nss-pam-ldapd branch master updated. 0.9.6-9-gf089e01
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
nss-pam-ldapd branch master updated. 0.9.6-9-gf089e01
- From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
- To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
- Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: nss-pam-ldapd branch master updated. 0.9.6-9-gf089e01
- Date: Thu, 27 Aug 2015 21:12:26 +0200 (CEST)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".
The branch, master has been updated
via f089e0122dc37c416344cddc224d56b43c2783ea (commit)
from 309f127416cd38f972d28b29f59e784ea5403785 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=f089e0122dc37c416344cddc224d56b43c2783ea
commit f089e0122dc37c416344cddc224d56b43c2783ea
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Thu Aug 27 21:07:20 2015 +0200
Loosen up file existence check
This changes the check (for configuration options that specify file
names) to just check that the specified path is readable instead of
ensisting that it points to a file.
This allows tls_randfile to point to /dev/urandom (a character device)
or a pipe. This fixes 6779a51.
This also applies the same check to the krb5_ccname option.
Thanks to Patrick McLean for pointing this out.
diff --git a/nslcd/cfg.c b/nslcd/cfg.c
index 55fb3c4..9900314 100644
--- a/nslcd/cfg.c
+++ b/nslcd/cfg.c
@@ -482,6 +482,66 @@ static void add_uris_from_dns(const char *filename, int
lnr,
}
#endif /* HAVE_LDAP_DOMAIN2HOSTLIST */
+/* check that the file is not world readable */
+static void check_permissions(const char *filename, const char *keyword)
+{
+ struct stat sb;
+ /* get file status */
+ if (stat(filename, &sb))
+ {
+ log_log(LOG_ERR, "cannot stat() %s: %s", filename, strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+ /* check permissions */
+ if ((sb.st_mode & 0007) != 0)
+ {
+ if (keyword != NULL)
+ log_log(LOG_ERR, "%s: file should not be world readable if %s is set",
+ filename, keyword);
+ else
+ log_log(LOG_ERR, "%s: file should not be world readable", filename);
+ exit(EXIT_FAILURE);
+ }
+}
+
+/* check whether the specified path is readable */
+static void check_readable(const char *filename, int lnr,
+ const char *keyword, const char *path)
+{
+ struct stat sb;
+ if (stat(path, &sb))
+ {
+ log_log(LOG_ERR, "%s:%d: %s: cannot stat() %s: %s",
+ filename, lnr, keyword, path, strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+ if (!S_ISREG(sb.st_mode))
+ {
+ log_log(LOG_ERR, "%s:%d: %s: %s is not a file",
+ filename, lnr, keyword, path);
+ exit(EXIT_FAILURE);
+ }
+}
+
+/* check whether the specified path is a directory */
+static void check_dir(const char *filename, int lnr,
+ const char *keyword, const char *path)
+{
+ struct stat sb;
+ if (stat(path, &sb))
+ {
+ log_log(LOG_ERR, "%s:%d: %s: cannot stat() %s: %s",
+ filename, lnr, keyword, path, strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+ if (!S_ISDIR(sb.st_mode))
+ {
+ log_log(LOG_ERR, "%s:%d: %s: %s is not a directory",
+ filename, lnr, keyword, path);
+ exit(EXIT_FAILURE);
+ }
+}
+
static void handle_krb5_ccname(const char *filename, int lnr,
const char *keyword, char *line)
{
@@ -504,12 +564,7 @@ static void handle_krb5_ccname(const char *filename, int
lnr,
(strncasecmp(ccname, "WRFILE:", sizeof("WRFILE:") - 1) == 0))
{
ccfile = strchr(ccname, ':') + 1;
- if (access(ccfile, R_OK) != 0)
- {
- log_log(LOG_ERR, "%s:%d: error accessing %s: %s",
- filename, lnr, ccfile, strerror(errno));
- exit(EXIT_FAILURE);
- }
+ check_readable(filename, lnr, keyword, ccfile);
}
/* set the environment variable (we have a memory leak if this option
is set multiple times) */
@@ -1120,66 +1175,6 @@ static MUST_USE char *get_base_from_rootdse(void)
return base;
}
