Log user-friendly message when certificate/privkey is inaccessible

We shouldn't assume that xrdp daemon is running under root privilege.
In many cases, root privilege is not really needed for xrdp daemon.
xrdp may fail to load certificate/privkey due to lack of permissions
when running under user privilege. Checking existence of files is not
enough and xrdp should output user-friendly log in such case.

Reported by Debian user in bug 856436 [1].

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856436
master
Koichiro IWAO 8 years ago committed by metalefty
parent 0299d64fa8
commit 65c1fe87d7

@ -2233,6 +2233,18 @@ g_file_exist(const char *filename)
#endif #endif
} }
/*****************************************************************************/
/* returns boolean, non zero if the file is readable */
int
g_file_readable(const char *filename)
{
#if defined(_WIN32)
return 0; /* TODO: what should be done here? */
#else
return access(filename, R_OK) == 0;
#endif
}
/*****************************************************************************/ /*****************************************************************************/
/* returns boolean, non zero if the directory exists */ /* returns boolean, non zero if the directory exists */
int int

@ -109,6 +109,7 @@ int g_mkdir(const char* dirname);
char* g_get_current_dir(char* dirname, int maxlen); char* g_get_current_dir(char* dirname, int maxlen);
int g_set_current_dir(const char *dirname); int g_set_current_dir(const char *dirname);
int g_file_exist(const char* filename); int g_file_exist(const char* filename);
int g_file_readable(const char *filename);
int g_directory_exist(const char* dirname); int g_directory_exist(const char* dirname);
int g_create_dir(const char* dirname); int g_create_dir(const char* dirname);
int g_create_path(const char* path); int g_create_path(const char* path);

@ -269,6 +269,12 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
/* use user defined certificate */ /* use user defined certificate */
g_strncpy(client_info->certificate, value, 1023); g_strncpy(client_info->certificate, value, 1023);
} }
if (!g_file_readable(client_info->certificate))
{
log_message(LOG_LEVEL_ERROR, "Cannot open certificate file %s: %s",
client_info->certificate, g_get_strerror());
}
} }
else if (g_strcasecmp(item, "key_file") == 0) else if (g_strcasecmp(item, "key_file") == 0)
{ {
@ -293,6 +299,12 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
/* use user defined key_file */ /* use user defined key_file */
g_strncpy(client_info->key_file, value, 1023); g_strncpy(client_info->key_file, value, 1023);
} }
if (!g_file_readable(client_info->key_file))
{
log_message(LOG_LEVEL_ERROR, "Cannot open private key file %s: %s",
client_info->key_file, g_get_strerror());
}
} }
} }

Loading…
Cancel
Save