Allow checking ssl files are readable (check_ssl_files)

- adds a new check_path_exists() method to path_util - move code checking if SSL-related files exist with assertions (thus causing a fatal error) to a new check_ssl_files() method, allowing for soft or hard fail modes This will allow for non-fatal checks of SSL files existence on reload. Signed-off-by: Loïc Gomez <bip@animanova.fr>
2024-02-04 14:48:29 +09:00 · 2024-02-04 14:48:29 +09:00 · 428c1b6173
commit 428c1b6173
parent f2443aaf23
3 changed files with 55 additions and 25 deletions
--- a/src/bip_main.c
+++ b/src/bip_main.c
@ -68,6 +68,7 @@ void rlimit_cpu_reached(int i);
 void rlimit_bigfile_reached(int i);
 void conf_die(bip_t *bip, char *fmt, ...);
 int fireup(bip_t *bip, FILE *conf);
+int check_ssl_files(int failmode);
 int do_pid_stuff(void);

 static void usage(char *name)
@ -143,6 +144,44 @@ static pid_t daemonize(void)
 	return getpid();
 }

+int check_ssl_files(int failmode)
+{
+	int e;
+	struct stat fs;
+
+	if (!conf_ssl_certfile) {
+		conf_ssl_certfile = default_path(
+			conf_biphome, "bip.pem", "SSL certificate");
+	}
+
+	if (failmode == HARD_FAIL)
+		assert_path_exists(conf_ssl_certfile);
+	else if (!check_path_exists(conf_ssl_certfile))
+		return 0;
+
+	e = stat(conf_ssl_certfile, &fs);
+	if (e)
+		mylog(LOG_WARN,
+			  "Unable to check PEM file, stat(%s): %s",
+			  conf_ssl_certfile, strerror(errno));
+	else if ((fs.st_mode & S_IROTH) | (fs.st_mode & S_IWOTH))
+		mylog(LOG_ERROR,
+			  "PEM file %s should not be world "
+			  "readable / writable. Please fix the modes.",
+			  conf_ssl_certfile);
+
+	if (conf_client_dh_file) {
+		if (failmode == HARD_FAIL) {
+			assert_path_exists(conf_client_dh_file);
+		} else if (!check_path_exists(conf_client_dh_file)) {
+			return 0;
+		}
+	}
+
+	/* all is well */
+	return 1;
+}
+
 int main(int argc, char **argv)
 {
 	FILE *conf = NULL;
@ -264,31 +303,8 @@ int main(int argc, char **argv)

 #ifdef HAVE_LIBSSL
 	if (conf_css) {
-		int e;
-		struct stat fs;
-
-		if (!conf_ssl_certfile) {
-			conf_ssl_certfile = default_path(
-				conf_biphome, "bip.pem", "SSL certificate");
-		}
-		assert_path_exists(conf_ssl_certfile);
-
-		e = stat(conf_ssl_certfile, &fs);
-		if (e)
-			mylog(LOG_WARN,
-			      "Unable to check PEM file, stat(%s): "
-			      "%s",
-			      conf_ssl_certfile, strerror(errno));
-		else if ((fs.st_mode & S_IROTH) | (fs.st_mode & S_IWOTH))
-			mylog(LOG_ERROR,
-			      "PEM file %s should not be world "
-			      "readable / writable. Please fix the modes.",
-			      conf_ssl_certfile);
-
-		if (conf_client_dh_file) {
-			assert_path_exists(conf_client_dh_file);
-		}
-	}
+        check_ssl_files(HARD_FAIL);
+    }
 #endif

 	check_dir(conf_log_root, 1);
--- a/src/path_util.c
+++ b/src/path_util.c
@ -35,3 +35,15 @@ void assert_path_exists(char *path)
 	if (stat(path, &st_buf) != 0)
 		fatal("Path %s doesn't exist (%s)", path, strerror(errno));
 }
+
+int check_path_exists(char *path)
+{
+	struct stat st_buf;
+
+	if (stat(path, &st_buf) != 0) {
+		mylog(LOG_WARN, "Path %s doesn't exist (%s)", path, strerror(errno));
+        return 0;
+    } else {
+        return 1;
+    }
+}
--- a/src/path_util.h
+++ b/src/path_util.h
@ -18,5 +18,7 @@
 char *default_path(const char *biphome, const char *filename, const char *desc);
 /* exit program if path doesn't exist */
 void assert_path_exists(char *path);
+/* return 1 if path exists, 0 otherwise */
+int check_path_exists(char *path);

 #endif