server server UPDATE add API to set unix sock basedir

Author: Roytak

modules/[email protected]

@@ -328,10 +328,10 @@ module libnetconf2-netconf-server {
                 length "1..107";
               }
               description
-                "The explicit filesystem path where the UNIX socket will be bonded.
-                 The parent directory must exist and be writable by the server process.
+                "Relative filesystem path where the UNIX socket will be bound.
+                 The parent directory must be set by an internal server API setting.
 
-                 Example: /var/run/netconf.sock";
+                 Example: netconf.sock";
             }
           }
           case hidden-path {

src/server_config.c

@@ -360,7 +360,7 @@ nc_server_config_free(struct nc_server_config *config)
     struct nc_ch_client *ch_client;
     struct nc_ch_endpt *ch_endpt;
     LY_ARRAY_COUNT_TYPE i, j;
-    const char *socket_path = NULL;
+    char *socket_path = NULL;
 
     if (!config) {
         return;
@@ -397,6 +397,11 @@ nc_server_config_free(struct nc_server_config *config)
         }
         LY_ARRAY_FREE(endpt->binds);
 
+        if (endpt->ti == NC_TI_UNIX) {
+            free(socket_path);
+            socket_path = NULL;
+        }
+
         /* free transport specific options */
         switch (endpt->ti) {
 #ifdef NC_ENABLED_SSH_TLS
@@ -5035,7 +5040,8 @@ static int
 nc_server_config_bindings_match(const struct nc_endpt *e1, const struct nc_bind *b1,
         const struct nc_endpt *e2, const struct nc_bind *b2)
 {
-    const char *addr1, *addr2;
+    int rc = 1;
+    char *addr1 = NULL, *addr2 = NULL;
 
     if (e1->ti != e2->ti) {
         /* different transport protocols */
@@ -5052,15 +5058,22 @@ nc_server_config_bindings_match(const struct nc_endpt *e1, const struct nc_bind
     }
     if (!addr1 || !addr2) {
         /* unable to get the address */
-        return 0;
+        rc = 0;
+        goto cleanup;
     }
 
     if (strcmp(addr1, addr2) || (b1->port != b2->port)) {
         /* different addresses or ports */
-        return 0;
+        rc = 0;
+        goto cleanup;
     }
 
-    return 1;
+cleanup:
+    if (e1->ti == NC_TI_UNIX) {
+        free(addr1);
+        free(addr2);
+    }
+    return rc;
 }
 
 /**

src/session_client.c

@@ -1485,8 +1485,11 @@ nc_connect_unix(const char *address, struct ly_ctx *ctx)
     session->ti.unixsock.sock = sock;
     sock = -1;
 
-    /* socket path */
     session->path = strdup(address);
+    if (!session->path) {
+        ERRMEM;
+        goto fail;
+    }
 
     /* NETCONF username */
     if (unix_opts.username) {

src/session_p.h

@@ -755,6 +755,7 @@ struct nc_server_opts {
         char *endpt_name;       /**< Name of the endpoint using this path. */
         char *path;             /**< The actual filesystem path for the socket. */
     } *unix_paths;  /**< Array of UNIX socket paths set via API (sized-array, see libyang docs). */
+    char *unix_socket_dir;    /**< Base directory for UNIX sockets created by the server. */
 
     /* ACCESS unlocked */
     ATOMIC_T new_session_id;
@@ -980,7 +981,7 @@ void *nc_realloc(void *ptr, size_t size);
  * @param[in] endpt Endpoint to get the socket path for.
  * @return Socket path, NULL on error.
  */
-const char *nc_server_unix_get_socket_path(const struct nc_endpt *endpt);
+char *nc_server_unix_get_socket_path(const struct nc_endpt *endpt);
 
 /**
  * @brief Bind and listen on a socket for the given endpoint and its bind.

src/session_server.c

@@ -358,31 +358,136 @@ nc_sock_listen_inet(const char *address, uint16_t port)
     return -1;
 }
 
