(agent_marktrusted): Check whether the trustlist is

writable.
author: Werner Koch <[email protected]> 2004-01-28 16:19:46 +0000
committer: Werner Koch <[email protected]> 2004-01-28 16:19:46 +0000
commit: fa5d1513a29708ce51496b4e248bcd91a81c17fe (patch)
tree: 7acd7e03e40e99e8ee928696a23db15bbd436ed1 /agent/trustlist.c
parent: (parse_dn_part): Pretty print the nameDistinguisher OID. (diff)
download: gnupg-fa5d1513a29708ce51496b4e248bcd91a81c17fe.tar.gz
gnupg-fa5d1513a29708ce51496b4e248bcd91a81c17fe.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/agent/trustlist.c b/agent/trustlist.c
index 8575aedb0..5c3271ac0 100644
--- a/agent/trustlist.c
+++ b/agent/trustlist.c
@@ -236,6 +236,22 @@ agent_marktrusted (CTRL ctrl, const char *name, const char *fpr, int flag)
   static char key[41];
   int keyflag;
   char *desc;
+  char *fname;
+
+  /* Check whether we are at all allowed to modify the trustlist.
+     This is useful so that the trustlist may be a symlink to a global
+     trustlist with only admin priviliges to modify it.  Of course
+     this is not a secure way of denying access, but it avoids the
+     usual clicking on an Okay buttun thing most users are used to. */
+  fname = make_filename (opt.homedir, "trustlist.txt", NULL);
+  rc = access (fname, W_OK);
+  if (rc && errno != ENOENT)
+    {
+      xfree (fname);
+      return gpg_error (GPG_ERR_EPERM);
+    }    
+  xfree (fname);
+
 
   if (trustfp)
     rewind (trustfp);
author	Werner Koch <[email protected]>	2004-01-28 16:19:46 +0000
committer	Werner Koch <[email protected]>	2004-01-28 16:19:46 +0000
commit	fa5d1513a29708ce51496b4e248bcd91a81c17fe (patch)
tree	7acd7e03e40e99e8ee928696a23db15bbd436ed1 /agent/trustlist.c
parent	(parse_dn_part): Pretty print the nameDistinguisher OID. (diff)
download	gnupg-fa5d1513a29708ce51496b4e248bcd91a81c17fe.tar.gz gnupg-fa5d1513a29708ce51496b4e248bcd91a81c17fe.zip