File safety checks: Implement "default" keyword

Sergey Poznyakoff
Commit 7b85649a ... 7b85649a0f12a73bd8468c322d39811797ba315a authored 2011-10-18 14:55:16 +0300 by Sergey Poznyakoff
Showing 2 changed files with 49 additions and 31 deletions
libmu_cfg/tls.c
maidag/maidag.c
--- a/libmu_cfg/tls.c
View file @7b85649
+++ b/libmu_cfg/tls.c
View file @7b85649
@@ -24,21 +24,27 @@
 #include <mailutils/util.h>
 #include <mailutils/kwd.h>

+#define SSL_CERT_FILE_CHECKS  (MU_FILE_SAFETY_GROUP_WRITABLE |		\
+			       MU_FILE_SAFETY_GROUP_WRITABLE |		\
+			       MU_FILE_SAFETY_LINKED_WRDIR)
+
+#define SSL_KEY_FILE_CHECKS   MU_FILE_SAFETY_ALL
+
+#define SSL_CA_FILE_CHECKS    (MU_FILE_SAFETY_GROUP_WRITABLE |		\
+			       MU_FILE_SAFETY_GROUP_WRITABLE |		\
+			       MU_FILE_SAFETY_LINKED_WRDIR)
+
 static struct mu_tls_module_config tls_settings = {
    1,                   /* enabled by default */

    NULL,                /* Certificate file */
-    MU_FILE_SAFETY_GROUP_WRITABLE |
-     MU_FILE_SAFETY_GROUP_WRITABLE |
-     MU_FILE_SAFETY_LINKED_WRDIR,
+    SSL_CERT_FILE_CHECKS,

    NULL,                /* Key file */ 
-    MU_FILE_SAFETY_ALL, /* Stringent safety checks for keys */
+    SSL_KEY_FILE_CHECKS, /* Stringent safety checks for keys */

    NULL,                /* CA file */
-    MU_FILE_SAFETY_GROUP_WRITABLE |
-     MU_FILE_SAFETY_GROUP_WRITABLE |
-     MU_FILE_SAFETY_LINKED_WRDIR
+    SSL_CA_FILE_CHECKS
 };


@@ -49,12 +55,6 @@ cb2_safety_checks (const char *name, void *data)
  int val;
  int *res = data;
  
-  if (strcmp (name, "none") == 0)
-    {
-      *res = MU_FILE_SAFETY_NONE;
-      return 0;
-    }
-
  if (*name == '-')
    {
      negate = 1;
@@ -63,15 +63,36 @@ cb2_safety_checks (const char *name, void *data)
  else if (*name == '+')
    name++;

-  if (mu_file_safety_name_to_code (name, &val))
-    mu_error (_("unknown keyword: %s"), name);
+  if (strcmp (name, "none") == 0)
+    val = MU_FILE_SAFETY_NONE;
+  else if (strcmp (name, "all") == 0)
+    val = MU_FILE_SAFETY_ALL;
+  else if (strcmp (name, "default") == 0)
+    {
+      if (data == &tls_settings.ssl_key)
+	val = SSL_KEY_FILE_CHECKS;
+      else if (data == &tls_settings.ssl_cert)
+	val = SSL_CERT_FILE_CHECKS;
+      else if (data == &tls_settings.ssl_cafile)
+	val = SSL_CA_FILE_CHECKS;
      else
 	{
+	  mu_error (_("INTERNAL ERROR at %s:%d: unknown default value?"),
+		    __FILE__, __LINE__);
+	  val = MU_FILE_SAFETY_ALL;
+	}
+    }
+  else if (mu_file_safety_name_to_code (name, &val))
+    {
+      mu_error (_("unknown keyword: %s"), name);
+      return 0;
+    }
+
  if (negate)
    *res &= ~val;
  else
    *res |= val;
-    }
+  
  return 0;
 }

--- a/maidag/maidag.c
View file @7b85649
+++ b/maidag/maidag.c
View file @7b85649
@@ -339,17 +339,6 @@ cb2_forward_file_checks (const char *name, void *data)
  int val;
  int negate = 0;
  
-  if (strcmp (name, "all") == 0)
-    {
-      forward_file_checks = FORWARD_FILE_PERM_CHECK;
-      return 0;
-    }
-  if (strcmp (name, "none") == 0)
-    {
-      forward_file_checks = 0;
-      return 0;
-    }
-  
  if (*name == '-')
    {
      negate = 1;
@@ -358,15 +347,23 @@ cb2_forward_file_checks (const char *name, void *data)
  else if (*name == '+')
    name++;

-  if (mu_file_safety_name_to_code (name, &val))
-    mu_error (_("unknown keyword: %s"), name);
-  else
+  if (strcmp (name, "none") == 0)
+    forward_file_checks = MU_FILE_SAFETY_NONE;
+  else if (strcmp (name, "all") == 0)
+    forward_file_checks = MU_FILE_SAFETY_ALL;
+  else if (strcmp (name, "default") == 0)
+    forward_file_checks = FORWARD_FILE_PERM_CHECK;
+  else if (mu_file_safety_name_to_code (name, &val))
    {
+      mu_error (_("unknown keyword: %s"), name);
+      return 0;
+    }
+
  if (negate)
    forward_file_checks &= ~val;
  else
    forward_file_checks |= val;
-    }
+
  return 0;
 }