krb5 commit: Create KDC and kadmind log files with mode 0640

Greg Hudson ghudson at mit.edu
Wed Jan 13 12:38:50 EST 2016 

https://github.com/krb5/krb5/commit/9914b93516bbce9b1123ed5f9f796b7028944892
commit 9914b93516bbce9b1123ed5f9f796b7028944892
Author: Robbie Harwood <rharwood at redhat.com>
Date:   Thu Dec 17 13:31:39 2015 -0500

    Create KDC and kadmind log files with mode 0640
    
    In krb5_klog_init(), use open() and fdopen() to open log files so that
    we can specify a mode.  Specify a mode which doesn't include the
    group-write, other-read, or other-write bits even if the process umask
    allows them.
    
    [ghudson at mit.edu: wrote commit message, de-indented post-open setup
    code]
    
    ticket: 8344 (new)

 src/lib/kadm5/logger.c |   21 ++++++++++++---------
 1 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c
index 19c4355..f4a9387 100644
--- a/src/lib/kadm5/logger.c
+++ b/src/lib/kadm5/logger.c
@@ -354,7 +354,7 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do
     const char  *logging_profent[3];
     const char  *logging_defent[3];
     char        **logging_specs;
-    int         i, ngood;
+    int         i, ngood, fd, append;
     char        *cp, *cp2;
     char        savec = '\0';
     int         error;
@@ -422,18 +422,21 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do
                     /*
                      * Check for append/overwrite, then open the file.
                      */
-                    if (cp[4] == ':' || cp[4] == '=') {
-                        f = fopen(&cp[5], (cp[4] == ':') ? "a" : "w");
-                        if (f) {
-                            set_cloexec_file(f);
-                            log_control.log_entries[i].lfu_filep = f;
-                            log_control.log_entries[i].log_type = K_LOG_FILE;
-                            log_control.log_entries[i].lfu_fname = &cp[5];
-                        } else {
+                    append = (cp[4] == ':') ? O_APPEND : 0;
+                    if (append || cp[4] == '=') {
+                        fd = open(&cp[5], O_CREAT | O_WRONLY | append,
+                                  S_IRUSR | S_IWUSR | S_IRGRP);
+                        if (fd != -1)
+                            f = fdopen(fd, append ? "a" : "w");
+                        if (fd == -1 || f == NULL) {
                             fprintf(stderr,"Couldn't open log file %s: %s\n",
                                     &cp[5], error_message(errno));
                             continue;
                         }
+                        set_cloexec_file(f);
+                        log_control.log_entries[i].lfu_filep = f;
+                        log_control.log_entries[i].log_type = K_LOG_FILE;
+                        log_control.log_entries[i].lfu_fname = &cp[5];
                     }
                 }
 #ifdef  HAVE_SYSLOG

More information about the cvs-krb5 mailing list