Merge pull request #34 from rw2/key-permissions

verifies readability of key files (when they exist) and aborts startu…
PelicanPlatform · May 24, 2024 · f5b66a3 · f5b66a3
2 parents c829527 + 00d9a88
commit f5b66a3
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/src/S3FileSystem.cc b/src/S3FileSystem.cc
@@ -20,6 +20,7 @@
 #include "S3AccessInfo.hh"
 #include "S3Directory.hh"
 #include "S3File.hh"
+#include "shortfile.hh"
 #include "stl_string_utils.hh"
 
 #include <XrdOuc/XrdOucEnv.hh>
@@ -87,6 +88,21 @@ bool S3FileSystem::Config(XrdSysLogger *lp, const char *configfn) {
 				m_log.Emsg("Config", "s3.region not specified");
 				return false;
 			}
+			std::string contents;
+			if (newAccessInfo->getS3AccessKeyFile() != "") {
+				if (!readShortFile(newAccessInfo->getS3AccessKeyFile(),
+								   contents)) {
+					m_log.Emsg("Config", "s3.access_key_file not readable");
+					return false;
+				}
+			}
+			if (newAccessInfo->getS3SecretKeyFile() != "") {
+				if (!readShortFile(newAccessInfo->getS3SecretKeyFile(),
+								   contents)) {
+					m_log.Emsg("Config", "s3.secret_key_file not readable");
+					return false;
+				}
+			}
 			newAccessInfo = new S3AccessInfo();
 			exposedPath = "";
 			continue;