summaryrefslogtreecommitdiffstats
path: root/g10/keyring.c
diff options
context:
space:
mode:
authorDavid Shaw <dshaw@jabberwocky.com>2002-08-09 04:23:42 +0200
committerDavid Shaw <dshaw@jabberwocky.com>2002-08-09 04:23:42 +0200
commit74a84ca93b9662b32475fd19af4ca41a96290d42 (patch)
treedbd137199de0a7cfbd91a7f48d6da9524465e572 /g10/keyring.c
parent* Makefile.am, md.c (load_digest_module): Allow switching TIGER on and off (diff)
downloadgnupg2-74a84ca93b9662b32475fd19af4ca41a96290d42.tar.xz
gnupg2-74a84ca93b9662b32475fd19af4ca41a96290d42.zip
* options.skel: Some language tweaks, and remove the load-extension
section for random gatherers. * keyring.c (create_tmp_file, rename_tmp_file): Create tmp files with user-only permissions, but restore the original permissions if the user has something special set. * openfile.c (copy_options_file): Create new options file (gpg.conf) with user-only permissions. * keydb.c (keydb_add_resource): Create new keyrings with user-only permissions.
Diffstat (limited to 'g10/keyring.c')
-rw-r--r--g10/keyring.c42
1 files changed, 25 insertions, 17 deletions
diff --git a/g10/keyring.c b/g10/keyring.c
index f75a79dfe..b084aa8af 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -1132,6 +1132,7 @@ create_tmp_file (const char *template,
char **r_bakfname, char **r_tmpfname, IOBUF *r_fp)
{
char *bakfname, *tmpfname;
+ mode_t oldmask;
*r_bakfname = NULL;
*r_tmpfname = NULL;
@@ -1169,7 +1170,10 @@ create_tmp_file (const char *template,
strcpy (stpcpy(tmpfname,template), EXTSEP_S "tmp");
# endif /* Posix filename */
+ /* Create the temp file with limited access */
+ oldmask=umask(077);
*r_fp = iobuf_create (tmpfname);
+ umask(oldmask);
if (!*r_fp) {
log_error ("can't create `%s': %s\n", tmpfname, strerror(errno) );
m_free (tmpfname);
@@ -1189,19 +1193,6 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
{
int rc=0;
- /* restrict the permissions for secret keyrings */
-#ifndef HAVE_DOSISH_SYSTEM
- if (secret && !opt.preserve_permissions)
- {
- if (chmod (tmpfname, S_IRUSR | S_IWUSR) )
- {
- log_error ("chmod of `%s' failed: %s\n",
- tmpfname, strerror(errno) );
- return G10ERR_WRITE_FILE;
- }
- }
-#endif
-
/* invalidate close caches*/
iobuf_ioctl (NULL, 2, 0, (char*)tmpfname );
iobuf_ioctl (NULL, 2, 0, (char*)bakfname );
@@ -1241,6 +1232,24 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
return rc;
}
+ /* Now make sure the file has the same permissions as the original */
+
+#ifndef HAVE_DOSISH_SYSTEM
+ {
+ struct stat statbuf;
+
+ statbuf.st_mode=S_IRUSR | S_IWUSR;
+
+ if(((secret && !opt.preserve_permissions) ||
+ (stat(bakfname,&statbuf)==0)) &&
+ (chmod(fname,statbuf.st_mode)==0))
+ ;
+ else
+ log_error("WARNING: unable to restore permissions to `%s': %s",
+ fname,strerror(errno));
+ }
+#endif
+
return 0;
}
@@ -1430,8 +1439,11 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
if (mode == 1 && !fp && errno == ENOENT) {
/* insert mode but file does not exist: create a new file */
KBNODE kbctx, node;
+ mode_t oldmask;
+ oldmask=umask(077);
newfp = iobuf_create (fname);
+ umask(oldmask);
if( !newfp ) {
log_error (_("%s: can't create: %s\n"),
fname, strerror(errno));
@@ -1453,10 +1465,6 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
log_error ("%s: close failed: %s\n", fname, strerror(errno));
return G10ERR_CLOSE_FILE;
}
- if (chmod( fname, S_IRUSR | S_IWUSR )) {
- log_error("%s: chmod failed: %s\n", fname, strerror(errno) );
- return G10ERR_WRITE_FILE;
- }
return 0; /* ready */
}