dandri/livekit
1
0
Fork 0
mirror of https://github.com/livekit/livekit.git synced 2026-03-30 15:35:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

changing key file permissions control (#1893)

Browse Source
This commit is contained in:
kannonski
2023-07-19 23:23:30 +02:00
committed by GitHub
parent dd995899bf
commit cf4801064d
3 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/config/config.go
View File

@@ -36,7 +36,7 @@ const (
)
var (
ErrKeyFileIncorrectPermission = errors.New("key file must have 0600 permission")
ErrKeyFileIncorrectPermission = errors.New("key file others permissions must be set to 0")
ErrKeysNotSet = errors.New("one of key-file or keys must be provided")
)
@@ -547,9 +547,10 @@ func (conf *Config) ToCLIFlagNames(existingFlags []cli.Flag) map[string]reflect.
func (conf *Config) ValidateKeys() error {
// prefer keyfile if set
if conf.KeyFile != "" {
var otherFilter os.FileMode = 0007
if st, err := os.Stat(conf.KeyFile); err != nil {
return err
} else if st.Mode().Perm() != 0600 {
} else if st.Mode().Perm()&otherFilter != 0000 {
return ErrKeyFileIncorrectPermission
}
f, err := os.Open(conf.KeyFile)

5
pkg/service/wire.go
View File

@@ -87,10 +87,11 @@ func getNodeID(currentNode routing.LocalNode) livekit.NodeID {
func createKeyProvider(conf *config.Config) (auth.KeyProvider, error) {
// prefer keyfile if set
if conf.KeyFile != "" {
var otherFilter os.FileMode = 0007
if st, err := os.Stat(conf.KeyFile); err != nil {
return nil, err
} else if st.Mode().Perm() != 0600 {
return nil, fmt.Errorf("key file must have permission set to 600")
} else if st.Mode().Perm()&otherFilter != 0000 {
return nil, fmt.Errorf("key file others permissions must be set to 0")
}
f, err := os.Open(conf.KeyFile)
if err != nil {

5
pkg/service/wire_gen.go
View File

@@ -132,10 +132,11 @@ func getNodeID(currentNode routing.LocalNode) livekit.NodeID {
func createKeyProvider(conf *config.Config) (auth.KeyProvider, error) {
if conf.KeyFile != "" {
var otherFilter os.FileMode = 0007
if st, err := os.Stat(conf.KeyFile); err != nil {
return nil, err
} else if st.Mode().Perm() != 0600 {
return nil, fmt.Errorf("key file must have permission set to 600")
} else if st.Mode().Perm()&otherFilter != 0000 {
return nil, fmt.Errorf("key file others permission must be set to 0")
}
f, err := os.Open(conf.KeyFile)
if err != nil {