[CalendarServer-changes] [14777] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Mon May 11 15:05:22 PDT 2015
Revision: 14777
http://trac.calendarserver.org//changeset/14777
Author: sagen at apple.com
Date: 2015-05-11 15:05:22 -0700 (Mon, 11 May 2015)
Log Message:
-----------
Break request sockets out into their own directory so we can manage their permissions separately
Modified Paths:
--------------
CalendarServer/trunk/calendarserver/tap/caldav.py
CalendarServer/trunk/calendarserver/tap/util.py
CalendarServer/trunk/conf/caldavd-apple.plist
CalendarServer/trunk/conf/caldavd-test.plist
CalendarServer/trunk/twistedcaldav/stdconfig.py
Modified: CalendarServer/trunk/calendarserver/tap/caldav.py
===================================================================
--- CalendarServer/trunk/calendarserver/tap/caldav.py 2015-05-11 20:14:22 UTC (rev 14776)
+++ CalendarServer/trunk/calendarserver/tap/caldav.py 2015-05-11 22:05:22 UTC (rev 14777)
@@ -1112,7 +1112,7 @@
# Inherit a single socket to receive accept()ed connections via
# recvmsg() and SCM_RIGHTS.
- if config.UseSocketFiles:
+ if config.SocketFiles.Enabled:
# TLS will be handled by a front-end web proxy
contextFactory = None
else:
@@ -1130,7 +1130,7 @@
ReportingHTTPService(
requestFactory, int(config.MetaFD), contextFactory,
- usingSocketFile=config.UseSocketFiles
+ usingSocketFile=config.SocketFiles.Enabled
).setServiceParent(connectionService)
else: # Not inheriting, therefore we open our own:
@@ -1755,16 +1755,16 @@
s._inheritedSockets = []
dispatcher = None
- if config.UseSocketFiles:
- if config.SecuredRequestsSocket:
+ if config.SocketFiles.Enabled:
+ if config.SocketFiles.Secured:
# TLS-secured requests will arrive via this Unix domain socket file
cl.addSocketFileService(
- "SSL", config.SecuredRequestsSocket, config.ListenBacklog
+ "SSL", config.SocketFiles.Secured, config.ListenBacklog
)
- if config.UnsecuredRequestsSocket:
+ if config.SocketFiles.Unsecured:
# Unsecured requests will arrive via this Unix domain socket file
cl.addSocketFileService(
- "TCP", config.UnsecuredRequestsSocket, config.ListenBacklog
+ "TCP", config.SocketFiles.Unsecured, config.ListenBacklog
)
else:
Modified: CalendarServer/trunk/calendarserver/tap/util.py
===================================================================
--- CalendarServer/trunk/calendarserver/tap/util.py 2015-05-11 20:14:22 UTC (rev 14776)
+++ CalendarServer/trunk/calendarserver/tap/util.py 2015-05-11 22:05:22 UTC (rev 14777)
@@ -1046,6 +1046,17 @@
access=os.W_OK,
create=(0750, config.UserName, config.GroupName),
)
+ if config.SocketFiles.Enabled:
+ checkDirectory(
+ config.SocketRoot,
+ "Socket file root",
+ access=os.W_OK,
+ create=(
+ config.SocketFiles.Permissions,
+ config.SocketFiles.Owner,
+ config.SocketFiles.Group
+ )
+ )
# Always create these:
checkDirectory(
config.LogRoot,
Modified: CalendarServer/trunk/conf/caldavd-apple.plist
===================================================================
--- CalendarServer/trunk/conf/caldavd-apple.plist 2015-05-11 20:14:22 UTC (rev 14776)
+++ CalendarServer/trunk/conf/caldavd-apple.plist 2015-05-11 22:05:22 UTC (rev 14777)
@@ -42,6 +42,19 @@
<key>EnableCardDAV</key>
<false/>
+ <!-- Socket Files -->
+ <key>SocketFiles</key>
+ <dict>
+ <key>Enabled</key>
+ <false/>
+ <key>Owner</key>
+ <string>_calendar</string>
+ <key>Group</key>
+ <string>_www</string>
+ </dict>
+ <key>SocketRoot</key>
+ <string>/var/run/caldavd_requests</string>
+
<!-- HTTP port [0 = disable HTTP] -->
<key>HTTPPort</key>
<integer>8008</integer>
Modified: CalendarServer/trunk/conf/caldavd-test.plist
===================================================================
--- CalendarServer/trunk/conf/caldavd-test.plist 2015-05-11 20:14:22 UTC (rev 14776)
+++ CalendarServer/trunk/conf/caldavd-test.plist 2015-05-11 22:05:22 UTC (rev 14777)
@@ -42,6 +42,15 @@
<key>EnableCardDAV</key>
<true/>
+ <!-- Socket Files -->
+ <key>SocketFiles</key>
+ <dict>
+ <key>Enabled</key>
+ <false/>
+ </dict>
+ <key>SocketRoot</key>
+ <string>/tmp/calendarserver</string>
+
<!-- HTTP port [0 = disable HTTP] -->
<key>HTTPPort</key>
<integer>8008</integer>
Modified: CalendarServer/trunk/twistedcaldav/stdconfig.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/stdconfig.py 2015-05-11 20:14:22 UTC (rev 14776)
+++ CalendarServer/trunk/twistedcaldav/stdconfig.py 2015-05-11 22:05:22 UTC (rev 14777)
@@ -174,9 +174,15 @@
# This configures the actual network address that the server binds to.
#
- "UseSocketFiles" : False, # If True, server won't bind to any TCP sockets
- "SecuredRequestsSocket": "caldavd_secured.sock", # Socket file to listen for secure requests on
- "UnsecuredRequestsSocket": "caldavd_unsecured.sock", # Socket file to listen for insecure requests on
+ "SocketFiles": {
+ "Enabled": False,
+ "Secured": "secured.sock", # Socket file to listen for secure requests on
+ "Unsecured": "unsecured.sock", # Socket file to listen for insecure requests on
+ "Owner": "",
+ "Group": "",
+ "Permissions": 0770,
+ },
+ "SocketRoot": "/tmp/calendarserver",
"BindAddresses": [], # List of IP addresses to bind to [empty = all]
"BindHTTPPorts": [], # List of port numbers to bind to for HTTP
@@ -1218,10 +1224,10 @@
("RunRoot", "PIDFile"),
("RunRoot", ("Stats", "UnixStatsSocket",)),
("RunRoot", "ControlSocket"),
- ("RunRoot", "SecuredRequestsSocket"),
- ("RunRoot", "UnsecuredRequestsSocket"),
("RunRoot", ("Memcached", "Pools", "Default", "MemcacheSocket")),
("RunRoot", ("DirectoryProxy", "SocketPath",)),
+ ("SocketRoot", ("SocketFiles", "Secured")),
+ ("SocketRoot", ("SocketFiles", "Unsecured")),
]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20150511/269b2b74/attachment.html>
More information about the calendarserver-changes
mailing list