From 599be48dd97c279d7333ae4893363c1ddee93fac Mon Sep 17 00:00:00 2001 From: Hugues de Valon Date: Wed, 23 Sep 2020 15:19:13 +0100 Subject: [PATCH 1/3] Modify socket path to conform to FHS Unix domain sockets should be in /run/. Signed-off-by: Hugues de Valon --- e2e_tests/src/raw_request.rs | 2 +- src/front/domain_socket.rs | 48 ++---------------------------------- 2 files changed, 3 insertions(+), 47 deletions(-) diff --git a/e2e_tests/src/raw_request.rs b/e2e_tests/src/raw_request.rs index 25dc0cd5..9ee08f41 100644 --- a/e2e_tests/src/raw_request.rs +++ b/e2e_tests/src/raw_request.rs @@ -13,7 +13,7 @@ const MAX_BODY_SIZE: usize = 1 << 31; #[derive(Copy, Clone, Debug)] pub struct RawRequestClient; -static SOCKET_PATH: &str = "/tmp/parsec/parsec.sock"; +static SOCKET_PATH: &str = "/run/parsec/parsec.sock"; const TIMEOUT: Duration = Duration::from_secs(5); #[allow(clippy::new_without_default)] diff --git a/src/front/domain_socket.rs b/src/front/domain_socket.rs index 399801b0..62b9a7a7 100644 --- a/src/front/domain_socket.rs +++ b/src/front/domain_socket.rs @@ -19,7 +19,7 @@ use std::os::unix::net::UnixListener; use std::path::Path; use std::time::Duration; -static SOCKET_PATH: &str = "/tmp/parsec/parsec.sock"; +static SOCKET_PATH: &str = "/run/parsec/parsec.sock"; #[cfg(not(feature = "no-parsec-user-and-clients-group"))] const PARSEC_USERNAME: &str = "parsec"; #[cfg(not(feature = "no-parsec-user-and-clients-group"))] @@ -42,11 +42,8 @@ impl DomainSocketListener { #[cfg(not(feature = "no-parsec-user-and-clients-group"))] DomainSocketListener::check_user_details()?; - // is Parsec instance was socket activated (see the `parsec.socket` - // file), the listener will be opened by systemd and passed to the - // process. // If Parsec was service activated or not started under systemd, this - // will return `0`. + // will return `0`. `1` will be returned in case Parsec is socket activated. let listener = match sd_notify::listen_fds()? { 0 => { let socket = Path::new(SOCKET_PATH); @@ -56,8 +53,6 @@ impl DomainSocketListener { } else if socket.exists() { fs::remove_file(&socket)?; } - #[cfg(not(feature = "no-parsec-user-and-clients-group"))] - DomainSocketListener::set_socket_dir_permissions(parent_dir)?; let listener = UnixListener::bind(SOCKET_PATH)?; listener.set_nonblocking(true)?; @@ -93,45 +88,6 @@ impl DomainSocketListener { Ok(Self { listener, timeout }) } - #[cfg(not(feature = "no-parsec-user-and-clients-group"))] - fn set_socket_dir_permissions(parent_dir: &Path) -> Result<()> { - if let Some(parent_dir_str) = parent_dir.to_str() { - fs::set_permissions(parent_dir, Permissions::from_mode(0o750))?; - // Although `parsec` has to be part of the `parsec_clients` group, it may not be the primary group. Therefore force group ownership to `parsec_clients` - if unsafe { - let parent_dir_cstr = CString::new(parent_dir_str) - .expect("Failed to convert socket path parent to cstring"); - { - libc::chown( - parent_dir_cstr.as_ptr(), - users::get_current_uid(), // To get to this point, user has to be `parsec` - users::get_group_by_name(PARSEC_GROUPNAME).unwrap().gid(), // `parsec_clients` exists by this point so should be safe - ) - } - } != 0 - { - error!( - "Changing ownership of {} to user {} and group {} failed.", - parent_dir_str, PARSEC_USERNAME, PARSEC_GROUPNAME - ); - return Err(Error::new( - ErrorKind::Other, - "Changing ownership of socket directory failed", - )); - } - } else { - error!( - "Error converting {} parent directory to string.", - SOCKET_PATH - ); - return Err(Error::new( - ErrorKind::InvalidInput, - "Error retrieving parent directory for socket", - )); - } - Ok(()) - } - #[cfg(not(feature = "no-parsec-user-and-clients-group"))] fn check_user_details() -> Result<()> { // Check Parsec is running as parsec user From 3e41670aa3598e594d55ae7dd333be781e4cf181 Mon Sep 17 00:00:00 2001 From: Hugues de Valon Date: Wed, 23 Sep 2020 16:39:39 +0100 Subject: [PATCH 2/3] Update systemd unit file with new hierarchy Signed-off-by: Hugues de Valon --- Cargo.toml | 1 - ci.sh | 4 +- config.toml | 9 +- e2e_tests/Cargo.toml | 4 + e2e_tests/provider_cfg/all/config.toml | 2 + .../provider_cfg/mbed-crypto/config.toml | 2 + e2e_tests/provider_cfg/pkcs11/config.toml | 2 + e2e_tests/provider_cfg/tpm/config.toml | 2 + e2e_tests/src/lib.rs | 7 ++ e2e_tests/src/raw_request.rs | 2 +- .../tests/config/tomls/list_providers_1.toml | 2 + .../tests/config/tomls/list_providers_2.toml | 2 + .../tests/config/tomls/pkcs11_software.toml | 2 + .../per_provider/normal_tests/export_key.rs | 4 +- .../tests/per_provider/normal_tests/ping.rs | 10 +- fuzz/config.toml | 2 + src/front/domain_socket.rs | 115 ++++++++---------- src/front/front_end.rs | 2 +- src/front/listener.rs | 4 +- src/key_info_managers/on_disk_manager/mod.rs | 2 +- src/utils/service_builder.rs | 1 + systemd-daemon/parsec.service | 2 +- 22 files changed, 105 insertions(+), 78 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 88955daf..bda32bf7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -52,7 +52,6 @@ features = ["pkcs11-provider", "tpm-provider", "tss-esapi/docs", "mbed-crypto-pr [features] default = [] -no-parsec-user-and-clients-group = [] mbed-crypto-provider = ["psa-crypto"] pkcs11-provider = ["pkcs11", "picky-asn1-der", "picky-asn1", "picky-asn1-x509", "psa-crypto", "rand"] tpm-provider = ["tss-esapi", "picky-asn1-der", "picky-asn1", "picky-asn1-x509", "hex"] diff --git a/ci.sh b/ci.sh index 274c0074..eb79518e 100755 --- a/ci.sh +++ b/ci.sh @@ -67,10 +67,10 @@ while [ "$#" -gt 0 ]; do PROVIDER_NAME=$1 cp $(pwd)/e2e_tests/provider_cfg/$1/config.toml $CONFIG_PATH if [ "$PROVIDER_NAME" = "all" ]; then - FEATURES="--features=all-providers,no-parsec-user-and-clients-group" + FEATURES="--features=all-providers" TEST_FEATURES="--features=all-providers" else - FEATURES="--features=$1-provider,no-parsec-user-and-clients-group" + FEATURES="--features=$1-provider" TEST_FEATURES="--features=$1-provider" fi ;; diff --git a/config.toml b/config.toml index d52dcd73..5084ce38 100644 --- a/config.toml +++ b/config.toml @@ -17,6 +17,7 @@ # Log level to be applied across the service. Can be overwritten for certain modules which have the same # configuration key. Possible values: "debug", "info", "warn", "error", "trace" +# WARNING: This option will not be updated if the configuration is reloaded with a different one. #log_level = "warn" # Control whether log entries contain a timestamp. @@ -44,6 +45,12 @@ listener_type = "DomainSocket" # timeout expires, the connection is dropped. timeout = 200 # in milliseconds +# Specify the Unix Domain Socket path. The path is fixed and should always be the default one for +# clients to connect. However, it is useful to change it for tests. +# WARNING: If a file already exists at that path, the service will remove it before creating the +# socket file. +#socket_path = "/run/parsec/parsec.sock" + # (Required) Configuration for the components managing key info for providers. # Defined as an array of tables: https://github.com/toml-lang/toml#user-content-array-of-tables [[key_manager]] @@ -54,7 +61,7 @@ name = "on-disk-manager" manager_type = "OnDisk" # Path to the location where the mapping will be persisted (in this case, the filesystem path) -#store_path = "./mappings" +#store_path = "/var/lib/parsec/mappings" # (Required) Provider configurations. # Defined as an array of tables: https://github.com/toml-lang/toml#user-content-array-of-tables diff --git a/e2e_tests/Cargo.toml b/e2e_tests/Cargo.toml index 20a4aabf..a7325c88 100644 --- a/e2e_tests/Cargo.toml +++ b/e2e_tests/Cargo.toml @@ -18,6 +18,10 @@ parsec-client = { version = "0.9.0", features = ["testing"] } log = "0.4.11" rand = "0.7.3" +[patch.crates-io] +# Just to make the CI pass, update with the newest version +parsec-client = { git = 'https://github.com/hug-dev/parsec-client-rust', branch = 'new-socket-path' } + [dev-dependencies] ring = "0.16.15" env_logger = "0.7.1" diff --git a/e2e_tests/provider_cfg/all/config.toml b/e2e_tests/provider_cfg/all/config.toml index 4a953609..386991ba 100644 --- a/e2e_tests/provider_cfg/all/config.toml +++ b/e2e_tests/provider_cfg/all/config.toml @@ -10,10 +10,12 @@ allow_root = true [listener] listener_type = "DomainSocket" timeout = 200 # in milliseconds +socket_path = "/tmp/parsec.sock" [[key_manager]] name = "on-disk-manager" manager_type = "OnDisk" +store_path = "./mappings" [[provider]] provider_type = "MbedCrypto" diff --git a/e2e_tests/provider_cfg/mbed-crypto/config.toml b/e2e_tests/provider_cfg/mbed-crypto/config.toml index ebd9b1a2..f4358668 100644 --- a/e2e_tests/provider_cfg/mbed-crypto/config.toml +++ b/e2e_tests/provider_cfg/mbed-crypto/config.toml @@ -12,10 +12,12 @@ listener_type = "DomainSocket" # The timeout needs to be smaller than the test client timeout (five seconds) as it is testing # that the service does not hang for very big values of body or authentication length. timeout = 3000 # in milliseconds +socket_path = "/tmp/parsec.sock" [[key_manager]] name = "on-disk-manager" manager_type = "OnDisk" +store_path = "./mappings" [[provider]] provider_type = "MbedCrypto" diff --git a/e2e_tests/provider_cfg/pkcs11/config.toml b/e2e_tests/provider_cfg/pkcs11/config.toml index c753dddd..3b84a2ac 100644 --- a/e2e_tests/provider_cfg/pkcs11/config.toml +++ b/e2e_tests/provider_cfg/pkcs11/config.toml @@ -12,10 +12,12 @@ listener_type = "DomainSocket" # The timeout needs to be smaller than the test client timeout (five seconds) as it is testing # that the service does not hang for very big values of body or authentication length. timeout = 3000 # in milliseconds +socket_path = "/tmp/parsec.sock" [[key_manager]] name = "on-disk-manager" manager_type = "OnDisk" +store_path = "./mappings" [[provider]] provider_type = "Pkcs11" diff --git a/e2e_tests/provider_cfg/tpm/config.toml b/e2e_tests/provider_cfg/tpm/config.toml index 13342acf..5f1fba36 100644 --- a/e2e_tests/provider_cfg/tpm/config.toml +++ b/e2e_tests/provider_cfg/tpm/config.toml @@ -12,10 +12,12 @@ listener_type = "DomainSocket" # The timeout needs to be smaller than the test client timeout (five seconds) as it is testing # that the service does not hang for very big values of body or authentication length. timeout = 3000 # in milliseconds +socket_path = "/tmp/parsec.sock" [[key_manager]] name = "on-disk-manager" manager_type = "OnDisk" +store_path = "./mappings" [[provider]] provider_type = "Tpm" diff --git a/e2e_tests/src/lib.rs b/e2e_tests/src/lib.rs index 8cd403ad..672b927f 100644 --- a/e2e_tests/src/lib.rs +++ b/e2e_tests/src/lib.rs @@ -22,11 +22,15 @@ use parsec_client::core::interface::operations::psa_key_attributes::{ Attributes, EccFamily, Lifetime, Policy, Type, UsageFlags, }; use parsec_client::core::interface::requests::{Opcode, ProviderID, ResponseStatus, Result}; +use parsec_client::core::ipc_handler::unix_socket; use parsec_client::core::secrecy::{ExposeSecret, Secret}; use parsec_client::error::Error; use std::collections::HashSet; use std::time::Duration; +const TEST_SOCKET_PATH: &str = "/tmp/parsec.sock"; +const TEST_TIMEOUT: Duration = Duration::from_secs(1); + /// Client structure automatically choosing a provider and high-level operation functions. #[derive(Debug)] pub struct TestClient { @@ -58,6 +62,9 @@ impl TestClient { created_keys: Some(HashSet::new()), }; + let ipc_handler = unix_socket::Handler::new(TEST_SOCKET_PATH.into(), Some(TEST_TIMEOUT)); + client.basic_client.set_ipc_handler(Box::from(ipc_handler)); + let crypto_provider = client.find_crypto_provider(); client.set_provider(crypto_provider); client diff --git a/e2e_tests/src/raw_request.rs b/e2e_tests/src/raw_request.rs index 9ee08f41..93696c72 100644 --- a/e2e_tests/src/raw_request.rs +++ b/e2e_tests/src/raw_request.rs @@ -13,7 +13,7 @@ const MAX_BODY_SIZE: usize = 1 << 31; #[derive(Copy, Clone, Debug)] pub struct RawRequestClient; -static SOCKET_PATH: &str = "/run/parsec/parsec.sock"; +static SOCKET_PATH: &str = "/tmp/parsec.sock"; const TIMEOUT: Duration = Duration::from_secs(5); #[allow(clippy::new_without_default)] diff --git a/e2e_tests/tests/config/tomls/list_providers_1.toml b/e2e_tests/tests/config/tomls/list_providers_1.toml index 9f022ee2..582ea5d0 100644 --- a/e2e_tests/tests/config/tomls/list_providers_1.toml +++ b/e2e_tests/tests/config/tomls/list_providers_1.toml @@ -6,10 +6,12 @@ log_error_details = true [listener] listener_type = "DomainSocket" timeout = 200 # in milliseconds +socket_path = "/tmp/parsec.sock" [[key_manager]] name = "on-disk-manager" manager_type = "OnDisk" +store_path = "./mappings" [[provider]] provider_type = "MbedCrypto" diff --git a/e2e_tests/tests/config/tomls/list_providers_2.toml b/e2e_tests/tests/config/tomls/list_providers_2.toml index 7dc006d6..78a8aae7 100644 --- a/e2e_tests/tests/config/tomls/list_providers_2.toml +++ b/e2e_tests/tests/config/tomls/list_providers_2.toml @@ -6,10 +6,12 @@ log_error_details = true [listener] listener_type = "DomainSocket" timeout = 200 # in milliseconds +socket_path = "/tmp/parsec.sock" [[key_manager]] name = "on-disk-manager" manager_type = "OnDisk" +store_path = "./mappings" [[provider]] provider_type = "Pkcs11" diff --git a/e2e_tests/tests/config/tomls/pkcs11_software.toml b/e2e_tests/tests/config/tomls/pkcs11_software.toml index a16b03a0..d5b58cfd 100644 --- a/e2e_tests/tests/config/tomls/pkcs11_software.toml +++ b/e2e_tests/tests/config/tomls/pkcs11_software.toml @@ -12,10 +12,12 @@ listener_type = "DomainSocket" # The timeout needs to be smaller than the test client timeout (five seconds) as it is testing # that the service does not hang for very big values of body or authentication length. timeout = 3000 # in milliseconds +socket_path = "/tmp/parsec.sock" [[key_manager]] name = "on-disk-manager" manager_type = "OnDisk" +store_path = "./mappings" [[provider]] provider_type = "Pkcs11" diff --git a/e2e_tests/tests/per_provider/normal_tests/export_key.rs b/e2e_tests/tests/per_provider/normal_tests/export_key.rs index b2cacd6b..1b8a1642 100644 --- a/e2e_tests/tests/per_provider/normal_tests/export_key.rs +++ b/e2e_tests/tests/per_provider/normal_tests/export_key.rs @@ -91,14 +91,14 @@ fn export_without_create() { } #[test] -fn import_and_export_public_key() -> Result<()> { +fn import_and_export_key() -> Result<()> { let mut client = TestClient::new(); if !client.is_operation_supported(Opcode::PsaExportKey) { return Ok(()); } - let key_name = String::from("import_and_export_public_key"); + let key_name = String::from("import_and_export_key"); let key_data = vec![ 48, 129, 137, 2, 129, 129, 0, 153, 165, 220, 135, 89, 101, 