From e7e5d3f7d2125bdbff8250bc1b924e7c860a57b1 Mon Sep 17 00:00:00 2001
From: MaMe82 <mame8282@googlemail.com>
Date: Wed, 5 Feb 2020 08:37:06 +0100
Subject: [PATCH] fix #38

---
 common/filesys.go     |  8 ++++----
 service/rpc_server.go | 10 ++++++++--
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/common/filesys.go b/common/filesys.go
index 09ca334..6bb885e 100644
--- a/common/filesys.go
+++ b/common/filesys.go
@@ -2,11 +2,11 @@ package common
 
 import "os"
 
-func WriteFile(path string, mustNotExist bool, append bool, data []byte) (error) {
+func WriteFile(path string, mustNotExist bool, append bool, data []byte, perm os.FileMode) (error) {
 	flag := os.O_CREATE | os.O_WRONLY
 	if mustNotExist { flag |= os.O_EXCL }
 	if append { flag |= os.O_APPEND } else { flag |= os.O_TRUNC }
-	f, err := os.OpenFile(path, flag, os.ModePerm)
+	f, err := os.OpenFile(path, flag, perm)
 	f.Stat()
 	if err != nil { return err }
 	defer f.Close()
@@ -14,9 +14,9 @@ func WriteFile(path string, mustNotExist bool, append bool, data []byte) (error)
 	return err
 }
 
-func ReadFile(path string, start int64, chunk []byte) (n int, err error) {
+func ReadFile(path string, start int64, chunk []byte, perm os.FileMode) (n int, err error) {
 	flag := os.O_RDONLY
-	f, err := os.OpenFile(path, flag, os.ModePerm)
+	f, err := os.OpenFile(path, flag, perm)
 	if err != nil { return 0,err }
 	defer f.Close()
 	return f.ReadAt(chunk, start)
diff --git a/service/rpc_server.go b/service/rpc_server.go
index 8e046db..6daa062 100644
--- a/service/rpc_server.go
+++ b/service/rpc_server.go
@@ -668,19 +668,22 @@ func (s *server) EventListen(eReq *pb.EventRequest, eStream pb.P4WNP1_EventListe
 
 func (s *server) FSWriteFile(ctx context.Context, req *pb.WriteFileRequest) (empty *pb.Empty, err error) {
 	filePath := "/" + req.Filename
+	perm := os.ModePerm
 	switch req.Folder {
 	case pb.AccessibleFolder_TMP:
 		filePath = "/tmp" + filePath
 	case pb.AccessibleFolder_BASH_SCRIPTS:
 		filePath = common.PATH_BASH_SCRIPTS + filePath
+		perm = 0700
 	case pb.AccessibleFolder_HID_SCRIPTS:
 		filePath = common.PATH_HID_SCRIPTS + filePath
+		perm = 0600
 	default:
 		err = errors.New("Unknown folder")
 		return
 	}
 
-	return &pb.Empty{}, common.WriteFile(filePath, req.MustNotExist, req.Append, req.Data)
+	return &pb.Empty{}, common.WriteFile(filePath, req.MustNotExist, req.Append, req.Data, perm)
 
 }
 
@@ -688,20 +691,23 @@ func (s *server) FSReadFile(ctx context.Context, req *pb.ReadFileRequest) (resp
 	//ToDo: check filename for path traversal attempts (don't care for security, currently - hey, we allow executing bash scripts as root - so what)
 
 	filePath := "/" + req.Filename
+	perm := os.ModePerm
 	switch req.Folder {
 	case pb.AccessibleFolder_TMP:
 		filePath = "/tmp" + filePath
 	case pb.AccessibleFolder_BASH_SCRIPTS:
 		filePath = common.PATH_BASH_SCRIPTS + filePath
+		perm = 0700
 	case pb.AccessibleFolder_HID_SCRIPTS:
 		filePath = common.PATH_HID_SCRIPTS + filePath
+		perm = 0600
 	default:
 		err = errors.New("Unknown folder")
 		return
 	}
 
 	chunk := make([]byte, req.Len)
-	n,err := common.ReadFile(filePath, req.Start, chunk)
+	n,err := common.ReadFile(filePath, req.Start, chunk, perm)
 	if err == io.EOF { err = nil } //we ignore eof error, as eof is indicated by n = 0
 	if err != nil {	return nil,err	}
 	resp = &pb.ReadFileResponse{ReadCount: int64(n), Data: chunk[:n]}