aboutsummaryrefslogtreecommitdiff
path: root/client
diff options
context:
space:
mode:
Diffstat (limited to 'client')
-rw-r--r--client/file.c5
-rw-r--r--client/wallet.pod15
2 files changed, 17 insertions, 3 deletions
diff --git a/client/file.c b/client/file.c
index ce25ab5..17f0f23 100644
--- a/client/file.c
+++ b/client/file.c
@@ -26,7 +26,10 @@ overwrite_file(const char *name, const void *data, size_t length)
int fd;
ssize_t status;
- fd = open(name, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+ if (access(name, F_OK) == 0)
+ if (unlink(name) < 0)
+ sysdie("unable to delete existing file %s", name);
+ fd = open(name, O_WRONLY | O_CREAT | O_EXCL, 0600);
if (fd < 0)
sysdie("open of %s failed", name);
status = write(fd, data, length);
diff --git a/client/wallet.pod b/client/wallet.pod
index 709d4a6..0a6f395 100644
--- a/client/wallet.pod
+++ b/client/wallet.pod
@@ -69,8 +69,19 @@ F<krb5.conf>; see L<CONFIGURATION> below.
This flag is only used in combination with the C<get> command. Rather
than sending the secure data to standard output (the default), store the
-secure data in the file I<output>. Any existing contents of I<output>
-will be destroyed.
+secure data in the file I<output>.
+
+If the object being retrieved is not a keytab object, any current file
+named I<output> is renamed to F<I<outout>.bak> before the new file is
+created. F<I<outout>.new> is used as a temporary file and any existing
+file with that name will be deleted.
+
+If the object being retrieved is a keytab object and the file I<output>
+already exists, the downloaded keys will be added to the existing keytab
+file I<output>. Old keys are not removed; you may wish to run C<kadmin
+ktremove> or an equivalent later to clean up old keys. F<I<output>.new>
+is still used as a temporary file and any existing file with that name
+will be deleted.
=item B<-k> I<principal>