Fix permissions for temporary files

author Michael Friedrich <michael.friedrich@netways.de>

Wed, 24 Feb 2016 10:00:44 +0000 (11:00 +0100)

committer Michael Friedrich <michael.friedrich@netways.de>

Wed, 24 Feb 2016 10:27:22 +0000 (11:27 +0100)
author Michael Friedrich <michael.friedrich@netways.de>
Wed, 24 Feb 2016 10:00:44 +0000 (11:00 +0100)
committer Michael Friedrich <michael.friedrich@netways.de>
Wed, 24 Feb 2016 10:27:22 +0000 (11:27 +0100)
diff --git a/lib/base/configobject.cpp b/lib/base/configobject.cpp

index 214b78c2f74a502898f958ea63b908c704b35fac..cfb099480dd39d137f0e8182812ea6eee17162e3 100644 (file)
--- a/lib/base/configobject.cpp
+++ b/lib/base/configobject.cpp
@@ -483,7 +483,7 @@ void ConfigObject::DumpObjects(const String& filename, int attributeTypes)
             << "Dumping program state to file '" << filename << "'";
  
         std::fstream fp;
-       String tempFilename = Utility::CreateTempFile(filename + ".XXXXXX", fp);
+       String tempFilename = Utility::CreateTempFile(filename + ".XXXXXX", 0600, fp);
  
         if (!fp)
                 BOOST_THROW_EXCEPTION(std::runtime_error("Could not open '" + tempFilename + "' file"));
diff --git a/lib/base/scriptglobal.cpp b/lib/base/scriptglobal.cpp

index a80484cb6a7ba614fb683a263264946b1ea1305e..b5b59900086a94abb2c8e2ffcce42f281055b15d 100644 (file)
--- a/lib/base/scriptglobal.cpp
+++ b/lib/base/scriptglobal.cpp
@@ -66,7 +66,7 @@ void ScriptGlobal::WriteToFile(const String& filename)
                 << "Dumping variables to file '" << filename << "'";
  
         std::fstream fp;
-       String tempFilename = Utility::CreateTempFile(filename + ".XXXXXX", fp);
+       String tempFilename = Utility::CreateTempFile(filename + ".XXXXXX", 0600, fp);
  
         if (!fp)
                 BOOST_THROW_EXCEPTION(std::runtime_error("Could not open '" + tempFilename + "' file"));
diff --git a/lib/base/utility.cpp b/lib/base/utility.cpp

index 4a11b9c31b9fe8427e64276153dcfa4f9a3c529d..da21d74805f52f4197ad39ad77b1ec2c8dbe7dd0 100644 (file)
--- a/lib/base/utility.cpp
+++ b/lib/base/utility.cpp
@@ -700,10 +700,10 @@ bool Utility::GlobRecursive(const String& path, const String& pattern, const boo
  }
  
  
-void Utility::MkDir(const String& path, int flags)
+void Utility::MkDir(const String& path, int mode)
  {
  #ifndef _WIN32
-       if (mkdir(path.CStr(), flags) < 0 && errno != EEXIST) {
+       if (mkdir(path.CStr(), mode) < 0 && errno != EEXIST) {
  #else /*_ WIN32 */
         if (mkdir(path.CStr()) < 0 && errno != EEXIST) {
  #endif /* _WIN32 */
@@ -1327,10 +1327,10 @@ Value Utility::LoadJsonFile(const String& path)
         return JsonDecode(json);
  }
  
-void Utility::SaveJsonFile(const String& path, const Value& value)
+void Utility::SaveJsonFile(const String& path, int mode, const Value& value)
  {
         std::fstream fp;
-       String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", fp);
+       String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", mode, fp);
  
         fp.exceptions(std::ofstream::failbit | std::ofstream::badbit);
         fp << JsonEncode(value);
@@ -1706,7 +1706,7 @@ String Utility::ValidateUTF8(const String& input)
         return output;
  }
  
-String Utility::CreateTempFile(const String& path, std::fstream& fp)
+String Utility::CreateTempFile(const String& path, int mode, std::fstream& fp)
  {
         std::vector<char> targetPath(path.Begin(), path.End());
         targetPath.push_back('\0');
@@ -1734,7 +1734,16 @@ String Utility::CreateTempFile(const String& path, std::fstream& fp)
  
         close(fd);
  
-       return String(targetPath.begin(), targetPath.end() - 1);
+       String resultPath = String(targetPath.begin(), targetPath.end() - 1);
+
+       if (chmod(resultPath.CStr(), mode) < 0) {
+               BOOST_THROW_EXCEPTION(posix_error()
+                   << boost::errinfo_api_function("chmod")
+                   << boost::errinfo_errno(errno)
+                   << boost::errinfo_file_name(resultPath));
+       }
+
+       return resultPath;
  }
  
