server(filesystem): rebuild everything imaginable

This wonderfully large commit replaces basically everything under the `server/filesystem` package, re-implementing essentially everything. This is related to https://github.com/pterodactyl/wings/security/advisories/GHSA-494h-9924-xww9 If any vulnerabilities related to symlinks persist after this commit, I will be very upset. Signed-off-by: Matthew Penner <me@matthewp.io>
2024-03-12 21:44:55 -06:00
parent 27f3e76c77
commit d1c0ca5260
51 changed files with 3694 additions and 1225 deletions
--- a/config/config.go
+++ b/config/config.go
@@ -12,6 +12,7 @@ import (
 	"regexp"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"text/template"
 	"time"

@@ -20,6 +21,7 @@ import (
 	"github.com/apex/log"
 	"github.com/creasty/defaults"
 	"github.com/gbrlsnchs/jwt/v3"
+	"golang.org/x/sys/unix"
 	"gopkg.in/yaml.v2"

 	"github.com/pterodactyl/wings/system"
@@ -209,6 +211,8 @@ type SystemConfiguration struct {
 	Backups Backups `yaml:"backups"`

 	Transfers Transfers `yaml:"transfers"`
+
+	OpenatMode string `default:"auto" yaml:"openat_mode"`
 }

 type CrashDetection struct {
@@ -671,3 +675,34 @@ func getSystemName() (string, error) {
 	}
 	return release["ID"], nil
 }
+
+var openat2 atomic.Bool
+var openat2Set atomic.Bool
+
+func UseOpenat2() bool {
+	if openat2Set.Load() {
+		return openat2.Load()
+	}
+	defer openat2Set.Store(true)
+
+	c := Get()
+	openatMode := c.System.OpenatMode
+	switch openatMode {
+	case "openat2":
+		openat2.Store(true)
+		return true
+	case "openat":
+		openat2.Store(false)
+		return false
+	default:
+		fd, err := unix.Openat2(unix.AT_FDCWD, "/", &unix.OpenHow{})
+		if err != nil {
+			log.WithError(err).Warn("error occurred while checking for openat2 support, falling back to openat")
+			openat2.Store(false)
+			return false
+		}
+		_ = unix.Close(fd)
+		openat2.Store(true)
+		return true
+	}
+}