Log user-friendly message when certificate/privkey is inaccessible

We shouldn't assume that xrdp daemon is running under root privilege. In many cases, root privilege is not really needed for xrdp daemon. xrdp may fail to load certificate/privkey due to lack of permissions when running under user privilege. Checking existence of files is not enough and xrdp should output user-friendly log in such case. Reported by Debian user in bug 856436 [1]. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856436
7 years ago · 65c1fe87d7
parent 0299d64fa8
commit 65c1fe87d7
3 changed files with 25 additions and 0 deletions
--- a/common/os_calls.c
+++ b/common/os_calls.c
@ -2233,6 +2233,18 @@ g_file_exist(const char *filename)
 #endif
 }

+/*****************************************************************************/
+/* returns boolean, non zero if the file is readable */
+int
+g_file_readable(const char *filename)
+{
+#if defined(_WIN32)
+    return 0; /* TODO: what should be done here? */
+#else
+    return access(filename, R_OK) == 0;
+#endif
+}
+
 /*****************************************************************************/
 /* returns boolean, non zero if the directory exists */
 int
--- a/common/os_calls.h
+++ b/common/os_calls.h
@ -109,6 +109,7 @@ int      g_mkdir(const char* dirname);
 char*    g_get_current_dir(char* dirname, int maxlen);
 int      g_set_current_dir(const char *dirname);
 int      g_file_exist(const char* filename);
+int      g_file_readable(const char *filename);
 int      g_directory_exist(const char* dirname);
 int      g_create_dir(const char* dirname);
 int      g_create_path(const char* path);
--- a/libxrdp/xrdp_rdp.c
+++ b/libxrdp/xrdp_rdp.c
@ -269,6 +269,12 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
                /* use user defined certificate */
                g_strncpy(client_info->certificate, value, 1023);
            }
+
+	    if (!g_file_readable(client_info->certificate))
+            {
+                log_message(LOG_LEVEL_ERROR, "Cannot open certificate file %s: %s",
+                            client_info->certificate, g_get_strerror());
+            }
        }
        else if (g_strcasecmp(item, "key_file") == 0)
        {
@ -293,6 +299,12 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
                /* use user defined key_file */
                g_strncpy(client_info->key_file, value, 1023);
            }
+
+	    if (!g_file_readable(client_info->key_file))
+            {
+                log_message(LOG_LEVEL_ERROR, "Cannot open private key file %s: %s",
+                            client_info->key_file, g_get_strerror());
+            }
        }

    }