security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

Replace all calls to access by gnupg_access 

* common/sysutils.c (gnupg_access): New.  Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--

Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.

This is required to correctly handle non-ascii filenames on Windows.

GnuPG-bug-id: 5098
This commit is contained in:
Werner Koch 2020-10-20 10:43:55 +02:00
parent 228836f79f
commit c94ee1386e
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
28 changed files with 151 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
agent/findkey.c
View File

@ -236,7 +236,7 @@ agent_write_private_key (const unsigned char *grip,
/* FIXME: Write to a temp file first so that write failures during
key updates won't lead to a key loss. */
if (!force && !access (fname, F_OK))
if (!force && !gnupg_access (fname, F_OK))
{
log_error ("secret key file '%s' already exists\n", fname);
xfree (fname);
@ -1324,7 +1324,7 @@ agent_key_available (const unsigned char *grip)
fname = make_filename (gnupg_homedir (), GNUPG_PRIVATE_KEYS_DIR,
hexgrip, NULL);
result = !access (fname, R_OK)? 0 : -1;
result = !gnupg_access (fname, R_OK)? 0 : -1;
xfree (fname);
return result;
}

17
agent/trustlist.c
View File

@ -185,6 +185,7 @@ read_one_trustfile (const char *fname, int allow_include,
{
char *etcname;
gpg_error_t err2;
gpg_err_code_t ec;
if (!allow_include)
{
@ -198,7 +199,7 @@ read_one_trustfile (const char *fname, int allow_include,
if ( !strcmp (etcname, fname) ) /* Same file. */
log_info (_("statement \"%s\" ignored in '%s', line %d\n"),
"include-default", fname, lnr);
else if ( access (etcname, F_OK) && errno == ENOENT )
else if ((ec=gnupg_access (etcname, F_OK)) && ec == GPG_ERR_ENOENT)
{
/* A non existent system trustlist is not an error.
Just print a note. */
@ -336,6 +337,7 @@ read_trustfiles (void)
size_t tablesize;
char *fname;
int allow_include = 1;
gpg_err_code_t ec;
tablesize = 20;
table = xtrycalloc (tablesize, sizeof *table);
@ -351,13 +353,13 @@ read_trustfiles (void)
return err;
}
if ( access (fname, F_OK) )
if ((ec = gnupg_access (fname, F_OK)))
{
if ( errno == ENOENT )
if ( ec == GPG_ERR_ENOENT )
; /* Silently ignore a non-existing trustfile. */
else
{
err = gpg_error_from_syserror ();
err = gpg_error (ec);
log_error (_("error opening '%s': %s\n"), fname, gpg_strerror (err));
}
xfree (fname);
@ -601,6 +603,7 @@ gpg_error_t
agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag)
{
gpg_error_t err = 0;
gpg_err_code_t ec;
char *desc;
char *fname;
estream_t fp;
@ -618,7 +621,7 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag)
if (!fname)
return gpg_error_from_syserror ();
if ( access (fname, W_OK) && errno != ENOENT)
if ((ec = access (fname, W_OK)) && ec != GPG_ERR_ENOENT)
{
xfree (fname);
return gpg_error (GPG_ERR_EPERM);
@ -751,12 +754,12 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag)
xfree (nameformatted);
return err;
}
if ( access (fname, F_OK) && errno == ENOENT)
if ((ec = access (fname, F_OK)) && ec == GPG_ERR_ENOENT)
{
fp = es_fopen (fname, "wx,mode=-rw-r");
if (!fp)
{
err = gpg_error_from_syserror ();
err = gpg_error (ec);
log_error ("can't create '%s': %s\n", fname, gpg_strerror (err));
xfree (fname);
unlock_trusttable ();

5
common/exechelp-posix.c
View File

@ -845,14 +845,15 @@ gpg_error_t
gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
const char *envp[] )
{
gpg_err_code_t ec;
pid_t pid;
int i;
if (getuid() != geteuid())
return my_error (GPG_ERR_BUG);
if (access (pgmname, X_OK))
return my_error_from_syserror ();
if ((ec = gnupg_access (pgmname, X_OK)))
return gpg_err_make (default_errsource, ec);
pid = fork ();
if (pid == (pid_t)(-1))

