summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>2020-10-20 10:43:55 +0200
committerWerner Koch <wk@gnupg.org>2020-10-20 12:15:55 +0200
commitc94ee1386e0d5cdac51086c4d5b92de59c09c9b5 (patch)
tree34089b99da850a449f95ab9dd7e88317194b5f11
parentgpg,ecc: Fix SOS handling when receiving from agent. (diff)
downloadgnupg2-c94ee1386e0d5cdac51086c4d5b92de59c09c9b5.tar.xz
gnupg2-c94ee1386e0d5cdac51086c4d5b92de59c09c9b5.zip
Replace all calls to access by gnupg_access
* common/sysutils.c (gnupg_access): New. Replace all calls to access by this wrapper. * common/homedir.c (w32_shgetfolderpath): Change to return UTF-8 directory name. (standard_homedir): Adjust for change. (w32_commondir, gnupg_cachedir): Ditto. -- Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows. This is required to correctly handle non-ascii filenames on Windows. GnuPG-bug-id: 5098
-rw-r--r--agent/findkey.c4
-rw-r--r--agent/trustlist.c17
-rw-r--r--common/exechelp-posix.c5
-rw-r--r--common/exechelp-w32.c5
-rw-r--r--common/homedir.c77
-rw-r--r--common/sysutils.c43
-rw-r--r--common/sysutils.h1
-rw-r--r--common/t-exectool.c1
-rw-r--r--dirmngr/certcache.c2
-rw-r--r--dirmngr/dirmngr.c2
-rw-r--r--dirmngr/http.c12
-rw-r--r--g10/gpg.c11
-rw-r--r--g10/keydb.c14
-rw-r--r--g10/keyring.c7
-rw-r--r--g10/migrate.c4
-rw-r--r--g10/openfile.c2
-rw-r--r--g10/tdbio.c8
-rw-r--r--g13/backend.c3
-rw-r--r--g13/g13-syshelp.c2
-rw-r--r--g13/mount.c2
-rw-r--r--g13/suspend.c5
-rw-r--r--kbx/keybox-init.c3
-rw-r--r--kbx/keybox-update.c10
-rw-r--r--sm/gpgsm.c2
-rw-r--r--sm/keydb.c9
-rw-r--r--tools/gpg-wks-server.c19
-rw-r--r--tools/gpgconf-comp.c4
-rw-r--r--tools/wks-util.c5
28 files changed, 151 insertions, 128 deletions
diff --git a/agent/findkey.c b/agent/findkey.c
index fa9e5b548..dd39472a9 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -236,7 +236,7 @@ agent_write_private_key (const unsigned char *grip,
/* FIXME: Write to a temp file first so that write failures during
key updates won't lead to a key loss. */
- if (!force && !access (fname, F_OK))
+ if (!force && !gnupg_access (fname, F_OK))
{
log_error ("secret key file '%s' already exists\n", fname);
xfree (fname);
@@ -1324,7 +1324,7 @@ agent_key_available (const unsigned char *grip)
fname = make_filename (gnupg_homedir (), GNUPG_PRIVATE_KEYS_DIR,
hexgrip, NULL);
- result = !access (fname, R_OK)? 0 : -1;
+ result = !gnupg_access (fname, R_OK)? 0 : -1;
xfree (fname);
return result;
}
diff --git a/agent/trustlist.c b/agent/trustlist.c
index d91e92e07..087afbd51 100644
--- a/agent/trustlist.c
+++ b/agent/trustlist.c
@@ -185,6 +185,7 @@ read_one_trustfile (const char *fname, int allow_include,
{
char *etcname;
gpg_error_t err2;
+ gpg_err_code_t ec;
if (!allow_include)
{
@@ -198,7 +199,7 @@ read_one_trustfile (const char *fname, int allow_include,
if ( !strcmp (etcname, fname) ) /* Same file. */
log_info (_("statement \"%s\" ignored in '%s', line %d\n"),
"include-default", fname, lnr);
- else if ( access (etcname, F_OK) && errno == ENOENT )
+ else if ((ec=gnupg_access (etcname, F_OK)) && ec == GPG_ERR_ENOENT)
{
/* A non existent system trustlist is not an error.