-const char *
+/**
+ * @brief Construct the full path to the UNIX socket.
+ *
+ * @param[in] filename Name of the socket file.
+ * @param[out] path Constructed full path to the UNIX socket (must be freed by the caller).
+ * @return 0 on success, 1 on error.
+ */
+static int
+nc_session_unix_construct_socket_path(const char *filename, char **path)
+{
+    int rc = 0, is_prefix, is_subdir, is_exact;
+    char *full_path = NULL, *real_base_dir = NULL, *last_slash = NULL, *sock_dir_path = NULL;
+    char *real_target_dir = NULL;
+    struct sockaddr_un sun;
+    size_t dir_len, base_len;
+    const char *dir = server_opts.unix_socket_dir;
+
+    if (!dir) {
+        ERR(NULL, "Cannot construct UNIX socket path \"%s\""
+                " (no base directory set, see nc_set_unix_socket_dir()).", filename);
+        return 1;
+    }
+
+    if (filename[0] == '/') {
+        ERR(NULL, "Cannot construct UNIX socket path \"%s\" (absolute path not allowed).", filename);
+        return 1;
+    }
+
+    /* construct the path to the UNIX socket */
+    if (asprintf(&full_path, "%s/%s", dir, filename) == -1) {
+        ERRMEM;
+        rc = 1;
+        goto cleanup;
+    }
+
+    if (strlen(full_path) > sizeof(sun.sun_path) - 1) {
+        ERR(NULL, "Socket path \"%s\" is too long.", full_path);
+        goto cleanup;
+    }
+
+    /* ensure the socket path is within the base directory */
+    if (!(real_base_dir = realpath(dir, NULL))) {
+        ERR(NULL, "realpath() failed for UNIX socket base directory \"%s\" (%s).", dir, strerror(errno));
+        rc = 1;
+        goto cleanup;
+    }
+
+    /* find the last slash in the constructed path */
+    last_slash = strrchr(full_path, '/');
+    if (last_slash) {
+        /* extract the directory part of the socket path */
+        dir_len = last_slash - full_path;
+        sock_dir_path = strndup(full_path, dir_len);
+        NC_CHECK_ERRMEM_GOTO(!sock_dir_path, rc = 1, cleanup);
+
+        if (!(real_target_dir = realpath(sock_dir_path, NULL))) {
+            ERR(NULL, "realpath() failed for UNIX socket path directory \"%s\" (%s).", sock_dir_path,
+                    strerror(errno));
+            rc = 1;
+            goto cleanup;
+        }
+    } else {
+        /* should not happen as we always add dir/filename */
+        real_target_dir = strdup(real_base_dir);
+        NC_CHECK_ERRMEM_GOTO(!real_target_dir, rc = 1, cleanup);
+    }
+
+    base_len = strlen(real_base_dir);
+
+    /* check the relationship between both paths */
+    is_prefix = (strncmp(real_base_dir, real_target_dir, base_len) == 0);
+
+    is_exact = (real_target_dir[base_len] == '\0');
+
+    is_subdir = (real_target_dir[base_len] == '/');
+
+    /* special case if base is '/' */
+    if ((base_len == 1) && (real_base_dir[0] == '/')) {
+        is_subdir = 1;
+    }
+
+    if (!is_prefix || (!is_exact && !is_subdir)) {
+        ERR(NULL, "UNIX socket path \"%s\" escapes the base directory \"%s\".", full_path, dir);
+        rc = 1;
+        goto cleanup;
+    }
+
+    /* transfer ownership */
+    *path = full_path;
+    full_path = NULL;
+
+cleanup:
+    free(real_base_dir);
+    free(real_target_dir);
+    free(sock_dir_path);
+    free(full_path);
+    return rc;
+}
+
+char *
 nc_server_unix_get_socket_path(const struct nc_endpt *endpt)
 {
     LY_ARRAY_COUNT_TYPE i;
-    const char *path = NULL;
+    const char *filename = NULL;
+    char *path = NULL;
 
     /* check the endpoints options for type of socket path */
     if (endpt->opts.unix->path_type == NC_UNIX_SOCKET_PATH_FILE) {
         /* UNIX socket endpoints always have only one bind, get its address */
-        path = endpt->binds[0].address;
+        filename = endpt->binds[0].address;
     } else if (endpt->opts.unix->path_type == NC_UNIX_SOCKET_PATH_HIDDEN) {
-        /* serach the mappings */
+        /* search the mappings */
         LY_ARRAY_FOR(server_opts.unix_paths, i) {
             if (!strcmp(server_opts.unix_paths[i].endpt_name, endpt->name)) {
-                path = server_opts.unix_paths[i].path;
+                filename = server_opts.unix_paths[i].path;
                 break;
             }
         }
-        if (!path) {
+        if (!filename) {
             ERR(NULL, "UNIX socket path mapping for endpoint \"%s\" not found.", endpt->name);
         }
     } else {
         ERRINT;
     }
 
+    /* construct the full socket path */
+    if (nc_session_unix_construct_socket_path(filename, &path)) {
+        return NULL;
+    }
+
     return path;
 }
 