5
common/exechelp-w32.c
View File

@ -866,13 +866,14 @@ gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
int cr_flags;
char *cmdline;
BOOL in_job = FALSE;
gpg_err_code_t ec;
/* We don't use ENVP. */
(void)envp;
if (access (pgmname, X_OK))
return my_error_from_syserror ();
if ((ec = gnupg_access (pgmname, X_OK)))
return gpg_err_make (default_errsource, ec);
/* Prepare security attributes. */
memset (&sec_attr, 0, sizeof sec_attr );

75
common/homedir.c
View File

@ -117,14 +117,16 @@ w32_try_mkdir (const char *dir)
#endif
/* This is a helper function to load a Windows function from either of
one DLLs. */
/* This is a helper function to load and call a Windows function from
* either of one DLLs. On success an UTF-8 file name is returned.
* ERRNO is _not_ set on error. */
#ifdef HAVE_W32_SYSTEM
static HRESULT
w32_shgetfolderpath (HWND a, int b, HANDLE c, DWORD d, LPSTR e)
static char *
w32_shgetfolderpath (HWND a, int b, HANDLE c, DWORD d)
{
static int initialized;
static HRESULT (WINAPI * func)(HWND,int,HANDLE,DWORD,LPSTR);
static HRESULT (WINAPI * func)(HWND,int,HANDLE,DWORD,LPWSTR);
wchar_t wfname[MAX_PATH];
if (!initialized)
{
@ -139,7 +141,7 @@ w32_shgetfolderpath (HWND a, int b, HANDLE c, DWORD d, LPSTR e)
handle = dlopen (dllnames[i], RTLD_LAZY);
if (handle)
{
func = dlsym (handle, "SHGetFolderPathA");
func = dlsym (handle, "SHGetFolderPathW");
if (!func)
{
dlclose (handle);
@ -149,10 +151,10 @@ w32_shgetfolderpath (HWND a, int b, HANDLE c, DWORD d, LPSTR e)
}
}
if (func)
return func (a,b,c,d,e);
if (func && func (a,b,c,d,wfname) >= 0)
return wchar_to_utf8 (wfname);
else
return -1;
return NULL;
}
#endif /*HAVE_W32_SYSTEM*/
@ -248,25 +250,17 @@ standard_homedir (void)
}
else
{
char path[MAX_PATH];
char *path;
/* It might be better to use LOCAL_APPDATA because this is
defined as "non roaming" and thus more likely to be kept
locally. For private keys this is desired. However,
given that many users copy private keys anyway forth and
back, using a system roaming services might be better
than to let them do it manually. A security conscious
user will anyway use the registry entry to have better
control. */
if (w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE,
NULL, 0, path) >= 0)
path = w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE,
NULL, 0);
if (path)
{
char *tmp = xmalloc (strlen (path) + 6 +1);
strcpy (stpcpy (tmp, path), "\\gnupg");
dir = tmp;
dir = xstrconcat (path, "\\gnupg", NULL);
xfree (path);
/* Try to create the directory if it does not yet exists. */
if (access (dir, F_OK))
if (gnupg_access (dir, F_OK))
w32_try_mkdir (dir);
}
else
@ -360,10 +354,10 @@ check_portable_app (const char *dir)
char *fname;
fname = xstrconcat (dir, DIRSEP_S "gpgconf.exe", NULL);
if (!access (fname, F_OK))
if (!gnupg_access (fname, F_OK))
{
strcpy (fname + strlen (fname) - 3, "ctl");
if (!access (fname, F_OK))
if (!gnupg_access (fname, F_OK))
{
/* gpgconf.ctl file found. Record this fact. */
w32_portable_app = 1;
@ -440,7 +434,7 @@ w32_commondir (void)
if (!dir)
{
const char *rdir;
char path[MAX_PATH];
char *path;
/* Make sure that w32_rootdir has been called so that we are
able to check the portable application flag. The common dir
@ -450,19 +444,17 @@ w32_commondir (void)
if (w32_portable_app)
return rdir;
if (w32_shgetfolderpath (NULL, CSIDL_COMMON_APPDATA,
NULL, 0, path) >= 0)
path = w32_shgetfolderpath (NULL, CSIDL_COMMON_APPDATA, NULL, 0);
if (path)
{
char *tmp = xmalloc (strlen (path) + 4 +1);
strcpy (stpcpy (tmp, path), "\\GNU");
dir = tmp;
dir = xstrconcat (path, "\\GNU", NULL);
/* No auto create of the directory. Either the installer or
the admin has to create these directories. */
* the admin has to create these directories. */
}
else
{
/* Ooops: Not defined - probably an old Windows version.
Use the installation directory instead. */
/* Folder not found or defined - probably an old Windows
* version. Use the installation directory instead. */
dir = xstrdup (rdir);
}
}
@ -903,7 +895,7 @@ gnupg_cachedir (void)
}
else
{
char path[MAX_PATH];
char *path;
const char *s1[] = { "GNU", "cache", "gnupg", NULL };
int s1_len;
const char **comp;
@ -912,8 +904,10 @@ gnupg_cachedir (void)
for (comp = s1; *comp; comp++)
s1_len += 1 + strlen (*comp);
if (w32_shgetfolderpath (NULL, CSIDL_LOCAL_APPDATA|CSIDL_FLAG_CREATE,
NULL, 0, path) >= 0)
path = w32_shgetfolderpath (NULL,
CSIDL_LOCAL_APPDATA|CSIDL_FLAG_CREATE,
NULL, 0);
if (path)
{
char *tmp = xmalloc (strlen (path) + s1_len + 1);
char *p;
@ -924,11 +918,12 @@ gnupg_cachedir (void)
p = stpcpy (p, "\\");
p = stpcpy (p, *comp);
if (access (tmp, F_OK))
if (gnupg_access (tmp, F_OK))
w32_try_mkdir (tmp);
}
dir = tmp;
xfree (path);
}
else
{
@ -1025,7 +1020,7 @@ get_default_pinentry_name (int reset)
char *name2;
name2 = xstrconcat (names[i].rfnc (), names[i].name, NULL);
if (!access (name2, F_OK))
if (!gnupg_access (name2, F_OK))
{
/* Use that pinentry. */
xfree (name);

