w = fopen(tmpfile, "w");
+#ifdef HAVE_FCHMOD
+ /* Let the temporary file have the same permissions as the original. */
+
+ if(w) {
+ struct stat st = {.st_mode = 0600};
+ fstat(fileno(r), &st);
+ fchmod(fileno(w), st.st_mode);
+ }
+#endif
+
while(fgets(buf, sizeof buf, r)) {
if(!block && !strncmp(buf, "-----BEGIN ", 11)) {
if((strstr(buf, " EC ") && strstr(what, "ECDSA")) || (strstr(buf, " RSA ") && strstr(what, "RSA"))) {
filename = buf2;
}
- umask(0077); /* Disallow everything for group and other */
-
disable_old_keys(filename, what);
/* Open it first to keep the inode busy */
free(nargv);
- int status = -1;
- if(waitpid(pid, &status, 0) != pid || !WIFEXITED(status) || WEXITSTATUS(status)) {
+ int status = -1, result;
+#ifdef SIGINT
+ signal(SIGINT, SIG_IGN);
+#endif
+ result = waitpid(pid, &status, 0);
+#ifdef SIGINT
+ signal(SIGINT, SIG_DFL);
+#endif
+
+ if(result != pid || !WIFEXITED(status) || WEXITSTATUS(status)) {
fprintf(stderr, "Error starting %s\n", c);
return 1;
}
/* Some simple checks. */
bool found = false;
+ bool warnonremove = false;
for(int i = 0; variables[i].name; i++) {
if(strcasecmp(variables[i].name, variable))
return 1;
}
+ /* Change "add" into "set" for variables that do not allow multiple occurences.
+ Turn on warnings when it seems variables might be removed unintentionally. */
+
+ if(action == 1 && !(variables[i].type & VAR_MULTIPLE)) {
+ warnonremove = true;
+ action = 0;
+ } else if(action == 0 && (variables[i].type & VAR_MULTIPLE)) {
+ warnonremove = true;
+ }
+
break;
}
}
// Set
} else if(action == 0) {
+ // Warn if "set" was used for variables that can occur multiple times
+ if(warnonremove && strcasecmp(bvalue, value))
+ fprintf(stderr, "Warning: removing %s = %s\n", variable, bvalue);
+
// Already set? Delete the rest...
if(set)
continue;
+
// Otherwise, replace.
if(fprintf(tf, "%s = %s\n", variable, value) < 0) {
fprintf(stderr, "Error writing to temporary file %s: %s\n", tmpfile, strerror(errno));
fprintf(stderr, "Could not create file %s: %s\n", filename, strerror(errno));
return 1;
}
- fchmod(fileno(f), 0755);
+ mode_t mask = umask(0);
+ umask(mask);
+ fchmod(fileno(f), 0755 & ~mask);
fprintf(f, "#!/bin/sh\n\necho 'Unconfigured tinc-up script, please edit!'\n\n#ifconfig $INTERFACE <your vpn IP address> netmask <netmask of whole VPN>\n");
fclose(f);
}