tyler
/
proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

src/config: more style fixups 

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2019-08-21 14:14:00 +02:00
parent 91640ab567
commit 5c20e2da6b
1 changed files with 28 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
src/config.rs
View File

@ -5,19 +5,18 @@
use failure::*; use failure::*;
pub mod datastore;
use proxmox::tools::try_block; use proxmox::tools::try_block;
use crate::buildcfg; use crate::buildcfg;
pub mod datastore;
/// Check configuration directory permissions /// Check configuration directory permissions
/// ///
/// For security reasons, we want to make sure they are set correctly: /// For security reasons, we want to make sure they are set correctly:
/// * owned by 'backup' user/group /// * owned by 'backup' user/group
/// * nobody else can read (mode 0700) /// * nobody else can read (mode 0700)
pub fn check_configdir_permissions() -> Result<(), Error> { pub fn check_configdir_permissions() -> Result<(), Error> {
let cfgdir = buildcfg::CONFIGDIR; let cfgdir = buildcfg::CONFIGDIR;
let (backup_uid, backup_gid) = crate::tools::getpwnam_ugid("backup")?; let (backup_uid, backup_gid) = crate::tools::getpwnam_ugid("backup")?;
@ -25,34 +24,44 @@ pub fn check_configdir_permissions() -> Result<(), Error> {
let stat = nix::sys::stat::stat(cfgdir)?; let stat = nix::sys::stat::stat(cfgdir)?;
if stat.st_uid != backup_uid { if stat.st_uid != backup_uid {
bail!("wrong user ({} != {})", stat.st_uid, backup_uid); bail!("wrong user ({} != {})", stat.st_uid, backup_uid);
} }
if stat.st_gid != backup_gid { if stat.st_gid != backup_gid {
bail!("wrong group ({} != {})", stat.st_gid, backup_gid); bail!("wrong group ({} != {})", stat.st_gid, backup_gid);
} }
let perm = stat.st_mode & 0o777; let perm = stat.st_mode & 0o777;
if perm != 0o700 { if perm != 0o700 {
bail!("wrong permission ({:o} != {:o})", perm, 0o700); bail!("wrong permission ({:o} != {:o})", perm, 0o700);
} }
Ok(()) Ok(())
}).map_err(|err| format_err!("configuration directory '{}' permission problem - {}", cfgdir, err)) })
.map_err(|err| {
format_err!(
"configuration directory '{}' permission problem - {}",
cfgdir,
err
)
})
} }
pub fn create_configdir() -> Result<(), Error> { pub fn create_configdir() -> Result<(), Error> {
use nix::sys::stat::Mode; use nix::sys::stat::Mode;
let cfgdir = buildcfg::CONFIGDIR; let cfgdir = buildcfg::CONFIGDIR;
let (backup_uid, backup_gid) = crate::tools::getpwnam_ugid("backup")?; let (backup_uid, backup_gid) = crate::tools::getpwnam_ugid("backup")?;
match nix::unistd::mkdir(cfgdir, Mode::from_bits_truncate(0o700)) { match nix::unistd::mkdir(cfgdir, Mode::from_bits_truncate(0o700)) {
Ok(()) => {}, Ok(()) => {}
Err(nix::Error::Sys(nix::errno::Errno::EEXIST)) => { Err(nix::Error::Sys(nix::errno::Errno::EEXIST)) => {
check_configdir_permissions()?; check_configdir_permissions()?;
return Ok(()); return Ok(());
}, }
Err(err) => bail!("unable to create configuration directory '{}' - {}", cfgdir, err), Err(err) => bail!(
"unable to create configuration directory '{}' - {}",
cfgdir,
err
),
} }
try_block!({ try_block!({
@ -62,6 +71,12 @@ pub fn create_configdir() -> Result<(), Error> {
nix::unistd::chown(cfgdir, Some(uid), Some(gid))?; nix::unistd::chown(cfgdir, Some(uid), Some(gid))?;
Ok(()) Ok(())
}).map_err(|err: Error| format_err!( })
"unable to set configuration directory '{}' permissions - {}", cfgdir, err)) .map_err(|err: Error| {
format_err!(
"unable to set configuration directory '{}' permissions - {}",
cfgdir,
err
)
})
} }