45
common/sysutils.c
View File

@ -811,7 +811,7 @@ gnupg_mkdir (const char *name, const char *modestr)
int
gnupg_chdir (const char *name)
{
/* Note that gpgrt_chdir also sets ERRNO in addition to returing an
/* Note that gpgrt_chdir also sets ERRNO in addition to returning an
* gpg-error style error code. */
return gpgrt_chdir (name);
}
@ -1033,30 +1033,37 @@ gnupg_unsetenv (const char *name)
/* Return the current working directory as a malloced string. Return
NULL and sets ERRNo on error. */
NULL and sets ERRNO on error. */
char *
gnupg_getcwd (void)
{
char *buffer;
size_t size = 100;
return gpgrt_getcwd ();
}
for (;;)
/* A simple wrapper around access. NAME is expected to be utf8
* encoded. This function returns an error code and sets ERRNO. */
gpg_err_code_t
gnupg_access (const char *name, int mode)
{
#if GPGRT_VERSION_NUMBER < 0x012800 /* 1.39 */
# ifdef HAVE_W32_SYSTEM
wchar_t *wfname;
wfname = utf8_to_wchar (fname);
if (!wfname)
ec = gpg_err_code_from_syserror ();
else
{
buffer = xtrymalloc (size+1);
if (!buffer)
return NULL;
#ifdef HAVE_W32CE_SYSTEM
strcpy (buffer, "/"); /* Always "/". */
return buffer;
#else
if (getcwd (buffer, size) == buffer)
return buffer;
xfree (buffer);
if (errno != ERANGE)
return NULL;
size *= 2;
#endif
ec = _waccess (wfname, mode)? gpg_err_code_from_syserror () : 0;
xfree (wfname);
}
# else
return access (name, mode)? gpg_err_code_from_syserror () : 0;
# endif
#else
return gpgrt_access (name, mode);
#endif
}

1
common/sysutils.h
View File

@ -73,6 +73,7 @@ char *gnupg_mkdtemp (char *template);
int gnupg_setenv (const char *name, const char *value, int overwrite);
int gnupg_unsetenv (const char *name);
char *gnupg_getcwd (void);
gpg_err_code_t gnupg_access (const char *name, int mode);
gpg_error_t gnupg_chuid (const char *user, int silent);
char *gnupg_get_socket_name (int fd);
int gnupg_fd_valid (int fd);

1
common/t-exectool.c
View File

@ -45,6 +45,7 @@ test_executing_true (void)
char *result;
size_t len;
/* Fixme: We should use gpgrt_access here. */
if (access (pgmname, X_OK))
{
if (access (alt_pgmname, X_OK))