@@ -543,7 +648,7 @@ nc_sock_accept_binds(struct nc_endpt *endpt, struct nc_bind *binds, uint16_t bin
         pthread_mutex_t *bind_lock, int timeout, char **host, uint16_t *port, uint16_t *idx, int *sock)
 {
     uint16_t i, j, pfd_count, client_port;
-    char *client_address;
+    char *client_address, *sockpath = NULL;
     struct pollfd *pfd;
     struct sockaddr_storage saddr;
     socklen_t saddr_len = sizeof(saddr);
@@ -648,7 +753,11 @@ nc_sock_accept_binds(struct nc_endpt *endpt, struct nc_bind *binds, uint16_t bin
     }
 
     if (saddr.ss_family == AF_UNIX) {
-        VRB(NULL, "Accepted a connection on %s.", endpt ? nc_server_unix_get_socket_path(endpt) : "UNIX socket");
+        if (endpt) {
+            sockpath = nc_server_unix_get_socket_path(endpt);
+        }
+        VRB(NULL, "Accepted a connection on %s.", sockpath ? sockpath : "UNIX socket");
+        free(sockpath);
     } else {
         VRB(NULL, "Accepted a connection on %s:%u from %s:%u.", binds[i].address, binds[i].port, client_address, client_port);
     }
@@ -2335,7 +2444,7 @@ nc_ps_clear(struct nc_pollsession *ps, int all, void (*data_free)(void *))
 int
 nc_server_bind_and_listen(struct nc_endpt *endpt, struct nc_bind *bind)
 {
-    const char *unix_path = NULL;
+    char *unix_path = NULL;
     int sock = -1, rc = 0;
 
     /* start listening on the endpoint */
@@ -2378,6 +2487,7 @@ nc_server_bind_and_listen(struct nc_endpt *endpt, struct nc_bind *bind)
     }
 
 cleanup:
+    free(unix_path);
     return rc;
 }
 
@@ -4382,3 +4492,21 @@ nc_server_get_unix_socket_path(const char *endpoint_name)
     pthread_rwlock_unlock(&server_opts.config_lock);
     return socket_path;
 }
+
+API int
+nc_server_set_unix_socket_dir(const char *dir)
+{
+    int rc = 0;
+
+    /* CONFIG WRITE LOCK */
+    pthread_rwlock_wrlock(&server_opts.config_lock);
+
+    free(server_opts.unix_socket_dir);
+    server_opts.unix_socket_dir = strdup(dir);
+    NC_CHECK_ERRMEM_GOTO(!server_opts.unix_socket_dir, rc = 1, cleanup);
+
+cleanup:
+    /* CONFIG WRITE UNLOCK */
+    pthread_rwlock_unlock(&server_opts.config_lock);
+    return rc;
+}

src/session_server.h

@@ -467,6 +467,17 @@ int nc_server_set_unix_socket_path(const char *endpoint_name, const char *socket
  */
 const char *nc_server_get_unix_socket_path(const char *endpoint_name);
 
+/**
+ * @brief Set the base directory for UNIX socket paths.
+ *
+ * All UNIX socket paths will be relative to this directory.
+ * It must exist and be writable by the server process.
+ *
+ * @param[in] dir Base directory for UNIX socket paths.
+ * @return 0 on success, 1 on error.
+ */
+int nc_server_set_unix_socket_dir(const char *dir);
+
 /** @} Server Session */
 
 /**

tests/test_config.c

@@ -961,8 +961,12 @@ setup_f(void **state)
     ret = nc_server_config_setup_data(tree);
     assert_int_equal(ret, 0);
 
+    /* set the base directory for UNIX sockets */
+    ret = nc_server_set_unix_socket_dir("/tmp");
+    assert_int_equal(ret, 0);
+
     /* set hidden path for UNIX endpoint */
-    ret = nc_server_set_unix_socket_path("unix", "/tmp/netconf-test-server.sock");
+    ret = nc_server_set_unix_socket_path("unix", "netconf-test-server.sock");
     assert_int_equal(ret, 0);
 
     lyd_free_all(tree);

tests/test_unix_socket.c

@@ -54,10 +54,14 @@ setup_glob_f(void **state)
     assert_non_null(test_ctx->test_data);
     test_ctx->free_test_data = ln2_glob_test_free_test_data;
 
+    /* set the base directory for UNIX sockets */
+    ret = nc_server_set_unix_socket_dir("/tmp");
+    assert_int_equal(ret, 0);
+
     /* set two hidden paths for UNIX sockets */
-    ret = nc_server_set_unix_socket_path("unix", "/tmp/nc2_test_unix_sock");
+    ret = nc_server_set_unix_socket_path("unix", "nc2_test_unix_sock");
     assert_int_equal(ret, 0);
-    ret = nc_server_set_unix_socket_path("unix2", "/tmp/nc2_test_unix_sock2");
+    ret = nc_server_set_unix_socket_path("unix2", "nc2_test_unix_sock2");
     assert_int_equal(ret, 0);
 
     return 0;
@@ -424,7 +428,7 @@ test_cleartext_path(void **state)
 
     /* create the UNIX socket with a different cleartext path */
     ret = nc_server_config_add_unix_socket(test_ctx->ctx,
-            "unix2", "/tmp/nc2_test_cleartext_unix_sock", "0666", NULL, NULL, &config);
+            "unix2", "nc2_test_cleartext_unix_sock", "0666", NULL, NULL, &config);
     assert_int_equal(ret, 0);
 
     ret = nc_server_config_setup_data(config);