diff options
| author | Tyler Murphy <tylermurphy534@gmail.com> | 2022-11-10 16:22:29 -0500 |
|---|---|---|
| committer | Tyler Murphy <tylermurphy534@gmail.com> | 2022-11-10 16:22:29 -0500 |
| commit | b457c08923f1ef8d88005cf9781d1b4d5dd9552e (patch) | |
| tree | 0eb5e6a1f4e69628b406ed4d13dc8273d1f80a7e /src/secure.rs | |
| parent | documentation and group support (diff) | |
| download | crab-b457c08923f1ef8d88005cf9781d1b4d5dd9552e.tar.gz crab-b457c08923f1ef8d88005cf9781d1b4d5dd9552e.tar.bz2 crab-b457c08923f1ef8d88005cf9781d1b4d5dd9552e.zip | |
move root priv fn, slight refactor
Diffstat (limited to 'src/secure.rs')
| -rw-r--r-- | src/secure.rs | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/src/secure.rs b/src/secure.rs index 39339a0..f463048 100644 --- a/src/secure.rs +++ b/src/secure.rs @@ -1,5 +1,5 @@ -use std::{os::{unix::prelude::PermissionsExt, linux::fs::MetadataExt}, fs, io}; -use nix::unistd; +use std::{os::{unix::prelude::PermissionsExt, linux::fs::MetadataExt}, fs, io::{self, ErrorKind}}; +use nix::unistd::{self, Uid, Gid}; /// Writes a file securly to a specified path with given data @@ -11,10 +11,10 @@ use nix::unistd; /// A ``io::Result<()>`` if the write succeded or failed pub fn write_file(dir: &str, file: &str, data: &str) -> Result<(), io::Error> { fs::create_dir_all(dir)?; - set_file_permissions(0, 0, 0o100600, dir)?; + set_file_permissions(0, 0, 0o600, dir)?; let path = path(dir, file); fs::write(&path, "")?; - set_file_permissions(0, 0, 0o100600, &path)?; + set_file_permissions(0, 0, 0o600, &path)?; fs::write(&path, data)?; Ok(()) } @@ -41,6 +41,17 @@ pub fn read_file(dir: &str, file: &str) -> Option<String> { } +pub fn elevate_privilages(uid: u32, gid: u32) -> bool { + if unistd::setuid(Uid::from(uid)).is_err() { + return false; + } + if unistd::setgid(Gid::from(gid)).is_err() { + return false; + } + true +} + + /// Sets the permission for a secure file /// #### Arguments /// * `uid` - The user to own the file @@ -70,7 +81,9 @@ fn set_file_permissions(uid: u32, gid: u32, mode: u32, path: &str) -> Result<(), fn check_file_permissions(uid: u32, gid: u32, mode: u32, path: &str) -> bool { let metadata = match fs::metadata(path) { Ok(data) => data, - Err(_) => return false + Err(e) => { + return e.kind() == ErrorKind::NotFound; + } }; let perms = metadata.permissions(); return perms.mode() == mode && metadata.st_uid() == uid && metadata.st_gid() == gid; @@ -79,5 +92,5 @@ fn check_file_permissions(uid: u32, gid: u32, mode: u32, path: &str) -> bool { /// Get the path of a file given a directory and file name fn path(dir: &str, file: &str) -> String { - return format!("{}/{}", dir, file); + return format!("{}/{}.persist", dir, file); }
\ No newline at end of file |