// Configuration file parsing and validation
-// Copyright (C) 2019 Simon Ruderich
+// Copyright (C) 2019-2021 Simon Ruderich
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
import (
"fmt"
+ "os"
"github.com/BurntSushi/toml"
)
}
type File struct {
- Type FileType
- Url string
- Path string
- CA string
+ Type FileType
+ Url string
+ Path string
+ CA string
+ Username string
+ Password string
body []byte // internally used by handleFiles()
}
return nil, fmt.Errorf("invalid fields used: %q", undecoded)
}
+ f, err := os.Stat(path)
+ if err != nil {
+ return nil, err
+ }
+ perms := f.Mode().Perm()
+ unsafe := (perms & 0077) != 0 // readable by others
+
if cfg.StatePath == "" {
return nil, fmt.Errorf("statepath must not be empty")
}
return nil, fmt.Errorf(
"file[%d].path must not be empty", i)
}
+ if (f.Username != "" || f.Password != "") && unsafe {
+ return nil, fmt.Errorf(
+ "file[%d].username/passsword in use and "+
+ "unsafe permissions %v on %q",
+ i, perms, path)
+ }
}
return &cfg, nil
ruderich.org/simon / nsscash / nsscash.git / blobdiff