Just print a note. */
@@ -336,6 +337,7 @@ read_trustfiles (void)
size_t tablesize;
char *fname;
int allow_include = 1;
+ gpg_err_code_t ec;
tablesize = 20;
table = xtrycalloc (tablesize, sizeof *table);
@@ -351,13 +353,13 @@ read_trustfiles (void)
return err;
}
- if ( access (fname, F_OK) )
+ if ((ec = gnupg_access (fname, F_OK)))
{
- if ( errno == ENOENT )
+ if ( ec == GPG_ERR_ENOENT )
; /* Silently ignore a non-existing trustfile. */
else
{
- err = gpg_error_from_syserror ();
+ err = gpg_error (ec);
log_error (_("error opening '%s': %s\n"), fname, gpg_strerror (err));
}
xfree (fname);
@@ -601,6 +603,7 @@ gpg_error_t
agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag)
{
gpg_error_t err = 0;
+ gpg_err_code_t ec;
char *desc;
char *fname;
estream_t fp;
@@ -618,7 +621,7 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag)
if (!fname)
return gpg_error_from_syserror ();
- if ( access (fname, W_OK) && errno != ENOENT)
+ if ((ec = access (fname, W_OK)) && ec != GPG_ERR_ENOENT)
{
xfree (fname);
return gpg_error (GPG_ERR_EPERM);
@@ -751,12 +754,12 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag)
xfree (nameformatted);
return err;
}
- if ( access (fname, F_OK) && errno == ENOENT)
+ if ((ec = access (fname, F_OK)) && ec == GPG_ERR_ENOENT)
{
fp = es_fopen (fname, "wx,mode=-rw-r");
if (!fp)
{
- err = gpg_error_from_syserror ();
+ err = gpg_error (ec);
log_error ("can't create '%s': %s\n", fname, gpg_strerror (err));
xfree (fname);
unlock_trusttable ();
diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c
index 2b724ce5f..b14410821 100644
--- a/common/exechelp-posix.c
+++ b/common/exechelp-posix.c
@@ -845,14 +845,15 @@ gpg_error_t
gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
const char *envp[] )
{
+ gpg_err_code_t ec;
pid_t pid;
int i;
if (getuid() != geteuid())
return my_error (GPG_ERR_BUG);
- if (access (pgmname, X_OK))
- return my_error_from_syserror ();
+ if ((ec = gnupg_access (pgmname, X_OK)))
+ return gpg_err_make (default_errsource, ec);
pid = fork ();
if (pid == (pid_t)(-1))
diff --git a/common/exechelp-w32.c b/common/exechelp-w32.c
index be684caaa..a7897cbfc 100644
--- a/common/exechelp-w32.c
+++ b/common/exechelp-w32.c
@@ -866,13 +866,14 @@ gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
int cr_flags;
char *cmdline;
BOOL in_job = FALSE;
+ gpg_err_code_t ec;
/* We don't use ENVP. */
(void)envp;
- if (access (pgmname, X_OK))
- return my_error_from_syserror ();
+ if ((ec = gnupg_access (pgmname, X_OK)))
+ return gpg_err_make (default_errsource, ec);
/* Prepare security attributes. */
memset (&sec_attr, 0, sizeof sec_attr );
diff --git a/common/homedir.c b/common/homedir.c
index f0e5362ba..dd1575cd0 100644
--- a/common/homedir.c
+++ b/common/homedir.c
@@ -117,14 +117,16 @@ w32_try_mkdir (const char *dir)
#endif
-/* This is a helper function to load a Windows function from either of
- one DLLs. */
+/* This is a helper function to load and call a Windows function from
+ * either of one DLLs. On success an UTF-8 file name is returned.
+ * ERRNO is _not_ set on error. */
#ifdef HAVE_W32_SYSTEM
-static HRESULT
-w32_shgetfolderpath (HWND a, int b, HANDLE c, DWORD d, LPSTR e)
+static char *
+w32_shgetfolderpath (HWND a, int b, HANDLE c, DWORD d)
{
static int initialized;
- static HRESULT (WINAPI * func)(HWND,int,HANDLE,DWORD,LPSTR);
+ static HRESULT (WINAPI * func)(HWND,int,HANDLE,DWORD,LPWSTR);
+ wchar_t wfname[MAX_PATH];
if (!initialized)
{
@@ -139,7 +141,7 @@ w32_shgetfolderpath (HWND a, int b, HANDLE c, DWORD d, LPSTR e)
handle = dlopen (dllnames[i], RTLD_LAZY);
if (handle)
{
- func = dlsym (handle, "SHGetFolderPathA");
+ func = dlsym (handle, "SHGetFolderPathW");
if (!func)
{
dlclose (handle);
@@ -149,10 +151,10 @@ w32_shgetfolderpath (HWND a, int b, HANDLE c, DWORD d, LPSTR e)
}
}
- if (func)
- return func (a,b,c,d,e);
+ if (func && func (a,b,c,d,wfname) >= 0)
+ return wchar_to_utf8 (wfname);
else
- return -1;
+ return NULL;
}
#endif /*HAVE_W32_SYSTEM*/
@@ -248,25 +250,17 @@ standard_homedir (void)
}
else
{
- char path[MAX_PATH];
-
- /* It might be better to use LOCAL_APPDATA because this is
- defined as "non roaming" and thus more likely to be kept
- locally. For private keys this is desired. However,
- given that many users copy private keys anyway forth and
- back, using a system roaming services might be better
- than to let them do it manually. A security conscious
- user will anyway use the registry entry to have better
- control. */
- if (w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE,
- NULL, 0, path) >= 0)
+ char *path;
+
+ path = w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE,
+ NULL, 0);
+ if (path)
{
- char *tmp = xmalloc (strlen (path) + 6 +1);
- strcpy (stpcpy (tmp, path), "\\gnupg");
- dir = tmp;
+ dir = xstrconcat (path, "\\gnupg", NULL);
+ xfree (path);
/* Try to create the directory if it does not yet exists. */
- if (access (dir, F_OK))
+ if (gnupg_access (dir, F_OK))
w32_try_mkdir (dir);
}
else
@@ -360,10 +354,10 @@ check_portable_app (const char *dir)
char *fname;
fname = xstrconcat (dir, DIRSEP_S "gpgconf.exe", NULL);
- if (!access (fname, F_OK))
+ if (!gnupg_access (fname, F_OK))
{
strcpy (fname + strlen (fname) - 3, "ctl");
- if (!access (fname, F_OK))
+ if (!gnupg_access (fname, F_OK))
{
/* gpgconf.ctl file found. Record this fact. */
w32_portable_app = 1;
@@ -440,7 +434,7 @@ w32_commondir (void)
if (!dir)
{
const char *rdir;
- char path[MAX_PATH];
+ char *path;
/* Make sure that w32_rootdir has been called so that we are
able to check the portable application flag. The common dir
@@ -450,19 +444,17 @@ w32_commondir (void)
if (w32_portable_app)
return rdir;
- if (w32_shgetfolderpath (NULL, CSIDL_COMMON_APPDATA,
- NULL, 0, path) >= 0)
+ path = w32_shgetfolderpath (NULL, CSIDL_COMMON_APPDATA, NULL, 0);
+ if (path)
{
- char *tmp = xmalloc (strlen (path) + 4 +1);
- strcpy (stpcpy (tmp, path), "\\GNU");
- dir = tmp;
+ dir = xstrconcat (path, "\\GNU", NULL);
/* No auto create of the directory. Either the installer or
- the admin has to create these directories. */
+ * the admin has to create these directories. */
}
else
{
- /* Ooops: Not defined - probably an old Windows version.
- Use the installation directory instead. */
+ /* Folder not found or defined - probably an old Windows
+ * version. Use the installation directory instead. */
dir = xstrdup (rdir);
}
}
@@ -903,7 +895,7 @@ gnupg_cachedir (void)
}
else
{
- char path[MAX_PATH];
+ char *path;
const char *s1[] = { "GNU", "cache", "gnupg", NULL };
int s1_len;
const char **comp;
@@ -912,8 +904,10 @@ gnupg_cachedir (void)
for (comp = s1; *comp; comp++)
s1_len += 1 + strlen (*comp);
- if (w32_shgetfolderpath (NULL, CSIDL_LOCAL_APPDATA|CSIDL_FLAG_CREATE,
- NULL, 0, path) >= 0)
+ path = w32_shgetfolderpath (NULL,
+ CSIDL_LOCAL_APPDATA|CSIDL_FLAG_CREATE,
+ NULL, 0);
+ if (path)
{
char *tmp = xmalloc (strlen (path) + s1_len + 1);
char *p;
