::NC_UNIX_SOCKET_PATH_DIR.
+ *
  * @param[in] endpt Endpoint to get the socket path for.
  * @return Socket path, NULL on error.
  */
-const char *nc_server_unix_get_socket_path(const struct nc_endpt *endpt);
+char *nc_server_unix_get_socket_path(const struct nc_endpt *endpt);
 
 /**
  * @brief Bind and listen on a socket for the given endpoint and its bind.
diff --git a/src/session_server.c b/src/session_server.c
@@ -358,31 +358,38 @@ nc_sock_listen_inet(const char *address, uint16_t port)
     return -1;
 }
 
-const char *
+char *
 nc_server_unix_get_socket_path(const struct nc_endpt *endpt)
 {
     LY_ARRAY_COUNT_TYPE i;
-    const char *path = NULL;
+    const char *filename = NULL;
+    char *path = NULL;
 
     /* check the endpoints options for type of socket path */
     if (endpt->opts.unix->path_type == NC_UNIX_SOCKET_PATH_FILE) {
         /* UNIX socket endpoints always have only one bind, get its address */
-        path = endpt->binds[0].address;
+        filename = endpt->binds[0].address;
     } else if (endpt->opts.unix->path_type == NC_UNIX_SOCKET_PATH_HIDDEN) {
-        /* serach the mappings */
+        /* search the mappings */
         LY_ARRAY_FOR(server_opts.unix_paths, i) {
             if (!strcmp(server_opts.unix_paths[i].endpt_name, endpt->name)) {
-                path = server_opts.unix_paths[i].path;
+                filename = server_opts.unix_paths[i].path;
                 break;
             }
         }
-        if (!path) {
+        if (!filename) {
             ERR(NULL, "UNIX socket path mapping for endpoint \"%s\" not found.", endpt->name);
         }
     } else {
         ERRINT;
     }
 
+    /* construct the full path */
+    if (asprintf(&path, "%s/%s", NC_UNIX_SOCKET_DIR, filename) == -1) {
+        ERRMEM;
+        return NULL;
+    }
+
     return path;
 }
 
@@ -543,7 +550,7 @@ nc_sock_accept_binds(struct nc_endpt *endpt, struct nc_bind *binds, uint16_t bin
         pthread_mutex_t *bind_lock, int timeout, char **host, uint16_t *port, uint16_t *idx, int *sock)
 {
     uint16_t i, j, pfd_count, client_port;
-    char *client_address;
+    char *client_address, *sockpath = NULL;
     struct pollfd *pfd;
     struct sockaddr_storage saddr;
     socklen_t saddr_len = sizeof(saddr);
@@ -648,7 +655,11 @@ nc_sock_accept_binds(struct nc_endpt *endpt, struct nc_bind *binds, uint16_t bin
     }
 
     if (saddr.ss_family == AF_UNIX) {
-        VRB(NULL, "Accepted a connection on %s.", endpt ? nc_server_unix_get_socket_path(endpt) : "UNIX socket");
+        if (endpt) {
+            sockpath = nc_server_unix_get_socket_path(endpt);
+        }
+        VRB(NULL, "Accepted a connection on %s.", sockpath ? sockpath : "UNIX socket");
+        free(sockpath);
     } else {
         VRB(NULL, "Accepted a connection on %s:%u from %s:%u.", binds[i].address, binds[i].port, client_address, client_port);
     }
@@ -2335,7 +2346,7 @@ nc_ps_clear(struct nc_pollsession *ps, int all, void (*data_free)(void *))
 int
 nc_server_bind_and_listen(struct nc_endpt *endpt, struct nc_bind *bind)
 {
-    const char *unix_path = NULL;
+    char *unix_path = NULL;
     int sock = -1, rc = 0;
 
     /* start listening on the endpoint */
@@ -2378,6 +2389,7 @@ nc_server_bind_and_listen(struct nc_endpt *endpt, struct nc_bind *bind)
     }
 
 cleanup:
+    free(unix_path);
     return rc;
 }
 
diff --git a/tests/test_config.c b/tests/test_config.c
@@ -962,7 +962,7 @@ setup_f(void **state)
     assert_int_equal(ret, 0);
 
     /* set hidden path for UNIX endpoint */
-    ret = nc_server_set_unix_socket_path("unix", "/tmp/netconf-test-server.sock");
+    ret = nc_server_set_unix_socket_path("unix", "netconf-test-server.sock");
     assert_int_equal(ret, 0);
 
     lyd_free_all(tree);
diff --git a/tests/test_unix_socket.c b/tests/test_unix_socket.c
@@ -55,9 +55,9 @@ setup_glob_f(void **state)
     test_ctx->free_test_data = ln2_glob_test_free_test_data;
 
