cerc-io/lighthouse
16
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
5de00b7ee8
lighthouse/common/filesystem/src/lib.rs
Mac L 80627b428b Fix linting error on Windows (#2759) 
While testing some code on Windows, I ran into a failure when using `clippy` via (`make lint`):
```
error: this expression borrows a reference (`&str`) that is immediately dereferenced by the compiler
   --> common/filesystem/src/lib.rs:105:43
    |
105 |         let mut acl = ACL::from_file_path(&path_str, false).map_err(Error::UnableToRetrieveACL)?;
    |                                           ^^^^^^^^^ help: change this to: `path_str`
    |
    = note: `-D clippy::needless-borrow` implied by `-D warnings`
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#needless_borrow
    
error: could not compile `filesystem` due to previous error
```

## Proposed Changes

Remove the unnecessary borrow as suggested.

## Additional Info

Since we are only running `clippy` in CI on Ubuntu, I believe we don't have any way (in CI) to detect these Windows specific lint errors (either from new code, or from linting changes from new Rust versions. 
This is because code marked as `#[cfg(windows)]` is not checked on `unix` systems and vice versa.

I'm conscious that our CI runs are already taking a long time, and that adding a new Windows `clippy` run would add a non-negligible amount of time to the runs (not sure if this topic has already been discussed), but it something to be aware of.

## Extra Note
I don't think this is the case, but it might be worth someone else running `make lint` on their Windows machines to eliminate the possibility that this is an error specific to my setup.
2021-11-01 07:44:42 +00:00

145 lines
5.1 KiB
Rust
Raw Blame History

use std::fs::File;
use std::io;
use std::io::Write;
use std::path::Path;
#[cfg(windows)]
use winapi::um::winnt::{FILE_GENERIC_READ, FILE_GENERIC_WRITE, STANDARD_RIGHTS_ALL};
/// This is the security identifier in Windows for the owner of a file. See:
/// - https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/security-identifiers-in-windows#well-known-sids-all-versions-of-windows
#[cfg(windows)]
const OWNER_SID_STR: &str = "S-1-3-4";
/// We don't need any of the `AceFlags` listed here:
/// - https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-ace_header
#[cfg(windows)]
const OWNER_ACL_ENTRY_FLAGS: u8 = 0;
/// Generic Rights:
/// - https://docs.microsoft.com/en-us/windows/win32/fileio/file-security-and-access-rights
/// Individual Read/Write/Execute Permissions (referenced in generic rights link):
/// - https://docs.microsoft.com/en-us/windows/win32/wmisdk/file-and-directory-access-rights-constants
/// STANDARD_RIGHTS_ALL
/// - https://docs.microsoft.com/en-us/windows/win32/secauthz/access-mask
#[cfg(windows)]
const OWNER_ACL_ENTRY_MASK: u32 = FILE_GENERIC_READ | FILE_GENERIC_WRITE | STANDARD_RIGHTS_ALL;
#[derive(Debug)]
pub enum Error {
/// The file could not be created
UnableToCreateFile(io::Error),
/// The file could not be copied
UnableToCopyFile(io::Error),
/// The file could not be opened
UnableToOpenFile(io::Error),
/// The file could not be renamed
UnableToRenameFile(io::Error),
/// Failed to set permissions
UnableToSetPermissions(io::Error),
/// Failed to retrieve file metadata
UnableToRetrieveMetadata(io::Error),
/// Failed to write bytes to file
UnableToWriteFile(io::Error),
/// Failed to obtain file path
UnableToObtainFilePath,
/// Failed to convert string to SID
UnableToConvertSID(u32),
/// Failed to retrieve ACL for file
UnableToRetrieveACL(u32),
/// Failed to enumerate ACL entries
UnableToEnumerateACLEntries(u32),
/// Failed to add new ACL entry
UnableToAddACLEntry(String),
/// Failed to remove ACL entry
UnableToRemoveACLEntry(String),
}
/// Creates a file with `600 (-rw-------)` permissions and writes the specified bytes to file.
pub fn create_with_600_perms<P: AsRef<Path>>(path: P, bytes: &[u8]) -> Result<(), Error> {
let path = path.as_ref();
let mut file = File::create(&path).map_err(Error::UnableToCreateFile)?;
#[cfg(unix)]
{
use std::os::unix::fs::PermissionsExt;
let mut perm = file
.metadata()
.map_err(Error::UnableToRetrieveMetadata)?
.permissions();
perm.set_mode(0o600);
file.set_permissions(perm)
.map_err(Error::UnableToSetPermissions)?;
}
file.write_all(bytes).map_err(Error::UnableToWriteFile)?;
#[cfg(windows)]
{
restrict_file_permissions(path)?;
}
Ok(())
}
pub fn restrict_file_permissions<P: AsRef<Path>>(path: P) -> Result<(), Error> {
#[cfg(unix)]
{
use std::os::unix::fs::PermissionsExt;
let file = File::open(path.as_ref()).map_err(Error::UnableToOpenFile)?;
let mut perm = file
.metadata()
.map_err(Error::UnableToRetrieveMetadata)?
.permissions();
perm.set_mode(0o600);
file.set_permissions(perm)
.map_err(Error::UnableToSetPermissions)?;
}
#[cfg(windows)]
{
use winapi::um::winnt::PSID;
use windows_acl::acl::{AceType, ACL};
use windows_acl::helper::sid_to_string;
let path_str = path
.as_ref()
.to_str()
.ok_or(Error::UnableToObtainFilePath)?;
let mut acl = ACL::from_file_path(path_str, false).map_err(Error::UnableToRetrieveACL)?;
let owner_sid =
windows_acl::helper::string_to_sid(OWNER_SID_STR).map_err(Error::UnableToConvertSID)?;
let entries = acl.all().map_err(Error::UnableToEnumerateACLEntries)?;
// add single entry for file owner
acl.add_entry(
owner_sid.as_ptr() as PSID,
AceType::AccessAllow,
OWNER_ACL_ENTRY_FLAGS,
OWNER_ACL_ENTRY_MASK,
)
.map_err(|code| {
Error::UnableToAddACLEntry(format!(
"Failed to add ACL entry for SID {} error={}",
OWNER_SID_STR, code
))
})?;
// remove all AccessAllow entries from the file that aren't the owner_sid
for entry in &entries {
if let Some(ref entry_sid) = entry.sid {
let entry_sid_str = sid_to_string(entry_sid.as_ptr() as PSID)
.unwrap_or_else(|_| "BadFormat".to_string());
if entry_sid_str != OWNER_SID_STR {
acl.remove(entry_sid.as_ptr() as PSID, Some(AceType::AccessAllow), None)
.map_err(|_| {
Error::UnableToRemoveACLEntry(format!(
"Failed to remove ACL entry for SID {}",
entry_sid_str
))
})?;
}
}
}
}
Ok(())
}
Reference in New Issue View Git Blame Copy Permalink