254, 229, 28, 33, 138, 247, 20, 102, 253, 217, 247, 246, 142, 107, 51, 40, 179, 149, 45, 117, 254, 236, 161, 109, 16, 81, diff --git a/e2e_tests/tests/per_provider/normal_tests/ping.rs b/e2e_tests/tests/per_provider/normal_tests/ping.rs index 5f113731..86bf94a8 100644 --- a/e2e_tests/tests/per_provider/normal_tests/ping.rs +++ b/e2e_tests/tests/per_provider/normal_tests/ping.rs @@ -7,6 +7,8 @@ use parsec_client::core::interface::requests::Opcode; use parsec_client::core::interface::requests::ProviderID; use parsec_client::core::interface::requests::ResponseStatus; use parsec_client::core::interface::requests::Result; +use parsec_client::core::ipc_handler::unix_socket; +use std::time::Duration; #[test] fn test_ping() -> Result<()> { @@ -20,7 +22,13 @@ fn test_ping() -> Result<()> { #[test] fn mangled_ping() { - let client = RequestClient::default(); + let client = RequestClient { + ipc_handler: Box::from(unix_socket::Handler::new( + "/tmp/parsec.sock".into(), + Some(Duration::from_secs(1)), + )), + ..Default::default() + }; let mut req = Request::new(); req.header.provider = ProviderID::Core; req.header.opcode = Opcode::Ping; diff --git a/fuzz/config.toml b/fuzz/config.toml index ce16d148..da8e91e7 100644 --- a/fuzz/config.toml +++ b/fuzz/config.toml @@ -3,10 +3,12 @@ [listener] listener_type = "DomainSocket" timeout = 200 # in milliseconds +socket_path = "/tmp/parsec.sock" [[key_manager]] name = "on-disk-manager" manager_type = "OnDisk" +store_path = "./mappings" # [[provider]] # provider_type = "MbedCryptoProvider" diff --git a/src/front/domain_socket.rs b/src/front/domain_socket.rs index 62b9a7a7..56007697 100644 --- a/src/front/domain_socket.rs +++ b/src/front/domain_socket.rs @@ -7,22 +7,19 @@ use super::listener; use listener::Listen; use listener::{Connection, ConnectionMetadata}; -use log::error; -#[cfg(not(feature = "no-parsec-user-and-clients-group"))] -use std::ffi::CString; +use log::{error, warn}; use std::fs; use std::fs::Permissions; use std::io::{Error, ErrorKind, Result}; +use std::os::unix::fs::FileTypeExt; use std::os::unix::fs::PermissionsExt; use std::os::unix::io::FromRawFd; use std::os::unix::net::UnixListener; -use std::path::Path; +use std::path::PathBuf; use std::time::Duration; -static SOCKET_PATH: &str = "/run/parsec/parsec.sock"; -#[cfg(not(feature = "no-parsec-user-and-clients-group"))] +static DEFAULT_SOCKET_PATH: &str = "/run/parsec/parsec.sock"; const PARSEC_USERNAME: &str = "parsec"; -#[cfg(not(feature = "no-parsec-user-and-clients-group"))] const PARSEC_GROUPNAME: &str = "parsec-clients"; /// Unix Domain Socket IPC manager @@ -38,29 +35,37 @@ pub struct DomainSocketListener { impl DomainSocketListener { /// Initialise the connection to the Unix socket. - pub fn new(timeout: Duration) -> Result { - #[cfg(not(feature = "no-parsec-user-and-clients-group"))] - DomainSocketListener::check_user_details()?; + pub fn new(timeout: Duration, socket_path: PathBuf) -> Result { + DomainSocketListener::check_user_details(); // If Parsec was service activated or not started under systemd, this // will return `0`. `1` will be returned in case Parsec is socket activated. let listener = match sd_notify::listen_fds()? { 0 => { - let socket = Path::new(SOCKET_PATH); - let parent_dir = socket.parent().unwrap(); - if !parent_dir.exists() { - fs::create_dir_all(parent_dir)?; - } else if socket.exists() { - fs::remove_file(&socket)?; + if socket_path.exists() { + let meta = fs::metadata(&socket_path)?; + if meta.file_type().is_socket() { + warn!( + "Removing the existing socket file at {}.", + socket_path.display() + ); + fs::remove_file(&socket_path)?; + } else { + error!( + "A file exists at {} but is not a Unix Domain Socket.", + socket_path.display() + ); + } } - let listener = UnixListener::bind(SOCKET_PATH)?; + // Will fail if a file already exists at the path. + let listener = UnixListener::bind(&socket_path)?; listener.set_nonblocking(true)?; // Set the socket's permission to 666 to allow clients of different user to // connect. let permissions = Permissions::from_mode(0o666); - fs::set_permissions(SOCKET_PATH, permissions)?; + fs::set_permissions(socket_path, permissions)?; listener } @@ -88,53 +93,17 @@ impl DomainSocketListener { Ok(Self { listener, timeout }) } - #[cfg(not(feature = "no-parsec-user-and-clients-group"))] - fn check_user_details() -> Result<()> { + fn check_user_details() { // Check Parsec is running as parsec user if users::get_current_username() != Some(PARSEC_USERNAME.into()) { - error!( - "Incorrect user. Parsec should be run as user {}.", + warn!( + "Incorrect user. Parsec should be run as user {}. Follow recommendations to install Parsec securely or clients might not be able to connect.", PARSEC_USERNAME ); - return Err(Error::new( - ErrorKind::PermissionDenied, - "Parsec run as incorrect user", - )); } - // Check Parsec client group exists and parsec user is a member of it - if let Some(parsec_clients_group) = users::get_group_by_name(PARSEC_GROUPNAME) { - if let Some(groups) = users::get_user_groups(PARSEC_USERNAME, users::get_current_gid()) - { - // Split to make `clippy` happy - let parsec_user_in_parsec_clients_group = groups.into_iter().any(|group| { - group.gid() == parsec_clients_group.gid() - && group.name() == parsec_clients_group.name() - }); - // Check the parsec user is a member of the parsec clients group - if parsec_user_in_parsec_clients_group { - return Ok(()); - } - error!( - "{} user not a member of {}.", - PARSEC_USERNAME, PARSEC_GROUPNAME - ); - Err(Error::new( - ErrorKind::PermissionDenied, - "User permissions incorrect", - )) - } else { - error!("Retrieval of groups for user {} failed.", PARSEC_USERNAME); - Err(Error::new( - ErrorKind::InvalidInput, - "Failed to retrieve user groups", - )) - } - } else { - error!("{} group does not exist.", PARSEC_GROUPNAME); - Err(Error::new( - ErrorKind::PermissionDenied, - "Group permissions incorrect", - )) + // Check Parsec client group exists + if users::get_group_by_name(PARSEC_GROUPNAME).is_none() { + warn!("{} group does not exist. Follow recommendations to install Parsec securely or clients might not be able to connect.", PARSEC_GROUPNAME); } } } @@ -190,15 +159,19 @@ impl Listen for DomainSocketListener { } /// Builder for `DomainSocketListener` -#[derive(Copy, Clone, Debug, Default)] +#[derive(Clone, Debug, Default)] pub struct DomainSocketListenerBuilder { timeout: Option, + socket_path: Option, } impl DomainSocketListenerBuilder { /// Create a new DomainSocketListener builder pub fn new() -> Self { - DomainSocketListenerBuilder { timeout: None } + DomainSocketListenerBuilder { + timeout: None, + socket_path: None, + } } /// Add a timeout on the Unix Domain Socket used @@ -207,12 +180,22 @@ impl DomainSocketListenerBuilder { self } + /// Specify the Unix Domain Socket path + pub fn with_socket_path(mut self, socket_path: Option) -> Self { + self.socket_path = socket_path; + self + } + /// Build the builder into the listener pub fn build(self) -> Result { - DomainSocketListener::new(self.timeout.ok_or_else(|| { - error!("The listener timeout was not set."); - Error::new(ErrorKind::InvalidInput, "listener timeout missing") - })?) + DomainSocketListener::new( + self.timeout.ok_or_else(|| { + error!