tyler
/
proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

remove tools::getpwnam_ugid, impl. crate::backup::backup_user() 

And use new nix::unistd::User struct.
This commit is contained in:
Dietmar Maurer 2019-12-19 10:20:13 +01:00
parent 8bf4559b4e
commit f74a03da1f
7 changed files with 45 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/auth_helpers.rs
View File

@ -97,7 +97,7 @@ pub fn generate_csrf_key() -> Result<(), Error> {
use nix::sys::stat::Mode; use nix::sys::stat::Mode;
let (_, backup_gid) = crate::tools::getpwnam_ugid("backup")?; let backup_user = crate::backup::backup_user()?;
replace_file( replace_file(
&path, &path,
@ -105,7 +105,7 @@ pub fn generate_csrf_key() -> Result<(), Error> {
CreateOptions::new() CreateOptions::new()
.perm(Mode::from_bits_truncate(0o0640)) .perm(Mode::from_bits_truncate(0o0640))
.owner(nix::unistd::ROOT) .owner(nix::unistd::ROOT)
.group(nix::unistd::Gid::from_raw(backup_gid)), .group(backup_user.gid),
)?; )?;
Ok(()) Ok(())
@ -131,7 +131,7 @@ pub fn generate_auth_key() -> Result<(), Error> {
let public_pem = rsa.public_key_to_pem()?; let public_pem = rsa.public_key_to_pem()?;
let (_, backup_gid) = crate::tools::getpwnam_ugid("backup")?; let backup_user = crate::backup::backup_user()?;
replace_file( replace_file(
&public_path, &public_path,
@ -139,7 +139,7 @@ pub fn generate_auth_key() -> Result<(), Error> {
CreateOptions::new() CreateOptions::new()
.perm(Mode::from_bits_truncate(0o0640)) .perm(Mode::from_bits_truncate(0o0640))
.owner(nix::unistd::ROOT) .owner(nix::unistd::ROOT)
.group(nix::unistd::Gid::from_raw(backup_gid)), .group(backup_user.gid),
)?; )?;
Ok(()) Ok(())

13
src/backup.rs
View File

@ -103,6 +103,8 @@
//! //!
//! Not sure if this is better. TODO //! Not sure if this is better. TODO
use failure::*;
// Note: .pcat1 => Proxmox Catalog Format version 1 // Note: .pcat1 => Proxmox Catalog Format version 1
pub const CATALOG_NAME: &str = "catalog.pcat1.didx"; pub const CATALOG_NAME: &str = "catalog.pcat1.didx";
@ -116,6 +118,17 @@ macro_rules! PROXMOX_BACKUP_READER_PROTOCOL_ID_V1 {
() => { "proxmox-backup-reader-protocol-v1" } () => { "proxmox-backup-reader-protocol-v1" }
} }
/// Unix system user used by proxmox-backup-proxy
pub const BACKUP_USER_NAME: &str = "backup";
/// Return User info for the 'backup' user (``getpwnam_r(3)``)
pub fn backup_user() -> Result<nix::unistd::User, Error> {
match nix::unistd::User::from_name(BACKUP_USER_NAME)? {
Some(user) => Ok(user),
None => bail!("Unable to lookup backup user."),
}
}
mod file_formats; mod file_formats;
pub use file_formats::*; pub use file_formats::*;

8
src/backup/chunk_store.rs
View File

@ -95,13 +95,11 @@ impl ChunkStore {
let chunk_dir = Self::chunk_dir(&base); let chunk_dir = Self::chunk_dir(&base);
let (backup_uid, backup_gid) = crate::tools::getpwnam_ugid("backup")?; let backup_user = crate::backup::backup_user()?;
let uid = nix::unistd::Uid::from_raw(backup_uid);
let gid = nix::unistd::Gid::from_raw(backup_gid);
let options = CreateOptions::new() let options = CreateOptions::new()
.owner(uid) .owner(backup_user.uid)
.group(gid); .group(backup_user.gid);
let default_options = CreateOptions::new(); let default_options = CreateOptions::new();

