From 93e45a2596bcc00be977ae28b2b1d112d787eccb Mon Sep 17 00:00:00 2001 From: John Carr Date: Sun, 23 Feb 1992 12:04:58 +0000 Subject: [PATCH] Set umask to 077 on entry so that output files created with stdio will not be world-readable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2210 dc483132-0cff-0310-8789-dd5450dbe970 --- src/admin/edit/kdb5_edit.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/src/admin/edit/kdb5_edit.c b/src/admin/edit/kdb5_edit.c index 2e0529a5d..1bf8760ce 100644 --- a/src/admin/edit/kdb5_edit.c +++ b/src/admin/edit/kdb5_edit.c @@ -144,7 +144,7 @@ char *argv[]; char *dbname = 0; char *defrealm; int keytypedone = 0; - krb5_enctype etype = 0xffff; + krb5_enctype etype = DEFAULT_KDC_ETYPE; int sci_idx, code; extern krb5_kt_ops krb5_ktf_writable_ops; char *request = NULL; @@ -187,6 +187,10 @@ char *argv[]; } } + /* Dump creates files which should not be world-readable. It is easiest + to do a single umask call here; any shells run by the ss command + interface will have umask = 77 but that is not a serious problem. */ + (void) umask(077); if (retval = krb5_kt_register(&krb5_ktf_writable_ops)) { com_err(progname, retval, @@ -203,9 +207,6 @@ char *argv[]; exit(1); } - if (etype == 0xffff) - etype = DEFAULT_KDC_ETYPE; - if (!valid_etype(etype)) { com_err(progname, KRB5_PROG_ETYPE_NOSUPP, "while setting up etype %d", etype); @@ -251,6 +252,8 @@ char *argv[]; exit(0); } +#define NO_PRINC ((krb5_kvno)-1) + krb5_kvno princ_exists(pname, principal) char *pname; @@ -267,7 +270,7 @@ krb5_principal principal; return 0; } if (!nprincs) - return 0; + return NO_PRINC; vno = entry.kvno; krb5_db_free_principal(&entry, nprincs); return(vno); @@ -307,7 +310,7 @@ char *argv[]; com_err(cmdname, retval, "while parsing '%s'", argv[1]); return; } - if (princ_exists(cmdname, newprinc)) { + if (princ_exists(cmdname, newprinc) != NO_PRINC) { com_err(cmdname, 0, "principal '%s' already exists", argv[1]); krb5_free_principal(newprinc); return; @@ -338,7 +341,7 @@ char *argv[]; com_err(argv[0], retval, "while parsing '%s'", argv[1]); return; } - if (princ_exists(argv[0], newprinc)) { + if (princ_exists(argv[0], newprinc) != NO_PRINC) { com_err(argv[0], 0, "principal '%s' already exists", argv[1]); krb5_free_principal(newprinc); return; @@ -370,7 +373,7 @@ char *argv[]; com_err(argv[0], retval, "while parsing '%s'", argv[1]); return; } - if (princ_exists(argv[0], newprinc)) { + if (princ_exists(argv[0], newprinc) != NO_PRINC) { com_err(argv[0], 0, "principal '%s' already exists", argv[1]); krb5_free_principal(newprinc); return; @@ -914,7 +917,7 @@ char *argv[]; com_err(argv[0], retval, "while parsing '%s'", argv[1]); return; } - if (!princ_exists(argv[0], newprinc)) { + if (princ_exists(argv[0], newprinc) == NO_PRINC) { com_err(argv[0], 0, "principal '%s' is not in the database", argv[1]); krb5_free_principal(newprinc); return; @@ -969,7 +972,7 @@ char *argv[]; com_err(argv[0], retval, "while parsing '%s'", argv[1]); return; } - if (!(vno = princ_exists(argv[0], newprinc))) { + if ((vno = princ_exists(argv[0], newprinc)) == NO_PRINC) { com_err(argv[0], 0, "No principal '%s' exists", argv[1]); krb5_free_principal(newprinc); return; @@ -1039,7 +1042,7 @@ char *argv[]; com_err(cmdname, retval, "while parsing '%s'", argv[1]); return; } - if (!(vno = princ_exists(argv[0], newprinc))) { + if ((vno = princ_exists(argv[0], newprinc)) == NO_PRINC) { com_err(cmdname, 0, "No principal '%s' exists!", argv[1]); krb5_free_principal(newprinc); return; @@ -1075,7 +1078,7 @@ char *argv[]; com_err(argv[0], retval, "while parsing '%s'", argv[1]); return; } - if (!(vno = princ_exists(argv[0], newprinc))) { + if ((vno = princ_exists(argv[0], newprinc)) == NO_PRINC) { com_err(argv[0], 0, "No principal '%s' exists!", argv[1]); krb5_free_principal(newprinc); return; -- 2.26.2