     /* set two hidden paths for UNIX sockets */
-    ret = nc_server_set_unix_socket_path("unix", "/tmp/nc2_test_unix_sock");
+    ret = nc_server_set_unix_socket_path("unix", "nc2_test_unix_sock");
     assert_int_equal(ret, 0);
-    ret = nc_server_set_unix_socket_path("unix2", "/tmp/nc2_test_unix_sock2");
+    ret = nc_server_set_unix_socket_path("unix2", "nc2_test_unix_sock2");
     assert_int_equal(ret, 0);
 
     return 0;
@@ -126,7 +126,7 @@ test_connect(void **state)
 
     assert_non_null(state);
 
-    data->socket_path = "/tmp/nc2_test_unix_sock";
+    data->socket_path = "nc2_test_unix_sock";
     ret = pthread_create(&tids[0], NULL, test_unix_client_thread, *state);
     assert_int_equal(ret, 0);
     ret = pthread_create(&tids[1], NULL, ln2_glob_test_server_thread, *state);
@@ -149,7 +149,7 @@ test_invalid_user(void **state)
     assert_non_null(state);
 
     /* set invalid username, the server will reject it */
-    data->socket_path = "/tmp/nc2_test_unix_sock";
+    data->socket_path = "nc2_test_unix_sock";
     data->expect_fail = 1;
     data->username = "INVALID";
 
@@ -182,7 +182,7 @@ proxy_client_thread(void *arg)
     pthread_barrier_wait(&test_ctx->barrier);
 
     /* connect the proxy */
-    fd = nc_proxy_unix_connect("/tmp/nc2_test_unix_sock", NULL);
+    fd = nc_proxy_unix_connect("nc2_test_unix_sock", NULL);
     assert_int_not_equal(fd, 0);
 
     /* send the hello message */
@@ -251,14 +251,14 @@ auth_client_thread(void *arg)
     pthread_barrier_wait(&test_ctx->barrier);
 
     /* session fails to be created with the default username */
-    session = nc_connect_unix("/tmp/nc2_test_unix_sock", NULL);
+    session = nc_connect_unix("nc2_test_unix_sock", NULL);
     assert_null(session);
 
     /* set the expected username */
     nc_client_unix_set_username("auth_user");
 
     /* session created */
-    session = nc_connect_unix("/tmp/nc2_test_unix_sock", NULL);
+    session = nc_connect_unix("nc2_test_unix_sock", NULL);
     assert_non_null(session);
 
     /* free the session */
@@ -424,14 +424,14 @@ test_cleartext_path(void **state)
 
     /* create the UNIX socket with a different cleartext path */
     ret = nc_server_config_add_unix_socket(test_ctx->ctx,
-            "unix2", "/tmp/nc2_test_cleartext_unix_sock", "0666", NULL, NULL, &config);
+            "unix2", "nc2_test_cleartext_unix_sock", "0666", NULL, NULL, &config);
     assert_int_equal(ret, 0);
 
     ret = nc_server_config_setup_data(config);
     assert_int_equal(ret, 0);
 
     /* start the client and server threads, the client should be able to connect to the cleartext path */
-    data->socket_path = "/tmp/nc2_test_cleartext_unix_sock";
+    data->socket_path = "nc2_test_cleartext_unix_sock";
     ret = pthread_create(&tid[0], NULL, test_unix_client_thread, *state);
     assert_int_equal(ret, 0);
     ret = pthread_create(&tid[1], NULL, ln2_glob_test_server_thread, *state);

Original file line number	Diff line number	Diff line change
`@@ -100,6 +100,7 @@ set(MAX_PSPOLL_THREAD_COUNT 6 CACHE STRING "Maximum number of threads that could`
`100`	`100`	`set(TIMEOUT_STEP 100 CACHE STRING "Number of microseconds tasks are repeated until timeout elapses")`
`101`	`101`	`set(YANG_MODULE_DIR "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATADIR}/yang/modules/libnetconf2" CACHE STRING "Directory where to copy the YANG modules to")`
`102`	`102`	`set(CLIENT_SEARCH_DIR "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATADIR}/yang/modules" CACHE STRING "Default NC client YANG module search directory")`
	`103`	`+set(UNIX_SOCKET_DIR "/tmp" CACHE PATH "Base directory for UNIX sockets")`
`103`	`104`
`104`	`105`	`#`
`105`	`106`	`# sources`