From c295d0eb4b11a024d1607f6a80275f372c345c08 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@strongswan.org>
Date: Wed, 26 Sep 2007 14:02:21 +0000
Subject: refactored strongswan manager   removed buggy request parsing code,
 use ClearSilvers CGI kit instead fixed CHILD_SA listing in manager (needs
 better design) using secure XML communication through unix sockets removed
 images with questionable (non-GPL) license

---
 src/charon/control/interfaces/stroke_interface.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src/charon/control/interfaces/stroke_interface.c')

diff --git a/src/charon/control/interfaces/stroke_interface.c b/src/charon/control/interfaces/stroke_interface.c
index 74bfa1aec..3ab6b5700 100755
--- a/src/charon/control/interfaces/stroke_interface.c
+++ b/src/charon/control/interfaces/stroke_interface.c
@@ -1698,7 +1698,7 @@ interface_t *interface_create()
 		return NULL;
 	}
 	
-	old = umask(~S_IRWXU);
+	old = umask(~(S_IRWXU | S_IRWXG));
 	if (bind(this->socket, (struct sockaddr *)&socket_addr, sizeof(socket_addr)) < 0)
 	{
 		DBG1(DBG_CFG, "could not bind stroke socket: %s", strerror(errno));
@@ -1707,6 +1707,11 @@ interface_t *interface_create()
 		return NULL;
 	}
 	umask(old);
+	if (chown(socket_addr.sun_path, IPSEC_UID, IPSEC_GID) != 0)
+	{
+		DBG1(DBG_CFG, "changing stroke socket permissions failed: %s",
+			 strerror(errno));
+	}
 	
 	if (listen(this->socket, 0) < 0)
 	{
-- 
cgit v1.2.3