Skip to content

N
NetworkManager-l2tp
Commit e6a04f62 authored by Sergey Prokhorov's avatar Sergey Prokhorov
Browse files
Options

Merge pull request #28 from ndorf/upstream 

ipsec: secrets shouldn't be world-readable
parents 79fd238a 54980923
Show whitespace changes
Inline Side-by-side
Showing with 7 additions and 1 deletion
src/nm-l2tp-service.c
View file @ e6a04f62
...@@ -887,6 +887,7 @@ nm_l2tp_start_ipsec(NML2tpPlugin *plugin, ...@@ -887,6 +887,7 @@ nm_l2tp_start_ipsec(NML2tpPlugin *plugin,
char cmd1[4096],cmd11[4096],cmd2[4096]; char cmd1[4096],cmd11[4096],cmd2[4096];
char session_name[128]; char session_name[128];
guint sys=0; guint sys=0;
int fd;
FILE *fp; FILE *fp;
if (!(ipsec_binary=nm_find_ipsec())) { if (!(ipsec_binary=nm_find_ipsec())) {
...@@ -935,7 +936,11 @@ nm_l2tp_start_ipsec(NML2tpPlugin *plugin, ...@@ -935,7 +936,11 @@ nm_l2tp_start_ipsec(NML2tpPlugin *plugin,
return FALSE; return FALSE;
} }
if(!(fp=fopen("/etc/ipsec.secrets","w"))) { fp = NULL;
if ((fd = open("/etc/ipsec.secrets", O_CREAT | O_EXCL | O_WRONLY, 0600)) >= 0) {
if (NULL == (fp = fdopen(fd, "w"))) close(fd);
}
if (NULL == fp) {
rename(tmp_secrets, "/etc/ipsec.secrets"); rename(tmp_secrets, "/etc/ipsec.secrets");
g_set_error (error, g_set_error (error,
NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR,
...@@ -954,6 +959,7 @@ nm_l2tp_start_ipsec(NML2tpPlugin *plugin, ...@@ -954,6 +959,7 @@ nm_l2tp_start_ipsec(NML2tpPlugin *plugin,
if(!value)value=""; if(!value)value="";
fprintf(fp, ": PSK \"%s\"\n",value); fprintf(fp, ": PSK \"%s\"\n",value);
fclose(fp); fclose(fp);
close(fd);
sys += system("PATH=\"/sbin:/usr/sbin:/usr/local/sbin:$PATH\" ipsec secrets"); sys += system("PATH=\"/sbin:/usr/sbin:/usr/local/sbin:$PATH\" ipsec secrets");
sys += system(cmd11); sys += system(cmd11);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment