// The prefs file should at least be made readable by user/group/other and writable by the owner.
// Change from euid to ruid if needed for the duration of the new prefs file creat.
- mode_t mode = 0666;
+ mode_t mode = 0644;
changeIdentity(UNPRIV);
int fd = open(mPrefsPath.c_str(), O_WRONLY|O_CREAT|O_TRUNC, mode);
changeIdentity(PRIV);
{
char *prefsPath = (char *)mPrefsPath.c_str();
- int fd1, fd2, retval;
+ int fd1, retval;
struct stat stbuf;
if((fd1 = open(prefsPath, O_RDONLY)) < 0) {
if(stbuf.st_uid != getuid()) {
char tempfile[MAXPATHLEN+1];
- snprintf(tempfile, MAXPATHLEN, "%s.XXXXX", prefsPath);
- mktemp(tempfile);
- changeIdentity(UNPRIV);
- if((fd2 = open(tempfile, O_RDWR | O_CREAT | O_EXCL, 0666)) < 0) {
- retval = -1;
+ changeIdentity(UNPRIV);
+
+ snprintf(tempfile, MAXPATHLEN, "%s.XXXXXX", prefsPath);
+ int fd2 = mkstemp(tempfile);
+ if (fd2 < 0 || ::fchmod(fd2, 0644) != 0) {
+ ::unlink(tempfile);
+ retval = -1;
} else {
copyfile_state_t s = copyfile_state_alloc();
retval = fcopyfile(fd1, fd2, s, COPYFILE_DATA);
copyfile_state_free(s);
- if(!retval) retval = ::unlink(prefsPath);
- if(!retval) retval = ::rename(tempfile, prefsPath);
+ if (retval) {
+ ::unlink(tempfile);
+ } else {
+ retval = ::unlink(prefsPath);
+ if(!retval) retval = ::rename(tempfile, prefsPath);
+ }
}
changeIdentity(PRIV);
- close(fd2);
+ if (fd2 >= 0)
+ close(fd2);
}
close(fd1);
return retval;
void DLDbListCFPref::save()
{
- if (!hasChanged())
+ if (!hasChanged()) {
return;
+ }
- // Resync from disc to make sure we don't clobber anyone elses changes.
- // @@@ This is probably already done by the next layer up so we don't
- // really need to do it here again.
- loadPropertyList(true);
+ // Resync from disc to make sure we don't clobber anyone elses changes.
+ // @@@ This is probably already done by the next layer up so we don't
+ // really need to do it here again.
+ loadPropertyList(true);
// Do the searchList first since it might end up invoking defaultDLDbIdentifier() which can set
// mLoginDLDbIdentifierSet and mDefaultDLDbIdentifierSet to true.
void
DLDbListCFPref::searchList(const vector<DLDbIdentifier> &searchList)
{
+ if(searchList.size() == 0) {
+ mSearchList.clear();
+ mSearchListSet = false;
+ changed(true);
+ return;
+ }
+
vector<DLDbIdentifier> newList(searchList);
mSearchList.swap(newList);
mSearchListSet = true;
if (mDefaultDLDbIdentifier.mImpl != NULL && actualIdentifier.mImpl != NULL)
{
st_result = stat(actualIdentifier.dbName(), &st);
+
+ // Always claim that the system keychain exists for purposes of the search list
+ if (st_result && 0 == strncmp(actualIdentifier.dbName(), kSystemKeychainPath, strlen(kSystemKeychainPath))) {
+ secnotice("secpref", "System keychain (%s) does not exist. Continuing as if it does...", actualIdentifier.dbName());
+ st_result = 0;
+ }
}
if (st_result)
projects / apple / security.git / blobdiff