diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2007-10-22 19:18:53 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2007-10-22 19:18:53 +0000 |
| commit | 3d8fa6bb4012296a53fe04e486a9157a2963b644 (patch) | |
| tree | 7c0f5dcc658ebd75d758024a21097af95d616e05 | |
| parent | 70e8d7a6c50bbdb547150eba0abdef46d93d5b71 (diff) | |
| download | krb5-3d8fa6bb4012296a53fe04e486a9157a2963b644.zip krb5-3d8fa6bb4012296a53fe04e486a9157a2963b644.tar.gz krb5-3d8fa6bb4012296a53fe04e486a9157a2963b644.tar.bz2 | |
Set close-on-exec flag in most places where file descriptors are
opened in our libraries (in case another application thread spawns a
new process) and in the KDC programs (in case a plugin library spawns
a new process).
Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup
dup2 pipe. In: util lib plugins kdc kadmin/server krb524.
The various programs are less critical than the libraries, as any
well-written plugin that spawns a new process should close all file
descriptors it doesn't need to communicate with the new process.
This approach also isn't bulletproof, as the call to set the
close-on-exec flag is necessarily a separate call from creating the
file descriptor, and the fork call could happen in between them. So
plugins should be careful regardless of this patch; it will only
reduce the window of potential lossage should a plugin be poorly
written. (AFAIK there are currently no plugins that spawn processes
where this would be a problem.)
Update dependencies.
ticket: 5561
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20143 dc483132-0cff-0310-8789-dd5450dbe970
57 files changed, 389 insertions, 230 deletions
diff --git a/src/include/k5-platform.h b/src/include/k5-platform.h index 141ea94..a143ab5 100644 --- a/src/include/k5-platform.h +++ b/src/include/k5-platform.h @@ -47,6 +47,8 @@ #include <limits.h> #include <stdlib.h> #include <stdio.h> +#include <fcntl.h> +#include <errno.h> #ifdef _WIN32 #define CAN_COPY_VA_LIST @@ -752,6 +754,52 @@ load_64_n (const unsigned char *p) (*(OUT) = getpwuid(UID), *(OUT) == NULL ? -1 : 0) #endif +/* Ensure, if possible, that the indicated file descriptor won't be + kept open if we exec another process (e.g., launching a ccapi + server). If we don't know how to do it... well, just go about our + business. Probably most callers won't check the return status + anyways. */ + +#if 0 +static inline int +set_cloexec_fd(int fd) +{ +#if defined(F_SETFD) +# ifdef FD_CLOEXEC + if (fcntl(fd, F_SETFD, FD_CLOEXEC) != 0) + return errno; +# else + if (fcntl(fd, F_SETFD, 1) != 0) + return errno; +# endif +#endif + return 0; +} + +static inline int +set_cloexec_file(FILE *f) +{ + return set_cloexec_fd(fileno(f)); +} +#else +/* Macros make the Sun compiler happier, and all variants of this do a + single evaluation of the argument, and fcntl and fileno should + produce reasonable error messages on type mismatches, on any system + with F_SETFD. */ +#ifdef F_SETFD +# ifdef FD_CLOEXEC +# define set_cloexec_fd(FD) (fcntl((FD), F_SETFD, FD_CLOEXEC) ? errno : 0) +# else +# define set_cloexec_fd(FD) (fcntl((FD), F_SETFD, 1) ? errno : 0) +# endif +#else +# define set_cloexec_fd(FD) ((FD),0) +#endif +#define set_cloexec_file(F) set_cloexec_fd(fileno(F)) +#endif + + + /* Since the original ANSI C spec left it undefined whether or how you could copy around a va_list, C 99 added va_copy. For old implementations, let's do our best to fake it. @@ -892,4 +940,6 @@ extern int krb5int_mkstemp(char *); #define mkstemp krb5int_mkstemp #endif + + #endif /* K5_PLATFORM_H */ diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index be5580d..e5e4e30 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -362,6 +362,7 @@ int main(int argc, char *argv[]) krb5_klog_close(context); exit(1); } + set_cloexec_fd(s); if ((schpw = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { const char *e_txt = krb5_get_error_message (context, ret); @@ -374,6 +375,7 @@ int main(int argc, char *argv[]) krb5_klog_close(context); exit(1); } + set_cloexec_fd(schpw); #ifdef SO_REUSEADDR /* the old admin server turned on SO_REUSEADDR for non-default @@ -1192,6 +1194,7 @@ void do_schpw(int s1, kadm5_config_params *params) krb5_klog_close(context); exit(1); } + set_cloexec_fd(s2); if (connect(s2, (struct sockaddr *) &from, sizeof(from)) < 0) { krb5_klog_syslog(LOG_ERR, "chpw: Couldn't connect to client: %s", diff --git a/src/kdc/fakeka.c b/src/kdc/fakeka.c index 7a6adf5..2134459 100644 --- a/src/kdc/fakeka.c +++ b/src/kdc/fakeka.c @@ -1226,6 +1226,7 @@ char **argv; s = socket(AF_INET, SOCK_DGRAM, 0); if (s < 0) perrorexit("Couldn't create socket"); + set_cloexec_fd(s); sin.sin_family = AF_INET; sin.sin_addr.s_addr = 0; diff --git a/src/kdc/network.c b/src/kdc/network.c index dc21e1d..266c6aa 100644 --- a/src/kdc/network.c +++ b/src/kdc/network.c @@ -402,6 +402,7 @@ setup_a_tcp_listener(struct socksetup *data, struct sockaddr *addr) paddr(addr)); return -1; } + set_cloexec_fd(sock); if (sock > FD_SETSIZE) { close(sock); com_err(data->prog, 0, "TCP socket fd number %d (for %s) too high", @@ -606,6 +607,7 @@ setup_udp_port_1(struct socksetup *data, struct sockaddr *addr, port, haddrbuf); return 1; } + set_cloexec_fd(sock); #ifdef KRB5_USE_INET6 if (addr->sa_family == AF_INET6) { #ifdef IPV6_V6ONLY @@ -1110,6 +1112,7 @@ static void accept_tcp_connection(struct connection *conn, const char *prog, s = accept(conn->fd, addr, &addrlen); if (s < 0) return; + set_cloexec_fd(s); if (s > FD_SETSIZE) { close(s); return; diff --git a/src/krb524/krb524d.c b/src/krb524/krb524d.c index 497e813..c33efa3 100644 --- a/src/krb524/krb524d.c +++ b/src/krb524/krb524d.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2002 by the Massachusetts Institute of Technology. + * Copyright (C) 2002, 2007 by the Massachusetts Institute of Technology. * All rights reserved. * * Export of this software from the United States of America may @@ -229,6 +229,7 @@ int main(argc, argv) com_err(whoami, errno, "creating main socket"); cleanup_and_exit(1, context); } + set_cloexec_fd(s); if ((ret = bind(s, (struct sockaddr *) &saddr, sizeof(struct sockaddr_in))) < 0) { com_err(whoami, errno, "binding main socket"); diff --git a/src/lib/crypto/prng.c b/src/lib/crypto/prng.c index e1e34a2..8de1998 100644 --- a/src/lib/crypto/prng.c +++ b/src/lib/crypto/prng.