[git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-39-gc434de4
by Werner Koch
cvs at cvs.gnupg.org
Mon Jun 30 09:15:26 CEST 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via c434de4d83ccfaca8bde51de5c2ac8d9656e4e18 (commit)
via 35fdfaa0b94342c53eb82eea155a37ad4009fa9f (commit)
from adad1872b448593275d8cae06dffe376bee067b5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c434de4d83ccfaca8bde51de5c2ac8d9656e4e18
Author: Werner Koch <wk at gnupg.org>
Date: Wed Jun 25 20:25:28 2014 +0200
gpg: Create exported secret files and revocs with mode 700.
* common/iobuf.c (direct_open): Add arg MODE700.
(iobuf_create): Ditto.
* g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM. Change call
callers to pass 0 for it.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new
arg.
* g10/export.c (do_export): Pass true for new arg if SECRET is true.
--
GnuPG-bug-id: 1653.
Note that this works only if --output has been used.
diff --git a/common/iobuf.c b/common/iobuf.c
index d686210..3c68ce5 100644
--- a/common/iobuf.c
+++ b/common/iobuf.c
@@ -248,7 +248,7 @@ fd_cache_synchronize (const char *fname)
static gnupg_fd_t
-direct_open (const char *fname, const char *mode)
+direct_open (const char *fname, const char *mode, int mode700)
{
#ifdef HAVE_W32_SYSTEM
unsigned long da, cd, sm;
@@ -303,7 +303,10 @@ direct_open (const char *fname, const char *mode)
#else /*!HAVE_W32_SYSTEM*/
int oflag;
- int cflag = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
+ int cflag = S_IRUSR | S_IWUSR;
+
+ if (!mode700)
+ cflag |= S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
/* Note, that we do not handle all mode combinations */
if (strchr (mode, '+'))
@@ -420,7 +423,7 @@ fd_cache_open (const char *fname, const char *mode)
}
if (DBG_IOBUF)
log_debug ("fd_cache_open (%s) not cached\n", fname);
- return direct_open (fname, mode);
+ return direct_open (fname, mode, 0);
}
@@ -1425,10 +1428,11 @@ iobuf_sockopen (int fd, const char *mode)
}
/****************
- * create an iobuf for writing to a file; the file will be created.
+ * Create an iobuf for writing to a file; the file will be created.
+ * With MODE700 set the file is created with that mode (Unix only).
*/
iobuf_t
-iobuf_create (const char *fname)
+iobuf_create (const char *fname, int mode700)
{
iobuf_t a;
gnupg_fd_t fp;
@@ -1445,7 +1449,7 @@ iobuf_create (const char *fname)
}
else if ((fd = check_special_filename (fname)) != -1)
return iobuf_fdopen (translate_file_handle (fd, 1), "wb");
- else if ((fp = direct_open (fname, "wb")) == GNUPG_INVALID_FD)
+ else if ((fp = direct_open (fname, "wb", mode700)) == GNUPG_INVALID_FD)
return NULL;
a = iobuf_alloc (2, IOBUF_BUFFER_SIZE);
fcx = xmalloc (sizeof *fcx + strlen (fname));
@@ -1476,7 +1480,7 @@ iobuf_openrw (const char *fname)
if (!fname)
return NULL;
- else if ((fp = direct_open (fname, "r+b")) == GNUPG_INVALID_FD)
+ else if ((fp = direct_open (fname, "r+b", 0)) == GNUPG_INVALID_FD)
return NULL;
a = iobuf_alloc (2, IOBUF_BUFFER_SIZE);
fcx = xmalloc (sizeof *fcx + strlen (fname));
diff --git a/common/iobuf.h b/common/iobuf.h
index d3f5520..ef05547 100644
--- a/common/iobuf.h
+++ b/common/iobuf.h
@@ -115,7 +115,7 @@ iobuf_t iobuf_fdopen (int fd, const char *mode);
iobuf_t iobuf_fdopen_nc (int fd, const char *mode);
iobuf_t iobuf_esopen (estream_t estream, const char *mode, int keep_open);
iobuf_t iobuf_sockopen (int fd, const char *mode);
-iobuf_t iobuf_create (const char *fname);
+iobuf_t iobuf_create (const char *fname, int mode700);
iobuf_t iobuf_append (const char *fname);
iobuf_t iobuf_openrw (const char *fname);
int iobuf_ioctl (iobuf_t a, iobuf_ioctl_t cmd, int intval, void *ptrval);
diff --git a/g10/dearmor.c b/g10/dearmor.c
index d84fb30..3fdd57d 100644
--- a/g10/dearmor.c
+++ b/g10/dearmor.c
@@ -64,7 +64,7 @@ dearmor_file( const char *fname )
push_armor_filter ( afx, inp );
- if( (rc = open_outfile (-1, fname, 0, &out )) )
+ if( (rc = open_outfile (-1, fname, 0, 0, &out)) )
goto leave;
while( (c = iobuf_get(inp)) != -1 )
@@ -110,7 +110,7 @@ enarmor_file( const char *fname )
}
- if( (rc = open_outfile (-1, fname, 1, &out )) )
+ if( (rc = open_outfile (-1, fname, 1, 0, &out )) )
goto leave;
afx->what = 4;
diff --git a/g10/encrypt.c b/g10/encrypt.c
index c8e7962..5b10b73 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -264,7 +264,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
