move secure files to secure handler
This commit is contained in:
parent
dcd28fd14a
commit
5ea42e3463
7 changed files with 69 additions and 57 deletions
2
Cargo.lock
generated
2
Cargo.lock
generated
|
@ -34,7 +34,7 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
|
|||
|
||||
[[package]]
|
||||
name = "crab"
|
||||
version = "0.0.4"
|
||||
version = "0.0.5"
|
||||
dependencies = [
|
||||
"exec",
|
||||
"nix",
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
[package]
|
||||
name = "crab"
|
||||
version = "0.0.4"
|
||||
version = "0.0.5"
|
||||
edition = "2021"
|
||||
|
||||
[dependencies]
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
pkgbase = crab
|
||||
pkgdesc = A rusty permission authentication system
|
||||
pkgver = 0.0.4
|
||||
pkgver = 0.0.5
|
||||
pkgrel = 1
|
||||
url = https://g.tylerm.dev/tylermurphy534/crab.git
|
||||
arch = x86_64
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Maintainer: Tyler Murphy <tylermurphy534@gmail.com>
|
||||
pkgname=crab
|
||||
pkgver=0.0.4
|
||||
pkgver=0.0.5
|
||||
pkgrel=1
|
||||
pkgdesc="A rusty permission authentication system"
|
||||
arch=('x86_64' 'i686')
|
||||
|
|
|
@ -15,6 +15,7 @@ const ERROR_RUN_ROOT: u8 = 6;
|
|||
mod persist;
|
||||
mod flags;
|
||||
mod help;
|
||||
mod secure;
|
||||
|
||||
fn main() -> ExitCode {
|
||||
let args: Vec<String> = env::args().collect();
|
||||
|
@ -26,7 +27,7 @@ fn main() -> ExitCode {
|
|||
}
|
||||
};
|
||||
if flags.version {
|
||||
println!("crab version 0.0.4");
|
||||
println!("crab version 0.0.5");
|
||||
return ExitCode::SUCCESS;
|
||||
}
|
||||
if flags.help {
|
||||
|
|
|
@ -1,11 +1,10 @@
|
|||
use std::fs;
|
||||
use std::os::linux::fs::MetadataExt;
|
||||
use std::os::unix::prelude::PermissionsExt;
|
||||
use std::time::SystemTime;
|
||||
use nix::unistd;
|
||||
use serde_json::Value;
|
||||
|
||||
use crate::secure;
|
||||
|
||||
const PERSIST_TIME: u64 = 60 * 3;
|
||||
const PERSIST_PATH: &str = "/var/run/crab";
|
||||
|
||||
pub fn get_persist(user: &str) -> bool {
|
||||
let json = match get_terminal_config() {
|
||||
|
@ -16,7 +15,7 @@ pub fn get_persist(user: &str) -> bool {
|
|||
Some(data) => data,
|
||||
None => return false
|
||||
};
|
||||
return now() - timestamp < PERSIST_TIME && timestamp < now();
|
||||
return now() - timestamp < PERSIST_TIME && timestamp - 1 < now();
|
||||
}
|
||||
|
||||
pub fn set_persist(user: &str) {
|
||||
|
@ -29,7 +28,7 @@ pub fn set_persist(user: &str) {
|
|||
Some(data) => data,
|
||||
None => return
|
||||
};
|
||||
match write_terminal_config(&id, &json.to_string()) {
|
||||
match secure::write_file(PERSIST_PATH, &format!("{}", id), &json.to_string()) {
|
||||
Ok(_) => {},
|
||||
Err(e) => {
|
||||
eprintln!("Internal Error: {}", e)
|
||||
|
@ -54,12 +53,9 @@ fn get_terminal_config() -> Option<Value> {
|
|||
Some(data) => data,
|
||||
None => return None
|
||||
};
|
||||
if !is_file_root(&path(&id)) {
|
||||
return None;
|
||||
}
|
||||
let data = match std::fs::read_to_string(path(&id)) {
|
||||
Ok(data) => data,
|
||||
Err(_) => "{}".to_string()
|
||||
let data = match secure::read_file(PERSIST_PATH, &format!("{}", id)) {
|
||||
Some(data) => data,
|
||||
None => "{}".to_string()
|
||||
};
|
||||
let json: Value = match serde_json::from_str(&data) {
|
||||
Ok(data) => data,
|
||||
|
@ -68,42 +64,6 @@ fn get_terminal_config() -> Option<Value> {
|
|||
Some(json)
|
||||
}
|
||||
|
||||
fn write_terminal_config(id: &i32, data: &str) -> Result<(), Box<dyn std::error::Error>> {
|
||||
std::fs::create_dir_all("/var/run/crab")?;
|
||||
make_file_root("/var/run/crab")?;
|
||||
std::fs::write(path(&id), "")?;
|
||||
make_file_root(&path(&id))?;
|
||||
std::fs::write(path(&id), data)?;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn make_file_root(path: &str) -> Result<(), Box<dyn std::error::Error>> {
|
||||
unistd::chown(std::path::Path::new(path), Some(unistd::Uid::from(0)), Some(unistd::Gid::from(0)))?;
|
||||
let metadata = std::fs::metadata(path)?;
|
||||
let mut perms = metadata.permissions();
|
||||
perms.set_mode(0o100600);
|
||||
fs::set_permissions(path, perms)?;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn is_file_root(path: &str) -> bool {
|
||||
let metadata = match std::fs::metadata(path) {
|
||||
Ok(data) => data,
|
||||
Err(e) => {
|
||||
if let Some(err) = e.raw_os_error() {
|
||||
return err == 2;
|
||||
}
|
||||
return true
|
||||
}
|
||||
};
|
||||
let perms = metadata.permissions();
|
||||
return perms.mode() == 0o100600 && metadata.st_uid() == 0 && metadata.st_gid() == 0;
|
||||
}
|
||||
|
||||
fn now() -> u64 {
|
||||
return SystemTime::now().duration_since(SystemTime::UNIX_EPOCH).unwrap().as_secs();
|
||||
}
|
||||
|
||||
fn path(id: &i32) -> String {
|
||||
return format!("/var/run/crab/{}", id);
|
||||
}
|
||||
|
|
51
src/secure.rs
Normal file
51
src/secure.rs
Normal file
|
@ -0,0 +1,51 @@
|
|||
use std::{os::{unix::prelude::PermissionsExt, linux::fs::MetadataExt}, fs, io::ErrorKind};
|
||||
use nix::unistd;
|
||||
|
||||
pub fn write_file(dir: &str, file: &str, data: &str) -> Result<(), Box<dyn std::error::Error>> {
|
||||
std::fs::create_dir_all(dir)?;
|
||||
make_file_root(dir)?;
|
||||
let path = path(dir, file);
|
||||
std::fs::write(&path, "")?;
|
||||
make_file_root(&path)?;
|
||||
std::fs::write(&path, data)?;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
pub fn read_file(dir: &str, file: &str) -> Option<String> {
|
||||
let path = path(dir,file);
|
||||
if !is_file_root(&path) {
|
||||
return None;
|
||||
}
|
||||
match std::fs::read_to_string(&path) {
|
||||
Ok(data) => return Some(data),
|
||||
Err(_) => return None
|
||||
};
|
||||
}
|
||||
|
||||
fn make_file_root(path: &str) -> Result<(), Box<dyn std::error::Error>> {
|
||||
unistd::chown(std::path::Path::new(path), Some(unistd::Uid::from(0)), Some(unistd::Gid::from(0)))?;
|
||||
let metadata = std::fs::metadata(path)?;
|
||||
let mut perms = metadata.permissions();
|
||||
perms.set_mode(0o100600);
|
||||
fs::set_permissions(path, perms)?;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn is_file_root(path: &str) -> bool {
|
||||
return check_file_permissions(0, 0, 0o100600, path);
|
||||
}
|
||||
|
||||
fn check_file_permissions(uid: u32, gid: u32, mode: u32, path: &str) -> bool {
|
||||
let metadata = match std::fs::metadata(path) {
|
||||
Ok(data) => data,
|
||||
Err(e) => {
|
||||
return e.kind() == ErrorKind::NotFound
|
||||
}
|
||||
};
|
||||
let perms = metadata.permissions();
|
||||
return perms.mode() == mode && metadata.st_uid() == uid && metadata.st_gid() == gid;
|
||||
}
|
||||
|
||||
fn path(dir: &str, file: &str) -> String {
|
||||
return format!("{}/{}", dir, file);
|
||||
}
|
Loading…
Reference in a new issue