[GitHub] [tomcat] minfrin opened a new pull request #382: Add support for unix domain sockets.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
92 messages Options
12345
Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] minfrin opened a new pull request #382: Add support for unix domain sockets.

GitBox

minfrin opened a new pull request #382:
URL: https://github.com/apache/tomcat/pull/382


   First implementation added to
   org.apache.coyote.http11.Http11AprProtocol.
   
   Depends on https://github.com/apache/tomcat-native/pull/8.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

GitBox

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532256127



##########
File path: java/org/apache/tomcat/util/IntrospectionUtils.java
##########
@@ -136,6 +138,19 @@ public static boolean setProperty(Object o, String name, String value,
                         if (actualMethod != null) {
                             actualMethod.append(method.getName()).append("(InetAddress.getByName(\"").append(value).append("\"))");
                         }
+                        // Try a setFoo ( Path )
+                    } else if ("java.nio.file.Path".equals(paramType
+                            .getName())) {
+                        try {
+                            params[0] = Paths.get(value);
+                        } catch (InvalidPathException ipe) {
+                            if (log.isDebugEnabled())
+                                log.debug("IntrospectionUtils: Unable to resolve path:" + value);

Review comment:
       Use the common `[..]` pattern

##########
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##########
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
         // Create the pool for the server socket
         serverSockPool = Pool.create(rootPool);
+
         // Create the APR address that will be bound
-        String addressStr = null;
-        if (getAddress() != null) {
-            addressStr = getAddress().getHostAddress();
-        }
-        int family = Socket.APR_INET;
-        if (Library.APR_HAVE_IPV6) {
-            if (addressStr == null) {
-                if (!OS.IS_BSD) {
+        if (getPath() != null) {
+            if (Library.APR_HAVE_UNIX) {
+                hostname = getPath().toString();
+                family = Socket.APR_UNIX;
+            }
+            else {
+                throw new Exception(sm.getString("endpoint.init.unixnotavail"));
+            }
+        }
+        else {
+
+            if (getAddress() != null) {
+                hostname = getAddress().getHostAddress();
+            }
+            family = Socket.APR_INET;
+            if (Library.APR_HAVE_IPV6) {
+                if (hostname == null) {
+                    if (!OS.IS_BSD) {
+                        family = Socket.APR_UNSPEC;
+                    }
+                } else if (hostname.indexOf(':') >= 0) {
                     family = Socket.APR_UNSPEC;
                 }
-            } else if (addressStr.indexOf(':') >= 0) {
-                family = Socket.APR_UNSPEC;
             }
-         }
+        }
+
+        long sockAddress = Address.info(hostname, family, getPortWithOffset(), 0, rootPool);
 
-        long inetAddress = Address.info(addressStr, family, getPortWithOffset(), 0, rootPool);
         // Create the APR server socket
-        serverSock = Socket.create(Address.getInfo(inetAddress).family,
+        if (family == Socket.APR_UNIX) {
+            serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, rootPool);
+        }
+        else {
+            serverSock = Socket.create(Address.getInfo(sockAddress).family,
                 Socket.SOCK_STREAM,
                 Socket.APR_PROTO_TCP, rootPool);
-        if (OS.IS_UNIX) {
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
-        }
-        if (Library.APR_HAVE_IPV6) {
-            if (getIpv6v6only()) {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
-            } else {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+            if (OS.IS_UNIX) {
+                Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+            }
+            if (Library.APR_HAVE_IPV6) {
+                if (getIpv6v6only()) {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+                } else {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+                }
             }
+            // Deal with the firewalls that tend to drop the inactive sockets
+            Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
         }
-        // Deal with the firewalls that tend to drop the inactive sockets
-        Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
         // Bind the server socket
-        int ret = Socket.bind(serverSock, inetAddress);
+        int ret = Socket.bind(serverSock, sockAddress);
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.bind", "" + ret, Error.strerror(ret)));
         }
+
         // Start listening on the server socket
         ret = Socket.listen(serverSock, getAcceptCount());
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.listen", "" + ret, Error.strerror(ret)));
         }
-        if (OS.IS_WIN32 || OS.IS_WIN64) {
-            // On Windows set the reuseaddr flag after the bind/listen
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+        if (family == Socket.APR_UNIX) {

Review comment:
       What umask will APR use to create the socket file?

##########
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##########
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
         // Create the pool for the server socket
         serverSockPool = Pool.create(rootPool);
+
         // Create the APR address that will be bound
-        String addressStr = null;
-        if (getAddress() != null) {
-            addressStr = getAddress().getHostAddress();
-        }
-        int family = Socket.APR_INET;
-        if (Library.APR_HAVE_IPV6) {
-            if (addressStr == null) {
-                if (!OS.IS_BSD) {
+        if (getPath() != null) {
+            if (Library.APR_HAVE_UNIX) {
+                hostname = getPath().toString();

Review comment:
       That hurts in terms of naming...

##########
File path: java/org/apache/coyote/AbstractProtocol.java
##########
@@ -347,22 +352,27 @@ public String getName() {
     private String getNameInternal() {
         StringBuilder name = new StringBuilder(getNamePrefix());
         name.append('-');
-        if (getAddress() != null) {
-            name.append(getAddress().getHostAddress());
-            name.append('-');
+        if (getPath() != null) {
+            name.append(getPath().getFileName().toString());

Review comment:
       Stupid question: What will happen when I bind two connectors on two different directory with the same socket file name?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] minfrin commented on pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

minfrin commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-735452576


   > Is this complete from your POV? I'd like to give this a spin next month on FreeBSD.
   > Did you run some numbers how it compares for your usecase against localhost?
   
   It's complete from my POV.
   
   My chief interest is getting rid of passwords rather than performance. If I run a server on localhost I need to prevent someone or something trying to connect to that endpoint through the backdoor, and that means shared secrets to protect credentials that show up in backups, etc.
   
   What I want is for httpd to do it's proxy magic, and connect to tomcat over UDS. I can configure this so that only httpd is allowed to connect to tomcat and nothing else. I can then pass certificate credentials from httpd to tomcat using unencrypted JWT, and life becomes easy.
   
   Exposing tomcat directly is no good as there are many tomcats in my case, and I want them separate from one another, but exposed through the same webserver.
   
   AJP over UDS for credential transfer is also theoretically possible, but people are starting to withdraw support for AJP.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532265150



##########
File path: java/org/apache/coyote/AbstractProtocol.java
##########
@@ -347,22 +352,27 @@ public String getName() {
     private String getNameInternal() {
         StringBuilder name = new StringBuilder(getNamePrefix());
         name.append('-');
-        if (getAddress() != null) {
-            name.append(getAddress().getHostAddress());
-            name.append('-');
+        if (getPath() != null) {
+            name.append(getPath().getFileName().toString());

Review comment:
       In theory the name will clash.
   
   We could try the full path separated by dashes? How do we handle windows though, ignore all special characters?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532265195



##########
File path: java/org/apache/tomcat/util/IntrospectionUtils.java
##########
@@ -136,6 +138,19 @@ public static boolean setProperty(Object o, String name, String value,
                         if (actualMethod != null) {
                             actualMethod.append(method.getName()).append("(InetAddress.getByName(\"").append(value).append("\"))");
                         }
+                        // Try a setFoo ( Path )
+                    } else if ("java.nio.file.Path".equals(paramType
+                            .getName())) {
+                        try {
+                            params[0] = Paths.get(value);
+                        } catch (InvalidPathException ipe) {
+                            if (log.isDebugEnabled())
+                                log.debug("IntrospectionUtils: Unable to resolve path:" + value);

Review comment:
       Not following, [..] ?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532265524



##########
File path: java/org/apache/tomcat/util/IntrospectionUtils.java
##########
@@ -136,6 +138,19 @@ public static boolean setProperty(Object o, String name, String value,
                         if (actualMethod != null) {
                             actualMethod.append(method.getName()).append("(InetAddress.getByName(\"").append(value).append("\"))");
                         }
+                        // Try a setFoo ( Path )
+                    } else if ("java.nio.file.Path".equals(paramType
+                            .getName())) {
+                        try {
+                            params[0] = Paths.get(value);
+                        } catch (InvalidPathException ipe) {
+                            if (log.isDebugEnabled())
+                                log.debug("IntrospectionUtils: Unable to resolve path:" + value);

Review comment:
       All log statements in Tomcat guard placeholders with `[]`, e.g., `"Did not find file [foo.xml]"`.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] michael-o commented on pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

michael-o commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-735453352


   So you have shared machine where everyone can snoop on localhost? Since the socket files will be owned by a Tomcat system user you want to add HTTPd to that group to make it interact with Tomcat?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532267259



##########
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##########
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
         // Create the pool for the server socket
         serverSockPool = Pool.create(rootPool);
+
         // Create the APR address that will be bound
-        String addressStr = null;
-        if (getAddress() != null) {
-            addressStr = getAddress().getHostAddress();
-        }
-        int family = Socket.APR_INET;
-        if (Library.APR_HAVE_IPV6) {
-            if (addressStr == null) {
-                if (!OS.IS_BSD) {
+        if (getPath() != null) {
+            if (Library.APR_HAVE_UNIX) {
+                hostname = getPath().toString();
+                family = Socket.APR_UNIX;
+            }
+            else {
+                throw new Exception(sm.getString("endpoint.init.unixnotavail"));
+            }
+        }
+        else {
+
+            if (getAddress() != null) {
+                hostname = getAddress().getHostAddress();
+            }
+            family = Socket.APR_INET;
+            if (Library.APR_HAVE_IPV6) {
+                if (hostname == null) {
+                    if (!OS.IS_BSD) {
+                        family = Socket.APR_UNSPEC;
+                    }
+                } else if (hostname.indexOf(':') >= 0) {
                     family = Socket.APR_UNSPEC;
                 }
-            } else if (addressStr.indexOf(':') >= 0) {
-                family = Socket.APR_UNSPEC;
             }
-         }
+        }
+
+        long sockAddress = Address.info(hostname, family, getPortWithOffset(), 0, rootPool);
 
-        long inetAddress = Address.info(addressStr, family, getPortWithOffset(), 0, rootPool);
         // Create the APR server socket
-        serverSock = Socket.create(Address.getInfo(inetAddress).family,
+        if (family == Socket.APR_UNIX) {
+            serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, rootPool);
+        }
+        else {
+            serverSock = Socket.create(Address.getInfo(sockAddress).family,
                 Socket.SOCK_STREAM,
                 Socket.APR_PROTO_TCP, rootPool);
-        if (OS.IS_UNIX) {
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
-        }
-        if (Library.APR_HAVE_IPV6) {
-            if (getIpv6v6only()) {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
-            } else {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+            if (OS.IS_UNIX) {
+                Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+            }
+            if (Library.APR_HAVE_IPV6) {
+                if (getIpv6v6only()) {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+                } else {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+                }
             }
+            // Deal with the firewalls that tend to drop the inactive sockets
+            Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
         }
-        // Deal with the firewalls that tend to drop the inactive sockets
-        Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
         // Bind the server socket
-        int ret = Socket.bind(serverSock, inetAddress);
+        int ret = Socket.bind(serverSock, sockAddress);
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.bind", "" + ret, Error.strerror(ret)));
         }
+
         // Start listening on the server socket
         ret = Socket.listen(serverSock, getAcceptCount());
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.listen", "" + ret, Error.strerror(ret)));
         }
-        if (OS.IS_WIN32 || OS.IS_WIN64) {
-            // On Windows set the reuseaddr flag after the bind/listen
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+        if (family == Socket.APR_UNIX) {

Review comment:
       The umask of the whole server, which is typically 0027 - not useful for clients that want group write access.
   
   I went on a mission trying to figure out how to handle permissions. Java7+ has the PosixFilePermissions which is great for unix, but not windows. Java7+ also has full access to being able to set permissions via java.nio.file.attribute.AttributeView, but no easy way to create this from a string.
   
   I eventually decided that a simple "explicitly set the socket as world read/write" would do without being mindbendingly complex, the admin can control access to the socket by restricting the parent directory the socket is placed in, outside of the scope of tomcat.
   
   Seems like a reasonable compromise.
   




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532267605



##########
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##########
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
         // Create the pool for the server socket
         serverSockPool = Pool.create(rootPool);
+
         // Create the APR address that will be bound
-        String addressStr = null;
-        if (getAddress() != null) {
-            addressStr = getAddress().getHostAddress();
-        }
-        int family = Socket.APR_INET;
-        if (Library.APR_HAVE_IPV6) {
-            if (addressStr == null) {
-                if (!OS.IS_BSD) {
+        if (getPath() != null) {
+            if (Library.APR_HAVE_UNIX) {
+                hostname = getPath().toString();

Review comment:
       I can try just name if you like?
   
   hostname matches the APR implementation.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] minfrin commented on pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

minfrin commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-735456090


   > So you have shared machine where everyone can snoop on localhost? Since the socket files will be owned by a Tomcat system user you want to add HTTPd to that group to make it interact with Tomcat?
   
   Yes.
   
   In this particular example it's a mailserver, with a whole host of related daemons running. If any of the those daemons allows anything shady, open ports on localhost are an obvious target. This shuts this all down completely.
   
   You can get away with it if you use passwords, or session cookies, but in this case it's 100% certificates, and that creates a problem.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532268550



##########
File path: java/org/apache/coyote/AbstractProtocol.java
##########
@@ -347,22 +352,27 @@ public String getName() {
     private String getNameInternal() {
         StringBuilder name = new StringBuilder(getNamePrefix());
         name.append('-');
-        if (getAddress() != null) {
-            name.append(getAddress().getHostAddress());
-            name.append('-');
+        if (getPath() != null) {
+            name.append(getPath().getFileName().toString());

Review comment:
       I need to think about this, ugly...




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532269203



##########
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##########
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
         // Create the pool for the server socket
         serverSockPool = Pool.create(rootPool);
+
         // Create the APR address that will be bound
-        String addressStr = null;
-        if (getAddress() != null) {
-            addressStr = getAddress().getHostAddress();
-        }
-        int family = Socket.APR_INET;
-        if (Library.APR_HAVE_IPV6) {
-            if (addressStr == null) {
-                if (!OS.IS_BSD) {
+        if (getPath() != null) {
+            if (Library.APR_HAVE_UNIX) {
+                hostname = getPath().toString();

Review comment:
       OK, go with APR consistency here. Though, I'd rather see `address`, but consistency is more important.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532271195



##########
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##########
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
         // Create the pool for the server socket
         serverSockPool = Pool.create(rootPool);
+
         // Create the APR address that will be bound
-        String addressStr = null;
-        if (getAddress() != null) {
-            addressStr = getAddress().getHostAddress();
-        }
-        int family = Socket.APR_INET;
-        if (Library.APR_HAVE_IPV6) {
-            if (addressStr == null) {
-                if (!OS.IS_BSD) {
+        if (getPath() != null) {
+            if (Library.APR_HAVE_UNIX) {
+                hostname = getPath().toString();
+                family = Socket.APR_UNIX;
+            }
+            else {
+                throw new Exception(sm.getString("endpoint.init.unixnotavail"));
+            }
+        }
+        else {
+
+            if (getAddress() != null) {
+                hostname = getAddress().getHostAddress();
+            }
+            family = Socket.APR_INET;
+            if (Library.APR_HAVE_IPV6) {
+                if (hostname == null) {
+                    if (!OS.IS_BSD) {
+                        family = Socket.APR_UNSPEC;
+                    }
+                } else if (hostname.indexOf(':') >= 0) {
                     family = Socket.APR_UNSPEC;
                 }
-            } else if (addressStr.indexOf(':') >= 0) {
-                family = Socket.APR_UNSPEC;
             }
-         }
+        }
+
+        long sockAddress = Address.info(hostname, family, getPortWithOffset(), 0, rootPool);
 
-        long inetAddress = Address.info(addressStr, family, getPortWithOffset(), 0, rootPool);
         // Create the APR server socket
-        serverSock = Socket.create(Address.getInfo(inetAddress).family,
+        if (family == Socket.APR_UNIX) {
+            serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, rootPool);
+        }
+        else {
+            serverSock = Socket.create(Address.getInfo(sockAddress).family,
                 Socket.SOCK_STREAM,
                 Socket.APR_PROTO_TCP, rootPool);
-        if (OS.IS_UNIX) {
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
-        }
-        if (Library.APR_HAVE_IPV6) {
-            if (getIpv6v6only()) {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
-            } else {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+            if (OS.IS_UNIX) {
+                Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+            }
+            if (Library.APR_HAVE_IPV6) {
+                if (getIpv6v6only()) {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+                } else {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+                }
             }
+            // Deal with the firewalls that tend to drop the inactive sockets
+            Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
         }
-        // Deal with the firewalls that tend to drop the inactive sockets
-        Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
         // Bind the server socket
-        int ret = Socket.bind(serverSock, inetAddress);
+        int ret = Socket.bind(serverSock, sockAddress);
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.bind", "" + ret, Error.strerror(ret)));
         }
+
         // Start listening on the server socket
         ret = Socket.listen(serverSock, getAcceptCount());
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.listen", "" + ret, Error.strerror(ret)));
         }
-        if (OS.IS_WIN32 || OS.IS_WIN64) {
-            // On Windows set the reuseaddr flag after the bind/listen
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+        if (family == Socket.APR_UNIX) {