@@ -924,11 +918,12 @@ gnupg_cachedir (void)
p = stpcpy (p, "\\");
p = stpcpy (p, *comp);
- if (access (tmp, F_OK))
+ if (gnupg_access (tmp, F_OK))
w32_try_mkdir (tmp);
}
dir = tmp;
+ xfree (path);
}
else
{
@@ -1025,7 +1020,7 @@ get_default_pinentry_name (int reset)
char *name2;
name2 = xstrconcat (names[i].rfnc (), names[i].name, NULL);
- if (!access (name2, F_OK))
+ if (!gnupg_access (name2, F_OK))
{
/* Use that pinentry. */
xfree (name);
diff --git a/common/sysutils.c b/common/sysutils.c
index 140d1d7be..99bc021f5 100644
--- a/common/sysutils.c
+++ b/common/sysutils.c
@@ -811,7 +811,7 @@ gnupg_mkdir (const char *name, const char *modestr)
int
gnupg_chdir (const char *name)
{
- /* Note that gpgrt_chdir also sets ERRNO in addition to returing an
+ /* Note that gpgrt_chdir also sets ERRNO in addition to returning an
* gpg-error style error code. */
return gpgrt_chdir (name);
}
@@ -1033,30 +1033,37 @@ gnupg_unsetenv (const char *name)
/* Return the current working directory as a malloced string. Return
- NULL and sets ERRNo on error. */
+ NULL and sets ERRNO on error. */
char *
gnupg_getcwd (void)
{
- char *buffer;
- size_t size = 100;
+ return gpgrt_getcwd ();
+}
+
+
+/* A simple wrapper around access. NAME is expected to be utf8
+ * encoded. This function returns an error code and sets ERRNO. */
+gpg_err_code_t
+gnupg_access (const char *name, int mode)
+{
+#if GPGRT_VERSION_NUMBER < 0x012800 /* 1.39 */
+# ifdef HAVE_W32_SYSTEM
+ wchar_t *wfname;
- for (;;)
+ wfname = utf8_to_wchar (fname);
+ if (!wfname)
+ ec = gpg_err_code_from_syserror ();
+ else
{
- buffer = xtrymalloc (size+1);
- if (!buffer)
- return NULL;
-#ifdef HAVE_W32CE_SYSTEM
- strcpy (buffer, "/"); /* Always "/". */
- return buffer;
+ ec = _waccess (wfname, mode)? gpg_err_code_from_syserror () : 0;
+ xfree (wfname);
+ }
+# else
+ return access (name, mode)? gpg_err_code_from_syserror () : 0;
+# endif
#else
- if (getcwd (buffer, size) == buffer)
- return buffer;
- xfree (buffer);
- if (errno != ERANGE)
- return NULL;
- size *= 2;
+ return gpgrt_access (name, mode);
#endif
- }
}
diff --git a/common/sysutils.h b/common/sysutils.h
index daded986f..12b45e47c 100644
--- a/common/sysutils.h
+++ b/common/sysutils.h
@@ -73,6 +73,7 @@ char *gnupg_mkdtemp (char *template);
int gnupg_setenv (const char *name, const char *value, int overwrite);
int gnupg_unsetenv (const char *name);
char *gnupg_getcwd (void);
+gpg_err_code_t gnupg_access (const char *name, int mode);
gpg_error_t gnupg_chuid (const char *user, int silent);
char *gnupg_get_socket_name (int fd);
int gnupg_fd_valid (int fd);
diff --git a/common/t-exectool.c b/common/t-exectool.c
index 9cea2d1be..e1fffdcaa 100644
--- a/common/t-exectool.c
+++ b/common/t-exectool.c
@@ -45,6 +45,7 @@ test_executing_true (void)
char *result;
size_t len;
+ /* Fixme: We should use gpgrt_access here. */
if (access (pgmname, X_OK))
{
if (access (alt_pgmname, X_OK))
diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c
index 87f605eab..04da510a0 100644
--- a/dirmngr/certcache.c
+++ b/dirmngr/certcache.c
@@ -685,7 +685,7 @@ load_certs_from_system (void)
gpg_error_t err = 0;
for (idx=0; idx < DIM (table); idx++)
- if (!access (table[idx].name, F_OK))
+ if (!gnupg_access (table[idx].name, F_OK))
{
/* Take the first available bundle. */
err = load_certs_from_file (table[idx].name, CERTTRUST_CLASS_SYSTEM, 0);
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 3f07b2eac..a7b0cc051 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -1099,7 +1099,7 @@ main (int argc, char **argv)
log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
}
- if (!access ("/etc/"DIRMNGR_NAME, F_OK)
+ if (!gnupg_access ("/etc/"DIRMNGR_NAME, F_OK)
&& !strncmp (gnupg_homedir (), "/etc/", 5))
log_info
("NOTE: DirMngr is now a proper part of %s. The configuration and"
diff --git a/dirmngr/http.c b/dirmngr/http.c
