diff options
author | Tiago Natel de Moura <t.nateldemoura@f5.com> | 2021-11-09 15:48:44 +0300 |
---|---|---|
committer | Tiago Natel de Moura <t.nateldemoura@f5.com> | 2021-11-09 15:48:44 +0300 |
commit | ff6a7053f500414dc74568a4e49adbac7f0cf634 (patch) | |
tree | cda31505e9746138fb864a6b2902b89107e04bc7 /src/nxt_cert.c | |
parent | e878f6d54376ea676b96b56f41708f01cfc4d8b4 (diff) | |
download | unit-ff6a7053f500414dc74568a4e49adbac7f0cf634.tar.gz unit-ff6a7053f500414dc74568a4e49adbac7f0cf634.tar.bz2 |
Introduced SCM_CREDENTIALS / SCM_CREDS in the socket control msgs.
Diffstat (limited to '')
-rw-r--r-- | src/nxt_cert.c | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/src/nxt_cert.c b/src/nxt_cert.c index 1806bc19..01d413e0 100644 --- a/src/nxt_cert.c +++ b/src/nxt_cert.c @@ -1135,7 +1135,17 @@ nxt_cert_store_get_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg) port = nxt_runtime_port_find(task->thread->runtime, msg->port_msg.pid, msg->port_msg.reply_port); - if (port == NULL) { + if (nxt_slow_path(port == NULL)) { + nxt_alert(task, "process port not found (pid %PI, reply_port %d)", + msg->port_msg.pid, msg->port_msg.reply_port); + return; + } + + if (nxt_slow_path(port->type != NXT_PROCESS_CONTROLLER + && port->type != NXT_PROCESS_ROUTER)) + { + nxt_alert(task, "process %PI cannot store certificates", + msg->port_msg.pid); return; } @@ -1206,10 +1216,23 @@ nxt_cert_store_delete_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg) { u_char *p; nxt_str_t name; + nxt_port_t *ctl_port; nxt_runtime_t *rt; nxt_file_name_t *path; rt = task->thread->runtime; + ctl_port = rt->port_by_type[NXT_PROCESS_CONTROLLER]; + + if (nxt_slow_path(ctl_port == NULL)) { + nxt_alert(task, "controller port not found"); + return; + } + + if (nxt_slow_path(nxt_recv_msg_cmsg_pid(msg) != ctl_port->pid)) { + nxt_alert(task, "process %PI cannot delete certificates", + nxt_recv_msg_cmsg_pid(msg)); + return; + } if (nxt_slow_path(rt->certs.start == NULL)) { nxt_alert(task, "no certificates storage directory"); |