Skip to content

Commit

Permalink
call entUnpackArtifact on empty sha256
Browse files Browse the repository at this point in the history
  • Loading branch information
thyton committed Dec 18, 2024
1 parent 0a4b21b commit 82d8b0c
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 13 deletions.
2 changes: 0 additions & 2 deletions vault/core.go
Original file line number Diff line number Diff line change
Expand Up @@ -4218,8 +4218,6 @@ func (c *Core) GetHAPeerNodesCached() []PeerNode {
return nodes
}

// TODO VAULT-32686 plugin artifact permission

func (c *Core) CheckPluginPerms(pluginName string) (err error) {
var enableFilePermissionsCheck bool
if enableFilePermissionsCheckEnv := os.Getenv(consts.VaultEnableFilePermissionsCheckEnv); enableFilePermissionsCheckEnv != "" {
Expand Down
19 changes: 8 additions & 11 deletions vault/plugincatalog/plugin_catalog.go
Original file line number Diff line number Diff line change
Expand Up @@ -972,26 +972,23 @@ func (c *PluginCatalog) setInternal(ctx context.Context, plugin pluginutil.SetPl
var enterprise bool

if plugin.OCIImage == "" {
command = filepath.Join(c.directory, plugin.Command)
sym, err := filepath.EvalSymlinks(command)
if err != nil {
if len(plugin.Sha256) == 0 {
// Enterprise only: unpack the plugin artifact
var unpackErr error
enterprise, plugin.Command, plugin.Sha256, unpackErr = c.entUnpackArtifact(plugin)
switch {
case unpackErr == nil:
command = filepath.Join(c.directory, plugin.Command)
case errors.Is(unpackErr, ErrEnterpriseFeatureOnly):
// Return the error that Vault CE users normally should see
// when evaluating symlinks of the command fails
return nil, fmt.Errorf("error while validating the command path: %w", err)
default:
if unpackErr != nil {
return nil, fmt.Errorf("failed to unpack plugin artifact plugin %q version %q: %w",
plugin.Name, plugin.Version, unpackErr)
}
command = filepath.Join(c.directory, plugin.Command)
} else {
// Best effort check to make sure the command isn't breaking out of the
// configured plugin directory.
command = filepath.Join(c.directory, plugin.Command)
sym, err := filepath.EvalSymlinks(command)
if err != nil {
return nil, fmt.Errorf("error while validating the command path: %w", err)
}
symAbs, err := filepath.Abs(filepath.Dir(sym))
if err != nil {
return nil, fmt.Errorf("error while validating the command path: %w", err)
Expand Down

0 comments on commit 82d8b0c

Please sign in to comment.