From 65c1fe87d7a58f431c6cc1ab62766394837e7408 Mon Sep 17 00:00:00 2001
From: Koichiro IWAO <meta@vmeta.jp>
Date: Wed, 8 Mar 2017 13:30:14 +0900
Subject: [PATCH] Log user-friendly message when certificate/privkey is
 inaccessible

We shouldn't assume that xrdp daemon is running under root privilege.
In many cases, root privilege is not really needed for xrdp daemon.
xrdp may fail to load certificate/privkey due to lack of permissions
when running under user privilege. Checking existence of files is not
enough and xrdp should output user-friendly log in such case.

Reported by Debian user in bug 856436 [1].

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856436
---
 common/os_calls.c  | 12 ++++++++++++
 common/os_calls.h  |  1 +
 libxrdp/xrdp_rdp.c | 12 ++++++++++++
 3 files changed, 25 insertions(+)

diff --git a/common/os_calls.c b/common/os_calls.c
index 524d8190..592d7d6d 100644
--- a/common/os_calls.c
+++ b/common/os_calls.c
@@ -2233,6 +2233,18 @@ g_file_exist(const char *filename)
 #endif
 }
 
+/*****************************************************************************/
+/* returns boolean, non zero if the file is readable */
+int
+g_file_readable(const char *filename)
+{
+#if defined(_WIN32)
+    return 0; /* TODO: what should be done here? */
+#else
+    return access(filename, R_OK) == 0;
+#endif
+}
+
 /*****************************************************************************/
 /* returns boolean, non zero if the directory exists */
 int
diff --git a/common/os_calls.h b/common/os_calls.h
index 4e93558d..90db706d 100644
--- a/common/os_calls.h
+++ b/common/os_calls.h
@@ -109,6 +109,7 @@ int      g_mkdir(const char* dirname);
 char*    g_get_current_dir(char* dirname, int maxlen);
 int      g_set_current_dir(const char *dirname);
 int      g_file_exist(const char* filename);
+int      g_file_readable(const char *filename);
 int      g_directory_exist(const char* dirname);
 int      g_create_dir(const char* dirname);
 int      g_create_path(const char* path);
diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c
index 0409f96c..75b8768c 100644
--- a/libxrdp/xrdp_rdp.c
+++ b/libxrdp/xrdp_rdp.c
@@ -269,6 +269,12 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
                 /* use user defined certificate */
                 g_strncpy(client_info->certificate, value, 1023);
             }
+
+	    if (!g_file_readable(client_info->certificate))
+            {
+                log_message(LOG_LEVEL_ERROR, "Cannot open certificate file %s: %s",
+                            client_info->certificate, g_get_strerror());
+            }
         }
         else if (g_strcasecmp(item, "key_file") == 0)
         {
@@ -293,6 +299,12 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
                 /* use user defined key_file */
                 g_strncpy(client_info->key_file, value, 1023);
             }
+
+	    if (!g_file_readable(client_info->key_file))
+            {
+                log_message(LOG_LEVEL_ERROR, "Cannot open private key file %s: %s",
+                            client_info->key_file, g_get_strerror());
+            }
         }
 
     }