diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | bgpd/bgp_dump.c | 8 | ||||
-rwxr-xr-x | configure.ac | 12 | ||||
-rw-r--r-- | lib/command.c | 8 | ||||
-rw-r--r-- | lib/log.c | 17 | ||||
-rw-r--r-- | lib/pid_output.c | 11 | ||||
-rw-r--r-- | lib/vty.c | 8 | ||||
-rw-r--r-- | vtysh/vtysh.c | 13 |
9 files changed, 77 insertions, 10 deletions
@@ -1,3 +1,9 @@ +2003-12-22 Christian Hammers <ch@lathspell.de> + + * configure.ac (and everywhere a regular file is opened for + writing): use file permissions from configure rather than + compiled-in umask. + 2003-12-22 Hasso Tepper <hasso@estpak.ee> * lib/linklist.c: Revert microfix I commited while reverting @@ -8,6 +8,10 @@ directory from $(sysconfdir), easing NetBSD pkgsrc hierarchy rules compliance. +- New configure options --enable-configfile-mask and + --enable-logfile-mask to set umask values for config and log + values. Masks default to 0600, matching previous behavior. + * Changes in Quagga 0.96.4 - Further fixes to ospfd, some relating to the PtP revert. Interface diff --git a/bgpd/bgp_dump.c b/bgpd/bgp_dump.c index 7dc64c6a2..9690fb568 100644 --- a/bgpd/bgp_dump.c +++ b/bgpd/bgp_dump.c @@ -95,6 +95,7 @@ bgp_dump_open_file (struct bgp_dump *bgp_dump) struct tm *tm; char fullpath[MAXPATHLEN]; char realpath[MAXPATHLEN]; + mode_t oldumask; time (&clock); tm = localtime (&clock); @@ -117,10 +118,15 @@ bgp_dump_open_file (struct bgp_dump *bgp_dump) fclose (bgp_dump->fp); + oldumask = umask(0777 & ~LOGFILE_MASK); bgp_dump->fp = fopen (realpath, "w"); if (bgp_dump->fp == NULL) - return NULL; + { + umask(oldumask); + return NULL; + } + umask(oldumask); return bgp_dump->fp; } diff --git a/configure.ac b/configure.ac index b6d8829f5..094da52eb 100755 --- a/configure.ac +++ b/configure.ac @@ -115,6 +115,10 @@ AC_ARG_ENABLE(quagga_group, [ --enable-group=ARG group to run Quagga suite as (default quagga)]) AC_ARG_ENABLE(vty_group, [ --enable-vty-group=ARG set vty sockets to have specified group as owner]) +AC_ARG_ENABLE(configfile_mask, +[ --enable-configfile-mask=ARG set mask for config files]) +AC_ARG_ENABLE(logfile_mask, +[ --enable-logfile-mask=ARG set mask for log files]) AC_ARG_ENABLE(rtadv, [ --disable-rtadv disable IPV6 router advertisement feature]) @@ -176,6 +180,12 @@ elif test x"${enable_vty_group}" != x""; then fi fi +enable_configfile_mask=${enable_configfile_mask:-0600} +AC_DEFINE_UNQUOTED(CONFIGFILE_MASK, ${enable_configfile_mask}, Mask for config files) + +enable_logfile_mask=${enable_logfile_mask:-0600} +AC_DEFINE_UNQUOTED(LOGFILE_MASK, ${enable_logfile_mask}, Mask for log files) + changequote(, )dnl MULTIPATH_NUM=1 @@ -1073,6 +1083,8 @@ example directory : `eval echo \`echo ${exampledir}\`` user to run as : ${enable_user} group to run as : ${enable_group} group for vty sockets : ${enable_vty_group} +config file mask : ${enable_configfile_mask} +log file mask : ${enable_logfile_mask} The above user and group must have read/write access to the state file directory and to the config files in the config file directory. diff --git a/lib/command.c b/lib/command.c index 8c60fc4f0..43a0bb3f9 100644 --- a/lib/command.c +++ b/lib/command.c @@ -2552,6 +2552,14 @@ DEFUN (config_write_file, free (config_file_sav); free (config_file_tmp); + + if (chmod (config_file, CONFIGFILE_MASK) != 0) + { + vty_out (vty, "Can't chmod configuration file %s: %s (%d).