nimbus-eth2/beacon_chain/filepath.nim

# beacon_chain
# Copyright (c) 2018-2023 Status Research & Development GmbH
# Licensed and distributed under either of
#   * MIT license (license terms in the root directory or at https://opensource.org/licenses/MIT).
#   * Apache v2 license (license terms in the root directory or at https://www.apache.org/licenses/LICENSE-2.0).
# at your option. This file may not be copied, modified, or distributed except according to those terms.

{.push raises: [].}

import chronicles
import stew/io2
import spec/keystore

when defined(windows):
  import stew/[windows/acl]

type
  ByteChar = byte | char

const
  INCOMPLETE_ERROR =
    when defined(windows):
      IoErrorCode(996) # ERROR_IO_INCOMPLETE
    else:
      IoErrorCode(28) # ENOSPC

proc openLockedFile*(keystorePath: string): IoResult[FileLockHandle] =
  let
    flags = {OpenFlags.Read, OpenFlags.Write, OpenFlags.Exclusive}
    handle = ? openFile(keystorePath, flags)

  var success = false
  defer:
    if not(success):
      discard closeFile(handle)

  let lock = ? lockFile(handle, LockType.Exclusive)
  success = true
  ok(FileLockHandle(ioHandle: lock, opened: true))

proc getData*(lockHandle: FileLockHandle,
              maxBufferSize: int): IoResult[string] =
  let filesize = ? getFileSize(lockHandle.ioHandle.handle)
  let length = min(filesize, maxBufferSize)
  var buffer = newString(length)
  let bytesRead = ? readFile(lockHandle.ioHandle.handle, buffer)
  if uint64(bytesRead) != uint64(len(buffer)):
    err(INCOMPLETE_ERROR)
  else:
    ok(buffer)

proc closeLockedFile*(lockHandle: FileLockHandle): IoResult[void] =
  if lockHandle.opened:
    var success = false
    defer:
      lockHandle.opened = false
      if not(success):
        discard lockHandle.ioHandle.handle.closeFile()

    ? lockHandle.ioHandle.unlockFile()
    success = true
    ? lockHandle.ioHandle.handle.closeFile()
  ok()

proc secureCreatePath*(path: string): IoResult[void] =
  when defined(windows):
    let sres = createFoldersUserOnlySecurityDescriptor()
    if sres.isErr():
      error "Could not allocate security descriptor", path = path,
            errorMsg = ioErrorMsg(sres.error), errorCode = $sres.error
      err(sres.error)
    else:
      var sd = sres.get()
      createPath(path, 0o700, secDescriptor = sd.getDescriptor())
  else:
    createPath(path, 0o700)

proc secureWriteFile*[T: ByteChar](path: string,
                                   data: openArray[T]): IoResult[void] =
  when defined(windows):
    let sres = createFilesUserOnlySecurityDescriptor()
    if sres.isErr():
      error "Could not allocate security descriptor", path = path,
            errorMsg = ioErrorMsg(sres.error), errorCode = $sres.error
      err(sres.error())
    else:
      var sd = sres.get()
      let res = writeFile(path, data, 0o600, sd.getDescriptor())
      if res.isErr():
        # writeFile() will not attempt to remove file on failure
        discard removeFile(path)
        err(res.error())
      else:
        ok()
  else:
    let res = writeFile(path, data, 0o600)
    if res.isErr():
      # writeFile() will not attempt to remove file on failure
      discard removeFile(path)
      err(res.error())
    else:
      ok()

proc secureWriteLockedFile*[T: ByteChar](path: string,
                                         data: openArray[T]
                                        ): IoResult[FileLockHandle] =
  let handle =
    block:
      let flags = {OpenFlags.Write, OpenFlags.Truncate, OpenFlags.Create,
                   OpenFlags.Exclusive}
      when defined(windows):
        var sd = ? createFilesUserOnlySecurityDescriptor()
        ? openFile(path, flags, 0o600, sd.getDescriptor())
      else:
        ? openFile(path, flags, 0o600)
  var success = false
  defer:
    if not(success):
      discard closeFile(handle)
      # We will try to remove file, if something goes wrong.
      discard removeFile(path)
  let bytesWrote = ? writeFile(handle, data)
  if uint64(bytesWrote) != uint64(len(data)):
    # Data was partially written, and `write` did not return any errors, so
    # lets return INCOMPLETE_ERROR.
    return err(INCOMPLETE_ERROR)
  let res = ? lockFile(handle, LockType.Exclusive)
  success = true
  ok(FileLockHandle(ioHandle: res, opened: true))
EH cleanup (#2455) almost 100% raises in nimbus-eth2 now! * fix some rare exception-related crashes in json-rpc 2021-03-26 06:52:01 +00:00			`# beacon_chain`
remove Nim 1.2-compatible `push raise`s and update copyright notice years (#4528) 2023-01-20 14:14:37 +00:00			`# Copyright (c) 2018-2023 Status Research & Development GmbH`
EH cleanup (#2455) almost 100% raises in nimbus-eth2 now! * fix some rare exception-related crashes in json-rpc 2021-03-26 06:52:01 +00:00			`# Licensed and distributed under either of`
			`# * MIT license (license terms in the root directory or at https://opensource.org/licenses/MIT).`
			`# * Apache v2 license (license terms in the root directory or at https://www.apache.org/licenses/LICENSE-2.0).`
			`# at your option. This file may not be copied, modified, or distributed except according to those terms.`

