From: Simon Ruderich <simon@ruderich.org>
Date: Tue, 10 Dec 2013 13:16:13 +0000 (+0100)
Subject: tlsproxy-setup: Prevent accidental overwrites.
X-Git-Url: https://ruderich.org/simon/gitweb/?p=tlsproxy%2Ftlsproxy.git;a=commitdiff_plain;h=636a400063eee95cfecaa4c4a655b0fbf032e210

tlsproxy-setup: Prevent accidental overwrites.
---

diff --git a/man/tlsproxy-setup.txt b/man/tlsproxy-setup.txt
index 9e482f3..f5cf511 100644
--- a/man/tlsproxy-setup.txt
+++ b/man/tlsproxy-setup.txt
@@ -10,7 +10,7 @@ tlsproxy-setup - create necessary files for tlsproxy
 SYNOPSIS
 --------
 
-*tlsproxy-setup*
+*tlsproxy-setup* ['--force']
 
 
 DESCRIPTION
@@ -21,11 +21,13 @@ empty directory.
 
 It creates the following files in the current directory:
 
-- proxy-ca.pem
-- proxy-ca-key.pem
-- proxy-dh.pem
-- proxy-key.pem
-- proxy-invalid.pem
+- `proxy-ca.pem`
+- `proxy-ca-key.pem`
+- `proxy-dh.pem`
+- `proxy-key.pem`
+- `proxy-invalid.pem`
+
+If any of these files exist, the program is aborted.
 
 Requires GnuTLS' *certtool*.
 
diff --git a/src/tlsproxy-setup b/src/tlsproxy-setup
index d76c998..155b8c9 100755
--- a/src/tlsproxy-setup
+++ b/src/tlsproxy-setup
@@ -23,11 +23,23 @@
 set -e
 
 
-if test "$#" -ne 0; then
-    echo "Usage: $0"
+if test "$#" -ge 1 && test x"$*" != 'x--force'; then
+    echo "Usage: $0 [--force]" >&2
     exit 1
 fi
 
+# Prevent accidental overwrites.
+if test x"$1" != 'x--force'; then
+    for x in proxy-ca-key.pem proxy-ca.pem \
+             proxy-key.pem proxy-invalid.pem proxy-dh.pem; do
+        if test -f "$x"; then
+            echo "File '$x' already exists. Use --force to overwrite." >&2
+            exit 2
+        fi
+    done
+fi
+
+
 tempfile=`mktemp`
 trap 'rm -f "$tempfile"' EXIT