Add FILE_EXISTS for things like /dev/urandom.

It has to exist, but we don't care about the permissions
FreeRADIUS · Jan 29, 2016 · e461b59 · e461b59
1 parent 39f40e0
commit e461b59
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 6 deletions.
diff --git a/src/include/conffile.h b/src/include/conffile.h
@@ -139,6 +139,7 @@ typedef struct timeval _timeval_t;
 
 #define PW_TYPE_MULTI		(1 << 18) //!< CONF_PAIR can have multiple copies.
 #define PW_TYPE_NOT_EMPTY	(1 << 19) //!< CONF_PAIR is required to have a non zero length value.
+#define PW_TYPE_FILE_EXISTS	((1 << 20) | PW_TYPE_STRING) //!< File matching value must exist
 /* @} **/
 
 #define FR_INTEGER_COND_CHECK(_name, _var, _cond, _new)\

diff --git a/src/main/conffile.c b/src/main/conffile.c
@@ -362,10 +362,9 @@ static FILE *cf_file_open(CONF_SECTION *cs, char const *filename)
 }
 
 /*
- *	Do some checks on the file as an "input" file.  i.e. one read
- *	by a module.
+ *	Do some checks on the file
  */
-static bool cf_file_input(CONF_SECTION *cs, char const *filename)
+static bool cf_file_check(CONF_SECTION *cs, char const *filename, bool check_perms)
 {
 	cf_file_t *file;
 	CONF_DATA *cd;
@@ -386,11 +385,13 @@ static bool cf_file_input(CONF_SECTION *cs, char const *filename)
 	file->input = true;
 
 	if (stat(filename, &file->buf) < 0) {
-		ERROR("Unable to open file \"%s\": %s", filename, fr_syserror(errno));
+		ERROR("Unable to check file \"%s\": %s", filename, fr_syserror(errno));
 		talloc_free(file);
 		return false;
 	}
 
+	if (!check_perms) return true;
+
 #ifdef S_IWOTH
 	if ((file->buf.st_mode & S_IWOTH) != 0) {
 		ERROR("Configuration file %s is globally writable.  "
@@ -1384,7 +1385,7 @@ static inline int fr_item_validate_ipaddr(CONF_SECTION *cs, char const *name, PW
 int cf_item_parse(CONF_SECTION *cs, char const *name, unsigned int type, void *data, char const *dflt)
 {
 	int rcode;
-	bool deprecated, required, attribute, secret, file_input, cant_be_empty, tmpl, multi;
+	bool deprecated, required, attribute, secret, file_input, cant_be_empty, tmpl, multi, file_exists;
 	char **q;
 	char const *value;
 	CONF_PAIR *cp = NULL;
@@ -1399,6 +1400,7 @@ int cf_item_parse(CONF_SECTION *cs, char const *name, unsigned int type, void *d
 	attribute = (type & PW_TYPE_ATTRIBUTE);
 	secret = (type & PW_TYPE_SECRET);
 	file_input = (type == PW_TYPE_FILE_INPUT);	/* check, not and */
+	file_exists = (type == PW_TYPE_FILE_EXISTS);	/* check, not and */
 	cant_be_empty = (type & PW_TYPE_NOT_EMPTY);
 	tmpl = (type & PW_TYPE_TMPL);
 	multi = (type & PW_TYPE_MULTI);
@@ -1649,7 +1651,11 @@ int cf_item_parse(CONF_SECTION *cs, char const *name, unsigned int type, void *d
 		 *	to be caught as early as possible, during
 		 *	server startup.
 		 */
-		if (*q && file_input && !cf_file_input(cs, *q)) {
+		if (*q && file_input && !cf_file_check(cs, *q, true)) {
+			return -1;
+		}
+
+		if (*q && file_exists && !cf_file_check(cs, *q, false)) {
 			return -1;
 		}
 		break;