Browse code
file checks: Merge warn_if_group_others_accessible() into check_file_access()
Commit 825e2ec1f358f2e8 cleaned up the usage of
warn_if_group_others_accessible()
and moved it into options.c. At this point there is only one caller of
this
function, check_file_access().
This takes that clean-up one step further and merges everything into
check_file_access(). In addition it removes some no longer needed #ifdefs
and uses platform_stat() to allow a similar check to happen on the Windows
platform as well.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1479163508-19435-1-git-send-email-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13062.html
David Sommerseth authored on 2016/11/15 07:45:08Showing 1 changed files
| ... | ... |
@@ -57,6 +57,7 @@ |
| 57 | 57 |
#include "manage.h" |
| 58 | 58 |
#include "forward.h" |
| 59 | 59 |
#include "ssl_verify.h" |
| 60 |
+#include "platform.h" |
|
| 60 | 61 |
#include <ctype.h> |
| 61 | 62 |
|
| 62 | 63 |
#include "memdbg.h" |
| ... | ... |
@@ -2683,31 +2684,6 @@ options_postprocess_mutate (struct options *o) |
| 2683 | 2683 |
*/ |
| 2684 | 2684 |
#ifndef ENABLE_SMALL /** Expect people using the stripped down version to know what they do */ |
| 2685 | 2685 |
|
| 2686 |
-/* |
|
| 2687 |
- * Warn if a given file is group/others accessible. |
|
| 2688 |
- */ |
|
| 2689 |
-static void |
|
| 2690 |
-warn_if_group_others_accessible (const char* filename) |
|
| 2691 |
-{
|
|
| 2692 |
-#ifndef _WIN32 |
|
| 2693 |
-#ifdef HAVE_STAT |
|
| 2694 |
- if (strcmp (filename, INLINE_FILE_TAG)) |
|
| 2695 |
- {
|
|
| 2696 |
- struct stat st; |
|
| 2697 |
- if (stat (filename, &st)) |
|
| 2698 |
- {
|
|
| 2699 |
- msg (M_WARN | M_ERRNO, "WARNING: cannot stat file '%s'", filename); |
|
| 2700 |
- } |
|
| 2701 |
- else |
|
| 2702 |
- {
|
|
| 2703 |
- if (st.st_mode & (S_IRWXG|S_IRWXO)) |
|
| 2704 |
- msg (M_WARN, "WARNING: file '%s' is group or others accessible", filename); |
|
| 2705 |
- } |
|
| 2706 |
- } |
|
| 2707 |
-#endif |
|
| 2708 |
-#endif |
|
| 2709 |
-} |
|
| 2710 |
- |
|
| 2711 | 2686 |
#define CHKACC_FILE (1<<0) /** Check for a file/directory precense */ |
| 2712 | 2687 |
#define CHKACC_DIRPATH (1<<1) /** Check for directory precense where a file should reside */ |
| 2713 | 2688 |
#define CHKACC_FILEXSTWR (1<<2) /** If file exists, is it writable? */ |
| ... | ... |
@@ -2754,9 +2730,19 @@ check_file_access(const int type, const char *file, const int mode, const char * |
| 2754 | 2754 |
if (platform_access (file, W_OK) != 0) |
| 2755 | 2755 |
errcode = errno; |
| 2756 | 2756 |
|
| 2757 |
+ /* Warn if a given private file is group/others accessible. */ |
|
| 2757 | 2758 |
if (type & CHKACC_PRIVATE) |
| 2758 | 2759 |
{
|
| 2759 |
- warn_if_group_others_accessible (file); |
|
| 2760 |
+ platform_stat_t st; |
|
| 2761 |
+ if (platform_stat (file, &st)) |
|
| 2762 |
+ {
|
|
| 2763 |
+ msg (M_WARN | M_ERRNO, "WARNING: cannot stat file '%s'", file); |
|
| 2764 |
+ } |
|
| 2765 |
+ else |
|
| 2766 |
+ {
|
|
| 2767 |
+ if (st.st_mode & (S_IRWXG|S_IRWXO)) |
|
| 2768 |
+ msg (M_WARN, "WARNING: file '%s' is group or others accessible", file); |
|
| 2769 |
+ } |
|
| 2760 | 2770 |
} |
| 2761 | 2771 |
|
| 2762 | 2772 |
/* Scream if an error is found */ |