Review comment:
       But if you set the whole socket as world read/write you are back to the same situation as before with localhost?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532272524



##########
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##########
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
         // Create the pool for the server socket
         serverSockPool = Pool.create(rootPool);
+
         // Create the APR address that will be bound
-        String addressStr = null;
-        if (getAddress() != null) {
-            addressStr = getAddress().getHostAddress();
-        }
-        int family = Socket.APR_INET;
-        if (Library.APR_HAVE_IPV6) {
-            if (addressStr == null) {
-                if (!OS.IS_BSD) {
+        if (getPath() != null) {
+            if (Library.APR_HAVE_UNIX) {
+                hostname = getPath().toString();
+                family = Socket.APR_UNIX;
+            }
+            else {
+                throw new Exception(sm.getString("endpoint.init.unixnotavail"));
+            }
+        }
+        else {
+
+            if (getAddress() != null) {
+                hostname = getAddress().getHostAddress();
+            }
+            family = Socket.APR_INET;
+            if (Library.APR_HAVE_IPV6) {
+                if (hostname == null) {
+                    if (!OS.IS_BSD) {
+                        family = Socket.APR_UNSPEC;
+                    }
+                } else if (hostname.indexOf(':') >= 0) {
                     family = Socket.APR_UNSPEC;
                 }
-            } else if (addressStr.indexOf(':') >= 0) {
-                family = Socket.APR_UNSPEC;
             }
-         }
+        }
+
+        long sockAddress = Address.info(hostname, family, getPortWithOffset(), 0, rootPool);
 
-        long inetAddress = Address.info(addressStr, family, getPortWithOffset(), 0, rootPool);
         // Create the APR server socket
-        serverSock = Socket.create(Address.getInfo(inetAddress).family,
+        if (family == Socket.APR_UNIX) {
+            serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, rootPool);
+        }
+        else {
+            serverSock = Socket.create(Address.getInfo(sockAddress).family,
                 Socket.SOCK_STREAM,
                 Socket.APR_PROTO_TCP, rootPool);
-        if (OS.IS_UNIX) {
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
-        }
-        if (Library.APR_HAVE_IPV6) {
-            if (getIpv6v6only()) {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
-            } else {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+            if (OS.IS_UNIX) {
+                Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+            }
+            if (Library.APR_HAVE_IPV6) {
+                if (getIpv6v6only()) {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+                } else {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+                }
             }
+            // Deal with the firewalls that tend to drop the inactive sockets
+            Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
         }
-        // Deal with the firewalls that tend to drop the inactive sockets
-        Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
         // Bind the server socket
-        int ret = Socket.bind(serverSock, inetAddress);
+        int ret = Socket.bind(serverSock, sockAddress);
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.bind", "" + ret, Error.strerror(ret)));
         }
+
         // Start listening on the server socket
         ret = Socket.listen(serverSock, getAcceptCount());
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.listen", "" + ret, Error.strerror(ret)));
         }
-        if (OS.IS_WIN32 || OS.IS_WIN64) {
-            // On Windows set the reuseaddr flag after the bind/listen
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+        if (family == Socket.APR_UNIX) {

Review comment:
       We're not, no, as the permissions on the directory containing the socket come into play:
   
   ```
   Little-Net:tomcat-socket10 minfrin$ ls -al /tmp/protected/
   total 0
   drwxr-x---   3 minfrin  wheel   96 Nov 29 23:39 .
   drwxrwxrwt  11 root     wheel  352 Nov 29 23:39 ..
   srw-rw-rw-   1 minfrin  wheel    0 Nov 29 23:39 tomcat.socket
   ```
   
   Only minfrin and members of the wheel group can see the socket above.
   




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532272524



##########
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##########
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
         // Create the pool for the server socket
         serverSockPool = Pool.create(rootPool);
+
         // Create the APR address that will be bound
-        String addressStr = null;
-        if (getAddress() != null) {
-            addressStr = getAddress().getHostAddress();
-        }
-        int family = Socket.APR_INET;
-        if (Library.APR_HAVE_IPV6) {
-            if (addressStr == null) {
-                if (!OS.IS_BSD) {
+        if (getPath() != null) {
+            if (Library.APR_HAVE_UNIX) {
+                hostname = getPath().toString();
+                family = Socket.APR_UNIX;
+            }
+            else {
+                throw new Exception(sm.getString("endpoint.init.unixnotavail"));
+            }
+        }
+        else {
+
+            if (getAddress() != null) {
+                hostname = getAddress().getHostAddress();
+            }
+            family = Socket.APR_INET;
+            if (Library.APR_HAVE_IPV6) {
+                if (hostname == null) {
+                    if (!OS.IS_BSD) {
+                        family = Socket.APR_UNSPEC;
+                    }
+                } else if (hostname.indexOf(':') >= 0) {
                     family = Socket.APR_UNSPEC;
                 }
-            } else if (addressStr.indexOf(':') >= 0) {
-                family = Socket.APR_UNSPEC;
             }
-         }
+        }
+
+        long sockAddress = Address.info(hostname, family, getPortWithOffset(), 0, rootPool);
 
