summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorJacek Masiulaniec <jacekm@cvs.openbsd.org>2009-03-19 22:03:34 +0000
committerJacek Masiulaniec <jacekm@cvs.openbsd.org>2009-03-19 22:03:34 +0000
commit77c21f04164c15aa9cd578c7a3bb4abaf45d94a0 (patch)
treeed71bc0b62e42248bde0b223d47b926f69a0e4c5 /usr.sbin
parente9465316ae9fc28f82535273101cb54464756139 (diff)
since maps may contain secrets, carry ownership and perms from source file
to db file; ok gilles@
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/smtpd/makemap.c25
1 files changed, 15 insertions, 10 deletions
diff --git a/usr.sbin/smtpd/makemap.c b/usr.sbin/smtpd/makemap.c
index cee2a462be3..44f24877582 100644
--- a/usr.sbin/smtpd/makemap.c
+++ b/usr.sbin/smtpd/makemap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: makemap.c,v 1.14 2009/03/09 16:31:09 jacekm Exp $ */
+/* $OpenBSD: makemap.c,v 1.15 2009/03/19 22:03:33 jacekm Exp $ */
/*
* Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org>
@@ -82,10 +82,11 @@ ssl_load_certfile(struct smtpd *env, const char *name)
int
main(int argc, char *argv[])
{
- char dbname[MAXPATHLEN];
- char *opts;
- char *conf;
- int ch;
+ struct stat sb;
+ char dbname[MAXPATHLEN];
+ char *opts;
+ char *conf;
+ int ch;
log_init(1);
@@ -133,6 +134,9 @@ main(int argc, char *argv[])
if (oflag == NULL && asprintf(&oflag, "%s.db", source) == -1)
err(1, "asprintf");
+ if (stat(source, &sb) == -1)
+ err(1, "stat: %s", source);
+
if (! bsnprintf(dbname, sizeof(dbname), "%s.XXXXXXXXXXX", oflag))
errx(1, "path too long");
if (mkstemp(dbname) == -1)
@@ -144,6 +148,12 @@ main(int argc, char *argv[])
goto bad;
}
+ if (fchmod(db->fd(db), sb.st_mode) == -1 ||
+ fchown(db->fd(db), sb.st_uid, sb.st_gid) == -1) {
+ warn("couldn't carry ownership and perms to %s", dbname);
+ goto bad;
+ }
+
if (! parse_map(source))
goto bad;
@@ -152,11 +162,6 @@ main(int argc, char *argv[])
goto bad;
}
- if (chmod(dbname, 0644) == -1) {
- warn("chmod: %s", dbname);
- goto bad;
- }
-
if (rename(dbname, oflag) == -1) {
warn("rename");
goto bad;