Make sure secrets file is not other-accessible, and owned by root if the

daemon is running as root.  Suggested by
    Mike Richardson <mike@quaking.demon.co.uk>

diff --git a/authenticate.c b/authenticate.c
index a4835a6..ba83a89 100644 (file)
--- a/authenticate.c
+++ b/authenticate.c
@@ -75,12 +75,31 @@ static int get_secret(int module, char *user, char *secret, int len)
        int fd, found=0;
        char line[MAXPATHLEN];
        char *p, *pass=NULL;
+       STRUCT_STAT st;
+       int ok = 1;
+       extern int am_root;
 
        if (!fname || !*fname) return 0;
 
        fd = open(fname,O_RDONLY);
        if (fd == -1) return 0;
 
+       if (do_stat(fname, &st) == -1) {
+               rprintf(FERROR,"stat(%s) : %s\n", fname, strerror(errno));
+               ok = 0;
+       } else if ((st.st_mode & 06) != 0) {
+               rprintf(FERROR,"secrets file must not be other-accessible\n");
+               ok = 0;
+       } else if (am_root && (st.st_uid != 0)) {
+               rprintf(FERROR,"secrets file must be owned by root when running as root\n");
+               ok = 0;
+       }
+       if (!ok) {
+               rprintf(FERROR,"continuing without secrets file\n");
+               close(fd);
+               return 0;
+       }
+
        while (!found) {
                int i = 0;
                memset(line, 0, sizeof(line));