remove Nim 1.2-compatible `push raise`s and update copyright notice years (#4528) 2023-01-20 14:14:37 +00:00			`{.push raises: [].}`
compatibility with Nim 1.4+ (#3888) 2022-07-29 10:53:42 +00:00
Regression fix of eth2_network_simulation on Windows. (#1900) * Concentrate all sensitive writeFile/createPath calls in one place. Fix eth2_network_simulation for Windows. * Remove artifacts. * fix import Co-authored-by: Jacek Sieka <jacek@status.im> 2020-10-27 11:04:17 +00:00			`import chronicles`
			`import stew/io2`
Exclusive keystore locking (#3907) 2022-08-07 21:53:20 +00:00			`import spec/keystore`
Regression fix of eth2_network_simulation on Windows. (#1900) * Concentrate all sensitive writeFile/createPath calls in one place. Fix eth2_network_simulation for Windows. * Remove artifacts. * fix import Co-authored-by: Jacek Sieka <jacek@status.im> 2020-10-27 11:04:17 +00:00
			`when defined(windows):`
			`import stew/[windows/acl]`

Exclusive keystore locking (#3907) 2022-08-07 21:53:20 +00:00			`type`
			`ByteChar = byte \| char`

			`const`
			`INCOMPLETE_ERROR =`
			`when defined(windows):`
			`IoErrorCode(996) # ERROR_IO_INCOMPLETE`
			`else:`
			`IoErrorCode(28) # ENOSPC`

			`proc openLockedFile*(keystorePath: string): IoResult[FileLockHandle] =`
			`let`
			`flags = {OpenFlags.Read, OpenFlags.Write, OpenFlags.Exclusive}`
			`handle = ? openFile(keystorePath, flags)`

			`var success = false`
			`defer:`
			`if not(success):`
			`discard closeFile(handle)`

			`let lock = ? lockFile(handle, LockType.Exclusive)`
			`success = true`
			`ok(FileLockHandle(ioHandle: lock, opened: true))`

			`proc getData*(lockHandle: FileLockHandle,`
			`maxBufferSize: int): IoResult[string] =`
			`let filesize = ? getFileSize(lockHandle.ioHandle.handle)`
			`let length = min(filesize, maxBufferSize)`
			`var buffer = newString(length)`
			`let bytesRead = ? readFile(lockHandle.ioHandle.handle, buffer)`
			`if uint64(bytesRead) != uint64(len(buffer)):`
			`err(INCOMPLETE_ERROR)`
			`else:`
			`ok(buffer)`

			`proc closeLockedFile*(lockHandle: FileLockHandle): IoResult[void] =`
			`if lockHandle.opened:`
			`var success = false`
			`defer:`
			`lockHandle.opened = false`
			`if not(success):`
			`discard lockHandle.ioHandle.handle.closeFile()`

			`? lockHandle.ioHandle.unlockFile()`
			`success = true`
			`? lockHandle.ioHandle.handle.closeFile()`
			`ok()`