-        long inetAddress = Address.info(addressStr, family, getPortWithOffset(), 0, rootPool);
         // Create the APR server socket
-        serverSock = Socket.create(Address.getInfo(inetAddress).family,
+        if (family == Socket.APR_UNIX) {
+            serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, rootPool);
+        }
+        else {
+            serverSock = Socket.create(Address.getInfo(sockAddress).family,
                 Socket.SOCK_STREAM,
                 Socket.APR_PROTO_TCP, rootPool);
-        if (OS.IS_UNIX) {
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
-        }
-        if (Library.APR_HAVE_IPV6) {
-            if (getIpv6v6only()) {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
-            } else {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+            if (OS.IS_UNIX) {
+                Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+            }
+            if (Library.APR_HAVE_IPV6) {
+                if (getIpv6v6only()) {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+                } else {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+                }
             }
+            // Deal with the firewalls that tend to drop the inactive sockets
+            Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
         }
-        // Deal with the firewalls that tend to drop the inactive sockets
-        Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
         // Bind the server socket
-        int ret = Socket.bind(serverSock, inetAddress);
+        int ret = Socket.bind(serverSock, sockAddress);
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.bind", "" + ret, Error.strerror(ret)));
         }
+
         // Start listening on the server socket
         ret = Socket.listen(serverSock, getAcceptCount());
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.listen", "" + ret, Error.strerror(ret)));
         }
-        if (OS.IS_WIN32 || OS.IS_WIN64) {
-            // On Windows set the reuseaddr flag after the bind/listen
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+        if (family == Socket.APR_UNIX) {

Review comment:
       We're not, no, as the permissions on the directory containing the socket come into play:
   
   ```
   Little-Net:tomcat-socket10 minfrin$ ls -al /tmp/protected/
   total 0
   drwxr-x---   3 minfrin  wheel   96 Nov 29 23:39 .
   drwxrwxrwt  11 root     wheel  352 Nov 29 23:39 ..
   srw-rw-rw-   1 minfrin  wheel    0 Nov 29 23:39 tomcat.socket
   ```
   
   Only minfrin and members of the wheel group can read/write the socket above.
   




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532273756



##########
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##########
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
         // Create the pool for the server socket
         serverSockPool = Pool.create(rootPool);
+
         // Create the APR address that will be bound
-        String addressStr = null;
-        if (getAddress() != null) {
-            addressStr = getAddress().getHostAddress();
-        }
-        int family = Socket.APR_INET;
-        if (Library.APR_HAVE_IPV6) {
-            if (addressStr == null) {
-                if (!OS.IS_BSD) {
+        if (getPath() != null) {
+            if (Library.APR_HAVE_UNIX) {
+                hostname = getPath().toString();
+                family = Socket.APR_UNIX;
+            }
+            else {
+                throw new Exception(sm.getString("endpoint.init.unixnotavail"));
+            }
+        }
+        else {
+
+            if (getAddress() != null) {
+                hostname = getAddress().getHostAddress();
+            }
+            family = Socket.APR_INET;
+            if (Library.APR_HAVE_IPV6) {
+                if (hostname == null) {
+                    if (!OS.IS_BSD) {
+                        family = Socket.APR_UNSPEC;
+                    }
+                } else if (hostname.indexOf(':') >= 0) {
                     family = Socket.APR_UNSPEC;
                 }
-            } else if (addressStr.indexOf(':') >= 0) {
-                family = Socket.APR_UNSPEC;
             }
-         }
+        }
+
+        long sockAddress = Address.info(hostname, family, getPortWithOffset(), 0, rootPool);
 
-        long inetAddress = Address.info(addressStr, family, getPortWithOffset(), 0, rootPool);
         // Create the APR server socket
-        serverSock = Socket.create(Address.getInfo(inetAddress).family,
+        if (family == Socket.APR_UNIX) {
+            serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, rootPool);
+        }
+        else {
+            serverSock = Socket.create(Address.getInfo(sockAddress).family,
                 Socket.SOCK_STREAM,
                 Socket.APR_PROTO_TCP, rootPool);
-        if (OS.IS_UNIX) {
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
-        }
-        if (Library.APR_HAVE_IPV6) {
-            if (getIpv6v6only()) {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
-            } else {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+            if (OS.IS_UNIX) {
+                Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+            }
+            if (Library.APR_HAVE_IPV6) {
+                if (getIpv6v6only()) {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+                } else {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+                }
             }
+            // Deal with the firewalls that tend to drop the inactive sockets
+            Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
         }
-        // Deal with the firewalls that tend to drop the inactive sockets
-        Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
         // Bind the server socket
-        int ret = Socket.bind(serverSock, inetAddress);
+        int ret = Socket.bind(serverSock, sockAddress);
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.bind", "" + ret, Error.strerror(ret)));
         }
+
         // Start listening on the server socket
         ret = Socket.listen(serverSock, getAcceptCount());
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.listen", "" + ret, Error.strerror(ret)));
         }
-        if (OS.IS_WIN32 || OS.IS_WIN64) {
-            // On Windows set the reuseaddr flag after the bind/listen
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+        if (family == Socket.APR_UNIX) {

Review comment:
       A further thing to keep in mind - this implementation is mindful of the JEP-380 work on java as raised here: https://bz.apache.org/bugzilla/show_bug.cgi?id=64850
   
   In future, JEP-380 will allow UDS on wIndows and unix, and I have made sure that nothing done here closes the door on future support.
   
   The https://docs.oracle.com/javase/7/docs/api/java/nio/file/Path.html object is used as the parameter type as it exists in jdks as old as java7+ and it is used in the constructor of the proposed java.net.UnixDomainSocketAddress.
   
   This should allow seamless JEP-380 support in future, while giving me my UDS today.
   




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532274020



##########
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##########
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
         // Create the pool for the server socket
         serverSockPool = Pool.create(rootPool);
+
         // Create the APR address that will be bound
-        String addressStr = null;
-        if (getAddress() != null) {
-            addressStr = getAddress().getHostAddress();
-        }
-        int family = Socket.APR_INET;
-        if (Library.APR_HAVE_IPV6) {
-            if (addressStr == null) {
-                if (!OS.IS_BSD) {
+        if (getPath() != null) {
+            if (Library.APR_HAVE_UNIX) {
+                hostname = getPath().toString();
+                family = Socket.APR_UNIX;
+            }
+            else {
+                throw new Exception(sm.getString("endpoint.init.unixnotavail"));
+            }
+        }
+        else {
+
+            if (getAddress() != null) {
+                hostname = getAddress().getHostAddress();
+            }
+            family = Socket.APR_INET;
+            if (Library.APR_HAVE_IPV6) {
+                if (hostname == null) {
+                    if (!OS.IS_BSD) {
+                        family = Socket.APR_UNSPEC;
+                    }
+                } else if (hostname.indexOf(':') >= 0) {
                     family = Socket.APR_UNSPEC;
                 }
-            } else if (addressStr.indexOf(':') >= 0) {
-                family = Socket.APR_UNSPEC;
             }
-         }
+        }
+
+        long sockAddress = Address.info(hostname, family, getPortWithOffset(), 0, rootPool);
 
-        long inetAddress = Address.info(addressStr, family, getPortWithOffset(), 0, rootPool);
         // Create the APR server socket
-        serverSock = Socket.create(Address.getInfo(inetAddress).family,
+        if (family == Socket.APR_UNIX) {
+            serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, rootPool);
+        }
+        else {
+            serverSock = Socket.create(Address.getInfo(sockAddress).family,
                 Socket.SOCK_STREAM,
                 Socket.APR_PROTO_TCP, rootPool);
-        if (OS.IS_UNIX) {
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
-        }
-        if (Library.APR_HAVE_IPV6) {
-            if (getIpv6v6only()) {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
-            } else {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+            if (OS.IS_UNIX) {
+                Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+            }
+            if (Library.APR_HAVE_IPV6) {
+                if (getIpv6v6only()) {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+                } else {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+                }
             }
+            // Deal with the firewalls that tend to drop the inactive sockets
+            Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
         }
-        // Deal with the firewalls that tend to drop the inactive sockets
-        Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
         // Bind the server socket
-        int ret = Socket.bind(serverSock, inetAddress);
+        int ret = Socket.bind(serverSock, sockAddress);
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.bind", "" + ret, Error.strerror(ret)));
         }
+
         // Start listening on the server socket
         ret = Socket.listen(serverSock, getAcceptCount());
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.listen", "" + ret, Error.strerror(ret)));
         }
-        if (OS.IS_WIN32 || OS.IS_WIN64) {
-            // On Windows set the reuseaddr flag after the bind/listen
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+        if (family == Socket.APR_UNIX) {

Review comment:
       Hmm, I agree on JEP 380. I do think that people will either use `${catalina.base}/work/<name>.sock` or simply `/var/run/<name>.sock`. I would not expect people to create an additional dir for that.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532274717



##########
File path: java/org/apache/tomcat/util/IntrospectionUtils.java
##########
@@ -136,6 +138,19 @@ public static boolean setProperty(Object o, String name, String value,
                         if (actualMethod != null) {
                             actualMethod.append(method.getName()).append("(InetAddress.getByName(\"").append(value).append("\"))");
                         }
+                        // Try a setFoo ( Path )
+                    } else if ("java.nio.file.Path".equals(paramType
+                            .getName())) {
+                        try {
+                            params[0] = Paths.get(value);
+                        } catch (InvalidPathException ipe) {
+                            if (log.isDebugEnabled())
+                                log.debug("IntrospectionUtils: Unable to resolve path:" + value);

Review comment:
       I've fixed this one.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532283784



##########
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##########
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
         // Create the pool for the server socket
         serverSockPool = Pool.create(rootPool);
+
         // Create the APR address that will be bound
-        String addressStr = null;
-        if (getAddress() != null) {
-            addressStr = getAddress().getHostAddress();
-        }
-        int family = Socket.APR_INET;
-        if (Library.APR_HAVE_IPV6) {
-            if (addressStr == null) {
-                if (!OS.IS_BSD) {
+        if (getPath() != null) {
+            if (Library.APR_HAVE_UNIX) {
+                hostname = getPath().toString();
+                family = Socket.APR_UNIX;
+            }
+            else {
+                throw new Exception(sm.getString("endpoint.init.unixnotavail"));
+            }
+        }
+        else {
+
+            if (getAddress() != null) {
+                hostname = getAddress().getHostAddress();
+            }
+            family = Socket.APR_INET;
+            if (Library.APR_HAVE_IPV6) {
+                if (hostname == null) {
+                    if (!OS.IS_BSD) {
+                        family = Socket.APR_UNSPEC;
+                    }
+                } else if (hostname.indexOf(':') >= 0) {
                     family = Socket.APR_UNSPEC;
                 }
-            } else if (addressStr.indexOf(':') >= 0) {
-                family = Socket.APR_UNSPEC;
             }
-         }
+        }
+
+        long sockAddress = Address.info(hostname, family, getPortWithOffset(), 0, rootPool);
 
