Merge pull request #192 from hug-dev/socket-path

Modify socket path

e2e_tests/src/lib.rs

@@ -19,6 +19,7 @@ use parsec_client::core::interface::operations::psa_key_attributes::{
     Attributes, Lifetime, Policy, Type, UsageFlags,
 };
 use parsec_client::core::interface::requests::{Opcode, ProviderID, ResponseStatus, Result};
+use parsec_client::core::secrecy::{ExposeSecret, Secret};
 use parsec_client::error::Error;
 use std::collections::HashSet;
 use std::time::Duration;
@@ -48,7 +49,9 @@ impl TestClient {
     /// a call to `list_providers`, followed by choosing the first non-Core provider.
     pub fn new() -> TestClient {
         let mut client = TestClient {
-            basic_client: BasicClient::new(AuthenticationData::AppIdentity(String::from("root"))),
+            basic_client: BasicClient::new(AuthenticationData::AppIdentity(Secret::new(
+                String::from("root"),
+            ))),
             created_keys: Some(HashSet::new()),
         };
 
@@ -88,13 +91,13 @@ impl TestClient {
     /// Set the client authentication string.
     pub fn set_auth(&mut self, auth: String) {
         self.basic_client
-            .set_auth_data(AuthenticationData::AppIdentity(auth));
+            .set_auth_data(AuthenticationData::AppIdentity(Secret::new(auth)));
     }
 
     /// Get client authentication string.
     pub fn auth(&self) -> String {
         if let AuthenticationData::AppIdentity(app_name) = self.basic_client.auth_data() {
-            app_name
+            app_name.expose_secret().to_string()
         } else {
             panic!("Client should always be using AppIdentity-based authentication");
         }
@@ -162,7 +165,7 @@ impl TestClient {
         data: Vec<u8>,
     ) -> Result<()> {
         self.basic_client
-            .psa_import_key(key_name.clone(), data, attributes)
+            .psa_import_key(key_name.clone(), &data, attributes)
             .map_err(convert_error)?;
 
         let provider = self.provider().unwrap();
@@ -239,7 +242,7 @@ impl TestClient {
         hash: Vec<u8>,
     ) -> Result<Vec<u8>> {
         self.basic_client
-            .psa_sign_hash(key_name, hash, alg)
+            .psa_sign_hash(key_name, &hash, alg)
             .map_err(convert_error)
     }
 
@@ -263,7 +266,7 @@ impl TestClient {
         signature: Vec<u8>,
     ) -> Result<()> {
         self.basic_client
-            .psa_verify_hash(key_name, hash, alg, signature)
+            .psa_verify_hash(key_name, &hash, alg, &signature)
             .map_err(convert_error)
     }
 

e2e_tests/src/raw_request.rs

@@ -13,7 +13,7 @@ const MAX_BODY_SIZE: usize = 1 << 31;
 #[derive(Copy, Clone, Debug)]
 pub struct RawRequestClient;
 
-static SOCKET_PATH: &str = "/tmp/security-daemon-socket";
+static SOCKET_PATH: &str = "/tmp/parsec/parsec.sock";
 const TIMEOUT: Duration = Duration::from_secs(5);
 
 #[allow(clippy::new_without_default)]

e2e_tests/tests/per_provider/normal_tests/create_destroy_key.rs

@@ -104,9 +104,7 @@ fn generate_public_rsa_check_modulus() -> Result<()> {
 fn failed_created_key_should_be_removed() -> Result<()> {
     let mut client = TestClient::new();
     let key_name = String::from("failed_created_key_should_be_removed");
-    const GARBAGE_IMPORT_DATA: [u8; 1] = [
-        48,
-    ];
+    const GARBAGE_IMPORT_DATA: [u8; 1] = [48];
 
     // The data being imported is garbage, should fail
     let _ = client

e2e_tests/tests/per_provider/normal_tests/ping.rs

@@ -24,7 +24,7 @@ fn mangled_ping() {
     let mut req = Request::new();
     req.header.provider = ProviderID::Core;
     req.header.opcode = Opcode::Ping;
-    req.auth = RequestAuth::from_bytes(Vec::from("root"));
+    req.auth = RequestAuth::new(Vec::from("root"));
 
     req.body = RequestBody::_from_bytes(vec![0x11, 0x22, 0x33, 0x44, 0x55]);
 

src/front/domain_socket.rs

@@ -9,13 +9,15 @@ use listener::Listen;
 use listener::ReadWrite;
 use log::error;
 use std::fs;
+use std::fs::Permissions;
 use std::io::{Error, ErrorKind, Result};
+use std::os::unix::fs::PermissionsExt;
 use std::os::unix::io::FromRawFd;
 use std::os::unix::net::UnixListener;
 use std::path::Path;
 use std::time::Duration;
 
-static SOCKET_PATH: &str = "/tmp/security-daemon-socket";
+static SOCKET_PATH: &str = "/tmp/parsec/parsec.sock";
 
 /// Unix Domain Socket IPC manager
 ///
@@ -52,6 +54,11 @@ impl DomainSocketListener {
                 let listener = UnixListener::bind(SOCKET_PATH)?;
                 listener.set_nonblocking(true)?;
 
+                // Set the socket's permission to 666 to allow clients of different user to
+                // connect.
+                let permissions = Permissions::from_mode(0o666);
+                fs::set_permissions(SOCKET_PATH, permissions)?;
+
                 listener
             }
             1 => {
@@ -61,6 +68,7 @@ impl DomainSocketListener {
                 // Safe as listen_fds gives us the information that one file descriptor was
                 // received and its value starts from SD_LISTEN_FDS_START.
                 unsafe { UnixListener::from_raw_fd(nfd) }
+                // Expect the socket created by systemd to be 666 on permissions.
             }
             n => {
                 error!(

systemd-daemon/parsec.service

@@ -1,9 +1,10 @@
 [Unit]
-Description=PARSEC Service
-Documentation=https://github.com/parallaxsecond/parsec
+Description=Parsec Service
+Documentation=https://parallaxsecond.github.io/parsec-book/parsec_service/install_parsec_linux.html
 
 [Service]
-Type=notify
-NonBlocking=true
-Environment=RUST_LOG=info
+WorkingDirectory=/home/parsec/
 ExecStart=/home/parsec/.cargo/bin/parsec
+
+[Install]
+WantedBy=default.target