Regression fix of eth2_network_simulation on Windows. (#1900) * Concentrate all sensitive writeFile/createPath calls in one place. Fix eth2_network_simulation for Windows. * Remove artifacts. * fix import Co-authored-by: Jacek Sieka <jacek@status.im> 2020-10-27 11:04:17 +00:00			`proc secureCreatePath*(path: string): IoResult[void] =`
			`when defined(windows):`
			`let sres = createFoldersUserOnlySecurityDescriptor()`
			`if sres.isErr():`
			`error "Could not allocate security descriptor", path = path,`
			`errorMsg = ioErrorMsg(sres.error), errorCode = $sres.error`
			`err(sres.error)`
			`else:`
			`var sd = sres.get()`
set file and dir permissions 2020-10-30 00:36:47 +00:00			`createPath(path, 0o700, secDescriptor = sd.getDescriptor())`
Regression fix of eth2_network_simulation on Windows. (#1900) * Concentrate all sensitive writeFile/createPath calls in one place. Fix eth2_network_simulation for Windows. * Remove artifacts. * fix import Co-authored-by: Jacek Sieka <jacek@status.im> 2020-10-27 11:04:17 +00:00			`else:`
set file and dir permissions 2020-10-30 00:36:47 +00:00			`createPath(path, 0o700)`
Regression fix of eth2_network_simulation on Windows. (#1900) * Concentrate all sensitive writeFile/createPath calls in one place. Fix eth2_network_simulation for Windows. * Remove artifacts. * fix import Co-authored-by: Jacek Sieka <jacek@status.im> 2020-10-27 11:04:17 +00:00
Exclusive keystore locking (#3907) 2022-08-07 21:53:20 +00:00			`proc secureWriteFile*[T: ByteChar](path: string,`
			`data: openArray[T]): IoResult[void] =`
Regression fix of eth2_network_simulation on Windows. (#1900) * Concentrate all sensitive writeFile/createPath calls in one place. Fix eth2_network_simulation for Windows. * Remove artifacts. * fix import Co-authored-by: Jacek Sieka <jacek@status.im> 2020-10-27 11:04:17 +00:00			`when defined(windows):`
			`let sres = createFilesUserOnlySecurityDescriptor()`
			`if sres.isErr():`
			`error "Could not allocate security descriptor", path = path,`
			`errorMsg = ioErrorMsg(sres.error), errorCode = $sres.error`
Exclusive keystore locking (#3907) 2022-08-07 21:53:20 +00:00			`err(sres.error())`
Regression fix of eth2_network_simulation on Windows. (#1900) * Concentrate all sensitive writeFile/createPath calls in one place. Fix eth2_network_simulation for Windows. * Remove artifacts. * fix import Co-authored-by: Jacek Sieka <jacek@status.im> 2020-10-27 11:04:17 +00:00			`else:`
			`var sd = sres.get()`
Exclusive keystore locking (#3907) 2022-08-07 21:53:20 +00:00			`let res = writeFile(path, data, 0o600, sd.getDescriptor())`
			`if res.isErr():`
			`# writeFile() will not attempt to remove file on failure`
			`discard removeFile(path)`
			`err(res.error())`
			`else:`
			`ok()`
Regression fix of eth2_network_simulation on Windows. (#1900) * Concentrate all sensitive writeFile/createPath calls in one place. Fix eth2_network_simulation for Windows. * Remove artifacts. * fix import Co-authored-by: Jacek Sieka <jacek@status.im> 2020-10-27 11:04:17 +00:00			`else:`
Exclusive keystore locking (#3907) 2022-08-07 21:53:20 +00:00			`let res = writeFile(path, data, 0o600)`
			`if res.isErr():`
			`# writeFile() will not attempt to remove file on failure`
			`discard removeFile(path)`
			`err(res.error())`
			`else:`
			`ok()`

			`proc secureWriteLockedFile*[T: ByteChar](path: string,`
			`data: openArray[T]`
			`): IoResult[FileLockHandle] =`
			`let handle =`
			`block:`
			`let flags = {OpenFlags.Write, OpenFlags.Truncate, OpenFlags.Create,`
			`OpenFlags.Exclusive}`
			`when defined(windows):`
			`var sd = ? createFilesUserOnlySecurityDescriptor()`
			`? openFile(path, flags, 0o600, sd.getDescriptor())`
			`else:`
			`? openFile(path, flags, 0o600)`
			`var success = false`
			`defer:`
			`if not(success):`
			`discard closeFile(handle)`
			`# We will try to remove file, if something goes wrong.`
			`discard removeFile(path)`
			`let bytesWrote = ? writeFile(handle, data)`
			`if uint64(bytesWrote) != uint64(len(data)):`
			# Data was partially written, and `write` did not return any errors, so
			`# lets return INCOMPLETE_ERROR.`
			`return err(INCOMPLETE_ERROR)`
			`let res = ? lockFile(handle, LockType.Exclusive)`
			`success = true`
			`ok(FileLockHandle(ioHandle: res, opened: true))`