keyfile: move file permission check of keyfile to helper function

author: Thomas Haller <thaller@redhat.com> 2018-09-27 12:58:58 +0200
committer: Thomas Haller <thaller@redhat.com> 2018-10-04 10:58:50 +0200
commit: df148096f79621fb508416563ccbb76098f0a923 (patch)
tree: 8ec6c7bdc9c9821fff3027b306b8f35e5417d83e
parent: cdcfddf92395ae8ade6fed57edec51272af07257 (diff)
3 files changed, 72 insertions, 21 deletions
diff --git a/src/settings/plugins/keyfile/nms-keyfile-reader.c b/src/settings/plugins/keyfile/nms-keyfile-reader.c
index 71578686c..4d61ebb45 100644
--- a/src/settings/plugins/keyfile/nms-keyfile-reader.c
+++ b/src/settings/plugins/keyfile/nms-keyfile-reader.c
@@ -28,6 +28,7 @@
 #include "nm-keyfile-internal.h"
 
 #include "NetworkManagerUtils.h"
+#include "nms-keyfile-utils.h"
 
 /*****************************************************************************/
 
@@ -116,31 +117,13 @@ NMConnection *
 nms_keyfile_reader_from_file (const char *filename, GError **error)
 {
 	gs_unref_keyfile GKeyFile *key_file = NULL;
-	struct stat statbuf;
 	NMConnection *connection = NULL;
 	GError *verify_error = NULL;
 
-	if (stat (filename, &statbuf) != 0 || !S_ISREG (statbuf.st_mode)) {
-		g_set_error_literal (error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION,
-		                     "File did not exist or was not a regular file");
+	if (!nms_keyfile_utils_check_file_permissions (filename,
+	                                               NULL,
+	                                               error))
 		return NULL;
-	}
-
-	if (!NM_FLAGS_HAS (nm_utils_get_testing (), NM_UTILS_TEST_NO_KEYFILE_OWNER_CHECK)) {
-		if (statbuf.st_mode & 0077) {
-			g_set_error (error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION,
-			             "File permissions (%o) were insecure",
-			             statbuf.st_mode);
-			return NULL;
-		}
-
-		if (statbuf.st_uid != 0) {
-			g_set_error (error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION,
-			             "File owner (%o) is insecure",
-			             statbuf.st_mode);
-			return NULL;
-		}
-	}
 
 	key_file = g_key_file_new ();
 	if (!g_key_file_load_from_file (key_file, filename, G_KEY_FILE_NONE, error))
diff --git a/src/settings/plugins/keyfile/nms-keyfile-utils.c b/src/settings/plugins/keyfile/nms-keyfile-utils.c
index 03f06670f..2a183d2f1 100644
--- a/src/settings/plugins/keyfile/nms-keyfile-utils.c
+++ b/src/settings/plugins/keyfile/nms-keyfile-utils.c
@@ -24,6 +24,7 @@
 
 #include <stdlib.h>
 #include <string.h>
+#include <sys/stat.h>
 
 #include "nm-setting-wired.h"
 #include "nm-setting-wireless.h"
@@ -113,6 +114,65 @@ nms_keyfile_utils_should_ignore_file (const char *filename)
 	return FALSE;
 }
 
+/*****************************************************************************/
+
+gboolean
+nms_keyfile_utils_check_file_permissions_stat (const struct stat *st,
+                                               GError **error)
+{
+	g_return_val_if_fail (st, FALSE);
+
+	if (!S_ISREG (st->st_mode)) {
+		g_set_error_literal (error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION,
+		                     "file is not a regular file");
+		return FALSE;
+	}
+
+	if (!NM_FLAGS_HAS (nm_utils_get_testing (), NM_UTILS_TEST_NO_KEYFILE_OWNER_CHECK)) {
+		if (st->st_uid != 0) {
+			g_set_error (error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION,
+			             "File owner (%lld) is insecure",
+			             (long long) st->st_uid);
+			return FALSE;
+		}
+
+		if (st->st_mode & 0077) {
+			g_set_error (error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION,
+			             "File permissions (%03o) are insecure",
+			             st->st_mode);
+			return FALSE;
+		}
+	}
+
+	return TRUE;
+}
+
+gboolean
+nms_keyfile_utils_check_file_permissions (const char *filename,
+                                          struct stat *out_st,
+                                          GError **error)
+{
+	struct stat st;
+	int errsv;
+
+	g_return_val_if_fail (filename && filename[0] == '/', FALSE);
+
+	if (stat (filename, &st) != 0) {
+		errsv = errno;
+		g_set_error (error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION,
+		             "cannot access file: %s", g_strerror (errsv));
+		return FALSE;
+	}
+
+	if (!nms_keyfile_utils_check_file_permissions_stat (&st, error))
+		return FALSE;
+
+	NM_SET_OUT (out_st, st);
+	return TRUE;
+}
+
+/*****************************************************************************/
+
 char *
 nms_keyfile_utils_escape_filename (const char *filename)
 {
diff --git a/src/settings/plugins/keyfile/nms-keyfile-utils.h b/src/settings/plugins/keyfile/nms-keyfile-utils.h
index ec3bd4414..13a3eb009 100644
--- a/src/settings/plugins/keyfile/nms-keyfile-utils.h
+++ b/src/settings/plugins/keyfile/nms-keyfile-utils.h
@@ -37,4 +37,12 @@ char *nms_keyfile_utils_escape_filename (const char *filename);
 
 const char *nms_keyfile_utils_get_path (void);
 
+struct stat;
+gboolean nms_keyfile_utils_check_file_permissions_stat (const struct stat *st,
+                                                        GError **error);
+
+gboolean nms_keyfile_utils_check_file_permissions (const char *filename,
+                                                   struct stat *out_st,
+                                                   GError **error);
+
 #endif /* __NMS_KEYFILE_UTILS_H__ */
author	Thomas Haller <thaller@redhat.com>	2018-09-27 12:58:58 +0200
committer	Thomas Haller <thaller@redhat.com>	2018-10-04 10:58:50 +0200
commit	df148096f79621fb508416563ccbb76098f0a923 (patch)
tree	8ec6c7bdc9c9821fff3027b306b8f35e5417d83e
parent	cdcfddf92395ae8ade6fed57edec51272af07257 (diff)