29
src/config.rs
View File

@ -18,7 +18,10 @@ pub mod datastore;
/// * nobody else can read (mode 0700) /// * nobody else can read (mode 0700)
pub fn check_configdir_permissions() -> Result<(), Error> { pub fn check_configdir_permissions() -> Result<(), Error> {
let cfgdir = buildcfg::CONFIGDIR; let cfgdir = buildcfg::CONFIGDIR;
let (backup_uid, backup_gid) = crate::tools::getpwnam_ugid("backup")?;
let backup_user = crate::backup::backup_user()?;
let backup_uid = backup_user.uid.as_raw();
let backup_gid = backup_user.gid.as_raw();
try_block!({ try_block!({
let stat = nix::sys::stat::stat(cfgdir)?; let stat = nix::sys::stat::stat(cfgdir)?;
@ -49,7 +52,6 @@ pub fn create_configdir() -> Result<(), Error> {
use nix::sys::stat::Mode; use nix::sys::stat::Mode;
let cfgdir = buildcfg::CONFIGDIR; let cfgdir = buildcfg::CONFIGDIR;
let (backup_uid, backup_gid) = crate::tools::getpwnam_ugid("backup")?;
match nix::unistd::mkdir(cfgdir, Mode::from_bits_truncate(0o700)) { match nix::unistd::mkdir(cfgdir, Mode::from_bits_truncate(0o700)) {
Ok(()) => {} Ok(()) => {}
@ -64,19 +66,14 @@ pub fn create_configdir() -> Result<(), Error> {
), ),
} }
try_block!({ let backup_user = crate::backup::backup_user()?;
let uid = nix::unistd::Uid::from_raw(backup_uid);
let gid = nix::unistd::Gid::from_raw(backup_gid);
nix::unistd::chown(cfgdir, Some(uid), Some(gid))?; nix::unistd::chown(cfgdir, Some(backup_user.uid), Some(backup_user.gid))
.map_err(|err| {
Ok(()) format_err!(
}) "unable to set configuration directory '{}' permissions - {}",
.map_err(|err: Error| { cfgdir,
format_err!( err
"unable to set configuration directory '{}' permissions - {}", )
cfgdir, })
err
)
})
} }

5
src/config/datastore.rs
View File

@ -58,15 +58,14 @@ pub fn config() -> Result<SectionConfigData, Error> {
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> { pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
let raw = CONFIG.write(DATASTORE_CFG_FILENAME, &config)?; let raw = CONFIG.write(DATASTORE_CFG_FILENAME, &config)?;
let (_, backup_gid) = crate::tools::getpwnam_ugid("backup")?; let backup_user = crate::backup::backup_user()?;
let gid = nix::unistd::Gid::from_raw(backup_gid);
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640); let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
// set the correct owner/group/permissions while saving file // set the correct owner/group/permissions while saving file
// owner(rw) = root, group(r)= backup // owner(rw) = root, group(r)= backup
let options = CreateOptions::new() let options = CreateOptions::new()
.perm(mode) .perm(mode)
.owner(nix::unistd::ROOT) .owner(nix::unistd::ROOT)
.group(gid); .group(backup_user.gid);
replace_file(DATASTORE_CFG_FILENAME, raw.as_bytes(), options)?; replace_file(DATASTORE_CFG_FILENAME, raw.as_bytes(), options)?;

