Avoid stat before open. Do open and fstat instead.

Remove check_file_secrecy() as it is obsoleted be check_file_secrecy_fd().

ok ho@

3 files changed, 18 insertions, 36 deletions

diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c
index 72816f12533..ddcd8cd0b32 100644
--- a/sbin/isakmpd/ike_auth.c
+++ b/sbin/isakmpd/ike_auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_auth.c,v 1.93 2004/06/22 18:22:18 hshoexer Exp $	 */
+/* $OpenBSD: ike_auth.c,v 1.94 2004/06/23 03:01:52 hshoexer Exp $	 */
 /* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $	 */
 
 /*
@@ -148,6 +148,7 @@ ike_auth_get_key(int type, char *id, char *local_id, size_t *keylen)
 {
 	char	*key, *buf;
 #if defined (USE_X509) || defined (USE_KEYNOTE)
+	int	 fd;
 	char	*keyfile;
 #if defined (USE_X509)
 	FILE	*keyfp;
@@ -204,7 +205,7 @@ ike_auth_get_key(int type, char *id, char *local_id, size_t *keylen)
 			struct stat     sb;
 			struct keynote_deckey dc;
 			char           *privkeyfile, *buf2;
-			int             fd, pkflen;
+			int             pkflen;
 			size_t          size;
 
 			pkflen = strlen(keyfile) + strlen(local_id) +
@@ -284,15 +285,23 @@ ignorekeynote:
 		/* Otherwise, try X.509 */
 		keyfile = conf_get_str("X509-certificates", "Private-key");
 
-		if (check_file_secrecy(keyfile, &fsize))
-			return 0;
-
-		keyfp = monitor_fopen(keyfile, "r");
-		if (!keyfp) {
+		fd = monitor_open(keyfile, O_RDONLY, 0);
+		if (fd < 0) {
 			log_print("ike_auth_get_key: failed opening \"%s\"",
 			    keyfile);
 			return 0;
 		}
+
+		if (check_file_secrecy_fd(fd, keyfile, &fsize) < 0) {
+			close(fd);
+			return 0;
+		}
+
+		if ((keyfp = fdopen(fd, "r")) == NULL) {
+			log_print("ike_auth_get_key: fdopen failed");
+			close(fd);
+			return 0;
+		}
 #if SSLEAY_VERSION_NUMBER >= 0x00904100L
 		rsakey = PEM_read_RSAPrivateKey(keyfp, NULL, NULL, NULL);
 #else
diff --git a/sbin/isakmpd/util.c b/sbin/isakmpd/util.c
index 5778a227b81..cfa3f8b4d31 100644
--- a/sbin/isakmpd/util.c
+++ b/sbin/isakmpd/util.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: util.c,v 1.44 2004/06/23 01:17:29 ho Exp $	 */
+/* $OpenBSD: util.c,v 1.45 2004/06/23 03:01:53 hshoexer Exp $	 */
 /* $EOM: util.c,v 1.23 2000/11/23 12:22:08 niklas Exp $	 */
 
 /*
@@ -505,32 +505,6 @@ util_ntoa(char **buf, int af, u_int8_t *addr)
  * Returns -1 on failure, 0 otherwise.
  * Also, if FILE_SIZE is a not a null pointer, store file size here.
  */
-int
-check_file_secrecy(char *name, size_t *file_size)
-{
-	struct stat st;
-
-	if (monitor_stat(name, &st) == -1) {
-		log_error("check_file_secrecy: stat (\"%s\") failed", name);
-		return -1;
-	}
-	if (st.st_uid != 0 && st.st_uid != getuid()) {
-		log_print("check_file_secrecy: "
-		    "not loading %s - file owner is not process user", name);
-		errno = EPERM;
-		return -1;
-	}
-	if ((st.st_mode & (S_IRWXG | S_IRWXO)) != 0) {
-		log_print("check_file_secrecy: not loading %s - too open "
-		    "permissions", name);
-		errno = EPERM;
-		return -1;
-	}
-	if (file_size)
-		*file_size = (size_t)st.st_size;
-
-	return 0;
-}
 
 int
 check_file_secrecy_fd(int fd, char *name, size_t *file_size)
diff --git a/sbin/isakmpd/util.h b/sbin/isakmpd/util.h
index 92dab9a7d82..b370ff26c18 100644
--- a/sbin/isakmpd/util.h
+++ b/sbin/isakmpd/util.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: util.h,v 1.20 2004/06/20 15:24:05 ho Exp $	 */
+/* $OpenBSD: util.h,v 1.21 2004/06/23 03:01:53 hshoexer Exp $	 */
 /* $EOM: util.h,v 1.10 2000/10/24 13:33:39 niklas Exp $	 */
 
 /*
@@ -42,7 +42,6 @@ extern unsigned long seed;
 struct message;
 struct sockaddr;
 
-extern int      check_file_secrecy(char *, size_t *);
 extern int      check_file_secrecy_fd(int, char *, size_t *);
 extern u_int16_t decode_16(u_int8_t *);
 extern u_int32_t decode_32(u_int8_t *);