[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

GitBox Mon, 30 Nov 2020 08:00:44 -0800


minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532706511




##########
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##########
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
         // Create the pool for the server socket
         serverSockPool = Pool.create(rootPool);
+
         // Create the APR address that will be bound
-        String addressStr = null;
-        if (getAddress() != null) {
-            addressStr = getAddress().getHostAddress();
-        }
-        int family = Socket.APR_INET;
-        if (Library.APR_HAVE_IPV6) {
-            if (addressStr == null) {
-                if (!OS.IS_BSD) {
+        if (getPath() != null) {
+            if (Library.APR_HAVE_UNIX) {
+                hostname = getPath().toString();
+                family = Socket.APR_UNIX;
+            }
+            else {
+                throw new 
Exception(sm.getString("endpoint.init.unixnotavail"));
+            }
+        }
+        else {
+
+            if (getAddress() != null) {
+                hostname = getAddress().getHostAddress();
+            }
+            family = Socket.APR_INET;
+            if (Library.APR_HAVE_IPV6) {
+                if (hostname == null) {
+                    if (!OS.IS_BSD) {
+                        family = Socket.APR_UNSPEC;
+                    }
+                } else if (hostname.indexOf(':') >= 0) {
                     family = Socket.APR_UNSPEC;
                 }
-            } else if (addressStr.indexOf(':') >= 0) {
-                family = Socket.APR_UNSPEC;
             }
-         }
+        }
+
+        long sockAddress = Address.info(hostname, family, getPortWithOffset(), 
0, rootPool);
 
-        long inetAddress = Address.info(addressStr, family, 
getPortWithOffset(), 0, rootPool);
         // Create the APR server socket
-        serverSock = Socket.create(Address.getInfo(inetAddress).family,
+        if (family == Socket.APR_UNIX) {
+            serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, 
rootPool);
+        }
+        else {
+            serverSock = Socket.create(Address.getInfo(sockAddress).family,
                 Socket.SOCK_STREAM,
                 Socket.APR_PROTO_TCP, rootPool);
-        if (OS.IS_UNIX) {
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
-        }
-        if (Library.APR_HAVE_IPV6) {
-            if (getIpv6v6only()) {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
-            } else {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+            if (OS.IS_UNIX) {
+                Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+            }
+            if (Library.APR_HAVE_IPV6) {
+                if (getIpv6v6only()) {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+                } else {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+                }
             }
+            // Deal with the firewalls that tend to drop the inactive sockets
+            Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
         }
-        // Deal with the firewalls that tend to drop the inactive sockets
-        Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
         // Bind the server socket
-        int ret = Socket.bind(serverSock, inetAddress);
+        int ret = Socket.bind(serverSock, sockAddress);
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.bind", "" + ret, 
Error.strerror(ret)));
         }
+
         // Start listening on the server socket
         ret = Socket.listen(serverSock, getAcceptCount());
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.listen", "" + ret, 
Error.strerror(ret)));
         }
-        if (OS.IS_WIN32 || OS.IS_WIN64) {
-            // On Windows set the reuseaddr flag after the bind/listen
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+        if (family == Socket.APR_UNIX) {

Review comment:
       Currently there is no neat way (that I can find) to express Windows 
permissions in a string that can be assigned to a parameter in the connector.
   
   The java implementation to set ACLs on Windows is the following:
   
   
https://docs.oracle.com/javase/7/docs/api/java/nio/file/attribute/AclFileAttributeView.html
   
   On Windows there is a concept of permissions for the "owner", (not useful 
for a unix domain socket) and for "everyone" (useful if placed in a protected 
path), but there is no such thing as a primary group.
   
   In short, the problem I'm trying to solve is this:
   
   ```
       <Connector path="/tmp/protected/tomcat.socket" 
pathPermissions="[what-goes-here]" 
protocol="org.apache.coyote.http11.Http11AprProtocol"
                  maxThreads="150" SSLEnabled="false" >
   ```
   




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

Reply via email to