Add a new flag to check_private_dir to make it _not_ change permissions

We'll need this for checking permissions on the directories that hold control sockets: if somebody says "ControlSocket ~/foo", it would be pretty rude to do a chmod 700 on their homedir.
2024-11-28 06:13:31 +01:00 · 2011-05-13 15:40:03 -04:00 · 2011-05-13 15:40:03 -04:00 · 5d147d8527
commit 5d147d8527
parent 3b6cbf2534
2 changed files with 8 additions and 0 deletions
--- a/src/common/util.c
+++ b/src/common/util.c
@ -1670,6 +1670,8 @@ file_status(const char *fname)
 * check&CPD_CHECK, and we think we can create it, return 0.  Else
 * return -1.  If CPD_GROUP_OK is set, then it's okay if the directory
 * is group-readable, but in all cases we create the directory mode 0700.
+ * If CPD_CHECK_MODE_ONLY is set, then we don't alter the directory permissions
+ * if they are too permissive: we just return -1.
 */
 int
 check_private_dir(const char *dirname, cpd_check_t check)
@ -1741,6 +1743,11 @@ check_private_dir(const char *dirname, cpd_check_t check)
  }
  if (st.st_mode & mask) {
    unsigned new_mode;
+    if (check & CPD_CHECK_MODE_ONLY) {
+      log_warn(LD_FS, "Permissions on directory %s are too permissive.",
+               dirname);
+      return -1;
+    }
    log_warn(LD_FS, "Fixing permissions on directory %s", dirname);
    new_mode = st.st_mode;
    new_mode |= 0700; /* Owner should have rwx */
--- a/src/common/util.h
+++ b/src/common/util.h
@ -291,6 +291,7 @@ typedef unsigned int cpd_check_t;
 #define CPD_CREATE 1
 #define CPD_CHECK 2
 #define CPD_GROUP_OK 4
+#define CPD_CHECK_MODE_ONLY 8
 int check_private_dir(const char *dirname, cpd_check_t check);
 #define OPEN_FLAGS_REPLACE (O_WRONLY|O_CREAT|O_TRUNC)
 #define OPEN_FLAGS_APPEND (O_WRONLY|O_CREAT|O_APPEND)