vincenzopalazzo
/
arti
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fs-mistrust: rename fields 

This renaming will make things slightly simpler for declaring a
builder.
This commit is contained in:
Nick Mathewson 2022-05-18 11:52:17 -04:00
parent 85faa1c0f6
commit baa58daace
2 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crates/fs-mistrust/src/imp.rs
View File

@ -42,7 +42,7 @@ impl<'a> super::Verifier<'a> {
// to the code. It's not urgent, since the allocations won't cost much
// compared to the filesystem access.
pub(crate) fn check_errors(&self, path: &Path) -> impl Iterator<Item = Error> + '_ {
if self.mistrust.disable_ownership_and_permission_checks {
if self.mistrust.dangerously_trust_everyone {
// We don't want to walk the path in this case at all: we'll just
// look at the last element.
@ -88,7 +88,7 @@ impl<'a> super::Verifier<'a> {
pub(crate) fn check_content_errors(&self, path: &Path) -> impl Iterator<Item = Error> + '_ {
use std::sync::Arc;
if !self.check_contents || self.mistrust.disable_ownership_and_permission_checks {
if !self.check_contents || self.mistrust.dangerously_trust_everyone {
return boxed(std::iter::empty());
}
@ -179,7 +179,7 @@ impl<'a> super::Verifier<'a> {
// about a directory, the owner cah change the permissions and owner
// of anything in the directory.)
let uid = meta.uid();
if uid != 0 && Some(uid) != self.mistrust.trust_uid {
if uid != 0 && Some(uid) != self.mistrust.trust_user {
errors.push(Error::BadOwner(path.into(), uid));
}
let mut forbidden_bits = if !self.readable_okay && path_type == PathType::Final {
@ -211,7 +211,7 @@ impl<'a> super::Verifier<'a> {
}
};
// If we trust the GID, then we allow even more bits to be set.
if self.mistrust.trust_gid == Some(meta.gid()) {
if self.mistrust.trust_group == Some(meta.gid()) {
forbidden_bits &= !0o070;
}
let bad_bits = meta.mode() & forbidden_bits;

22
crates/fs-mistrust/src/lib.rs
View File

@ -320,26 +320,26 @@ pub struct Mistrust {
ignore_prefix: Option<PathBuf>,
/// Are we configured to enable all permission and ownership tests?
disable_ownership_and_permission_checks: bool,
dangerously_trust_everyone: bool,
/// What user ID do we trust by default (if any?)
#[cfg(target_family = "unix")]
trust_uid: Option<u32>,
trust_user: Option<u32>,
/// What group ID do we trust by default (if any?)
#[cfg(target_family = "unix")]
trust_gid: Option<u32>,
trust_group: Option<u32>,
}
impl Default for Mistrust {
fn default() -> Self {
Self {
ignore_prefix: None,
disable_ownership_and_permission_checks: false,
dangerously_trust_everyone: false,
#[cfg(target_family = "unix")]
trust_uid: Some(unsafe { libc::getuid() }),
trust_user: Some(unsafe { libc::getuid() }),
#[cfg(target_family = "unix")]
trust_gid: user::get_self_named_gid(),
trust_group: user::get_self_named_gid(),
}
}
}
@ -420,8 +420,8 @@ impl Mistrust {
/// This option disables the default group-trust behavior as well.
#[cfg(target_family = "unix")]
pub fn trust_admin_only(&mut self) -> &mut Self {
self.trust_uid = None;
self.trust_gid = None;
self.trust_user = None;
self.trust_group = None;
self
}
@ -435,7 +435,7 @@ impl Mistrust {
/// world-writable objects respectively.
#[cfg(target_family = "unix")]
pub fn trust_no_group_id(&mut self) -> &mut Self {
self.trust_gid = None;
self.trust_group = None;
self
}
@ -451,7 +451,7 @@ impl Mistrust {
/// Anybody who is a member (or becomes a member) of the provided group will
/// be allowed to read and modify the verified files.
pub fn trust_group_id(&mut self, gid: u32) -> &mut Self {
self.trust_gid = Some(gid);
self.trust_group = Some(gid);
self
}
@ -466,7 +466,7 @@ impl Mistrust {
/// implement separate code paths for the "checking on" and "checking off"
/// cases.
pub fn dangerously_trust_everyone(&mut self) -> &mut Self {
self.disable_ownership_and_permission_checks = true;
self.dangerously_trust_everyone = true;
self
}