summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
diff options
context:
space:
mode:
authorNiklas Hallqvist <niklas@cvs.openbsd.org>2000-10-13 13:42:51 +0000
committerNiklas Hallqvist <niklas@cvs.openbsd.org>2000-10-13 13:42:51 +0000
commit29797fad999ccfa3ccf9f4addfab306543d3c606 (patch)
tree2d2417d720e0e28e5420d87cde05a3f4993a5584 /sbin/isakmpd
parent53dee6c83c078c4fad978c6719a51078220f17d1 (diff)
util.h: Merge with EOM 1.8
ike_auth.c: Merge with EOM 1.57 author: ho Add file permission check to private key file. Split out check function to util.c.
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r--sbin/isakmpd/ike_auth.c7
-rw-r--r--sbin/isakmpd/util.h5
2 files changed, 8 insertions, 4 deletions
diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c
index bf716c226d7..70144e7758e 100644
--- a/sbin/isakmpd/ike_auth.c
+++ b/sbin/isakmpd/ike_auth.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: ike_auth.c,v 1.28 2000/10/07 07:01:04 niklas Exp $ */
-/* $EOM: ike_auth.c,v 1.56 2000/09/28 12:53:27 niklas Exp $ */
+/* $OpenBSD: ike_auth.c,v 1.29 2000/10/13 13:42:50 niklas Exp $ */
+/* $EOM: ike_auth.c,v 1.57 2000/10/13 13:04:16 ho Exp $ */
/*
* Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved.
@@ -273,6 +273,9 @@ ike_auth_get_key (int type, char *id, char *local_id, size_t *keylen)
/* Otherwise, try X.509 */
keyfile = conf_get_str ("X509-certificates", "Private-key");
+ if (check_file_secrecy (keyfile, NULL))
+ return 0;
+
if ((keyh = LC (BIO_new, (LC (BIO_s_file, ())))) == NULL)
{
log_print ("ike_auth_get_key: "
diff --git a/sbin/isakmpd/util.h b/sbin/isakmpd/util.h
index 8b8ee3a6c76..302763570ce 100644
--- a/sbin/isakmpd/util.h
+++ b/sbin/isakmpd/util.h
@@ -1,5 +1,5 @@
-/* $OpenBSD: util.h,v 1.4 1999/08/05 22:40:37 niklas Exp $ */
-/* $EOM: util.h,v 1.7 1999/08/05 15:00:04 niklas Exp $ */
+/* $OpenBSD: util.h,v 1.5 2000/10/13 13:42:50 niklas Exp $ */
+/* $EOM: util.h,v 1.8 2000/10/13 13:04:16 ho Exp $ */
/*
* Copyright (c) 1998 Niklas Hallqvist. All rights reserved.
@@ -52,5 +52,6 @@ extern void encode_32 (u_int8_t *, u_int32_t);
extern u_int8_t *getrandom (u_int8_t *, size_t);
extern int hex2raw (char *, u_int8_t *, size_t);
extern int zero_test (const u_int8_t *, size_t);
+extern int check_file_secrecy (char *, off_t *);
#endif /* _UTIL_H_ */