mir/kea
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/kea synced 2025-09-02 15:05:16 +00:00
Code Issues Releases Wiki Activity

[#3050] Added Umask RAII and use it

Browse Source
This commit is contained in:
Francis Dupont
2024-06-01 00:47:11 +02:00
parent 7d862a067c
commit 84c437e30f
4 changed files with 41 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/lib/process/daemon.cc
View File

@@ -231,6 +231,9 @@ Daemon::writeConfigFile(const std::string& config_file,
isc_throw(Unexpected, "Can't write configuration: conversion to JSON failed"); isc_throw(Unexpected, "Can't write configuration: conversion to JSON failed");
} }
// Remove rights for other from the umask.
Umask mask(S_IRWXO);
std::ofstream out(config_file, std::ios::trunc); std::ofstream out(config_file, std::ios::trunc);
if (!out.good()) { if (!out.good()) {
isc_throw(Unexpected, "Unable to open file " + config_file + " for writing"); isc_throw(Unexpected, "Unable to open file " + config_file + " for writing");

9
src/lib/util/filesystem.cc
View File

@@ -19,7 +19,6 @@
#include <string> #include <string>
#include <fcntl.h> #include <fcntl.h>
#include <sys/stat.h>
using namespace isc::util::str; using namespace isc::util::str;
using namespace std; using namespace std;
@@ -69,6 +68,14 @@ isFile(string const& path) {
return ((statbuf.st_mode & S_IFMT) == S_IFREG); return ((statbuf.st_mode & S_IFMT) == S_IFREG);
} }
Umask::Umask(mode_t mask) : orig_umask_(umask(S_IWGRP | S_IWOTH)) {
umask(orig_umask_ | mask);
}
Umask::~Umask() {
umask(orig_umask_);
}
Path::Path(string const& full_name) { Path::Path(string const& full_name) {
if (!full_name.empty()) { if (!full_name.empty()) {
bool dir_present = false; bool dir_present = false;

18
src/lib/util/filesystem.h
View File

@@ -7,6 +7,7 @@
#ifndef KEA_UTIL_FILESYSTEM_H #ifndef KEA_UTIL_FILESYSTEM_H
#define KEA_UTIL_FILESYSTEM_H #define KEA_UTIL_FILESYSTEM_H
#include <sys/stat.h>
#include <string> #include <string>
namespace isc { namespace isc {
@@ -48,6 +49,23 @@ isDir(const std::string& path);
bool bool
isFile(const std::string& path); isFile(const std::string& path);
/// \brief RAII device to limit access of created files.
struct Umask {
/// \brief Constructor
///
/// Set wanted bits in umask.
Umask(mode_t mask);
/// \brief Destructor.
///
/// Restore umask.
~Umask();
private:
/// \brief Original umask.
mode_t orig_umask_;
};
/// \brief Paths on a filesystem /// \brief Paths on a filesystem
struct Path { struct Path {
/// \brief Constructor /// \brief Constructor

12
src/lib/util/tests/filesystem_unittests.cc
View File

@@ -69,6 +69,18 @@ TEST_F(FileUtilTest, isFile) {
EXPECT_FALSE(isFile(TEST_DATA_BUILDDIR)); EXPECT_FALSE(isFile(TEST_DATA_BUILDDIR));
} }
/// @brief Check Umask.
TEST_F(FileUtilTest, umask) {
// Protect the test itself assuming that Umask does what we expect...
Umask m0(0);
mode_t orig = umask(0);
{
Umask m(S_IROTH);
EXPECT_EQ(S_IROTH, umask(S_IRWXO));
}
EXPECT_EQ(0, umask(orig));
}
/// @brief Check that the components are split correctly. /// @brief Check that the components are split correctly.
TEST(PathTest, components) { TEST(PathTest, components) {
// Complete name // Complete name