From ced4d22e9786fb5eddcce68be9016ef804b81caa Mon Sep 17 00:00:00 2001
From: Marcel Poul <marcel.poul@cern.ch>
Date: Sun, 26 Feb 2012 22:28:12 +0000
Subject: [PATCH] write proxy to file with restrictive permissions

---
 emi.canl.canl-c/src/canl_cred.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/emi.canl.canl-c/src/canl_cred.c b/emi.canl.canl-c/src/canl_cred.c
index e23815f..ee5e241 100644
--- a/emi.canl.canl-c/src/canl_cred.c
+++ b/emi.canl.canl-c/src/canl_cred.c
@@ -344,10 +344,24 @@ canl_cred_save_proxyfile(canl_ctx ctx, canl_cred cred, const char *proxy_file)
     if (!proxy_file)
         return set_error(cc, EINVAL, POSIX_ERROR, "Invalid proxy file name");
 
-    cert_file = fopen(proxy_file, "wb");
+    /*posix compliant*/
+    ret = open(proxy_file, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR);
+    if (ret == -1){
+        ret = errno;
+        set_error(cc, ret, POSIX_ERROR, "Cannot open file for writing");
+        return ret;
+    }
+    close(ret);
+    if (ret == -1){
+        ret = errno;
+        set_error(cc, ret, POSIX_ERROR, "Cannot open file for writing");
+        return ret;
+    }
+
+    cert_file = fopen(proxy_file, "ab");
     if (!cert_file) {
         ret = errno;
-        set_error(cc, ret, POSIX_ERROR, "cannot open file with cert");
+        set_error(cc, ret, POSIX_ERROR, "cannot open file for writing");
         return ret;
     }
     
-- 
1.8.2.3