From 2da60cd0f78378fdcb8f6364a798720281b34b4d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1s=20Touceda?= <chiiph@leap.se>
Date: Tue, 12 Mar 2013 09:56:05 -0300
Subject: Check and try to fix certificate permissions

---
 src/leap/util/files.py | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 src/leap/util/files.py

(limited to 'src/leap/util')

diff --git a/src/leap/util/files.py b/src/leap/util/files.py
new file mode 100644
index 00000000..f7fda39e
--- /dev/null
+++ b/src/leap/util/files.py
@@ -0,0 +1,27 @@
+import os
+import stat
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+def check_and_fix_urw_only(cert):
+    """
+    Test for 600 mode and try to set it if anything different found
+
+    Might raise OSError
+
+    @param cert: Certificate path
+    @type cert: str
+    """
+    mode = stat.S_IMODE(os.stat(cert).st_mode)
+
+    if mode != int('600', 8):
+        try:
+            logger.warning('Bad permission on %s attempting to set 600' %
+                           (cert,))
+            os.chmod(cert, stat.S_IRUSR | stat.S_IWUSR)
+        except OSError:
+            logger.error('Error while trying to chmod 600 %s' %
+                         cert)
+            raise
-- 
cgit v1.2.3