From e180c03f721981b27e1596649062e96d1d9dd2ab Mon Sep 17 00:00:00 2001
From: Brian Pane <brianp@apache.org>
Date: Sat, 14 Sep 2002 06:53:40 +0000
Subject: [PATCH] cleaned up the file access checking

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96804 13f79535-47bb-0310-9956-ffa450edef68
---
 support/htpasswd.c | 42 ++++++++++++++++--------------------------
 1 file changed, 16 insertions(+), 26 deletions(-)

diff --git a/support/htpasswd.c b/support/htpasswd.c
index 03b066f91a..ca400dd3e1 100644
--- a/support/htpasswd.c
+++ b/support/htpasswd.c
@@ -513,46 +513,36 @@ int main(int argc, const char * const argv[])
     }
 #endif
     if (!(mask & APHTP_NOFILE)) {
+        int file_exists = exists(pwfilename, pool);
         /*
          * Only do the file checks if we're supposed to frob it.
          *
          * Verify that the file exists if -c was omitted.  We give a special
          * message if it doesn't.
          */
-        if (!(mask & APHTP_NEWFILE) && !exists(pwfilename, pool)) {
+        if (!(mask & APHTP_NEWFILE) && !file_exists) {
             apr_file_printf(errfile,
                     "%s: cannot modify file %s; use '-c' to create it\n",
                     argv[0], pwfilename);
             exit(ERR_FILEPERM);
         }
         /*
-         * Verify that we can read the existing file in the case of an update
-         * to it (rather than creation of a new one).
+         * If the file exists, check that it's readable and writable.
+         * If it doesn't exist, verify that we can create it.
          */
-        if (!(mask & APHTP_NEWFILE) && !readable(pool, pwfilename)) {
-            apr_file_printf(errfile, "%s: cannot open file %s for read "
-                            "access\n", argv[0], pwfilename);
-            exit(ERR_FILEPERM);
-        }
-        /*
-         * Now check to see if we can preserve an existing file in case
-         * of password verification errors on a -c operation.
-         */
-        if ((mask & APHTP_NEWFILE) && exists(pwfilename, pool)
-                && !readable(pool, pwfilename)) {
-            apr_file_printf(errfile, "%s: cannot open file %s for read access\n"
-                    "%s: existing auth data would be lost on "
-                    "password mismatch",
-                    argv[0], pwfilename, argv[0]);
-            exit(ERR_FILEPERM);
+        if (file_exists) {
+            if (!accessible(pool, pwfilename, APR_READ | APR_APPEND)) {
+                apr_file_printf(errfile, "%s: cannot open file %s for "
+                                "read/write access\n", argv[0], pwfilename);
+                exit(ERR_FILEPERM);
+            }
         }
-        /*
-         * Now verify that the file is writable!
-         */
-        if (!writable(pool, pwfilename)) {
-            apr_file_printf(errfile, "%s: cannot open file %s for write "
-                            "access\n", argv[0], pwfilename);
-            exit(ERR_FILEPERM);
+        else {
+            if (!accessible(pool, pwfilename, APR_CREATE | APR_WRITE)) {
+                apr_file_printf(errfile, "%s: cannot create file %s\n",
+                                argv[0], pwfilename);
+                exit(ERR_FILEPERM);
+            }
         }
     }
 
-- 
2.50.1