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2001, 2002, 2004 by the Massachusetts Institute of Technology. + * Copyright (C) 2001, 2002, 2004, 2007 by the Massachusetts Institute of Technology. * All rights reserved. * * @@ -166,11 +166,10 @@ read_entropy_from_device (krb5_context context, const char *device) fd = open (device, O_RDONLY); if (fd == -1) return 0; - if (fstat (fd, &sb) == -1) - return 0; - if (S_ISREG(sb.st_mode)) { - close(fd); - return 0; + set_cloexec_fd(fd); + if (fstat (fd, &sb) == -1 || S_ISREG(sb.st_mode)) { + close(fd); + return 0; } for (bp = &buf, left = sizeof (buf); left > 0;) { diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c index dabb399..b9db640 100644 --- a/src/lib/kadm5/logger.c +++ b/src/lib/kadm5/logger.c @@ -423,6 +423,7 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do if (cp[4] == ':' || cp[4] == '=') { f = fopen(&cp[5], (cp[4] == ':') ? "a+" : "w"); if (f) { + set_cloexec_file(f); log_control.log_entries[i].lfu_filep = f; log_control.log_entries[i].log_type = K_LOG_FILE; log_control.log_entries[i].lfu_fname = &cp[5]; @@ -605,6 +606,7 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do log_control.log_entries[i].ldu_filep = CONSOLE_OPEN("a+"); if (log_control.log_entries[i].ldu_filep) { + set_cloexec_file(log_control.log_entries[i].ldu_filep); log_control.log_entries[i].log_type = K_LOG_CONSOLE; log_control.log_entries[i].ldu_devname = "console"; } @@ -620,6 +622,7 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do log_control.log_entries[i].ldu_filep = DEVICE_OPEN(&cp[7], "w"); if (log_control.log_entries[i].ldu_filep) { + set_cloexec_file(log_control.log_entries[i].ldu_filep); log_control.log_entries[i].log_type = K_LOG_DEVICE; log_control.log_entries[i].ldu_devname = &cp[7]; } @@ -956,6 +959,7 @@ krb5_klog_reopen(krb5_context kcontext) */ f = fopen(log_control.log_entries[lindex].lfu_fname, "a+"); if (f) { + set_cloexec_file(f); log_control.log_entries[lindex].lfu_filep = f; } else { fprintf(stderr, "Couldn't open log file %s: %s\n", diff --git a/src/lib/kadm5/srv/server_acl.c b/src/lib/kadm5/srv/server_acl.c index 6d8d6d7..bcfe35f 100644 --- a/src/lib/kadm5/srv/server_acl.c +++ b/src/lib/kadm5/srv/server_acl.c @@ -1,7 +1,7 @@ /* * lib/kadm5/srv/server_acl.c * - * Copyright 1995-2004 by the Massachusetts Institute of Technology. + * Copyright 1995-2004, 2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -484,6 +484,7 @@ kadm5int_acl_load_acl_file() /* Open the ACL file for read */ afp = fopen(acl_acl_file, "r"); if (afp) { + set_cloexec_file(afp); alineno = 1; aentpp = &acl_list_head; diff --git a/src/lib/kadm5/srv/server_dict.c b/src/lib/kadm5/srv/server_dict.c index 53df800..4f41b0d 100644 --- a/src/lib/kadm5/srv/server_dict.c +++ b/src/lib/kadm5/srv/server_dict.c @@ -102,8 +102,11 @@ int init_dict(kadm5_config_params *params) } else return errno; } - if (fstat(fd, &sb) == -1) + set_cloexec_fd(fd); + if (fstat(fd, &sb) == -1) { + close(fd); return errno; + } if ((word_block = (char *) malloc(sb.st_size + 1)) == NULL) return errno; if (read(fd, word_block, sb.st_size) != sb.st_size) diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c index 34e8dc0..0e58804 100644 --- a/src/lib/kdb/kdb_default.c +++ b/src/lib/kdb/kdb_default.c @@ -1,7 +1,7 @@ /* * lib/kdb/kdb_helper.c * - * Copyright 1995 by the Massachusetts Institute of Technology. + * Copyright 1995, 2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -175,6 +175,7 @@ krb5_def_store_mkey(context, keyfile, mname, key, master_pwd) error_message (e), keyfile); return e; } + set_cloexec_file(kf); enctype = key->enctype; if ((fwrite((krb5_pointer) &enctype, 2, 1, kf) != 1) || @@ -222,6 +223,7 @@ krb5_db_def_fetch_mkey( krb5_context context, if (!(kf = fopen((db_args) ? db_args : defkeyfile, "r"))) #endif return KRB5_KDB_CANTREAD_STORED; + set_cloexec_file(kf); if (fread((krb5_pointer) &enctype, 2, 1, kf) != 1) { retval = KRB5_KDB_CANTREAD_STORED; diff --git a/src/lib/krb4/Makefile.in b/src/lib/krb4/Makefile.in index 8085a1d..5faefae 100644 --- a/src/lib/krb4/Makefile.in +++ b/src/lib/krb4/Makefile.in @@ -515,10 +515,12 @@ tf_util.so tf_util.po $(OUTPRE)tf_util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h krb4int.h tf_util.c dest_tkt.so dest_tkt.po $(OUTPRE)dest_tkt.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \ $(SRCTOP)/include/kerberosIV/krb.h dest_tkt.c in_tkt.so in_tkt.po $(OUTPRE)in_tkt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \ $(SRCTOP)/include/kerberosIV/krb.h in_tkt.c tkt_string.so tkt_string.po $(OUTPRE)tkt_string.$(OBJEXT): \ @@ -550,15 +552,18 @@ unix_glue.so unix_glue.po $(OUTPRE)unix_glue.$(OBJEXT): \ krb4int.h unix_glue.c klog.so klog.po $(OUTPRE)klog.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/klog.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ klog.c krb4int.h kuserok.so kuserok.po $(OUTPRE)kuserok.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ kuserok.c log.so log.po $(OUTPRE)log.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/klog.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ krb4int.h log.c @@ -617,9 +622,9 @@ cr_death_pkt.so cr_death_pkt.po $(OUTPRE)cr_death_pkt.$(OBJEXT): \ $(SRCTOP)/include/kerberosIV/prot.h cr_death_pkt.c put_svc_key.so put_svc_key.po $(OUTPRE)put_svc_key.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - krb4int.h put_svc_key.c + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ + $(SRCTOP)/include/port-sockets.h krb4int.h put_svc_key.c sendauth.so sendauth.po $(OUTPRE)sendauth.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ diff --git a/src/lib/krb4/dest_tkt.c b/src/lib/krb4/dest_tkt.c index 4f7c1e3..69198ba 100644 --- a/src/lib/krb4/dest_tkt.c +++ b/src/lib/krb4/dest_tkt.c @@ -1,7 +1,7 @@ /* * lib/krb4/dest_tkt.c * - * Copyright 1985, 1986, 1987, 1988, 2000, 2001 by the Massachusetts + * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2007 by the Massachusetts * Institute of Technology. All Rights Reserved. * * Export of this software from the United States of America may @@ -32,6 +32,7 @@ #include "k5-util.h" #define do_seteuid krb5_seteuid +#include "k5-platform.h" #ifdef TKT_SHMEM #include <sys/param.h> @@ -102,6 +103,7 @@ dest_tkt() ret = (errno == ENOENT) ? RET_TKFIL : KFAILURE; goto out; } + set_cloexec_fd(fd); /* * Do some additional paranoid things. The worst-case situation * is that a user may be fooled into opening a non-regular file diff --git a/src/lib/krb4/g_cnffile.c b/src/lib/krb4/g_cnffile.c index dd5ed5c..8ef38fe 100644 --- a/src/lib/krb4/g_cnffile.c +++ b/src/lib/krb4/g_cnffile.c @@ -41,6 +41,8 @@ krb__v5_get_file(s) &full_name); if (retval == 0 && full_name && full_name[0]) { cnffile = fopen(full_name[0],"r"); + if (cnffile) + set_cloexec_file(cnffile); for (cpp = full_name; *cpp; cpp++) krb5_xfree(*cpp); krb5_xfree(full_name); @@ -97,6 +99,8 @@ krb__get_cnffile() #ifdef ATHENA_CONF_FALLBACK if (!cnffile) cnffile = fopen(KRB_FB_CONF,"r"); #endif + if (cnffile) + set_cloexec_file(cnffile); return cnffile; } @@ -117,7 +121,8 @@ krb__get_realmsfile() if (!realmsfile) realmsfile = fopen(KRB_FB_RLM_TRANS, "r"); #endif + if (realmsfile) + set_cloexec_file(realmsfile); + return realmsfile; } - - diff --git a/src/lib/krb4/in_tkt.c b/src/lib/krb4/in_tkt.c index 26336e2..e2d071a 100644 --- a/src/lib/krb4/in_tkt.c +++ b/src/lib/krb4/in_tkt.c @@ -1,7 +1,7 @@ /* * lib/krb4/in_tkt.c * - * Copyright 1985, 1986, 1987, 1988, 2000, 2001 by the Massachusetts + * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2007 by the Massachusetts * Institute of Technology. All Rights Reserved. * * Export of this software from the United States of America may @@ -49,6 +49,7 @@ extern int krb_debug; #include "k5-util.h" #define do_seteuid krb5_seteuid +#include "k5-platform.h" #ifndef O_SYNC #define O_SYNC 0 @@ -94,6 +95,8 @@ in_tkt(pname,pinst) return KFAILURE; /* file already exists, and permissions appear ok, so nuke it */ fd = open(file, O_RDWR|O_SYNC, 0); + if (fd >= 0) + set_cloexec_fd(fd); (void)unlink(file); if (me != metoo && do_seteuid(metoo) < 0) return KFAILURE; @@ -153,6 +156,8 @@ in_tkt(pname,pinst) ticket file. */ mask = umask(077); tktfile = open(file, O_RDWR|O_SYNC|O_CREAT|O_EXCL, 0600); + if (tktfile >= 0) + set_cloexec_fd(tktfile); umask(mask); if (me != metoo) { if (do_seteuid(metoo) < 0) { diff --git a/src/lib/krb4/kadm_net.c b/src/lib/krb4/kadm_net.c index a94aab8..89c87cc 100644 --- a/src/lib/krb4/kadm_net.c +++ b/src/lib/krb4/kadm_net.c @@ -1,7 +1,7 @@ /* * lib/krb4/kadm_net.c * - * Copyright 1988, 2002 by the Massachusetts Institute of Technology. + * Copyright 1988, 2002, 2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -267,6 +267,7 @@ int kadm_cli_conn(Kadm_Client *client_parm) if ((client_parm->admin_fd = socket(client_parm->admin_addr.sin_family, SOCK_STREAM,0)) < 0) return KADM_NO_SOCK; /* couldnt create the socket */ + set_cloexec_fd(client_parm->admin_fd); if (SOCKET_CONNECT(client_parm->admin_fd, (struct sockaddr *) & client_parm->admin_addr, sizeof(client_parm->admin_addr))) { diff --git a/src/lib/krb4/klog.c b/src/lib/krb4/klog.c index 4e9661a..b1cfa93 100644 --- a/src/lib/krb4/klog.c +++ b/src/lib/krb4/klog.c @@ -1,7 +1,7 @@ /* * lib/krb4/klog.c * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute of + * Copyright 1985, 1986, 1987, 1988, 2007 by the Massachusetts Institute of * Technology. All Rights Reserved. * * Export of this software from the United States of America may @@ -36,6 +36,7 @@ #include "krb4int.h" #include <klog.h> +#include "k5-platform.h" static char *log_name = KRBLOG; static char logtxt[1000]; @@ -98,6 +99,7 @@ char * klog(type,format,a1,a2,a3,a4,a5,a6,a7,a8,a9,a0) if ((logfile = fopen(log_name,"a")) == NULL) return(logtxt); + set_cloexec_file(logfile); (void) time(&now); tm = localtime(&now); diff --git a/src/lib/krb4/kuserok.c b/src/lib/krb4/kuserok.c index 4078ec3..84a8ebd 100644 --- a/src/lib/krb4/kuserok.c +++ b/src/lib/krb4/kuserok.c @@ -1,7 +1,7 @@ /* * lib/krb4/kuserok.c * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988, 2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -45,6 +45,7 @@ /* just for F_OK for sco */ #include <sys/unistd.h> #endif +#include "k5-platform.h" #ifndef HAVE_SETEUID #ifdef HAVE_SETRESUID @@ -135,6 +136,7 @@ kuserok(kdata, luser) return(NOTOK); } } + set_cloexec_file(fp); /* * security: if the user does not own his own .klogin file, * do not grant access diff --git a/src/lib/krb4/log.c b/src/lib/krb4/log.c index ada6fdf..5be69ea 100644 --- a/src/lib/krb4/log.c +++ b/src/lib/krb4/log.c @@ -1,7 +1,7 @@ /* * lib/krb4/log.c * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute of + * Copyright 1985, 1986, 1987, 1988, 2007 by the Massachusetts Institute of * Technology. All Rights Reserved. * * Export of this software from the United States of America may @@ -43,6 +43,7 @@ #include "krb4int.h" #include <klog.h> +#include "k5-platform.h" static char *log_name = KRBLOG; #if 0 @@ -80,6 +81,7 @@ void krb_log(const char *format,...) va_start(args, format); if ((logfile = fopen(log_name,"a")) != NULL) { + set_cloexec_file(logfile); (void) time(&now); tm = localtime(&now); @@ -128,6 +130,7 @@ krb_new_log(t,string) if (!is_open) { if ((logfile = fopen(log_name,"a")) == NULL) return(1); + set_cloexec_file(logfile); is_open = 1; } diff --git a/src/lib/krb4/put_svc_key.c b/src/lib/krb4/put_svc_key.c index dda6016..53e53c7 100644 --- a/src/lib/krb4/put_svc_key.c +++ b/src/lib/krb4/put_svc_key.c @@ -32,6 +32,7 @@ #ifdef HAVE_UNISTD_H #include <unistd.h> #endif +#include "k5-platform.h" #define KEYSZ sizeof(C_Block) /* strict put_svc_key. @@ -58,6 +59,7 @@ put_svc_key(sfile,name,inst,realm,newvno,key) if ((fd = open(sfile, O_RDWR)) < 0) return KFAILURE; + set_cloexec_fd(fd); while(getst(fd,fname,SNAME_SZ) > 0) { getst(fd,finst,INST_SZ); diff --git a/src/lib/krb4/rd_svc_key.c b/src/lib/krb4/rd_svc_key.c index 2728f4a..8aeb099 100644 --- a/src/lib/krb4/rd_svc_key.c +++ b/src/lib/krb4/rd_svc_key.c @@ -1,7 +1,7 @@ /* * rd_svc_key.c * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute + * Copyright 1985, 1986, 1987, 1988, 2007 by the Massachusetts Institute * of Technology. * * For copying and distribution information, please see the file @@ -283,6 +283,7 @@ get_service_key(service,instance,realm,kvno,file,key) if ((stab = open(file, 0, 0)) < 0) return(KFAILURE); + set_cloexec_fd(stab); wcard = (instance[0] == '*') && (instance[1] == '\0'); /* get current realm if not passed in */ diff --git a/src/lib/krb4/tf_shm.c b/src/lib/krb4/tf_shm.c index bd08f7f..2b04071 100644 --- a/src/lib/krb4/tf_shm.c +++ b/src/lib/krb4/tf_shm.c @@ -1,7 +1,7 @@ /* * tf_shm.c * - * Copyright 1988 by the Massachusetts Institute of Technology. + * Copyright 1988, 2007 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * <mit-copyright.h>. @@ -86,7 +86,8 @@ char *file_name; perror("krb_shm_create file"); (void) shmctl(shmid, IPC_RMID, 0); return(KFAILURE); /* XXX */ - } + } + set_cloexec_file(sfile); if (fchmod(fileno(sfile),0600) < 0) { if (krb_debug) perror("krb_shm_create fchmod"); @@ -147,6 +148,7 @@ char *file; perror("cannot open shared memory file"); return(KFAILURE); /* XXX */ } + set_cloexec_file(sfile); if (fscanf(sfile,"%d",&shmid) == 1) { if (shmctl(shmid,IPC_RMID,0) != 0) { if (krb_debug) diff --git a/src/lib/krb4/tf_util.c b/src/lib/krb4/tf_util.c index b083c73..0bc05d7 100644 --- a/src/lib/krb4/tf_util.c +++ b/src/lib/krb4/tf_util.c @@ -1,7 +1,7 @@ /* * lib/krb4/tf_util.c * - * Copyright 1985, 1986, 1987, 1988, 2000, 2001 by the Massachusetts + * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2007 by the Massachusetts * Institute of Technology. All Rights Reserved. * * Export of this software from the United States of America may @@ -419,6 +419,8 @@ int KRB5_CALLCONV tf_init(tf_name, rw) return KFAILURE; sfp = fopen(shmidname, "r"); /* only need read/write on the actual tickets */ + if (sfp != 0) + set_cloexec_file(sfp); if (me != metoo && do_seteuid(metoo) < 0) return KFAILURE; if (sfp == 0) { @@ -512,6 +514,8 @@ int KRB5_CALLCONV tf_init(tf_name, rw) if (me != metoo && do_seteuid(me) < 0) return KFAILURE; fd = open(tf_name, O_RDWR, 0600); + if (fd >= 0) + set_cloexec_fd(fd); if (me != metoo && do_seteuid(metoo) < 0) return KFAILURE; if (fd < 0) { @@ -572,6 +576,8 @@ int KRB5_CALLCONV tf_init(tf_name, rw) if (me != metoo && do_seteuid(me) < 0) return KFAILURE; fd = open(tf_name, O_RDONLY, 0600); + if (fd >= 0) + set_cloexec_fd(fd); if (me != metoo && do_seteuid(metoo) < 0) return KFAILURE; if (fd < 0) { diff --git a/src/lib/krb4/win_store.c b/src/lib/krb4/win_store.c index 74c79ac..9c2c37a 100644 --- a/src/lib/krb4/win_store.c +++ b/src/lib/krb4/win_store.c @@ -75,6 +75,8 @@ krb__get_cnffile() cnfname, sizeof(cnfname) - 1, KERBEROS_INI); cnffile = fopen(cnfname, "r"); + if (cnffile) + set_cloexec_file(cnffile); return cnffile; } @@ -109,6 +111,8 @@ krb__get_realmsfile() realmsname, sizeof(realmsname) - 1, KERBEROS_INI); realmsfile = fopen(realmsname, "r"); + if (realmsfile) + set_cloexec_file(realmsfile); return realmsfile; } diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c index 9abf93f..6206149 100644 --- a/src/lib/krb5/ccache/cc_file.c +++ b/src/lib/krb5/ccache/cc_file.c @@ -1252,6 +1252,7 @@ krb5_fcc_open_file (krb5_context context, krb5_ccache id, int mode) return krb5_fcc_interpret (context, errno); } } + set_cloexec_fd(f); data->mode = mode; @@ -1560,6 +1561,7 @@ krb5_fcc_destroy(krb5_context context, krb5_ccache id) kret = krb5_fcc_interpret(context, errno); goto cleanup; } + set_cloexec_fd(ret); data->file = ret; } else @@ -1980,6 +1982,7 @@ krb5_fcc_generate_new (krb5_context context, krb5_ccache *id) k5_mutex_unlock(&krb5int_cc_file_mutex); return krb5_fcc_interpret(context, errno); } + set_cloexec_fd(ret); /* Allocate memory */ data = (krb5_pointer) malloc(sizeof(krb5_fcc_data)); diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c index e6e04e3..1baa800 100644 --- a/src/lib/krb5/keytab/kt_file.c +++ b/src/lib/krb5/keytab/kt_file.c @@ -1156,6 +1156,7 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode) } } } + set_cloexec_file(KTFILEP(id)); if ((kerror = krb5_lock_file(context, fileno(KTFILEP(id)), mode))) { (void) fclose(KTFILEP(id)); KTFILEP(id) = 0; diff --git a/src/lib/krb5/keytab/kt_srvtab.c b/src/lib/krb5/keytab/kt_srvtab.c index 5a80f32..e3dd009 100644 --- a/src/lib/krb5/keytab/kt_srvtab.c +++ b/src/lib/krb5/keytab/kt_srvtab.c @@ -1,7 +1,7 @@ /* * lib/krb5/keytab/srvtab/kts_resolv.c * - * Copyright 1990,1991,2002 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2002,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -411,6 +411,7 @@ krb5_ktsrvint_open(krb5_context context, krb5_keytab id) KTFILEP(id) = fopen(KTFILENAME(id), READ_MODE); if (!KTFILEP(id)) return errno; + set_cloexec_file(KTFILEP(id)); return 0; } diff --git a/src/lib/krb5/os/kuserok.c b/src/lib/krb5/os/kuserok.c index 1505c82..719faae 100644 --- a/src/lib/krb5/os/kuserok.c +++ b/src/lib/krb5/os/kuserok.c @@ -1,7 +1,7 @@ /* * lib/krb5/os/kuserok.c * - * Copyright 1990,1993 by the Massachusetts Institute of Technology. + * Copyright 1990,1993,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -110,6 +110,7 @@ krb5_kuserok(krb5_context context, krb5_principal principal, const char *luser) free(princname); return(FALSE); } + set_cloexec_file(fp); /* * For security reasons, the .k5login file must be owned either by * the user himself, or by root. Otherwise, don't grant access. diff --git a/src/lib/krb5/os/localaddr.c b/src/lib/krb5/os/localaddr.c index 75953b1..e139ca4 100644 --- a/src/lib/krb5/os/localaddr.c +++ b/src/lib/krb5/os/localaddr.c @@ -1,7 +1,7 @@ /* * lib/krb5/os/localaddr.c * - * Copyright 1990,1991,2000,2001,2002,2004 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2000,2001,2002,2004,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -363,6 +363,7 @@ get_linux_ipv6_addrs () int i; unsigned int addrbyte[16]; + set_cloexec_file(f); while (fscanf(f, "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x" " %2x %2x %2x %2x %20s\n", @@ -543,6 +544,7 @@ foreach_localaddr (/*@null@*/ void *data, Tperror ("socket"); continue; } + set_cloexec_fd(P.sock); P.lifnum.lifn_family = P.af; P.lifnum.lifn_flags = 0; @@ -718,6 +720,7 @@ foreach_localaddr (/*@null@*/ void *data, Tperror ("socket"); continue; } + set_cloexec_fd(P.sock); code = ioctl (P.sock, SIOCGLIFNUM, &P.if_num); if (code) { @@ -939,6 +942,7 @@ foreach_localaddr (/*@null@*/ void *data, s = socket (USE_AF, USE_TYPE, USE_PROTO); if (s < 0) return SOCKET_ERRNO; + set_cloexec_fd(s); retval = get_ifreq_array(&buf, &n, s); if (retval) { @@ -1450,6 +1454,7 @@ static struct hostent *local_addr_fallback_kludge() sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock == INVALID_SOCKET) return NULL; + set_cloexec_fd(sock); /* connect to arbitrary port and address (NOT loopback) */ addr.sin_family = AF_INET; diff --git a/src/lib/krb5/os/prompter.c b/src/lib/krb5/os/prompter.c index 739c8c7..36803ec 100644 --- a/src/lib/krb5/os/prompter.c +++ b/src/lib/krb5/os/prompter.c @@ -60,6 +60,7 @@ krb5_prompter_posix( fd = dup(STDIN_FILENO); if (fd < 0) return KRB5_LIBOS_CANTREADPWD; + set_cloexec_fd(fd); fp = fdopen(fd, "r"); if (fp == NULL) goto cleanup; diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c index 9992747..050aec5 100644 --- a/src/lib/krb5/os/sendto_kdc.c +++ b/src/lib/krb5/os/sendto_kdc.c @@ -677,6 +677,7 @@ start_connection (struct conn_state *state, dprint("socket: fd %d too high\n", fd); return -1; } + set_cloexec_fd(fd); /* Make it non-blocking. */ if (ai->ai_socktype == SOCK_STREAM) { static const int one = 1; diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c index 3235728..b76a8dd 100644 --- a/src/lib/krb5/rcache/rc_io.c +++ b/src/lib/krb5/rcache/rc_io.c @@ -143,6 +143,7 @@ krb5_rc_io_creat(krb5_context context, krb5_rc_iostuff *d, char **fn) goto cleanup; } } + set_cloexec_fd(d->fd); retval = krb5_rc_io_write(context, d, (krb5_pointer)&rc_vno, sizeof(rc_vno)); if (retval) @@ -239,6 +240,7 @@ krb5_rc_io_open_internal(krb5_context context, krb5_rc_iostuff *d, char *fn, goto cleanup; } } + set_cloexec_fd(d->fd); do_not_unlink = 0; retval = krb5_rc_io_read(context, d, (krb5_pointer) &rc_vno, @@ -341,6 +343,7 @@ krb5_rc_io_move(krb5_context context, krb5_rc_iostuff *new1, (void) krb5_rc_io_close(context, new1); new1->fn = fn; new1->fd = dup(old->fd); + set_cloexec_fd(new1->fd); return 0; #endif } diff --git a/src/lib/rpc/Makefile.in b/src/lib/rpc/Makefile.in index 729290a..286b65d 100644 --- a/src/lib/rpc/Makefile.in +++ b/src/lib/rpc/Makefile.in @@ -402,14 +402,16 @@ pmap_prot2.so pmap_prot2.po $(OUTPRE)pmap_prot2.