the local directory (if it exists) so that it doesn't have to have libfko
completely installed in /usr/lib/. This allows the test suite to run FKO
tests without installing libfko.
+ - Contributed a patch to remove unnecessary chmod() call when creating
+ client rc file and server replay cache file. The permissions are now set
+ appropriately via open(), and at the same time this patch fixes a
+ potential race condition since the previous code used fopen() followed by
+ chmod().
Jonathan Schulz
- Submitted patches to change HTTP connection type to 'close' for -R mode
modes.
- [libfko] Restricted usernames embedded in SPA packets to be
alpha-numeric along with "-" chars.
+ - [client+server] Applied patch from Franck Joncourt to remove unnecessary
+ chmod() call when creating client rc file and server replay cache file.
+ The permissions are now set appropriately via open(), and at the same
+ time this patch fixes a potential race condition since the previous code
+ used fopen() followed by chmod().
- [server] Bug fix to accept SPA packets over ICMP if the fwknop client
is executed with '-P icmp' and the user has the required privileges.
- [test suite] Applied patch from Franck Joncourt to have the perl FKO
#include "config_init.h"
#include "cmd_opts.h"
#include "utils.h"
+#include <sys/stat.h>
+#include <fcntl.h>
/* Convert a digest_type string to its integer value.
*/
static int
create_fwknoprc(const char *rcfile)
{
- FILE *rc = NULL;
+ FILE *rc = NULL;
+ int rcfile_fd = -1;
fprintf(stdout, "[*] Creating initial rc file: %s.\n", rcfile);
+ /* Try to create the initial rcfile with user read/write rights only.
+ * If the rcfile already exists, an error is returned */
+ rcfile_fd = open(rcfile, O_WRONLY|O_CREAT|O_EXCL , S_IRUSR|S_IWUSR);
+
+ // If an error occured ...
+ if (rcfile_fd == -1) {
+ fprintf(stderr, "Unable to create initial rc file: %s: %s\n",
+ rcfile, strerror(errno));
+ return(-1);
+ }
+
+ // Free the rcfile descriptor
+ close(rcfile_fd);
+
if ((rc = fopen(rcfile, "w")) == NULL)
{
- fprintf(stderr, "Unable to create rc file: %s: %s\n",
+ fprintf(stderr, "Unable to write default setup to rcfile: %s: %s\n",
rcfile, strerror(errno));
return(-1);
}
fclose(rc);
- set_file_perms(rcfile);
-
return(0);
}
#include "spa_comm.h"
#include "utils.h"
#include "getpasswd.h"
+#include <sys/stat.h>
+#include <fcntl.h>
/* prototypes
*/
{
char args_save_file[MAX_PATH_LEN];
char args_str[MAX_LINE_LEN] = "";
- FILE *args_file_ptr = NULL;
- int i = 0, args_str_len = 0;
+ int i = 0, args_str_len = 0, args_file_fd = -1;
#ifdef WIN32
/* Not sure what the right thing is here on Win32, just return
#endif
if (get_save_file(args_save_file)) {
- if ((args_file_ptr = fopen(args_save_file, "w")) == NULL) {
+ args_file_fd = open(args_save_file, O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR);
+ if (args_file_fd == -1) {
fprintf(stderr, "Could not open args file: %s\n",
args_save_file);
exit(EXIT_FAILURE);
}
- for (i=0; i < argc; i++) {
- args_str_len += strlen(argv[i]);
- if (args_str_len >= MAX_PATH_LEN) {
- fprintf(stderr, "argument string too long, exiting.\n");
- exit(EXIT_FAILURE);
+ else {
+ for (i=0; i < argc; i++) {
+ args_str_len += strlen(argv[i]);
+ if (args_str_len >= MAX_PATH_LEN) {
