diff options
author | David Dykstra <dwd@samba.org> | 1998-11-24 19:52:35 +0000 |
---|---|---|
committer | David Dykstra <dwd@samba.org> | 1998-11-24 19:52:35 +0000 |
commit | d1be231290b3867648ee417fad341fdf1caaa94b (patch) | |
tree | 74c699a96d5483c034e8a77b1cf0720cd0c46e89 | |
parent | a926daecbf3b31efb68e309e9d522a4fd01691f2 (diff) | |
download | rsync-d1be231290b3867648ee417fad341fdf1caaa94b.tar.gz |
Make sure secrets file is not other-accessible, and owned by root if the
daemon is running as root. Suggested by
Mike Richardson <mike@quaking.demon.co.uk>
-rw-r--r-- | authenticate.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/authenticate.c b/authenticate.c index a4835a6d..ba83a899 100644 --- a/authenticate.c +++ b/authenticate.c @@ -75,12 +75,31 @@ static int get_secret(int module, char *user, char *secret, int len) int fd, found=0; char line[MAXPATHLEN]; char *p, *pass=NULL; + STRUCT_STAT st; + int ok = 1; + extern int am_root; if (!fname || !*fname) return 0; fd = open(fname,O_RDONLY); if (fd == -1) return 0; + if (do_stat(fname, &st) == -1) { + rprintf(FERROR,"stat(%s) : %s\n", fname, strerror(errno)); + ok = 0; + } else if ((st.st_mode & 06) != 0) { + rprintf(FERROR,"secrets file must not be other-accessible\n"); + ok = 0; + } else if (am_root && (st.st_uid != 0)) { + rprintf(FERROR,"secrets file must be owned by root when running as root\n"); + ok = 0; + } + if (!ok) { + rprintf(FERROR,"continuing without secrets file\n"); + close(fd); + return 0; + } + while (!found) { int i = 0; memset(line, 0, sizeof(line)); |