diff options
author | David Sommerseth <davids@redhat.com> | 2012-02-20 10:31:54 +0100 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2012-02-20 11:08:33 +0100 |
commit | a4de190b92f9464602222454dd753072eecc0407 (patch) | |
tree | a169d2150541856c2965423c82bbf0b581d3a7e7 | |
parent | 4ebc587eab73e03ef64d344a5707d84e7f8d875a (diff) | |
download | openvpn-a4de190b92f9464602222454dd753072eecc0407.tar.gz openvpn-a4de190b92f9464602222454dd753072eecc0407.tar.xz openvpn-a4de190b92f9464602222454dd753072eecc0407.zip |
Revamp check_file_access() checks in stdin scenarios
It was discovered that --management also can take stdin as argument
instead of a file. Enabled this by revamping the check_file_access()
flags by adding CHKACC_ACPTSTDIN. Setting this flag will then consider
filenames as 'stdin' as always present.
The other place where 'stdin' was accepted is also modified to use this
flag instead.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
-rw-r--r-- | options.c | 16 |
1 files changed, 12 insertions, 4 deletions
@@ -2605,6 +2605,7 @@ options_postprocess_mutate (struct options *o) #define CHKACC_DIRPATH (1<<1) /** Check for directory precense where a file should reside */ #define CHKACC_FILEXSTWR (1<<2) /** If file exists, is it writable? */ #define CHKACC_INLINE (1<<3) /** File is present if it's an inline file */ +#define CHKACC_ACPTSTDIN (1<<4) /** If filename is stdin, it's allowed and "exists" */ static bool check_file_access(const int type, const char *file, const int mode, const char *opt) @@ -2619,6 +2620,12 @@ check_file_access(const int type, const char *file, const int mode, const char * if ((type & CHKACC_INLINE) && streq(file, INLINE_FILE_TAG) ) return false; + /* If stdin is allowed and the file name is 'stdin', then do no + * further checks as stdin is always available + */ + if( (type & CHKACC_ACPTSTDIN) && streq(file, "stdin") ) + return false; + /* Is the directory path leading to the given file accessible? */ if (type & CHKACC_DIRPATH) { @@ -2694,13 +2701,14 @@ options_postprocess_filechecks (struct options *options) "--askpass"); #endif /* USE_SSL */ #ifdef ENABLE_MANAGEMENT - errs |= check_file_access (CHKACC_FILE, options->management_user_pass, R_OK, + errs |= check_file_access (CHKACC_FILE|CHKACC_ACPTSTDIN, + options->management_user_pass, R_OK, "--management user/password file"); #endif /* ENABLE_MANAGEMENT */ #if P2MP - if( options->auth_user_pass_file && strcmp(options->auth_user_pass_file, "stdin") != 0 ) - errs |= check_file_access (CHKACC_FILE, options->auth_user_pass_file, R_OK, - "--auth-user-pass"); + errs |= check_file_access (CHKACC_FILE|CHKACC_ACPTSTDIN, + options->auth_user_pass_file, R_OK, + "--auth-user-pass"); #endif /* P2MP */ /* ** System related ** */ |