2
dirmngr/certcache.c
View File

@ -685,7 +685,7 @@ load_certs_from_system (void)
gpg_error_t err = 0;
for (idx=0; idx < DIM (table); idx++)
if (!access (table[idx].name, F_OK))
if (!gnupg_access (table[idx].name, F_OK))
{
/* Take the first available bundle. */
err = load_certs_from_file (table[idx].name, CERTTRUST_CLASS_SYSTEM, 0);

2
dirmngr/dirmngr.c
View File

@ -1099,7 +1099,7 @@ main (int argc, char **argv)
log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
}
if (!access ("/etc/"DIRMNGR_NAME, F_OK)
if (!gnupg_access ("/etc/"DIRMNGR_NAME, F_OK)
&& !strncmp (gnupg_homedir (), "/etc/", 5))
log_info
("NOTE: DirMngr is now a proper part of %s. The configuration and"

12
dirmngr/http.c
View File

@ -577,6 +577,7 @@ http_register_tls_callback (gpg_error_t (*cb)(http_t, http_session_t, int))
void
http_register_tls_ca (const char *fname)
{
gpg_err_code_t ec;
strlist_t sl;
if (!fname)
@ -588,9 +589,8 @@ http_register_tls_ca (const char *fname)
{
/* Warn if we can't access right now, but register it anyway in
case it becomes accessible later */
if (access (fname, F_OK))
log_info (_("can't access '%s': %s\n"), fname,
gpg_strerror (gpg_error_from_syserror()));
if ((ec = gnupg_access (fname, F_OK)))
log_info (_("can't access '%s': %s\n"), fname, gpg_strerror (ec));
sl = add_to_strlist (&tls_ca_certlist, fname);
if (*sl->d && !strcmp (sl->d + strlen (sl->d) - 4, ".pem"))
sl->flags = 1;
@ -606,6 +606,7 @@ http_register_tls_ca (const char *fname)
void
http_register_cfg_ca (const char *fname)
{
gpg_err_code_t ec;
strlist_t sl;
if (!fname)
@ -617,9 +618,8 @@ http_register_cfg_ca (const char *fname)
{
/* Warn if we can't access right now, but register it anyway in
case it becomes accessible later */
if (access (fname, F_OK))
log_info (_("can't access '%s': %s\n"), fname,
gpg_strerror (gpg_error_from_syserror()));
if ((ec = gnupg_access (fname, F_OK)))
log_info (_("can't access '%s': %s\n"), fname, gpg_strerror (ec));
sl = add_to_strlist (&cfg_ca_certlist, fname);
if (*sl->d && !strcmp (sl->d + strlen (sl->d) - 4, ".pem"))
sl->flags = 1;

11
g10/gpg.c
View File

@ -4072,13 +4072,14 @@ main (int argc, char **argv)
}
/* Set the random seed file. */
if( use_random_seed ) {
char *p = make_filename (gnupg_homedir (), "random_seed", NULL );
gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p);
if (!access (p, F_OK))
if (use_random_seed)
{
char *p = make_filename (gnupg_homedir (), "random_seed", NULL );
gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p);
if (!gnupg_access (p, F_OK))
register_secured_file (p);
xfree(p);
}
}
/* If there is no command but the --fingerprint is given, default
to the --list-keys command. */

14
g10/keydb.c
View File

@ -29,6 +29,7 @@
#include "gpg.h"
#include "../common/util.h"
#include "../common/sysutils.h"
#include "options.h"
#include "main.h" /*try_make_homedir ()*/
#include "packet.h"
@ -211,6 +212,7 @@ keyblock_cache_clear (struct keydb_handle_s *hd)
static gpg_error_t
maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
{
gpg_err_code_t ec;
dotlock_t lockhd = NULL;
IOBUF iobuf;
int rc;
@ -221,8 +223,8 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
int save_slash;
/* A quick test whether the filename already exists. */
if (!access (filename, F_OK))
return !access (filename, R_OK)? 0 : gpg_error (GPG_ERR_EACCES);
if (!gnupg_access (filename, F_OK))
return !gnupg_access (filename, R_OK)? 0 : gpg_error (GPG_ERR_EACCES);
/* If we don't want to create a new file at all, there is no need to
go any further - bail out right here. */
@ -257,9 +259,9 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
tried = 1;
try_make_homedir (filename);
}
if (access (filename, F_OK))
if ((ec = gnupg_access (filename, F_OK)))
{
rc = gpg_error_from_syserror ();
rc = gpg_error (ec);
*last_slash_in_filename = save_slash;
goto leave;
}
@ -316,12 +318,12 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
if (rc)
goto leave;
if (!access (filename, F_OK))
if (!gnupg_access (filename, F_OK))
{
rc = 0; /* Okay, we may access the file now. */
goto leave;
}
if (!access (bak_fname, F_OK) && !access (tmp_fname, F_OK))
if (!gnupg_access (bak_fname, F_OK) && !gnupg_access (tmp_fname, F_OK))
{
/* Very likely another process is updating a pubring.gpg and we
should not create a pubring.kbx. */

7
g10/keyring.c
View File

@ -228,7 +228,7 @@ keyring_is_writable (void *token)
{
KR_RESOURCE r = token;
return r? (r->read_only || !access (r->fname, W_OK)) : 0;
return r? (r->read_only || !gnupg_access (r->fname, W_OK)) : 0;
}
@ -1601,6 +1601,7 @@ static int
do_copy (int mode, const char *fname, KBNODE root,
off_t start_offset, unsigned int n_packets )
{
gpg_err_code_t ec;
IOBUF fp, newfp;
int rc=0;
char *bakfname = NULL;
@ -1608,8 +1609,8 @@ do_copy (int mode, const char *fname, KBNODE root,
/* Open the source file. Because we do a rename, we have to check the
permissions of the file */
if (access (fname, W_OK))
return gpg_error_from_syserror ();
if ((ec = gnupg_access (fname, W_OK)))
return gpg_error (ec);
fp = iobuf_open (fname);
if (mode == 1 && !fp && errno == ENOENT) {

4
g10/migrate.c
View File

@ -50,10 +50,10 @@ migrate_secring (ctrl_t ctrl)
char *agent_version = NULL;
secring = make_filename (gnupg_homedir (), "secring" EXTSEP_S "gpg", NULL);
if (access (secring, F_OK))
if (gnupg_access (secring, F_OK))
goto leave; /* Does not exist or is not readable. */
flagfile = make_filename (gnupg_homedir (), V21_MIGRATION_FNAME, NULL);
if (!access (flagfile, F_OK))
if (!gnupg_access (flagfile, F_OK))
goto leave; /* Does exist - fine. */
log_info ("starting migration from earlier GnuPG versions\n");

2
g10/openfile.c
View File

@ -326,7 +326,7 @@ get_matching_datafile (const char *sigfilename)
fname = xstrdup (sigfilename);
fname[len-(fname[len-1]=='n'?5:4)] = 0 ;
if (access (fname, R_OK ))
if (gnupg_access (fname, R_OK ))
{
/* Not found or other error. */
xfree (fname);

8
g10/tdbio.c
View File

@ -711,17 +711,19 @@ tdbio_set_dbname (ctrl_t ctrl, const char *new_dbname,
log_assert (p);
save_slash = *p;
*p = 0;
if (access (fname, F_OK))
if (gnupg_access (fname, F_OK))
{
try_make_homedir (fname);
if (access (fname, F_OK))
if (gnupg_access (fname, F_OK))
log_fatal (_("%s: directory does not exist!\n"), fname);
}
*p = save_slash;
take_write_lock ();
if (access (fname, R_OK) || stat (fname, &statbuf) || statbuf.st_size == 0)
if (gnupg_access (fname, R_OK)
|| stat (fname, &statbuf)
|| statbuf.st_size == 0)
{
FILE *fp;
TRUSTREC rec;

3
g13/backend.c
View File

@ -27,6 +27,7 @@
#include "g13.h"
#include "../common/i18n.h"
#include "../common/sysutils.h"
#include "keyblob.h"
#include "backend.h"
#include "be-encfs.h"
@ -116,7 +117,7 @@ be_take_lock_for_create (ctrl_t ctrl, const char *fname, dotlock_t *r_lock)
/* A quick check to see that no container with that name already
exists. */
if (!access (fname, F_OK))
if (!gnupg_access (fname, F_OK))
{
err = gpg_error (GPG_ERR_EEXIST);
goto leave;

2
g13/g13-syshelp.c
View File

@ -581,7 +581,7 @@ g13_syshelp_i_know_what_i_am_doing (void)
char *fname;
fname = make_filename (gnupg_sysconfdir (), yesfile, NULL);
if (access (fname, F_OK))
if (gnupg_access (fname, F_OK))
{
log_info ("*******************************************************\n");
log_info ("* The G13 support for DM-Crypt is new and not matured.\n");