do_compress = 0;
}
- if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, &out )))
+ if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, 0, &out )))
{
iobuf_cancel (inp);
xfree (cfx.dek);
@@ -567,7 +567,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
if (opt.textmode)
iobuf_push_filter (inp, text_filter, &tfx);
- rc = open_outfile (outputfd, filename, opt.armor? 1:0, &out);
+ rc = open_outfile (outputfd, filename, opt.armor? 1:0, 0, &out);
if (rc)
goto leave;
diff --git a/g10/export.c b/g10/export.c
index acf38a7..0aa44f3 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -201,7 +201,7 @@ do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options )
memset( &zfx, 0, sizeof zfx);
- rc = open_outfile (-1, NULL, 0, &out );
+ rc = open_outfile (-1, NULL, 0, !!secret, &out );
if (rc)
return rc;
diff --git a/g10/keydb.c b/g10/keydb.c
index 688c24c..e735b4a 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -213,7 +213,7 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force)
gpg_err_set_errno (EPERM);
}
else
- iobuf = iobuf_create (filename);
+ iobuf = iobuf_create (filename, 0);
umask (oldmask);
if (!iobuf)
{
diff --git a/g10/keygen.c b/g10/keygen.c
index 54d37d0..35c1460 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -3814,7 +3814,7 @@ do_generate_keypair (struct para_data_s *para,
gpg_err_set_errno (EPERM);
}
else
- outctrl->pub.stream = iobuf_create( outctrl->pub.fname );
+ outctrl->pub.stream = iobuf_create (outctrl->pub.fname, 0);
if (!outctrl->pub.stream)
{
log_error(_("can't create '%s': %s\n"), outctrl->pub.newfname,
@@ -4442,6 +4442,9 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
(ulong)sk->keyid[0], (ulong)sk->keyid[1]);
fname = make_filename (backup_dir, name_buffer, NULL);
+ /* Note that the umask call is not anymore needed because
+ iobuf_create now takes care of it. However, it does not harm
+ and thus we keep it. */
oldmask = umask (077);
if (is_secured_filename (fname))
{
@@ -4449,7 +4452,7 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
gpg_err_set_errno (EPERM);
}
else
- fp = iobuf_create (fname);
+ fp = iobuf_create (fname, 1);
umask (oldmask);
if (!fp)
{
diff --git a/g10/keyring.c b/g10/keyring.c
index 04f6eeb..6f75b6a 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -1197,7 +1197,9 @@ create_tmp_file (const char *template,
strcpy (stpcpy(tmpfname,template), EXTSEP_S "tmp");
# endif /* Posix filename */
- /* Create the temp file with limited access */
+ /* Create the temp file with limited access. Note that the umask
+ call is not anymore needed because iobuf_create now takes care
+ of it. However, it does not harm and thus we keep it. */
oldmask=umask(077);
if (is_secured_filename (tmpfname))
{
@@ -1205,7 +1207,7 @@ create_tmp_file (const char *template,
gpg_err_set_errno (EPERM);
}
else
- *r_fp = iobuf_create (tmpfname);
+ *r_fp = iobuf_create (tmpfname, 1);
umask(oldmask);
if (!*r_fp)
{
@@ -1513,7 +1515,7 @@ do_copy (int mode, const char *fname, KBNODE root,
gpg_err_set_errno (EPERM);
}
else
- newfp = iobuf_create (fname);
+ newfp = iobuf_create (fname, 1);
umask(oldmask);
if( !newfp )
{
diff --git a/g10/main.h b/g10/main.h
index 97c6612..ae0bc8c 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -270,7 +270,8 @@ int save_unprotected_key_to_card (PKT_public_key *sk, int keyno);
int overwrite_filep( const char *fname );
char *make_outfile_name( const char *iname );
char *ask_outfile_name( const char *name, size_t namelen );
-int open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a);
+int open_outfile (int inp_fd, const char *iname, int mode,
+ int restrictedperm, iobuf_t *a);
iobuf_t open_sigfile( const char *iname, progress_filter_context_t *pfx );
void try_make_homedir( const char *fname );
diff --git a/g10/openfile.c b/g10/openfile.c
index 119c567..901387d 100644
--- a/g10/openfile.c
+++ b/g10/openfile.c
@@ -177,10 +177,12 @@ ask_outfile_name( const char *name, size_t namelen )
*
* If INP_FD is not -1 the function simply creates an IOBUF for that
* file descriptor and ignorea INAME and MODE. Note that INP_FD won't
- * be closed if the returned IOBUF is closed.
+ * be closed if the returned IOBUF is closed. With RESTRICTEDPERM a
+ * file will be created with mode 700 if possible.