index bfbc30276..f7f65303b 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -577,6 +577,7 @@ http_register_tls_callback (gpg_error_t (*cb)(http_t, http_session_t, int))
void
http_register_tls_ca (const char *fname)
{
+ gpg_err_code_t ec;
strlist_t sl;
if (!fname)
@@ -588,9 +589,8 @@ http_register_tls_ca (const char *fname)
{
/* Warn if we can't access right now, but register it anyway in
case it becomes accessible later */
- if (access (fname, F_OK))
- log_info (_("can't access '%s': %s\n"), fname,
- gpg_strerror (gpg_error_from_syserror()));
+ if ((ec = gnupg_access (fname, F_OK)))
+ log_info (_("can't access '%s': %s\n"), fname, gpg_strerror (ec));
sl = add_to_strlist (&tls_ca_certlist, fname);
if (*sl->d && !strcmp (sl->d + strlen (sl->d) - 4, ".pem"))
sl->flags = 1;
@@ -606,6 +606,7 @@ http_register_tls_ca (const char *fname)
void
http_register_cfg_ca (const char *fname)
{
+ gpg_err_code_t ec;
strlist_t sl;
if (!fname)
@@ -617,9 +618,8 @@ http_register_cfg_ca (const char *fname)
{
/* Warn if we can't access right now, but register it anyway in
case it becomes accessible later */
- if (access (fname, F_OK))
- log_info (_("can't access '%s': %s\n"), fname,
- gpg_strerror (gpg_error_from_syserror()));
+ if ((ec = gnupg_access (fname, F_OK)))
+ log_info (_("can't access '%s': %s\n"), fname, gpg_strerror (ec));
sl = add_to_strlist (&cfg_ca_certlist, fname);
if (*sl->d && !strcmp (sl->d + strlen (sl->d) - 4, ".pem"))
sl->flags = 1;
diff --git a/g10/gpg.c b/g10/gpg.c
index ac405a759..412867b91 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -4072,13 +4072,14 @@ main (int argc, char **argv)
}
/* Set the random seed file. */
- if( use_random_seed ) {
- char *p = make_filename (gnupg_homedir (), "random_seed", NULL );
- gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p);
- if (!access (p, F_OK))
+ if (use_random_seed)
+ {
+ char *p = make_filename (gnupg_homedir (), "random_seed", NULL );
+ gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p);
+ if (!gnupg_access (p, F_OK))
register_secured_file (p);
xfree(p);
- }
+ }
/* If there is no command but the --fingerprint is given, default
to the --list-keys command. */
diff --git a/g10/keydb.c b/g10/keydb.c
index 66e7d9520..ddbab7300 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -29,6 +29,7 @@
#include "gpg.h"
#include "../common/util.h"
+#include "../common/sysutils.h"
#include "options.h"
#include "main.h" /*try_make_homedir ()*/
#include "packet.h"
@@ -211,6 +212,7 @@ keyblock_cache_clear (struct keydb_handle_s *hd)
static gpg_error_t
maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
{
+ gpg_err_code_t ec;
dotlock_t lockhd = NULL;
IOBUF iobuf;
int rc;
@@ -221,8 +223,8 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
int save_slash;
/* A quick test whether the filename already exists. */
- if (!access (filename, F_OK))
- return !access (filename, R_OK)? 0 : gpg_error (GPG_ERR_EACCES);
+ if (!gnupg_access (filename, F_OK))
+ return !gnupg_access (filename, R_OK)? 0 : gpg_error (GPG_ERR_EACCES);
/* If we don't want to create a new file at all, there is no need to
go any further - bail out right here. */
@@ -257,9 +259,9 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
tried = 1;
try_make_homedir (filename);
}
- if (access (filename, F_OK))
+ if ((ec = gnupg_access (filename, F_OK)))
{
- rc = gpg_error_from_syserror ();
+ rc = gpg_error (ec);
*last_slash_in_filename = save_slash;
goto leave;
}
@@ -316,12 +318,12 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
if (rc)
goto leave;
- if (!access (filename, F_OK))
+ if (!gnupg_access (filename, F_OK))
{
rc = 0; /* Okay, we may access the file now. */
goto leave;
}
- if (!access (bak_fname, F_OK) && !access (tmp_fname, F_OK))
+ if (!gnupg_access (bak_fname, F_OK) && !gnupg_access (tmp_fname, F_OK))
{
/* Very likely another process is updating a pubring.gpg and we
should not create a pubring.kbx. */