2
g13/mount.c
View File

@ -76,7 +76,7 @@ g13_mount_container (ctrl_t ctrl, const char *filename, const char *mountpoint)
else
{
/* A quick check to see whether we can the container exists. */
if (access (filename, R_OK))
if (gnupg_access (filename, R_OK))
return gpg_error_from_syserror ();
}

5
g13/suspend.c
View File

@ -28,6 +28,7 @@
#include "g13.h"
#include "../common/i18n.h"
#include "../common/sysutils.h"
#include "suspend.h"
#include "keyblob.h"
@ -45,7 +46,7 @@ g13_suspend_container (ctrl_t ctrl, const char *filename)
int needs_syshelp;
/* A quick check to see whether the container exists. */
if (access (filename, R_OK))
if (gnupg_access (filename, R_OK))
return gpg_error_from_syserror ();
/* Decide whether we need to use the g13-syshelp because we can't
@ -80,7 +81,7 @@ g13_resume_container (ctrl_t ctrl, const char *filename)
char *mountpoint_buffer = NULL;
/* A quick check to see whether the container exists. */
if (access (filename, R_OK))
if (gnupg_access (filename, R_OK))
return gpg_error_from_syserror ();
/* Decide whether we need to use the g13-syshelp because we can't

3
kbx/keybox-init.c
View File

@ -25,6 +25,7 @@
#include <assert.h>
#include "keybox-defs.h"
#include "../common/sysutils.h"
#include "../common/mischelp.h"
static KB_NAME kb_names;
@ -80,7 +81,7 @@ keybox_is_writable (void *token)
{
KB_NAME r = token;
return r? !access (r->fname, W_OK) : 0;
return r? !gnupg_access (r->fname, W_OK) : 0;
}

10
kbx/keybox-update.c
View File

@ -161,6 +161,7 @@ static int
blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
int secret, int for_openpgp, off_t start_offset)
{
gpg_err_code_t ec;
FILE *fp, *newfp;
int rc=0;
char *bakfname = NULL;
@ -170,8 +171,8 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
/* Open the source file. Because we do a rename, we have to check the
permissions of the file */
if (access (fname, W_OK))
return gpg_error_from_syserror ();
if ((ec = gnupg_access (fname, W_OK)))
return gpg_error (ec);
fp = fopen (fname, "rb");
if (mode == FILECOPY_INSERT && !fp && errno == ENOENT)
@ -626,6 +627,7 @@ keybox_delete (KEYBOX_HANDLE hd)
int
keybox_compress (KEYBOX_HANDLE hd)
{
gpg_err_code_t ec;
int read_rc, rc;
const char *fname;
FILE *fp, *newfp;
@ -651,8 +653,8 @@ keybox_compress (KEYBOX_HANDLE hd)
/* Open the source file. Because we do a rename, we have to check the
permissions of the file */
if (access (fname, W_OK))
return gpg_error_from_syserror ();
if ((ec = gnupg_access (fname, W_OK)))
return gpg_error (ec);
fp = fopen (fname, "rb");
if (!fp && errno == ENOENT)

2
sm/gpgsm.c
View File

@ -1807,7 +1807,7 @@ main ( int argc, char **argv)
filelist[0] = make_filename (gnupg_datadir (),"com-certs.pem", NULL);
filelist[1] = NULL;
if (!access (filelist[0], F_OK))
if (!gnupg_access (filelist[0], F_OK))
{
log_info (_("importing common certificates '%s'\n"),
filelist[0]);

9
sm/keydb.c
View File

@ -206,6 +206,7 @@ try_make_homedir (const char *fname)
static gpg_error_t
maybe_create_keybox (char *filename, int force, int *r_created)
{
gpg_err_code_t ec;
dotlock_t lockhd = NULL;
FILE *fp;
int rc;
@ -217,8 +218,8 @@ maybe_create_keybox (char *filename, int force, int *r_created)
*r_created = 0;
/* A quick test whether the filename already exists. */
if (!access (filename, F_OK))
return !access (filename, R_OK)? 0 : gpg_error (GPG_ERR_EACCES);
if (!gnupg_access (filename, F_OK))
return !gnupg_access (filename, R_OK)? 0 : gpg_error (GPG_ERR_EACCES);
/* If we don't want to create a new file at all, there is no need to
go any further - bail out right here. */
@ -253,9 +254,9 @@ maybe_create_keybox (char *filename, int force, int *r_created)
tried = 1;
try_make_homedir (filename);
}
if (access (filename, F_OK))
if ((ec = gnupg_access (filename, F_OK)))
{
rc = gpg_error_from_syserror ();
rc = gpg_error (ec);
*last_slash_in_filename = save_slash;
goto leave;
}

