Use unix sockets for the fallback, and set permissions

... on them, to user-writeable only.

I think we could consider ipc for the curve-case too, at least for the
platforms that support them.

4 files changed, 30 insertions, 10 deletions

diff --git a/src/leap/bitmask/backend/backend.py b/src/leap/bitmask/backend/backend.py
index 32f5c953..cff731ba 100644
--- a/src/leap/bitmask/backend/backend.py
+++ b/src/leap/bitmask/backend/backend.py
@@ -20,6 +20,7 @@
 # TODO use txzmq bindings instead.
 
 import json
+import os
 import threading
 import time
 
@@ -47,12 +48,15 @@ class Backend(object):
     Backend server.
     Receives signals from backend_proxy and emit signals if needed.
     """
-    # XXX this should not be hardcoded. Make it configurable.
-    PORT = '5556'
-
     # XXX we might want to make this configurable per-platform,
     # and use the most performant socket type on each one.
-    BIND_ADDR = "tcp://127.0.0.1:%s" % PORT
+    if flags.ZMQ_HAS_CURVE:
+        # XXX this should not be hardcoded. Make it configurable.
+        PORT = '5556'
+        BIND_ADDR = "tcp://127.0.0.1:%s" % PORT
+    else:
+        SOCKET_FILE = "/tmp/bitmask.socket.0"
+        BIND_ADDR = "ipc://%s" % SOCKET_FILE
 
     PING_INTERVAL = 2  # secs
 
@@ -92,6 +96,8 @@ class Backend(object):
             socket.curve_server = True  # must come before bind
 
         socket.bind(self.BIND_ADDR)
+        if not flags.ZMQ_HAS_CURVE:
+            os.chmod(self.SOCKET_FILE, 0600)
 
         self._zmq_socket = socket
 
diff --git a/src/leap/bitmask/backend/backend_proxy.py b/src/leap/bitmask/backend/backend_proxy.py
index 06e6d840..b2f79a70 100644
--- a/src/leap/bitmask/backend/backend_proxy.py
+++ b/src/leap/bitmask/backend/backend_proxy.py
@@ -42,8 +42,11 @@ class BackendProxy(object):
     to the backend.
     """
 
-    PORT = '5556'
-    SERVER = "tcp://localhost:%s" % PORT
+    if flags.ZMQ_HAS_CURVE:
+        PORT = '5556'
+        SERVER = "tcp://localhost:%s" % PORT
+    else:
+        SERVER = "ipc:///tmp/bitmask.socket.0"
 
     POLL_TIMEOUT = 4000  # ms
     POLL_TRIES = 3
diff --git a/src/leap/bitmask/backend/signaler.py b/src/leap/bitmask/backend/signaler.py
index a8498d11..aec2f606 100644
--- a/src/leap/bitmask/backend/signaler.py
+++ b/src/leap/bitmask/backend/signaler.py
@@ -37,8 +37,11 @@ class Signaler(object):
     Signaler client.
     Receives signals from the backend and sends to the signaling server.
     """
-    PORT = "5667"
-    SERVER = "tcp://localhost:%s" % PORT
+    if flags.ZMQ_HAS_CURVE:
+        PORT = "5667"
+        SERVER = "tcp://localhost:%s" % PORT
+    else:
+        SERVER = "ipc:///tmp/bitmask.socket.1"
     POLL_TIMEOUT = 2000  # ms
     POLL_TRIES = 500
 
diff --git a/src/leap/bitmask/backend/signaler_qt.py b/src/leap/bitmask/backend/signaler_qt.py
index 94c24648..b7f48d21 100644
--- a/src/leap/bitmask/backend/signaler_qt.py
+++ b/src/leap/bitmask/backend/signaler_qt.py
@@ -18,6 +18,7 @@
 Signaling server.
 Receives signals from the signaling client and emit Qt signals for the GUI.
 """
+import os
 import threading
 import time
 
@@ -42,8 +43,12 @@ class SignalerQt(QtCore.QObject):
     Signaling server.
     Receives signals from the signaling client and emit Qt signals for the GUI.
     """
-    PORT = "5667"
-    BIND_ADDR = "tcp://127.0.0.1:%s" % PORT
+    if flags.ZMQ_HAS_CURVE:
+        PORT = "5667"
+        BIND_ADDR = "tcp://127.0.0.1:%s" % PORT
+    else:
+        SOCKET_FILE = "/tmp/bitmask.socket.1"
+        BIND_ADDR = "ipc://%s" % SOCKET_FILE
 
     def __init__(self):
         QtCore.QObject.__init__(self)
@@ -86,6 +91,9 @@ class SignalerQt(QtCore.QObject):
 
         socket.bind(self.BIND_ADDR)
 
+        if not flags.ZMQ_HAS_CURVE:
+            os.chmod(self.SOCKET_FILE, 0600)
+
         while self._do_work.is_set():
             # Wait for next request from client
             try: