Security-59754.80.3.tar.gz

[apple/security.git] / OSX / libsecurity_keychain / lib / DLDBListCFPref.cpp

diff --git a/OSX/libsecurity_keychain/lib/DLDBListCFPref.cpp b/OSX/libsecurity_keychain/lib/DLDBListCFPref.cpp
index 9e4e9df6762ac6883d6402bbe456484475b88409..1477478833a3f3c19802df76eb39190ecd8c17ca 100644 (file)
--- a/OSX/libsecurity_keychain/lib/DLDBListCFPref.cpp
+++ b/OSX/libsecurity_keychain/lib/DLDBListCFPref.cpp
@@ -307,7 +307,7 @@ DLDbListCFPref::writePropertyList()
                // The prefs file should at least be made readable by user/group/other and writable by the owner.
                // Change from euid to ruid if needed for the duration of the new prefs file creat.
                
                // The prefs file should at least be made readable by user/group/other and writable by the owner.
                // Change from euid to ruid if needed for the duration of the new prefs file creat.
                

-               mode_t mode = 0666;
+               mode_t mode = 0644;

                changeIdentity(UNPRIV);
                int fd = open(mPrefsPath.c_str(), O_WRONLY|O_CREAT|O_TRUNC, mode);
                changeIdentity(PRIV);
                changeIdentity(UNPRIV);
                int fd = open(mPrefsPath.c_str(), O_WRONLY|O_CREAT|O_TRUNC, mode);
                changeIdentity(PRIV);


@@ -342,7 +342,7 @@ DLDbListCFPref::testAndFixPropertyList()
 {
        char *prefsPath = (char *)mPrefsPath.c_str();
        
 {
        char *prefsPath = (char *)mPrefsPath.c_str();
        

-       int fd1, fd2, retval;
+       int fd1, retval;

        struct stat stbuf;
 
        if((fd1 = open(prefsPath, O_RDONLY)) < 0) {
        struct stat stbuf;
 
        if((fd1 = open(prefsPath, O_RDONLY)) < 0) {


@@ -355,20 +355,27 @@ DLDbListCFPref::testAndFixPropertyList()
        if(stbuf.st_uid != getuid()) {
                char tempfile[MAXPATHLEN+1];
 
        if(stbuf.st_uid != getuid()) {
                char tempfile[MAXPATHLEN+1];
 

-               snprintf(tempfile, MAXPATHLEN, "%s.XXXXX", prefsPath);
-               mktemp(tempfile);
-               changeIdentity(UNPRIV);
-               if((fd2 = open(tempfile, O_RDWR | O_CREAT | O_EXCL, 0666)) < 0) {
-                       retval = -1;
+        changeIdentity(UNPRIV);
+
+               snprintf(tempfile, MAXPATHLEN, "%s.XXXXXX", prefsPath);
+               int fd2 = mkstemp(tempfile);
+        if (fd2 < 0 || ::fchmod(fd2, 0644) != 0) {
+            ::unlink(tempfile);
+            retval = -1;

                } else {
                        copyfile_state_t s = copyfile_state_alloc();
                        retval = fcopyfile(fd1, fd2, s, COPYFILE_DATA);
                        copyfile_state_free(s);
                } else {
                        copyfile_state_t s = copyfile_state_alloc();
                        retval = fcopyfile(fd1, fd2, s, COPYFILE_DATA);
                        copyfile_state_free(s);

-                       if(!retval) retval = ::unlink(prefsPath);
-                       if(!retval) retval = ::rename(tempfile, prefsPath);
+            if (retval) {
+                ::unlink(tempfile);
+            } else {
+                retval = ::unlink(prefsPath);
+                if(!retval) retval = ::rename(tempfile, prefsPath);
+            }

                }
                changeIdentity(PRIV);
                }
                changeIdentity(PRIV);

-               close(fd2);
+        if (fd2 >= 0)
+            close(fd2);

        }
        close(fd1);
        return retval;
        }
        close(fd1);
        return retval;


@@ -408,13 +415,14 @@ DLDbListCFPref::resetCachedValues()
 
 void DLDbListCFPref::save()
 {
 
 void DLDbListCFPref::save()
 {

-    if (!hasChanged())
+    if (!hasChanged()) {

         return;
         return;

+    }

 
 

-       // Resync from disc to make sure we don't clobber anyone elses changes.
-       // @@@ This is probably already done by the next layer up so we don't
-       // really need to do it here again.
-       loadPropertyList(true);
+    // Resync from disc to make sure we don't clobber anyone elses changes.
+    // @@@ This is probably already done by the next layer up so we don't
+    // really need to do it here again.
+    loadPropertyList(true);

 
     // Do the searchList first since it might end up invoking defaultDLDbIdentifier() which can set
     // mLoginDLDbIdentifierSet and mDefaultDLDbIdentifierSet to true.
 
     // Do the searchList first since it might end up invoking defaultDLDbIdentifier() which can set
     // mLoginDLDbIdentifierSet and mDefaultDLDbIdentifierSet to true.


@@ -958,6 +966,13 @@ DLDbListCFPref::searchList()
 void
 DLDbListCFPref::searchList(const vector<DLDbIdentifier> &searchList)
 {
 void
 DLDbListCFPref::searchList(const vector<DLDbIdentifier> &searchList)
 {

+    if(searchList.size() == 0) {
+        mSearchList.clear();
+        mSearchListSet = false;
+        changed(true);
+        return;
+    }
+

        vector<DLDbIdentifier> newList(searchList);
        mSearchList.swap(newList);
     mSearchListSet = true;
        vector<DLDbIdentifier> newList(searchList);
        mSearchList.swap(newList);
     mSearchListSet = true;


@@ -1020,6 +1035,12 @@ DLDbListCFPref::defaultDLDbIdentifier()
             if (mDefaultDLDbIdentifier.mImpl != NULL && actualIdentifier.mImpl != NULL)
             {
                 st_result = stat(actualIdentifier.dbName(), &st);
             if (mDefaultDLDbIdentifier.mImpl != NULL && actualIdentifier.mImpl != NULL)
             {
                 st_result = stat(actualIdentifier.dbName(), &st);

+
+                // Always claim that the system keychain exists for purposes of the search list
+                if (st_result && 0 == strncmp(actualIdentifier.dbName(), kSystemKeychainPath, strlen(kSystemKeychainPath))) {
+                    secnotice("secpref", "System keychain (%s) does not exist. Continuing as if it does...", actualIdentifier.dbName());
+                    st_result = 0;
+                }

             }
 
             if (st_result)
             }
 
             if (st_result)