-        long inetAddress = Address.info(addressStr, family, getPortWithOffset(), 0, rootPool);
         // Create the APR server socket
-        serverSock = Socket.create(Address.getInfo(inetAddress).family,
+        if (family == Socket.APR_UNIX) {
+            serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, rootPool);
+        }
+        else {
+            serverSock = Socket.create(Address.getInfo(sockAddress).family,
                 Socket.SOCK_STREAM,
                 Socket.APR_PROTO_TCP, rootPool);
-        if (OS.IS_UNIX) {
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
-        }
-        if (Library.APR_HAVE_IPV6) {
-            if (getIpv6v6only()) {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
-            } else {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+            if (OS.IS_UNIX) {
+                Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+            }
+            if (Library.APR_HAVE_IPV6) {
+                if (getIpv6v6only()) {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+                } else {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+                }
             }
+            // Deal with the firewalls that tend to drop the inactive sockets
+            Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
         }
-        // Deal with the firewalls that tend to drop the inactive sockets
-        Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
         // Bind the server socket
-        int ret = Socket.bind(serverSock, inetAddress);
+        int ret = Socket.bind(serverSock, sockAddress);
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.bind", "" + ret, Error.strerror(ret)));
         }
+
         // Start listening on the server socket
         ret = Socket.listen(serverSock, getAcceptCount());
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.listen", "" + ret, Error.strerror(ret)));
         }
-        if (OS.IS_WIN32 || OS.IS_WIN64) {
-            // On Windows set the reuseaddr flag after the bind/listen
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+        if (family == Socket.APR_UNIX) {

Review comment:
       Using additional directories is almost universal, this is the /var/run directory on a CentOS8 machine:
   
   ```
   [root@host run]# ls -al /var/run/
   total 20
   drwxr-xr-x. 37 root      root        980 Nov 22 03:04 .
   dr-xr-xr-x. 17 root      root        248 Oct 19 22:35 ..
   srw-rw-rw-.  1 root      root          0 Nov 22 03:03 .heim_org.h5l.kcm-socket
   drwxr-xr-x.  3 root      root        100 Nov 22 03:03 NetworkManager
   -rw-------.  1 root      root          0 Nov 22 03:03 agetty.reload
   -rw-r--r--.  1 root      root          4 Nov 22 03:03 auditd.pid
   drwxr-x---.  2 chrony    chrony       80 Nov 30 01:08 chrony
   drwxr-xr-x.  2 root      root         80 Nov 22 03:03 chrony-helper
   drwx--x---.  2 clamilt   clamilt      60 Nov 22 03:04 clamav-milter
   drwx--x---.  2 clamscan  virusgroup   60 Nov 22 03:04 clamd.scan
   drwxr-xr-x.  2 root      root         40 Nov 22 03:03 console
   ----------.  1 root      root          0 Nov 22 03:03 cron.reboot
   drwx------.  2 root      root         40 Nov 22 03:03 cryptsetup
   drwxr-xr-x.  2 root      root         60 Nov 22 03:03 dbus
   drwxrwx---.  2 dirsrv    dirsrv       80 Nov 22 03:04 dirsrv
   prw-------.  1 root      root          0 Nov 22 03:03 dmeventd-client
   prw-------.  1 root      root          0 Nov 22 03:03 dmeventd-server
   drwxr-xr-x.  5 root      dovecot     800 Nov 22 03:17 dovecot
   drwxr-xr-x.  2 root      root         40 Nov 22 03:03 faillock
   drwxr-x---.  2 root      root         40 Nov 22 03:03 firewalld
   drwxr-xr-x.  2 root      root         80 Nov 22 03:03 fsck
   drwx--x---.  3 root      apache      100 Nov 29 03:14 httpd
   prw-------.  1 root      root          0 Nov 22 03:03 initctl
   drwxr-xr-x.  4 root      root        120 Nov 22 03:03 initramfs
   drwxr-xr-x.  5 root      root        120 Nov 22 03:03 lock
   drwxr-xr-x.  3 root      root         60 Nov 22 03:03 log
   drwx------.  4 root      root        120 Nov 22 03:03 lvm
   drwxr-xr-x.  2 root      root         40 Nov 22 03:03 mount
   drwxr-x---.  2 openarc   openarc      80 Nov 22 03:03 openarc
   drwxr-x---.  2 opendkim  opendkim     80 Nov 22 03:03 opendkim
   drwxr-x---.  2 opendmarc opendmarc    80 Nov 22 03:03 opendmarc
   drwxr-xr-x.  2 root      root         60 Nov 22 03:03 pcscd
   drwxr-xr-x.  2 redis     redis        60 Nov 22 03:03 redis
   drwxr-xr-x.  2 _rspamd   _rspamd      80 Nov 22 03:03 rspamd
   -rw-------.  1 root      root          4 Nov 22 03:03 rsyslogd.pid
   drwxr-xr-x.  2 root      root         40 Nov 22 03:03 samba
   drwxr-xr-x.  2 root      root         40 Nov 22 03:03 sepermit
   drwxr-xr-x.  2 root      root         40 Nov 22 03:03 setrans
   srw-rw-rw-.  1 root      root          0 Nov 22 03:04 slapd-beachfront.socket
   -rw-r--r--.  1 root      root          5 Nov 22 03:03 sshd.pid
   -rw-------.  1 root      root          4 Nov 22 03:03 sssd.pid
   drwx--x--x.  3 root      root         60 Nov 22 03:03 sudo
   drwxr-xr-x. 17 root      root        440 Nov 22 09:32 systemd
   drwxr-xr-x.  2 root      root         60 Nov 22 03:03 tmpfiles.d
   drwxr-xr-x.  2 root      root         60 Nov 22 03:03 tuned
   drwxr-xr-x.  7 root      root        160 Nov 22 03:03 udev
   drwxr-xr-x.  2 unbound   unbound      60 Nov 22 03:03 unbound
   drwxr-xr-x.  3 root      root         60 Nov 30 01:08 user
   -rw-rw-r--.  1 root      utmp       1920 Nov 30 01:08 utmp
   ```
   
   Directories that need privacy, like openarc, are protected (contains a socket).
   




