mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
gpg: Create exported secret files and revocs with mode 700.
* common/iobuf.c (direct_open): Add arg MODE700. (iobuf_create): Ditto. * g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM. Change call callers to pass 0 for it. * g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new arg. * g10/export.c (do_export): Pass true for new arg if SECRET is true. -- GnuPG-bug-id: 1653. Note that this works only if --output has been used.
This commit is contained in:
parent
35fdfaa0b9
commit
c434de4d83
@ -248,7 +248,7 @@ fd_cache_synchronize (const char *fname)
|
||||
|
||||
|
||||
static gnupg_fd_t
|
||||
direct_open (const char *fname, const char *mode)
|
||||
direct_open (const char *fname, const char *mode, int mode700)
|
||||
{
|
||||
#ifdef HAVE_W32_SYSTEM
|
||||
unsigned long da, cd, sm;
|
||||
@ -303,7 +303,10 @@ direct_open (const char *fname, const char *mode)
|
||||
#else /*!HAVE_W32_SYSTEM*/
|
||||
|
||||
int oflag;
|
||||
int cflag = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
|
||||
int cflag = S_IRUSR | S_IWUSR;
|
||||
|
||||
if (!mode700)
|
||||
cflag |= S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
|
||||
|
||||
/* Note, that we do not handle all mode combinations */
|
||||
if (strchr (mode, '+'))
|
||||
@ -420,7 +423,7 @@ fd_cache_open (const char *fname, const char *mode)
|
||||
}
|
||||
if (DBG_IOBUF)
|
||||
log_debug ("fd_cache_open (%s) not cached\n", fname);
|
||||
return direct_open (fname, mode);
|
||||
return direct_open (fname, mode, 0);
|
||||
}
|
||||
|
||||
|
||||
@ -1425,10 +1428,11 @@ iobuf_sockopen (int fd, const char *mode)
|
||||
}
|
||||
|
||||
/****************
|
||||
* create an iobuf for writing to a file; the file will be created.
|
||||
* Create an iobuf for writing to a file; the file will be created.
|
||||
* With MODE700 set the file is created with that mode (Unix only).
|
||||
*/
|
||||
iobuf_t
|
||||
iobuf_create (const char *fname)
|
||||
iobuf_create (const char *fname, int mode700)
|
||||
{
|
||||
iobuf_t a;
|
||||
gnupg_fd_t fp;
|
||||
@ -1445,7 +1449,7 @@ iobuf_create (const char *fname)
|
||||
}
|
||||
else if ((fd = check_special_filename (fname)) != -1)
|
||||
return iobuf_fdopen (translate_file_handle (fd, 1), "wb");
|
||||
else if ((fp = direct_open (fname, "wb")) == GNUPG_INVALID_FD)
|
||||
else if ((fp = direct_open (fname, "wb", mode700)) == GNUPG_INVALID_FD)
|
||||
return NULL;
|
||||
a = iobuf_alloc (2, IOBUF_BUFFER_SIZE);
|
||||
fcx = xmalloc (sizeof *fcx + strlen (fname));
|
||||
@ -1476,7 +1480,7 @@ iobuf_openrw (const char *fname)
|
||||
|
||||
if (!fname)
|
||||
return NULL;
|
||||
else if ((fp = direct_open (fname, "r+b")) == GNUPG_INVALID_FD)
|
||||
else if ((fp = direct_open (fname, "r+b", 0)) == GNUPG_INVALID_FD)
|
||||
return NULL;
|
||||
a = iobuf_alloc (2, IOBUF_BUFFER_SIZE);
|
||||
fcx = xmalloc (sizeof *fcx + strlen (fname));
|
||||
|
@ -115,7 +115,7 @@ iobuf_t iobuf_fdopen (int fd, const char *mode);
|
||||
iobuf_t iobuf_fdopen_nc (int fd, const char *mode);
|
||||
iobuf_t iobuf_esopen (estream_t estream, const char *mode, int keep_open);
|
||||
iobuf_t iobuf_sockopen (int fd, const char *mode);
|
||||
iobuf_t iobuf_create (const char *fname);
|
||||
iobuf_t iobuf_create (const char *fname, int mode700);
|
||||
iobuf_t iobuf_append (const char *fname);
|
||||
iobuf_t iobuf_openrw (const char *fname);
|
||||
int iobuf_ioctl (iobuf_t a, iobuf_ioctl_t cmd, int intval, void *ptrval);
|
||||
|
@ -64,7 +64,7 @@ dearmor_file( const char *fname )
|
||||
|
||||
push_armor_filter ( afx, inp );
|
||||
|
||||
if( (rc = open_outfile (-1, fname, 0, &out )) )
|
||||
if( (rc = open_outfile (-1, fname, 0, 0, &out)) )
|
||||
goto leave;
|
||||
|
||||
while( (c = iobuf_get(inp)) != -1 )
|
||||
@ -110,7 +110,7 @@ enarmor_file( const char *fname )
|
||||
}
|
||||
|
||||
|
||||
if( (rc = open_outfile (-1, fname, 1, &out )) )
|
||||
if( (rc = open_outfile (-1, fname, 1, 0, &out )) )
|
||||
goto leave;
|
||||
|
||||
afx->what = 4;
|
||||
|
@ -264,7 +264,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
|
||||
do_compress = 0;
|
||||
}
|
||||
|
||||
if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, &out )))
|
||||
if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, 0, &out )))
|
||||
{
|
||||
iobuf_cancel (inp);
|
||||
xfree (cfx.dek);
|
||||
@ -567,7 +567,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
|
||||
if (opt.textmode)
|
||||
iobuf_push_filter (inp, text_filter, &tfx);
|
||||
|
||||
rc = open_outfile (outputfd, filename, opt.armor? 1:0, &out);
|
||||
rc = open_outfile (outputfd, filename, opt.armor? 1:0, 0, &out);
|
||||
if (rc)
|
||||
goto leave;
|
||||
|
||||
|
@ -201,7 +201,7 @@ do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options )
|
||||
|
||||
memset( &zfx, 0, sizeof zfx);
|
||||
|
||||
rc = open_outfile (-1, NULL, 0, &out );
|
||||
rc = open_outfile (-1, NULL, 0, !!secret, &out );
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
|
@ -213,7 +213,7 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force)
|
||||
gpg_err_set_errno (EPERM);
|
||||
}
|
||||
else
|
||||
iobuf = iobuf_create (filename);
|
||||
iobuf = iobuf_create (filename, 0);
|
||||
umask (oldmask);
|
||||
if (!iobuf)
|
||||
{
|
||||
|
@ -3814,7 +3814,7 @@ do_generate_keypair (struct para_data_s *para,
|
||||
gpg_err_set_errno (EPERM);
|
||||
}
|
||||
else
|
||||
outctrl->pub.stream = iobuf_create( outctrl->pub.fname );
|
||||
outctrl->pub.stream = iobuf_create (outctrl->pub.fname, 0);
|
||||
if (!outctrl->pub.stream)
|
||||
{
|
||||
log_error(_("can't create '%s': %s\n"), outctrl->pub.newfname,
|
||||
@ -4442,6 +4442,9 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
|
||||
(ulong)sk->keyid[0], (ulong)sk->keyid[1]);
|
||||
|
||||
fname = make_filename (backup_dir, name_buffer, NULL);
|
||||
/* Note that the umask call is not anymore needed because
|
||||
iobuf_create now takes care of it. However, it does not harm
|
||||
and thus we keep it. */
|
||||
oldmask = umask (077);
|
||||
if (is_secured_filename (fname))
|
||||
{
|
||||
@ -4449,7 +4452,7 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
|
||||
gpg_err_set_errno (EPERM);
|
||||
}
|
||||
else
|
||||
fp = iobuf_create (fname);
|
||||
fp = iobuf_create (fname, 1);
|
||||
umask (oldmask);
|
||||
if (!fp)
|
||||
{
|
||||
|
@ -1197,7 +1197,9 @@ create_tmp_file (const char *template,
|
||||
strcpy (stpcpy(tmpfname,template), EXTSEP_S "tmp");
|
||||
# endif /* Posix filename */
|
||||
|
||||
/* Create the temp file with limited access */
|
||||
/* Create the temp file with limited access. Note that the umask
|
||||
call is not anymore needed because iobuf_create now takes care
|
||||
of it. However, it does not harm and thus we keep it. */
|
||||
oldmask=umask(077);
|
||||
if (is_secured_filename (tmpfname))
|
||||
{
|
||||
@ -1205,7 +1207,7 @@ create_tmp_file (const char *template,
|
||||
gpg_err_set_errno (EPERM);
|
||||
}
|
||||
else
|
||||
*r_fp = iobuf_create (tmpfname);
|
||||
*r_fp = iobuf_create (tmpfname, 1);
|
||||
umask(oldmask);
|
||||
if (!*r_fp)
|
||||
{
|
||||
@ -1513,7 +1515,7 @@ do_copy (int mode, const char *fname, KBNODE root,
|
||||
gpg_err_set_errno (EPERM);
|
||||
}
|
||||
else
|
||||
newfp = iobuf_create (fname);
|
||||
newfp = iobuf_create (fname, 1);
|
||||
umask(oldmask);
|
||||
if( !newfp )
|
||||
{
|
||||
|
@ -270,7 +270,8 @@ int save_unprotected_key_to_card (PKT_public_key *sk, int keyno);
|
||||
int overwrite_filep( const char *fname );
|
||||
char *make_outfile_name( const char *iname );
|
||||
char *ask_outfile_name( const char *name, size_t namelen );
|
||||
int open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a);
|
||||
int open_outfile (int inp_fd, const char *iname, int mode,
|
||||
int restrictedperm, iobuf_t *a);
|
||||
iobuf_t open_sigfile( const char *iname, progress_filter_context_t *pfx );
|
||||
void try_make_homedir( const char *fname );
|
||||
|
||||
|
@ -177,10 +177,12 @@ ask_outfile_name( const char *name, size_t namelen )
|
||||
*
|
||||
* If INP_FD is not -1 the function simply creates an IOBUF for that
|
||||
* file descriptor and ignorea INAME and MODE. Note that INP_FD won't
|
||||
* be closed if the returned IOBUF is closed.
