Fix permissions for temporary files

fixes #11212
fixes #11211
This commit is contained in:
Michael Friedrich 2016-02-24 11:00:44 +01:00
parent 4c59ffa555
commit 47c5425137
14 changed files with 38 additions and 29 deletions

View File

@ -483,7 +483,7 @@ void ConfigObject::DumpObjects(const String& filename, int attributeTypes)
<< "Dumping program state to file '" << filename << "'"; << "Dumping program state to file '" << filename << "'";
std::fstream fp; std::fstream fp;
String tempFilename = Utility::CreateTempFile(filename + ".XXXXXX", fp); String tempFilename = Utility::CreateTempFile(filename + ".XXXXXX", 0600, fp);
if (!fp) if (!fp)
BOOST_THROW_EXCEPTION(std::runtime_error("Could not open '" + tempFilename + "' file")); BOOST_THROW_EXCEPTION(std::runtime_error("Could not open '" + tempFilename + "' file"));

View File

@ -66,7 +66,7 @@ void ScriptGlobal::WriteToFile(const String& filename)
<< "Dumping variables to file '" << filename << "'"; << "Dumping variables to file '" << filename << "'";
std::fstream fp; std::fstream fp;
String tempFilename = Utility::CreateTempFile(filename + ".XXXXXX", fp); String tempFilename = Utility::CreateTempFile(filename + ".XXXXXX", 0600, fp);
if (!fp) if (!fp)
BOOST_THROW_EXCEPTION(std::runtime_error("Could not open '" + tempFilename + "' file")); BOOST_THROW_EXCEPTION(std::runtime_error("Could not open '" + tempFilename + "' file"));

View File

@ -700,10 +700,10 @@ bool Utility::GlobRecursive(const String& path, const String& pattern, const boo
} }
void Utility::MkDir(const String& path, int flags) void Utility::MkDir(const String& path, int mode)
{ {
#ifndef _WIN32 #ifndef _WIN32
if (mkdir(path.CStr(), flags) < 0 && errno != EEXIST) { if (mkdir(path.CStr(), mode) < 0 && errno != EEXIST) {
#else /*_ WIN32 */ #else /*_ WIN32 */
if (mkdir(path.CStr()) < 0 && errno != EEXIST) { if (mkdir(path.CStr()) < 0 && errno != EEXIST) {
#endif /* _WIN32 */ #endif /* _WIN32 */
@ -1327,10 +1327,10 @@ Value Utility::LoadJsonFile(const String& path)
return JsonDecode(json); return JsonDecode(json);
} }
void Utility::SaveJsonFile(const String& path, const Value& value) void Utility::SaveJsonFile(const String& path, int mode, const Value& value)
{ {
std::fstream fp; std::fstream fp;
String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", fp); String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", mode, fp);
fp.exceptions(std::ofstream::failbit | std::ofstream::badbit); fp.exceptions(std::ofstream::failbit | std::ofstream::badbit);
fp << JsonEncode(value); fp << JsonEncode(value);
@ -1706,7 +1706,7 @@ String Utility::ValidateUTF8(const String& input)
return output; return output;
} }
String Utility::CreateTempFile(const String& path, std::fstream& fp) String Utility::CreateTempFile(const String& path, int mode, std::fstream& fp)
{ {
std::vector<char> targetPath(path.Begin(), path.End()); std::vector<char> targetPath(path.Begin(), path.End());
targetPath.push_back('\0'); targetPath.push_back('\0');
@ -1734,7 +1734,16 @@ String Utility::CreateTempFile(const String& path, std::fstream& fp)
close(fd); close(fd);
return String(targetPath.begin(), targetPath.end() - 1); String resultPath = String(targetPath.begin(), targetPath.end() - 1);
if (chmod(resultPath.CStr(), mode) < 0) {
BOOST_THROW_EXCEPTION(posix_error()
<< boost::errinfo_api_function("chmod")
<< boost::errinfo_errno(errno)
<< boost::errinfo_file_name(resultPath));
}
return resultPath;
} }
#ifdef _WIN32 #ifdef _WIN32

View File

@ -131,7 +131,7 @@ public:
static void CopyFile(const String& source, const String& target); static void CopyFile(const String& source, const String& target);
static Value LoadJsonFile(const String& path); static Value LoadJsonFile(const String& path);
static void SaveJsonFile(const String& path, const Value& value); static void SaveJsonFile(const String& path, int mode, const Value& value);
static String GetPlatformKernel(void); static String GetPlatformKernel(void);
static String GetPlatformKernelVersion(void); static String GetPlatformKernelVersion(void);
@ -141,7 +141,7 @@ public:
static String ValidateUTF8(const String& input); static String ValidateUTF8(const String& input);
static String CreateTempFile(const String& path, std::fstream& fp); static String CreateTempFile(const String& path, int mode, std::fstream& fp);
private: private:
Utility(void); Utility(void);

View File

@ -171,7 +171,7 @@ bool ApiSetupUtility::SetupMasterApiUser(void)
NodeUtility::CreateBackupFile(apiUsersPath); NodeUtility::CreateBackupFile(apiUsersPath);
std::fstream fp; std::fstream fp;
String tempFilename = Utility::CreateTempFile(apiUsersPath + ".XXXXXX", fp); String tempFilename = Utility::CreateTempFile(apiUsersPath + ".XXXXXX", 0640, fp);
fp << "/**\n" fp << "/**\n"
<< " * The APIUser objects are used for authentication against the API.\n" << " * The APIUser objects are used for authentication against the API.\n"

View File

@ -170,7 +170,7 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
NodeUtility::CreateBackupFile(apipath); NodeUtility::CreateBackupFile(apipath);
std::fstream fp; std::fstream fp;
String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", fp); String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", 0640, fp);
fp << "/**\n" fp << "/**\n"
<< " * The API listener is used for distributed monitoring setups.\n" << " * The API listener is used for distributed monitoring setups.\n"
@ -374,7 +374,7 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
NodeUtility::CreateBackupFile(apipath); NodeUtility::CreateBackupFile(apipath);
std::fstream fp; std::fstream fp;
String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", fp); String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", 0640, fp);
fp << "/**\n" fp << "/**\n"
<< " * The API listener is used for distributed monitoring setups.\n" << " * The API listener is used for distributed monitoring setups.\n"

View File

@ -415,7 +415,7 @@ int NodeUpdateConfigCommand::Run(const boost::program_options::variables_map& vm
/* store the new inventory for next run */ /* store the new inventory for next run */
NodeUtility::CreateRepositoryPath(); NodeUtility::CreateRepositoryPath();
Utility::SaveJsonFile(inventory_path, inventory); Utility::SaveJsonFile(inventory_path, 0600, inventory);
std::cout << "Make sure to reload Icinga 2 for these changes to take effect." << std::endl; std::cout << "Make sure to reload Icinga 2 for these changes to take effect." << std::endl;

View File

@ -166,7 +166,7 @@ void NodeUtility::AddNode(const String& name)
node->Set("repository", Empty); node->Set("repository", Empty);
CreateRepositoryPath(); CreateRepositoryPath();
Utility::SaveJsonFile(path, node); Utility::SaveJsonFile(path, 0600, node);
} }
void NodeUtility::AddNodeSettings(const String& name, const String& host, void NodeUtility::AddNodeSettings(const String& name, const String& host,
@ -179,7 +179,7 @@ void NodeUtility::AddNodeSettings(const String& name, const String& host,
settings->Set("log_duration", log_duration); settings->Set("log_duration", log_duration);
CreateRepositoryPath(); CreateRepositoryPath();
Utility::SaveJsonFile(GetNodeSettingsFile(name), settings); Utility::SaveJsonFile(GetNodeSettingsFile(name), 0600, settings);
} }
void NodeUtility::RemoveNode(const String& name) void NodeUtility::RemoveNode(const String& name)
@ -386,7 +386,7 @@ bool NodeUtility::WriteNodeConfigObjects(const String& filename, const Array::Pt
} }
std::fstream fp; std::fstream fp;
String tempFilename = Utility::CreateTempFile(filename + ".XXXXXX", fp); String tempFilename = Utility::CreateTempFile(filename + ".XXXXXX", 0640, fp);
fp << "/*\n"; fp << "/*\n";
fp << " * Generated by Icinga 2 node setup commands\n"; fp << " * Generated by Icinga 2 node setup commands\n";
@ -470,7 +470,7 @@ int NodeUtility::UpdateBlackAndWhiteList(const String& type, const String& zone_
String list_path = GetBlackAndWhiteListPath(type); String list_path = GetBlackAndWhiteListPath(type);
CreateRepositoryPath(); CreateRepositoryPath();
Utility::SaveJsonFile(list_path, lists); Utility::SaveJsonFile(list_path, 0600, lists);
return 0; return 0;
} }
@ -515,7 +515,7 @@ int NodeUtility::RemoveBlackAndWhiteList(const String& type, const String& zone_
String list_path = GetBlackAndWhiteListPath(type); String list_path = GetBlackAndWhiteListPath(type);
CreateRepositoryPath(); CreateRepositoryPath();
Utility::SaveJsonFile(list_path, lists); Utility::SaveJsonFile(list_path, 0600, lists);
return 0; return 0;
} }
@ -640,7 +640,7 @@ void NodeUtility::UpdateConstant(const String& name, const String& value)
std::ifstream ifp(constantsFile.CStr()); std::ifstream ifp(constantsFile.CStr());
std::fstream ofp; std::fstream ofp;
String tempFile = Utility::CreateTempFile(constantsFile + ".XXXXXX", ofp); String tempFile = Utility::CreateTempFile(constantsFile + ".XXXXXX", 0640, ofp);
bool found = false; bool found = false;

