diff options
Diffstat (limited to 'src/secure.rs')
| -rw-r--r-- | src/secure.rs | 78 |
1 files changed, 37 insertions, 41 deletions
diff --git a/src/secure.rs b/src/secure.rs index 13d67b0..018bc4f 100644 --- a/src/secure.rs +++ b/src/secure.rs @@ -1,5 +1,5 @@ use std::{os::{unix::prelude::PermissionsExt, linux::fs::MetadataExt}, fs, io::{self, ErrorKind}}; -use nix::unistd::{self, Uid, Gid}; +use nix::unistd::{self, Uid}; /// Writes a file securly to a specified path with given data @@ -10,12 +10,12 @@ use nix::unistd::{self, Uid, Gid}; /// #### Returns /// A ``io::Result<()>`` if the write succeded or failed pub fn write_file(dir: &str, file: &str, data: &str) -> Result<(), io::Error> { - fs::create_dir_all(dir)?; - set_file_permissions(0, 0, 0o100600, dir)?; - let path = path(dir, file); - fs::write(&path, data)?; - set_file_permissions(0, 0, 0o100600, &path)?; - Ok(()) + fs::create_dir_all(dir)?; + set_file_permissions(0, 0, 0o100600, dir)?; + let path = path(dir, file); + fs::write(&path, data)?; + set_file_permissions(0, 0, 0o100600, &path)?; + Ok(()) } @@ -29,31 +29,27 @@ pub fn write_file(dir: &str, file: &str, data: &str) -> Result<(), io::Error> { /// * `None` - If the files doesnt exist or isnt trusted /// * `Some(String) - If the file is trusted, it returns the file's contents pub fn read_file(dir: &str, file: &str) -> Option<String> { - let path = path(dir,file); - if !check_file_permissions(0, 0, 0o100600, &path) { - return None; - } - match fs::read_to_string(&path) { - Ok(data) => return Some(data), - Err(_) => return None - }; + let path = path(dir,file); + if !check_file_permissions(0, 0, 0o100600, &path) { + return None; + } + match fs::read_to_string(&path) { + Ok(data) => return Some(data), + Err(_) => return None + }; } -/// Ekevate tge oruvukages if the current process +/// Elecate the privlages of the current process /// #### Arguments /// * `uid` - The uid to set the process to -/// * `gid` - The gid to set the process to /// #### Returns -/// If the process failes to elevate, it returns false -pub fn elevate_privilages(uid: u32, gid: u32) -> bool { - if unistd::setuid(Uid::from(uid)).is_err() { - return false; - } - if unistd::setgid(Gid::from(gid)).is_err() { - return false; - } - true +/// If the process fails to elevate, it returns false +pub fn elevate_privilages(uid: Uid) -> bool { + if unistd::setuid(uid).is_err() { + return false; + } + true } @@ -66,12 +62,12 @@ pub fn elevate_privilages(uid: u32, gid: u32) -> bool { /// #### Returns /// A ``io::Result<()>`` if the write succeded or failed fn set_file_permissions(uid: u32, gid: u32, mode: u32, path: &str) -> Result<(), io::Error> { - unistd::chown(std::path::Path::new(path), Some(unistd::Uid::from(uid)), Some(unistd::Gid::from(gid)))?; - let metadata = fs::metadata(path)?; - let mut perms = metadata.permissions(); - perms.set_mode(mode); - fs::set_permissions(path, perms)?; - Ok(()) + unistd::chown(std::path::Path::new(path), Some(unistd::Uid::from(uid)), Some(unistd::Gid::from(gid)))?; + let metadata = fs::metadata(path)?; + let mut perms = metadata.permissions(); + perms.set_mode(mode); + fs::set_permissions(path, perms)?; + Ok(()) } @@ -84,18 +80,18 @@ fn set_file_permissions(uid: u32, gid: u32, mode: u32, path: &str) -> Result<(), /// #### Returns /// True or false if the files permissions match fn check_file_permissions(uid: u32, gid: u32, mode: u32, path: &str) -> bool { - let metadata = match fs::metadata(path) { - Ok(data) => data, - Err(e) => { - return e.kind() == ErrorKind::NotFound; - } - }; - let perms = metadata.permissions(); - return perms.mode() == mode && metadata.st_uid() == uid && metadata.st_gid() == gid; + let metadata = match fs::metadata(path) { + Ok(data) => data, + Err(e) => { + return e.kind() == ErrorKind::NotFound; + } + }; + let perms = metadata.permissions(); + return perms.mode() == mode && metadata.st_uid() == uid && metadata.st_gid() == gid; } /// Get the path of a file given a directory and file name fn path(dir: &str, file: &str) -> String { - return format!("{}/{}.persist", dir, file); + return format!("{}/{}.persist", dir, file); } |