diff options
author | Werner Koch <wk@gnupg.org> | 2020-10-20 10:43:55 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2020-10-20 12:15:55 +0200 |
commit | c94ee1386e0d5cdac51086c4d5b92de59c09c9b5 (patch) | |
tree | 34089b99da850a449f95ab9dd7e88317194b5f11 | |
parent | gpg,ecc: Fix SOS handling when receiving from agent. (diff) | |
download | gnupg2-c94ee1386e0d5cdac51086c4d5b92de59c09c9b5.tar.xz gnupg2-c94ee1386e0d5cdac51086c4d5b92de59c09c9b5.zip |
Replace all calls to access by gnupg_access
* common/sysutils.c (gnupg_access): New. Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--
Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.
This is required to correctly handle non-ascii filenames on Windows.
GnuPG-bug-id: 5098
-rw-r--r-- | agent/findkey.c | 4 | ||||
-rw-r--r-- | agent/trustlist.c | 17 | ||||
-rw-r--r-- | common/exechelp-posix.c | 5 | ||||
-rw-r--r-- | common/exechelp-w32.c | 5 | ||||
-rw-r--r-- | common/homedir.c | 77 | ||||
-rw-r--r-- | common/sysutils.c | 43 | ||||
-rw-r--r-- | common/sysutils.h | 1 | ||||
-rw-r--r-- | common/t-exectool.c | 1 | ||||
-rw-r--r-- | dirmngr/certcache.c | 2 | ||||
-rw-r--r-- | dirmngr/dirmngr.c | 2 | ||||
-rw-r--r-- | dirmngr/http.c | 12 | ||||
-rw-r--r-- | g10/gpg.c | 11 | ||||
-rw-r--r-- | g10/keydb.c | 14 | ||||
-rw-r--r-- | g10/keyring.c | 7 | ||||
-rw-r--r-- | g10/migrate.c | 4 | ||||
-rw-r--r-- | g10/openfile.c | 2 | ||||
-rw-r--r-- | g10/tdbio.c | 8 | ||||
-rw-r--r-- | g13/backend.c | 3 | ||||
-rw-r--r-- | g13/g13-syshelp.c | 2 | ||||
-rw-r--r-- | g13/mount.c | 2 | ||||
-rw-r--r-- | g13/suspend.c | 5 | ||||
-rw-r--r-- | kbx/keybox-init.c | 3 | ||||
-rw-r--r-- | kbx/keybox-update.c | 10 | ||||
-rw-r--r-- | sm/gpgsm.c | 2 | ||||
-rw-r--r-- | sm/keydb.c | 9 | ||||
-rw-r--r-- | tools/gpg-wks-server.c | 19 | ||||
-rw-r--r-- | tools/gpgconf-comp.c | 4 | ||||
-rw-r--r-- | tools/wks-util.c | 5 |
28 files changed, 151 insertions, 128 deletions
diff --git a/agent/findkey.c b/agent/findkey.c index fa9e5b548..dd39472a9 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -236,7 +236,7 @@ agent_write_private_key (const unsigned char *grip, /* FIXME: Write to a temp file first so that write failures during key updates won't lead to a key loss. */ - if (!force && !access (fname, F_OK)) + if (!force && !gnupg_access (fname, F_OK)) { log_error ("secret key file '%s' already exists\n", fname); xfree (fname); @@ -1324,7 +1324,7 @@ agent_key_available (const unsigned char *grip) fname = make_filename (gnupg_homedir (), GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL); - result = !access (fname, R_OK)? 0 : -1; + result = !gnupg_access (fname, R_OK)? 0 : -1; xfree (fname); return result; } diff --git a/agent/trustlist.c b/agent/trustlist.c index d91e92e07..087afbd51 100644 --- a/agent/trustlist.c +++ b/agent/trustlist.c @@ -185,6 +185,7 @@ read_one_trustfile (const char *fname, int allow_include, { char *etcname; gpg_error_t err2; + gpg_err_code_t ec; if (!allow_include) { @@ -198,7 +199,7 @@ read_one_trustfile (const char *fname, int allow_include, if ( !strcmp (etcname, fname) ) /* Same file. */ log_info (_("statement \"%s\" ignored in '%s', line %d\n"), "include-default", fname, lnr); - else if ( access (etcname, F_OK) && errno == ENOENT ) + else if ((ec=gnupg_access (etcname, F_OK)) && ec == GPG_ERR_ENOENT) { /* A non existent system trustlist is not an error. Just print a note. */ @@ -336,6 +337,7 @@ read_trustfiles (void) size_t tablesize; char *fname; int allow_include = 1; + gpg_err_code_t ec; tablesize = 20; table = xtrycalloc (tablesize, sizeof *table); @@ -351,13 +353,13 @@ read_trustfiles (void) return err; } - if ( access (fname, F_OK) ) + if ((ec = gnupg_access (fname, F_OK))) { - if ( errno == ENOENT ) + if ( ec == GPG_ERR_ENOENT ) ; /* Silently ignore a non-existing trustfile. */ else { - err = gpg_error_from_syserror (); + err = gpg_error (ec); log_error (_("error opening '%s': %s\n"), fname, gpg_strerror (err)); } xfree (fname); @@ -601,6 +603,7 @@ gpg_error_t agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag) { gpg_error_t err = 0; + gpg_err_code_t ec; char *desc; char *fname; estream_t fp; @@ -618,7 +621,7 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag) if (!fname) return gpg_error_from_syserror (); - if ( access (fname, W_OK) && errno != ENOENT) + if ((ec = access (fname, W_OK)) && ec != GPG_ERR_ENOENT) { xfree (fname); return gpg_error (GPG_ERR_EPERM); @@ -751,12 +754,12 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag) xfree (nameformatted); return err; } - if ( access (fname, F_OK) && errno == ENOENT) + if ((ec = access (fname, F_OK)) && ec == GPG_ERR_ENOENT) { fp = es_fopen (fname, "wx,mode=-rw-r"); if (!fp) { - err = gpg_error_from_syserror (); + err = gpg_error (ec); log_error ("can't create '%s': %s\n", fname, gpg_strerror (err)); xfree (fname); unlock_trusttable (); diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c index 2b724ce5f..b14410821 100644 --- a/common/exechelp-posix.c +++ b/common/exechelp-posix.c @@ -845,14 +845,15 @@ gpg_error_t gnupg_spawn_process_detached (const char *pgmname, const char *argv[], const char *envp[] ) { + gpg_err_code_t ec; pid_t pid; int i; if (getuid() != geteuid()) return my_error (GPG_ERR_BUG); - if (access (pgmname, X_OK)) - return my_error_from_syserror (); + if ((ec = gnupg_access (pgmname, X_OK))) + return gpg_err_make (default_errsource, ec); pid = fork (); if (pid == (pid_t)(-1)) diff --git a/common/exechelp-w32.c b/common/exechelp-w32.c index be684caaa..a7897cbfc 100644 --- a/common/exechelp-w32.c +++ b/common/exechelp-w32.c @@ -866,13 +866,14 @@ gnupg_spawn_process_detached (const char *pgmname, const char *argv[], int cr_flags; char *cmdline; BOOL in_job = FALSE; + gpg_err_code_t ec; /* We don't use ENVP. */ (void)envp; - if (access (pgmname, X_OK)) - return my_error_from_syserror (); + if ((ec = gnupg_access (pgmname, X_OK))) + return gpg_err_make (default_errsource, ec); /* Prepare security attributes. */ memset (&sec_attr, 0, sizeof sec_attr ); diff --git a/common/homedir.c b/common/homedir.c index f0e5362ba..dd1575cd0 100644 --- a/common/homedir.c +++ b/common/homedir.c @@ -117,14 +117,16 @@ w32_try_mkdir (const char *dir) #endif -/* This is a helper function to load a Windows function from either of - one DLLs. */ +/* This is a helper function to load and call a Windows function from + * either of one DLLs. On success an UTF-8 file name is returned. + * ERRNO is _not_ set on error. */ #ifdef HAVE_W32_SYSTEM -static HRESULT -w32_shgetfolderpath (HWND a, int b, HANDLE c, DWORD d, LPSTR e) +static char * +w32_shgetfolderpath (HWND a, int b, HANDLE c, DWORD d) { static int initialized; - static HRESULT (WINAPI * func)(HWND,int,HANDLE,DWORD,LPSTR); + static HRESULT (WINAPI * func)(HWND,int,HANDLE,DWORD,LPWSTR); + wchar_t wfname[MAX_PATH]; if (!initialized) { @@ -139,7 +141,7 @@ w32_shgetfolderpath (HWND a, int b, HANDLE c, DWORD d, LPSTR e) handle = dlopen (dllnames[i], RTLD_LAZY); if (handle) { - func = dlsym (handle, "SHGetFolderPathA"); + func = dlsym (handle, "SHGetFolderPathW"); if (!func) { dlclose (handle); @@ -149,10 +151,10 @@ w32_shgetfolderpath (HWND a, int b, HANDLE c, DWORD d, LPSTR e) } } - if (func) - return func (a,b,c,d,e); + if (func && func (a,b,c,d,wfname) >= 0) + return wchar_to_utf8 (wfname); else - return -1; + return NULL; } #endif /*HAVE_W32_SYSTEM*/ @@ -248,25 +250,17 @@ standard_homedir (void) } else { - char path[MAX_PATH]; - - /* It might be better to use LOCAL_APPDATA because this is - defined as "non roaming" and thus more likely to be kept - locally. For private keys this is desired. However, - given that many users copy private keys anyway forth and - back, using a system roaming services might be better - than to let them do it manually. A security conscious - user will anyway use the registry entry to have better - control. */ - if (w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE, - NULL, 0, path) >= 0) + char *path; + + path = w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE, + NULL, 0); + if (path) { - char *tmp = xmalloc (strlen (path) + 6 +1); - strcpy (stpcpy (tmp, path), "\\gnupg"); - dir = tmp; + dir = xstrconcat (path, "\\gnupg", NULL); + xfree (path); /* Try to create the directory if it does not yet exists. */ - if (access (dir, F_OK)) + if (gnupg_access (dir, F_OK)) w32_try_mkdir (dir); } else @@ -360,10 +354,10 @@ check_portable_app (const char *dir) char *fname; fname = xstrconcat (dir, DIRSEP_S "gpgconf.exe", NULL); - if (!access (fname, F_OK)) + if (!gnupg_access (fname, F_OK)) { strcpy (fname + strlen (fname) - 3, "ctl"); - if (!access (fname, F_OK)) + if (!gnupg_access (fname, F_OK)) { /* gpgconf.ctl file found. Record this fact. */ w32_portable_app = 1; @@ -440,7 +434,7 @@ w32_commondir (void) if (!dir) { const char *rdir; - char path[MAX_PATH]; + char *path; /* Make sure that w32_rootdir has been called so that we are able to check the portable application flag. The common dir @@ -450,19 +444,17 @@ w32_commondir (void) if (w32_portable_app) return rdir; - if (w32_shgetfolderpath (NULL, CSIDL_COMMON_APPDATA, - NULL, 0, path) >= 0) + path = w32_shgetfolderpath (NULL, CSIDL_COMMON_APPDATA, NULL, 0); + if (path) { - char *tmp = xmalloc (strlen (path) + 4 +1); - strcpy (stpcpy (tmp, path), "\\GNU"); - dir = tmp; + dir = xstrconcat (path, "\\GNU", NULL); /* No auto create of the directory. Either the installer or - the admin has to create these directories. */ + * the admin has to create these directories. */ } else { - /* Ooops: Not defined - probably an old Windows version. - Use the installation directory instead. */ + /* Folder not found or defined - probably an old Windows + * version. Use the installation directory instead. */ dir = xstrdup (rdir); } } @@ -903,7 +895,7 @@ gnupg_cachedir (void) } else { - char path[MAX_PATH]; + char *path; const char *s1[] = { "GNU", "cache", "gnupg", NULL }; int s1_len; const char **comp; @@ -912,8 +904,10 @@ gnupg_cachedir (void) for (comp = s1; *comp; comp++) s1_len += 1 + strlen (*comp); - if (w32_shgetfolderpath (NULL, CSIDL_LOCAL_APPDATA|CSIDL_FLAG_CREATE, - NULL, 0, path) >= 0) + path = w32_shgetfolderpath (NULL, + CSIDL_LOCAL_APPDATA|CSIDL_FLAG_CREATE, + NULL, 0); + if (path) { char *tmp = xmalloc (strlen (path) + s1_len + 1); char *p; @@ -924,11 +918,12 @@ gnupg_cachedir (void) p = stpcpy (p, "\\"); p = stpcpy (p, *comp); - if (access (tmp, F_OK)) + if (gnupg_access (tmp, F_OK)) w32_try_mkdir (tmp); } dir = tmp; + xfree (path); } else { @@ -1025,7 +1020,7 @@ get_default_pinentry_name (int reset) char *name2; name2 = xstrconcat (names[i].rfnc (), names[i].name, NULL); - if (!access (name2, F_OK)) + if (!gnupg_access (name2, F_OK)) { /* Use that pinentry. */ xfree (name); diff --git a/common/sysutils.c b/common/sysutils.c index 140d1d7be..99bc021f5 100644 --- a/common/sysutils.c +++ b/common/sysutils.c @@ -811,7 +811,7 @@ gnupg_mkdir (const char *name, const char *modestr) int gnupg_chdir (const char *name) { - /* Note that gpgrt_chdir also sets ERRNO in addition to returing an + /* Note that gpgrt_chdir also