From b75ed7d4d30e289b8a99e68e6a5e94ab74cf49cb Mon Sep 17 00:00:00 2001 From: Eugene Burkov Date: Mon, 25 Nov 2024 18:01:47 +0300 Subject: [PATCH] all: revert permissions --- internal/aghos/permission.go | 50 --- internal/aghos/permission_unix.go | 42 -- internal/aghos/permission_windows.go | 392 ------------------ .../aghos/permission_windows_internal_test.go | 135 ------ internal/aghrenameio/renameio_windows.go | 3 +- internal/filtering/filtering.go | 2 +- internal/filtering/http.go | 3 +- internal/home/auth.go | 5 +- internal/home/config.go | 2 +- internal/home/home.go | 2 +- internal/next/cmd/signal.go | 4 +- internal/next/configmgr/configmgr.go | 3 +- internal/permcheck/migrate.go | 4 +- internal/permcheck/permcheck.go | 2 +- internal/querylog/qlogfile.go | 1 - internal/querylog/querylogfile.go | 2 +- internal/stats/stats.go | 7 +- internal/updater/updater.go | 30 +- 18 files changed, 28 insertions(+), 661 deletions(-) delete mode 100644 internal/aghos/permission.go delete mode 100644 internal/aghos/permission_unix.go delete mode 100644 internal/aghos/permission_windows.go delete mode 100644 internal/aghos/permission_windows_internal_test.go diff --git a/internal/aghos/permission.go b/internal/aghos/permission.go deleted file mode 100644 index 42a1de93..00000000 --- a/internal/aghos/permission.go +++ /dev/null @@ -1,50 +0,0 @@ -package aghos - -import ( - "io/fs" - "os" -) - -// TODO(e.burkov): Add platform-independent tests. - -// Chmod is an extension for [os.Chmod] that properly handles Windows access -// rights. -func Chmod(name string, perm fs.FileMode) (err error) { - return chmod(name, perm) -} - -// Mkdir is an extension for [os.Mkdir] that properly handles Windows access -// rights. -func Mkdir(name string, perm fs.FileMode) (err error) { - return mkdir(name, perm) -} - -// MkdirAll is an extension for [os.MkdirAll] that properly handles Windows -// access rights. -func MkdirAll(path string, perm fs.FileMode) (err error) { - return mkdirAll(path, perm) -} - -// WriteFile is an extension for [os.WriteFile] that properly handles Windows -// access rights. -func WriteFile(filename string, data []byte, perm fs.FileMode) (err error) { - return writeFile(filename, data, perm) -} - -// OpenFile is an extension for [os.OpenFile] that properly handles Windows -// access rights. -func OpenFile(name string, flag int, perm fs.FileMode) (file *os.File, err error) { - return openFile(name, flag, perm) -} - -// Stat is an extension for [os.Stat] that properly handles Windows access -// rights. -// -// Note that on Windows the "other" permission bits combines the access rights -// of any trustee that is neither the owner nor the owning group for the file. -// -// TODO(e.burkov): Inspect the behavior for the World (everyone) well-known -// SID and, perhaps, use it. -func Stat(name string) (fi fs.FileInfo, err error) { - return stat(name) -} diff --git a/internal/aghos/permission_unix.go b/internal/aghos/permission_unix.go deleted file mode 100644 index 8c2573ca..00000000 --- a/internal/aghos/permission_unix.go +++ /dev/null @@ -1,42 +0,0 @@ -//go:build unix - -package aghos - -import ( - "io/fs" - "os" - - "github.com/google/renameio/v2/maybe" -) - -// chmod is a Unix implementation of [Chmod]. -func chmod(name string, perm fs.FileMode) (err error) { - return os.Chmod(name, perm) -} - -// mkdir is a Unix implementation of [Mkdir]. -func mkdir(name string, perm fs.FileMode) (err error) { - return os.Mkdir(name, perm) -} - -// mkdirAll is a Unix implementation of [MkdirAll]. -func mkdirAll(path string, perm fs.FileMode) (err error) { - return os.MkdirAll(path, perm) -} - -// writeFile is a Unix implementation of [WriteFile]. -func writeFile(filename string, data []byte, perm fs.FileMode) (err error) { - return maybe.WriteFile(filename, data, perm) -} - -// openFile