diff options
| author | Beniamino Galvani <bgalvani@redhat.com> | 2016-11-17 09:56:16 +0100 |
|---|---|---|
| committer | Beniamino Galvani <bgalvani@redhat.com> | 2016-12-06 11:08:11 +0100 |
| commit | 2e21d78494cc5507479ebc8f920c81140e76c040 (patch) | |
| tree | 21ac7cedbae13a41f36defc3a96ed4d0e9a000f2 | |
| parent | 7ae6e980e4f003ceeeb4f5d99dc9e8e5aa6b8d6a (diff) | |
| download | NetworkManager-2e21d78494cc5507479ebc8f920c81140e76c040.tar.gz | |
core: factor out plugin validation
The new function will be used to validate other plugins we load.
| -rw-r--r-- | src/nm-core-utils.c | 47 | ||||
| -rw-r--r-- | src/nm-core-utils.h | 3 |
2 files changed, 39 insertions, 11 deletions
diff --git a/src/nm-core-utils.c b/src/nm-core-utils.c index df6a7fc94a..2927acd375 100644 --- a/src/nm-core-utils.c +++ b/src/nm-core-utils.c @@ -3804,6 +3804,37 @@ read_device_factory_paths_sort_fcn (gconstpointer a, gconstpointer b) return 0; } +gboolean +nm_utils_validate_plugin (const char *path, struct stat *st, GError **error) +{ + g_return_val_if_fail (path, FALSE); + g_return_val_if_fail (st, FALSE); + g_return_val_if_fail (!error || !*error, FALSE); + + if (!S_ISREG (st->st_mode)) { + g_set_error_literal (error, + NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN, + "not a regular file"); + return FALSE; + } + + if (st->st_uid != 0) { + g_set_error_literal (error, + NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN, + "file has invalid owner (should be root)"); + return FALSE; + } + + if (st->st_mode & (S_IWGRP | S_IWOTH | S_ISUID)) { + g_set_error_literal (error, + NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN, + "file has invalid permissions"); + return FALSE; + } + + return TRUE; +} + char ** nm_utils_read_plugin_paths (const char *dirname, const char *prefix) { @@ -3846,18 +3877,12 @@ nm_utils_read_plugin_paths (const char *dirname, const char *prefix) data.path, strerror (errsv)); goto skip; } - if (!S_ISREG (data.st.st_mode)) - goto skip; - if (data.st.st_uid != 0) { - nm_log_warn (LOGD_CORE, - "plugin: skip invalid file %s (file must be owned by root)", - data.path); - goto skip; - } - if (data.st.st_mode & (S_IWGRP | S_IWOTH | S_ISUID)) { + + if (!nm_utils_validate_plugin (data.path, &data.st, &error)) { nm_log_warn (LOGD_CORE, - "plugin: skip invalid file %s (invalid file permissions)", - data.path); + "plugin: skip invalid file %s: %s", + data.path, error->message); + g_clear_error (&error); goto skip; } diff --git a/src/nm-core-utils.h b/src/nm-core-utils.h index 7bcee8947c..9cf196f709 100644 --- a/src/nm-core-utils.h +++ b/src/nm-core-utils.h @@ -451,6 +451,9 @@ gboolean nm_utils_file_set_contents (const gchar *filename, mode_t mode, GError **error); +struct stat; + +gboolean nm_utils_validate_plugin (const char *path, struct stat *stat, GError **error); char **nm_utils_read_plugin_paths (const char *dirname, const char *prefix); #endif /* __NM_CORE_UTILS_H__ */ |