sets ERRNO in addition to returning an * gpg-error style error code. */ return gpgrt_chdir (name); } @@ -1033,30 +1033,37 @@ gnupg_unsetenv (const char *name) /* Return the current working directory as a malloced string. Return - NULL and sets ERRNo on error. */ + NULL and sets ERRNO on error. */ char * gnupg_getcwd (void) { - char *buffer; - size_t size = 100; + return gpgrt_getcwd (); +} + + +/* A simple wrapper around access. NAME is expected to be utf8 + * encoded. This function returns an error code and sets ERRNO. */ +gpg_err_code_t +gnupg_access (const char *name, int mode) +{ +#if GPGRT_VERSION_NUMBER < 0x012800 /* 1.39 */ +# ifdef HAVE_W32_SYSTEM + wchar_t *wfname; - for (;;) + wfname = utf8_to_wchar (fname); + if (!wfname) + ec = gpg_err_code_from_syserror (); + else { - buffer = xtrymalloc (size+1); - if (!buffer) - return NULL; -#ifdef HAVE_W32CE_SYSTEM - strcpy (buffer, "/"); /* Always "/". */ - return buffer; + ec = _waccess (wfname, mode)? gpg_err_code_from_syserror () : 0; + xfree (wfname); + } +# else + return access (name, mode)? gpg_err_code_from_syserror () : 0; +# endif #else - if (getcwd (buffer, size) == buffer) - return buffer; - xfree (buffer); - if (errno != ERANGE) - return NULL; - size *= 2; + return gpgrt_access (name, mode); #endif - } } diff --git a/common/sysutils.h b/common/sysutils.h index daded986f..12b45e47c 100644 --- a/common/sysutils.h +++ b/common/sysutils.h @@ -73,6 +73,7 @@ char *gnupg_mkdtemp (char *template); int gnupg_setenv (const char *name, const char *value, int overwrite); int gnupg_unsetenv (const char *name); char *gnupg_getcwd (void); +gpg_err_code_t gnupg_access (const char *name, int mode); gpg_error_t gnupg_chuid (const char *user, int silent); char *gnupg_get_socket_name (int fd); int gnupg_fd_valid (int fd); diff --git a/common/t-exectool.c b/common/t-exectool.c index 9cea2d1be..e1fffdcaa 100644 --- a/common/t-exectool.c +++ b/common/t-exectool.c @@ -45,6 +45,7 @@ test_executing_true (void) char *result; size_t len; + /* Fixme: We should use gpgrt_access here. */ if (access (pgmname, X_OK)) { if (access (alt_pgmname, X_OK)) diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c index 87f605eab..04da510a0 100644 --- a/dirmngr/certcache.c +++ b/dirmngr/certcache.c @@ -685,7 +685,7 @@ load_certs_from_system (void) gpg_error_t err = 0; for (idx=0; idx < DIM (table); idx++) - if (!access (table[idx].name, F_OK)) + if (!gnupg_access (table[idx].name, F_OK)) { /* Take the first available bundle. */ err = load_certs_from_file (table[idx].name, CERTTRUST_CLASS_SYSTEM, 0); diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index 3f07b2eac..a7b0cc051 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -1099,7 +1099,7 @@ main (int argc, char **argv) log_info (_("Note: '%s' is not considered an option\n"), argv[i]); } - if (!access ("/etc/"DIRMNGR_NAME, F_OK) + if (!gnupg_access ("/etc/"DIRMNGR_NAME, F_OK) && !strncmp (gnupg_homedir (), "/etc/", 5)) log_info ("NOTE: DirMngr is now a proper part of %s. The configuration and" diff --git a/dirmngr/http.c b/dirmngr/http.c index bfbc30276..f7f65303b 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -577,6 +577,7 @@ http_register_tls_callback (gpg_error_t (*cb)(http_t, http_session_t, int)) void http_register_tls_ca (const char *fname) { + gpg_err_code_t ec; strlist_t sl; if (!fname) @@ -588,9 +589,8 @@ http_register_tls_ca (const char *fname) { /* Warn if we can't access right now, but register it anyway in case it becomes accessible later */ - if (access (fname, F_OK)) - log_info (_("can't access '%s': %s\n"), fname, - gpg_strerror (gpg_error_from_syserror())); + if ((ec = gnupg_access (fname, F_OK))) + log_info (_("can't