AdGuardHome/internal/permcheck/permcheck.go

87 lines
2.2 KiB
Go
Raw Normal View History

// Package permcheck contains code for simplifying permissions checks on files
// and directories.
//
// TODO(a.garipov): Improve the approach on Windows.
package permcheck
import (
"io/fs"
"os"
"path/filepath"
"github.com/AdguardTeam/AdGuardHome/internal/aghos"
"github.com/AdguardTeam/golibs/errors"
"github.com/AdguardTeam/golibs/log"
)
// File type constants for logging.
const (
typeDir = "directory"
typeFile = "file"
)
// Check checks the permissions on important files. It logs the results at
// appropriate levels.
func Check(workDir, dataDir, statsDir, querylogDir, confFilePath string) {
checkDir(workDir)
checkFile(confFilePath)
// TODO(a.garipov): Put all paths in one place and remove this duplication.
checkDir(dataDir)
checkDir(filepath.Join(dataDir, "filters"))
checkFile(filepath.Join(dataDir, "sessions.db"))
checkFile(filepath.Join(dataDir, "leases.json"))
if dataDir != querylogDir {
checkDir(querylogDir)
}
checkFile(filepath.Join(querylogDir, "querylog.json"))
checkFile(filepath.Join(querylogDir, "querylog.json.1"))
if dataDir != statsDir {
checkDir(statsDir)
}
checkFile(filepath.Join(statsDir, "stats.db"))
}
// checkDir checks the permissions of a single directory. The results are
// logged at the appropriate level.
func checkDir(dirPath string) {
checkPath(dirPath, typeDir, aghos.DefaultPermDir)
}
// checkFile checks the permissions of a single file. The results are logged at
// the appropriate level.
func checkFile(filePath string) {
checkPath(filePath, typeFile, aghos.DefaultPermFile)
}
// checkPath checks the permissions of a single filesystem entity. The results
// are logged at the appropriate level.
func checkPath(entPath, fileType string, want fs.FileMode) {
Pull request 2294: AGDNS-2455 Windows permissions Closes #7314. Squashed commit of the following: commit f8b6ffeec2f0f96c947cf896c75d05efaca77caf Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Oct 29 14:14:41 2024 +0300 all: fix chlog commit 9417b7dc510296c096f234e2f340dad5a6faf627 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Oct 28 19:41:30 2024 +0300 aghos: imp doc commit b91f0e72a70a8e1392bd07b50714d8b83cc4e33e Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Oct 28 19:26:15 2024 +0300 all: rm bin commit 9008ee93b181794c5082894bfa5ce4c76153f93d Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Oct 28 18:23:54 2024 +0300 all: revert permcheck commit bcc85d50f5f39269713979c6509a9acd220570b8 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Oct 28 17:48:55 2024 +0300 all: use aghos more commit 993e351712fbf004a6f96e06061ba2321c1c46e1 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Oct 28 16:24:56 2024 +0300 all: fix more bugs commit a22b0d265eb0fa747e136363558b97de54e593b8 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Oct 25 18:30:52 2024 +0300 all: fix bugs commit a2309f812ad3fd83d26c373b67756ea3074f4854 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Oct 25 17:05:08 2024 +0300 all: fix chlog, imp api commit 42c3f8e91c49998068bc208166de20efe49c3dcb Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Oct 25 16:04:47 2024 +0300 scripts: fix docs commit 9e781ff18db58ed9be35e259ecf3c669a4d41e02 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Oct 25 16:03:19 2024 +0300 scripts: imp docs commit 1dbc7849828cc4933bb5edc3257f158ac292d48e Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Oct 25 15:55:16 2024 +0300 all: use new functions, add tests commit dcbabaf4e37149a73969c52c9bfac2b9d9127a67 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Oct 25 13:23:50 2024 +0300 aghos: add stat commit 72d7c0f881835725e65db63ac2dd1c5f7a409036 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Oct 24 17:10:30 2024 +0300 aghos: add windows functions
2024-10-29 11:28:59 +00:00
s, err := aghos.Stat(entPath)
if err != nil {
logFunc := log.Error
if errors.Is(err, os.ErrNotExist) {
logFunc = log.Debug
}
logFunc("permcheck: checking %s %q: %s", fileType, entPath, err)
return
}
// TODO(a.garipov): Add a more fine-grained check and result reporting.
perm := s.Mode().Perm()
if perm != want {
log.Info(
"permcheck: SECURITY WARNING: %s %q has unexpected permissions %#o; want %#o",
fileType,
entPath,
perm,
want,
)
}
}