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532284639



##########
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##########
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
         // Create the pool for the server socket
         serverSockPool = Pool.create(rootPool);
+
         // Create the APR address that will be bound
-        String addressStr = null;
-        if (getAddress() != null) {
-            addressStr = getAddress().getHostAddress();
-        }
-        int family = Socket.APR_INET;
-        if (Library.APR_HAVE_IPV6) {
-            if (addressStr == null) {
-                if (!OS.IS_BSD) {
+        if (getPath() != null) {
+            if (Library.APR_HAVE_UNIX) {
+                hostname = getPath().toString();
+                family = Socket.APR_UNIX;
+            }
+            else {
+                throw new Exception(sm.getString("endpoint.init.unixnotavail"));
+            }
+        }
+        else {
+
+            if (getAddress() != null) {
+                hostname = getAddress().getHostAddress();
+            }
+            family = Socket.APR_INET;
+            if (Library.APR_HAVE_IPV6) {
+                if (hostname == null) {
+                    if (!OS.IS_BSD) {
+                        family = Socket.APR_UNSPEC;
+                    }
+                } else if (hostname.indexOf(':') >= 0) {
                     family = Socket.APR_UNSPEC;
                 }
-            } else if (addressStr.indexOf(':') >= 0) {
-                family = Socket.APR_UNSPEC;
             }
-         }
+        }
+
+        long sockAddress = Address.info(hostname, family, getPortWithOffset(), 0, rootPool);
 
-        long inetAddress = Address.info(addressStr, family, getPortWithOffset(), 0, rootPool);
         // Create the APR server socket
-        serverSock = Socket.create(Address.getInfo(inetAddress).family,
+        if (family == Socket.APR_UNIX) {
+            serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, rootPool);
+        }
+        else {
+            serverSock = Socket.create(Address.getInfo(sockAddress).family,
                 Socket.SOCK_STREAM,
                 Socket.APR_PROTO_TCP, rootPool);
-        if (OS.IS_UNIX) {
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
-        }
-        if (Library.APR_HAVE_IPV6) {
-            if (getIpv6v6only()) {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
-            } else {
-                Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+            if (OS.IS_UNIX) {
+                Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+            }
+            if (Library.APR_HAVE_IPV6) {
+                if (getIpv6v6only()) {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+                } else {
+                    Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+                }
             }
+            // Deal with the firewalls that tend to drop the inactive sockets
+            Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
         }
-        // Deal with the firewalls that tend to drop the inactive sockets
-        Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
         // Bind the server socket
-        int ret = Socket.bind(serverSock, inetAddress);
+        int ret = Socket.bind(serverSock, sockAddress);
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.bind", "" + ret, Error.strerror(ret)));
         }
+
         // Start listening on the server socket
         ret = Socket.listen(serverSock, getAcceptCount());
         if (ret != 0) {
             throw new Exception(sm.getString("endpoint.init.listen", "" + ret, Error.strerror(ret)));
         }
-        if (OS.IS_WIN32 || OS.IS_WIN64) {
-            // On Windows set the reuseaddr flag after the bind/listen
-            Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+        if (family == Socket.APR_UNIX) {

Review comment:
       Not necessarily:
   ```
   $ ll /var/run/
   total 100
   -rw-r--r--  1 root   wheel       0 2020-11-29 11:45 clean_var
   -rw-------  1 root   wheel       4 2020-11-29 10:45 cron.pid
   drwxr-xr-x  3 root   wheel     512 2020-07-12 11:56 cups/
   drwxr-xr-x  2 root   wheel     512 2020-10-16 19:12 dbus/
   -rw-------  1 root   wheel       3 2020-11-29 10:45 devd.pid
   srw-rw-rw-  1 root   wheel       0 2020-11-29 10:45 devd.pipe=
   srw-rw-rw-  1 root   wheel       0 2020-11-29 10:45 devd.seqpacket.pipe=
   drwxr-xr-x  2 root   wheel     512 2020-11-29 10:45 dhclient/
   -rw-r--r--  1 root   wheel    8067 2020-11-29 10:45 dmesg.boot
   -rw-r--r--  1 root   wheel       5 2020-11-29 10:45 httpd.pid
   -r--r--r--  1 root   wheel     310 2020-11-29 11:45 ld-elf.so.hints
   -r--r--r--  1 root   wheel     139 2020-11-29 11:45 ld-elf32.so.hints
   srw-rw-rw-  1 root   wheel       0 2020-11-29 10:45 log=
   srw-------  1 root   wheel       0 2020-11-29 10:45 logpriv=
   drwxr-x---  2 nexus  nexus     512 2020-09-29 12:54 nexus2/
   -r--r--r--  1 root   wheel     220 2020-11-29 10:45 os-release
   drwxr-xr-x  2 root   wheel     512 2020-07-23 00:26 poudriere/
   -rw-------  1 root   wheel       3 2020-11-29 10:45 powerd.pid
   drwxrwx---  2 root   network   512 2020-07-02 04:39 ppp/
   drwxr-xr-x  2 redis  redis     512 2020-11-29 10:45 redis/
   drwxr-xr-x  4 root   wheel     512 2020-11-30 00:14 resolvconf/
   -rw-r--r--  1 root   wheel       0 2020-11-29 10:45 rtsold.dump
   -rw-r--r--  1 root   wheel       3 2020-11-29 10:45 rtsold.pid
   -rw-------  1 root   wheel      79 2020-11-29 10:45 sendmail.pid
   -rw-r--r--  1 root   wheel       5 2020-11-29 10:45 sshd.pid
   drwx--x--x  3 root   wheel     512 2020-07-23 01:12 sudo/
   -rw-------  1 root   wheel       3 2020-11-29 10:45 syslog.pid
   -rw-r--r--  1 root   wheel       0 2020-11-29 10:45 syslogd.sockets
   drwx------  2 _tss   _tss      512 2020-07-12 15:33 tpm/
   -rw-r--r--  1 root   wheel     788 2020-11-29 20:03 utx.active
   drwxr-xr-x  2 root   wheel     512 2020-07-02 04:39 wpa_supplicant/
   ```




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

12345