access '%s': %s\n"), fname, gpg_strerror (ec)); sl = add_to_strlist (&tls_ca_certlist, fname); if (*sl->d && !strcmp (sl->d + strlen (sl->d) - 4, ".pem")) sl->flags = 1; @@ -606,6 +606,7 @@ http_register_tls_ca (const char *fname) void http_register_cfg_ca (const char *fname) { + gpg_err_code_t ec; strlist_t sl; if (!fname) @@ -617,9 +618,8 @@ http_register_cfg_ca (const char *fname) { /* Warn if we can't access right now, but register it anyway in case it becomes accessible later */ - if (access (fname, F_OK)) - log_info (_("can't access '%s': %s\n"), fname, - gpg_strerror (gpg_error_from_syserror())); + if ((ec = gnupg_access (fname, F_OK))) + log_info (_("can't access '%s': %s\n"), fname, gpg_strerror (ec)); sl = add_to_strlist (&cfg_ca_certlist, fname); if (*sl->d && !strcmp (sl->d + strlen (sl->d) - 4, ".pem")) sl->flags = 1; @@ -4072,13 +4072,14 @@ main (int argc, char **argv) } /* Set the random seed file. */ - if( use_random_seed ) { - char *p = make_filename (gnupg_homedir (), "random_seed", NULL ); - gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p); - if (!access (p, F_OK)) + if (use_random_seed) + { + char *p = make_filename (gnupg_homedir (), "random_seed", NULL ); + gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p); + if (!gnupg_access (p, F_OK)) register_secured_file (p); xfree(p); - } + } /* If there is no command but the --fingerprint is given, default to the --list-keys command. */ diff --git a/g10/keydb.c b/g10/keydb.c index 66e7d9520..ddbab7300 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -29,6 +29,7 @@ #include "gpg.h" #include "../common/util.h" +#include "../common/sysutils.h" #include "options.h" #include "main.h" /*try_make_homedir ()*/ #include "packet.h" @@ -211,6 +212,7 @@ keyblock_cache_clear (struct keydb_handle_s *hd) static gpg_error_t maybe_create_keyring_or_box (char *filename, int is_box, int force_create) { + gpg_err_code_t ec; dotlock_t lockhd = NULL; IOBUF iobuf; int rc; @@ -221,8 +223,8 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create) int save_slash; /* A quick test whether the filename already exists. */ - if (!access (filename, F_OK)) - return !access (filename, R_OK)? 0 : gpg_error (GPG_ERR_EACCES); + if (!gnupg_access (filename, F_OK)) + return !gnupg_access (filename, R_OK)? 0 : gpg_error (GPG_ERR_EACCES); /* If we don't want to create a new file at all, there is no need to go any further - bail out right here. */ @@ -257,9 +259,9 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create) tried = 1; try_make_homedir (filename); } - if (access (filename, F_OK)) + if ((ec = gnupg_access (filename, F_OK))) { - rc = gpg_error_from_syserror (); + rc = gpg_error (ec); *last_slash_in_filename = save_slash; goto leave; } @@ -316,12 +318,12 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create) if (rc) goto leave; - if (!access (filename, F_OK)) + if (!gnupg_access (filename, F_OK)) { rc = 0; /* Okay, we may access the file now. */ goto leave; } - if (!access (bak_fname, F_OK) && !access (tmp_fname, F_OK)) + if (!gnupg_access (bak_fname, F_OK) && !gnupg_access (tmp_fname, F_OK)) { /* Very likely another process is updating a pubring.gpg and we should not create a pubring.kbx. */ diff --git a/g10/keyring.c b/g10/keyring.c index 9cd66db3a..f9ac83615 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -228,7 +228,7 @@ keyring_is_writable (void *token) { KR_RESOURCE r = token; - return r? (r->read_only || !access (r->fname, W_OK)) : 0; + return r? (r->read_only || !gnupg_access (r->fname, W_OK)) : 0; } @@ -1601,6 +1601,7 @@ static int do_copy (int mode, const char *fname, KBNODE root, off_t start_offset, unsigned int n_packets ) { + gpg_err_code_t ec; IOBUF fp, newfp; int rc=0; char *bakfname = NULL; @@ -1608,8 +1609,8 @@ do_copy (int mode, const char *fname, KBNODE root, /* Open the source file. Because we do a rename, we have to check the permissions of the file */ - if (access (fname, W_OK)) - return gpg_error_from_syserror (); + if ((ec = gnupg_access (fname, W_OK))) + return gpg_error (ec); fp = iobuf_open (fname); if (mode == 1 && !fp && errno == ENOENT) { diff --git a/g10/migrate.c b/g10/migrate.c index c52c67a77..9045ae66e 100644 --- a/g10/migrate.c +++ b/g10/migrate.c @@ -50,10 +50,10 @@ migrate_secring (ctrl_t ctrl) char *agent_version = NULL; secring = make_filename (gnupg_homedir (), "secring" EXTSEP_S "gpg", NULL); - if (access (secring, F_OK)) + if (gnupg_access (secring, F_OK)) goto leave; /* Does not exist or is not readable. */ flagfile = make_filename (gnupg_homedir (), V21_MIGRATION_FNAME, NULL); - if (!access (flagfile, F_OK)) + if (!gnupg_access (flagfile, F_OK)) goto leave; /* Does exist - fine. */ log_info ("starting migration from earlier GnuPG versions\n"); diff --git a/g10/openfile.c b/g10/openfile.c index f4730da22..424fd9114 100644 --- a/g10/openfile.c +++ b/g10/openfile.c @@ -326,7 +326,7 @@ get_matching_datafile (const char *sigfilename) fname = xstrdup (sigfilename); fname[len-(fname[len-1]=='n'?5:4)] = 0 ; - if (access (fname, R_OK )) + if (gnupg_access (fname, R_OK )) { /* Not found or other error. */ xfree (fname); diff --git a/g10/tdbio.c b/g10/tdbio.c index 9f01667b4..2b2944fdd 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -711,17 +711,19 @@ tdbio_set_dbname (ctrl_t ctrl, const char *new_dbname, log_assert (p); save_slash = *p; *p = 0; - if (access (fname, F_OK)) + if (gnupg_access (fname, F_OK)) { try_make_homedir (fname); - if (access (fname, F_OK)) + if (gnupg_access (fname, F_OK)) log_fatal (_("%s: directory does not exist!\n"), fname); } *p = save_slash; take_write_lock (); - if (access (fname, R_OK) || stat (fname, &statbuf) || statbuf.st_size == 0) + if (gnupg_access (fname, R_OK) + || stat (fname, &statbuf) + || statbuf.st_size == 0) { FILE *fp; TRUSTREC rec; diff --git a/g13/backend.c b/g13/backend.c index 835c66be4..71cd6ffc1 100644 --- a/g13/backend.c +++ b/g13/backend.c @@ -27,6 +27,7 @@ #include "g13.h" #include "../common/i18n.h" +#include "../common/sysutils.h" #include "keyblob.h" #include "backend.h" #include "be-encfs.h" @@ -116,7 +117,7 @@ be_take_lock_for_create (ctrl_t ctrl, const char *fname, dotlock_t *r_lock) /* A quick check to see that no container with that name already exists. */ - if (!access (fname, F_OK)) + if (!gnupg_access (fname, F_OK)) { err = gpg_error (GPG_ERR_EEXIST); goto leave; diff --git a/g13/g13-syshelp.c b/g13/g13-syshelp.c index d65f26b2f..4bfd927a7 100644 --- a/g13/g13-syshelp.c +++ b/g13/g13-syshelp.c @@ -581,7 +581,7 @@ g13_syshelp_i_know_what_i_am_doing (void) char *fname; fname = make_filename (gnupg_sysconfdir (), yesfile, NULL); - if (access (fname, F_OK)) + if (gnupg_access (fname, F_OK)) { log_info ("*******************************************************\n"); log_info ("* The G13 support for DM-Crypt is new and not matured.\n"); diff --git a/g13/mount.c b/g13/mount.c index dc415b12d..bee47fbd5 100644 --- a/g13/mount.c +++ b/g13/mount.c @@ -76,7 +76,7 @@ g13_mount_container (ctrl_t ctrl, const char *filename, const char *mountpoint) else { /* A quick check to see whether we can the container exists. */ - if (access (filename, R_OK)) + if (gnupg_access (filename, R_OK)) return gpg_error_from_syserror (); } diff --git a/g13/suspend.c b/g13/suspend.c index 0aa20f01c..44c52ddc5 100644 --- a/g13/suspend.c +++ b/g13/suspend.c @@ -28,6 +28,7 @@ #include "g13.h" #include "../common/i18n.h" +#include "../common/sysutils.h" #include "suspend.h" #include "keyblob.h" @@ -45,7 +46,7 @@ g13_suspend_container (ctrl_t ctrl, const char *filename) int needs_syshelp; /* A quick check to see whether the container exists. */ - if (access (filename, R_OK)) + if (gnupg_access (filename, R_OK)) return gpg_error_from_syserror (); /* Decide whether we need to use the g13-syshelp because we can't @@ -80,7 +81,7 @@ g13_resume_container (ctrl_t ctrl, const char *filename) char *mountpoint_buffer = NULL; /* A quick check to see whether the container exists. */ - if (access (filename, R_OK)) + if (gnupg_access (filename, R_OK)) return gpg_error_from_syserror (); /* Decide whether we need to use the g13-syshelp because we can't diff --git a/kbx/keybox-init.c b/kbx/keybox-init.c index 2223f4d15..248a0a543 100644 --- a/kbx/keybox-init.c +++ b/kbx/keybox-init.c @@ -25,6 +25,7 @@ #include <assert.h> #include "keybox-defs.h" +#include "../common/sysutils.h" #include "../common/mischelp.h" static KB_NAME kb_names; @@ -80,7 +81,7 @@ keybox_is_writable (void *token) { KB_NAME r = token; - return r? !access (r->fname, W_OK) : 0; + return r? !gnupg_access (r->fname, W_OK) : 0; } diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c index fbcaec7b9..e263bc3d6 100644 --- a/kbx/keybox-update.c +++ b/kbx/keybox-update.c @@ -161,6 +161,7 @@ static int blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob, int secret, int for_openpgp, off_t start_offset) { + gpg_err_code_t ec; FILE *fp, *newfp; int rc=0; char *bakfname = NULL; @@ -170,8 +171,8 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob, /* Open the source file. Because we do a rename, we have to check the permissions of the file */ - if (access (fname, W_OK)) - return gpg_error_from_syserror (); + if ((ec = gnupg_access (fname, W_OK))) + return gpg_error (ec); fp = fopen (fname, "rb"); if (mode == FILECOPY_INSERT && !fp && errno == ENOENT) @@ -626,6 +627,7 @@ keybox_delete (KEYBOX_HANDLE hd) int keybox_compress (KEYBOX_HANDLE hd) { + gpg_err_code_t ec; int read_rc, rc; const char *fname; FILE *fp, *newfp; @@ -651,8 +653,8 @@ keybox_compress (KEYBOX_HANDLE hd) /* Open the source file. Because we do a rename, we have to check the permissions of the file */ - if (access (fname, W_OK)) - return gpg_error_from_syserror (); + if ((ec = gnupg_access (fname, W_OK))) + return gpg_error (ec); fp = fopen (fname, "rb"); if (!fp && errno == ENOENT) diff --git a/sm/gpgsm.c b/sm/gpgsm.c index cc3aa5d6a..ef5f801c8 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -1807,7 +1807,7 @@ main ( int argc, char **argv) filelist[0] = make_filename (gnupg_datadir (),"com-certs.pem", NULL); filelist[1] = NULL; - if (!access (filelist[0], F_OK)) + if (!gnupg_access (filelist[0], F_OK)) { log_info (_("importing common certificates '%s'\n"), filelist[0]); diff --git a/sm/keydb.c b/sm/keydb.c index e6b7a5b23..af8bf8629 100644 --- a/sm/keydb.c +++ b/sm/keydb.c @@ -206,6 +206,7 @@ try_make_homedir (const char *fname) static gpg_error_t maybe_create_keybox (char *filename, int force, int *r_created) { + gpg_err_code_t ec; dotlock_t lockhd = NULL; FILE *fp; int rc; @@ -217,8 +218,8 @@ maybe_create_keybox (char *filename, int force, int *r_created) *r_created = 0; /* A quick test whether the filename already exists. */ - if (!access (filename, F_OK)) - return !access (filename, R_OK)? 0 : gpg_error (GPG_ERR_EACCES); + if (!gnupg_access (filename, F_OK)) + return !gnupg_access (filename, R_OK)? 