+ fprintf(stderr, "argument string too long, exiting.\n");
+ exit(EXIT_FAILURE);
+ }
+ strlcat(args_str, argv[i], MAX_PATH_LEN);
+ strlcat(args_str, " ", MAX_PATH_LEN);
+ }
+ strlcat(args_str, "\n", MAX_PATH_LEN);
+ if(write(args_file_fd, args_str, strlen(args_str))
+ != strlen(args_str)) {
+ fprintf(stderr,
+ "warning, did not write expected number of bytes to args save file\n");
}
- strlcat(args_str, argv[i], MAX_PATH_LEN);
- strlcat(args_str, " ", MAX_PATH_LEN);
+ close(args_file_fd);
}
- fprintf(args_file_ptr, "%s\n", args_str);
- fclose(args_file_ptr);
}
-
- set_file_perms(args_save_file);
-
return;
}
}
int
-set_file_perms(const char *file)
-{
- int res = 0;
-
- res = chmod(file, S_IRUSR | S_IWUSR);
-
- if(res != 0)
- {
- fprintf(stderr,
- "[-] unable to chmod file %s to user read/write (0600, -rw-------): %s\n",
- file,
- strerror(errno)
- );
- }
- return res;
-}
-
-int
verify_file_perms_ownership(const char *file)
{
int res = 1;
/* Prototypes
*/
void hex_dump(const unsigned char *data, const int size);
-int set_file_perms(const char *file);
int verify_file_perms_ownership(const char *file);
size_t strlcat(char *dst, const char *src, size_t siz);
#include "fwknopd_errors.h"
#include "utils.h"
+#include <sys/stat.h>
+#include <fcntl.h>
#include <time.h>
#if HAVE_LIBGDBM
char src_ip[INET_ADDRSTRLEN+1] = {0};
char dst_ip[INET_ADDRSTRLEN+1] = {0};
long int time_tmp;
+ int digest_file_fd = -1;
+ char digest_header[] = "# <digest> <proto> <src_ip> <src_port> <dst_ip> <dst_port> <time>\n";
struct digest_cache_list *digest_elm = NULL;
/* the file does not exist yet, so it will be created when the first
* successful SPA packet digest is written to disk
*/
- if ((digest_file_ptr = fopen(opts->config[CONF_DIGEST_FILE], "w")) == NULL)
+ digest_file_fd = open(opts->config[CONF_DIGEST_FILE], O_WRONLY|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR);
+ if (digest_file_fd == -1)
+ {
+ log_msg(LOG_WARNING, "Could not create digest cache: %s: %s",
+ opts->config[CONF_DIGEST_FILE], strerror(errno));
+ return(-1);
+ }
+ else
{
- log_msg(LOG_WARNING, "Could not open digest cache: %s",
- opts->config[CONF_DIGEST_FILE]);
+ if(write(digest_file_fd, digest_header, strlen(digest_header))
+ != strlen(digest_header)) {
+ log_msg(LOG_WARNING,
+ "Did not write expected number of bytes to digest cache: %s\n",
+ opts->config[CONF_DIGEST_FILE]);
+ }
+ close(digest_file_fd);
+
+ return(0);
}
- fprintf(digest_file_ptr,
- "# <digest> <proto> <src_ip> <src_port> <dst_ip> <dst_port> <time>\n");
- fclose(digest_file_ptr);
-
- set_file_perms(opts->config[CONF_DIGEST_FILE]);
- return(0);
}
verify_file_perms_ownership(opts->config[CONF_DIGEST_FILE]);
}
int
-set_file_perms(const char *file)
-{
- int res = 0;
-
- res = chmod(file, S_IRUSR | S_IWUSR);
-
- if(res != 0)
- {
- fprintf(stderr, "[-] unable to chmod file %s to user read/write: %s\n",
- file, strerror(errno));
- }
- return res;
-}
-
-int
verify_file_perms_ownership(const char *file)
{
int res = 1;
char* dump_ctx(fko_ctx_t ctx);
int is_base64(const unsigned char *buf, unsigned short int len);
int is_valid_dir(const char *path);
-int set_file_perms(const char *file);
int verify_file_perms_ownership(const char *file);
size_t strlcat(char *dst, const char *src, size_t siz);
projects / fwknop.git / commitdiff