aboutsummaryrefslogtreecommitdiffstats
path: root/src/config.rs
diff options
context:
space:
mode:
authorTomasz Kramkowski <tomasz@kramkow.ski>2025-06-27 18:49:36 +0100
committerTomasz Kramkowski <tomasz@kramkow.ski>2025-06-27 18:49:36 +0100
commit70ca9fe8ecb4501bb2981b27749cb64537df8aca (patch)
treeda4642d13fea4043fcd49952e0bf46087ed44fda /src/config.rs
parentb1dae4b6198e58eaa6c2fc38e582e849229d4ace (diff)
downloadmqttr-70ca9fe8ecb4501bb2981b27749cb64537df8aca.tar.gz
mqttr-70ca9fe8ecb4501bb2981b27749cb64537df8aca.tar.xz
mqttr-70ca9fe8ecb4501bb2981b27749cb64537df8aca.zip
Complain if config has creds and bad mode
Diffstat (limited to 'src/config.rs')
-rw-r--r--src/config.rs24
1 files changed, 21 insertions, 3 deletions
diff --git a/src/config.rs b/src/config.rs
index 0f9cff3..00790bd 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -1,8 +1,17 @@
// SPDX-FileCopyrightText: 2025 Tomasz Kramkowski <tomasz@kramkow.ski>
// SPDX-License-Identifier: GPL-3.0-or-later
-use std::{collections::HashMap, fs, path::Path, process, time::Duration};
+use std::{
+ collections::HashMap,
+ fs::File,
+ io::Read,
+ os::unix::fs::PermissionsExt,
+ path::Path,
+ process,
+ time::Duration,
+};
+use anyhow::bail;
use rumqttc::{AsyncClient, EventLoop, MqttOptions};
use serde::Deserialize;
@@ -54,6 +63,15 @@ impl Config {
}
pub fn load<P: AsRef<Path>>(path: P) -> anyhow::Result<Config> {
- let config = fs::read_to_string(&path)?;
- Ok(toml::from_str(&config)?)
+ let mut f = File::open(path)?;
+ let mut config = String::new();
+ f.read_to_string(&mut config)?;
+ let config: Config = toml::from_str(&config)?;
+ if config.credentials.is_some() {
+ let mode = f.metadata()?.permissions().mode();
+ if mode & 0o044 != 0o000 {
+ bail!("Config file contains credentials while being group or world readable.");
+ }
+ }
+ Ok(config)
}
generated by cgit v1.2.3-70-g09d2 (git 2.49.0) at 2025-06-28 13:13:47 +0000