X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=config.go;h=18c6520222fd115a9fd091ebc15ce73f9cf5d0d3;hb=44a325a9bea5f53c6489cecb3691709306a1814c;hp=8e9a6308124a4d74adb7f8e2dde1ad82f16b84bf;hpb=92afde4e875a96e1ab865e29b9f0d11b08d7db1c;p=nsscash%2Fnsscash.git

diff --git a/config.go b/config.go
index 8e9a630..18c6520 100644
--- a/config.go
+++ b/config.go
@@ -19,6 +19,7 @@ package main
 
 import (
 	"fmt"
+	"os"
 
 	"github.com/BurntSushi/toml"
 )
@@ -32,6 +33,9 @@ type File struct {
 	Type FileType
 	Url  string
 	Path string
+	CA   string
+	Username string
+	Password string
 
 	body []byte // internally used by handleFiles()
 }
@@ -42,6 +46,7 @@ type FileType int
 const (
 	FileTypePlain FileType = iota
 	FileTypePasswd
+	FileTypeGroup
 )
 
 func (t *FileType) UnmarshalText(text []byte) error {
@@ -50,6 +55,8 @@ func (t *FileType) UnmarshalText(text []byte) error {
 		*t = FileTypePlain
 	case "passwd":
 		*t = FileTypePasswd
+	case "group":
+		*t = FileTypeGroup
 	default:
 		return fmt.Errorf("invalid file type %q", text)
 	}
@@ -68,6 +75,13 @@ func LoadConfig(path string) (*Config, error) {
 		return nil, fmt.Errorf("invalid fields used: %q", undecoded)
 	}
 
+	f, err := os.Stat(path)
+	if err != nil {
+		return nil, err
+	}
+	perms := f.Mode().Perm()
+	unsafe := (perms & 0077) != 0 // readable by others
+
 	if cfg.StatePath == "" {
 		return nil, fmt.Errorf("statepath must not be empty")
 	}
@@ -81,6 +95,12 @@ func LoadConfig(path string) (*Config, error) {
 			return nil, fmt.Errorf(
 				"file[%d].path must not be empty", i)
 		}
+		if (f.Username != "" || f.Password != "") && unsafe {
+			return nil, fmt.Errorf(
+				"file[%d].username/passsword in use and "+
+					"unsafe permissions %v on %q",
+				i, perms, path)
+		}
 	}
 
 	return &cfg, nil