diff --git a/g10/keyring.c b/g10/keyring.c
index 9cd66db3a..f9ac83615 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -228,7 +228,7 @@ keyring_is_writable (void *token)
{
KR_RESOURCE r = token;
- return r? (r->read_only || !access (r->fname, W_OK)) : 0;
+ return r? (r->read_only || !gnupg_access (r->fname, W_OK)) : 0;
}
@@ -1601,6 +1601,7 @@ static int
do_copy (int mode, const char *fname, KBNODE root,
off_t start_offset, unsigned int n_packets )
{
+ gpg_err_code_t ec;
IOBUF fp, newfp;
int rc=0;
char *bakfname = NULL;
@@ -1608,8 +1609,8 @@ do_copy (int mode, const char *fname, KBNODE root,
/* Open the source file. Because we do a rename, we have to check the
permissions of the file */
- if (access (fname, W_OK))
- return gpg_error_from_syserror ();
+ if ((ec = gnupg_access (fname, W_OK)))
+ return gpg_error (ec);
fp = iobuf_open (fname);
if (mode == 1 && !fp && errno == ENOENT) {
diff --git a/g10/migrate.c b/g10/migrate.c
index c52c67a77..9045ae66e 100644
--- a/g10/migrate.c
+++ b/g10/migrate.c
@@ -50,10 +50,10 @@ migrate_secring (ctrl_t ctrl)
char *agent_version = NULL;
secring = make_filename (gnupg_homedir (), "secring" EXTSEP_S "gpg", NULL);
- if (access (secring, F_OK))
+ if (gnupg_access (secring, F_OK))
goto leave; /* Does not exist or is not readable. */
flagfile = make_filename (gnupg_homedir (), V21_MIGRATION_FNAME, NULL);
- if (!access (flagfile, F_OK))
+ if (!gnupg_access (flagfile, F_OK))
goto leave; /* Does exist - fine. */
log_info ("starting migration from earlier GnuPG versions\n");
diff --git a/g10/openfile.c b/g10/openfile.c
index f4730da22..424fd9114 100644
--- a/g10/openfile.c
+++ b/g10/openfile.c
@@ -326,7 +326,7 @@ get_matching_datafile (const char *sigfilename)
fname = xstrdup (sigfilename);
fname[len-(fname[len-1]=='n'?5:4)] = 0 ;
- if (access (fname, R_OK ))
+ if (gnupg_access (fname, R_OK ))
{
/* Not found or other error. */
xfree (fname);
diff --git a/g10/tdbio.c b/g10/tdbio.c
index 9f01667b4..2b2944fdd 100644
--- a/g10/tdbio.c
+++ b/g10/tdbio.c
@@ -711,17 +711,19 @@ tdbio_set_dbname (ctrl_t ctrl, const char *new_dbname,
log_assert (p);
save_slash = *p;
*p = 0;
- if (access (fname, F_OK))
+ if (gnupg_access (fname, F_OK))
{
try_make_homedir (fname);
- if (access (fname, F_OK))
+ if (gnupg_access (fname, F_OK))
log_fatal (_("%s: directory does not exist!\n"), fname);
}
*p = save_slash;
take_write_lock ();
- if (access (fname, R_OK) || stat (fname, &statbuf) || statbuf.st_size == 0)
+ if (gnupg_access (fname, R_OK)
+ || stat (fname, &statbuf)
+ || statbuf.st_size == 0)
{
FILE *fp;
TRUSTREC rec;
diff --git a/g13/backend.c b/g13/backend.c
index 835c66be4..71cd6ffc1 100644
--- a/g13/backend.c
+++ b/g13/backend.c
@@ -27,6 +27,7 @@
#include "g13.h"
#include "../common/i18n.h"
+#include "../common/sysutils.h"
#include "keyblob.h"
#include "backend.h"
#include "be-encfs.h"
@@ -116,7 +117,7 @@ be_take_lock_for_create (ctrl_t ctrl, const char *fname, dotlock_t *r_lock)
/* A quick check to see that no container with that name already
exists. */
- if (!access (fname, F_OK))
+ if (!gnupg_access (fname, F_OK))
{
err = gpg_error (GPG_ERR_EEXIST);
goto leave;
diff --git a/g13/g13-syshelp.c b/g13/g13-syshelp.c
index d65f26b2f..4bfd927a7 100644
--- a/g13/g13-syshelp.c
+++ b/g13/g13-syshelp.c
@@ -581,7 +581,7 @@ g13_syshelp_i_know_what_i_am_doing (void)
char *fname;
fname = make_filename (gnupg_sysconfdir (), yesfile, NULL);
- if (access (fname, F_OK))
+ if (gnupg_access (fname, F_OK))
{
log_info ("*******************************************************\n");
log_info ("* The G13 support for DM-Crypt is new and not matured.\n");
diff --git a/g13/mount.c b/g13/mount.c
index dc415b12d..bee47fbd5 100644
--- a/g13/mount.c
+++ b/g13/mount.c
@@ -76,7 +76,7 @@ g13_mount_container (ctrl_t ctrl, const char *filename, const char *mountpoint)
else
{