$(OBJEXT): \ $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ pmap_prot2.c pmap_rmt.so pmap_rmt.po $(OUTPRE)pmap_rmt.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/pmap_prot.h \ - $(SRCTOP)/include/gssrpc/pmap_rmt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h pmap_rmt.c + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/pmap_clnt.h \ + $(SRCTOP)/include/gssrpc/pmap_prot.h $(SRCTOP)/include/gssrpc/pmap_rmt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + pmap_rmt.c rpc_prot.so rpc_prot.po $(OUTPRE)rpc_prot.$(OBJEXT): \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ @@ -514,6 +516,7 @@ svc_tcp.so svc_tcp.po $(OUTPRE)svc_tcp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ svc_tcp.c svc_udp.so svc_udp.po $(OUTPRE)svc_udp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ @@ -522,6 +525,7 @@ svc_udp.so svc_udp.po $(OUTPRE)svc_udp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ svc_udp.c xdr.so xdr.po $(OUTPRE)xdr.$(OBJEXT): $(BUILDTOP)/include/gssrpc/types.h \ $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ diff --git a/src/lib/rpc/get_myaddress.c b/src/lib/rpc/get_myaddress.c index 871c8fc..884a19b 100644 --- a/src/lib/rpc/get_myaddress.c +++ b/src/lib/rpc/get_myaddress.c @@ -90,6 +90,7 @@ get_myaddress(struct sockaddr_in *addr) perror("get_myaddress: socket"); exit(1); } + set_cloexec_fd(s); ifc.ifc_len = sizeof (buf); ifc.ifc_buf = buf; if (ioctl(s, SIOCGIFCONF, (char *)&ifc) < 0) { diff --git a/src/lib/rpc/getrpcent.c b/src/lib/rpc/getrpcent.c index a91a7a5..0654039 100644 --- a/src/lib/rpc/getrpcent.c +++ b/src/lib/rpc/getrpcent.c @@ -125,9 +125,11 @@ SETRPCENT_TYPE setrpcent(int f) if (d == 0) return; - if (d->rpcf == NULL) + if (d->rpcf == NULL) { d->rpcf = fopen(RPCDB, "r"); - else + if (d->rpcf) + set_cloexec_file(d->rpcf); + } else rewind(d->rpcf); if (d->current) free(d->current); @@ -162,9 +164,12 @@ getrpcent(void) if (d == 0) return(NULL); - if (d->rpcf == NULL && (d->rpcf = fopen(RPCDB, "r")) == NULL) + if (d->rpcf == NULL) { + if ((d->rpcf = fopen(RPCDB, "r")) == NULL) return (NULL); - if (fgets(d->line, BUFSIZ, d->rpcf) == NULL) + set_cloexec_file(d->rpcf); + } + if (fgets(d->line, BUFSIZ, d->rpcf) == NULL) return (NULL); return interpret(d->line, strlen(d->line)); } diff --git a/src/lib/rpc/pmap_rmt.c b/src/lib/rpc/pmap_rmt.c index 062a5e1..71804ab 100644 --- a/src/lib/rpc/pmap_rmt.c +++ b/src/lib/rpc/pmap_rmt.c @@ -59,6 +59,7 @@ static char sccsid[] = "@(#)pmap_rmt.c 1.21 87/08/27 Copyr 1984 Sun Micro"; #include <arpa/inet.h> #define MAX_BROADCAST_SIZE 1400 #include <string.h> +#include "k5-platform.h" /* set_cloexec_fd */ static struct timeval timeout = { 3, 0 }; @@ -278,6 +279,7 @@ clnt_broadcast( stat = RPC_CANTSEND; goto done_broad; } + set_cloexec_fd(sock); #ifdef SO_BROADCAST if (setsockopt(sock, SOL_SOCKET, SO_BROADCAST, (char *) &on, sizeof (on)) < 0) { diff --git a/src/lib/rpc/svc_tcp.c b/src/lib/rpc/svc_tcp.c index d49cf36..e48d504 100644 --- a/src/lib/rpc/svc_tcp.c +++ b/src/lib/rpc/svc_tcp.c @@ -49,6 +49,7 @@ static char sccsid[] = "@(#)svc_tcp.c 1.21 87/08/11 Copyr 1984 Sun Micro"; #include <errno.h> #include <stdlib.h> #include "autoconf.h" +#include "k5-platform.h" /* set_cloexec_fd */ /*extern bool_t abort(); extern errno; */ @@ -143,6 +144,7 @@ svctcp_create( perror("svctcp_.c - udp socket creation problem"); return ((SVCXPRT *)NULL); } + set_cloexec_fd(sock); madesock = TRUE; } memset((char *)&addr, 0, sizeof (addr)); @@ -261,6 +263,7 @@ rendezvous_request( goto again; return (FALSE); } + set_cloexec_fd(sock); if (getsockname(sock, &laddr, &llen) < 0) return (FALSE); diff --git a/src/lib/rpc/svc_udp.c b/src/lib/rpc/svc_udp.c index 49c555f..de1b30f 100644 --- a/src/lib/rpc/svc_udp.c +++ b/src/lib/rpc/svc_udp.c @@ -49,6 +49,7 @@ static char sccsid[] = "@(#)svc_udp.c 1.24 87/08/11 Copyr 1984 Sun Micro"; #ifdef HAVE_SYS_UIO_H #include <sys/uio.h> #endif +#include "k5-platform.h" #define rpc_buffer(xprt) ((xprt)->xp_p1) @@ -118,6 +119,7 @@ svcudp_bufcreate( perror("svcudp_create: socket creation problem"); return ((SVCXPRT *)NULL); } + set_cloexec_fd(sock); madesock = TRUE; } memset((char *)&addr, 0, sizeof (addr)); diff --git a/src/plugins/kdb/db2/adb_openclose.c b/src/plugins/kdb/db2/adb_openclose.c index ce963e0..453c73b 100644 --- a/src/plugins/kdb/db2/adb_openclose.c +++ b/src/plugins/kdb/db2/adb_openclose.c @@ -209,6 +209,7 @@ krb5_error_code osa_adb_init_db(osa_adb_db_t *dbp, char *filename, return OSA_ADB_NOLOCKFILE; } } + set_cloexec_file(lockp->lockinfo.lockfile); lockp->lockinfo.lockmode = lockp->lockinfo.lockcnt = 0; } @@ -353,6 +354,9 @@ krb5_error_code osa_adb_release_lock(osa_adb_db_t db) /* now we need to create the file since it does not exist */ fd = THREEPARAMOPEN(db->lock->filename,O_RDWR | O_CREAT | O_EXCL, 0600); + if (fd < 0) + return OSA_ADB_NOLOCKFILE; + set_cloexec_fd(fd); if ((db->lock->lockfile = fdopen(fd, "w+")) == NULL) return OSA_ADB_NOLOCKFILE; } else if ((ret = krb5_lock_file(db->lock->context, diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index bce6597..eda5274 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -1,7 +1,7 @@ /* * lib/kdb/kdb_db2.c * - * Copyright 1997,2006 by the Massachusetts Institute of Technology. + * Copyright 1997,2006,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -332,6 +332,7 @@ krb5_db2_db_init(krb5_context context) goto err_out; } } + set_cloexec_fd(db_ctx->db_lf_file); db_ctx->db_inited++; if ((retval = krb5_db2_db_get_age(context, NULL, &db_ctx->db_lf_time))) @@ -754,6 +755,7 @@ destroy_file_suffix(char *dbname, char *suffix) free(filename); return errno; } + set_cloexec_fd(fd); /* fstat() will probably not fail unless using a remote filesystem * (which is inappropriate for the kerberos database) so this check * is mostly paranoia. */ @@ -1719,6 +1721,7 @@ krb5_db2_db_rename(context, from, to) retval = errno; goto errout; } + set_cloexec_fd(db_ctx->db_lf_file); db_ctx->db_inited = 1; diff --git a/src/plugins/kdb/db2/libdb2/btree/Makefile.in b/src/plugins/kdb/db2/libdb2/btree/Makefile.in index 4372fac..6c34448 100644 --- a/src/plugins/kdb/db2/libdb2/btree/Makefile.in +++ b/src/plugins/kdb/db2/libdb2/btree/Makefile.in @@ -21,75 +21,68 @@ clean-unix:: clean-libobjs # the Makefile.in file # bt_close.so bt_close.po $(OUTPRE)bt_close.