minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532490661
##########
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##########
@@ -292,52 +295,79 @@ public void bind() throws Exception {
// Create the pool for the server socket
serverSockPool = Pool.create(rootPool);
+
// Create the APR address that will be bound
- String addressStr = null;
- if (getAddress() != null) {
- addressStr = getAddress().getHostAddress();
- }
- int family = Socket.APR_INET;
- if (Library.APR_HAVE_IPV6) {
- if (addressStr == null) {
- if (!OS.IS_BSD) {
+ if (getPath() != null) {
+ if (Library.APR_HAVE_UNIX) {
+ hostname = getPath().toString();
+ family = Socket.APR_UNIX;
+ }
+ else {
+ throw new
Exception(sm.getString("endpoint.init.unixnotavail"));
+ }
+ }
+ else {
+
+ if (getAddress() != null) {
+ hostname = getAddress().getHostAddress();
+ }
+ family = Socket.APR_INET;
+ if (Library.APR_HAVE_IPV6) {
+ if (hostname == null) {
+ if (!OS.IS_BSD) {
+ family = Socket.APR_UNSPEC;
+ }
+ } else if (hostname.indexOf(':') >= 0) {
family = Socket.APR_UNSPEC;
}
- } else if (addressStr.indexOf(':') >= 0) {
- family = Socket.APR_UNSPEC;
}
- }
+ }
+
+ long sockAddress = Address.info(hostname, family, getPortWithOffset(),
0, rootPool);
- long inetAddress = Address.info(addressStr, family,
getPortWithOffset(), 0, rootPool);
// Create the APR server socket
- serverSock = Socket.create(Address.getInfo(inetAddress).family,
+ if (family == Socket.APR_UNIX) {
+ serverSock = Socket.create(family, Socket.SOCK_STREAM, 0,
rootPool);
+ }
+ else {
+ serverSock = Socket.create(Address.getInfo(sockAddress).family,
Socket.SOCK_STREAM,
Socket.APR_PROTO_TCP, rootPool);
- if (OS.IS_UNIX) {
- Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
- }
- if (Library.APR_HAVE_IPV6) {
- if (getIpv6v6only()) {
- Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
- } else {
- Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+ if (OS.IS_UNIX) {
+ Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+ }
+ if (Library.APR_HAVE_IPV6) {
+ if (getIpv6v6only()) {
+ Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+ } else {
+ Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+ }
}
+ // Deal with the firewalls that tend to drop the inactive sockets
+ Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
}
- // Deal with the firewalls that tend to drop the inactive sockets
- Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
// Bind the server socket
- int ret = Socket.bind(serverSock, inetAddress);
+ int ret = Socket.bind(serverSock, sockAddress);
if (ret != 0) {
throw new Exception(sm.getString("endpoint.init.bind", "" + ret,
Error.strerror(ret)));
}
+
// Start listening on the server socket
ret = Socket.listen(serverSock, getAcceptCount());
if (ret != 0) {
throw new Exception(sm.getString("endpoint.init.listen", "" + ret,
Error.strerror(ret)));
}
- if (OS.IS_WIN32 || OS.IS_WIN64) {
- // On Windows set the reuseaddr flag after the bind/listen
- Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+ if (family == Socket.APR_UNIX) {
Review comment:
While not universal, placing sockets in protected directories is still
common.
At this stage, until there is a practical way to express permissions as a
string which can then be placed in the connector element in the config, I think
this is a good compromise.
I asked the SO community for their thoughts, and this came up:
https://stackoverflow.com/a/65064406/4598583
I am thinking ahead for any future JEP-380 implementation, which will have
the same issue.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
