Struct fs_mistrust::Mistrust
source · pub struct Mistrust {
pub(crate) ignore_prefix: Option<PathBuf>,
pub(crate) dangerously_trust_everyone: (),
pub(crate) disable_by_environment: (),
pub(crate) status: Status,
pub(crate) trust_user: Option<u32>,
pub(crate) trust_group: Option<u32>,
}
Expand description
Configuration for verifying that a file or directory is really “private”.
By default, we mistrust everything that we can: we assume that every directory on the filesystem is potentially misconfigured. This object can be used to change that.
Once you have a working Mistrust
, you can call its “check_*
” methods
directly, or use verifier()
to configure a more
complicated check.
See the crate documentation for more information.
§TODO
- support more kinds of trust configuration, including more trusted users, trusted groups, multiple trusted directories, etc?
Fields§
§ignore_prefix: Option<PathBuf>
If the user called MistrustBuilder::ignore_prefix
, what did they give us?
(This is stored in canonical form.)
dangerously_trust_everyone: ()
Are we configured to disable all permission and ownership tests?
(This field is present in the builder only.)
disable_by_environment: ()
Should we check the environment to decide whether to disable permission and ownership tests?
(This field is present in the builder only.)
status: Status
Internal value combining dangerously_trust_everyone
and
disable_by_environment
to decide whether we’re doing permissions
checks or not.
trust_user: Option<u32>
target_family="unix"
and non-iOS and non-Android only.What user ID do we trust by default (if any?)
trust_group: Option<u32>
target_family="unix"
and non-iOS and non-Android only.What group ID do we trust by default (if any?)
Implementations§
source§impl Mistrust
impl Mistrust
sourcepub fn builder() -> MistrustBuilder
pub fn builder() -> MistrustBuilder
Return a new MistrustBuilder
.
sourcepub fn new() -> Self
pub fn new() -> Self
Initialize a new default Mistrust
.
By default:
- we will inspect all directories that are used to resolve any path that is checked.
sourcepub fn new_dangerously_trust_everyone() -> Self
pub fn new_dangerously_trust_everyone() -> Self
Construct a new Mistrust
that trusts all users and all groups.
(In effect, this Mistrust
will have all of its permissions checks
disabled, since if all users and groups are trusted, it doesn’t matter
what the permissions on any file and directory are.)
sourcepub fn verifier(&self) -> Verifier<'_>
pub fn verifier(&self) -> Verifier<'_>
Create a new Verifier
with this configuration, to perform a single check.
sourcepub fn check_directory<P: AsRef<Path>>(&self, dir: P) -> Result<()>
pub fn check_directory<P: AsRef<Path>>(&self, dir: P) -> Result<()>
Verify that dir
is a directory that only trusted users can read from,
list the files in, or write to.
If it is, and we can verify that, return Ok(())
. Otherwise, return
the first problem that we encountered when verifying it.
m.check_directory(dir)
is equivalent to
m.verifier().require_directory().check(dir)
. If you need different
behavior, see Verifier
for more options.
sourcepub fn make_directory<P: AsRef<Path>>(&self, dir: P) -> Result<()>
pub fn make_directory<P: AsRef<Path>>(&self, dir: P) -> Result<()>
As check_directory
, but create the directory if needed.
m.check_directory(dir)
is equivalent to
m.verifier().make_directory(dir)
. If you need different behavior, see
Verifier
for more options.
sourcepub(crate) fn is_disabled(&self) -> bool
pub(crate) fn is_disabled(&self) -> bool
Return true if this Mistrust
object has been configured to trust all
users.