From 712af9e3cab1c276a8d7d2e72a81b19bac7df636 Mon Sep 17 00:00:00 2001
From: Neal Walfield <neal@walfield.org>
Date: Thu, 5 Sep 2002 16:21:43 +0000
Subject: [PATCH] 2002-09-03  Neal H. Walfield  <neal@g10code.de>

	* findkey.c: Include <fcntl.h>.
	(agent_write_private_key): Prefer POSIX compatibity, open and
	fdopen, over the simplicity of GNU extensions, fopen(file, "x").
---
 agent/ChangeLog |  6 ++++++
 agent/findkey.c | 27 +++++++++++++++++++++++----
 2 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/agent/ChangeLog b/agent/ChangeLog
index e645142b9..1fa304777 100644
--- a/agent/ChangeLog
+++ b/agent/ChangeLog
@@ -1,3 +1,9 @@
+2002-09-03  Neal H. Walfield  <neal@g10code.de>
+
+	* findkey.c: Include <fcntl.h>.
+	(agent_write_private_key): Prefer POSIX compatibity, open and
+	fdopen, over the simplicity of GNU extensions, fopen(file, "x").
+
 2002-08-22  Werner Koch  <wk@gnupg.org>
 
 	* query.c (agent_askpin): Provide the default desc text depending
diff --git a/agent/findkey.c b/agent/findkey.c
index 2201f0ae5..8ec230fa0 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -1,5 +1,5 @@
 /* findkey.c - locate the secret key
- *	Copyright (C) 2001 Free Software Foundation, Inc.
+ *	Copyright (C) 2001,02 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -24,6 +24,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
+#include <fcntl.h>
 #include <assert.h>
 #include <unistd.h>
 #include <sys/stat.h>
@@ -57,15 +58,33 @@ agent_write_private_key (const unsigned char *grip,
     fp = fopen (fname, "wb");
   else
     {
+      int fd;
+
       if (!access (fname, F_OK))
       {
         log_error ("secret key file `%s' already exists\n", fname);
         xfree (fname);
         return seterr (General_Error);
       }
-      fp = fopen (fname, "wbx");  /* FIXME: the x is a GNU extension - let
-                                     configure check whether this actually
-                                     works */
+
+      /* We would like to create FNAME but only if it does not already
+	 exist.  We cannot make this guarantee just using POSIX (GNU
+	 provides the "x" opentype for fopen, however, this is not
+	 portable).  Thus, we use the more flexible open function and
+	 then use fdopen to obtain a stream.
+
+	 The mode parameter to open is what fopen uses.  It will be
+	 combined with the process' umask automatically.  */
+      fd = open (fname, O_CREAT | O_EXCL | O_RDWR,
+		 S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
+      if (fd < 0)
+	fp = 0;
+      else
+	{
+	  fp = fdopen (fd, "wb");
+	  if (! fp)
+	    close (fd);
+	}
     }
 
   if (!fp)