*/
int
-open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
+open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm,
+ iobuf_t *a)
{
int rc = 0;
@@ -204,7 +206,7 @@ open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
}
else if (iobuf_is_pipe_filename (iname) && !opt.outfile)
{
- *a = iobuf_create(NULL);
+ *a = iobuf_create (NULL, 0);
if ( !*a )
{
rc = gpg_error_from_syserror ();
@@ -284,7 +286,7 @@ open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
gpg_err_set_errno (EPERM);
}
else
- *a = iobuf_create (name);
+ *a = iobuf_create (name, restrictedperm);
if (!*a)
{
rc = gpg_error_from_syserror ();
diff --git a/g10/revoke.c b/g10/revoke.c
index 46fa870..1c52dda 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -328,7 +328,7 @@ gen_desig_revoke( const char *uname, strlist_t locusr )
if( !opt.armor )
tty_printf(_("ASCII armored output forced.\n"));
- if( (rc = open_outfile (-1, NULL, 0, &out )) )
+ if( (rc = open_outfile (-1, NULL, 0, 1, &out )) )
goto leave;
afx->what = 1;
@@ -518,7 +518,7 @@ gen_revoke (const char *uname)
if (!opt.armor)
tty_printf (_("ASCII armored output forced.\n"));
- if ((rc = open_outfile (-1, NULL, 0, &out )))
+ if ((rc = open_outfile (-1, NULL, 0, 1, &out )))
goto leave;
afx->what = 1;
diff --git a/g10/sign.c b/g10/sign.c
index 8a87888..907d8c5 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -871,7 +871,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
gpg_err_set_errno (EPERM);
}
else
- out = iobuf_create( outfile );
+ out = iobuf_create (outfile, 0);
if( !out )
{
rc = gpg_error_from_syserror ();
@@ -882,7 +882,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
log_info(_("writing to '%s'\n"), outfile );
}
else if( (rc = open_outfile (-1, fname,
- opt.armor? 1: detached? 2:0, &out )))
+ opt.armor? 1: detached? 2:0, 0, &out)))
goto leave;
/* prepare to calculate the MD over the input */
@@ -1188,7 +1188,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
gpg_err_set_errno (EPERM);
}
else
- out = iobuf_create( outfile );
+ out = iobuf_create (outfile, 0);
if( !out )
{
rc = gpg_error_from_syserror ();
@@ -1198,7 +1198,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
else if( opt.verbose )
log_info(_("writing to '%s'\n"), outfile );
}
- else if( (rc = open_outfile (-1, fname, 1, &out )) )
+ else if ((rc = open_outfile (-1, fname, 1, 0, &out)))
goto leave;
iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----" LF );
@@ -1366,7 +1366,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
cfx.dek->use_mdc=1;
/* now create the outfile */
- rc = open_outfile (-1, fname, opt.armor? 1:0, &out);
+ rc = open_outfile (-1, fname, opt.armor? 1:0, 0, &out);
if (rc)
goto leave;
commit 35fdfaa0b94342c53eb82eea155a37ad4009fa9f
Author: Werner Koch <wk at gnupg.org>
Date: Wed Jun 25 20:25:28 2014 +0200
common: Minor code cleanup for a legacy OS.
* common/iobuf.c (direct_open) [__riscos__]: Simply cpp conditionals.
diff --git a/common/iobuf.c b/common/iobuf.c
index d78e5d2..d686210 100644
--- a/common/iobuf.c
+++ b/common/iobuf.c
@@ -299,7 +299,9 @@ direct_open (const char *fname, const char *mode)
hfile = CreateFile (fname, da, sm, NULL, cd, FILE_ATTRIBUTE_NORMAL, NULL);
#endif
return hfile;
+
#else /*!HAVE_W32_SYSTEM*/
+
int oflag;
int cflag = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
@@ -324,21 +326,18 @@ direct_open (const char *fname, const char *mode)
if (strchr (mode, 'b'))
oflag |= O_BINARY;
#endif
- /* No we need to distinguish between POSIX and RISC OS. */
-#ifndef __riscos__
- return open (fname, oflag, cflag);
-#else
+
+#ifdef __riscos__
{
struct stat buf;
- int rc = stat (fname, &buf);
/* Don't allow iobufs on directories */
- if (!rc && S_ISDIR (buf.st_mode) && !S_ISREG (buf.st_mode))
+ if (!stat (fname, &buf) && S_ISDIR (buf.st_mode) && !S_ISREG (buf.st_mode))
return __set_errno (EISDIR);
- else
- return open (fname, oflag, cflag);
}
#endif
+ return open (fname, oflag, cflag);
+
#endif /*!HAVE_W32_SYSTEM*/
}
-----------------------------------------------------------------------
Summary of changes:
common/iobuf.c | 33 ++++++++++++++++++---------------
common/iobuf.h | 2 +-
g10/dearmor.c | 4 ++--
g10/encrypt.c | 4 ++--
g10/export.c | 2 +-
g10/keydb.c | 2 +-
g10/keygen.c | 7 +++++--
g10/keyring.c | 8 +++++---
g10/main.h | 3 ++-
g10/openfile.c | 10 ++++++----
g10/revoke.c | 4 ++--
g10/sign.c | 10 +++++-----
12 files changed, 50 insertions(+), 39 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list