/* A quick check to see whether we can the container exists. */
- if (access (filename, R_OK))
+ if (gnupg_access (filename, R_OK))
return gpg_error_from_syserror ();
}
diff --git a/g13/suspend.c b/g13/suspend.c
index 0aa20f01c..44c52ddc5 100644
--- a/g13/suspend.c
+++ b/g13/suspend.c
@@ -28,6 +28,7 @@
#include "g13.h"
#include "../common/i18n.h"
+#include "../common/sysutils.h"
#include "suspend.h"
#include "keyblob.h"
@@ -45,7 +46,7 @@ g13_suspend_container (ctrl_t ctrl, const char *filename)
int needs_syshelp;
/* A quick check to see whether the container exists. */
- if (access (filename, R_OK))
+ if (gnupg_access (filename, R_OK))
return gpg_error_from_syserror ();
/* Decide whether we need to use the g13-syshelp because we can't
@@ -80,7 +81,7 @@ g13_resume_container (ctrl_t ctrl, const char *filename)
char *mountpoint_buffer = NULL;
/* A quick check to see whether the container exists. */
- if (access (filename, R_OK))
+ if (gnupg_access (filename, R_OK))
return gpg_error_from_syserror ();
/* Decide whether we need to use the g13-syshelp because we can't
diff --git a/kbx/keybox-init.c b/kbx/keybox-init.c
index 2223f4d15..248a0a543 100644
--- a/kbx/keybox-init.c
+++ b/kbx/keybox-init.c
@@ -25,6 +25,7 @@
#include <assert.h>
#include "keybox-defs.h"
+#include "../common/sysutils.h"
#include "../common/mischelp.h"
static KB_NAME kb_names;
@@ -80,7 +81,7 @@ keybox_is_writable (void *token)
{
KB_NAME r = token;
- return r? !access (r->fname, W_OK) : 0;
+ return r? !gnupg_access (r->fname, W_OK) : 0;
}
diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c
index fbcaec7b9..e263bc3d6 100644
--- a/kbx/keybox-update.c
+++ b/kbx/keybox-update.c
@@ -161,6 +161,7 @@ static int
blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
int secret, int for_openpgp, off_t start_offset)
{
+ gpg_err_code_t ec;
FILE *fp, *newfp;
int rc=0;
char *bakfname = NULL;
@@ -170,8 +171,8 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
/* Open the source file. Because we do a rename, we have to check the
permissions of the file */
- if (access (fname, W_OK))
- return gpg_error_from_syserror ();
+ if ((ec = gnupg_access (fname, W_OK)))
+ return gpg_error (ec);
fp = fopen (fname, "rb");
if (mode == FILECOPY_INSERT && !fp && errno == ENOENT)
@@ -626,6 +627,7 @@ keybox_delete (KEYBOX_HANDLE hd)
int
keybox_compress (KEYBOX_HANDLE hd)
{
+ gpg_err_code_t ec;
int read_rc, rc;
const char *fname;
FILE *fp, *newfp;
@@ -651,8 +653,8 @@ keybox_compress (KEYBOX_HANDLE hd)
/* Open the source file. Because we do a rename, we have to check the
permissions of the file */
- if (access (fname, W_OK))
- return gpg_error_from_syserror ();
+ if ((ec = gnupg_access (fname, W_OK)))
+ return gpg_error (ec);
fp = fopen (fname, "rb");
if (!fp && errno == ENOENT)
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index cc3aa5d6a..ef5f801c8 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -1807,7 +1807,7 @@ main ( int argc, char **argv)
filelist[0] = make_filename (gnupg_datadir (),"com-certs.pem", NULL);
filelist[1] = NULL;
- if (!access (filelist[0], F_OK))
+ if (!gnupg_access (filelist[0], F_OK))
{
log_info (_("importing common certificates '%s'\n"),
filelist[0]);
diff --git a/sm/keydb.c b/sm/keydb.c
index e6b7a5b23..af8bf8629 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -206,6 +206,7 @@ try_make_homedir (const char *fname)
static gpg_error_t
maybe_create_keybox (char *filename, int force, int *r_created)
{
+ gpg_err_code_t ec;
dotlock_t lockhd = NULL;
FILE *fp;
int rc;
@@ -217,8 +218,8 @@ maybe_create_keybox (char *filename, int force, int *r_created)
*r_created = 0;
/* A quick test whether the filename already exists. */
- if (!access (filename, F_OK))
- return !access (filename, R_OK)? 0 : gpg_error (GPG_ERR_EACCES);
+ if (!gnupg_access (filename, F_OK))
+ return !gnupg_access (filename, R_OK)? 0 : gpg_error (GPG_ERR_EACCES);