is a Unix implementation of [OpenFile]. -func openFile(name string, flag int, perm fs.FileMode) (file *os.File, err error) { - // #nosec G304 -- This function simply wraps the [os.OpenFile] function, so - // the security concerns should be addressed to the [OpenFile] calls. - return os.OpenFile(name, flag, perm) -} - -// stat is a Unix implementation of [Stat]. -func stat(name string) (fi os.FileInfo, err error) { - return os.Stat(name) -} diff --git a/internal/aghos/permission_windows.go b/internal/aghos/permission_windows.go deleted file mode 100644 index cc5a4aa8..00000000 --- a/internal/aghos/permission_windows.go +++ /dev/null @@ -1,392 +0,0 @@ -//go:build windows - -package aghos - -import ( - "fmt" - "io/fs" - "os" - "path/filepath" - "unsafe" - - "github.com/AdguardTeam/golibs/errors" - "golang.org/x/sys/windows" -) - -// fileInfo is a Windows implementation of [fs.FileInfo], that contains the -// filemode converted from the security descriptor. -type fileInfo struct { - // fs.FileInfo is embedded to provide the default implementations and data - // successfully retrieved by [os.Stat]. - fs.FileInfo - - // mode is the file mode converted from the security descriptor. - mode fs.FileMode -} - -// type check -var _ fs.FileInfo = (*fileInfo)(nil) - -// Mode implements [fs.FileInfo.Mode] for [*fileInfo]. -func (fi *fileInfo) Mode() (mode fs.FileMode) { return fi.mode } - -// stat is a Windows implementation of [Stat]. -func stat(name string) (fi os.FileInfo, err error) { - absName, err := filepath.Abs(name) - if err != nil { - return nil, fmt.Errorf("computing absolute path: %w", err) - } - - fi, err = os.Stat(absName) - if err != nil { - // Don't wrap the error, since it's informative enough as is. - return nil, err - } - - dacl, owner, group, err := retrieveDACL(absName) - if err != nil { - // Don't wrap the error, since it's informative enough as is. - return nil, err - } - - var ownerMask, groupMask, otherMask windows.ACCESS_MASK - for i := range uint32(dacl.AceCount) { - var ace *windows.ACCESS_ALLOWED_ACE - err = windows.GetAce(dacl, i, &ace) - if err != nil { - return nil, fmt.Errorf("getting access control entry at index %d: %w", i, err) - } - - entrySid := (*windows.SID)(unsafe.Pointer(&ace.SidStart)) - switch { - case entrySid.Equals(owner): - ownerMask |= ace.Mask - case entrySid.Equals(group): - groupMask |= ace.Mask - default: - otherMask |= ace.Mask - } - } - - mode := fi.Mode() - perm := masksToPerm(ownerMask, groupMask, otherMask, mode.IsDir()) - - return &fileInfo{ - FileInfo: fi, - // Use the file mode from the security descriptor, but use the - // calculated permission bits. - mode: perm | mode&^fs.FileMode(0o777), - }, nil -} - -// retrieveDACL retrieves the discretionary access control list, owner, and -// group from the security descriptor of the file with the specified absolute -// name. -func retrieveDACL(absName string) (dacl *windows.ACL, owner, group *windows.SID, err error) { - // desiredSecInfo defines the parts of a security descriptor to retrieve. - const desiredSecInfo windows.SECURITY_INFORMATION = windows.OWNER_SECURITY_INFORMATION | - windows.GROUP_SECURITY_INFORMATION | - windows.DACL_SECURITY_INFORMATION | - windows.PROTECTED_DACL_SECURITY_INFORMATION | - windows.UNPROTECTED_DACL_SECURITY_INFORMATION - - sd, err := windows.GetNamedSecurityInfo(absName, windows.SE_FILE_OBJECT, desiredSecInfo) - if err != nil { - return nil, nil, nil, fmt.Errorf("getting security descriptor: %w", err) - } - - dacl, _, err = sd.DACL() - if err != nil { - return nil, nil, nil, fmt.Errorf("getting discretionary access control list: %w", err) - } - - owner, _, err = sd.Owner() - if err != nil { - return nil, nil, nil, fmt.Errorf("getting owner sid: %w", err) - } - - group, _, err = sd.Group() - if err != nil { - return nil, nil, nil, fmt.Errorf("getting group sid: %w", err) - } - - return dacl, owner, group, nil -} - -// chmod is a Windows implementation of [Chmod]. -func chmod(name string, perm fs.FileMode) (err error) { - fi, err := os.Stat(name) - if err != nil { - return fmt.Errorf("getting file info: %w", err) - } - - entries := make([]windows.EXPLICIT_ACCESS, 0, 3) - creatorMask, groupMask, worldMask := permToMasks(perm, fi.IsDir()) - - sidMasks := []struct { - Key windows.WELL_KNOWN_SID_TYPE - Value windows.ACCESS_MASK - }{{ - Key: windows.WinCreatorOwnerSid, - Value: creatorMask, - }, { - Key: windows.WinCreatorGroupSid, - Value: groupMask, - }, { - Key: windows.WinWorldSid, - Value: worldMask, - }} - - var errs []error - for _, sidMask := range sidMasks { - if sidMask.Value == 0 { - continue - } - - var trustee windows.TRUSTEE - trustee, err = newWellKnownTrustee(sidMask.Key) - if err != nil { - errs = append(errs, err) - - continue - } - - entries = append(entries, windows.EXPLICIT_ACCESS{ - AccessPermissions: sidMask.Value, - AccessMode: windows.GRANT_ACCESS, - Inheritance: windows.NO_INHERITANCE, - Trustee: trustee, - }) - } - - if err = errors.Join(errs...); err != nil { - return fmt.Errorf("creating access control entries: %w", err) - } - - acl, err := windows.ACLFromEntries(entries, nil) - if err != nil { - return fmt.Errorf("creating access control list: %w", err) - } - - // secInfo defines the parts of a security descriptor to set. - const secInfo windows.SECURITY_INFORMATION = windows.DACL_SECURITY_INFORMATION | - windows.PROTECTED_DACL_SECURITY_INFORMATION - - err = windows.SetNamedSecurityInfo(name, windows.SE_FILE_OBJECT, secInfo, nil, nil, acl, nil) - if err != nil { - return fmt.Errorf("setting security descriptor: %w", err) - } - - return nil -} - -// mkdir is a Windows implementation of [Mkdir]. -// -// TODO(e.burkov): Consider using [windows.CreateDirectory] instead of -// [os.Mkdir] to reduce the number of syscalls. -func mkdir(name string, perm os.FileMode) (err error) { - name, err = filepath.Abs(name) - if err != nil { - return fmt.Errorf("computing absolute path: %w", err) - } - - err = os.Mkdir(name, perm) - if err != nil { - return fmt.Errorf("creating directory: %w", err) - } - - defer func() { - if err != nil { - err = errors.WithDeferred(err, os.Remove(name)) - } - }() - - return chmod(name, perm) -} - -// mkdirAll is a Windows implementation of [MkdirAll]. -func mkdirAll(path string, perm os.FileMode) (err error) { - parent, _ := filepath.Split(path) - - if parent != "" { - err = os.MkdirAll(parent, perm) - if err != nil && !errors.Is(err, os.ErrExist) { - return fmt.Errorf("creating parent directories: %w", err) - } - } - - err = mkdir(path, perm) - if errors.Is(err, os.ErrExist) { - return nil - } - - return err -} - -// writeFile is a Windows implementation of [WriteFile]. -func writeFile(filename string, data []byte, perm os.FileMode) (err error) { - file, err := openFile(filename, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, perm) - if err != nil { - return fmt.Errorf("opening file: %w", err) - } - defer func() { err = errors.WithDeferred(err, file.Close()) }() - - _, err = file.Write(data) - if err != nil { - return fmt.Errorf("writing data: %w", err) - } - - return nil -} - -// openFile is a Windows implementation of [OpenFile]. -func openFile(name string, flag int, perm os.FileMode) (file *os.File, err error) { - // Only change permissions if the file not yet exists, but should be - // created. - if flag&os.O_CREATE == 0 { - return os.OpenFile(name, flag, perm) - } - - _, err = stat(name) - if err != nil { - if errors.Is(err, os.ErrNotExist) { - defer func() { err = errors.WithDeferred(err, chmod(name, perm)) }() - } else { - return nil, fmt.Errorf("getting file info: %w", err) - } - } - - return os.OpenFile(name, flag, perm) -} - -// newWellKnownTrustee returns a trustee for a well-known SID. -func newWellKnownTrustee(stype windows.WELL_KNOWN_SID_TYPE) (t windows.TRUSTEE, err error) { - sid, err := windows.CreateWellKnownSid(stype) - if err != nil { - return windows.TRUSTEE{}, fmt.Errorf("creating sid for type %d: %w", stype, err) - } - - return windows.TRUSTEE{ - TrusteeForm: windows.TRUSTEE_IS_SID, - TrusteeValue: windows.TrusteeValueFromSID(sid), - }, nil -} - -// UNIX file mode permission bits. -const ( - permRead = 0b100 - permWrite = 0b010 - permExecute = 0b001 -) - -// Windows access masks for appropriate UNIX file mode permission bits and -// file types. -const ( - fileReadRights windows.ACCESS_MASK = windows.READ_CONTROL | - windows.FILE_READ_DATA | - windows.FILE_READ_ATTRIBUTES | - windows.FILE_READ_EA | - windows.SYNCHRONIZE | - windows.ACCESS_SYSTEM_SECURITY - - fileWriteRights windows.ACCESS_MASK = windows.WRITE_DAC | - windows.WRITE_OWNER | - windows.FILE_WRITE_DATA | - windows.FILE_WRITE_ATTRIBUTES | - windows.FILE_WRITE_EA | - windows.DELETE | - windows.FILE_APPEND_DATA | - windows.SYNCHRONIZE | - windows.ACCESS_SYSTEM_SECURITY - - fileExecuteRights windows.ACCESS_MASK = windows.FILE_EXECUTE - - dirReadRights windows.ACCESS_MASK = windows.READ_CONTROL | - windows.FILE_LIST_DIRECTORY | - windows.FILE_READ_EA | - windows.FILE_READ_ATTRIBUTES<<1 | - windows.SYNCHRONIZE | - windows.ACCESS_SYSTEM_SECURITY - - dirWriteRights windows.ACCESS_MASK = windows.WRITE_DAC | - windows.WRITE_OWNER | - windows.DELETE | - windows.FILE_WRITE_DATA | - windows.FILE_APPEND_DATA | - windows.FILE_WRITE_EA | - windows.FILE_WRITE_ATTRIBUTES<<1 | - windows.SYNCHRONIZE | - windows.ACCESS_SYSTEM_SECURITY - - dirExecuteRights windows.ACCESS_MASK = windows.FILE_TRAVERSE -) - -// permToMasks converts a UNIX file mode permissions to the corresponding -// Windows access masks. The [isDir] argument is used to set specific access -// bits for directories. -func permToMasks(fm os.FileMode, isDir bool) (owner, group, world windows.ACCESS_MASK) { - mask := fm.Perm() - - owner = permToMask(byte((mask>>6)&0b111), isDir) - group = permToMask(byte((mask>>3)&0b111), isDir) - world = permToMask(byte(mask&0b111), isDir) - - return owner, group, world -} - -// permToMask converts a UNIX file mode permission bits within p byte to the -// corresponding Windows access mask. The [isDir] argument is used to set -// specific access bits for directories. -func permToMask(p byte, isDir bool) (mask windows.ACCESS_MASK) { - readRights, writeRights, executeRights := fileReadRights, fileWriteRights, fileExecuteRights - if isDir { - readRights, writeRights, executeRights = dirReadRights, dirWriteRights, dirExecuteRights - } - - if p&permRead != 0 { - mask |= readRights - } - if p&permWrite != 0 { - mask |= writeRights - } - if p&permExecute != 0 { - mask |= executeRights - } - - return mask -} - -// masksToPerm converts Windows access masks to the corresponding UNIX file -// mode permission bits. -func masksToPerm(u, g, o windows.ACCESS_MASK, isDir bool) (perm fs.FileMode) { - perm |= fs.FileMode(maskToPerm(u, isDir)) << 6 - perm |= fs.FileMode(maskToPerm(g, isDir)) << 3 - perm |= fs.FileMode(maskToPerm(o, isDir)) - - return perm -} - -// maskToPerm converts a Windows access mask to the corresponding UNIX file -// mode permission bits. -func maskToPerm(mask windows.ACCESS_MASK, isDir bool) (perm byte) { - readMask, writeMask, executeMask := fileReadRights, fileWriteRights, fileExecuteRights - if isDir { - readMask, writeMask, executeMask = dirReadRights, dirWriteRights, dirExecuteRights - } - - // Remove common bits to avoid false positive detection of unset rights. - readMask ^= windows.SYNCHRONIZE | windows.ACCESS_SYSTEM_SECURITY - writeMask ^= windows.SYNCHRONIZE | windows.ACCESS_SYSTEM_SECURITY - - if mask&readMask != 0 { - perm |= permRead - } - if mask&writeMask != 0 { - perm |= permWrite - } - if mask&executeMask != 0 { - perm |= permExecute - } - - return perm -} diff --git a/internal/aghos/permission_windows_internal_test.go b/internal/aghos/permission_windows_internal_test.go deleted file mode 100644 index 3837fda1..00000000 --- a/internal/aghos/permission_windows_internal_test.go +++ /dev/null @@ -1,135 +0,0 @@ -//go:build windows - -package aghos - -import ( - "io/fs" - "testing" - - "github.com/stretchr/testify/assert" - "golang.org/x/sys/windows" -) - -func TestPermToMasks(t *testing.T) { - t.Parallel() - - testCases := []struct { - name string - perm fs.FileMode - wantUser windows.ACCESS_MASK - wantGroup windows.ACCESS_MASK - wantOther windows.ACCESS_MASK - isDir bool - }{{ - name: "all", - perm: 0b111_111_111, - wantUser: fileReadRights | fileWriteRights | fileExecuteRights, - wantGroup: fileReadRights | fileWriteRights | fileExecuteRights, - wantOther: fileReadRights | fileWriteRights | fileExecuteRights, - isDir: false, - }, { - name: "user_write", - perm: 0b010_000_000, - wantUser: fileWriteRights, - wantGroup: 0, - wantOther: 0, - isDir: false, - }, { - name: "group_read", - perm: 0b000_100_000, - wantUser: 0, - wantGroup: fileReadRights, - wantOther: 0, - isDir: false, - }, { - name: "all_dir", - perm: 0b111_111_111, - wantUser: dirReadRights | dirWriteRights | dirExecuteRights, - wantGroup: dirReadRights | dirWriteRights | dirExecuteRights, - wantOther: dirReadRights | dirWriteRights | dirExecuteRights, - isDir: true, - }, { - name: "user_write_dir", - perm: 0b010_000_000, - wantUser: dirWriteRights, - wantGroup: 0, - wantOther: 0, - isDir: true, - }} - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - t.Parallel() - - user, group, other := permToMasks(tc.perm, tc.isDir) - assert.Equal(t, tc.wantUser, user) - assert.Equal(t, tc.wantGroup, group) - assert.Equal(t, tc.wantOther, other) - }) - } -} - -func TestMasksToPerm(t *testing.T) { - t.Parallel() - - testCases := []struct { - name string - user windows.ACCESS_MASK - group windows.ACCESS_MASK - other windows.ACCESS_MASK - wantPerm fs.FileMode - isDir bool - }{{ - name: "all", - user: fileReadRights | fileWriteRights | fileExecuteRights, - group: fileReadRights | fileWriteRights | fileExecuteRights, - other: fileReadRights | fileWriteRights | fileExecuteRights, - wantPerm: 0b111_111_111, - isDir: false, - }, { - name: "user_write", - user: fileWriteRights, - group: 0, - other: 0, - wantPerm: 0b010_000_000, - isDir: false, - }, { - name: "group_read", - user: 0, - group: fileReadRights, - other: 0, - wantPerm: 0b000_100_000, - isDir: false, - }, { - name: "no_access", - user: 0, - group: 0, - other: 0, - wantPerm: 0, - isDir: false, - }, { - name: "all_dir", - user: dirReadRights | dirWriteRights | dirExecuteRights, - group: dirReadRights | dirWriteRights | dirExecuteRights, - other: dirReadRights | dirWriteRights | dirExecuteRights, - wantPerm: 0b111_111_111, - isDir: true, - }, { - name: "user_write_dir", - user: dirWriteRights, - group: 0, - other: 0, - wantPerm: 0b010_000_000, - isDir: true, - }} - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - t.Parallel() - - // Don't call [fs.FileMode.Perm] since the result is expected to - // contain only the permission bits. - assert.Equal(t, tc.wantPerm, masksToPerm(tc.user, tc.group, tc.other, tc.isDir)) - }) - } -} diff --git a/internal/aghrenameio/renameio_windows.go b/internal/aghrenameio/renameio_windows.go index b4d88f4f..8097caf4 100644 --- a/internal/aghrenameio/renameio_windows.go +++ b/internal/aghrenameio/renameio_windows.go @@ -8,7 +8,6 @@ import ( "os" "path/filepath" - "github.com/AdguardTeam/AdGuardHome/internal/aghos" "github.com/AdguardTeam/golibs/errors" ) @@ -63,7 +62,7 @@ func newPendingFile(filePath string, mode fs.FileMode) (f