From 4cecda7ead1479a253e6ff0c2e631d94976369c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miko=C5=82aj=20Grzebieluch?=
 <mikolaj.grzebieluch@scylladb.com>
Date: Thu, 1 Feb 2024 15:46:33 +0100
Subject: [PATCH] transport/controller: pass unix_domain_socket_permissions to
 generic_server::listen

---
 generic_server.cc       |  5 +++--
 generic_server.hh       |  3 ++-
 redis/controller.cc     |  2 +-
 transport/controller.cc | 11 ++++++-----
 4 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/generic_server.cc b/generic_server.cc
index daec5d47e8..28a6c8096f 100644
--- a/generic_server.cc
+++ b/generic_server.cc
@@ -145,7 +145,7 @@ future<> server::shutdown() {
 }
 
 future<>
-server::listen(socket_address addr, std::shared_ptr<seastar::tls::credentials_builder> creds, bool is_shard_aware, bool keepalive) {
+server::listen(socket_address addr, std::shared_ptr<seastar::tls::credentials_builder> creds, bool is_shard_aware, bool keepalive, std::optional<file_permissions> unix_domain_socket_permissions) {
     auto f = make_ready_future<shared_ptr<seastar::tls::server_credentials>>(nullptr);
     if (creds) {
         f = creds->build_reloadable_server_credentials([this](const std::unordered_set<sstring>& files, std::exception_ptr ep) {
@@ -156,9 +156,10 @@ server::listen(socket_address addr, std::shared_ptr<seastar::tls::credentials_bu
             }
         });
     }
-    return f.then([this, addr, is_shard_aware, keepalive](shared_ptr<seastar::tls::server_credentials> creds) {
+    return f.then([this, addr, is_shard_aware, keepalive, unix_domain_socket_permissions](shared_ptr<seastar::tls::server_credentials> creds) {
         listen_options lo;
         lo.reuse_address = true;
+        lo.unix_domain_socket_permissions = unix_domain_socket_permissions;
         if (is_shard_aware) {
             lo.lba = server_socket::load_balancing_algorithm::port;
         }
diff --git a/generic_server.hh b/generic_server.hh
index 5593d42fb6..2371b91227 100644
--- a/generic_server.hh
+++ b/generic_server.hh
@@ -14,6 +14,7 @@
 
 #include <list>
 
+#include <seastar/core/file-types.hh>
 #include <seastar/core/future.hh>
 #include <seastar/core/gate.hh>
 #include <seastar/net/api.hh>
@@ -107,7 +108,7 @@ public:
     future<> shutdown();
     future<> stop();
 
-    future<> listen(socket_address addr, std::shared_ptr<seastar::tls::credentials_builder> creds, bool is_shard_aware, bool keepalive);
+    future<> listen(socket_address addr, std::shared_ptr<seastar::tls::credentials_builder> creds, bool is_shard_aware, bool keepalive, std::optional<file_permissions> unix_domain_socket_permissions);
 
     future<> do_accepts(int which, bool keepalive, socket_address server_addr);
 
diff --git a/redis/controller.cc b/redis/controller.cc
index ca711eb875..e55ea0d128 100644
--- a/redis/controller.cc
+++ b/redis/controller.cc
@@ -87,7 +87,7 @@ future<> controller::listen(seastar::sharded<auth::service>& auth_service, db::c
 
             return f.then([server, configs = std::move(configs), keepalive] {
                 return parallel_for_each(configs, [server, keepalive](const listen_cfg & cfg) {
-                    return server->invoke_on_all(&redis_transport::redis_server::listen, cfg.addr, cfg.cred, false, keepalive).then([cfg] {
+                    return server->invoke_on_all(&redis_transport::redis_server::listen, cfg.addr, cfg.cred, false, keepalive, std::nullopt).then([cfg] {
                         slogger.info("Starting listening for REDIS clients on {} ({})", cfg.addr, cfg.cred ? "encrypted" : "unencrypted");
                     });
                 });
diff --git a/transport/controller.cc b/transport/controller.cc
index 5829e63068..b873da3668 100644
--- a/transport/controller.cc
+++ b/transport/controller.cc
@@ -10,6 +10,7 @@
 #include <seastar/core/sharded.hh>
 #include <seastar/net/socket_defs.hh>
 #include <seastar/net/unix_address.hh>
+#include <seastar/core/file-types.hh>
 #include "transport/server.hh"
 #include "service/memory_limiter.hh"
 #include "db/config.hh"
@@ -65,9 +66,9 @@ future<> controller::start_server() {
     return do_start_server().finally([this] { _ops_sem.signal(); });
 }
 
-static future<> listen_on_all_shards(sharded<cql_server>& cserver, socket_address addr, std::shared_ptr<seastar::tls::credentials_builder> creds, bool is_shard_aware, bool keepalive) {
-    co_await cserver.invoke_on_all([addr, creds, is_shard_aware, keepalive] (cql_server& server) {
-        return server.listen(addr, creds, is_shard_aware, keepalive);
+static future<> listen_on_all_shards(sharded<cql_server>& cserver, socket_address addr, std::shared_ptr<seastar::tls::credentials_builder> creds, bool is_shard_aware, bool keepalive, std::optional<file_permissions> unix_domain_socket_permissions) {
+    co_await cserver.invoke_on_all([addr, creds, is_shard_aware, keepalive, unix_domain_socket_permissions] (cql_server& server) {
+        return server.listen(addr, creds, is_shard_aware, keepalive, unix_domain_socket_permissions);
     });
 
     logger.info("Starting listening for CQL clients on {} ({}, {})"
@@ -135,7 +136,7 @@ future<> controller::start_listening_on_tcp_sockets(sharded<cql_server>& cserver
     }
 
     return parallel_for_each(configs, [&cserver, keepalive](const listen_cfg & cfg) {
-        return listen_on_all_shards(cserver, cfg.addr, cfg.cred, cfg.is_shard_aware, keepalive);
+        return listen_on_all_shards(cserver, cfg.addr, cfg.cred, cfg.is_shard_aware, keepalive, std::nullopt);
     });
 }
 
@@ -175,7 +176,7 @@ future<> controller::start_listening_on_maintenance_socket(sharded<cql_server>&
 
     logger.info("Setting up maintenance socket on {}", socket);
 
-    return listen_on_all_shards(cserver, addr, nullptr, false, _config.rpc_keepalive());
+    return listen_on_all_shards(cserver, addr, nullptr, false, _config.rpc_keepalive(), std::nullopt);
 }
 
 future<> controller::do_start_server() {