  #ifdef _WIN32
diff --git a/lib/base/utility.hpp b/lib/base/utility.hpp

index b27ac761273142d32febe23732d8150cf2c922eb..d244086f33304e6d9cbc001d1ec0ea3df599e346 100644 (file)
--- a/lib/base/utility.hpp
+++ b/lib/base/utility.hpp
@@ -131,7 +131,7 @@ public:
         static void CopyFile(const String& source, const String& target);
  
         static Value LoadJsonFile(const String& path);
-       static void SaveJsonFile(const String& path, const Value& value);
+       static void SaveJsonFile(const String& path, int mode, const Value& value);
  
         static String GetPlatformKernel(void);
         static String GetPlatformKernelVersion(void);
@@ -141,7 +141,7 @@ public:
  
         static String ValidateUTF8(const String& input);
  
-       static String CreateTempFile(const String& path, std::fstream& fp);
+       static String CreateTempFile(const String& path, int mode, std::fstream& fp);
  
  private:
         Utility(void);
diff --git a/lib/cli/apisetuputility.cpp b/lib/cli/apisetuputility.cpp

index abe7c38d6995585f16404ef5af4e904e379316fb..56011ca572fc1aa905d4ff1769b6c2a3f00f0ddf 100644 (file)
--- a/lib/cli/apisetuputility.cpp
+++ b/lib/cli/apisetuputility.cpp
@@ -171,7 +171,7 @@ bool ApiSetupUtility::SetupMasterApiUser(void)
         NodeUtility::CreateBackupFile(apiUsersPath);
  
         std::fstream fp;
-       String tempFilename = Utility::CreateTempFile(apiUsersPath + ".XXXXXX", fp);
+       String tempFilename = Utility::CreateTempFile(apiUsersPath + ".XXXXXX", 0640, fp);
  
         fp << "/**\n"
             << " * The APIUser objects are used for authentication against the API.\n"
diff --git a/lib/cli/nodesetupcommand.cpp b/lib/cli/nodesetupcommand.cpp

index a86d02293fa039786403de702bf9c36472d4e34a..0eb34b3b763674c27538b8ecfc715fb0f939700e 100644 (file)
--- a/lib/cli/nodesetupcommand.cpp
+++ b/lib/cli/nodesetupcommand.cpp
@@ -170,7 +170,7 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
         NodeUtility::CreateBackupFile(apipath);
  
         std::fstream fp;
-       String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", fp);
+       String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", 0640, fp);
  
         fp << "/**\n"
             << " * The API listener is used for distributed monitoring setups.\n"
@@ -375,7 +375,7 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
         NodeUtility::CreateBackupFile(apipath);
  
         std::fstream fp;
-       String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", fp);
+       String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", 0640, fp);
  
         fp << "/**\n"
             << " * The API listener is used for distributed monitoring setups.\n"
diff --git a/lib/cli/nodeupdateconfigcommand.cpp b/lib/cli/nodeupdateconfigcommand.cpp

index 8714f3b9b750dff1126fdc330244178e482db11a..4af4a556394a6ade47da3f5de3843499a6f34b55 100644 (file)
--- a/lib/cli/nodeupdateconfigcommand.cpp
+++ b/lib/cli/nodeupdateconfigcommand.cpp
@@ -415,7 +415,7 @@ int NodeUpdateConfigCommand::Run(const boost::program_options::variables_map& vm
  
         /* store the new inventory for next run */
         NodeUtility::CreateRepositoryPath();
-       Utility::SaveJsonFile(inventory_path, inventory);
+       Utility::SaveJsonFile(inventory_path, 0600, inventory);
  
         std::cout << "Make sure to reload Icinga 2 for these changes to take effect." << std::endl;
  
diff --git a/lib/cli/nodeutility.cpp b/lib/cli/nodeutility.cpp

index 3d46c66ba4b679a9a1342542f8185088f8a14bc9..49741fe85697e56e650c53e441d362027426a898 100644 (file)
--- a/lib/cli/nodeutility.cpp
+++ b/lib/cli/nodeutility.cpp
@@ -166,7 +166,7 @@ void NodeUtility::AddNode(const String& name)
         node->Set("repository", Empty);
  
         CreateRepositoryPath();
-       Utility::SaveJsonFile(path, node);
+       Utility::SaveJsonFile(path, 0600, node);
  }
  
  void NodeUtility::AddNodeSettings(const String& name, const String& host,
@@ -179,7 +179,7 @@ void NodeUtility::AddNodeSettings(const String& name, const String& host,
         settings->Set("log_duration", log_duration);
  
