rpms / krb5

Clone
Source Code
GIT

Blame SOURCES/krb5-1.14.2-log_file_mode.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   fbb0669ff0ad2e597135814bdd1d52663a553eac
  2.   SOURCES
  3.   krb5-1.14.2-log_file_mode.patch
Blob History Raw
8c1676 
From 9914b93516bbce9b1123ed5f9f796b7028944892 Mon Sep 17 00:00:00 2001
8c1676 
From: Robbie Harwood <rharwood@redhat.com>
8c1676 
Date: Thu, 17 Dec 2015 13:31:39 -0500
8c1676 
Subject: [PATCH] Create KDC and kadmind log files with mode 0640
8c1676
8c1676 
In krb5_klog_init(), use open() and fdopen() to open log files so that
8c1676 
we can specify a mode.  Specify a mode which doesn't include the
8c1676 
group-write, other-read, or other-write bits even if the process umask
8c1676 
allows them.
8c1676
8c1676 
[ghudson@mit.edu: wrote commit message, de-indented post-open setup
8c1676 
code]
8c1676 
[rharwood@redhat.com: backport not clean due to SELinux patching]
8c1676
8c1676 
ticket: 8344 (new)
8c1676 
---
8c1676 
 src/lib/kadm5/logger.c | 21 ++++++++++++---------
8c1676 
 1 file changed, 12 insertions(+), 9 deletions(-)
8c1676
8c1676 
diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c
8c1676 
index 19c4355..f4a9387 100644
8c1676
8c1676 
--- a/src/lib/kadm5/logger.c	2016-01-21 18:52:52.529544902 +0000
8c1676 
+++ b/src/lib/kadm5/logger.c	2016-01-21 18:57:22.923972419 +0000
8c1676 
@@ -354,7 +354,7 @@
8c1676 
     const char  *logging_profent[3];
8c1676 
     const char  *logging_defent[3];
8c1676 
     char        **logging_specs;
8c1676 
-    int         i, ngood;
8c1676 
+    int         i, ngood, fd, append;
8c1676 
     char        *cp, *cp2;
8c1676 
     char        savec = '\0';
8c1676 
     int         error;
8c1676 
@@ -422,18 +422,21 @@
8c1676 
                     /*
8c1676 
                      * Check for append/overwrite, then open the file.
8c1676 
                      */
8c1676 
-                    if (cp[4] == ':' || cp[4] == '=') {
8c1676 
-                        f = WRITABLEFOPEN(&cp[5], (cp[4] == ':') ? "a" : "w");
8c1676 
-                        if (f) {
8c1676 
-                            set_cloexec_file(f);
8c1676 
-                            log_control.log_entries[i].lfu_filep = f;
8c1676 
-                            log_control.log_entries[i].log_type = K_LOG_FILE;
8c1676 
-                            log_control.log_entries[i].lfu_fname = &cp[5];
8c1676 
-                        } else {
8c1676 
+                    append = (cp[4] == ':') ? O_APPEND : 0;
8c1676 
+                    if (append || cp[4] == '=') {
8c1676 
+                        fd = THREEPARAMOPEN(&cp[5], O_CREAT | O_WRONLY | append,
8c1676 
+                                  S_IRUSR | S_IWUSR | S_IRGRP);
8c1676 
+                        if (fd != -1)
8c1676 
+                            f = fdopen(fd, append ? "a" : "w");
8c1676 
+                        if (fd == -1 || f == NULL) {
8c1676 
                             fprintf(stderr,"Couldn't open log file %s: %s\n",
8c1676 
                                     &cp[5], error_message(errno));
8c1676 
                             continue;
8c1676 
                         }
8c1676 
+                        set_cloexec_file(f);
8c1676 
+                        log_control.log_entries[i].lfu_filep = f;
8c1676 
+                        log_control.log_entries[i].log_type = K_LOG_FILE;
8c1676 
+                        log_control.log_entries[i].lfu_fname = &cp[5];
8c1676 
                     }
8c1676 
                 }
8c1676 
 #ifdef  HAVE_SYSLOG

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation