Proper fix for writeFile() places.
Comment unused/insecure procedure.
This commit is contained in:
parent
f632a61cb9
commit
1742a82ca7
|
@ -89,7 +89,14 @@ proc checkAndCreateDataDir*(dataDir: string): bool =
|
|||
else:
|
||||
true
|
||||
else:
|
||||
let res = createPath(dataDir, 0o750)
|
||||
let sres = createCurrentUserOnlySecurityDescriptor()
|
||||
if sres.isErr():
|
||||
fatal "Could not allocate security descriptor", data_dir = dataDir,
|
||||
errorMsg = ioErrorMsg(sres.error), errorCode = $sres.error
|
||||
false
|
||||
else:
|
||||
var sd = sres.get()
|
||||
let res = createPath(dataDir, 0o750, secDescriptor = sd.getDescriptor())
|
||||
if res.isErr():
|
||||
fatal "Could not create data folder", data_dir = dataDir,
|
||||
errorMsg = ioErrorMsg(res.error), errorCode = $res.error
|
||||
|
@ -357,11 +364,23 @@ proc saveNetKeystore*(rng: var BrHmacDrbgContext, keyStorePath: string,
|
|||
error "Could not serialize network key storage", key_path = keyStorePath
|
||||
return err(FailedToCreateKeystoreFile)
|
||||
|
||||
let res = writeFile(keyStorePath, encodedStorage, 0o600)
|
||||
let res =
|
||||
when defined(windows):
|
||||
let sres = createCurrentUserOnlySecurityDescriptor()
|
||||
if sres.isErr():
|
||||
error "Could not allocate security descriptor", key_path = keyStorePath
|
||||
return err(FailedToCreateKeystoreFile)
|
||||
var sd = sres.get()
|
||||
writeFile(keyStorePath, encodedStorage, 0o600,
|
||||
secDescriptor = sd.getDescriptor())
|
||||
else:
|
||||
writeFile(keyStorePath, encodedStorage, 0o600)
|
||||
|
||||
if res.isOk():
|
||||
ok()
|
||||
else:
|
||||
error "Could not write to network key storage file", key_path = keyStorePath
|
||||
error "Could not write to network key storage file",
|
||||
key_path = keyStorePath
|
||||
err(FailedToCreateKeystoreFile)
|
||||
|
||||
proc saveKeystore(rng: var BrHmacDrbgContext,
|
||||
|
@ -388,6 +407,33 @@ proc saveKeystore(rng: var BrHmacDrbgContext,
|
|||
error "Could not serialize keystorage", key_path = keystoreFile
|
||||
return err(FailedToCreateKeystoreFile)
|
||||
|
||||
when defined(windows):
|
||||
let csres = createCurrentUserOnlySecurityDescriptor()
|
||||
if csres.isErr():
|
||||
error "Could not allocate security descriptor", key_path = keystoreFile
|
||||
return err(FailedToCreateKeystoreFile)
|
||||
var sd = csres.get()
|
||||
|
||||
let vres = createPath(validatorDir, 0o750,
|
||||
secDescriptor = sd.getDescriptor())
|
||||
if vres.isErr():
|
||||
return err(FailedToCreateValidatorDir)
|
||||
|
||||
let sres = createPath(secretsDir, 0o750,
|
||||
secDescriptor = sd.getDescriptor())
|
||||
if sres.isErr():
|
||||
return err(FailedToCreateSecretsDir)
|
||||
|
||||
let swres = writeFile(secretsDir / keyName, password.str, 0o600,
|
||||
secDescriptor = sd.getDescriptor())
|
||||
if swres.isErr():
|
||||
return err(FailedToCreateSecretFile)
|
||||
|
||||
let kwres = writeFile(keystoreFile, encodedStorage, 0o600,
|
||||
secDescriptor = sd.getDescriptor())
|
||||
if kwres.isErr():
|
||||
return err(FailedToCreateKeystoreFile)
|
||||
else:
|
||||
let vres = createPath(validatorDir, 0o750)
|
||||
if vres.isErr():
|
||||
return err(FailedToCreateValidatorDir)
|
||||
|
@ -403,7 +449,6 @@ proc saveKeystore(rng: var BrHmacDrbgContext,
|
|||
let kwres = writeFile(keystoreFile, encodedStorage, 0o600)
|
||||
if kwres.isErr():
|
||||
return err(FailedToCreateKeystoreFile)
|
||||
|
||||
ok()
|
||||
|
||||
proc generateDeposits*(preset: RuntimePreset,
|
||||
|
@ -443,6 +488,21 @@ proc saveWallet*(wallet: Wallet, outWalletPath: string): Result[void, string] =
|
|||
encodedWallet = Json.encode(wallet, pretty = true)
|
||||
except SerializationError:
|
||||
return err("Could not serialize wallet")
|
||||
|
||||
when defined(windows):
|
||||
let sres = createCurrentUserOnlySecurityDescriptor()
|
||||
if sres.isErr():
|
||||
error "Could not allocate security descriptor"
|
||||
return err("Could not create security descriptor")
|
||||
var sd = sres.get()
|
||||
let pres = createPath(walletDir, 0o750, secDescriptor = sd.getDescriptor())
|
||||
if pres.isErr():
|
||||
return err("Could not create wallet directory [" & walletDir & "]")
|
||||
let wres = writeFile(outWalletPath, encodedWallet, 0o600,
|
||||
secDescriptor = sd.getDescriptor())
|
||||
if wres.isErr():
|
||||
return err("Could not write wallet to file [" & outWalletPath & "]")
|
||||
else:
|
||||
let pres = createPath(walletDir, 0o750)
|
||||
if pres.isErr():
|
||||
return err("Could not create wallet directory [" & walletDir & "]")
|
||||
|
|
|
@ -35,14 +35,14 @@ declareCounter beacon_blocks_proposed,
|
|||
|
||||
logScope: topics = "beacval"
|
||||
|
||||
# TODO: This procedure follows insecure scheme of creating directory without
|
||||
# any permissions and writing file without any permissions.
|
||||
proc saveValidatorKey*(keyName, key: string, conf: BeaconNodeConf) =
|
||||
let validatorsDir = conf.validatorsDir
|
||||
let outputFile = validatorsDir / keyName
|
||||
createDir validatorsDir
|
||||
writeFile(outputFile, key)
|
||||
notice "Imported validator key", file = outputFile
|
||||
# # TODO: This procedure follows insecure scheme of creating directory without
|
||||
# # any permissions and writing file without any permissions.
|
||||
# proc saveValidatorKey*(keyName, key: string, conf: BeaconNodeConf) =
|
||||
# let validatorsDir = conf.validatorsDir
|
||||
# let outputFile = validatorsDir / keyName
|
||||
# createDir validatorsDir
|
||||
# writeFile(outputFile, key)
|
||||
# notice "Imported validator key", file = outputFile
|
||||
|
||||
proc checkValidatorInRegistry(state: BeaconState,
|
||||
pubKey: ValidatorPubKey) =
|
||||
|
|
Loading…
Reference in New Issue