0 : gpg_error (GPG_ERR_EACCES); /* If we don't want to create a new file at all, there is no need to go any further - bail out right here. */ @@ -253,9 +254,9 @@ maybe_create_keybox (char *filename, int force, int *r_created) tried = 1; try_make_homedir (filename); } - if (access (filename, F_OK)) + if ((ec = gnupg_access (filename, F_OK))) { - rc = gpg_error_from_syserror (); + rc = gpg_error (ec); *last_slash_in_filename = save_slash; goto leave; } diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index 967572581..32cd46530 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -1182,7 +1182,7 @@ process_new_key (server_ctx_t ctx, estream_t key) goto leave; } - if (access (dname, W_OK)) + if (gnupg_access (dname, W_OK)) { log_info ("skipping address '%s': Domain not configured\n", sl->mbox); continue; @@ -1459,7 +1459,7 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce) err = gpg_error_from_syserror (); goto leave; } - if (!access (fnewname, W_OK)) + if (!gnupg_access (fnewname, W_OK)) { /* Yes, we have a dane directory. */ s = strchr (address, '@'); @@ -1795,7 +1795,7 @@ command_list_domains (void) { "pending", "-rwx" }, { "hu", "-rwxr-xr-x" } }; - + gpg_err_code_t ec; gpg_error_t err; strlist_t domaindirs; strlist_t sl; @@ -1832,9 +1832,9 @@ command_list_domains (void) err = gpg_error_from_syserror (); goto leave; } - if (access (fname, W_OK)) + if ((ec = gnupg_access (fname, W_OK))) { - err = gpg_error_from_syserror (); + err = gpg_error (ec); if (gpg_err_code (err) == GPG_ERR_ENOENT) { if (gnupg_mkdir (fname, requireddirs[i].perm)) @@ -1862,9 +1862,9 @@ command_list_domains (void) err = gpg_error_from_syserror (); goto leave; } - if (access (fname, F_OK)) + if ((ec = gnupg_access (fname, F_OK))) { - err = gpg_error_from_syserror (); + err = gpg_error (ec); if (gpg_err_code (err) == GPG_ERR_ENOENT) log_error ("domain %s: submission address not configured\n", domain); @@ -1941,6 +1941,7 @@ command_cron (void) static gpg_error_t command_check_key (const char *userid) { + gpg_err_code_t ec; gpg_error_t err; char *addrspec = NULL; char *fname = NULL; @@ -1949,9 +1950,9 @@ command_check_key (const char *userid) if (err) goto leave; - if (access (fname, R_OK)) + if ((ec = gnupg_access (fname, R_OK))) { - err = gpg_error_from_syserror (); + err = gpg_error (ec); if (opt_with_file) es_printf ("%s n %s\n", addrspec, fname); if (gpg_err_code (err) == GPG_ERR_ENOENT) diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index dacc53328..5efe6e50a 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -1581,7 +1581,7 @@ retrieve_options_from_program (gc_component_id_t component, int only_installed) ? gnupg_module_name (gc_component[component].module_name) : gc_component[component].program ); - if (only_installed && access (pgmname, X_OK)) + if (only_installed && gnupg_access (pgmname, X_OK)) { return; /* The component is not installed. */ } @@ -3230,7 +3230,7 @@ gc_apply_profile (const char *fname) * is installed and use that instead of the given file name. */ fname_buffer = xstrconcat (gnupg_datadir (), DIRSEP_S, fname, ".prf", NULL); - if (!access (fname_buffer, F_OK)) + if (!gnupg_access (fname_buffer, F_OK)) fname = fname_buffer; } diff --git a/tools/wks-util.c b/tools/wks-util.c index 30461f850..1706c694a 100644 --- a/tools/wks-util.c +++ b/tools/wks-util.c @@ -873,6 +873,7 @@ wks_compute_hu_fname (char **r_fname, const char *addrspec) static gpg_error_t ensure_policy_file (const char *addrspec) { + gpg_err_code_t ec; gpg_error_t err; const char *domain; char *fname; @@ -890,12 +891,12 @@ ensure_policy_file (const char *addrspec) goto leave; /* First a quick check whether it already exists. */ - if (!access (fname, F_OK)) + if (!(ec = gnupg_access (fname, F_OK))) { err = 0; /* File already exists. */ goto leave; } - err = gpg_error_from_syserror (); + err = gpg_error (ec); if (gpg_err_code (err) == GPG_ERR_ENOENT) err = 0; else |