From: Marcel Poul <marcel.poul@cern.ch>
Date: Sun, 26 Feb 2012 22:28:12 +0000 (+0000)
Subject: write proxy to file with restrictive permissions
X-Git-Tag: gridsite-core_R_1_7_17~8
X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=ced4d22e9786fb5eddcce68be9016ef804b81caa;p=jra1mw.git

write proxy to file with restrictive permissions
---

diff --git a/emi.canl.canl-c/src/canl_cred.c b/emi.canl.canl-c/src/canl_cred.c
index e23815f..ee5e241 100644
--- a/emi.canl.canl-c/src/canl_cred.c
+++ b/emi.canl.canl-c/src/canl_cred.c
@@ -344,10 +344,24 @@ canl_cred_save_proxyfile(canl_ctx ctx, canl_cred cred, const char *proxy_file)
     if (!proxy_file)
         return set_error(cc, EINVAL, POSIX_ERROR, "Invalid proxy file name");
 
-    cert_file = fopen(proxy_file, "wb");
+    /*posix compliant*/
+    ret = open(proxy_file, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR);
+    if (ret == -1){
+        ret = errno;
+        set_error(cc, ret, POSIX_ERROR, "Cannot open file for writing");
+        return ret;
+    }
+    close(ret);
+    if (ret == -1){
+        ret = errno;
+        set_error(cc, ret, POSIX_ERROR, "Cannot open file for writing");
+        return ret;
+    }
+
+    cert_file = fopen(proxy_file, "ab");
     if (!cert_file) {
         ret = errno;
-        set_error(cc, ret, POSIX_ERROR, "cannot open file with cert");
+        set_error(cc, ret, POSIX_ERROR, "cannot open file for writing");
         return ret;
     }