PendingFile, err error return nil, fmt.Errorf("opening pending file: %w", err) } - err = aghos.Chmod(file.Name(), mode) + err = os.Chmod(file.Name(), mode) if err != nil { return nil, fmt.Errorf("preparing pending file: %w", err) } diff --git a/internal/filtering/filtering.go b/internal/filtering/filtering.go index f4bd1f10..8836515c 100644 --- a/internal/filtering/filtering.go +++ b/internal/filtering/filtering.go @@ -1057,7 +1057,7 @@ func New(c *Config, blockFilters []Filter) (d *DNSFilter, err error) { } } - err = aghos.MkdirAll(filepath.Join(d.conf.DataDir, filterDir), aghos.DefaultPermDir) + err = os.MkdirAll(filepath.Join(d.conf.DataDir, filterDir), aghos.DefaultPermDir) if err != nil { d.Close() diff --git a/internal/filtering/http.go b/internal/filtering/http.go index 60b0d1d5..94a601f5 100644 --- a/internal/filtering/http.go +++ b/internal/filtering/http.go @@ -13,7 +13,6 @@ import ( "time" "github.com/AdguardTeam/AdGuardHome/internal/aghhttp" - "github.com/AdguardTeam/AdGuardHome/internal/aghos" "github.com/AdguardTeam/AdGuardHome/internal/filtering/rulelist" "github.com/AdguardTeam/golibs/errors" "github.com/AdguardTeam/golibs/log" @@ -27,7 +26,7 @@ func (d *DNSFilter) validateFilterURL(urlStr string) (err error) { if filepath.IsAbs(urlStr) { urlStr = filepath.Clean(urlStr) - _, err = aghos.Stat(urlStr) + _, err = os.Stat(urlStr) if err != nil { // Don't wrap the error since it's informative enough as is. return err diff --git a/internal/home/auth.go b/internal/home/auth.go index 040c70fd..969152af 100644 --- a/internal/home/auth.go +++ b/internal/home/auth.go @@ -91,10 +91,7 @@ func InitAuth( } var err error - opts := *bbolt.DefaultOptions - opts.OpenFile = aghos.OpenFile - - a.db, err = bbolt.Open(dbFilename, aghos.DefaultPermFile, &opts) + a.db, err = bbolt.Open(dbFilename, aghos.DefaultPermFile, nil) if err != nil { log.Error("auth: open DB: %s: %s", dbFilename, err) if err.Error() == "invalid argument" { diff --git a/internal/home/config.go b/internal/home/config.go index 5242dbc6..3c5c16f9 100644 --- a/internal/home/config.go +++ b/internal/home/config.go @@ -714,7 +714,7 @@ func (c *configuration) write() (err error) { return fmt.Errorf("generating config file: %w", err) } - err = aghos.WriteFile(confPath, buf.Bytes(), aghos.DefaultPermFile) + err = maybe.WriteFile(confPath, buf.Bytes(), aghos.DefaultPermFile) if err != nil { return fmt.Errorf("writing config file: %w", err) } diff --git a/internal/home/home.go b/internal/home/home.go index 5f573876..1a118cba 100644 --- a/internal/home/home.go +++ b/internal/home/home.go @@ -645,7 +645,7 @@ func run(opts options, clientBuildFS fs.FS, done chan struct{}) { } dataDir := Context.getDataDir() - err = aghos.MkdirAll(dataDir, aghos.DefaultPermDir) + err = os.MkdirAll(dataDir, aghos.DefaultPermDir) fatalOnError(errors.Annotate(err, "creating DNS data dir at %s: %w", dataDir)) GLMode = opts.glinetMode diff --git a/internal/next/cmd/signal.go b/internal/next/cmd/signal.go index d6aa7dc5..cdff1b44 100644 --- a/internal/next/cmd/signal.go +++ b/internal/next/cmd/signal.go @@ -8,12 +8,12 @@ import ( "strconv" "time" - "github.com/AdguardTeam/AdGuardHome/internal/aghos" "github.com/AdguardTeam/AdGuardHome/internal/next/configmgr" "github.com/AdguardTeam/golibs/errors" "github.com/AdguardTeam/golibs/logutil/slogutil" "github.com/AdguardTeam/golibs/osutil" "github.com/AdguardTeam/golibs/service" + "github.com/google/renameio/v2/maybe" ) // signalHandler processes incoming signals and shuts services down. @@ -84,7 +84,7 @@ func (h *signalHandler) writePID(ctx context.Context) { data := strconv.AppendInt(nil, int64(pid), 10) data = append(data, '\n') - err := aghos.WriteFile(h.pidFile, data, 0o644) + err := maybe.WriteFile(h.pidFile, data, 0o644) if err != nil { h.logger.ErrorContext(ctx, "writing pidfile", slogutil.KeyError, err) diff --git a/internal/next/configmgr/configmgr.go b/internal/next/configmgr/configmgr.go index 1f9bc8de..100680c8 100644 --- a/internal/next/configmgr/configmgr.go +++ b/internal/next/configmgr/configmgr.go @@ -22,6 +22,7 @@ import ( "github.com/AdguardTeam/golibs/errors" "github.com/AdguardTeam/golibs/logutil/slogutil" "github.com/AdguardTeam/golibs/timeutil" + "github.com/google/renameio/v2/maybe" "gopkg.in/yaml.v3" ) @@ -203,7 +204,7 @@ func (m *Manager) write(ctx context.Context) (err error) { return fmt.Errorf("encoding: %w", err) } - err = aghos.WriteFile(m.fileName, b, aghos.DefaultPermFile) + err = maybe.WriteFile(m.fileName, b, aghos.DefaultPermFile) if err != nil { return fmt.Errorf("writing: %w", err) } diff --git a/internal/permcheck/migrate.go b/internal/permcheck/migrate.go index 65d704c4..b052bffa 100644 --- a/internal/permcheck/migrate.go +++ b/internal/permcheck/migrate.go @@ -14,7 +14,7 @@ import ( // // TODO(a.garipov): Consider ways to detect this better. func NeedsMigration(confFilePath string) (ok bool) { - s, err := aghos.Stat(confFilePath) + s, err := os.Stat(confFilePath) if err != nil { if errors.Is(err, os.ErrNotExist) { // Likely a first run. Don't check. @@ -70,7 +70,7 @@ func chmodFile(filePath string) { // chmodPath changes the permissions of a single filesystem entity. The results // are logged at the appropriate level. func chmodPath(entPath, fileType string, fm fs.FileMode) { - err := aghos.Chmod(entPath, fm) + err := os.Chmod(entPath, fm) if err == nil { log.Info("permcheck: changed permissions for %s %q", fileType, entPath) diff --git a/internal/permcheck/permcheck.go b/internal/permcheck/permcheck.go index ace62a5e..aea4a743 100644 --- a/internal/permcheck/permcheck.go +++ b/internal/permcheck/permcheck.go @@ -60,7 +60,7 @@ func checkFile(filePath string) { // checkPath checks the permissions of a single filesystem entity. The results // are logged at the appropriate level. func checkPath(entPath, fileType string, want fs.FileMode) { - s, err := aghos.Stat(entPath) + s, err := os.Stat(entPath) if err != nil { logFunc := log.Error if errors.Is(err, os.ErrNotExist) { diff --git a/internal/querylog/qlogfile.go b/internal/querylog/qlogfile.go index 67b1eeb3..9bc738c6 100644 --- a/internal/querylog/qlogfile.go +++ b/internal/querylog/qlogfile.go @@ -59,7 +59,6 @@ type qLogFile struct { // newQLogFile initializes a new instance of the qLogFile. func newQLogFile(path string) (qf *qLogFile, err error) { - // Don't use [aghos.OpenFile] here, because the file is expected to exist. f, err := os.OpenFile(path, os.O_RDONLY, aghos.DefaultPermFile) if err != nil { return nil, err diff --git a/internal/querylog/querylogfile.go b/internal/querylog/querylogfile.go index 84da97cf..bca46c8c 100644 --- a/internal/querylog/querylogfile.go +++ b/internal/querylog/querylogfile.go @@ -83,7 +83,7 @@ func (l *queryLog) flushToFile(ctx context.Context, b *bytes.Buffer) (err error) filename := l.logFile - f, err := aghos.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_APPEND, aghos.DefaultPermFile) + f, err := os.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_APPEND, aghos.DefaultPermFile) if err != nil { return fmt.Errorf("creating file %q: %w", filename, err) } diff --git a/internal/stats/stats.go b/internal/stats/stats.go index 38affdb9..56bb8d46 100644 --- a/internal/stats/stats.go +++ b/internal/stats/stats.go @@ -385,12 +385,7 @@ func (s *StatsCtx) openDB() (err error) { var db *bbolt.DB - opts := *bbolt.DefaultOptions - // Use the custom OpenFile function to properly handle access rights on - // Windows. - opts.OpenFile = aghos.OpenFile - - db, err = bbolt.Open(s.filename, aghos.DefaultPermFile, &opts) + db, err = bbolt.Open(s.filename, aghos.DefaultPermFile, nil) if err != nil { if