("The listener timeout was not set."); + Error::new(ErrorKind::InvalidInput, "listener timeout missing") + })?, + self.socket_path + .unwrap_or_else(|| DEFAULT_SOCKET_PATH.into()), + ) } } diff --git a/src/front/front_end.rs b/src/front/front_end.rs index 802f060f..65eb0689 100644 --- a/src/front/front_end.rs +++ b/src/front/front_end.rs @@ -107,7 +107,7 @@ impl FrontEndHandler { if crate::utils::GlobalConfig::log_error_details() { if let Some(app_name_string) = app_name { info!( - "Response from application name \"{}\" sent back", + "Response for application name \"{}\" sent back", app_name_string ); } else { diff --git a/src/front/listener.rs b/src/front/listener.rs index cd8b7e04..f1d2dbe8 100644 --- a/src/front/listener.rs +++ b/src/front/listener.rs @@ -23,12 +23,14 @@ pub enum ListenerType { } /// Configuration of the Listener -#[derive(Copy, Clone, Deserialize, Debug)] +#[derive(Clone, Deserialize, Debug)] pub struct ListenerConfig { /// Type of the Listener pub listener_type: ListenerType, /// Timeout of the Listener before the connection errors out (in milliseconds) pub timeout: u64, + /// Path of the Unix Domain socket + pub socket_path: Option, } /// Specifies metadata associated with a connection, if any. diff --git a/src/key_info_managers/on_disk_manager/mod.rs b/src/key_info_managers/on_disk_manager/mod.rs index 435bb14f..3b4f6a66 100644 --- a/src/key_info_managers/on_disk_manager/mod.rs +++ b/src/key_info_managers/on_disk_manager/mod.rs @@ -25,7 +25,7 @@ use std::io::{Error, ErrorKind, Read, Write}; use std::path::PathBuf; /// Default path where the mapping files will be stored on disk -pub const DEFAULT_MAPPINGS_PATH: &str = "./mappings"; +pub const DEFAULT_MAPPINGS_PATH: &str = "/var/lib/parsec/mappings"; /// A key info manager storing key triple to key info mapping on files on disk #[derive(Debug)] diff --git a/src/utils/service_builder.rs b/src/utils/service_builder.rs index 81434189..63bcf23c 100644 --- a/src/utils/service_builder.rs +++ b/src/utils/service_builder.rs @@ -163,6 +163,7 @@ impl ServiceBuilder { let listener = match config.listener_type { ListenerType::DomainSocket => DomainSocketListenerBuilder::new() .with_timeout(Duration::from_millis(config.timeout)) + .with_socket_path(config.socket_path.map(|s| s.into())) .build(), }?; diff --git a/systemd-daemon/parsec.service b/systemd-daemon/parsec.service index a541c33e..fd67ea18 100644 --- a/systemd-daemon/parsec.service +++ b/systemd-daemon/parsec.service @@ -4,7 +4,7 @@ Documentation=https://parallaxsecond.github.io/parsec-book/parsec_service/instal [Service] WorkingDirectory=/home/parsec/ -ExecStart=/home/parsec/.cargo/bin/parsec +ExecStart=/usr/libexec/parsec/parsec --config /etc/parsec/config.toml [Install] WantedBy=default.target From 9275f3a79695a9ad24891e90f383ad68a2f6334c Mon Sep 17 00:00:00 2001 From: Hugues de Valon Date: Fri, 2 Oct 2020 11:08:22 +0100 Subject: [PATCH 3/3] Update Rust Client version for tests Signed-off-by: Hugues de Valon --- e2e_tests/Cargo.toml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/e2e_tests/Cargo.toml b/e2e_tests/Cargo.toml index a7325c88..ea74b34e 100644 --- a/e2e_tests/Cargo.toml +++ b/e2e_tests/Cargo.toml @@ -14,14 +14,10 @@ publish = false [dependencies] serde = { version = "1.0.115", features = ["derive"] } -parsec-client = { version = "0.9.0", features = ["testing"] } +parsec-client = { version = "0.10.0", features = ["testing"] } log = "0.4.11" rand = "0.7.3" -[patch.crates-io] -# Just to make the CI pass, update with the newest version -parsec-client = { git = 'https://github.com/hug-dev/parsec-client-rust', branch = 'new-socket-path' } - [dev-dependencies] ring = "0.16.15" env_logger = "0.7.1"