changeset
fixes cmd_mkdir() not verifying the presence of a key + specifying a key with '-k' without requesting encryption is now considered an error
Tue, 13 Nov 2018 20:35:30 +0100
- author
- Mike Becker <universe@uap-core.de>
- date
- Tue, 13 Nov 2018 20:35:30 +0100
- changeset 494
- 3aed354185eb
- parent 493
- 75a259ec8dea
- child 495
- 52cbd310b881
fixes cmd_mkdir() not verifying the presence of a key + specifying a key with '-k' without requesting encryption is now considered an error
| dav/main.c | file | annotate | diff | comparison | revisions |
--- a/dav/main.c Sun Nov 11 17:22:16 2018 +0100 +++ b/dav/main.c Tue Nov 13 20:35:30 2018 +0100 @@ -1161,6 +1161,46 @@ return tar_end_file(tar); } +static int check_encryption_key(CmdArgs *a, DavSession *sn) { + // override the session key if the -k option is specified + char *keyname = cmd_getoption(a, "key"); + if(keyname) { + DavKey *key = dav_context_get_key(ctx, keyname); + if(key) { + sn->key = key; + } else { + fprintf(stderr, "Key %s not found!\nAbort.\n", keyname); + return 1; + } + + /* + * If a key is explicitly specified, we can safely assume that the user + * wants to encrypt. For security reasons we report an error, if no + * encryption is enabled. + */ + if(!DAV_IS_ENCRYPTED(sn)) { + fprintf(stderr, "A key has been explicitly specified, but no " + "encryption is requested.\n" + "You have the following options:\n" + " - pass '-c' as command line argument to request encryption\n" + " - activate encryption in the config.xml\n" + " - don't use '-k <key>' " + "(warning: encryption will NOT happen)\n"); + return 1; + } + } + + // if encryption is requested, but we still don't know the key, report error + if(DAV_IS_ENCRYPTED(sn) && !(sn->key)) { + fprintf(stderr, "Encryption has been requested, " + "but no default key is configured.\n" + "You may specify a custom key with the '-k' option.\n"); + return 1; + } + + return 0; +} + int cmd_put(CmdArgs *a, DavBool import) { if(a->argc != 2) { // TODO: change, when put supports multiple files (however it should do) @@ -1183,27 +1223,10 @@ } set_session_lock(sn, a); - // override the session key if the -k option is specified - char *keyname = cmd_getoption(a, "key"); - if(keyname) { - DavKey *key = dav_context_get_key(ctx, keyname); - if(key) { - sn->key = key; - } else { - fprintf(stderr, "Key %s not found!\nAbort.\n", keyname); - // TODO: free - return -1; - } - } - - // if encryption is requested, but we still don't know the key, abort - if (DAV_IS_ENCRYPTED(sn) && !(sn->key)) { - fprintf(stderr, "Encryption has been requested, " - "but no default key is configured.\n" - "You may specify a custom key with the '-k' option.\n"); + if(check_encryption_key(a, sn)) { + // TODO: free return -1; - } - + } int ret; if(!import) { @@ -1487,22 +1510,15 @@ } set_session_lock(sn, a); - // override the session key if the -k option is specified - char *keyname = cmd_getoption(a, "key"); - if(keyname) { - DavKey *key = dav_context_get_key(ctx, keyname); - if(key) { - sn->key = key; - } else { - fprintf(stderr, "Key %s not found!\nAbort.\n", keyname); - // TODO: free - return -1; - } + if(check_encryption_key(a, sn)) { + // TODO: free + return -1; } DavResource *res = dav_resource_new(sn, path); if(!res) { fprintf(stderr, "error\n"); + // TODO: free return -1; } res->iscollection = 1; @@ -1510,6 +1526,7 @@ if(dav_create(res)) { print_resource_error(sn, res->path); fprintf(stderr, "Cannot create collection.\n"); + // TODO: free return -1; }
