Make sure secrets file is not other-accessible, and owned by root if the

daemon is running as root. Suggested by Mike Richardson <mike@quaking.demon.co.uk>
author: David Dykstra <dwd@samba.org> 1998-11-24 19:52:35 +0000
committer: David Dykstra <dwd@samba.org> 1998-11-24 19:52:35 +0000
commit: d1be231290b3867648ee417fad341fdf1caaa94b (patch)
tree: 74c699a96d5483c034e8a77b1cf0720cd0c46e89 /authenticate.c
parent: a926daecbf3b31efb68e309e9d522a4fd01691f2 (diff)
download: rsync-d1be231290b3867648ee417fad341fdf1caaa94b.tar.gz
1 files changed, 19 insertions, 0 deletions
diff --git a/authenticate.c b/authenticate.c
index a4835a6d..ba83a899 100644
--- a/authenticate.c
+++ b/authenticate.c
@@ -75,12 +75,31 @@ static int get_secret(int module, char *user, char *secret, int len)
 	int fd, found=0;
 	char line[MAXPATHLEN];
 	char *p, *pass=NULL;
+	STRUCT_STAT st;
+	int ok = 1;
+	extern int am_root;
 
 	if (!fname || !*fname) return 0;
 
 	fd = open(fname,O_RDONLY);
 	if (fd == -1) return 0;
 
+	if (do_stat(fname, &st) == -1) {
+		rprintf(FERROR,"stat(%s) : %s\n", fname, strerror(errno));
+		ok = 0;
+	} else if ((st.st_mode & 06) != 0) {
+		rprintf(FERROR,"secrets file must not be other-accessible\n");
+		ok = 0;
+	} else if (am_root && (st.st_uid != 0)) {
+		rprintf(FERROR,"secrets file must be owned by root when running as root\n");
+		ok = 0;
+	}
+	if (!ok) {
+		rprintf(FERROR,"continuing without secrets file\n");
+		close(fd);
+		return 0;
+	}
+
 	while (!found) {
 		int i = 0;
 		memset(line, 0, sizeof(line));
author	David Dykstra <dwd@samba.org>	1998-11-24 19:52:35 +0000
committer	David Dykstra <dwd@samba.org>	1998-11-24 19:52:35 +0000
commit	d1be231290b3867648ee417fad341fdf1caaa94b (patch)
tree	74c699a96d5483c034e8a77b1cf0720cd0c46e89 /authenticate.c
parent	a926daecbf3b31efb68e309e9d522a4fd01691f2 (diff)
download	rsync-d1be231290b3867648ee417fad341fdf1caaa94b.tar.gz