Add FILE_EXISTS for things like /dev/urandom.

It has to exist, but we don't care about the permissions

diff --git a/src/include/conffile.h b/src/include/conffile.h
index 62d16b028d49a338cf5d257dc7234bfe8aa13b52..60c12b787b29ee4287d82aad4d711c09fb5a596a 100644 (file)
--- a/src/include/conffile.h
+++ b/src/include/conffile.h
@@ -139,6 +139,7 @@ typedef struct timeval _timeval_t;
 
 #define PW_TYPE_MULTI          (1 << 18) //!< CONF_PAIR can have multiple copies.
 #define PW_TYPE_NOT_EMPTY      (1 << 19) //!< CONF_PAIR is required to have a non zero length value.
+#define PW_TYPE_FILE_EXISTS    ((1 << 20) | PW_TYPE_STRING) //!< File matching value must exist
 /* @} **/
 
 #define FR_INTEGER_COND_CHECK(_name, _var, _cond, _new)\

diff --git a/src/main/conffile.c b/src/main/conffile.c
index f890a9e2b09cf875ba67d84f83e11bc6571dc0be..2cf83ec2f3a145c48c34738483c71415dec9ed62 100644 (file)
--- a/src/main/conffile.c
+++ b/src/main/conffile.c
@@ -362,10 +362,9 @@ static FILE *cf_file_open(CONF_SECTION *cs, char const *filename)
 }
 
 /*
- *     Do some checks on the file as an "input" file.  i.e. one read
- *     by a module.
+ *     Do some checks on the file
  */
-static bool cf_file_input(CONF_SECTION *cs, char const *filename)
+static bool cf_file_check(CONF_SECTION *cs, char const *filename, bool check_perms)
 {
        cf_file_t *file;
        CONF_DATA *cd;
@@ -386,11 +385,13 @@ static bool cf_file_input(CONF_SECTION *cs, char const *filename)
        file->input = true;
 
        if (stat(filename, &file->buf) < 0) {
-               ERROR("Unable to open file \"%s\": %s", filename, fr_syserror(errno));
+               ERROR("Unable to check file \"%s\": %s", filename, fr_syserror(errno));
                talloc_free(file);
                return false;
        }
 
+       if (!check_perms) return true;
+
 #ifdef S_IWOTH
        if ((file->buf.st_mode & S_IWOTH) != 0) {
                ERROR("Configuration file %s is globally writable.  "
@@ -1384,7 +1385,7 @@ static inline int fr_item_validate_ipaddr(CONF_SECTION *cs, char const *name, PW
 int cf_item_parse(CONF_SECTION *cs, char const *name, unsigned int type, void *data, char const *dflt)
 {
        int rcode;
-       bool deprecated, required, attribute, secret, file_input, cant_be_empty, tmpl, multi;
+       bool deprecated, required, attribute, secret, file_input, cant_be_empty, tmpl, multi, file_exists;
        char **q;
        char const *value;
        CONF_PAIR *cp = NULL;
@@ -1399,6 +1400,7 @@ int cf_item_parse(CONF_SECTION *cs, char const *name, unsigned int type, void *d
        attribute = (type & PW_TYPE_ATTRIBUTE);
        secret = (type & PW_TYPE_SECRET);
        file_input = (type == PW_TYPE_FILE_INPUT);      /* check, not and */
+       file_exists = (type == PW_TYPE_FILE_EXISTS);    /* check, not and */
        cant_be_empty = (type & PW_TYPE_NOT_EMPTY);
        tmpl = (type & PW_TYPE_TMPL);
        multi = (type & PW_TYPE_MULTI);
@@ -1649,7 +1651,11 @@ int cf_item_parse(CONF_SECTION *cs, char const *name, unsigned int type, void *d
                 *      to be caught as early as possible, during
                 *      server startup.
                 */
-               if (*q && file_input && !cf_file_input(cs, *q)) {
+               if (*q && file_input && !cf_file_check(cs, *q, true)) {
+                       return -1;
+               }
+
+               if (*q && file_exists && !cf_file_check(cs, *q, false)) {
                        return -1;
                }
                break;