19
tools/gpg-wks-server.c
View File

@ -1182,7 +1182,7 @@ process_new_key (server_ctx_t ctx, estream_t key)
goto leave;
}
if (access (dname, W_OK))
if (gnupg_access (dname, W_OK))
{
log_info ("skipping address '%s': Domain not configured\n", sl->mbox);
continue;
@ -1459,7 +1459,7 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce)
err = gpg_error_from_syserror ();
goto leave;
}
if (!access (fnewname, W_OK))
if (!gnupg_access (fnewname, W_OK))
{
/* Yes, we have a dane directory. */
s = strchr (address, '@');
@ -1795,7 +1795,7 @@ command_list_domains (void)
{ "pending", "-rwx" },
{ "hu", "-rwxr-xr-x" }
};
gpg_err_code_t ec;
gpg_error_t err;
strlist_t domaindirs;
strlist_t sl;
@ -1832,9 +1832,9 @@ command_list_domains (void)
err = gpg_error_from_syserror ();
goto leave;
}
if (access (fname, W_OK))
if ((ec = gnupg_access (fname, W_OK)))
{
err = gpg_error_from_syserror ();
err = gpg_error (ec);
if (gpg_err_code (err) == GPG_ERR_ENOENT)
{
if (gnupg_mkdir (fname, requireddirs[i].perm))
@ -1862,9 +1862,9 @@ command_list_domains (void)
err = gpg_error_from_syserror ();
goto leave;
}
if (access (fname, F_OK))
if ((ec = gnupg_access (fname, F_OK)))
{
err = gpg_error_from_syserror ();
err = gpg_error (ec);
if (gpg_err_code (err) == GPG_ERR_ENOENT)
log_error ("domain %s: submission address not configured\n",
domain);
@ -1941,6 +1941,7 @@ command_cron (void)
static gpg_error_t
command_check_key (const char *userid)
{
gpg_err_code_t ec;
gpg_error_t err;
char *addrspec = NULL;
char *fname = NULL;
@ -1949,9 +1950,9 @@ command_check_key (const char *userid)
if (err)
goto leave;
if (access (fname, R_OK))
if ((ec = gnupg_access (fname, R_OK)))
{
err = gpg_error_from_syserror ();
err = gpg_error (ec);
if (opt_with_file)
es_printf ("%s n %s\n", addrspec, fname);
if (gpg_err_code (err) == GPG_ERR_ENOENT)

4
tools/gpgconf-comp.c
View File

@ -1581,7 +1581,7 @@ retrieve_options_from_program (gc_component_id_t component, int only_installed)
? gnupg_module_name (gc_component[component].module_name)
: gc_component[component].program );
if (only_installed && access (pgmname, X_OK))
if (only_installed && gnupg_access (pgmname, X_OK))
{
return; /* The component is not installed. */
}
@ -3230,7 +3230,7 @@ gc_apply_profile (const char *fname)
* is installed and use that instead of the given file name. */
fname_buffer = xstrconcat (gnupg_datadir (), DIRSEP_S,
fname, ".prf", NULL);
if (!access (fname_buffer, F_OK))
if (!gnupg_access (fname_buffer, F_OK))
fname = fname_buffer;
}

5
tools/wks-util.c
View File

@ -873,6 +873,7 @@ wks_compute_hu_fname (char **r_fname, const char *addrspec)
static gpg_error_t
ensure_policy_file (const char *addrspec)
{
gpg_err_code_t ec;
gpg_error_t err;
const char *domain;
char *fname;
@ -890,12 +891,12 @@ ensure_policy_file (const char *addrspec)
goto leave;
/* First a quick check whether it already exists. */
if (!access (fname, F_OK))
if (!(ec = gnupg_access (fname, F_OK)))
{
err = 0; /* File already exists. */
goto leave;
}
err = gpg_error_from_syserror ();
err = gpg_error (ec);
if (gpg_err_code (err) == GPG_ERR_ENOENT)
err = 0;
else