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h bt_close.c btree.h extern.h +bt_conv.so bt_conv.po $(OUTPRE)bt_conv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_close.c btree.h extern.h -bt_conv.so bt_conv.po $(OUTPRE)bt_conv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ + bt_conv.c btree.h extern.h +bt_debug.so bt_debug.po $(OUTPRE)bt_debug.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_conv.c btree.h extern.h -bt_debug.so bt_debug.po $(OUTPRE)bt_debug.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + $(srcdir)/../mpool/mpool.h bt_debug.c btree.h extern.h +bt_delete.so bt_delete.po $(OUTPRE)bt_delete.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h bt_delete.c btree.h extern.h +bt_get.so bt_get.po $(OUTPRE)bt_get.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_debug.c btree.h extern.h -bt_delete.so bt_delete.po $(OUTPRE)bt_delete.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + bt_get.c btree.h extern.h +bt_open.so bt_open.po $(OUTPRE)bt_open.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_delete.c btree.h extern.h -bt_get.so bt_get.po $(OUTPRE)bt_get.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_get.c btree.h extern.h -bt_open.so bt_open.po $(OUTPRE)bt_open.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(srcdir)/../include/config.h \ + bt_open.c btree.h extern.h +bt_overflow.so bt_overflow.po $(OUTPRE)bt_overflow.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_open.c btree.h extern.h -bt_overflow.so bt_overflow.po $(OUTPRE)bt_overflow.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + $(srcdir)/../mpool/mpool.h bt_overflow.c btree.h extern.h +bt_page.so bt_page.po $(OUTPRE)bt_page.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_overflow.c btree.h extern.h -bt_page.so bt_page.po $(OUTPRE)bt_page.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_page.c btree.h extern.h + bt_page.c btree.h extern.h bt_put.so bt_put.po $(OUTPRE)bt_put.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_put.c btree.h extern.h -bt_search.so bt_search.po $(OUTPRE)bt_search.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_search.c btree.h extern.h -bt_seq.so bt_seq.po $(OUTPRE)bt_seq.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ + bt_put.c btree.h extern.h +bt_search.so bt_search.po $(OUTPRE)bt_search.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_seq.c btree.h extern.h -bt_split.so bt_split.po $(OUTPRE)bt_split.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + $(srcdir)/../mpool/mpool.h bt_search.c btree.h extern.h +bt_seq.so bt_seq.po $(OUTPRE)bt_seq.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_split.c btree.h extern.h + bt_seq.c btree.h extern.h +bt_split.so bt_split.po $(OUTPRE)bt_split.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h bt_split.c btree.h extern.h bt_utils.so bt_utils.po $(OUTPRE)bt_utils.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_utils.c btree.h extern.h + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h bt_utils.c btree.h extern.h diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_open.c b/src/plugins/kdb/db2/libdb2/btree/bt_open.c index a18eef2..0f848d8 100644 --- a/src/plugins/kdb/db2/libdb2/btree/bt_open.c +++ b/src/plugins/kdb/db2/libdb2/btree/bt_open.c @@ -425,6 +425,7 @@ tmp() #endif if ((fd = mkstemp(path)) != -1) (void)unlink(path); + set_cloexec_fd(fd); #ifdef SIG_BLOCK (void)sigprocmask(SIG_SETMASK, &oset, NULL); #else diff --git a/src/plugins/kdb/db2/libdb2/db/Makefile.in b/src/plugins/kdb/db2/libdb2/db/Makefile.in index aaa021f..7c5d2b5 100644 --- a/src/plugins/kdb/db2/libdb2/db/Makefile.in +++ b/src/plugins/kdb/db2/libdb2/db/Makefile.in @@ -18,6 +18,6 @@ SRCS= $(STLIBOBJS:.o=.c) # the Makefile.in file # db.so db.po $(OUTPRE)db.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db.h db.c + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db.h \ + db.c diff --git a/src/plugins/kdb/db2/libdb2/hash/Makefile.in b/src/plugins/kdb/db2/libdb2/hash/Makefile.in index 9dced60..12b2a47 100644 --- a/src/plugins/kdb/db2/libdb2/hash/Makefile.in +++ b/src/plugins/kdb/db2/libdb2/hash/Makefile.in @@ -20,44 +20,43 @@ SRCS= $(STLIBOBJS:.o=.c) # the Makefile.in file # hash.so hash.po $(OUTPRE)hash.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h hash.c hash.h page.h -hash_bigkey.so hash_bigkey.po $(OUTPRE)hash_bigkey.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h hash.h hash_bigkey.c page.h + extern.h hash.c hash.h page.h +hash_bigkey.so hash_bigkey.po $(OUTPRE)hash_bigkey.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h hash.h hash_bigkey.c \ + page.h hash_debug.so hash_debug.po $(OUTPRE)hash_debug.$(OBJEXT): \ hash_debug.c hash_func.so hash_func.po $(OUTPRE)hash_func.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h hash.h hash_func.c page.h + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h hash.h hash_func.c \ + page.h hash_log2.so hash_log2.po $(OUTPRE)hash_log2.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h hash.h hash_log2.c page.h + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h hash.h hash_log2.c \ + page.h hash_page.so hash_page.po $(OUTPRE)hash_page.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h hash.h hash_page.c page.h -hsearch.so hsearch.po $(OUTPRE)hsearch.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db.h hsearch.c search.h + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h hash.h hash_page.c \ + page.h +hsearch.so hsearch.po $(OUTPRE)hsearch.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db.h \ + hsearch.c search.h dbm.so dbm.po $(OUTPRE)dbm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(BUILDTOP)/include/db-ndbm.h \ - $(BUILDTOP)/include/db.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-dbm.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - dbm.c hash.h + $(BUILDTOP)/include/db-ndbm.h $(BUILDTOP)/include/db.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-dbm.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h dbm.c hash.h diff --git a/src/plugins/kdb/db2/libdb2/mpool/Makefile.in b/src/plugins/kdb/db2/libdb2/mpool/Makefile.in index 2e1d7d6..e33402f 100644 --- a/src/plugins/kdb/db2/libdb2/mpool/Makefile.in +++ b/src/plugins/kdb/db2/libdb2/mpool/Makefile.in @@ -18,7 +18,6 @@ SRCS= $(STLIBOBJS:.o=.c) # the Makefile.in file # mpool.so mpool.po $(OUTPRE)mpool.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - mpool.c mpool.h + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ + $(srcdir)/../include/db.h mpool.c mpool.h diff --git a/src/plugins/kdb/db2/libdb2/recno/Makefile.in b/src/plugins/kdb/db2/libdb2/recno/Makefile.in index a31235c..ddfbf01 100644 --- a/src/plugins/kdb/db2/libdb2/recno/Makefile.in +++ b/src/plugins/kdb/db2/libdb2/recno/Makefile.in @@ -20,55 +20,50 @@ SRCS= $(STLIBOBJS:.o=.c) # the Makefile.in file # rec_close.so rec_close.po $(OUTPRE)rec_close.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ - $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h rec_close.c recno.h + $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ + $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h rec_close.c recno.h rec_delete.so rec_delete.po $(OUTPRE)rec_delete.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ - $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h rec_delete.c recno.h -rec_get.so rec_get.po $(OUTPRE)rec_get.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../btree/btree.h \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h rec_get.c recno.h -rec_open.so rec_open.po $(OUTPRE)rec_open.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + $(srcdir)/../mpool/mpool.h extern.h rec_delete.c recno.h +rec_get.so rec_get.po $(OUTPRE)rec_get.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h rec_open.c recno.h -rec_put.so rec_put.po $(OUTPRE)rec_put.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../btree/btree.h \ + extern.h rec_get.c recno.h +rec_open.so rec_open.po $(OUTPRE)rec_open.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h rec_put.c recno.h -rec_search.so rec_search.po $(OUTPRE)rec_search.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + $(srcdir)/../mpool/mpool.h extern.h rec_open.c recno.h +rec_put.so rec_put.po $(OUTPRE)rec_put.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h rec_search.c recno.h -rec_seq.so rec_seq.po $(OUTPRE)rec_seq.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../btree/btree.h \ + extern.h rec_put.c recno.h +rec_search.so rec_search.po $(OUTPRE)rec_search.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h rec_seq.c recno.h -rec_utils.so rec_utils.po $(OUTPRE)rec_utils.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + $(srcdir)/../mpool/mpool.h extern.h rec_search.c recno.h +rec_seq.so rec_seq.po $(OUTPRE)rec_seq.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h rec_utils.c recno.h + extern.h rec_seq.c recno.h +rec_utils.so rec_utils.po $(OUTPRE)rec_utils.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ + $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h rec_utils.c recno.h diff --git a/src/plugins/kdb/db2/libdb2/recno/rec_open.c b/src/plugins/kdb/db2/libdb2/recno/rec_open.c index f18a1cb..cb971ed 100644 --- a/src/plugins/kdb/db2/libdb2/recno/rec_open.c +++ b/src/plugins/kdb/db2/libdb2/recno/rec_open.c @@ -71,6 +71,11 @@ __rec_open(fname, flags, mode, openinfo, dflags) if (fname != NULL && (rfd = open(fname, flags | O_BINARY, mode)) < 0) return (NULL); + if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) { + close(rfd); + return NULL; + } + /* Create a btree in memory (backed by disk). */ dbp = NULL; if (openinfo) { diff --git a/src/plugins/kdb/ldap/Makefile.in b/src/plugins/kdb/ldap/Makefile.in index 323d4a5..88ca2d9 100644 --- a/src/plugins/kdb/ldap/Makefile.in +++ b/src/plugins/kdb/ldap/Makefile.in @@ -53,10 +53,10 @@ clean-unix:: clean-libs clean-libobjs ldap_exp.so ldap_exp.po $(OUTPRE)ldap_exp.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ $(srcdir)/libkdb_ldap/kdb_ldap.h $(srcdir)/libkdb_ldap/ldap_krbcontainer.h \ diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c index 9af978a..f892e96 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c @@ -1094,6 +1094,7 @@ rem_service_entry_from_file(argc, argv, file_name, service_object) com_err(me, errno, "while deleting entry from file %s", file_name); goto cleanup; } + set_cloexec_file(pfile); /* Create a new file with the extension .tmp */ tmp_file = (char *)malloc(strlen(file_name) + 4 + 1); @@ -1775,6 +1776,7 @@ kdb5_ldap_set_service_password(argc, argv) com_err(me, errno, "Failed to open file %s", file_name); goto cleanup; } + set_cloexec_file(pfile); while (fgets(line, MAX_LEN, pfile) != NULL) { if ((str = strstr(line, service_object)) != NULL) { @@ -1818,7 +1820,7 @@ kdb5_ldap_set_service_password(argc, argv) com_err(me, errno, "Error creating file %s", tmp_file); goto cleanup; } - + set_cloexec_file(newfile); fseek(pfile, 0, SEEK_SET); while (fgets(line, MAX_LEN, pfile) != NULL) { @@ -2033,7 +2035,7 @@ done: } memset(passwd, 0, passwd_len); - /* TODO: file lock for the service passowrd file */ + /* TODO: file lock for the service password file */ /* set password in the file */ old_mode = umask(0177); @@ -2043,6 +2045,7 @@ done: strerror (errno)); goto cleanup; } + set_cloexec_file(pfile); rewind (pfile); umask(old_mode); @@ -2095,6 +2098,7 @@ done: fclose(pfile); goto cleanup; } + set_cloexec_file(newfile); fseek(pfile, 0, SEEK_SET); while (fgets(line, MAX_LEN, pfile) != NULL) { diff --git a/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in b/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in index a0a69ef..b9b2425 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in +++ b/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in @@ -100,9 +100,10 @@ kdb_ldap.so kdb_ldap.po $(OUTPRE)kdb_ldap.$(OBJEXT): \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.c kdb_ldap.h ldap_err.h ldap_krbcontainer.h \ @@ -110,10 +111,10 @@ kdb_ldap.so kdb_ldap.po $(OUTPRE)kdb_ldap.$(OBJEXT): \ kdb_ldap_conn.so kdb_ldap_conn.po $(OUTPRE)kdb_ldap_conn.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h kdb_ldap_conn.c ldap_handle.h ldap_krbcontainer.h \ @@ -122,10 +123,10 @@ kdb_ldap_conn.so kdb_ldap_conn.po $(OUTPRE)kdb_ldap_conn.$(OBJEXT): \ ldap_realm.so ldap_realm.po $(OUTPRE)ldap_realm.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ @@ -134,10 +135,10 @@ ldap_realm.so ldap_realm.po $(OUTPRE)ldap_realm.$(OBJEXT): \ ldap_create.so ldap_create.po $(OUTPRE)ldap_create.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_create.c ldap_err.h ldap_handle.h ldap_krbcontainer.h \ @@ -146,10 +147,10 @@ ldap_create.so ldap_create.po $(OUTPRE)ldap_create.$(OBJEXT): \ ldap_krbcontainer.so ldap_krbcontainer.po $(OUTPRE)ldap_krbcontainer.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.c \ @@ -164,10 +165,10 @@ ldap_principal.so ldap_principal.po $(OUTPRE)ldap_principal.$(OBJEXT): \ $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ @@ -184,9 +185,10 @@ ldap_principal2.so ldap_principal2.po $(OUTPRE)ldap_principal2.$(OBJEXT): \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ @@ -196,10 +198,10 @@ ldap_principal2.so ldap_principal2.po $(OUTPRE)ldap_principal2.$(OBJEXT): \ ldap_pwd_policy.so ldap_pwd_policy.po $(OUTPRE)ldap_pwd_policy.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ @@ -214,10 +216,10 @@ ldap_misc.so ldap_misc.po $(OUTPRE)ldap_misc.$(OBJEXT): \ $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ @@ -226,10 +228,10 @@ ldap_misc.so ldap_misc.po $(OUTPRE)ldap_misc.$(OBJEXT): \ ldap_handle.so ldap_handle.po $(OUTPRE)ldap_handle.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_handle.c ldap_handle.h ldap_krbcontainer.h \ @@ -237,10 +239,10 @@ ldap_handle.so ldap_handle.po $(OUTPRE)ldap_handle.$(OBJEXT): \ ldap_tkt_policy.so ldap_tkt_policy.po $(OUTPRE)ldap_tkt_policy.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ @@ -249,10 +251,10 @@ ldap_tkt_policy.so ldap_tkt_policy.po $(OUTPRE)ldap_tkt_policy.$(OBJEXT): \ ldap_services.so ldap_services.po $(OUTPRE)ldap_services.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ @@ -261,10 +263,10 @@ ldap_services.so ldap_services.po $(OUTPRE)ldap_services.$(OBJEXT): \ ldap_service_rights.so ldap_service_rights.po $(OUTPRE)ldap_service_rights.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ @@ -281,9 +283,10 @@ princ_xdr.so princ_xdr.po $(OUTPRE)princ_xdr.$(OBJEXT): \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_krbcontainer.h ldap_principal.h ldap_realm.h \ @@ -291,10 +294,10 @@ princ_xdr.so princ_xdr.po $(OUTPRE)princ_xdr.$(OBJEXT): \ ldap_fetch_mkey.so ldap_fetch_mkey.po $(OUTPRE)ldap_fetch_mkey.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_fetch_mkey.c ldap_handle.h ldap_krbcontainer.h \ @@ -302,10 +305,10 @@ ldap_fetch_mkey.so ldap_fetch_mkey.po $(OUTPRE)ldap_fetch_mkey.$(OBJEXT): \ ldap_service_stash.so ldap_service_stash.po $(OUTPRE)ldap_service_stash.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_handle.h ldap_krbcontainer.h ldap_main.h \ @@ -314,9 +317,10 @@ ldap_service_stash.so ldap_service_stash.po $(OUTPRE)ldap_service_stash.$(OBJEXT kdb_xdr.so kdb_xdr.po $(OUTPRE)kdb_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h kdb_xdr.c kdb_xdr.h ldap_err.so ldap_err.po $(OUTPRE)ldap_err.$(OBJEXT): \ diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c index 4991e98..f951056 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c @@ -77,6 +77,7 @@ krb5_ldap_readpassword(context, ldap_context, password) krb5_set_error_message (context, st, "%s", errbuf); goto rp_exit; } + set_cloexec_file(fptr); /* get the record from the file */ while (fgets(line, RECORDLEN, fptr)!= NULL) { diff --git a/src/plugins/locate/python/py-locate.c b/src/plugins/locate/python/py-locate.c index 4f840fc..4e99612 100644 --- a/src/plugins/locate/python/py-locate.c +++ b/src/plugins/locate/python/py-locate.c @@ -1,7 +1,7 @@ /* * plugins/locate/python/py-locate.c * - * Copyright 2006 Massachusetts Institute of Technology. + * Copyright 2006, 2007 Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -104,6 +104,7 @@ my_init (void) SCRIPT_PATH, strerror(errno)); return -1; } + set_cloexec_file(f); PyRun_SimpleFile (f, SCRIPT_PATH); fclose(f); mainmodule = PyModule_GetDict(PyImport_AddModule("__main__")); diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index 1859b4f..e7e04d8 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -3736,6 +3736,7 @@ pkinit_get_certs_pkcs12(krb5_context context, idopts->cert_filename, errno); goto cleanup; } + set_cloexec_file(fp); p12 = d2i_PKCS12_fp(fp, NULL); fclose(fp); diff --git a/src/plugins/preauth/pkinit/pkinit_lib.c b/src/plugins/preauth/pkinit/pkinit_lib.c index f49ef5e..046e3e2 100644 --- a/src/plugins/preauth/pkinit/pkinit_lib.c +++ b/src/plugins/preauth/pkinit/pkinit_lib.c @@ -470,6 +470,8 @@ print_buffer_bin(unsigned char *buf, unsigned int len, char *filename) if ((f = fopen(filename, "w")) == NULL) return; + set_cloexec_file(f); + for (i = 0; i < len; i++) fputc(buf[i], f); diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c index cb9bfbc..44d63a8 100644 --- a/src/util/profile/prof_file.c +++ b/src/util/profile/prof_file.c @@ -369,6 +369,7 @@ errcode_t profile_update_file_data(prf_data_t data) retval = ENOENT; return retval; } + set_cloexec_file(f); data->upd_serial++; data->flags &= PROFILE_FILE_SHARED; if (rw_access(data->filespec)) @@ -428,6 +429,7 @@ static errcode_t write_data_to_file(prf_data_t data, const char *outfile, goto errout; } + set_cloexec_file(f); profile_write_tree_file(data->root, f); if (fclose(f) != 0) { retval = errno; diff --git a/src/util/ss/list_rqs.c b/src/util/ss/list_rqs.c index 045a0c8..fd863bb 100644 --- a/src/util/ss/list_rqs.c +++ b/src/util/ss/list_rqs.c @@ -68,7 +68,7 @@ ss_list_requests(argc, argv, sci_idx, info_ptr) func = signal(SIGINT, SIG_IGN); #endif - fd = ss_pager_create(); + fd = ss_pager_create(); /* FD_CLOEXEC set */ output = fdopen(fd, "w"); #ifdef POSIX_SIGNALS diff --git a/src/util/ss/pager.c b/src/util/ss/pager.c index c8a52f0..49e8eb6 100644 --- a/src/util/ss/pager.c +++ b/src/util/ss/pager.c @@ -52,6 +52,7 @@ int ss_pager_create() * "write" side. */ (void) close(filedes[0]); + set_cloexec_fd(filedes[1]); return(filedes[1]); } } @@ -60,6 +61,8 @@ int ss_pager_create() { int fd; fd = open("/dev/tty", O_WRONLY, 0); + if (fd >= 0) + set_cloexec_fd(fd); return fd; } #endif diff --git a/src/util/support/threads.c b/src/util/support/threads.c index 968a995..29613fd 100644 --- a/src/util/support/threads.c +++ b/src/util/support/threads.c @@ -1,7 +1,7 @@ /* * util/support/threads.c * - * Copyright 2004,2005,2006 by the Massachusetts Institute of Technology. + * Copyright 2004,2005,2006,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -424,7 +424,9 @@ int krb5int_thread_support_init (void) /* stats_logfile = stderr; */ stats_logfile = fopen("/dev/tty", "w+"); if (stats_logfile == NULL) - stats_logfile = stderr; + stats_logfile = stderr; + else + set_cloexec_file(stats_logfile); #endif #ifndef ENABLE_THREADS |