Commit 4b7c8ee5 authored by David Lawrence's avatar David Lawrence
Browse files

use libisc fsaccess to make private key file accessible only to owner

parent 5336b803
......@@ -19,21 +19,19 @@
/*
* Principal Author: Brian Wellington
* $Id: dst_parse.c,v 1.21 2000/06/09 20:58:34 gson Exp $
* $Id: dst_parse.c,v 1.22 2000/06/20 04:13:40 tale Exp $
*/
#include <config.h>
#include <isc/base64.h>
#include <isc/dir.h>
#include <isc/fsaccess.h>
#include <isc/lex.h>
#include <isc/mem.h>
#include <isc/string.h>
#include <isc/util.h>
/* XXXBEW For chmod. This should be removed. */
#include <sys/stat.h>
#include "dst_internal.h"
#include "dst_parse.h"
#include "dst/result.h"
......@@ -344,6 +342,7 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
char filename[ISC_DIR_NAMEMAX];
char buffer[MAXFIELDSIZE * 2];
isc_buffer_t b;
isc_fsaccess_t access;
REQUIRE(priv != NULL);
......@@ -358,9 +357,13 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
if ((fp = fopen(filename, "w")) == NULL)
return (DST_R_WRITEERROR);
/* XXXBEW This won't exist on non-unix systems. Hmmm.... */
chmod(filename, 0600);
access = 0;
isc_fsaccess_add(ISC_FSACCESS_OWNER,
ISC_FSACCESS_READ | ISC_FSACCESS_WRITE,
&access);
(void)isc_fsaccess_set(filename, access);
/* XXXDCL return value should be checked for full filesystem */
fprintf(fp, "%s v%d.%d\n", PRIVATE_KEY_STR, MAJOR_VERSION,
MINOR_VERSION);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment