Add permissions on the socket

This commit is contained in:
selfhoster selfhoster 2023-08-22 15:18:04 +02:00
parent c5731665a3
commit 2d1f3a985f
6 changed files with 101 additions and 3 deletions

View File

@ -23,4 +23,5 @@ chrono = { version = "0.4", features = [ "serde" ] }
yunohost-api = { path = "yunohost-api" } yunohost-api = { path = "yunohost-api" }
axum_typed_multipart = "0.8" axum_typed_multipart = "0.8"
async-trait = "0.1" async-trait = "0.1"
serde = { version = "1", features = [ "derive" ] } serde = { version = "1", features = [ "derive" ] }
file-owner = { version = "0.1" }

View File

@ -16,4 +16,16 @@ pub enum Error {
#[snafu(display("{}", source))] #[snafu(display("{}", source))]
Session { source: crate::state::sessions::SessionError }, Session { source: crate::state::sessions::SessionError },
#[snafu(display("Failed to executed tokio task"))]
TokioTask { source: tokio::task::JoinError },
#[snafu(display("Failed to set permissions on file {}", path.display()))]
Permissions { path: PathBuf, source: std::io::Error },
#[snafu(display("Failed to set owner on file {}", path.display()))]
PermissionsChown { path: PathBuf, source: file_owner::FileOwnerError },
#[snafu(display("Failed to set group on file {}", path.display()))]
PermissionsChgrp { path: PathBuf, source: file_owner::FileOwnerError },
} }

View File

@ -1,5 +1,6 @@
#[macro_use] extern crate async_trait; #[macro_use] extern crate async_trait;
#[macro_use] extern crate axum; #[macro_use] extern crate axum;
#[macro_use] extern crate log;
#[macro_use] extern crate serde; #[macro_use] extern crate serde;
use clap::Parser; use clap::Parser;

78
src/utils/fs.rs Normal file
View File

@ -0,0 +1,78 @@
use file_owner::PathExt;
use snafu::prelude::*;
use tokio::{
fs::set_permissions,
task::spawn_blocking,
};
use std::{
fs::Permissions,
os::unix::fs::PermissionsExt,
path::Path,
};
use crate::error::*;
pub struct FSPermissions {
pub owner: Option<String>,
pub group: Option<String>,
pub mode: Option<u32>,
}
impl FSPermissions {
pub fn new() -> FSPermissions {
FSPermissions {
owner: None,
group: None,
mode: None,
}
}
pub fn chown(mut self, owner: &str) -> Self {
self.owner = Some(owner.to_string());
self
}
pub fn chgrp(mut self, group: &str) -> Self {
self.group = Some(group.to_string());
self
}
pub fn chmod(mut self, mode: u32) -> Self {
self.mode = Some(mode);
self
}
pub async fn apply_to(&self, path: &Path) -> Result<(), Error> {
if let Some(mode) = self.mode {
set_permissions(
path,
Permissions::from_mode(mode)
).await.context(PermissionsSnafu { path: path.to_path_buf()})?;
}
if let Some(owner) = &self.owner {
let owner = owner.to_string();
let path = path.to_path_buf();
let _ = spawn_blocking(move || -> Result<(), Error> {
Ok(
path.set_owner(owner.as_str())
.context(PermissionsChownSnafu { path: path.to_path_buf() })?
)
}).await.context(TokioTaskSnafu)?;
}
if let Some(group) = &self.group {
let group = group.to_string();
let path = path.to_path_buf();
let _ = spawn_blocking(move || -> Result<(), Error> {
Ok(
path.set_group(group.as_str())
.context(PermissionsChgrpSnafu { path: path.to_path_buf() })?
)
}).await.context(TokioTaskSnafu)?;
}
Ok(())
}
}

View File

@ -1,2 +1,3 @@
pub mod fs;
pub mod time; pub mod time;
pub mod socket; pub mod socket;

View File

@ -21,7 +21,10 @@ use tokio::{
}; };
use tower::BoxError; use tower::BoxError;
use crate::error::*; use crate::{
error::*,
utils::fs::FSPermissions,
};
pub struct ServerAccept { pub struct ServerAccept {
uds: UnixListener, uds: UnixListener,
@ -118,7 +121,9 @@ pub async fn serve(path: &Path, app: Router) -> Result<(), Error> {
.await .await
.unwrap(); .unwrap();
// TODO: set permissions // TODO: make proper permissions
// Apply 777 permissions
FSPermissions::new().chmod(0o777).apply_to(&path).await?;
let uds = UnixListener::bind(path.clone()) let uds = UnixListener::bind(path.clone())
.context(SocketCreateSnafu { path: path.clone() })?; .context(SocketCreateSnafu { path: path.clone() })?;