/* If we don't want to create a new file at all, there is no need to
go any further - bail out right here. */
@@ -253,9 +254,9 @@ maybe_create_keybox (char *filename, int force, int *r_created)
tried = 1;
try_make_homedir (filename);
}
- if (access (filename, F_OK))
+ if ((ec = gnupg_access (filename, F_OK)))
{
- rc = gpg_error_from_syserror ();
+ rc = gpg_error (ec);
*last_slash_in_filename = save_slash;
goto leave;
}
diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c
index 967572581..32cd46530 100644
--- a/tools/gpg-wks-server.c
+++ b/tools/gpg-wks-server.c
@@ -1182,7 +1182,7 @@ process_new_key (server_ctx_t ctx, estream_t key)
goto leave;
}
- if (access (dname, W_OK))
+ if (gnupg_access (dname, W_OK))
{
log_info ("skipping address '%s': Domain not configured\n", sl->mbox);
continue;
@@ -1459,7 +1459,7 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce)
err = gpg_error_from_syserror ();
goto leave;
}
- if (!access (fnewname, W_OK))
+ if (!gnupg_access (fnewname, W_OK))
{
/* Yes, we have a dane directory. */
s = strchr (address, '@');
@@ -1795,7 +1795,7 @@ command_list_domains (void)
{ "pending", "-rwx" },
{ "hu", "-rwxr-xr-x" }
};
-
+ gpg_err_code_t ec;
gpg_error_t err;
strlist_t domaindirs;
strlist_t sl;
@@ -1832,9 +1832,9 @@ command_list_domains (void)
err = gpg_error_from_syserror ();
goto leave;
}
- if (access (fname, W_OK))
+ if ((ec = gnupg_access (fname, W_OK)))
{
- err = gpg_error_from_syserror ();
+ err = gpg_error (ec);
if (gpg_err_code (err) == GPG_ERR_ENOENT)
{
if (gnupg_mkdir (fname, requireddirs[i].perm))
@@ -1862,9 +1862,9 @@ command_list_domains (void)
err = gpg_error_from_syserror ();
goto leave;
}
- if (access (fname, F_OK))
+ if ((ec = gnupg_access (fname, F_OK)))
{
- err = gpg_error_from_syserror ();
+ err = gpg_error (ec);
if (gpg_err_code (err) == GPG_ERR_ENOENT)
log_error ("domain %s: submission address not configured\n",
domain);
@@ -1941,6 +1941,7 @@ command_cron (void)
static gpg_error_t
command_check_key (const char *userid)
{
+ gpg_err_code_t ec;
gpg_error_t err;
char *addrspec = NULL;
char *fname = NULL;
@@ -1949,9 +1950,9 @@ command_check_key (const char *userid)
if (err)
goto leave;
- if (access (fname, R_OK))
+ if ((ec = gnupg_access (fname, R_OK)))
{
- err = gpg_error_from_syserror ();
+ err = gpg_error (ec);
if (opt_with_file)
es_printf ("%s n %s\n", addrspec, fname);
if (gpg_err_code (err) == GPG_ERR_ENOENT)
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index dacc53328..5efe6e50a 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -1581,7 +1581,7 @@ retrieve_options_from_program (gc_component_id_t component, int only_installed)
? gnupg_module_name (gc_component[component].module_name)
: gc_component[component].program );
- if (only_installed && access (pgmname, X_OK))
+ if (only_installed && gnupg_access (pgmname, X_OK))
{
return; /* The component is not installed. */
}
@@ -3230,7 +3230,7 @@ gc_apply_profile (const char *fname)
* is installed and use that instead of the given file name. */
fname_buffer = xstrconcat (gnupg_datadir (), DIRSEP_S,
fname, ".prf", NULL);
- if (!access (fname_buffer, F_OK))
+ if (!gnupg_access (fname_buffer, F_OK))
fname = fname_buffer;
}
diff --git a/tools/wks-util.c b/tools/wks-util.c
index 30461f850..1706c694a 100644
--- a/tools/wks-util.c
+++ b/tools/wks-util.c
@@ -873,6 +873,7 @@ wks_compute_hu_fname (char **r_fname, const char *addrspec)
static gpg_error_t
ensure_policy_file (const char *addrspec)
{
+ gpg_err_code_t ec;
gpg_error_t err;
const char *domain;
char *fname;
@@ -890,12 +891,12 @@ ensure_policy_file (const char *addrspec)
goto leave;
/* First a quick check whether it already exists. */
- if (!access (fname, F_OK))
+ if (!(ec = gnupg_access (fname, F_OK)))
{
err = 0; /* File already exists. */
goto leave;
}
- err = gpg_error_from_syserror ();
+ err = gpg_error (ec);
if (gpg_err_code (err) == GPG_ERR_ENOENT)
err = 0;
else