From e36552c6ed840f976844edbc5bc1c36e7b6ccd68 Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Wed, 21 Sep 2016 23:49:32 +0100 Subject: [PATCH] Add --respect-umask option to prevent adjusting permissions I would like to use LGOGDownloader in conjunction with Gentoo's package manager, which may execute it as root, portage, or some other user in the portage group. A shared configuration under /etc will be used to avoid sandboxing issues. This will not be world readable. --- include/config.h | 1 + main.cpp | 14 ++++++++++---- src/downloader.cpp | 3 ++- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/include/config.h b/include/config.h index 0cab166..2ceb5a6 100644 --- a/include/config.h +++ b/include/config.h @@ -48,6 +48,7 @@ class Config bool bShowWishlist; bool bAutomaticXMLCreation; bool bSaveChangelogs; + bool bRespectUmask; std::string sGameRegex; std::string sDirectory; std::string sCacheDirectory; diff --git a/main.cpp b/main.cpp index 0e5e4bc..b01fdad 100644 --- a/main.cpp +++ b/main.cpp @@ -144,6 +144,7 @@ int main(int argc, char *argv[]) ("login-api", bpo::value(&config.bLoginAPI)->zero_tokens()->default_value(false), "Login (API only)") ("login-website", bpo::value(&config.bLoginHTTP)->zero_tokens()->default_value(false), "Login (website only)") ("cacert", bpo::value(&config.sCACertPath)->default_value(""), "Path to CA certificate bundle in PEM format") + ("respect-umask", bpo::value(&config.bRespectUmask)->zero_tokens()->default_value(false), "Do not adjust permissions of sensitive files") ; // Commandline options (config file) options_cli_cfg.add_options() @@ -462,8 +463,11 @@ int main(int argc, char *argv[]) } // Make sure that config file and cookie file are only readable/writable by owner - Util::setFilePermissions(config.sConfigFilePath, boost::filesystem::owner_read | boost::filesystem::owner_write); - Util::setFilePermissions(config.sCookiePath, boost::filesystem::owner_read | boost::filesystem::owner_write); + if (!config.bRespectUmask) + { + Util::setFilePermissions(config.sConfigFilePath, boost::filesystem::owner_read | boost::filesystem::owner_write); + Util::setFilePermissions(config.sCookiePath, boost::filesystem::owner_read | boost::filesystem::owner_write); + } if (config.bSaveConfig || iLoginResult == 1) { @@ -520,7 +524,8 @@ int main(int argc, char *argv[]) } } ofs.close(); - Util::setFilePermissions(config.sConfigFilePath, boost::filesystem::owner_read | boost::filesystem::owner_write); + if (!config.bRespectUmask) + Util::setFilePermissions(config.sConfigFilePath, boost::filesystem::owner_read | boost::filesystem::owner_write); if (config.bSaveConfig) return 0; } @@ -541,7 +546,8 @@ int main(int argc, char *argv[]) ofs << "secret = " << config.sSecret << std::endl; } ofs.close(); - Util::setFilePermissions(config.sConfigFilePath, boost::filesystem::owner_read | boost::filesystem::owner_write); + if (!config.bRespectUmask) + Util::setFilePermissions(config.sConfigFilePath, boost::filesystem::owner_read | boost::filesystem::owner_write); return 0; } else diff --git a/src/downloader.cpp b/src/downloader.cpp index b239f65..35d262d 100644 --- a/src/downloader.cpp +++ b/src/downloader.cpp @@ -55,7 +55,8 @@ Downloader::~Downloader() curl_global_cleanup(); ssl_thread_cleanup(); // Make sure that cookie file is only readable/writable by owner - Util::setFilePermissions(config.sCookiePath, boost::filesystem::owner_read | boost::filesystem::owner_write); + if (!config.bRespectUmask) + Util::setFilePermissions(config.sCookiePath, boost::filesystem::owner_read | boost::filesystem::owner_write); }