From 90cbfc96d118d6b55c47392d8ae421434dea8225 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Mon, 25 Feb 2013 17:34:21 +0100 Subject: Make sure to set umask() before calling mkstemp(). Reviewed-by: David Disseldorp Autobuild-User(master): David Disseldorp Autobuild-Date(master): Wed Mar 6 01:16:34 CET 2013 on sn-devel-104 --- source3/client/client.c | 3 +++ source3/lib/smbrun.c | 4 ++++ source3/libads/kerberos.c | 3 +++ source3/libnet/libnet_samsync_ldif.c | 30 ++++++++++++++++++++++++++++-- source3/printing/printing.c | 3 +++ source3/printing/printspoolss.c | 4 ++++ source3/smbd/message.c | 4 ++++ source3/utils/interact.c | 7 ++++++- source3/utils/net_usershare.c | 3 +++ 9 files changed, 58 insertions(+), 3 deletions(-) (limited to 'source3') diff --git a/source3/client/client.c b/source3/client/client.c index 8038021d83..e21d867c55 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -1361,6 +1361,7 @@ static int cmd_more(void) const char *pager; int fd; int rc = 0; + mode_t mask; rname = talloc_strdup(ctx, client_get_cur_dir()); if (!rname) { @@ -1371,7 +1372,9 @@ static int cmd_more(void) if (!lname) { return 1; } + mask = umask(S_IRWXO | S_IRWXG); fd = mkstemp(lname); + umask(mask); if (fd == -1) { d_printf("failed to create temporary file for more\n"); return 1; diff --git a/source3/lib/smbrun.c b/source3/lib/smbrun.c index 0ecdc0d683..15a0c886e4 100644 --- a/source3/lib/smbrun.c +++ b/source3/lib/smbrun.c @@ -18,6 +18,7 @@ */ #include "includes.h" +#include "system/filesys.h" /* need to move this from here!! need some sleep ... */ struct current_user current_user; @@ -31,6 +32,7 @@ static int setup_out_fd(void) int fd; TALLOC_CTX *ctx = talloc_stackframe(); char *path = NULL; + mode_t mask; path = talloc_asprintf(ctx, "%s/smb.XXXXXX", @@ -42,7 +44,9 @@ static int setup_out_fd(void) } /* now create the file */ + mask = umask(S_IRWXO | S_IRWXG); fd = mkstemp(path); + umask(mask); if (fd == -1) { DEBUG(0,("setup_out_fd: Failed to create file %s. (%s)\n", diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 50a409c1af..96d194dc31 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -833,6 +833,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, char *realm_upper = NULL; bool result = false; char *aes_enctypes = NULL; + mode_t mask; if (!lp_create_krb5_conf()) { return false; @@ -906,7 +907,9 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, flen = strlen(file_contents); + mask = umask(S_IRWXO | S_IRWXG); fd = mkstemp(tmpname); + umask(mask); if (fd == -1) { DEBUG(0,("create_local_private_krb5_conf_for_domain: smb_mkstemp failed," " for file %s. Errno %s\n", diff --git a/source3/libnet/libnet_samsync_ldif.c b/source3/libnet/libnet_samsync_ldif.c index c492b9fda5..2ea9c82328 100644 --- a/source3/libnet/libnet_samsync_ldif.c +++ b/source3/libnet/libnet_samsync_ldif.c @@ -24,6 +24,7 @@ */ #include "includes.h" +#include "system/filesys.h" #include "libnet/libnet_samsync.h" #include "transfer_file.h" #include "passdb.h" @@ -929,6 +930,8 @@ static NTSTATUS ldif_init_context(TALLOC_CTX *mem_ctx, const char *add_template = "/tmp/add.ldif.XXXXXX"; const char *mod_template = "/tmp/mod.ldif.XXXXXX"; const char *builtin_sid = "S-1-5-32"; + mode_t mask; + int fd; r = talloc_zero(mem_ctx, struct samsync_ldif_context); NT_STATUS_HAVE_NO_MEMORY(r); @@ -980,14 +983,37 @@ static NTSTATUS ldif_init_context(TALLOC_CTX *mem_ctx, goto done; } + mask = umask(S_IRWXO | S_IRWXG); + fd = mkstemp(r->add_name); + umask(mask); + if (fd < 0) { + DEBUG(1, ("Could not create %s\n", r->add_name)); + status = NT_STATUS_UNSUCCESSFUL; + goto done; + } + /* Open the add and mod ldif files */ - if (!(r->add_file = fdopen(mkstemp(r->add_name),"w"))) { + r->add_file = fdopen(fd, "w"); + if (r->add_file == NULL) { DEBUG(1, ("Could not open %s\n", r->add_name)); + close(fd); status = NT_STATUS_UNSUCCESSFUL; goto done; } - if (!