diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/config.rs | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/src/config.rs b/src/config.rs index 0f9cff3..00790bd 100644 --- a/src/config.rs +++ b/src/config.rs @@ -1,8 +1,17 @@ // SPDX-FileCopyrightText: 2025 Tomasz Kramkowski <tomasz@kramkow.ski> // SPDX-License-Identifier: GPL-3.0-or-later -use std::{collections::HashMap, fs, path::Path, process, time::Duration}; +use std::{ + collections::HashMap, + fs::File, + io::Read, + os::unix::fs::PermissionsExt, + path::Path, + process, + time::Duration, +}; +use anyhow::bail; use rumqttc::{AsyncClient, EventLoop, MqttOptions}; use serde::Deserialize; @@ -54,6 +63,15 @@ impl Config { } pub fn load<P: AsRef<Path>>(path: P) -> anyhow::Result<Config> { - let config = fs::read_to_string(&path)?; - Ok(toml::from_str(&config)?) + let mut f = File::open(path)?; + let mut config = String::new(); + f.read_to_string(&mut config)?; + let config: Config = toml::from_str(&config)?; + if config.credentials.is_some() { + let mode = f.metadata()?.permissions().mode(); + if mode & 0o044 != 0o000 { + bail!("Config file contains credentials while being group or world readable."); + } + } + Ok(config) } |