24
src/server/worker_task.rs
View File

@ -132,10 +132,10 @@ fn parse_worker_status_line(line: &str) -> Result<(String, UPID, Option<(i64, St
pub fn create_task_log_dirs() -> Result<(), Error> { pub fn create_task_log_dirs() -> Result<(), Error> {
try_block!({ try_block!({
let (backup_uid, backup_gid) = crate::tools::getpwnam_ugid("backup")?; let backup_user = crate::backup::backup_user()?;
let opts = CreateOptions::new() let opts = CreateOptions::new()
.owner(nix::unistd::Uid::from_raw(backup_uid)) .owner(backup_user.uid)
.group(nix::unistd::Gid::from_raw(backup_gid)); .group(backup_user.gid);
create_path(PROXMOX_BACKUP_LOG_DIR, None, Some(opts.clone()))?; create_path(PROXMOX_BACKUP_LOG_DIR, None, Some(opts.clone()))?;
create_path(PROXMOX_BACKUP_TASK_DIR, None, Some(opts.clone()))?; create_path(PROXMOX_BACKUP_TASK_DIR, None, Some(opts.clone()))?;
@ -201,12 +201,10 @@ pub struct TaskListInfo {
// Returns a sorted list of known tasks, // Returns a sorted list of known tasks,
fn update_active_workers(new_upid: Option<&UPID>) -> Result<Vec<TaskListInfo>, Error> { fn update_active_workers(new_upid: Option<&UPID>) -> Result<Vec<TaskListInfo>, Error> {
let (backup_uid, backup_gid) = crate::tools::getpwnam_ugid("backup")?; let backup_user = crate::backup::backup_user()?;
let uid = nix::unistd::Uid::from_raw(backup_uid);
let gid = nix::unistd::Gid::from_raw(backup_gid);
let lock = crate::tools::open_file_locked(PROXMOX_BACKUP_TASK_LOCK_FN, std::time::Duration::new(10, 0))?; let lock = crate::tools::open_file_locked(PROXMOX_BACKUP_TASK_LOCK_FN, std::time::Duration::new(10, 0))?;
nix::unistd::chown(PROXMOX_BACKUP_TASK_LOCK_FN, Some(uid), Some(gid))?; nix::unistd::chown(PROXMOX_BACKUP_TASK_LOCK_FN, Some(backup_user.uid), Some(backup_user.gid))?;
let reader = match File::open(PROXMOX_BACKUP_ACTIVE_TASK_FN) { let reader = match File::open(PROXMOX_BACKUP_ACTIVE_TASK_FN) {
Ok(f) => Some(BufReader::new(f)), Ok(f) => Some(BufReader::new(f)),
@ -305,8 +303,8 @@ fn update_active_workers(new_upid: Option<&UPID>) -> Result<Vec<TaskListInfo>, E
PROXMOX_BACKUP_ACTIVE_TASK_FN, PROXMOX_BACKUP_ACTIVE_TASK_FN,
raw.as_bytes(), raw.as_bytes(),
CreateOptions::new() CreateOptions::new()
.owner(uid) .owner(backup_user.uid)
.group(gid), .group(backup_user.gid),
)?; )?;
drop(lock); drop(lock);
@ -367,18 +365,16 @@ impl WorkerTask {
path.push(format!("{:02X}", upid.pstart % 256)); path.push(format!("{:02X}", upid.pstart % 256));
let (backup_uid, backup_gid) = crate::tools::getpwnam_ugid("backup")?; let backup_user = crate::backup::backup_user()?;
let uid = nix::unistd::Uid::from_raw(backup_uid);
let gid = nix::unistd::Gid::from_raw(backup_gid);
create_path(&path, None, Some(CreateOptions::new().owner(uid).group(gid)))?; create_path(&path, None, Some(CreateOptions::new().owner(backup_user.uid).group(backup_user.gid)))?;
path.push(upid.to_string()); path.push(upid.to_string());
println!("FILE: {:?}", path); println!("FILE: {:?}", path);
let logger = FileLogger::new(&path, to_stdout)?; let logger = FileLogger::new(&path, to_stdout)?;
nix::unistd::chown(&path, Some(uid), Some(gid))?; nix::unistd::chown(&path, Some(backup_user.uid), Some(backup_user.gid))?;
update_active_workers(Some(&upid))?; update_active_workers(Some(&upid))?;

13
src/tools.rs
View File

@ -199,19 +199,6 @@ where
Ok(()) Ok(())
} }
/// Returns the Unix uid/gid for the sepcified system user.
pub fn getpwnam_ugid(username: &str) -> Result<(libc::uid_t, libc::gid_t), Error> {
let c_username = std::ffi::CString::new(username).unwrap();
let info = unsafe { libc::getpwnam(c_username.as_ptr()) };
if info.is_null() {
bail!("getpwnam '{}' failed", username);
}
let info = unsafe { *info };
Ok((info.pw_uid, info.pw_gid))
}
pub fn json_object_to_query(data: Value) -> Result<String, Error> { pub fn json_object_to_query(data: Value) -> Result<String, Error> {
let mut query = url::form_urlencoded::Serializer::new(String::new()); let mut query = url::form_urlencoded::Serializer::new(String::new());