summaryrefslogtreecommitdiff
path: root/vendor/github.com/docker/go-connections/sockets
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2022-02-04 09:44:39 -0500
committerDaniel J Walsh <dwalsh@redhat.com>2022-02-04 09:44:39 -0500
commite47a3bec91f65a47a7455f3d970b4ba443565663 (patch)
treec33349bcd36ce3a6ec8902f5c753d91d77873d8e /vendor/github.com/docker/go-connections/sockets
parent4ad9e0030bc20826f735cf4ec0d5ecc287647218 (diff)
downloadpodman-e47a3bec91f65a47a7455f3d970b4ba443565663.tar.gz
podman-e47a3bec91f65a47a7455f3d970b4ba443565663.tar.bz2
podman-e47a3bec91f65a47a7455f3d970b4ba443565663.zip
Vendor in containers/buildah v1.24.1
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'vendor/github.com/docker/go-connections/sockets')
-rw-r--r--vendor/github.com/docker/go-connections/sockets/proxy.go39
-rw-r--r--vendor/github.com/docker/go-connections/sockets/sockets.go12
-rw-r--r--vendor/github.com/docker/go-connections/sockets/sockets_unix.go13
-rw-r--r--vendor/github.com/docker/go-connections/sockets/sockets_windows.go5
-rw-r--r--vendor/github.com/docker/go-connections/sockets/unix_socket.go116
5 files changed, 126 insertions, 59 deletions
diff --git a/vendor/github.com/docker/go-connections/sockets/proxy.go b/vendor/github.com/docker/go-connections/sockets/proxy.go
index 98e9a1dc6..c897cb02a 100644
--- a/vendor/github.com/docker/go-connections/sockets/proxy.go
+++ b/vendor/github.com/docker/go-connections/sockets/proxy.go
@@ -2,11 +2,8 @@ package sockets
import (
"net"
- "net/url"
"os"
"strings"
-
- "golang.org/x/net/proxy"
)
// GetProxyEnv allows access to the uppercase and the lowercase forms of
@@ -20,32 +17,12 @@ func GetProxyEnv(key string) string {
return proxyValue
}
-// DialerFromEnvironment takes in a "direct" *net.Dialer and returns a
-// proxy.Dialer which will route the connections through the proxy using the
-// given dialer.
-func DialerFromEnvironment(direct *net.Dialer) (proxy.Dialer, error) {
- allProxy := GetProxyEnv("all_proxy")
- if len(allProxy) == 0 {
- return direct, nil
- }
-
- proxyURL, err := url.Parse(allProxy)
- if err != nil {
- return direct, err
- }
-
- proxyFromURL, err := proxy.FromURL(proxyURL, direct)
- if err != nil {
- return direct, err
- }
-
- noProxy := GetProxyEnv("no_proxy")
- if len(noProxy) == 0 {
- return proxyFromURL, nil
- }
-
- perHost := proxy.NewPerHost(proxyFromURL, direct)
- perHost.AddFromString(noProxy)
-
- return perHost, nil
+// DialerFromEnvironment was previously used to configure a net.Dialer to route
+// connections through a SOCKS proxy.
+// DEPRECATED: SOCKS proxies are now supported by configuring only
+// http.Transport.Proxy, and no longer require changing http.Transport.Dial.
+// Therefore, only sockets.ConfigureTransport() needs to be called, and any
+// sockets.DialerFromEnvironment() calls can be dropped.
+func DialerFromEnvironment(direct *net.Dialer) (*net.Dialer, error) {
+ return direct, nil
}
diff --git a/vendor/github.com/docker/go-connections/sockets/sockets.go b/vendor/github.com/docker/go-connections/sockets/sockets.go
index a1d7beb4d..2e9e9006f 100644
--- a/vendor/github.com/docker/go-connections/sockets/sockets.go
+++ b/vendor/github.com/docker/go-connections/sockets/sockets.go
@@ -3,14 +3,9 @@ package sockets
import (
"errors"
- "net"
"net/http"
- "time"
)
-// Why 32? See https://github.com/docker/docker/pull/8035.
-const defaultTimeout = 32 * time.Second
-
// ErrProtocolNotAvailable is returned when a given transport protocol is not provided by the operating system.
var ErrProtocolNotAvailable = errors.New("protocol not available")
@@ -26,13 +21,6 @@ func ConfigureTransport(tr *http.Transport, proto, addr string) error {
return configureNpipeTransport(tr, proto, addr)
default:
tr.Proxy = http.ProxyFromEnvironment
- dialer, err := DialerFromEnvironment(&net.Dialer{
- Timeout: defaultTimeout,
- })
- if err != nil {
- return err
- }
- tr.Dial = dialer.Dial
}
return nil
}
diff --git a/vendor/github.com/docker/go-connections/sockets/sockets_unix.go b/vendor/github.com/docker/go-connections/sockets/sockets_unix.go
index 386cf0dbb..10d763426 100644
--- a/vendor/github.com/docker/go-connections/sockets/sockets_unix.go
+++ b/vendor/github.com/docker/go-connections/sockets/sockets_unix.go
@@ -3,6 +3,7 @@
package sockets
import (
+ "context"
"fmt"
"net"
"net/http"
@@ -10,7 +11,10 @@ import (
"time"
)
-const maxUnixSocketPathSize = len(syscall.RawSockaddrUnix{}.Path)
+const (
+ defaultTimeout = 10 * time.Second
+ maxUnixSocketPathSize = len(syscall.RawSockaddrUnix{}.Path)
+)
func configureUnixTransport(tr *http.Transport, proto, addr string) error {
if len(addr) > maxUnixSocketPathSize {
@@ -18,8 +22,11 @@ func configureUnixTransport(tr *http.Transport, proto, addr string) error {
}
// No need for compression in local communications.
tr.DisableCompression = true
- tr.Dial = func(_, _ string) (net.Conn, error) {
- return net.DialTimeout(proto, addr, defaultTimeout)
+ dialer := &net.Dialer{
+ Timeout: defaultTimeout,
+ }
+ tr.DialContext = func(ctx context.Context, _, _ string) (net.Conn, error) {
+ return dialer.DialContext(ctx, proto, addr)
}
return nil
}
diff --git a/vendor/github.com/docker/go-connections/sockets/sockets_windows.go b/vendor/github.com/docker/go-connections/sockets/sockets_windows.go
index 5c21644e1..7acafc5a2 100644
--- a/vendor/github.com/docker/go-connections/sockets/sockets_windows.go
+++ b/vendor/github.com/docker/go-connections/sockets/sockets_windows.go
@@ -1,6 +1,7 @@
package sockets
import (
+ "context"
"net"
"net/http"
"time"
@@ -15,8 +16,8 @@ func configureUnixTransport(tr *http.Transport, proto, addr string) error {
func configureNpipeTransport(tr *http.Transport, proto, addr string) error {
// No need for compression in local communications.
tr.DisableCompression = true
- tr.Dial = func(_, _ string) (net.Conn, error) {
- return DialPipe(addr, defaultTimeout)
+ tr.DialContext = func(ctx context.Context, _, _ string) (net.Conn, error) {
+ return winio.DialPipeContext(ctx, addr)
}
return nil
}
diff --git a/vendor/github.com/docker/go-connections/sockets/unix_socket.go b/vendor/github.com/docker/go-connections/sockets/unix_socket.go
index a8b5dbb6f..e7591e6ed 100644
--- a/vendor/github.com/docker/go-connections/sockets/unix_socket.go
+++ b/vendor/github.com/docker/go-connections/sockets/unix_socket.go
@@ -1,5 +1,51 @@
// +build !windows
+/*
+Package sockets is a simple unix domain socket wrapper.
+
+Usage
+
+For example:
+
+ import(
+ "fmt"
+ "net"
+ "os"
+ "github.com/docker/go-connections/sockets"
+ )
+
+ func main() {
+ l, err := sockets.NewUnixSocketWithOpts("/path/to/sockets",
+ sockets.WithChown(0,0),sockets.WithChmod(0660))
+ if err != nil {
+ panic(err)
+ }
+ echoStr := "hello"
+
+ go func() {
+ for {
+ conn, err := l.Accept()
+ if err != nil {
+ return
+ }
+ conn.Write([]byte(echoStr))
+ conn.Close()
+ }
+ }()
+
+ conn, err := net.Dial("unix", path)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ buf := make([]byte, 5)
+ if _, err := conn.Read(buf); err != nil {
+ panic(err)
+ } else if string(buf) != echoStr {
+ panic(fmt.Errorf("Msg may lost"))
+ }
+ }
+*/
package sockets
import (
@@ -8,25 +54,73 @@ import (
"syscall"
)
-// NewUnixSocket creates a unix socket with the specified path and group.
-func NewUnixSocket(path string, gid int) (net.Listener, error) {
+// SockOption sets up socket file's creating option
+type SockOption func(string) error
+
+// WithChown modifies the socket file's uid and gid
+func WithChown(uid, gid int) SockOption {
+ return func(path string) error {
+ if err := os.Chown(path, uid, gid); err != nil {
+ return err
+ }
+ return nil
+ }
+}
+
+// WithChmod modifies socket file's access mode.
+func WithChmod(mask os.FileMode) SockOption {
+ return func(path string) error {
+ if err := os.Chmod(path, mask); err != nil {
+ return err
+ }
+ return nil
+ }
+}
+
+// NewUnixSocketWithOpts creates a unix socket with the specified options.
+// By default, socket permissions are 0000 (i.e.: no access for anyone); pass
+// WithChmod() and WithChown() to set the desired ownership and permissions.
+//
+// This function temporarily changes the system's "umask" to 0777 to work around
+// a race condition between creating the socket and setting its permissions. While
+// this should only be for a short duration, it may affect other processes that
+// create files/directories during that period.
+func NewUnixSocketWithOpts(path string, opts ...SockOption) (net.Listener, error) {
if err := syscall.Unlink(path); err != nil && !os.IsNotExist(err) {
return nil, err
}
- mask := syscall.Umask(0777)
- defer syscall.Umask(mask)
+ // net.Listen does not allow for permissions to be set. As a result, when
+ // specifying custom permissions ("WithChmod()"), there is a short time
+ // between creating the socket and applying the permissions, during which
+ // the socket permissions are Less restrictive than desired.
+ //
+ // To work around this limitation of net.Listen(), we temporarily set the
+ // umask to 0777, which forces the socket to be created with 000 permissions
+ // (i.e.: no access for anyone). After that, WithChmod() must be used to set
+ // the desired permissions.
+ //
+ // We don't use "defer" here, to reset the umask to its original value as soon
+ // as possible. Ideally we'd be able to detect if WithChmod() was passed as
+ // an option, and skip changing umask if default permissions are used.
+ origUmask := syscall.Umask(0777)
l, err := net.Listen("unix", path)
+ syscall.Umask(origUmask)
if err != nil {
return nil, err
}
- if err := os.Chown(path, 0, gid); err != nil {
- l.Close()
- return nil, err
- }
- if err := os.Chmod(path, 0660); err != nil {
- l.Close()
- return nil, err
+
+ for _, op := range opts {
+ if err := op(path); err != nil {
+ _ = l.Close()
+ return nil, err
+ }
}
+
return l, nil
}
+
+// NewUnixSocket creates a unix socket with the specified path and group.
+func NewUnixSocket(path string, gid int) (net.Listener, error) {
+ return NewUnixSocketWithOpts(path, WithChown(0, gid), WithChmod(0660))
+}