made the "max connections" and "lock file" local rather than global

[rsync/rsync.git] / authenticate.c

diff --git a/authenticate.c b/authenticate.c
index 0ff318b..ba83a89 100644 (file)
--- a/authenticate.c
+++ b/authenticate.c
@@ -55,7 +55,7 @@ static void gen_challenge(char *addr, char *challenge)
 
        memset(input, 0, sizeof(input));
 
-       strlcpy((char *)input, addr, 16);
+       strlcpy((char *)input, addr, 17);
        gettimeofday(&tv, NULL);
        SIVAL(input, 16, tv.tv_sec);
        SIVAL(input, 20, tv.tv_usec);
@@ -75,12 +75,31 @@ static int get_secret(int module, char *user, char *secret, int len)
        int fd, found=0;
        char line[MAXPATHLEN];
        char *p, *pass=NULL;
+       STRUCT_STAT st;
+       int ok = 1;
+       extern int am_root;
 
        if (!fname || !*fname) return 0;
 
        fd = open(fname,O_RDONLY);
        if (fd == -1) return 0;
 
+       if (do_stat(fname, &st) == -1) {
+               rprintf(FERROR,"stat(%s) : %s\n", fname, strerror(errno));
+               ok = 0;
+       } else if ((st.st_mode & 06) != 0) {
+               rprintf(FERROR,"secrets file must not be other-accessible\n");
+               ok = 0;
+       } else if (am_root && (st.st_uid != 0)) {
+               rprintf(FERROR,"secrets file must be owned by root when running as root\n");
+               ok = 0;
+       }
+       if (!ok) {
+               rprintf(FERROR,"continuing without secrets file\n");
+               close(fd);
+               return 0;
+       }
+
        while (!found) {
                int i = 0;
                memset(line, 0, sizeof(line));
@@ -112,7 +131,7 @@ static int get_secret(int module, char *user, char *secret, int len)
 }
 
 /* generate a 16 byte hash from a password and challenge */
-void generate_hash(char *in, char *challenge, char *out)
+static void generate_hash(char *in, char *challenge, char *out)
 {
        char buf[16];