         CreateRepositoryPath();
-       Utility::SaveJsonFile(GetNodeSettingsFile(name), settings);
+       Utility::SaveJsonFile(GetNodeSettingsFile(name), 0600, settings);
  }
  
  void NodeUtility::RemoveNode(const String& name)
@@ -386,7 +386,7 @@ bool NodeUtility::WriteNodeConfigObjects(const String& filename, const Array::Pt
         }
  
         std::fstream fp;
-       String tempFilename = Utility::CreateTempFile(filename + ".XXXXXX", fp);
+       String tempFilename = Utility::CreateTempFile(filename + ".XXXXXX", 0640, fp);
  
         fp << "/*\n";
         fp << " * Generated by Icinga 2 node setup commands\n";
@@ -470,7 +470,7 @@ int NodeUtility::UpdateBlackAndWhiteList(const String& type, const String& zone_
  
         String list_path = GetBlackAndWhiteListPath(type);
         CreateRepositoryPath();
-       Utility::SaveJsonFile(list_path, lists);
+       Utility::SaveJsonFile(list_path, 0600, lists);
  
         return 0;
  }
@@ -515,7 +515,7 @@ int NodeUtility::RemoveBlackAndWhiteList(const String& type, const String& zone_
  
         String list_path = GetBlackAndWhiteListPath(type);
         CreateRepositoryPath();
-       Utility::SaveJsonFile(list_path, lists);
+       Utility::SaveJsonFile(list_path, 0600, lists);
  
         return 0;
  }
@@ -640,7 +640,7 @@ void NodeUtility::UpdateConstant(const String& name, const String& value)
  
         std::ifstream ifp(constantsFile.CStr());
         std::fstream ofp;
-       String tempFile = Utility::CreateTempFile(constantsFile + ".XXXXXX", ofp);
+       String tempFile = Utility::CreateTempFile(constantsFile + ".XXXXXX", 0640, ofp);
  
         bool found = false;
  
diff --git a/lib/cli/nodewizardcommand.cpp b/lib/cli/nodewizardcommand.cpp

index 079bb5a135a4caeafd5e17476cf65aac26dc343f..87aeb4763b22935e67e03690aa04c290c31de7f2 100644 (file)
--- a/lib/cli/nodewizardcommand.cpp
+++ b/lib/cli/nodewizardcommand.cpp
@@ -413,7 +413,7 @@ wizard_ticket:
                 NodeUtility::CreateBackupFile(apipath);
  
                 std::fstream fp;
-               String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", fp);
+               String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", 0640, fp);
  
                 fp << "/**\n"
                     << " * The API listener is used for distributed monitoring setups.\n"
@@ -538,7 +538,7 @@ wizard_ticket:
  
  
                 std::fstream fp;
-               String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", fp);
+               String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", 0640, fp);
  
                 fp << "/**\n"
                     << " * The API listener is used for distributed monitoring setups.\n"
diff --git a/lib/cli/repositoryutility.cpp b/lib/cli/repositoryutility.cpp

index 157c371fbc3f929faa56f0ceaa8c9fa9f1387264..a4d43938ebe8645dde51d233c005f35d94d08860 100644 (file)
--- a/lib/cli/repositoryutility.cpp
+++ b/lib/cli/repositoryutility.cpp
@@ -357,7 +357,7 @@ bool RepositoryUtility::WriteObjectToRepositoryChangeLog(const String& path, con
         CreateRepositoryPath(Utility::DirName(path));
  
         std::fstream fp;
-       String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", fp);
+       String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", 0600, fp);
  
         fp << JsonEncode(item);
         fp.close();
@@ -497,7 +497,7 @@ bool RepositoryUtility::WriteObjectToRepository(const String& path, const String
         CreateRepositoryPath(Utility::DirName(path));
  
         std::fstream fp;
-       String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", fp);
+       String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", 0640, fp);
  
         SerializeObject(fp, name, type, item);
         fp << std::endl;
diff --git a/lib/compat/statusdatawriter.cpp b/lib/compat/statusdatawriter.cpp

index bfd90bb476c38f0b6119c6ecb9bd1af11630d8d0..0986fdfdf6d4c1af43fc2a36087fb6407c63e1c0 100644 (file)
--- a/lib/compat/statusdatawriter.cpp
+++ b/lib/compat/statusdatawriter.cpp
@@ -539,7 +539,7 @@ void StatusDataWriter::UpdateObjectsCache(void)
         String objectsPath = GetObjectsPath();
  
         std::fstream objectfp;
-       String tempObjectsPath = Utility::CreateTempFile(objectsPath + ".XXXXXX", objectfp);
+       String tempObjectsPath = Utility::CreateTempFile(objectsPath + ".XXXXXX", 0640, objectfp);
  
         objectfp << std::fixed;
  
@@ -785,7 +785,7 @@ void StatusDataWriter::StatusTimerHandler(void)
         String statusPath = GetStatusPath();
  
         std::fstream statusfp;
-       String tempStatusPath = Utility::CreateTempFile(statusPath + ".XXXXXX", statusfp);
+       String tempStatusPath = Utility::CreateTempFile(statusPath + ".XXXXXX", 0640, statusfp);
  
         statusfp << std::fixed;
  
diff --git a/lib/config/configcompilercontext.cpp b/lib/config/configcompilercontext.cpp

index 917ee9e9f281ec33e72721ac8660e08c8050fdfa..901e00d41a723a665dd469dd6ae9bac1943b699b 100644 (file)
--- a/lib/config/configcompilercontext.cpp
+++ b/lib/config/configcompilercontext.cpp
@@ -37,7 +37,7 @@ void ConfigCompilerContext::OpenObjectsFile(const String& filename)
         m_ObjectsPath = filename;
  
         std::fstream *fp = new std::fstream();
-       m_ObjectsTempFile = Utility::CreateTempFile(filename + ".XXXXXX", *fp);
+       m_ObjectsTempFile = Utility::CreateTempFile(filename + ".XXXXXX", 0600, *fp);
  
         if (!*fp)
                 BOOST_THROW_EXCEPTION(std::runtime_error("Could not open '" + m_ObjectsTempFile + "' file"));
diff --git a/lib/icinga/clusterevents.cpp b/lib/icinga/clusterevents.cpp

index 4e712cf82364bf5cca97c0a625cd3408f7902cb9..eaf2e62ad306ec2b690df829026a65fc22969b5c 100644 (file)
--- a/lib/icinga/clusterevents.cpp
+++ b/lib/icinga/clusterevents.cpp
@@ -724,7 +724,7 @@ Value ClusterEvents::UpdateRepositoryAPIHandler(const MessageOrigin::Ptr& origin
         String repositoryFile = GetRepositoryDir() + SHA256(params->Get("endpoint")) + ".repo";
  
         std::fstream fp;
-       String tempRepositoryFile = Utility::CreateTempFile(repositoryFile + ".XXXXXX", fp);
+       String tempRepositoryFile = Utility::CreateTempFile(repositoryFile + ".XXXXXX", 0640, fp);
  
         fp << JsonEncode(params);
         fp.close();
diff --git a/lib/icinga/icingaapplication.cpp b/lib/icinga/icingaapplication.cpp

index 2825030d1656108238dcb19235f6d11f98fef934..9bbd81583f37cbe6cbb43139ca188cc774614a76 100644 (file)
--- a/lib/icinga/icingaapplication.cpp
+++ b/lib/icinga/icingaapplication.cpp
@@ -175,7 +175,7 @@ void IcingaApplication::DumpModifiedAttributes(void)
         String path = GetModAttrPath();
  
         std::fstream fp;
-       String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", fp);
+       String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", 0640, fp);
  
         ConfigObject::Ptr previousObject;
         ConfigObject::DumpModifiedAttributes(boost::bind(&PersistModAttrHelper, boost::ref(fp), boost::ref(previousObject), _1, _2, _3));
author	Michael Friedrich <michael.friedrich@netways.de>
	Wed, 24 Feb 2016 10:00:44 +0000 (11:00 +0100)
committer	Michael Friedrich <michael.friedrich@netways.de>
	Wed, 24 Feb 2016 10:27:22 +0000 (11:27 +0100)
lib/base/configobject.cpp		patch \| blob \| history
lib/base/scriptglobal.cpp		patch \| blob \| history
lib/base/utility.cpp		patch \| blob \| history
lib/base/utility.hpp		patch \| blob \| history
lib/cli/apisetuputility.cpp		patch \| blob \| history
lib/cli/nodesetupcommand.cpp		patch \| blob \| history
lib/cli/nodeupdateconfigcommand.cpp		patch \| blob \| history
lib/cli/nodeutility.cpp		patch \| blob \| history
lib/cli/nodewizardcommand.cpp		patch \| blob \| history
lib/cli/repositoryutility.cpp		patch \| blob \| history
lib/compat/statusdatawriter.cpp		patch \| blob \| history
lib/config/configcompilercontext.cpp		patch \| blob \| history
lib/icinga/clusterevents.cpp		patch \| blob \| history
lib/icinga/icingaapplication.cpp		patch \| blob \| history