(r->mod_file = fdopen(mkstemp(r->module_name),"w"))) { + + mask = umask(S_IRWXO | S_IRWXG); + fd = mkstemp(r->module_name); + umask(mask); + if (fd < 0) { + DEBUG(1, ("Could not create %s\n", r->module_name)); + status = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + r->mod_file = fdopen(fd, "w"); + if (r->mod_file == NULL) { DEBUG(1, ("Could not open %s\n", r->module_name)); + close(fd); status = NT_STATUS_UNSUCCESSFUL; goto done; } diff --git a/source3/printing/printing.c b/source3/printing/printing.c index c394118303..43f75e5c43 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -2709,6 +2709,7 @@ static WERROR print_job_spool_file(int snum, uint32_t jobid, SMB_STRUCT_STAT st; const char *path; int len; + mode_t mask; /* if this file is within the printer path, it means that smbd * is spooling it and will pass us control when it is finished. @@ -2746,7 +2747,9 @@ static WERROR print_job_spool_file(int snum, uint32_t jobid, slprintf(pjob->filename, sizeof(pjob->filename)-1, "%s/%sXXXXXX", lp_pathname(talloc_tos(), snum), PRINT_SPOOL_PREFIX); + mask = umask(S_IRWXO | S_IRWXG); pjob->fd = mkstemp(pjob->filename); + umask(mask); if (pjob->fd == -1) { werr = map_werror_from_unix(errno); diff --git a/source3/printing/printspoolss.c b/source3/printing/printspoolss.c index acf4c0d19a..5fab7d54ef 100644 --- a/source3/printing/printspoolss.c +++ b/source3/printing/printspoolss.c @@ -18,6 +18,7 @@ */ #include "includes.h" +#include "system/filesys.h" #include "printing.h" #include "rpc_client/rpc_client.h" #include "../librpc/gen_ndr/ndr_spoolss_c.h" @@ -68,6 +69,7 @@ NTSTATUS print_spool_open(files_struct *fsp, struct spoolss_DocumentInfo1 *info1; int fd = -1; WERROR werr; + mode_t mask; tmp_ctx = talloc_new(fsp); if (!tmp_ctx) { @@ -127,7 +129,9 @@ NTSTATUS print_spool_open(files_struct *fsp, goto done; } errno = 0; + mask = umask(S_IRWXO | S_IRWXG); fd = mkstemp(pf->filename); + umask(mask); if (fd == -1) { if (errno == EACCES) { /* Common setup error, force a report. */ diff --git a/source3/smbd/message.c b/source3/smbd/message.c index 59949e21ae..5369f3185a 100644 --- a/source3/smbd/message.c +++ b/source3/smbd/message.c @@ -23,6 +23,7 @@ #include "includes.h" +#include "system/filesys.h" #include "smbd/smbd.h" #include "smbd/globals.h" #include "smbprofile.h" @@ -50,6 +51,7 @@ static void msg_deliver(struct msg_state *state) ssize_t sz; fstring alpha_buf; char *s; + mode_t mask; if (! (*lp_msg_command(frame))) { DEBUG(1,("no messaging command specified\n")); @@ -61,7 +63,9 @@ static void msg_deliver(struct msg_state *state) if (!name) { goto done; } + mask = umask(S_IRWXO | S_IRWXG); fd = mkstemp(name); + umask(mask); if (fd == -1) { DEBUG(1, ("can't open message file %s: %s\n", name, diff --git a/source3/utils/interact.c b/source3/utils/interact.c index 6d753dd012..f8fed6de19 100644 --- a/source3/utils/interact.c +++ b/source3/utils/interact.c @@ -25,6 +25,7 @@ */ #include "includes.h" +#include "system/filesys.h" #include "interact.h" @@ -79,8 +80,12 @@ char* interact_edit(TALLOC_CTX* mem_ctx, const char* str) { char buf[128]; char* ret = NULL; FILE* file; + mode_t mask; + int fd; - int fd = mkstemp(fname); + mask = umask(S_IRWXO | S_IRWXG); + fd = mkstemp(fname); + umask(mask); if (fd == -1) { DEBUG(0, ("failed to mkstemp %s: %s\n", fname, strerror(errno))); diff --git a/source3/utils/net_usershare.c b/source3/utils/net_usershare.c index 382fe2f250..78d38daaf9 100644 --- a/source3/utils/net_usershare.c +++ b/source3/utils/net_usershare.c @@ -642,6 +642,7 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) uid_t myeuid = geteuid(); bool guest_ok = false; int num_usershares; + mode_t mask; us_comment = ""; arg_acl = "S-1-1-0:R"; @@ -895,7 +896,9 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) } /* Create a temporary filename for this share. */ + mask = umask(S_IRWXO | S_IRWXG); tmpfd = mkstemp(full_path_tmp); + umask(mask); if (tmpfd == -1) { d_fprintf(stderr, -- cgit