err.Error() == "invalid argument" { const lines = `AdGuard Home cannot be initialized due to an incompatible file system. diff --git a/internal/updater/updater.go b/internal/updater/updater.go index fe1e7727..50869f35 100644 --- a/internal/updater/updater.go +++ b/internal/updater/updater.go @@ -270,7 +270,7 @@ func (u *Updater) check() (err error) { // ignores the configuration file if firstRun is true. func (u *Updater) backup(firstRun bool) (err error) { log.Debug("updater: backing up current configuration") - _ = aghos.Mkdir(u.backupDir, aghos.DefaultPermDir) + _ = os.Mkdir(u.backupDir, aghos.DefaultPermDir) if !firstRun { err = copyFile(u.confName, filepath.Join(u.backupDir, "AdGuardHome.yaml"), aghos.DefaultPermFile) if err != nil { @@ -344,10 +344,10 @@ func (u *Updater) downloadPackageFile() (err error) { return fmt.Errorf("io.ReadAll() failed: %w", err) } - _ = aghos.Mkdir(u.updateDir, aghos.DefaultPermDir) + _ = os.Mkdir(u.updateDir, aghos.DefaultPermDir) log.Debug("updater: saving package to file") - err = aghos.WriteFile(u.packageName, body, aghos.DefaultPermFile) + err = os.WriteFile(u.packageName, body, aghos.DefaultPermFile) if err != nil { return fmt.Errorf("writing package file: %w", err) } @@ -360,7 +360,7 @@ func tarGzFileUnpackOne(outDir string, tr *tar.Reader, hdr *tar.Header) (name st return "", nil } - outputName := filepath.Join(outDir, name) + outName := filepath.Join(outDir, name) if hdr.Typeflag == tar.TypeDir { if name == "AdGuardHome" { @@ -372,12 +372,12 @@ func tarGzFileUnpackOne(outDir string, tr *tar.Reader, hdr *tar.Header) (name st return "", nil } - err = aghos.Mkdir(outputName, os.FileMode(hdr.Mode&0o755)) + err = os.Mkdir(outName, os.FileMode(hdr.Mode&0o755)) if err != nil && !errors.Is(err, os.ErrExist) { - return "", fmt.Errorf("creating directory %q: %w", outputName, err) + return "", fmt.Errorf("creating directory %q: %w", outName, err) } - log.Debug("updater: created directory %q", outputName) + log.Debug("updater: created directory %q", outName) return "", nil } @@ -389,13 +389,9 @@ func tarGzFileUnpackOne(outDir string, tr *tar.Reader, hdr *tar.Header) (name st } var wc io.WriteCloser - wc, err = aghos.OpenFile( - outputName, - os.O_WRONLY|os.O_CREATE|os.O_TRUNC, - os.FileMode(hdr.Mode&0o755), - ) + wc, err = os.OpenFile(outName, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, os.FileMode(hdr.Mode)&0o755) if err != nil { - return "", fmt.Errorf("os.OpenFile(%s): %w", outputName, err) + return "", fmt.Errorf("os.OpenFile(%s): %w", outName, err) } defer func() { err = errors.WithDeferred(err, wc.Close()) }() @@ -404,7 +400,7 @@ func tarGzFileUnpackOne(outDir string, tr *tar.Reader, hdr *tar.Header) (name st return "", fmt.Errorf("io.Copy(): %w", err) } - log.Debug("updater: created file %q", outputName) + log.Debug("updater: created file %q", outName) return name, nil } @@ -474,7 +470,7 @@ func zipFileUnpackOne(outDir string, zf *zip.File) (name string, err error) { return "", nil } - err = aghos.Mkdir(outputName, fi.Mode()) + err = os.Mkdir(outputName, fi.Mode()) if err != nil && !errors.Is(err, os.ErrExist) { return "", fmt.Errorf("creating directory %q: %w", outputName, err) } @@ -485,7 +481,7 @@ func zipFileUnpackOne(outDir string, zf *zip.File) (name string, err error) { } var wc io.WriteCloser - wc, err = aghos.OpenFile(outputName, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, fi.Mode()) + wc, err = os.OpenFile(outputName, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, fi.Mode()) if err != nil { return "", fmt.Errorf("os.OpenFile(): %w", err) } @@ -535,7 +531,7 @@ func copyFile(src, dst string, perm fs.FileMode) (err error) { return err } - err = aghos.WriteFile(dst, d, perm) + err = os.WriteFile(dst, d, perm) if err != nil { // Don't wrap the error, since it's informative enough as is. return err