View File

@ -413,7 +413,7 @@ wizard_ticket:
NodeUtility::CreateBackupFile(apipath); NodeUtility::CreateBackupFile(apipath);
std::fstream fp; std::fstream fp;
String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", fp); String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", 0640, fp);
fp << "/**\n" fp << "/**\n"
<< " * The API listener is used for distributed monitoring setups.\n" << " * The API listener is used for distributed monitoring setups.\n"
@ -538,7 +538,7 @@ wizard_ticket:
std::fstream fp; std::fstream fp;
String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", fp); String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", 0640, fp);
fp << "/**\n" fp << "/**\n"
<< " * The API listener is used for distributed monitoring setups.\n" << " * The API listener is used for distributed monitoring setups.\n"

View File

@ -357,7 +357,7 @@ bool RepositoryUtility::WriteObjectToRepositoryChangeLog(const String& path, con
CreateRepositoryPath(Utility::DirName(path)); CreateRepositoryPath(Utility::DirName(path));
std::fstream fp; std::fstream fp;
String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", fp); String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", 0600, fp);
fp << JsonEncode(item); fp << JsonEncode(item);
fp.close(); fp.close();
@ -497,7 +497,7 @@ bool RepositoryUtility::WriteObjectToRepository(const String& path, const String
CreateRepositoryPath(Utility::DirName(path)); CreateRepositoryPath(Utility::DirName(path));
std::fstream fp; std::fstream fp;
String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", fp); String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", 0640, fp);
SerializeObject(fp, name, type, item); SerializeObject(fp, name, type, item);
fp << std::endl; fp << std::endl;

View File

@ -539,7 +539,7 @@ void StatusDataWriter::UpdateObjectsCache(void)
String objectsPath = GetObjectsPath(); String objectsPath = GetObjectsPath();
std::fstream objectfp; std::fstream objectfp;
String tempObjectsPath = Utility::CreateTempFile(objectsPath + ".XXXXXX", objectfp); String tempObjectsPath = Utility::CreateTempFile(objectsPath + ".XXXXXX", 0640, objectfp);
objectfp << std::fixed; objectfp << std::fixed;
@ -785,7 +785,7 @@ void StatusDataWriter::StatusTimerHandler(void)
String statusPath = GetStatusPath(); String statusPath = GetStatusPath();
std::fstream statusfp; std::fstream statusfp;
String tempStatusPath = Utility::CreateTempFile(statusPath + ".XXXXXX", statusfp); String tempStatusPath = Utility::CreateTempFile(statusPath + ".XXXXXX", 0640, statusfp);
statusfp << std::fixed; statusfp << std::fixed;

View File

@ -37,7 +37,7 @@ void ConfigCompilerContext::OpenObjectsFile(const String& filename)
m_ObjectsPath = filename; m_ObjectsPath = filename;
std::fstream *fp = new std::fstream(); std::fstream *fp = new std::fstream();
m_ObjectsTempFile = Utility::CreateTempFile(filename + ".XXXXXX", *fp); m_ObjectsTempFile = Utility::CreateTempFile(filename + ".XXXXXX", 0600, *fp);
if (!*fp) if (!*fp)
BOOST_THROW_EXCEPTION(std::runtime_error("Could not open '" + m_ObjectsTempFile + "' file")); BOOST_THROW_EXCEPTION(std::runtime_error("Could not open '" + m_ObjectsTempFile + "' file"));

View File

@ -724,7 +724,7 @@ Value ClusterEvents::UpdateRepositoryAPIHandler(const MessageOrigin::Ptr& origin
String repositoryFile = GetRepositoryDir() + SHA256(params->Get("endpoint")) + ".repo"; String repositoryFile = GetRepositoryDir() + SHA256(params->Get("endpoint")) + ".repo";
std::fstream fp; std::fstream fp;
String tempRepositoryFile = Utility::CreateTempFile(repositoryFile + ".XXXXXX", fp); String tempRepositoryFile = Utility::CreateTempFile(repositoryFile + ".XXXXXX", 0640, fp);
fp << JsonEncode(params); fp << JsonEncode(params);
fp.close(); fp.close();

View File

@ -175,7 +175,7 @@ void IcingaApplication::DumpModifiedAttributes(void)
String path = GetModAttrPath(); String path = GetModAttrPath();
std::fstream fp; std::fstream fp;
String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", fp); String tempFilename = Utility::CreateTempFile(path + ".XXXXXX", 0640, fp);
ConfigObject::Ptr previousObject; ConfigObject::Ptr previousObject;
ConfigObject::DumpModifiedAttributes(boost::bind(&PersistModAttrHelper, boost::ref(fp), boost::ref(previousObject), _1, _2, _3)); ConfigObject::DumpModifiedAttributes(boost::bind(&PersistModAttrHelper, boost::ref(fp), boost::ref(previousObject), _1, _2, _3));