mirrors
/
AdGuardHome
mirror of https://github.com/AdguardTeam/AdGuardHome.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

permcheck: imp code

This commit is contained in:
Eugene Burkov 2024-11-29 17:16:24 +03:00
parent 7dfbeda179
commit 0b6a71326e
2 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
internal/permcheck/security_unix.go
View File

@ -21,7 +21,7 @@ type entity = container.KeyValue[string, bool]
// entities returns a list of filesystem entities that need to be ranged over. // entities returns a list of filesystem entities that need to be ranged over.
func entities(workDir, dataDir, statsDir, querylogDir, confFilePath string) (ents []entity) { func entities(workDir, dataDir, statsDir, querylogDir, confFilePath string) (ents []entity) {
ents = container.KeyValues[string, bool]{{ ents = []entity{{
Key: workDir, Key: workDir,
Value: true, Value: true,
}, { }, {
@ -47,13 +47,13 @@ func entities(workDir, dataDir, statsDir, querylogDir, confFilePath string) (ent
Value: true, Value: true,
}) })
} }
ents = append(ents, []entity{{ ents = append(ents, entity{
Key: filepath.Join(querylogDir, "querylog.json"), Key: filepath.Join(querylogDir, "querylog.json"),
Value: false, Value: false,
}, { }, entity{
Key: filepath.Join(querylogDir, "querylog.json.1"), Key: filepath.Join(querylogDir, "querylog.json.1"),
Value: false, Value: false,
}}...) })
if dataDir != statsDir { if dataDir != statsDir {
ents = append(ents, entity{ ents = append(ents, entity{

14
internal/permcheck/security_windows.go
View File

@ -10,12 +10,6 @@ import (
"golang.org/x/sys/windows" "golang.org/x/sys/windows"
) )
// desiredSecInfo defines the parts of a security descriptor to retrieve.
const desiredSecInfo windows.SECURITY_INFORMATION = windows.OWNER_SECURITY_INFORMATION |
windows.DACL_SECURITY_INFORMATION |
windows.PROTECTED_DACL_SECURITY_INFORMATION |
windows.UNPROTECTED_DACL_SECURITY_INFORMATION
// objectType is the type of the object for directories in context of security // objectType is the type of the object for directories in context of security
// API. // API.
const objectType windows.SE_OBJECT_TYPE = windows.SE_FILE_OBJECT const objectType windows.SE_OBJECT_TYPE = windows.SE_FILE_OBJECT
@ -103,7 +97,7 @@ func setSecurityInfo(fname string, owner *windows.SID, ents []windows.EXPLICIT_A
return fmt.Errorf("creating access control list: %w", err) return fmt.Errorf("creating access control list: %w", err)
} }
err = windows.SetNamedSecurityInfo(fname, objectType, desiredSecInfo, owner, nil, acl, nil) err = windows.SetNamedSecurityInfo(fname, objectType, secInfo, owner, nil, acl, nil)
if err != nil { if err != nil {
return fmt.Errorf("setting security info: %w", err) return fmt.Errorf("setting security info: %w", err)
} }
@ -113,6 +107,12 @@ func setSecurityInfo(fname string, owner *windows.SID, ents []windows.EXPLICIT_A
// getSecurityInfo retrieves the security information for the specified file. // getSecurityInfo retrieves the security information for the specified file.
func getSecurityInfo(fname string) (dacl *windows.ACL, owner *windows.SID, err error) { func getSecurityInfo(fname string) (dacl *windows.ACL, owner *windows.SID, err error) {
// desiredSecInfo defines the parts of a security descriptor to retrieve.
const desiredSecInfo windows.SECURITY_INFORMATION = windows.OWNER_SECURITY_INFORMATION |
windows.DACL_SECURITY_INFORMATION |
windows.PROTECTED_DACL_SECURITY_INFORMATION |
windows.UNPROTECTED_DACL_SECURITY_INFORMATION
sd, err := windows.GetNamedSecurityInfo(fname, objectType, desiredSecInfo) sd, err := windows.GetNamedSecurityInfo(fname, objectType, desiredSecInfo)
if err != nil { if err != nil {
return nil, nil, fmt.Errorf("getting security descriptor: %w", err) return nil, nil, fmt.Errorf("getting security descriptor: %w", err)