diff --git a/lib/base/configobject.cpp b/lib/base/configobject.cpp index 214b78c2f..cfb099480 100644 --- a/lib/base/configobject.cpp +++ b/lib/base/configobject.cpp @@ -483,7 +483,7 @@ void ConfigObject::DumpObjects(const String& filename, int attributeTypes) << "Dumping program state to file '" << filename << "'"; std::fstream fp; - String tempFilename = Utility::CreateTempFile(filename + ".XXXXXX", fp); + String tempFilename = Utility::CreateTempFile(filename + ".XXXXXX", 0600, fp); if (!fp) BOOST_THROW_EXCEPTION(std::runtime_error("Could not open '" + tempFilename + "' file")); diff --git a/lib/base/scriptglobal.cpp b/lib/base/scriptglobal.cpp index a80484cb6..b5b599000 100644 --- a/lib/base/scriptglobal.cpp +++ b/lib/base/scriptglobal.cpp @@ -66,7 +66,7 @@ void ScriptGlobal::WriteToFile(const String& filename) << "Dumping variables to file '" << filename << "'"; std::fstream fp; - String tempFilename = Utility::CreateTempFile(filename + ".XXXXXX", fp); + String tempFilename = Utility::CreateTempFile(filename + ".XXXXXX", 0600, fp); if (!fp) BOOST_THROW_EXCEPTION(std::runtime_error("Could not open '" + tempFilename + "' file")); diff --git a/lib/base/utility.cpp b/lib/base/utility.cpp index 4a11b9c31..da21d7480 100644 --- a/lib/base/utility.cpp +++ b/lib/base/utility.cpp @@ -700,10 +700,10 @@ bool Utility::GlobRecursive(const String& path, const String& pattern, const boo } -void Utility::MkDir(const String& path, int flags) +void Utility::MkDir(const String& path, int mode) { #ifndef _WIN32 - if (mkdir(path.CStr(), flags) < 0 && errno != EEXIST) { + if (mkdir(path.CStr(), mode) < 0 && errno != EEXIST) { #else /*_ WIN32 */ if (mkdir(path.CStr()) < 0 && errno != EEXIST) { #endif /* _WIN32 */ @@ -1327,10 +1327,10 @@ Value Utility::LoadJsonFile(const String& path) return JsonDecode(json); } -void Utility::SaveJsonFile(const String& path, const Value& value) +void Utility::SaveJsonFile(const String& path, int mode, const Value& value) { std::fstream fp; - String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", fp); + String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", mode, fp); fp.exceptions(std::ofstream::failbit | std::ofstream::badbit); fp << JsonEncode(value); @@ -1706,7 +1706,7 @@ String Utility::ValidateUTF8(const String& input) return output; } -String Utility::CreateTempFile(const String& path, std::fstream& fp) +String Utility::CreateTempFile(const String& path, int mode, std::fstream& fp) { std::vector targetPath(path.Begin(), path.End()); targetPath.push_back('\0'); @@ -1734,7 +1734,16 @@ String Utility::CreateTempFile(const String& path, std::fstream& fp) close(fd); - return String(targetPath.begin(), targetPath.end() - 1); + String resultPath = String(targetPath.begin(), targetPath.end() - 1); + + if (chmod(resultPath.CStr(), mode) < 0) { + BOOST_THROW_EXCEPTION(posix_error() + << boost::errinfo_api_function("chmod") + << boost::errinfo_errno(errno) + << boost::errinfo_file_name(resultPath)); + } + + return resultPath; } #ifdef _WIN32 diff --git a/lib/base/utility.hpp b/lib/base/utility.hpp index b27ac7612..d244086f3 100644 --- a/lib/base/utility.hpp +++ b/lib/base/utility.hpp @@ -131,7 +131,7 @@ public: static void CopyFile(const String& source, const String& target); static Value LoadJsonFile(const String& path); - static void SaveJsonFile(const String& path, const Value& value); + static void SaveJsonFile(const String& path, int mode, const Value& value); static String GetPlatformKernel(void); static String GetPlatformKernelVersion(void); @@ -141,7 +141,7 @@ public: static String ValidateUTF8(const String& input); - static String CreateTempFile(const String& path, std::fstream& fp); + static String CreateTempFile(const String& path, int mode, std::fstream& fp); private: Utility(void); diff --git a/lib/cli/apisetuputility.cpp b/lib/cli/apisetuputility.cpp index abe7c38d6..56011ca57 100644 --- a/lib/cli/apisetuputility.cpp +++ b/lib/cli/apisetuputility.cpp @@ -171,7 +171,7 @@ bool ApiSetupUtility::SetupMasterApiUser(void) NodeUtility::CreateBackupFile(apiUsersPath); std::fstream fp; - String tempFilename = Utility::CreateTempFile(apiUsersPath + ".XXXXXX", fp); + String tempFilename = Utility::CreateTempFile(apiUsersPath + ".XXXXXX", 0640, fp); fp << "/**\n" << " * The APIUser objects are used for authentication against the API.\n" diff --git a/lib/cli/nodesetupcommand.cpp b/lib/cli/nodesetupcommand.cpp index 33d917723..7d94353c3 100644 --- a/lib/cli/nodesetupcommand.cpp +++ b/lib/cli/nodesetupcommand.cpp @@ -170,7 +170,7 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v NodeUtility::CreateBackupFile(apipath); std::fstream fp; - String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", fp); + String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", 0640, fp); fp << "/**\n" << " * The API listener is used for distributed monitoring setups.\n" @@ -374,7 +374,7 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm, NodeUtility::CreateBackupFile(apipath); std::fstream fp; - String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", fp); + String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", 0640, fp); fp << "/**\n" << " * The API listener is used for distributed monitoring setups.\n" diff --git a/lib/cli/nodeupdateconfigcommand.cpp b/lib/cli/nodeupdateconfigcommand.cpp index 8714f3b9b..4af4a5563 100644 --- a/lib/cli/nodeupdateconfigcommand.cpp +++ b/lib/cli/nodeupdateconfigcommand.cpp @@ -415,7 +415,7 @@ int NodeUpdateConfigCommand::Run(const boost::program_options::variables_map& vm /* store the new inventory for next run */ NodeUtility::CreateRepositoryPath(); - Utility::SaveJsonFile(inventory_path, inventory); + Utility::SaveJsonFile(inventory_path, 0600, inventory); std::cout << "Make sure to reload Icinga 2 for these changes to take effect." << std::endl; diff --git a/lib/cli/nodeutility.cpp b/lib/cli/nodeutility.cpp index 3d46c66ba..49741fe85 100644 --- a/lib/cli/nodeutility.cpp +++ b/lib/cli/nodeutility.cpp @@ -166,7 +166,7 @@ void NodeUtility::AddNode(const String& name) node->Set("repository", Empty); CreateRepositoryPath(); - Utility::SaveJsonFile(path, node); + Utility::SaveJsonFile(path, 0600, node); } void NodeUtility::AddNodeSettings(const String& name, const String& host, @@ -179,7 +179,7 @@ void NodeUtility::AddNodeSettings(const String& name, const String& host, settings->Set("log_duration", log_duration); CreateRepositoryPath(); - Utility::SaveJsonFile(GetNodeSettingsFile(name), settings); + Utility::SaveJsonFile(GetNodeSettingsFile(name), 0600, settings); } void NodeUtility::RemoveNode(const String& name) @@ -386,7 +386,7 @@ bool NodeUtility::WriteNodeConfigObjects(const String& filename, const Array::Pt } std::fstream fp; - String tempFilename = Utility::CreateTempFile(filename + ".XXXXXX", fp); + String tempFilename = Utility::CreateTempFile(filename + ".XXXXXX", 0640, fp); fp << "/*\n"; fp << " * Generated by Icinga 2 node setup commands\n"; @@ -470,7 +470,7 @@ int NodeUtility::UpdateBlackAndWhiteList(const String& type, const String& zone_ String list_path = GetBlackAndWhiteListPath(type); CreateRepositoryPath(); - Utility::SaveJsonFile(list_path, lists); + Utility::SaveJsonFile(list_path, 0600, lists); return 0; } @@ -515,7 +515,7 @@ int NodeUtility::RemoveBlackAndWhiteList(const String& type, const String& zone_ String list_path = GetBlackAndWhiteListPath(type); CreateRepositoryPath(); - Utility::SaveJsonFile(list_path, lists); + Utility::SaveJsonFile(list_path, 0600, lists); return 0; } @@ -640,7 +640,7 @@ void NodeUtility::UpdateConstant(const String& name, const String& value) std::ifstream ifp(constantsFile.CStr()); std::fstream ofp; - String tempFile = Utility::CreateTempFile(constantsFile + ".XXXXXX", ofp); + String tempFile = Utility::CreateTempFile(constantsFile + ".XXXXXX", 0640, ofp); bool found = false; diff --git a/lib/cli/nodewizardcommand.cpp b/lib/cli/nodewizardcommand.cpp index 079bb5a13..87aeb4763 100644 --- a/lib/cli/nodewizardcommand.cpp +++ b/lib/cli/nodewizardcommand.cpp @@ -413,7 +413,7 @@ wizard_ticket: NodeUtility::CreateBackupFile(apipath); std::fstream fp; - String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", fp); + String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", 0640, fp); fp << "/**\n" << " * The API listener is used for distributed monitoring setups.\n" @@ -538,7 +538,7 @@ wizard_ticket: std::fstream fp; - String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", fp); + String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", 0640, fp); fp << "/**\n" << " * The API listener is used for distributed monitoring setups.\n" diff --git a/lib/cli/repositoryutility.cpp b/lib/cli/repositoryutility.cpp index 157c371fb..a4d43938e 100644 --- a/lib/cli/repositoryutility.cpp +++ b/lib/cli/repositoryutility.cpp @@ -357,7 +357,7 @@ bool RepositoryUtility::WriteObjectToRepositoryChangeLog(const String& path, con CreateRepositoryPath(Utility::DirName(path)); std::fstream fp; - String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", fp); + String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", 0600, fp); fp << JsonEncode(item); fp.close(); @@ -497,7 +497,7 @@ bool RepositoryUtility::WriteObjectToRepository(const String& path, const String CreateRepositoryPath(Utility::DirName(path)); std::fstream fp; - String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", fp); + String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", 0640, fp); SerializeObject(fp, name, type, item); fp << std::endl; diff --git a/lib/compat/statusdatawriter.cpp b/lib/compat/statusdatawriter.cpp index bfd90bb47..0986fdfdf 100644 --- a/lib/compat/statusdatawriter.cpp +++ b/lib/compat/statusdatawriter.cpp @@ -539,7 +539,7 @@ void StatusDataWriter::UpdateObjectsCache(void) String objectsPath = GetObjectsPath(); std::fstream objectfp; - String tempObjectsPath = Utility::CreateTempFile(objectsPath + ".XXXXXX", objectfp); + String tempObjectsPath = Utility::CreateTempFile(objectsPath + ".XXXXXX", 0640, objectfp); objectfp << std::fixed; @@ -785,7 +785,7 @@ void StatusDataWriter::StatusTimerHandler(void) String statusPath = GetStatusPath(); std::fstream statusfp; - String tempStatusPath = Utility::CreateTempFile(statusPath + ".XXXXXX", statusfp); + String tempStatusPath = Utility::CreateTempFile(statusPath + ".XXXXXX", 0640, statusfp); statusfp << std::fixed; diff --git a/lib/config/configcompilercontext.cpp b/lib/config/configcompilercontext.cpp index 917ee9e9f..901e00d41 100644 --- a/lib/config/configcompilercontext.cpp +++ b/lib/config/configcompilercontext.cpp @@ -37,7 +37,7 @@ void ConfigCompilerContext::OpenObjectsFile(const String& filename) m_ObjectsPath = filename; std::fstream *fp = new std::fstream(); - m_ObjectsTempFile = Utility::CreateTempFile(filename + ".XXXXXX", *fp); + m_ObjectsTempFile = Utility::CreateTempFile(filename + ".XXXXXX", 0600, *fp); if (!*fp) BOOST_THROW_EXCEPTION(std::runtime_error("Could not open '" + m_ObjectsTempFile + "' file")); diff --git a/lib/icinga/clusterevents.cpp b/lib/icinga/clusterevents.cpp index 4e712cf82..eaf2e62ad 100644 --- a/lib/icinga/clusterevents.cpp +++ b/lib/icinga/clusterevents.cpp @@ -724,7 +724,7 @@ Value ClusterEvents::UpdateRepositoryAPIHandler(const MessageOrigin::Ptr& origin String repositoryFile = GetRepositoryDir() + SHA256(params->Get("endpoint")) + ".repo"; std::fstream fp; - String tempRepositoryFile = Utility::CreateTempFile(repositoryFile + ".XXXXXX", fp); + String tempRepositoryFile = Utility::CreateTempFile(repositoryFile + ".XXXXXX", 0640, fp); fp << JsonEncode(params); fp.close(); diff --git a/lib/icinga/icingaapplication.cpp b/lib/icinga/icingaapplication.cpp index 2825030d1..9bbd81583 100644 --- a/lib/icinga/icingaapplication.cpp +++ b/lib/icinga/icingaapplication.cpp @@ -175,7 +175,7 @@ void IcingaApplication::DumpModifiedAttributes(void) String path = GetModAttrPath(); std::fstream fp; - String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", fp); + String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", 0640, fp); ConfigObject::Ptr previousObject; ConfigObject::DumpModifiedAttributes(boost::bind(&PersistModAttrHelper, boost::ref(fp), boost::ref(previousObject), _1, _2, _3));