Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don’t allow other users to connect by default #28

Merged
merged 1 commit into from
Jun 16, 2020
Merged

Don’t allow other users to connect by default #28

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 9 additions & 5 deletions src/unix.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,16 +16,17 @@ pub struct SecurityAttributes {
}

impl SecurityAttributes {
/// New default security attributes.
/// New default security attributes. These only allow access by the
/// process’s own user and the system administrator.
pub fn empty() -> Self {
SecurityAttributes {
mode: None
mode: Some(0o600)
}
}

/// New security attributes that allow everyone to connect.
pub fn allow_everyone_connect(mut self) -> io::Result<Self> {
self.mode = Some(0o777);
self.mode = Some(0o666);
Ok(self)
}

Expand All @@ -36,6 +37,9 @@ impl SecurityAttributes {
}

/// New security attributes that allow everyone to create.
///
/// This does not work on unix, where it is equivalent to
/// [`SecurityAttributes::allow_everyone_connect`].
pub fn allow_everyone_create() -> io::Result<Self> {
Ok(SecurityAttributes {
mode: None
Expand All @@ -44,9 +48,9 @@ impl SecurityAttributes {

/// called in unix, after server socket has been created
/// will apply security attributes to the socket.
pub(crate) unsafe fn apply_permissions(&self, path: &str) -> io::Result<()> {
pub(crate) unsafe fn apply_permissions(&self, path: &str) -> io::Result<()> {
let path = CString::new(path.to_owned())?;
if let Some(mode) = self.mode {
if let Some(mode) = self.mode {
if chmod(path.as_ptr(), mode as _) == -1 {
return Err(Error::last_os_error())
}
Expand Down
22 changes: 19 additions & 3 deletions src/win.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ impl Endpoint {
NamedPipeBuilder::new(&self.path)
.first(true)
.inbound(true)
.accept_remote(false)
.outbound(true)
.out_buffer_size(65536)
.in_buffer_size(65536)
Expand Down Expand Up @@ -156,7 +157,7 @@ impl Stream for Incoming {
}
Err(e) => {
if e.kind() == io::ErrorKind::WouldBlock {
self.inner.pipe.clear_write_ready(ctx);
self.inner.pipe.clear_write_ready(ctx)?;
Poll::Pending
} else {
Poll::Ready(Some(Err(e)))
Expand All @@ -172,9 +173,10 @@ pub struct Connection {
}

impl Connection {
/// Wraps an existing named pipe
pub fn wrap(pipe: NamedPipe) -> Self {
Self { inner: pipe }
}
}
}

impl AsyncRead for Connection {
Expand Down Expand Up @@ -218,10 +220,24 @@ pub struct SecurityAttributes {
attributes: Option<InnerAttributes>,
}

pub const DEFAULT_SECURITY_ATTRIBUTES: SecurityAttributes = SecurityAttributes {
attributes: Some(InnerAttributes {
descriptor: SecurityDescriptor {
descriptor_ptr: ptr::null_mut(),
},
acl: Acl { acl_ptr: ptr::null_mut() },
attrs: SECURITY_ATTRIBUTES {
nLength: mem::size_of::<SECURITY_ATTRIBUTES>() as u32,
lpSecurityDescriptor: ptr::null_mut(),
bInheritHandle: 0,
},
})
};

impl SecurityAttributes {
/// New default security attributes.
pub fn empty() -> SecurityAttributes {
SecurityAttributes { attributes: None }
DEFAULT_SECURITY_ATTRIBUTES
}

/// New default security attributes that allow everyone to connect.
Expand Down