From 0715211d57f8bd5dc0aba132a390700708db39a5 Mon Sep 17 00:00:00 2001
From: Akhil Thampy <akhil@akhilthampy.com>
Date: Sat, 28 Sep 2019 13:08:43 -0700
Subject: [PATCH] address: add mode to PipeInstance #5808

Signed-off-by: Akhil Thampy <akhil@akhilthampy.com>
---
 source/common/network/address_impl.cc | 16 +++++++++++++---
 source/common/network/address_impl.h  |  6 ++++--
 source/common/network/utility.cc      |  3 ++-
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/source/common/network/address_impl.cc b/source/common/network/address_impl.cc
index ab5244844c0d..9bb115e76d52 100644
--- a/source/common/network/address_impl.cc
+++ b/source/common/network/address_impl.cc
@@ -3,6 +3,7 @@
 #include <arpa/inet.h>
 #include <netinet/in.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
 #include <sys/un.h>
 
 #include <array>
@@ -329,7 +330,7 @@ IoHandlePtr Ipv6Instance::socket(SocketType type) const {
   return io_handle;
 }
 
-PipeInstance::PipeInstance(const sockaddr_un* address, socklen_t ss_len)
+PipeInstance::PipeInstance(const sockaddr_un* address, socklen_t ss_len, mode_t mode)
     : InstanceBase(Type::Pipe) {
   if (address->sun_path[0] == '\0') {
 #if !defined(__linux__)
@@ -345,9 +346,10 @@ PipeInstance::PipeInstance(const sockaddr_un* address, socklen_t ss_len)
       abstract_namespace_
           ? fmt::format("@{}", absl::string_view(address_.sun_path + 1, address_length_ - 1))
           : address_.sun_path;
+  this->mode = mode;
 }
 
-PipeInstance::PipeInstance(const std::string& pipe_path) : InstanceBase(Type::Pipe) {
+PipeInstance::PipeInstance(const std::string& pipe_path, mode_t mode) : InstanceBase(Type::Pipe) {
   if (pipe_path.size() >= sizeof(address_.sun_path)) {
     throw EnvoyException(
         fmt::format("Path \"{}\" exceeds maximum UNIX domain socket path size of {}.", pipe_path,
@@ -365,6 +367,7 @@ PipeInstance::PipeInstance(const std::string& pipe_path) : InstanceBase(Type::Pi
     address_length_ = strlen(address_.sun_path);
     address_.sun_path[0] = '\0';
   }
+  this->mode = mode;
 }
 
 bool PipeInstance::operator==(const Instance& rhs) const { return asString() == rhs.asString(); }
@@ -377,7 +380,14 @@ Api::SysCallIntResult PipeInstance::bind(int fd) const {
     unlink(address_.sun_path);
   }
   auto& os_syscalls = Api::OsSysCallsSingleton::get();
-  return os_syscalls.bind(fd, sockAddr(), sockAddrLen());
+  auto bind_result = os_syscalls.bind(fd, sockAddr(), sockAddrLen());
+  if (mode != 0 and !abstract_namespace_ and bind_result.rc_ == 0) {
+    auto set_permissions = os_syscalls.chmod(address_.sun_path, mode);
+    if (set_permissions.rc_ != 0) {
+      throw EnvoyException(fmt::format("Failed to create socket with mode {}", mode));
+    }
+  }
+  return bind_result;
 }
 
 Api::SysCallIntResult PipeInstance::connect(int fd) const {
diff --git a/source/common/network/address_impl.h b/source/common/network/address_impl.h
index 63e0566ffaaa..da6c141759a1 100644
--- a/source/common/network/address_impl.h
+++ b/source/common/network/address_impl.h
@@ -2,6 +2,7 @@
 
 #include <netinet/in.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/un.h>
 
@@ -230,12 +231,12 @@ class PipeInstance : public InstanceBase {
   /**
    * Construct from an existing unix address.
    */
-  explicit PipeInstance(const sockaddr_un* address, socklen_t ss_len);
+  explicit PipeInstance(const sockaddr_un* address, socklen_t ss_len, mode_t mode = 0);
 
   /**
    * Construct from a string pipe path.
    */
-  explicit PipeInstance(const std::string& pipe_path);
+  explicit PipeInstance(const std::string& pipe_path, mode_t mode = 0);
 
   // Network::Address::Instance
   bool operator==(const Instance& rhs) const override;
@@ -258,6 +259,7 @@ class PipeInstance : public InstanceBase {
   // For abstract namespaces.
   bool abstract_namespace_{false};
   uint32_t address_length_{0};
+  mode_t mode{0};
 };
 
 } // namespace Address
diff --git a/source/common/network/utility.cc b/source/common/network/utility.cc
index 667d0ccc997f..1ed242affd72 100644
--- a/source/common/network/utility.cc
+++ b/source/common/network/utility.cc
@@ -469,7 +469,8 @@ Utility::protobufAddressToAddress(const envoy::api::v2::core::Address& proto_add
                                                   proto_address.socket_address().port_value(),
                                                   !proto_address.socket_address().ipv4_compat());
   case envoy::api::v2::core::Address::kPipe:
-    return std::make_shared<Address::PipeInstance>(proto_address.pipe().path());
+    return std::make_shared<Address::PipeInstance>(proto_address.pipe().path(),
+                                                   proto_address.pipe().mode());
   default:
     NOT_REACHED_GCOVR_EXCL_LINE;
   }