X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=config.go;h=18c6520222fd115a9fd091ebc15ce73f9cf5d0d3;hb=44a325a9bea5f53c6489cecb3691709306a1814c;hp=99b27cff35e423e607d541bbbea2fe1c9f1a0db2;hpb=839f07d7b3130efc613d7d3fa8ed71a7d8d5fd7f;p=nsscash%2Fnsscash.git

diff --git a/config.go b/config.go
index 99b27cf..18c6520 100644
--- a/config.go
+++ b/config.go
@@ -19,6 +19,7 @@ package main
 
 import (
 	"fmt"
+	"os"
 
 	"github.com/BurntSushi/toml"
 )
@@ -32,6 +33,9 @@ type File struct {
 	Type FileType
 	Url  string
 	Path string
+	CA   string
+	Username string
+	Password string
 
 	body []byte // internally used by handleFiles()
 }
@@ -71,6 +75,13 @@ func LoadConfig(path string) (*Config, error) {
 		return nil, fmt.Errorf("invalid fields used: %q", undecoded)
 	}
 
+	f, err := os.Stat(path)
+	if err != nil {
+		return nil, err
+	}
+	perms := f.Mode().Perm()
+	unsafe := (perms & 0077) != 0 // readable by others
+
 	if cfg.StatePath == "" {
 		return nil, fmt.Errorf("statepath must not be empty")
 	}
@@ -84,6 +95,12 @@ func LoadConfig(path string) (*Config, error) {
 			return nil, fmt.Errorf(
 				"file[%d].path must not be empty", i)
 		}
+		if (f.Username != "" || f.Password != "") && unsafe {
+			return nil, fmt.Errorf(
+				"file[%d].username/passsword in use and "+
+					"unsafe permissions %v on %q",
+				i, perms, path)
+		}
 	}
 
 	return &cfg, nil