diff options
| author | David Sommerseth <davids@redhat.com> | 2012-01-16 12:00:33 +0100 |
|---|---|---|
| committer | David Sommerseth <davids@redhat.com> | 2012-01-16 12:13:28 +0100 |
| commit | 06e781f885125b05de0a731743acd90d4492a435 (patch) | |
| tree | c94156ed64fffac210e62445dd8cfa0a91348da9 /options.c | |
| parent | cb383dc3bc161c1e4ea6b535097e0f64a725e081 (diff) | |
| download | openvpn-06e781f885125b05de0a731743acd90d4492a435.tar.gz openvpn-06e781f885125b05de0a731743acd90d4492a435.tar.xz openvpn-06e781f885125b05de0a731743acd90d4492a435.zip | |
Don't check for file presence on inline files
The configuration file supports inline files for --ca, --cert, --dh,
--extra-certs, --key, --pkcs12, --secret and --tls-auth. When this
is used, the filename is set to [[INLINE]] (defined by INLINE_FILE_TAG).
If the filename is set to INLINE_FILE_TAG for these options, don't
call check_file_access().
[v2 Simplify the code, using a flag to check_file_access()]
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'options.c')
| -rw-r--r-- | options.c | 23 |
1 files changed, 15 insertions, 8 deletions
@@ -2603,6 +2603,7 @@ options_postprocess_mutate (struct options *o) #define CHKACC_FILE (1<<0) /** Check for a file/directory precense */ #define CHKACC_DIRPATH (1<<1) /** Check for directory precense where a file should reside */ #define CHKACC_FILEXSTWR (1<<2) /** If file exists, is it writable? */ +#define CHKACC_INLINE (1<<3) /** File is present if it's an inline file */ static bool check_file_access(const int type, const char *file, const int mode, const char *opt) @@ -2613,6 +2614,10 @@ check_file_access(const int type, const char *file, const int mode, const char * if (!file) return false; + /* If this may be an inline file, and the proper inline "filename" is set - no issues */ + if ((type & CHKACC_INLINE) && streq(file, INLINE_FILE_TAG) ) + return false; + /* Is the directory path leading to the given file accessible? */ if (type & CHKACC_DIRPATH) { @@ -2653,27 +2658,29 @@ options_postprocess_filechecks (struct options *options) /* ** SSL/TLS/crypto related files ** */ #ifdef USE_SSL - errs |= check_file_access (CHKACC_FILE, options->dh_file, R_OK, "--dh"); - errs |= check_file_access (CHKACC_FILE, options->ca_file, R_OK, "--ca"); + errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->dh_file, R_OK, "--dh"); + errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->ca_file, R_OK, "--ca"); errs |= check_file_access (CHKACC_FILE, options->ca_path, R_OK, "--capath"); - errs |= check_file_access (CHKACC_FILE, options->cert_file, R_OK, "--cert"); - errs |= check_file_access (CHKACC_FILE, options->extra_certs_file, R_OK, + errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->cert_file, R_OK, "--cert"); + errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->extra_certs_file, R_OK, "--extra-certs"); - errs |= check_file_access (CHKACC_FILE, options->priv_key_file, R_OK, + errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->priv_key_file, R_OK, "--key"); - errs |= check_file_access (CHKACC_FILE, options->pkcs12_file, R_OK, + errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->pkcs12_file, R_OK, "--pkcs12"); + if (options->ssl_flags & SSLF_CRL_VERIFY_DIR) errs |= check_file_access (CHKACC_FILE, options->crl_file, R_OK|X_OK, "--crl-verify directory"); else errs |= check_file_access (CHKACC_FILE, options->crl_file, R_OK, "--crl-verify"); - errs |= check_file_access (CHKACC_FILE, options->tls_auth_file, R_OK, + + errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->tls_auth_file, R_OK, "--tls-auth"); #endif /* USE_SSL */ #ifdef USE_CRYPTO - errs |= check_file_access (CHKACC_FILE, options->shared_secret_file, R_OK, + errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->shared_secret_file, R_OK, "--secret"); errs |= check_file_access (CHKACC_DIRPATH|CHKACC_FILEXSTWR, options->packet_id_file, R_OK|W_OK, "--replay-persist"); |