-/* check that the file is not world readable */
-static void check_permissions(const char *filename, const char *keyword)
-{
- struct stat sb;
- /* get file status */
- if (stat(filename, &sb))
- {
- log_log(LOG_ERR, "cannot stat() %s: %s", filename, strerror(errno));
- exit(EXIT_FAILURE);
- }
- /* check permissions */
- if ((sb.st_mode & 0007) != 0)
- {
- if (keyword != NULL)
- log_log(LOG_ERR, "%s: file should not be world readable if %s is set",
- filename, keyword);
- else
- log_log(LOG_ERR, "%s: file should not be world readable", filename);
- exit(EXIT_FAILURE);
- }
-}
-
-/* check whether the specified path is a file */
-static void check_file(const char *filename, int lnr,
- const char *keyword, const char *path)
-{
- struct stat sb;
- if (stat(path, &sb))
- {
- log_log(LOG_ERR, "%s:%d: %s: cannot stat() %s: %s",
- filename, lnr, keyword, path, strerror(errno));
- exit(EXIT_FAILURE);
- }
- if (!S_ISREG(sb.st_mode))
- {
- log_log(LOG_ERR, "%s:%d: %s: %s is not a file",
- filename, lnr, keyword, path);
- exit(EXIT_FAILURE);
- }
-}
-
-/* check whether the specified path is a directory */
-static void check_dir(const char *filename, int lnr,
- const char *keyword, const char *path)
-{
- struct stat sb;
- if (stat(path, &sb))
- {
- log_log(LOG_ERR, "%s:%d: %s: cannot stat() %s: %s",
- filename, lnr, keyword, path, strerror(errno));
- exit(EXIT_FAILURE);
- }
- if (!S_ISDIR(sb.st_mode))
- {
- log_log(LOG_ERR, "%s:%d: %s: %s is not a directory",
- filename, lnr, keyword, path);
- exit(EXIT_FAILURE);
- }
-}
-
/* set the configuration information to the defaults */
static void cfg_defaults(struct ldap_config *cfg)
{
@@ -1491,7 +1486,7 @@ static void cfg_read(const char *filename, struct
ldap_config *cfg)
{
value = get_strdup(filename, lnr, keyword, &line);
get_eol(filename, lnr, keyword, &line);
- check_file(filename, lnr, keyword, value);
+ check_readable(filename, lnr, keyword, value);
log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE,\"%s\")",
value);
LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_CACERTFILE, value);
@@ -1501,7 +1496,7 @@ static void cfg_read(const char *filename, struct
ldap_config *cfg)
{
value = get_strdup(filename, lnr, keyword, &line);
get_eol(filename, lnr, keyword, &line);
- check_file(filename, lnr, keyword, value);
+ check_readable(filename, lnr, keyword, value);
log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_RANDOM_FILE,\"%s\")",
value);
LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_RANDOM_FILE, value);
@@ -1519,7 +1514,7 @@ static void cfg_read(const char *filename, struct
ldap_config *cfg)
{
value = get_strdup(filename, lnr, keyword, &line);
get_eol(filename, lnr, keyword, &line);
- check_file(filename, lnr, keyword, value);
+ check_readable(filename, lnr, keyword, value);
log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_CERTFILE,\"%s\")",
value);
LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_CERTFILE, value);
@@ -1529,7 +1524,7 @@ static void cfg_read(const char *filename, struct
ldap_config *cfg)
{
value = get_strdup(filename, lnr, keyword, &line);
get_eol(filename, lnr, keyword, &line);
- check_file(filename, lnr, keyword, value);
+ check_readable(filename, lnr, keyword, value);
log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_KEYFILE,\"%s\")",
value);
LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_KEYFILE, value);
-----------------------------------------------------------------------
Summary of changes:
nslcd/cfg.c | 135 ++++++++++++++++++++++++++++-------------------------------
1 file changed, 65 insertions(+), 70 deletions(-)
hooks/post-receive
--
nss-pam-ldapd
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits/
- nss-pam-ldapd branch master updated. 0.9.6-9-gf089e01,
Commits of the nss-pam-ldapd project
