cleaned up the file access checking

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96804 13f79535-47bb-0310-9956-ffa450edef68
author: Brian Pane <brianp@apache.org> 2002-09-14 08:53:40 +0200
committer: Brian Pane <brianp@apache.org> 2002-09-14 08:53:40 +0200
commit: 4de8023f20d9071546112ab16b31a814e6646e0b (patch)
tree: 2c64dbba8da41ef304796ad0235c42cdb68aafb2 /support/htpasswd.c
parent: Remove the setting of the status line from the cache in mod_disk_cache, (diff)
download: apache2-4de8023f20d9071546112ab16b31a814e6646e0b.tar.xz
apache2-4de8023f20d9071546112ab16b31a814e6646e0b.zip
1 files changed, 16 insertions, 26 deletions
diff --git a/support/htpasswd.c b/support/htpasswd.c
index 03b066f91a..ca400dd3e1 100644
--- a/support/htpasswd.c
+++ b/support/htpasswd.c
@@ -513,46 +513,36 @@ int main(int argc, const char * const argv[])
     }
 #endif
     if (!(mask & APHTP_NOFILE)) {
+        int file_exists = exists(pwfilename, pool);
         /*
          * Only do the file checks if we're supposed to frob it.
          *
          * Verify that the file exists if -c was omitted.  We give a special
          * message if it doesn't.
          */
-        if (!(mask & APHTP_NEWFILE) && !exists(pwfilename, pool)) {
+        if (!(mask & APHTP_NEWFILE) && !file_exists) {
             apr_file_printf(errfile,
                     "%s: cannot modify file %s; use '-c' to create it\n",
                     argv[0], pwfilename);
             exit(ERR_FILEPERM);
         }
         /*
-         * Verify that we can read the existing file in the case of an update
-         * to it (rather than creation of a new one).
+         * If the file exists, check that it's readable and writable.
+         * If it doesn't exist, verify that we can create it.
          */
-        if (!(mask & APHTP_NEWFILE) && !readable(pool, pwfilename)) {
-            apr_file_printf(errfile, "%s: cannot open file %s for read "
-                            "access\n", argv[0], pwfilename);
-            exit(ERR_FILEPERM);
-        }
-        /*
-         * Now check to see if we can preserve an existing file in case
-         * of password verification errors on a -c operation.
-         */
-        if ((mask & APHTP_NEWFILE) && exists(pwfilename, pool)
-                && !readable(pool, pwfilename)) {
-            apr_file_printf(errfile, "%s: cannot open file %s for read access\n"
-                    "%s: existing auth data would be lost on "
-                    "password mismatch",
-                    argv[0], pwfilename, argv[0]);
-            exit(ERR_FILEPERM);
+        if (file_exists) {
+            if (!accessible(pool, pwfilename, APR_READ | APR_APPEND)) {
+                apr_file_printf(errfile, "%s: cannot open file %s for "
+                                "read/write access\n", argv[0], pwfilename);
+                exit(ERR_FILEPERM);
+            }
         }
-        /*
-         * Now verify that the file is writable!
-         */
-        if (!writable(pool, pwfilename)) {
-            apr_file_printf(errfile, "%s: cannot open file %s for write "
-                            "access\n", argv[0], pwfilename);
-            exit(ERR_FILEPERM);
+        else {
+            if (!accessible(pool, pwfilename, APR_CREATE | APR_WRITE)) {
+                apr_file_printf(errfile, "%s: cannot create file %s\n",
+                                argv[0], pwfilename);
+                exit(ERR_FILEPERM);
+            }
         }
     }
author	Brian Pane <brianp@apache.org>	2002-09-14 08:53:40 +0200
committer	Brian Pane <brianp@apache.org>	2002-09-14 08:53:40 +0200
commit	4de8023f20d9071546112ab16b31a814e6646e0b (patch)
tree	2c64dbba8da41ef304796ad0235c42cdb68aafb2 /support/htpasswd.c
parent	Remove the setting of the status line from the cache in mod_disk_cache, (diff)
download	apache2-4de8023f20d9071546112ab16b31a814e6646e0b.tar.xz apache2-4de8023f20d9071546112ab16b31a814e6646e0b.zip