X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/blobdiff_plain/65575e9670fb77ececc8255d572d08d7b10bb049..0503f06089b89aa4166d6ced8d5901ad6a112c41:/authenticate.c

diff --git a/authenticate.c b/authenticate.c
index 896366aa..50c10aae 100644
--- a/authenticate.c
+++ b/authenticate.c
@@ -87,12 +87,14 @@ static int get_secret(int module, char *user, char *secret, int len)
 	if (do_stat(fname, &st) == -1) {
 		rprintf(FERROR,"stat(%s) : %s\n", fname, strerror(errno));
 		ok = 0;
-	} else if ((st.st_mode & 06) != 0) {
-		rprintf(FERROR,"secrets file must not be other-accessible\n");
-		ok = 0;
-	} else if (am_root && (st.st_uid != 0)) {
-		rprintf(FERROR,"secrets file must be owned by root when running as root\n");
-		ok = 0;
+	} else if (lp_strict_modes(module)) {
+		if ((st.st_mode & 06) != 0) {
+			rprintf(FERROR,"secrets file must not be other-accessible (see strict modes option)\n");
+			ok = 0;
+		} else if (am_root && (st.st_uid != 0)) {
+			rprintf(FERROR,"secrets file must be owned by root when running as root (see strict modes)\n");
+			ok = 0;
+		}
 	}
 	if (!ok) {
 		rprintf(FERROR,"continuing without secrets file\n");
@@ -170,8 +172,10 @@ static char *getpassf(char *filename)
 	buffer[sizeof(buffer)-1]='\0';
 	if ( (len=read(fd,buffer,sizeof(buffer)-1)) > 0)
 	{
+		char *p = strtok(buffer,"\n\r");
 		close(fd);
-		return strdup(strtok(buffer,"\n\r"));
+		if (p) p = strdup(p);
+		return p;
 	}	
 
 	return NULL;