summaryrefslogtreecommitdiff
path: root/src/secure.rs
diff options
context:
space:
mode:
Diffstat (limited to 'src/secure.rs')
-rw-r--r--src/secure.rs38
1 files changed, 38 insertions, 0 deletions
diff --git a/src/secure.rs b/src/secure.rs
index 5fb0cc8..39339a0 100644
--- a/src/secure.rs
+++ b/src/secure.rs
@@ -1,6 +1,14 @@
use std::{os::{unix::prelude::PermissionsExt, linux::fs::MetadataExt}, fs, io};
use nix::unistd;
+
+/// Writes a file securly to a specified path with given data
+/// #### Arguments
+/// * `dir` - The directory of the secure folder
+/// * `file` - The file name to write
+/// * `data` - The data to write
+/// #### Returns
+/// A ``io::Result<()>`` if the write succeded or failed
pub fn write_file(dir: &str, file: &str, data: &str) -> Result<(), io::Error> {
fs::create_dir_all(dir)?;
set_file_permissions(0, 0, 0o100600, dir)?;
@@ -11,6 +19,16 @@ pub fn write_file(dir: &str, file: &str, data: &str) -> Result<(), io::Error> {
Ok(())
}
+
+/// Reads the file secutly to a specified path. If the file has
+/// been tampered (permissions have been changed), it ignores the
+/// file.
+/// #### Arguments
+/// * `dir` - The directory of the secure folder
+/// * `file` - The file name to write
+/// #### Returns
+/// * `None` - If the files doesnt exist or isnt trusted
+/// * `Some(String) - If the file is trusted, it returns the file's contents
pub fn read_file(dir: &str, file: &str) -> Option<String> {
let path = path(dir,file);
if !check_file_permissions(0, 0, 0o100600, &path) {
@@ -22,6 +40,15 @@ pub fn read_file(dir: &str, file: &str) -> Option<String> {
};
}
+
+/// Sets the permission for a secure file
+/// #### Arguments
+/// * `uid` - The user to own the file
+/// * `gid` - The group to own the file
+/// * `mode` - The mode permissions of the file
+/// * `path` - The path of the secure file
+/// #### Returns
+/// A ``io::Result<()>`` if the write succeded or failed
fn set_file_permissions(uid: u32, gid: u32, mode: u32, path: &str) -> Result<(), io::Error> {
unistd::chown(std::path::Path::new(path), Some(unistd::Uid::from(uid)), Some(unistd::Gid::from(gid)))?;
let metadata = fs::metadata(path)?;
@@ -31,6 +58,15 @@ fn set_file_permissions(uid: u32, gid: u32, mode: u32, path: &str) -> Result<(),
Ok(())
}
+
+/// Checks if the files permissions equals the given parameters
+/// #### Arguments
+/// * `uid` - The user to own the file
+/// * `gid` - The group to own the file
+/// * `mode` - The mode permissions of the file
+/// * `path` - The path of the secure file
+/// #### Returns
+/// True or false if the files permissions match
fn check_file_permissions(uid: u32, gid: u32, mode: u32, path: &str) -> bool {
let metadata = match fs::metadata(path) {
Ok(data) => data,
@@ -40,6 +76,8 @@ fn check_file_permissions(uid: u32, gid: u32, mode: u32, path: &str) -> bool {
return perms.mode() == mode && metadata.st_uid() == uid && metadata.st_gid() == gid;
}
+
+/// Get the path of a file given a directory and file name
fn path(dir: &str, file: &str) -> String {
return format!("{}/{}", dir, file);
} \ No newline at end of file
generated by cgit v1.2.3-freya (git 2.51.0) at 2025-09-21 11:47:11 +0000