%s", + config_file, strerror(errno), errno, VTY_NEWLINE); + return CMD_WARNING; + } + vty_out (vty, "Configuration saved to %s%s", config_file, VTY_NEWLINE); return CMD_SUCCESS; @@ -365,6 +365,7 @@ int zlog_set_file (struct zlog *zl, int flags, char *filename) { FILE *fp; + mode_t oldumask; /* There is opend file. */ zlog_reset_file (zl); @@ -374,9 +375,14 @@ zlog_set_file (struct zlog *zl, int flags, char *filename) zl = zlog_default; /* Open file. */ + oldumask = umask (0777 & ~LOGFILE_MASK); fp = fopen (filename, "a"); if (fp == NULL) - return 0; + { + umask(oldumask); + return 0; + } + umask(oldumask); /* Set flags. */ zl->filename = strdup (filename); @@ -421,9 +427,16 @@ zlog_rotate (struct zlog *zl) if (zl->filename) { + mode_t oldumask; + + oldumask = umask (0777 & ~LOGFILE_MASK); fp = fopen (zl->filename, "a"); if (fp == NULL) - return -1; + { + umask(oldumask); + return -1; + } + umask(oldumask); zl->fp = fp; } diff --git a/lib/pid_output.c b/lib/pid_output.c index 125ca4031..2d90afcaa 100644 --- a/lib/pid_output.c +++ b/lib/pid_output.c @@ -32,16 +32,20 @@ pid_output (char *path) #ifndef HAVE_FCNTL FILE *fp; pid_t pid; + mask_t oldumask; pid = getpid(); + oldumask = umask(0777 & ~LOGFILE_MASK); fp = fopen (path, "w"); if (fp != NULL) { fprintf (fp, "%d\n", (int) pid); fclose (fp); + umask(oldumask); return -1; } + umask(oldumask); return pid; #else return pid_output_lock(path); @@ -57,18 +61,23 @@ pid_output_lock (char *path) pid_t pid; char buf[16]; struct flock lock; + mode_t oldumask; pid = getpid (); - fd = open (path, O_RDWR | O_CREAT, 0644); + oldumask = umask(0777 & ~LOGFILE_MASK); + zlog_err( "old umask %d %d", oldumask, 0777 & ~LOGFILE_MASK); + fd = open (path, O_RDWR | O_CREAT, LOGFILE_MASK); if (fd < 0) { zlog_err( "Can't creat pid lock file %s (%s), exit", path, strerror(errno)); + umask(oldumask); exit (-1); } else { + umask(oldumask); memset (&lock, 0, sizeof(lock)); lock.l_type = F_WRLCK; @@ -2185,6 +2185,14 @@ vty_use_backup_config (char *fullpath) close (sav); close (tmp); + if (chmod(fullpath_tmp, CONFIGFILE_MASK) != 0) + { + free (fullpath_sav); + free (fullpath_tmp); + unlink (fullpath_tmp); + return NULL; + } + if (link (fullpath_tmp, fullpath) == 0) ret = fopen (fullpath, "r"); diff --git a/vtysh/vtysh.c b/vtysh/vtysh.c index 74707f9c3..e9c784a55 100644 --- a/vtysh/vtysh.c +++ b/vtysh/vtysh.c @@ -1287,14 +1287,10 @@ DEFUN (no_vtysh_write_config, int write_config_integrated(void) { int ret; - mode_t old_umask; char line[] = "write terminal\n"; FILE *fp; char *integrate_sav = NULL; - /* config files have 0600 perms... */ - old_umask = umask (0077); - integrate_sav = malloc (strlen (integrate_default) + strlen (CONF_BACKUP_EXT) + 1); strcpy (integrate_sav, integrate_default); @@ -1312,7 +1308,6 @@ int write_config_integrated(void) if (fp == NULL) { fprintf (stdout,"%% Can't open configuration file %s.\n", integrate_default); - umask (old_umask); return CMD_SUCCESS; } @@ -1329,11 +1324,17 @@ int write_config_integrated(void) fclose (fp); + if (chmod (integrate_default, CONFIGFILE_MASK) != 0) + { + fprintf (stdout,"%% Can't chmod configuration file %s: %s (%d)\n", + integrate_default, strerror(errno), errno); + return CMD_WARNING; + } + fprintf(stdout,"Integrated configuration saved to %s\n",integrate_default); fprintf (stdout,"[OK]\n"); - umask (old_umask); return CMD_SUCCESS; } |