From 7d339d18e14d4dbc65fbae6f4449e277072b56a3 Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Fri, 22 Mar 2024 14:50:35 +0100
Subject: kea: T3316: Ensure correct permissions on lease files

---
 src/conf_mode/service_dhcp-server.py   | 7 +++++++
 src/conf_mode/service_dhcpv6-server.py | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/src/conf_mode/service_dhcp-server.py b/src/conf_mode/service_dhcp-server.py
index 3b9198ed0..e89448e2d 100755
--- a/src/conf_mode/service_dhcp-server.py
+++ b/src/conf_mode/service_dhcp-server.py
@@ -16,6 +16,7 @@
 
 import os
 
+from glob import glob
 from ipaddress import ip_address
 from ipaddress import ip_network
 from netaddr import IPRange
@@ -28,6 +29,7 @@ from vyos.template import render
 from vyos.utils.dict import dict_search
 from vyos.utils.dict import dict_search_args
 from vyos.utils.file import chmod_775
+from vyos.utils.file import chown
 from vyos.utils.file import makedir
 from vyos.utils.file import write_file
 from vyos.utils.process import call
@@ -42,6 +44,7 @@ ctrl_config_file = '/run/kea/kea-ctrl-agent.conf'
 ctrl_socket = '/run/kea/dhcp4-ctrl-socket'
 config_file = '/run/kea/kea-dhcp4.conf'
 lease_file = '/config/dhcp/dhcp4-leases.csv'
+lease_file_glob = '/config/dhcp/dhcp4-leases*'
 systemd_override = r'/run/systemd/system/kea-ctrl-agent.service.d/10-override.conf'
 user_group = '_kea'
 
@@ -354,6 +357,10 @@ def generate(dhcp):
         makedir(lease_dir, group='vyattacfg')
         chmod_775(lease_dir)
 
+    # Ensure correct permissions on lease files + backups
+    for file in glob(lease_file_glob):
+        chown(file, user=user_group, group='vyattacfg')
+
     # Create lease file if necessary and let kea own it - 'kea-lfc' expects it that way
     if not os.path.exists(lease_file):
         write_file(lease_file, '', user=user_group, group=user_group, mode=0o644)
diff --git a/src/conf_mode/service_dhcpv6-server.py b/src/conf_mode/service_dhcpv6-server.py
index add83eb0d..c7333dd3a 100755
--- a/src/conf_mode/service_dhcpv6-server.py
+++ b/src/conf_mode/service_dhcpv6-server.py
@@ -16,6 +16,7 @@
 
 import os
 
+from glob import glob
 from ipaddress import ip_address
 from ipaddress import ip_network
 from sys import exit
@@ -24,6 +25,7 @@ from vyos.config import Config
 from vyos.template import render
 from vyos.utils.process import call
 from vyos.utils.file import chmod_775
+from vyos.utils.file import chown
 from vyos.utils.file import makedir
 from vyos.utils.file import write_file
 from vyos.utils.dict import dict_search
@@ -35,6 +37,7 @@ airbag.enable()
 config_file = '/run/kea/kea-dhcp6.conf'
 ctrl_socket = '/run/kea/dhcp6-ctrl-socket'
 lease_file = '/config/dhcp/dhcp6-leases.csv'
+lease_file_glob = '/config/dhcp/dhcp6-leases*'
 user_group = '_kea'
 
 def get_config(config=None):
@@ -224,6 +227,10 @@ def generate(dhcpv6):
         makedir(lease_dir, group='vyattacfg')
         chmod_775(lease_dir)
 
+    # Ensure correct permissions on lease files + backups
+    for file in glob(lease_file_glob):
+        chown(file, user=user_group, group='vyattacfg')
+
     # Create lease file if necessary and let kea own it - 'kea-lfc' expects it that way
     if not os.path.exists(lease_file):
         write_file(lease_file, '', user=user_group, group=user_group, mode=0o644)
-- 
cgit v1.2.3