X-Git-Url: https://ruderich.org/simon/gitweb/?p=nsscash%2Fnsscash.git;a=blobdiff_plain;f=config.go;h=909692095f9cf1184967054fd1857a745bceb030;hp=8e9a6308124a4d74adb7f8e2dde1ad82f16b84bf;hb=HEAD;hpb=92afde4e875a96e1ab865e29b9f0d11b08d7db1c diff --git a/config.go b/config.go index 8e9a630..9096920 100644 --- a/config.go +++ b/config.go @@ -1,6 +1,6 @@ // Configuration file parsing and validation -// Copyright (C) 2019 Simon Ruderich +// Copyright (C) 2019-2021 Simon Ruderich // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU Affero General Public License as published by @@ -19,6 +19,7 @@ package main import ( "fmt" + "os" "github.com/BurntSushi/toml" ) @@ -29,9 +30,12 @@ type Config struct { } type File struct { - Type FileType - Url string - Path string + Type FileType + Url string + Path string + CA string + Username string + Password string body []byte // internally used by handleFiles() } @@ -42,6 +46,7 @@ type FileType int const ( FileTypePlain FileType = iota FileTypePasswd + FileTypeGroup ) func (t *FileType) UnmarshalText(text []byte) error { @@ -50,6 +55,8 @@ func (t *FileType) UnmarshalText(text []byte) error { *t = FileTypePlain case "passwd": *t = FileTypePasswd + case "group": + *t = FileTypeGroup default: return fmt.Errorf("invalid file type %q", text) } @@ -68,6 +75,13 @@ func LoadConfig(path string) (*Config, error) { return nil, fmt.Errorf("invalid fields used: %q", undecoded) } + f, err := os.Stat(path) + if err != nil { + return nil, err + } + perms := f.Mode().Perm() + unsafe := (perms & 0077) != 0 // readable by others + if cfg.StatePath == "" { return nil, fmt.Errorf("statepath must not be empty") } @@ -81,6 +95,12 @@ func LoadConfig(path string) (*Config, error) { return nil, fmt.Errorf( "file[%d].path must not be empty", i) } + if (f.Username != "" || f.Password != "") && unsafe { + return nil, fmt.Errorf( + "file[%d].username/passsword in use and "+ + "unsafe permissions %v on %q", + i, perms, path) + } } return &cfg, nil