|
||||
* be closed if the returned IOBUF is closed. With RESTRICTEDPERM a
|
||||
* file will be created with mode 700 if possible.
|
||||
*/
|
||||
int
|
||||
open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
|
||||
open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm,
|
||||
iobuf_t *a)
|
||||
{
|
||||
int rc = 0;
|
||||
|
||||
@ -204,7 +206,7 @@ open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
|
||||
}
|
||||
else if (iobuf_is_pipe_filename (iname) && !opt.outfile)
|
||||
{
|
||||
*a = iobuf_create(NULL);
|
||||
*a = iobuf_create (NULL, 0);
|
||||
if ( !*a )
|
||||
{
|
||||
rc = gpg_error_from_syserror ();
|
||||
@ -284,7 +286,7 @@ open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
|
||||
gpg_err_set_errno (EPERM);
|
||||
}
|
||||
else
|
||||
*a = iobuf_create (name);
|
||||
*a = iobuf_create (name, restrictedperm);
|
||||
if (!*a)
|
||||
{
|
||||
rc = gpg_error_from_syserror ();
|
||||
|
@ -328,7 +328,7 @@ gen_desig_revoke( const char *uname, strlist_t locusr )
|
||||
if( !opt.armor )
|
||||
tty_printf(_("ASCII armored output forced.\n"));
|
||||
|
||||
if( (rc = open_outfile (-1, NULL, 0, &out )) )
|
||||
if( (rc = open_outfile (-1, NULL, 0, 1, &out )) )
|
||||
goto leave;
|
||||
|
||||
afx->what = 1;
|
||||
@ -518,7 +518,7 @@ gen_revoke (const char *uname)
|
||||
if (!opt.armor)
|
||||
tty_printf (_("ASCII armored output forced.\n"));
|
||||
|
||||
if ((rc = open_outfile (-1, NULL, 0, &out )))
|
||||
if ((rc = open_outfile (-1, NULL, 0, 1, &out )))
|
||||
goto leave;
|
||||
|
||||
afx->what = 1;
|
||||
|
10
g10/sign.c
10
g10/sign.c
@ -871,7 +871,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
|
||||
gpg_err_set_errno (EPERM);
|
||||
}
|
||||
else
|
||||
out = iobuf_create( outfile );
|
||||
out = iobuf_create (outfile, 0);
|
||||
if( !out )
|
||||
{
|
||||
rc = gpg_error_from_syserror ();
|
||||
@ -882,7 +882,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
|
||||
log_info(_("writing to '%s'\n"), outfile );
|
||||
}
|
||||
else if( (rc = open_outfile (-1, fname,
|
||||
opt.armor? 1: detached? 2:0, &out )))
|
||||
opt.armor? 1: detached? 2:0, 0, &out)))
|
||||
goto leave;
|
||||
|
||||
/* prepare to calculate the MD over the input */
|
||||
@ -1188,7 +1188,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
|
||||
gpg_err_set_errno (EPERM);
|
||||
}
|
||||
else
|
||||
out = iobuf_create( outfile );
|
||||
out = iobuf_create (outfile, 0);
|
||||
if( !out )
|
||||
{
|
||||
rc = gpg_error_from_syserror ();
|
||||
@ -1198,7 +1198,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
|
||||
else if( opt.verbose )
|
||||
log_info(_("writing to '%s'\n"), outfile );
|
||||
}
|
||||
else if( (rc = open_outfile (-1, fname, 1, &out )) )
|
||||
else if ((rc = open_outfile (-1, fname, 1, 0, &out)))
|
||||
goto leave;
|
||||
|
||||
iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----" LF );
|
||||
@ -1366,7 +1366,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
|
||||
cfx.dek->use_mdc=1;
|
||||
|
||||
/* now create the outfile */
|
||||
rc = open_outfile (-1, fname, opt.armor? 1:0, &out);
|
||||
rc = open_outfile (-1, fname, opt.armor? 1:0, 0, &out);
|
||||
if (rc)
|
||||
goto leave;
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user