Commit 64295fde authored by Seun LanLege's avatar Seun LanLege Committed by Andronik Ordian

Adds support for ipc socket permissions (#11273)

* adds support for ipc socket permissions

* bumped jsonrpc to 14.0.5

* change chmod default to 660, use casting

* set 660 default for --ipc-chmod
Co-Authored-By: Andronik Ordian's avatarAndronik Ordian <write@reusable.software>

* Update parity/cli/mod.rs
Co-Authored-By: David's avatarDavid <dvdplm@gmail.com>

* represent octal value as string

* return error for invalid octal values

* fix tests

* check if supplied octal range is within 0 to 7777

* Apply suggestions from code review
Co-Authored-By: Andronik Ordian's avatarAndronik Ordian <write@reusable.software>

* temporary fix

* bump jsonrpc-ipc-server

* fix: update `Cargo.lock`
parent a6350c65
Pipeline #71271 failed with stages
in 100 minutes and 16 seconds
This diff is collapsed.
......@@ -568,6 +568,10 @@ usage! {
"--ipc-path=[PATH]",
"Specify custom path for JSON-RPC over IPC service.",
ARG arg_ipc_chmod: (String) = "660", or |c: &Config| c.ipc.as_ref()?.chmod.clone(),
"--ipc-chmod=[NUM]",
"Specify octal value for ipc socket permissions (unix/bsd only)",
ARG arg_ipc_apis: (String) = "web3,eth,pubsub,net,parity,parity_pubsub,parity_accounts,private,traces,rpc,parity_transactions_pool", or |c: &Config| c.ipc.as_ref()?.apis.as_ref().map(|vec| vec.join(",")),
"--ipc-apis=[APIS]",
"Specify custom API set available via JSON-RPC over IPC using a comma-delimited list of API names. Possible names are: all, safe, web3, net, eth, pubsub, personal, signer, parity, parity_pubsub, parity_accounts, parity_set, traces, rpc, secretstore. You can also disable a specific API by putting '-' in the front, example: all,-personal. 'safe' enables the following APIs: web3, net, eth, pubsub, parity, parity_pubsub, traces, rpc",
......@@ -1289,6 +1293,7 @@ struct Ws {
#[derive(Default, Debug, PartialEq, Deserialize)]
#[serde(deny_unknown_fields)]
struct Ipc {
chmod: Option<String>,
disable: Option<bool>,
path: Option<String>,
apis: Option<Vec<String>>,
......@@ -1840,7 +1845,7 @@ mod tests {
flag_no_ipc: false,
arg_ipc_path: "$HOME/.parity/jsonrpc.ipc".into(),
arg_ipc_apis: "web3,eth,net,parity,parity_accounts,personal,traces,rpc,secretstore".into(),
arg_ipc_chmod: "660".into(),
// DAPPS
arg_dapps_path: Some("$HOME/.parity/dapps".into()),
flag_no_dapps: false,
......@@ -2111,6 +2116,7 @@ mod tests {
ipc: Some(Ipc {
disable: None,
path: None,
chmod: None,
apis: Some(vec!["rpc".into(), "eth".into()]),
}),
dapps: Some(Dapps {
......
......@@ -75,6 +75,7 @@ apis = ["web3", "eth", "net", "parity", "traces", "rpc", "secretstore"]
hosts = ["none"]
[ipc]
chmod = "660"
disable = false
path = "$HOME/.parity/jsonrpc.ipc"
apis = ["web3", "eth", "net", "parity", "parity_accounts", "personal", "traces", "rpc", "secretstore"]
......
......@@ -859,6 +859,7 @@ impl Configuration {
fn ipc_config(&self) -> Result<IpcConfiguration, String> {
let conf = IpcConfiguration {
chmod: self.args.arg_ipc_chmod.clone(),
enabled: !(self.args.flag_ipcdisable || self.args.flag_ipc_off || self.args.flag_no_ipc),
socket_addr: self.ipc_path(),
apis: {
......
......@@ -76,6 +76,7 @@ impl Default for HttpConfiguration {
pub struct IpcConfiguration {
pub enabled: bool,
pub socket_addr: String,
pub chmod: String,
pub apis: ApiSet,
}
......@@ -89,6 +90,7 @@ impl Default for IpcConfiguration {
let data_dir = ::dir::default_data_path();
parity_ipc_path(&data_dir, "$BASE/jsonrpc.ipc", 0)
},
chmod: "660".into(),
apis: ApiSet::IpcContext,
}
}
......@@ -261,7 +263,16 @@ pub fn new_ipc<D: rpc_apis::Dependencies>(
}
}
match rpc::start_ipc(&conf.socket_addr, handler, rpc::RpcExtractor) {
// some validations ..
let chmod = conf.chmod;
let chmod = u16::from_str_radix(&chmod, 8)
.map_err(|e| format!("Invalid octal value: {}", e))?;
if chmod == 0 || chmod > 0o7777 {
return Err("Valid octal permissions are within the range 1 to 7777".into())
}
match rpc::start_ipc(&conf.socket_addr, handler, rpc::RpcExtractor, chmod) {
Ok(server) => Ok(Some(server)),
Err(io_error) => Err(format!("IPC error: {}", io_error)),
}
......
......@@ -28,12 +28,12 @@ tokio-timer = "0.1"
transient-hashmap = "0.4"
itertools = "0.5"
jsonrpc-core = "14.0.3"
jsonrpc-derive = "14.0.3"
jsonrpc-http-server = "14.0.3"
jsonrpc-ws-server = "14.0.3"
jsonrpc-ipc-server = "14.0.3"
jsonrpc-pubsub = "14.0.3"
jsonrpc-core = "14.0.5"
jsonrpc-derive = "14.0.5"
jsonrpc-http-server = "14.0.5"
jsonrpc-ws-server = "14.0.5"
jsonrpc-ipc-server = "14.0.6"
jsonrpc-pubsub = "14.0.5"
client-traits = { path = "../ethcore/client-traits" }
common-types = { path = "../ethcore/types" }
......
......@@ -143,7 +143,12 @@ pub mod tests;
pub use jsonrpc_core::{FutureOutput, FutureResult, FutureResponse, FutureRpcResult};
pub use jsonrpc_pubsub::Session as PubSubSession;
pub use ipc::{Server as IpcServer, MetaExtractor as IpcMetaExtractor, RequestContext as IpcRequestContext};
pub use ipc::{
MetaExtractor as IpcMetaExtractor,
RequestContext as IpcRequestContext,
SecurityAttributes,
Server as IpcServer,
};
pub use http::{
hyper,
RequestMiddleware, RequestMiddlewareAction,
......@@ -226,13 +231,18 @@ pub fn start_ipc<M, S, H, T>(
addr: &str,
handler: H,
extractor: T,
chmod: u16
) -> ::std::io::Result<ipc::Server> where
M: jsonrpc_core::Metadata,
S: jsonrpc_core::Middleware<M>,
H: Into<jsonrpc_core::MetaIoHandler<M, S>>,
T: IpcMetaExtractor<M>,
{
let attr = SecurityAttributes::empty()
.set_mode(chmod as _)?;
ipc::ServerBuilder::with_meta_extractor(handler, extractor)
.set_security_attributes(attr)
.start(addr)
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment