move secure files to secure handler

Cargo.lock

@@ -34,7 +34,7 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
 
 [[package]]
 name = "crab"
-version = "0.0.4"
+version = "0.0.5"
 dependencies = [
  "exec",
  "nix",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "crab"
-version = "0.0.4"
+version = "0.0.5"
 edition = "2021"
 
 [dependencies]

deployments/aur/.SRCINFO

@@ -1,6 +1,6 @@
 pkgbase = crab
 	pkgdesc = A rusty permission authentication system
-	pkgver = 0.0.4
+	pkgver = 0.0.5
 	pkgrel = 1
 	url = https://g.tylerm.dev/tylermurphy534/crab.git
 	arch = x86_64

deployments/aur/PKGBUILD

@@ -1,6 +1,6 @@
 # Maintainer: Tyler Murphy <tylermurphy534@gmail.com>
 pkgname=crab
-pkgver=0.0.4
+pkgver=0.0.5
 pkgrel=1
 pkgdesc="A rusty permission authentication system"
 arch=('x86_64' 'i686')

src/main.rs

@@ -15,6 +15,7 @@ const ERROR_RUN_ROOT:       u8 = 6;
 mod persist;
 mod flags;
 mod help;
+mod secure;
 
 fn main() -> ExitCode {
     let args: Vec<String> = env::args().collect();
@@ -26,7 +27,7 @@ fn main() -> ExitCode {
         }
     };
     if flags.version {
-        println!("crab version 0.0.4");
+        println!("crab version 0.0.5");
         return ExitCode::SUCCESS;
     }
     if flags.help {

src/persist.rs

@@ -1,11 +1,10 @@
-use std::fs;
-use std::os::linux::fs::MetadataExt;
-use std::os::unix::prelude::PermissionsExt;
 use std::time::SystemTime;
-use nix::unistd;
 use serde_json::Value;
 
+use crate::secure;
+
 const PERSIST_TIME:         u64 = 60 * 3;
+const PERSIST_PATH:         &str = "/var/run/crab";
 
 pub fn get_persist(user: &str) -> bool {
   let json = match get_terminal_config() {
@@ -16,7 +15,7 @@ pub fn get_persist(user: &str) -> bool {
       Some(data) => data,
       None => return false
   };
-  return now() - timestamp < PERSIST_TIME && timestamp < now();
+  return now() - timestamp < PERSIST_TIME && timestamp - 1 < now();
 }
 
 pub fn set_persist(user: &str) {
@@ -29,7 +28,7 @@ pub fn set_persist(user: &str) {
       Some(data) => data,
       None => return
   };
-  match write_terminal_config(&id, &json.to_string()) {
+  match secure::write_file(PERSIST_PATH, &format!("{}", id), &json.to_string())  {
     Ok(_) => {},
     Err(e) => {
         eprintln!("Internal Error: {}", e)
@@ -54,12 +53,9 @@ fn get_terminal_config() -> Option<Value> {
       Some(data) => data,
       None => return None
   };
-  if !is_file_root(&path(&id)) {
+  let data = match secure::read_file(PERSIST_PATH, &format!("{}", id)) {
-      return None;
+      Some(data) => data,
-  }
+      None => "{}".to_string()
-  let data = match std::fs::read_to_string(path(&id)) {
-      Ok(data) => data,
-      Err(_) => "{}".to_string()
   };
   let json: Value = match serde_json::from_str(&data) {
       Ok(data) => data,
@@ -68,42 +64,6 @@ fn get_terminal_config() -> Option<Value> {
   Some(json)
 }
 
-fn write_terminal_config(id: &i32, data: &str) -> Result<(), Box<dyn std::error::Error>> {
-  std::fs::create_dir_all("/var/run/crab")?;
-  make_file_root("/var/run/crab")?;
-  std::fs::write(path(&id), "")?;
-  make_file_root(&path(&id))?;
-  std::fs::write(path(&id), data)?;
-  Ok(())
-}
-
-fn make_file_root(path: &str) -> Result<(), Box<dyn std::error::Error>> {
-  unistd::chown(std::path::Path::new(path), Some(unistd::Uid::from(0)), Some(unistd::Gid::from(0)))?;
-  let metadata = std::fs::metadata(path)?;
-  let mut perms = metadata.permissions();
-  perms.set_mode(0o100600);
-  fs::set_permissions(path, perms)?;
-  Ok(())
-}
-
-fn is_file_root(path: &str) -> bool {
-  let metadata = match std::fs::metadata(path) {
-      Ok(data) => data,
-      Err(e) => {
-          if let Some(err) = e.raw_os_error() {
-              return err == 2;
-          }
-          return true
-      }
-  };
-  let perms = metadata.permissions();
-  return perms.mode() == 0o100600 && metadata.st_uid() == 0 && metadata.st_gid() == 0;
-}
-
 fn now() -> u64 {
   return SystemTime::now().duration_since(SystemTime::UNIX_EPOCH).unwrap().as_secs();
 }
-
-fn path(id: &i32) -> String {
-  return format!("/var/run/crab/{}", id);
-}

src/secure.rs

@@ -0,0 +1,51 @@
+use std::{os::{unix::prelude::PermissionsExt, linux::fs::MetadataExt}, fs, io::ErrorKind};
+use nix::unistd;
+
+pub fn write_file(dir: &str, file: &str, data: &str) -> Result<(), Box<dyn std::error::Error>> {
+  std::fs::create_dir_all(dir)?;
+  make_file_root(dir)?;
+  let path = path(dir, file);
+  std::fs::write(&path, "")?;
+  make_file_root(&path)?;
+  std::fs::write(&path, data)?;
+  Ok(())
+}
+
+pub fn read_file(dir: &str, file: &str) -> Option<String> {
+  let path = path(dir,file);
+  if !is_file_root(&path) {
+      return None;
+  }
+  match std::fs::read_to_string(&path) {
+      Ok(data) => return Some(data),
+      Err(_) => return None
+  };
+}
+
+fn make_file_root(path: &str) -> Result<(), Box<dyn std::error::Error>> {
+  unistd::chown(std::path::Path::new(path), Some(unistd::Uid::from(0)), Some(unistd::Gid::from(0)))?;
+  let metadata = std::fs::metadata(path)?;
+  let mut perms = metadata.permissions();
+  perms.set_mode(0o100600);
+  fs::set_permissions(path, perms)?;
+  Ok(())
+}
+
+fn is_file_root(path: &str) -> bool {
+  return check_file_permissions(0, 0, 0o100600, path);
+}
+
+fn check_file_permissions(uid: u32, gid: u32, mode: u32, path: &str) -> bool {
+  let metadata = match std::fs::metadata(path) {
+    Ok(data) => data,
+    Err(e) => {
+        return e.kind() == ErrorKind::NotFound
+    }
+  };
+  let perms = metadata.permissions();
+  return perms.mode() == mode && metadata.st_uid() == uid && metadata.st_gid() == gid;
+}
+
+fn path(dir: &str, file: &str) -> String {
+  return format!("{}/{}", dir, file);
+}