From: David Sommerseth <davids@redhat.com>
Date: Mon, 20 Feb 2012 09:31:54 +0000 (+0100)
Subject: Revamp check_file_access() checks in stdin scenarios
X-Git-Tag: v2.3-alpha1~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a4de190b92f9464602222454dd753072eecc0407;p=thirdparty%2Fopenvpn.git

Revamp check_file_access() checks in stdin scenarios

It was discovered that --management also can take stdin as argument
instead of a file.  Enabled this by revamping the check_file_access()
flags by adding CHKACC_ACPTSTDIN.  Setting this flag will then consider
filenames as 'stdin' as always present.

The other place where 'stdin' was accepted is also modified to use this
flag instead.

Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/options.c b/options.c
index 43e9e2710..a596ffef6 100644
--- a/options.c
+++ b/options.c
@@ -2605,6 +2605,7 @@ options_postprocess_mutate (struct options *o)
 #define CHKACC_DIRPATH (1<<1)    /** Check for directory precense where a file should reside */
 #define CHKACC_FILEXSTWR (1<<2)  /** If file exists, is it writable? */
 #define CHKACC_INLINE (1<<3)     /** File is present if it's an inline file */
+#define CHKACC_ACPTSTDIN (1<<4)  /** If filename is stdin, it's allowed and "exists" */
 
 static bool
 check_file_access(const int type, const char *file, const int mode, const char *opt)
@@ -2619,6 +2620,12 @@ check_file_access(const int type, const char *file, const int mode, const char *
   if ((type & CHKACC_INLINE) && streq(file, INLINE_FILE_TAG) )
     return false;
 
+  /* If stdin is allowed and the file name is 'stdin', then do no
+   * further checks as stdin is always available
+   */
+  if( (type & CHKACC_ACPTSTDIN) && streq(file, "stdin") )
+      return false;
+
   /* Is the directory path leading to the given file accessible? */
   if (type & CHKACC_DIRPATH)
     {
@@ -2694,13 +2701,14 @@ options_postprocess_filechecks (struct options *options)
                              "--askpass");
 #endif /* USE_SSL */
 #ifdef ENABLE_MANAGEMENT
-  errs |= check_file_access (CHKACC_FILE, options->management_user_pass, R_OK,
+  errs |= check_file_access (CHKACC_FILE|CHKACC_ACPTSTDIN,
+                             options->management_user_pass, R_OK,
                              "--management user/password file");
 #endif /* ENABLE_MANAGEMENT */
 #if P2MP
-  if( options->auth_user_pass_file && strcmp(options->auth_user_pass_file, "stdin") != 0 )
-    errs |= check_file_access (CHKACC_FILE, options->auth_user_pass_file, R_OK,
-                               "--auth-user-pass");
+  errs |= check_file_access (CHKACC_FILE|CHKACC_ACPTSTDIN,
+                             options->auth_user_pass_file, R_OK,
+                             "--auth-user-pass");
 #endif /* P2MP */
 
   /* ** System related ** */