diff options
| author | Russ Allbery <rra@stanford.edu> | 2008-01-19 01:14:16 +0000 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2008-01-19 01:14:16 +0000 |
| commit | 1658725f8812ed0bafffd71a1b566706e91c5e85 (patch) | |
| tree | d7876976e329d85bed76cf229c9a4cd658468656 | |
| parent | aa57ab48cc9df24ab756b5651959b36a2d81cad3 (diff) | |
If -f is used and the output file name with ".new" appended already
exists, unlink it first and then create it safely rather than
truncating it. This is much safer when creating files in a
world-writable directory.
Also add documentation for keytab merging.
| -rw-r--r-- | NEWS | 5 | ||||
| -rw-r--r-- | client/file.c | 5 | ||||
| -rw-r--r-- | client/wallet.pod | 15 |
3 files changed, 22 insertions, 3 deletions
@@ -14,6 +14,11 @@ wallet 0.6 (unreleased) keytab keys into that file rather than moving aside the old keytab and creating a new keytab with only the new keys. + If -f is used and the output file name with ".new" appended already + exists, unlink it first and then create it safely rather than + truncating it. This is much safer when creating files in a + world-writable directory. + Support enforcing a naming policy for wallet objects via a Perl function in the wallet server configuration file. diff --git a/client/file.c b/client/file.c index ce25ab5..17f0f23 100644 --- a/client/file.c +++ b/client/file.c @@ -26,7 +26,10 @@ overwrite_file(const char *name, const void *data, size_t length) int fd; ssize_t status; - fd = open(name, O_WRONLY | O_CREAT | O_TRUNC, 0600); + if (access(name, F_OK) == 0) + if (unlink(name) < 0) + sysdie("unable to delete existing file %s", name); + fd = open(name, O_WRONLY | O_CREAT | O_EXCL, 0600); if (fd < 0) sysdie("open of %s failed", name); status = write(fd, data, length); diff --git a/client/wallet.pod b/client/wallet.pod index 709d4a6..0a6f395 100644 --- a/client/wallet.pod +++ b/client/wallet.pod @@ -69,8 +69,19 @@ F<krb5.conf>; see L<CONFIGURATION> below. This flag is only used in combination with the C<get> command. Rather than sending the secure data to standard output (the default), store the -secure data in the file I<output>. Any existing contents of I<output> -will be destroyed. +secure data in the file I<output>. + +If the object being retrieved is not a keytab object, any current file +named I<output> is renamed to F<I<outout>.bak> before the new file is +created. F<I<outout>.new> is used as a temporary file and any existing +file with that name will be deleted. + +If the object being retrieved is a keytab object and the file I<output> +already exists, the downloaded keys will be added to the existing keytab +file I<output>. Old keys are not removed; you may wish to run C<kadmin +ktremove> or an equivalent later to clean up old keys. F<I<output>.new> +is still used as a temporary file and any existing file with that name +will be deleted. =item B<-k> I<principal> |