From de4de15a3f3e6eeb9c009ec8eff8655e0ea171d9 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Thu, 31 Jan 2013 14:19:39 +0100 Subject: [PATCH] Add some simple checks for certificate directories/files --- contrib/ldapc++/src/TlsOptions.cpp | 42 ++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/contrib/ldapc++/src/TlsOptions.cpp b/contrib/ldapc++/src/TlsOptions.cpp index 769ba2f2ad..44a2b607b2 100644 --- a/contrib/ldapc++/src/TlsOptions.cpp +++ b/contrib/ldapc++/src/TlsOptions.cpp @@ -4,6 +4,13 @@ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ +#include +#include +#include +#include +#include +#include +#include #include "TlsOptions.h" #include "LDAPException.h" @@ -54,6 +61,41 @@ TlsOptions::TlsOptions( LDAP* ld ): m_ld(ld) { } void TlsOptions::setOption( tls_option opt, const std::string& value ) const { checkOpt(opt, STRING); + switch(opt) { + case TlsOptions::CACERTFILE : + case TlsOptions::CERTFILE : + case TlsOptions::KEYFILE : + { + // check if the supplied file is actually readable + std::ifstream ifile(value.c_str()); + if ( !ifile ) { + throw( LDAPException( LDAP_LOCAL_ERROR, "Unable to open the supplied file for reading" ) ); + } + } + break; + case TlsOptions::CACERTDIR : + { + struct stat st; + std::ostringstream msg; + bool fail=false; + int err = stat(value.c_str(),&st); + if ( err ) { + msg << strerror(errno); + fail = true; + } else { + if ( !S_ISDIR(st.st_mode) ){ + msg << "The supplied path is not a directory."; + fail = true; + } + } + if ( fail ) { + std::ostringstream errstr; + errstr << "Error while setting Certificate Directory (" << value << "): " << msg.str(); + throw( LDAPException( LDAP_LOCAL_ERROR, errstr.str() ) ); + } + } + break; + } this->setOption( opt, value.empty() ? NULL : (void*) value.c_str() ); } -- 2.39.5