From 8adfe7443ef54e2b4f7b38f2a0392d6204b3c1e4 Mon Sep 17 00:00:00 2001 From: Matthias Beyer Date: Wed, 6 Jul 2016 19:09:40 +0200 Subject: [PATCH 1/4] Add optional setting for denying mutable hooks --- imagrc.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/imagrc.toml b/imagrc.toml index 148e53d0..5453e9d8 100644 --- a/imagrc.toml +++ b/imagrc.toml @@ -24,6 +24,7 @@ post-delete-hook-aspects = [ "debug" ] [[aspects.debug]] parallel = false +mutable_hooks = false [store.hooks] From b4b719b753af9a738cc2e4cc302e63f6605be1a3 Mon Sep 17 00:00:00 2001 From: Matthias Beyer Date: Wed, 6 Jul 2016 19:09:58 +0200 Subject: [PATCH 2/4] Add error kind for denied hooks --- libimagstore/src/hook/error.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libimagstore/src/hook/error.rs b/libimagstore/src/hook/error.rs index 77095844..1db64c59 100644 --- a/libimagstore/src/hook/error.rs +++ b/libimagstore/src/hook/error.rs @@ -3,7 +3,8 @@ generate_error_imports!(); generate_custom_error_types!(HookError, HookErrorKind, CustomData, HookExecutionError => "Hook exec error", - AccessTypeViolation => "Hook access type violation" + AccessTypeViolation => "Hook access type violation", + MutableHooksNotAllowed => "Mutable Hooks are denied" ); #[derive(Debug, Clone, Eq, PartialEq, Ord, PartialOrd, Copy)] From 7f14639c1e55d65771a31dac06090cf8b731cc13 Mon Sep 17 00:00:00 2001 From: Matthias Beyer Date: Wed, 6 Jul 2016 19:10:17 +0200 Subject: [PATCH 3/4] Add configuration parsing/getter for denying of mutable hooks --- libimagstore/src/configuration.rs | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/libimagstore/src/configuration.rs b/libimagstore/src/configuration.rs index f5ba495f..d0be520a 100644 --- a/libimagstore/src/configuration.rs +++ b/libimagstore/src/configuration.rs @@ -193,6 +193,7 @@ pub fn get_post_move_aspect_names(value: &Option) -> Vec { #[derive(Debug)] pub struct AspectConfig { parallel: bool, + mutable_hooks: bool, config: Value, } @@ -200,8 +201,10 @@ impl AspectConfig { pub fn new(init: Value) -> AspectConfig { let parallel = AspectConfig::is_parallel(&init); + let muthooks = AspectConfig::allows_mutable_hooks(&init); AspectConfig { config: init, + mutable_hooks: muthooks, parallel: parallel, } } @@ -220,6 +223,24 @@ impl AspectConfig { } } + fn allows_mutable_hooks(init: &Value) -> bool { + match *init { + Value::Table(ref t) => + t.get("mutable_hooks") + .map_or(false, |value| { + match *value { + Value::Boolean(b) => b, + _ => false, + } + }), + _ => false, + } + } + + pub fn allow_mutable_hooks(&self) -> bool { + self.mutable_hooks + } + /// Get the aspect configuration for an aspect. /// /// Pass the store configuration object, this searches in `[aspects][]`. From 7818b523b9106459d75aad0f5971114cc222e5df Mon Sep 17 00:00:00 2001 From: Matthias Beyer Date: Wed, 6 Jul 2016 19:10:29 +0200 Subject: [PATCH 4/4] Deny mutable access for hooks if the config says so --- libimagstore/src/hook/aspect.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libimagstore/src/hook/aspect.rs b/libimagstore/src/hook/aspect.rs index 8c80b6cb..38b5cd07 100644 --- a/libimagstore/src/hook/aspect.rs +++ b/libimagstore/src/hook/aspect.rs @@ -73,6 +73,10 @@ impl StoreIdAccessor for Aspect { impl MutableHookDataAccessor for Aspect { fn access_mut(&self, fle: &mut FileLockEntry) -> HookResult<()> { + if !self.cfg.as_ref().map(|c| c.allow_mutable_hooks()).unwrap_or(false) { + return Err(HE::new(HEK::MutableHooksNotAllowed, None)); + } + let accessors : Vec = self.hooks.iter().map(|h| h.accessor()).collect(); fn is_file_accessor(a: &HDA) -> bool {