From 4026625c2d3cd8db08740a5927e4f023cd97e41c Mon Sep 17 00:00:00 2001 From: Tyler Kropp Date: Tue, 18 Feb 2020 02:52:12 -0500 Subject: [PATCH] lib/config, gui: Set unix socket permissions for GUI listen address (fixes #5979) (#6310) --- gui/default/syncthing/core/syncthingController.js | 7 +++++++ gui/default/syncthing/settings/settingsModalView.html | 7 +++++++ lib/api/api.go | 9 +++++++++ lib/config/guiconfiguration.go | 11 +++++++++++ 4 files changed, 34 insertions(+) diff --git a/gui/default/syncthing/core/syncthingController.js b/gui/default/syncthing/core/syncthingController.js index 86dadf7aa..2a0310684 100755 --- a/gui/default/syncthing/core/syncthingController.js +++ b/gui/default/syncthing/core/syncthingController.js @@ -2491,4 +2491,11 @@ angular.module('syncthing.core') $scope.config.options.crashReportingEnabled = enabled; $scope.saveConfig(); }; + + $scope.isUnixAddress = function (address) { + return address != null && + (address.startsWith('/') || + address.startsWith('unix://') || + address.startsWith('unixs://')); + } }); diff --git a/gui/default/syncthing/settings/settingsModalView.html b/gui/default/syncthing/settings/settingsModalView.html index 7257d5430..fe1836255 100644 --- a/gui/default/syncthing/settings/settingsModalView.html +++ b/gui/default/syncthing/settings/settingsModalView.html @@ -172,6 +172,13 @@
+
+ + +

+ Enter up to three octal digits. +

+
diff --git a/lib/api/api.go b/lib/api/api.go index e8d07f431..2e1d83bc3 100644 --- a/lib/api/api.go +++ b/lib/api/api.go @@ -187,6 +187,15 @@ func (s *service) getListener(guiCfg config.GUIConfiguration) (net.Listener, err return nil, err } + if guiCfg.Network() == "unix" && guiCfg.UnixSocketPermissions() != 0 { + // We should error if this fails under the assumption that these permissions are + // required for operation. + err = os.Chmod(guiCfg.Address(), guiCfg.UnixSocketPermissions()) + if err != nil { + return nil, err + } + } + listener := &tlsutil.DowngradingListener{ Listener: rawListener, TLSConfig: tlsCfg, diff --git a/lib/config/guiconfiguration.go b/lib/config/guiconfiguration.go index fb646721a..2ae7497cd 100644 --- a/lib/config/guiconfiguration.go +++ b/lib/config/guiconfiguration.go @@ -9,12 +9,14 @@ package config import ( "net/url" "os" + "strconv" "strings" ) type GUIConfiguration struct { Enabled bool `xml:"enabled,attr" json:"enabled" default:"true"` RawAddress string `xml:"address" json:"address" default:"127.0.0.1:8384"` + RawUnixSocketPermissions string `xml:"unixSocketPermissions,omitempty" json:"unixSocketPermissions"` User string `xml:"user,omitempty" json:"user"` Password string `xml:"password,omitempty" json:"password"` AuthMode AuthMode `xml:"authMode,omitempty" json:"authMode"` @@ -59,6 +61,15 @@ func (c GUIConfiguration) Address() string { return c.RawAddress } +func (c GUIConfiguration) UnixSocketPermissions() os.FileMode { + perm, err := strconv.ParseUint(c.RawUnixSocketPermissions, 8, 32) + if err != nil { + // ignore incorrectly formatted permissions + return 0 + } + return os.FileMode(perm) & os.ModePerm +} + func (c GUIConfiguration) Network() string { if override := os.Getenv("STGUIADDRESS"); strings.Contains(override, "/") { url, err := url.Parse(override)